Enable IP_BIND_ADDRESS_NO_PORT if supported

Signed-off-by: David Goulet <dgoulet@torproject.org>

1 files changed, 24 insertions, 0 deletions

diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c
index f2fc5ea3fb..cf25213cb1 100644
--- a/src/core/mainloop/connection.c
+++ b/src/core/mainloop/connection.c
@@ -2229,6 +2229,30 @@ connection_connect_sockaddr,(connection_t *conn,
    */
   connection_check_oos(get_n_open_sockets(), 0);
 
+  /* From ip(7): Inform the kernel to not reserve an ephemeral port when using
+   * bind(2) with a port number of 0. The port will later be automatically
+   * chosen at connect(2) time, in a way that allows sharing a source port as
+   * long as the 4-tuple is unique.
+   *
+   * This is needed for relays using OutboundBindAddresses because the port
+   * value in the bind address is set to 0. */
+#ifdef IP_BIND_ADDRESS_NO_PORT
+  static int try_ip_bind_address_no_port = 1;
+  if (bindaddr && try_ip_bind_address_no_port &&
+      setsockopt(s, SOL_IP, IP_BIND_ADDRESS_NO_PORT, &(int){1}, sizeof(int))) {
+    if (errno == EINVAL) {
+      log_notice(LD_NET, "Tor was built with support for "
+                         "IP_BIND_ADDRESS_NO_PORT, but the current kernel "
+                         "doesn't support it. This might cause Tor to run out "
+                         "of ephemeral ports more quickly.");
+      try_ip_bind_address_no_port = 0;
+    } else {
+      log_warn(LD_NET, "Error setting IP_BIND_ADDRESS_NO_PORT on new "
+                       "connection: %s", tor_socket_strerror(errno));
+    }
+  }
+#endif
+
   if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
     *socket_error = tor_socket_errno(s);
     log_warn(LD_NET,"Error binding network socket: %s",