On 03.03.2014 21:31, Willy Tarreau wrote:
On Mon, Mar 03, 2014 at 09:10:51PM +0100, Lukas Tribus wrote:
Lets set IP_FREEBIND on IPv6 sockets as well, this works since Linux
3.3
and doesn't require CAP_NET_ADMIN privileges (IPV6_TRANSPARENT does).
This allows unprivileged users to bind to non-local IPv6 addresses,
which
can be useful when setting up the listening sockets or when connecting
to backend servers with a specific, non-local source IPv6 address (at
that
point we usually dropped root privileges already).
Patch applied, thank you Lukas!
I will test the patch. Stupid question, but is it really supported from
3.3 and higher? A quick test with dev22 yesterday seemed to be working
but I didn't put any traffic through it. It was late so I didn't give it
enough attention ;-)
Sander
