Request for a Lockdown option
Thorsten Glaser
t.glaser at qvest-digital.com
Tue Jul 16 09:29:48 AEST 2024
On Tue, 16 Jul 2024, Steffen Nurpmeso wrote:
> |(Yes, OpenVPN also went the lazy way of "not implement multiple socket
> |support", and then having to debug all the ways this didn't work right,
It’s best to use separate sockets. Things like getting the iptos
octet (for ECN bits) don’t work right on v4-mapped v6 sockets on
most OSes (other recvmsg/sendmsg CMSGs may also not work right),
plus, you’ll avoid making OpenBSD porters angry.
bye,
//mirabilos
--
Infrastrukturexperte • Qvest Digital AG
Am Dickobskreuz 10, D-53121 Bonn • https://www.qvest-digital.com/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 18196 • USt-ID (VAT): DE274355441
Vorstand: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Vorsitzender Aufsichtsrat: Peter Nöthen
More information about the openssh-unix-dev
mailing list