protect: bind wildcard addrs

Author: ignoramous

intra/protect/protect.go

@@ -50,6 +50,9 @@ const (
 	// When advertised routes are actually null routed (no reply)
 	// this timeout will help short circuit dial attempts on it.
 	defaultConnectTimeout = 10 * time.Second
+
+	// if true, only protects the socket from routing loops & binds to active network.
+	onlyProtectWildcardAddrs = false
 )
 
 // never resolve system/default/"hostless" resolver; expected to have seeded ips
@@ -79,7 +82,7 @@ func ifbind(who string, ctl Controller) func(string, string, syscall.RawConn) er
 		log.VV("control: netbinder: %s: %s(%s); err? %v", who, network, addr, err)
 		return c.Control(func(fd uintptr) {
 			sock := int(fd)
-			if !maybeGlobalUnicast(addr, true) {
+			if onlyProtectWildcardAddrs && !maybeGlobalUnicast(addr, true) {
 				ctl.Protect(who, sock)
 				return
 			}
@@ -106,7 +109,7 @@ func ipbind(p Protector) func(string, string, syscall.RawConn) error {
 		log.VV("control: ipbinder: %s(%s/%w), bindto(%s); err? %v",
 			network, addr, origaddr, ipaddr, perr)
 
-		if !maybeGlobalUnicast(addr, true) {
+		if onlyProtectWildcardAddrs && !maybeGlobalUnicast(addr, true) {
 			// todo: protect fd?
 			return nil
 		}
@@ -181,7 +184,7 @@ func MakeNsRDial(who string, ctx context.Context, c Controller) *RDial {
 }
 
 // Creates a RDial that can bind to any active interface, with additional control fns.
-func MakeNsRDialExt(who string, ctx context.Context, ctl Controller, ext []ControlFn) *RDial {
+func MakeNsRDialExt(who string, ctx context.Context, ctl Controller, ext ...ControlFn) *RDial {
 	dialer := MakeNsDialer(who, ctl)
 	dialer.Control = func(network, address string, c syscall.RawConn) error {
 		for _, fn := range ext {