The 'address to bind' and 'port number to bind' specify the IP
address (or domain name) and port on which connections for forwarding
are to be accepted. Some strings used for 'address to bind' have
"" means that connections are to be accepted on all protocol
families supported by the SSH implementation.
"0.0.0.0" means to listen on all IPv4 addresses.
"::" means to listen on all IPv6 addresses.
"localhost" means to listen on all protocol families supported by
the SSH implementation on loopback addresses only ([RFC3330] and
"127.0.0.1" and "::1" indicate listening on the loopback
interfaces for IPv4 and IPv6, respectively.
There are two consequences of the current interface:
You can only provide resolvable names. This prohibits two of the strings with special-case semantics from working ("", reported in #33227, and "::").
Resolution happens client side. This changes the meaning of the string "localhost" from being "all protocol families supported by the SSH implementation on loopback addresses only" to being only one of those and may provide a different result for other names (AWS hostnames resolving to internal addresses inside a data center comes to mind).
Outside of defining a new public interface, I think the least breaking change would be to extract an unexported listenTCP function taking a string address and call this from Listen which can then drop resolution but of course if you're relying on that behavior, it will still be surprising.
I'm happy to submit a pull request but I'd appreciate some thoughts on how to best evolve the interface into something that both supports the scope of the RFC and doesn't disregard current users.
The text was updated successfully, but these errors were encountered:
I should mention that it's of course possible to treat "", "::" and "localhost" separately with even less potential breakage but this doesn't solve the problem of client side resolution generally which was my intention for filing this issue.
Just adding some more information, supposing it is a multi-homed server, with multiple IP addresses, calling net. Listen () using a hostname needs to resolve the name within the remote server to figure out which interface it should bind. The current implementation doesn't allow this.