Feature Request: Add IP_BIND_ADDRESS_NO_PORT support in Dialer #3682
Description
When sing-box acts as a proxy client, each outbound TCP connection requires a unique ephemeral source port. On Linux, this limits a single source IP to ~ ~30,000 concurrent outbound connections (ip_local_port_range). For high‑concurrency proxy scenarios (e.g., HTTP proxy with thousands of clients), this becomes a bottleneck: once ephemeral ports are exhausted, new connections fail with EADDRNOTAVAIL.
Proposed Solution
Add support for the Linux socket option IP_BIND_ADDRESS_NO_PORT in the Dialer implementation. This option (introduced in Linux 4.2+) allows binding only to the source IP without reserving a port at bind() time. The actual port is assigned at connect() time, and the kernel can reuse the same source port across multiple connections as long as the 4‑tuple (src IP, src port, dst IP, dst port) remains unique.
This enables a single source IP to establish far more concurrent outbound connections than the traditional ephemeral port limit.
Benefits
Improves scalability of sing-box when used as a high‑concurrency proxy server.
Reduces risk of “cannot assign requested address” errors under heavy load.
Aligns with Linux kernel capabilities (supported since 4.2).
Implementation Notes
unix.SetsockoptInt(fd, unix.IPPROTO_IP, unix.IP_BIND_ADDRESS_NO_PORT, 1)
Documentation should highlight kernel requirement (Linux ≥ 4.2).
References
Linux man page: ip(7)