--- apps/nc/netcat.c.orig	2015-10-23 16:01:14.000000000 -0700
+++ apps/nc/netcat.c	2015-10-23 16:17:08.000000000 -0700
@@ -57,6 +57,10 @@
 #include <tls.h>
 #include "atomicio.h"
 
+#ifndef IPV6_TCLASS
+#define IPV6_TCLASS -1
+#endif
+
 #define PORT_MAX	65535
 #define PORT_MAX_LEN	6
 #define UNIX_DG_TMP_SOCKET_SIZE	19
@@ -93,9 +97,13 @@
 int	Dflag;					/* sodebug */
 int	Iflag;					/* TCP receive buffer size */
 int	Oflag;					/* TCP send buffer size */
+#ifdef TCP_MD5SIG
 int	Sflag;					/* TCP MD5 signature option */
+#endif
 int	Tflag = -1;				/* IP Type of Service */
+#ifdef SO_RTABLE
 int	rtableid = -1;
+#endif
 
 int	usetls;					/* use TLS */
 char    *Cflag;					/* Public cert file */
@@ -145,7 +153,7 @@
 	struct servent *sv;
 	socklen_t len;
 	struct sockaddr_storage cliaddr;
-	char *proxy;
+	char *proxy = NULL;
 	const char *errstr, *proxyhost = "", *proxyport = NULL;
 	struct addrinfo proxyhints;
 	char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
@@ -246,12 +254,14 @@
 		case 'u':
 			uflag = 1;
 			break;
+#ifdef SO_RTABLE
 		case 'V':
 			rtableid = (int)strtonum(optarg, 0,
 			    RT_TABLEID_MAX, &errstr);
 			if (errstr)
 				errx(1, "rtable %s: %s", errstr, optarg);
 			break;
+#endif
 		case 'v':
 			vflag = 1;
 			break;
@@ -284,9 +294,11 @@
 				errx(1, "TCP send window %s: %s",
 				    errstr, optarg);
 			break;
+#ifdef TCP_MD5SIG
 		case 'S':
 			Sflag = 1;
 			break;
+#endif
 		case 'T':
 			errstr = NULL;
 			errno = 0;
@@ -310,14 +322,16 @@
 	argc -= optind;
 	argv += optind;
 
+#ifdef SO_RTABLE
 	if (rtableid >= 0) {
 		/*
 		 * XXX No pledge if doing rtable manipulation!
 		 * XXX the routing table stuff is dangerous and can't be pledged.
 		 * XXX rtable should really have a better interface than sockopt
 		 */
-	}
-	else if (family == AF_UNIX) {
+	} else
+#endif
+	if (family == AF_UNIX) {
 		if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
 			err(1, "pledge");
 	}
@@ -797,7 +811,10 @@
 remote_connect(const char *host, const char *port, struct addrinfo hints)
 {
 	struct addrinfo *res, *res0;
-	int s, error, on = 1;
+	int s, error;
+#ifdef SO_BINDANY
+	int on = 1;
+#endif
 
 	if ((error = getaddrinfo(host, port, &hints, &res)))
 		errx(1, "getaddrinfo: %s", gai_strerror(error));
@@ -808,16 +825,20 @@
 		    SOCK_NONBLOCK, res0->ai_protocol)) < 0)
 			continue;
 
+#ifdef SO_RTABLE
 		if (rtableid >= 0 && (setsockopt(s, SOL_SOCKET, SO_RTABLE,
 		    &rtableid, sizeof(rtableid)) == -1))
 			err(1, "setsockopt SO_RTABLE");
+#endif
 
 		/* Bind to a local port or source address if specified. */
 		if (sflag || pflag) {
 			struct addrinfo ahints, *ares;
 
+#ifdef SO_BINDANY
 			/* try SO_BINDANY, but don't insist */
 			setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on));
+#endif
 			memset(&ahints, 0, sizeof(struct addrinfo));
 			ahints.ai_family = res0->ai_family;
 			ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
@@ -886,7 +907,10 @@
 local_listen(char *host, char *port, struct addrinfo hints)
 {
 	struct addrinfo *res, *res0;
-	int s, ret, x = 1;
+	int s;
+#ifdef SO_REUSEPORT
+	int ret, x = 1;
+#endif
 	int error;
 
 	/* Allow nodename to be null. */
@@ -908,13 +932,17 @@
 		    res0->ai_protocol)) < 0)
 			continue;
 
+#ifdef SO_RTABLE
 		if (rtableid >= 0 && (setsockopt(s, SOL_SOCKET, SO_RTABLE,
 		    &rtableid, sizeof(rtableid)) == -1))
 			err(1, "setsockopt SO_RTABLE");
+#endif
 
+#ifdef SO_REUSEPORT
 		ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
 		if (ret == -1)
 			err(1, NULL);
+#endif
 
 		set_common_sockopts(s, res0->ai_family);
 
@@ -1358,11 +1386,13 @@
 {
 	int x = 1;
 
+#ifdef TCP_MD5SIG
 	if (Sflag) {
 		if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
 			&x, sizeof(x)) == -1)
 			err(1, NULL);
 	}
+#endif
 	if (Dflag) {
 		if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
 			&x, sizeof(x)) == -1)
@@ -1537,15 +1567,19 @@
 	\t-P proxyuser\tUsername for proxy authentication\n\
 	\t-p port\t	Specify local port for remote connects\n\
 	\t-R CAfile	CA bundle\n\
-	\t-r		Randomize remote ports\n\
-	\t-S		Enable the TCP MD5 signature option\n\
-	\t-s source	Local source address\n\
+	\t-r		Randomize remote ports\n"
+#ifdef TCP_MD5SIG
+	"\t-S		Enable the TCP MD5 signature option\n"
+#endif
+	"\t-s source	Local source address\n\
 	\t-T keyword	TOS value or TLS options\n\
 	\t-t		Answer TELNET negotiation\n\
 	\t-U		Use UNIX domain socket\n\
-	\t-u		UDP mode\n\
-	\t-V rtable	Specify alternate routing table\n\
-	\t-v		Verbose\n\
+	\t-u		UDP mode\n"
+#ifdef SO_RTABLE
+	"\t-V rtable	Specify alternate routing table\n"
+#endif
+	"\t-v		Verbose\n\
 	\t-w timeout	Timeout for connects and final net reads\n\
 	\t-X proto	Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
 	\t-x addr[:port]\tSpecify proxy address and port\n\