netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Patch] SO_REUSEADDR fix in ipv4/ipv6 (n connects + 1 listen)

from [Ilya Pashkovsky] [Permanent Link][Original]
To: netdev@xxxxxxxxxxx
Subject: [Patch] SO_REUSEADDR fix in ipv4/ipv6 (n connects + 1 listen)
From: "Ilya Pashkovsky" <ilya.pashkovsky@xxxxxxxxx>
Date: Wed, 15 Dec 2004 18:08:13 +0200
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:return-path:date:to:subject:from:content-type:mime-version:message-id:user-agent; b=CTBvoC4PgIfYk1w8pf561N8PHOmB7r+xArfQwDjdS1JD1WEaPRlF8gJlTTfuYZbrwiqkKTJJW94fKOAegH3eiko1YL5D/1YQIq7IIv4mEXuDLuX4SieXEWhFWNY3ft3g83U3n38C4ISWC7qYeoqKKGFNBf8Lk8XY8piWxT/XvK8=
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Opera M2/7.60 (Win32, build 7364) 
Hello, fellow developers.
This is a proper documentation for the reuse patch, along with
its adoption for 2.6.10rc3-mm1 patchset.

Current implementation of SO_REUSEADDR in the kernel disallows
same port binding if a listening socket is already bound to it.
This limits the options for firewall/nat piercing for applications,
and is non-standard.
The current limit was made because of the security risk
of allowing free binds to same socket. This allowed listen
call preemption and, since no unambiguous and secure fix
was not found, the option to reuse port after listen-bind
was removed. (the problem is that of multiple listeners
bound to same port. this patch does not fix it, since the
behaviour is ambiguos and not defined clearly, though maybe
a userid check along with another flag telling to allow listen
preemption (SO_REUSEPORT can be reused for this purpose) may
solve that.)

Also, SO_REUSEADDR option value is boolean, but is checked
to be more than 1 in code. This check was removed.
The way multiple listeners was removed is by disallowing
any reuse of a port with a bound listener. This is implemented
by a check in tcp_ipv4.c (and tcp_ipv4.c) in function
tcp_bind_conflict(). There's a check for any existing sockets
matching the source port and having a TCP_LISTEN state.
This check was changed to allow binding unless the new
socket is also in TCP_LISTEN state. This still disallows
multiple listeners but allows reuse of the port for
outgoing connections. This check is made/modified in both
ipv4 and ipv6 code.

Testing was done using normal workloads on 2 i386 linux
installations with normal workloads and also the netcat test.

Test with netcat (uses SO_REUSEADDR by default):
host A: nc -v -l -p 9999
host B: nc -v -l -p 9000
host A: nc -v -p 9999 host.B.ip.addr 9000
host B: nc -v host.A.ip.addr 9999

host A and B can be same host.

Testing did not reveal any problems and networking software
worked fine in both ipv4 and ipv6 networks.

Signed-off-by: Ilya Pashkovsky <ilya.pashkovsky@xxxxxxxxx>

--

--
 ilya

Attachment: patch-rc3-mm1-reuse
Description: Binary data

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Patch] SO_REUSEADDR fix in ipv4/ipv6 (n connects + 1 listen), Ilya Pashkovsky <=
Previous by Date:  Re: [PATCH] PKT_SCHED: Provide compat policer stats in action policer, Patrick McHardy
Next by Date:  udp_poll breaks vpnc, Pete Zaitcev
Previous by Thread:  [PATCH] PKT_SCHED: Provide compat policer stats in action policer, Thomas Graf
Next by Thread:  udp_poll breaks vpnc, Pete Zaitcev
Indexes:  [Date] [Thread] [Top] [All Lists]