| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 May 2015 22:58:05 -0700 From: Cong Wang <xiyou.wangcong@...il.com> To: Coroutines <coroutines@...il.com> Cc: LKML <linux-kernel@...r.kernel.org>, Linux Kernel Network Developers <netdev@...r.kernel.org> Subject: Re: Question: Now that we have IPv6, do we need TCP/UDP port numbers? (Cc'ing netdev for discussion) On Mon, May 25, 2015 at 4:17 PM, Coroutines <coroutines@...il.com> wrote: > I have a potentially dumb question to ask, and I'm posting it here > because out of everywhere on the web I thought I would find the most > experts relating to TCP/UDP's design/handling and its history here. > > I've recently started educating myself about Tor, about how you can > bind a service to a local address+port and then host a hidden service > that others can connect to from an onion address like this: > > 32rfckwuorlf4dlv.onion > > Just to be clear: This address provides a single service, you do not > specify a port to "request" a specific service. > > I was thinking was that when TCP/UDP were designed, internet port > numbers were thought up because it wasn't practical/easy to just > register/allocate and assign another IPv4 address. Today those of us > with awesome ISPs are advertised /64's for a network prefix and we can > do whatever we want claiming an address within /64 the gateway router > will pass traffic to/from. (IPv6 Stateless Address Autoconfiguration > without privacy extensions enabled is evil btw) > > My point is this - we have a LOT of room to create addresses as needed > - single-service addresses. I was wondering if there are any > absolutely necessary reasons we need ports - or if there would be > benefits/advantages to getting rid of them. Would TCP/UDP be easier > to process in-kernel if it were only addresses? Would it eliminate > any ambiguities between Linux/Windows/FreeBSD networking stacks? > Would reclaiming 4 bytes from the TCP/UDP structs be worth it (32 bits > isn't usually word-size anymore). It would definitely make port scans > impractical if you tried to scan the assumed /64 host range of an > address. It would also mean no more expecting to find a service at a > specific port (which I consider bad because it makes hosts easier to > identify in a scan). > > We're used to being able to go to port 80 (HTTP) and port 22 (SSH) at > a single address and "knowing" that we're accessing the same machine. > For typical setups this is true, but for servers running reverse > proxies to pass traffic through to another host this is not so true. > ((Imo)) it would be no different having a single, separate address for > each service. > > Furthermore, most of domains we go to are single-service - like > navigating to gmail.com in a web browser. > > I thought it would be cool to have one address responding to name > queries so DNS servers become more like a port mapper in the current > sense. Asking for smtp.domain.tld would tell you the only address that > would accept SMTP/mail traffic. (example) > > Anyway, again I want to say I'm sorry if this is the wrong place to > dream about the future (or talk about the past). I am new to the list > and I couldn't think of anywhere else I might find experts in this > area so closely related to its history. IPv6 adoption has been slow > so even if TCP/UDP/SCTP were redesigned to eliminate port numbers I > doubt the revised protocols would be adopted quicker. I just want to > know the history and the reason for internet ports, if not simply to > multiplex traffic to a limited number of addresses. Is it just a > convenience or was it a necessity for IPv4? I'm not going to reply to > anyone who responds (as I believe I'm off-topic), but I will read > everything offered to me to learn from. I want to know what you all > think, by asking what I consider to be an original question. > > (thanks for reading) > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists