lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 29 Jul 2013 08:35:19 -0700
From:	Stephen Hemminger <stephen@...workplumber.org>
To:	"Artem S. Tashkinov" <t.artem@...os.com>
Cc:	linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: A call to revise sockets behaviour

On Mon, 29 Jul 2013 15:10:34 +0000 (UTC)
"Artem S. Tashkinov" <t.artem@...os.com> wrote:

> Hello,
> 
> Currently the Linux kernel disallows to start listening on a TCP/UDP socket if
> there are open connections against the port, regardless connections status. So even
> if _all_ you have is some stale (i.e. no longer active connections pending destruction)
> the kernel will not allow to reuse this socket.
> 
> Stephen Hemminger argues that this behaviour is expected even though it's 100%
> counter productive, it defies common sense and I cannot think of any security implications
> should this feature be allowed.
> 
> Besides, when discussing this bug on Wine's bugzilla I have shown that this behavior not
> only affect Windows applications running under Wine, but also native POSIX applications.
> 
> If nothing else is listening to incoming connections how can _old_ _stale_ connections
> prevent an application from listening on the port? Windows has no qualms about allowing
> that, why the Linux kernel works differently?
> 
> I want to hear how the current apparently _broken_ behaviour, "The current socket API
> behavior is unlikely to be changed because so many applications expect it", can be expected.
> 
> Also I'd like to know which applications depend on this "feature".
> 
> Imagine a situation,
> 
> You have an apache server serving connections on port 80. For some reasons a crash in
> one of its modules causes the daemon crash but during the crash Apache had some open
> connections on this port.
> 
> According to Stephen Hemminger I cannot relaunch Apache until the kernel waits arbitrary
> time in order to clean stale connections for its networking pool.
> 
> I fail to see how this behaviour can be "expected".
> 
> More on it here:
> 
> https://bugzilla.kernel.org/show_bug.cgi?id=45571
> http://bugs.winehq.org/show_bug.cgi?id=26031

I understand your problem, people have been having to deal with it for 30 years.
The attitude in your response makes it seem like you just discovered fire,
read a book like Steven's network programming if you need more info.

If you don't use SO_REUSEADDR then yes application has to wait for time wait
period.

If you do enable SO_REUSEADDR then it is possible to bind to a port with existing
stale connections.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ