lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100413162326.GD16595@myhost.felk.cvut.cz>
Date:	Tue, 13 Apr 2010 18:23:26 +0200
From:	Michal Svoboda <michal.svoboda@...nts.felk.cvut.cz>
To:	netdev@...r.kernel.org
Subject: Re: SO_REUSEADDR with UDP (again)

Eric Dumazet wrote:
> sock1 = socket(AF_INET, SOCK_DGRAM, 0);
> setsockopt(sock1, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
> addr.sin_addr.s_addr = htonl(0x7f000001);
> if (bind(sock1, (struct sockaddr *)&addr, sizeof(addr)))
> 	perror("bind1");
> 
> sock2 = socket(AF_INET, SOCK_DGRAM, 0);
> setsockopt(sock2, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
> addr.sin_addr.s_addr = INADDR_ANY; /* or htonl(0x7f000001); */
> if (bind(sock2, (struct sockaddr *)&addr, sizeof(addr)))
> 	perror("bind2");
> }

Well, now if I send to 127.0.0.1, who gets the datagram? I guess sock2,
so it steals from sock1. What practical use does this have?

> Therefore, applications should not use REUSEADDR on unicast UDP, unless
> it is a non security issue (for example, if it is able to react to any
> new IP addresses added by the administrator on the machine, and complain
> loudly if another application could bind() before itself)

I don't think that in that case REUSEADDR would be useful because you
can already claim new addresses without it, either by binding a separate
socket to each IP or by binding to 0.0.0.0. Moreover the detection of
the "complain" case would be very tricky, at least on first sight.

> REUSADDR has a meaning for multicast, but for unicast... this is hardly
> useful ?

So would it be somehow possible to deliver the datagram to both sockets
(for example if they would be SO_BROADCAST as well)?


Michal Svoboda


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ