lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1271176600.16881.533.camel@edumazet-laptop>
Date:	Tue, 13 Apr 2010 18:36:40 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Michal Svoboda <michal.svoboda@...nts.felk.cvut.cz>
Cc:	netdev@...r.kernel.org
Subject: Re: SO_REUSEADDR with UDP (again)

Le mardi 13 avril 2010 à 18:23 +0200, Michal Svoboda a écrit :
> Eric Dumazet wrote:
> > sock1 = socket(AF_INET, SOCK_DGRAM, 0);
> > setsockopt(sock1, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
> > addr.sin_addr.s_addr = htonl(0x7f000001);
> > if (bind(sock1, (struct sockaddr *)&addr, sizeof(addr)))
> > 	perror("bind1");
> > 
> > sock2 = socket(AF_INET, SOCK_DGRAM, 0);
> > setsockopt(sock2, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
> > addr.sin_addr.s_addr = INADDR_ANY; /* or htonl(0x7f000001); */
> > if (bind(sock2, (struct sockaddr *)&addr, sizeof(addr)))
> > 	perror("bind2");
> > }
> 
> Well, now if I send to 127.0.0.1, who gets the datagram? I guess sock2,
> so it steals from sock1. What practical use does this have?
> 

No, sock1 will get the frame.

In udp receive (kernel), we chose the socket with highest score.
A socket bound to an IP address (not 0.0.0.0) has a bonus.
A connected socket has an extra bonus.
A socket bound to a device has an extra bonus.

> > Therefore, applications should not use REUSEADDR on unicast UDP, unless
> > it is a non security issue (for example, if it is able to react to any
> > new IP addresses added by the administrator on the machine, and complain
> > loudly if another application could bind() before itself)
> 
> I don't think that in that case REUSEADDR would be useful because you
> can already claim new addresses without it, either by binding a separate
> socket to each IP or by binding to 0.0.0.0. Moreover the detection of
> the "complain" case would be very tricky, at least on first sight.
> 
> > REUSADDR has a meaning for multicast, but for unicast... this is hardly
> > useful ?
> 
> So would it be somehow possible to deliver the datagram to both sockets
> (for example if they would be SO_BROADCAST as well)?

Not without a change in kernel. AFAIK no other OS do that anyway.


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ