lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 21 Feb 2020 19:01:55 +0900
From:   Kuniyuki Iwashima <kuniyu@...zon.co.jp>
To:     <david.laight@...lab.com>
CC:     <davem@...emloft.net>, <edumazet@...gle.com>, <kuni1840@...il.com>,
        <kuniyu@...zon.co.jp>, <kuznet@....inr.ac.ru>,
        <netdev@...r.kernel.org>, <osa-contribution-log@...zon.com>,
        <yoshfuji@...ux-ipv6.org>
Subject: Re: [PATCH net-next 0/3] Improve bind(addr, 0) behaviour.

From: David Laight <David.Laight@...LAB.COM>
Date: Thu, 20 Feb 2020 17:11:46 +0000
> From: Kuniyuki Iwashima
> > Sent: 20 February 2020 15:20
> >
> > Currently we fail to bind sockets to ephemeral ports when all of the ports
> > are exhausted even if all sockets have SO_REUSEADDR enabled. In this case,
> > we still have a chance to connect to the different remote hosts.
> >
> > The second and third patches fix the behaviour to fully utilize all space
> > of the local (addr, port) tuples.
> 
> Would it make sense to only do this for the implicit bind() done
> when connect() is called on an unbound socket?
> In that case only the quadruplet of the local and remote addresses
> needs to be unique.

The function to reserve a epehemral port is different between bind() and
connect(). 

  bind    : inet_csk_find_open_port
  connect : __inet_hash_connect

The connect() cannot use ports which are consumed by bind()
because __inet_hash_connect() fails to get a port if tb->fastreuse or
or tb->fastreuseport is not -1, which only __inet_hash_connect() sets.
On the other hand, bind() can use ports which are used by connect().

Moreover, we can call bind() before connect() to decide which IP to use.
By setting IP_BIND_ADDRESS_NO_PORT to socket, we can defer getting a port
until connect() is called. However, this means that getting port
is done by __inet_hash_connect, so that connect() may fail to get a local 
port if it is reserved by bind(). So if we want to reuse ports consumed by
bind(), we have to call bind() to get ports.

Without this patch, we may fail to get a ephemeral port and to fail to 
bind() in such case we should be able to reuse a local port when connecting
to remote hosts.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ