lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20221221-sockopt-port-range-v1-0-e2b094b60ffd@cloudflare.com>
Date:   Fri,  6 Jan 2023 11:37:36 +0100
From:   Jakub Sitnicki <jakub@...udflare.com>
To:     netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>
Cc:     kernel-team@...udflare.com
Subject: [PATCH net-next 0/2] Add IP_LOCAL_PORT_RANGE socket option

This patch set is a follow up to the "How to share IPv4 addresses by
partitioning the port space" talk given at LPC 2022 [1].

Please see patch #1 for the motivation & the use case description.
Patch #2 adds tests exercising the new option in various scenarios.

If the changes were to be accepted, here is the proposed update to the ip(7)
man-page:

  IP_LOCAL_PORT_RANGE (since Linux X.Y)
         Set  or get the per-socket default local port range. This option
         can be used to clamp down the global local port  range,  defined
         by  the ip_local_port_range /proc interface described below, for
         a socket. The option takes a uint32_t value  with  the  high  16
         bits  set  to  the upper range bound, and the low 16 bits set to
         the lower range bound. Range bounds are inclusive. If the speciā€
         fied  high  or  low  bound  is  outside of the global local port
         range, or is set to zero, the set bound has no effect.

Changelog:
---------
RFC -> v1
RFC: https://lore.kernel.org/netdev/20220912225308.93659-1-jakub@cloudflare.com/

 * Allow either the high bound or the low bound, or both, to be zero
 * Add getsockopt support
 * Add selftests

Links:
------
[1]: https://lpc.events/event/16/contributions/1349/

To: netdev@...r.kernel.org
To: "David S. Miller" <davem@...emloft.net>
To: Eric Dumazet <edumazet@...gle.com>
To: Jakub Kicinski <kuba@...nel.org>
To: Paolo Abeni <pabeni@...hat.com>
Cc: kernel-team@...udflare.com
Signed-off-by: Jakub Sitnicki <jakub@...udflare.com>

---
Jakub Sitnicki (2):
      inet: Add IP_LOCAL_PORT_RANGE socket option
      selftests/net: Cover the IP_LOCAL_PORT_RANGE socket option

 include/net/inet_sock.h                            |   4 +
 include/net/ip.h                                   |   3 +-
 include/uapi/linux/in.h                            |   1 +
 net/ipv4/inet_connection_sock.c                    |  22 +-
 net/ipv4/inet_hashtables.c                         |   2 +-
 net/ipv4/ip_sockglue.c                             |  18 +
 net/ipv4/udp.c                                     |   2 +-
 tools/testing/selftests/net/Makefile               |   2 +
 tools/testing/selftests/net/ip_local_port_range.c  | 439 +++++++++++++++++++++
 tools/testing/selftests/net/ip_local_port_range.sh |   5 +
 10 files changed, 493 insertions(+), 5 deletions(-)
---
base-commit: 3d759e9e24c38758abc19a4f5e1872a6460d5745
change-id: 20221221-sockopt-port-range-e142de700f4d

Best regards,
-- 
Jakub Sitnicki <jakub@...udflare.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ