lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20230201123634.284689-1-jakub@cloudflare.com>
Date:   Wed,  1 Feb 2023 13:36:34 +0100
From:   Jakub Sitnicki <jakub@...udflare.com>
To:     Alejandro Colomar <alx.manpages@...il.com>,
        Michael Kerrisk <mtk.manpages@...il.com>
Cc:     linux-man@...r.kernel.org, netdev@...r.kernel.org,
        kernel-team@...udflare.com
Subject: [PATCH] ip.7: Document IP_LOCAL_PORT_RANGE socket option

Linux commit 91d0b78c5177 ("inet: Add IP_LOCAL_PORT_RANGE socket option")
introduced a new socket option available for AF_INET and AF_INET6 sockets.

Option will be available starting from Linux 6.3. Document it.

Signed-off-by: Jakub Sitnicki <jakub@...udflare.com>
---
Submitting this man page update as the author of the feature.

We did a technical review of the man page text together with the code [1].

[1]: https://lore.kernel.org/all/20221221-sockopt-port-range-v6-0-be255cc0e51f@cloudflare.com/
---
 man7/ip.7 | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/man7/ip.7 b/man7/ip.7
index f69af1b32..f166c3b57 100644
--- a/man7/ip.7
+++ b/man7/ip.7
@@ -439,6 +439,27 @@ and
 .B IP_TOS
 are ignored.
 .TP
+.BR IP_LOCAL_PORT_RANGE " (since Linux 6.3)"
+Set or get the per-socket default local port range. This option can be used to
+clamp down the global local port range, defined by the
+.I ip_local_port_range
+.I /proc
+interface described below, for a given socket.
+.IP
+The option takes an
+.I uint32_t
+value with the high 16 bits set to the upper range bound, and the low 16 bits
+set to the lower range bound. Range bounds are inclusive. The 16-bit values
+should be in host byte order.
+.IP
+The lower bound has to be less than the upper bound when both bounds are not
+zero. Otherwise, setting the option fails with EINVAL.
+.IP
+If either bound is outside of the global local port range, or is zero, then that
+bound has no effect.
+.IP
+To reset the setting, pass zero as both the upper and the lower bound.
+.TP
 .BR IP_MSFILTER " (since Linux 2.4.22 / 2.5.68)"
 This option provides access to the advanced full-state filtering API.
 Argument is an
-- 
2.39.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ