Problems with ephemeral port selection
Keith Arner
vornum at gmail.com
Mon Dec 3 16:15:34 UTC 2012
> Date: Sat, 01 Dec 2012 09:28:05 +0100
> From: Andre Oppermann <andre at freebsd.org>
>
> On 30.11.2012 15:09, Keith Arner wrote:
>> I've noticed some issues with ephemeral port number selection from
>> tcp_connect(),
>
> this is an excellent analysis. Could you please file it as a problem
> report too and post the PR-number here so we can better track it?
Done. PR-number is: kern/174087
> From: Fernando Gont <fernando at gont.com.ar>
> Subject: Re: Problems with ephemeral port selection
>
> Please take a look at the discussion on how to "steal" incomming
> connections in Section 3.1 of RFC 6056.
Fair point. I added your comment to kern/174087 when I filed it.
The points made in RFC 6056 actually answer a few outstanding
questions I had about why in_pcbbind_setup() behaves the way
it does. In particular, I previously couldn't figure out why it was
taking special consideration for unconnected sockets.
With that in mind, I believe the criteria for check_suitable_port()
(as described bt RFC 6056) should be*:
A candidate ephemeral port is suitable if and only if:
1) There is no other existing local socket with the same 5-tuple.
2) There is no local socket using the same local port number,
and with either a wildcard fport or wildcard faddr.
I had previously suggested using in_pcblookup_hash() as
a check_suitable_port() function. That would suffice for criterion
#1, but would fall short for criterion #2. Looks like we need
yet another pcb lookup function.
Keith
* Yes, I realize that my terminology freely mixes the abstract
concepts in the RFC with the concrete language of the FreeBSD
implementation.
--
"A problem well put is half solved."
More information about the freebsd-net
mailing list