Date: Sun, 16 May 2004 18:16:58 +0400 From: Yar Tikhiy <yar@comp.chem.msu.su> To: arch@freebsd.org, net@freebsd.org Cc: Eugene Grosbein <eugen@grosbein.pp.ru> Subject: TIME_WAIT sockets from other users (was Re: bin/65928: [PATCH] stock ftpd uses superuser credentials for active mode sockets) Message-ID: <20040516141658.GA39893@comp.chem.msu.su> In-Reply-To: <20040515182157.GB89625@comp.chem.msu.su> References: <20040508034514.GA937@grosbein.pp.ru> <Pine.BSF.4.53.0405080636010.66978@e0-0.zab2.int.zabbadoz.net> <20040508132354.GB44214@comp.chem.msu.su> <20040515182157.GB89625@comp.chem.msu.su>
next in thread | previous in thread | raw e-mail | index | archive | help
Note for the impatient: This message does not discuss the well-known
issue of reusing local addresses through setting SO_REUSEADDR. This
message is on reusing local addresses occupied by sockets belonging
to other users.
On Sat, May 15, 2004 at 10:21:57PM +0400, Yar Tikhiy wrote:
>
> Attached below is a patch addressing the issue of the inability to
> reuse a local IP:port couple occupied by an established TCP connection
> from another user, but by no listeners. Could anybody with fair
> understanding of our TCP/IP stack review it please? Thanks.
>
> --
> Yar
>
> Index: in_pcb.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/netinet/in_pcb.c,v
> retrieving revision 1.146
> diff -u -p -r1.146 in_pcb.c
> --- in_pcb.c 23 Apr 2004 23:29:49 -0000 1.146
> +++ in_pcb.c 15 May 2004 17:37:18 -0000
> @@ -340,6 +340,8 @@ in_pcbbind_setup(inp, nam, laddrp, lport
> return (EADDRINUSE);
> } else
> if (t &&
> + (so->so_type != SOCK_STREAM ||
> + ntohl(t->inp_faddr.s_addr) == INADDR_ANY) &&
> (ntohl(sin->sin_addr.s_addr) != INADDR_ANY ||
> ntohl(t->inp_laddr.s_addr) != INADDR_ANY ||
> (t->inp_socket->so_options &
One more detail to note:
Currently if another user's socket is in the TIME_WAIT state, it
still counts as occupying the local IP:port couple. I cannot see
the point of such a behaviour. Restricting bind() is to disallow
unprivileged port stealth, but how can one steal a connection in
the TIME_WAIT state?
For FreeBSD-4 the above patch would take care of this case along
with established connections, but in CURRENT TIME_WAIT connections
are a special case since they no longer use full-blown state.
Therefore, for CURRENT the above patch mutates into the below one.
Do I have a point?
--
Yar
Index: in_pcb.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/in_pcb.c,v
retrieving revision 1.146
diff -u -p -r1.146 in_pcb.c
--- in_pcb.c 23 Apr 2004 23:29:49 -0000 1.146
+++ in_pcb.c 16 May 2004 13:33:33 -0000
@@ -332,14 +332,10 @@ in_pcbbind_setup(inp, nam, laddrp, lport
* XXX
* This entire block sorely needs a rewrite.
*/
- if (t && (t->inp_vflag & INP_TIMEWAIT)) {
- if ((ntohl(sin->sin_addr.s_addr) != INADDR_ANY ||
- ntohl(t->inp_laddr.s_addr) != INADDR_ANY ||
- (intotw(t)->tw_so_options & SO_REUSEPORT) == 0) &&
- (so->so_cred->cr_uid != intotw(t)->tw_cred->cr_uid))
- return (EADDRINUSE);
- } else
if (t &&
+ ((t->inp_vflag & INP_TIMEWAIT) == 0) &&
+ (so->so_type != SOCK_STREAM ||
+ ntohl(t->inp_faddr.s_addr) == INADDR_ANY) &&
(ntohl(sin->sin_addr.s_addr) != INADDR_ANY ||
ntohl(t->inp_laddr.s_addr) != INADDR_ANY ||
(t->inp_socket->so_options &
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040516141658.GA39893>