Date: Fri, 02 May 1997 12:37:39 PDT From: Craig Leres <leres@ee.lbl.gov> To: bugs@freebsd.org Subject: reserved port behavior change Message-ID: <199705021937.MAA17182@hot.ee.lbl.gov>
next in thread | raw e-mail | index | archive | help
At some point between 2.2 and 2.2.1, the last reserved port used by
in_pcbbind() was changed from 512 to 600. The reason I noticed this is
because the kernel shell port is 544 and all my kerberos kshell
applications stopped working. Although I don't want to install them
suid to root, this makes some of them work.
There's a comment that says something about 512 not being good for
firewalls. All other versions of Unix I'm aware uses 512 and making
this change to freebsd means that there will be some applications that
work everywhere but under freebsd. I suspect even firewall packages
will have to know the difference between new freebsd, old freebsd and
everybody else.
This change doesn't seem like a good idea at all... Especially since
the value can be changed with sysctl; which means the minority of the
freebsd population that run firewalls and need to have the last
reserved port be higher than 512 can change it. But changing the
default from its historic value is a mistake.
Craig
------
***************
*** 174,191 ****
ushort first, last;
int count;
if (inp->inp_flags & INP_HIGHPORT) {
first = ipport_hifirstauto; /* sysctl */
last = ipport_hilastauto;
} else if (inp->inp_flags & INP_LOWPORT) {
if (error = suser(p->p_ucred, &p->p_acflag))
return (EACCES);
! first = IPPORT_RESERVED - 1; /* 1023 */
! last = IPPORT_RESERVED / 2; /* traditional - 512 */
! *lastport = first; /* restart each time */
} else {
first = ipport_firstauto; /* sysctl */
last = ipport_lastauto;
}
/*
* Simple check to ensure all ports are not used up causing
--- 201,222 ----
ushort first, last;
int count;
+ inp->inp_flags |= INP_ANONPORT;
+
if (inp->inp_flags & INP_HIGHPORT) {
first = ipport_hifirstauto; /* sysctl */
last = ipport_hilastauto;
+ lastport = &inp->inp_pcbinfo->lasthi;
} else if (inp->inp_flags & INP_LOWPORT) {
if (error = suser(p->p_ucred, &p->p_acflag))
return (EACCES);
! first = ipport_lowfirstauto; /* 1023 */
! last = ipport_lowlastauto; /* 600 */
! lastport = &inp->inp_pcbinfo->lastlow;
} else {
first = ipport_firstauto; /* sysctl */
last = ipport_lastauto;
+ lastport = &inp->inp_pcbinfo->lastport;
}
/*
* Simple check to ensure all ports are not used up causing
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705021937.MAA17182>