Re: SO_REUSEADDR not allowing server and client to use same port

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Nebojsa Miljanovic

Subject: Re: SO_REUSEADDR not allowing server and client to use same port

Date: Monday, March 17, 2008 - 11:17 am

OK. I see. So, it would have to be some malicious application running together
with the server (i.e. on the same CPU). I do see now why you said it would be
very very hard to make this happen.

Still, it would be nice to introduce SO_REUSEPORT socket options so secure
servers (who happen to be clients as well) can re-use ports when necessary.

Another option would be to check if port re-use is happening inside same
application and allow it. That may make half of the folks happy, so I am not
sure if I like it as much as I like SO_REUSEPORT option.

Thanks,
Neb

On 3/17/2008 12:30 PM, Alan Cox wrote:
quoted text> On Mon, 17 Mar 2008 11:43:28 -0500
> Nebojsa Miljanovic <neb@alcatel-lucent.com> wrote:
> 
> 
>>Alan,
>>thanks. With that additional INFO, I was able to find detailed description of
>>this denial of service attack (attached below).
>>Just to clarify. Having this port re-use check prevents folks from launching
>>this attack as opposed to being victim of it?
> 
> 
> Different issue. I can hijack a connection.
> 
> Imagine I have a server bound to *.5000, and someone is about to connect.
> If on the server box I am able to bind and issue a connect outwards
> matching the inbound connection I will get the connection not the server.

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: SO_REUSEADDR not allowing server and client to use sam ..., Nebojsa Miljanovic, (Mon Mar 17, 11:17 am)

Re: SO_REUSEADDR not allowing server and client to use sam ..., Willy Tarreau, (Mon Mar 17, 10:48 pm)

Navigation

Popular discussions


linux-kernel:
Ken Chen	[patch] sched: fix inconsistency when redistribute per-cpu tg->cfs_rq shares.
Ingo Molnar	Re: [PATCH v3] x86: merge the simple bitops and move them to bitops.h
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Andi Kleen	Re: - romsignature-checksum-cleanup-2.patch removed from -mm tree
Stefano Stabellini	Re: [PATCH 09/22] xen: Find an unbound irq number in reverse order (high to low).
git:
Junio C Hamano	Re: Teach "git checkout" to use git-show-ref
Christian Jaeger	Re: Problem with Git.pm bidi_pipe methods
Linus Torvalds	[PATCH 1/7] Make unpack_trees_options bit flags actual bitfields
Jon Smirl	stgit: managing signed-off-by lines
Junio C Hamano	GIT 1.4.3-rc2
git-commits-head:
Linux Kernel Mailing List	MIPS: Bonito64: Make Loongson independent from Bonito64 code.
Linux Kernel Mailing List	iwlwifi: initialize spinlock before use
Linux Kernel Mailing List	i2c-i801: Add Intel Cougar Point device IDs
Linux Kernel Mailing List	drm/i915: Add information on pinning and fencing to the i915 list debug.
Linux Kernel Mailing List	cirrusfb: GD5434 (aka SD64) support fixed
linux-netdev:
Gerrit Renker	v2 [PATCH 1/4] dccp: Limit feature negotiation to connection setup phase
Richard Cochran	Re: [PATCH v3 3/3] ptp: Added a clock that uses the eTSEC found on the MPC85xx.
Inaky Perez-Gonzalez	[PATCH 40/40] wimax/i2400m: add CREDITS and MAINTAINERS entries
Sathya Perla	[PATCH net-next-2.6] be2net: add multiple RX queue support
Changli Gao	Re: [PATCH 3/3] ifb: move tq from ifb_private
freebsd-current:
Boris Samorodov	Re: twa + dump = sbwait
韓家標 Bill Hacker	Re: ZFS honesty
Bjoern A. Zeeb	Re: Can not boot 7.0-BETA3 with IPSEC
rmgls	man usb2_core(4)
Sam Leffler	Re: Lots of "ath0: bad series0 hwrate 0x1b" in 8.0-BETA2

Colocation donated by:

Syndicate