Reserved network ports
Posted Feb 26, 2010 13:56 UTC (Fri) by hppnq
In reply to: Reserved network ports
Parent article: Reserved network ports
how would you implement this in userspace without having to change every program (that uses ephemeral ports) on the system? Remember to include closed source and staticly linked programs in your solution.
Just to be clear: you need to reliably bind a specific fixed address in the ip_local_port_range to a socket, where a multitude of other processes may be competing for the same resource. If it is impossible to do this using whatever configuration options the software offers to move the desired port out of ip_local_port_range, or by starting it early enough, or through the use of another layer like inetd or a proxy and/or NAT, I wouldn't rule out admitting defeat and moving it to its own interface or even (virtual) system.
The measures mentioned here need to be considered anyway unless you have good reasons to assume that no other process will attempt to bind(reserved_port), and in any case it seems a bit more reasonable to expect software to honour the concept of an ephemeral port than it is to expect a kernel to facilitate programs that completely ignore it.
Of course, only a fool would run an important service on a fixed ephemeral port without taking additional measures to make sure it is actually the intended service handling the communication.
So to me, the more interesting question would be: what would you do if you had more than one of those programs you mention using the same fixed port number?
to post comments)