LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Reserved network ports

Reserved network ports

Posted Apr 1, 2012 0:59 UTC (Sun) by foom (subscriber, #14868)
In reply to: Reserved network ports by nix
Parent article: Reserved network ports

You're conflating two different issues. The file "bindresvport.blacklist" is for the "bindresvport" function only, which allows binding a port < 1024. This function is not implemented in the kernel, it's entirely in glibc. Furthermore, programs using it are rather rare: it's basically only ever used by a few portmap-based programs, like NFS or yp.

This new kernel functionality is for the much more common case of basically every program that makes outgoing connections (or does a bind with port specified as 0).

So the kernel functionality does not obsolete bindresvport, and bindresvport does not allow doing what the kernel functionality does.

The bindresvport workaround is necessary, because there isn't really any unallocated space < 1024.

The kernel workaround should really not be necessary, since nobody should actually be allocating fixed ports > 32k. Those are reserved for ephemeral allocation, and there's plenty of <32k ports that people could be using instead. But, a glance in /etc/services shows quite a few *official* services with such ports assigned, never mind all the random ports private services might be incorrectly using. So...despite it being terrible that it's necessary, this feature does sound useful.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds