From 0a03fceb093d061b0a1289604bfb78a198960d0b Mon Sep 17 00:00:00 2001 From: Flavio Leitner Date: Tue, 12 Feb 2013 22:43:21 +0100 Subject: [PATCH] ip.7: Improve explanation about calling listen() or connect() Problem: When connect(2) is executed, the local port number may duplicate. How reproducible: When using parameter "net.ipv4.ip_local_port_range", a client may use the same port to connect to the different sessions on the localhost. Steps to Reproduce: 1.Change "net.ipv4.ip_local_port_range". [Example] net.ipv4.ip_local_port_range = 32768 32770 2.Connect to any two ports of LISTEN by telnet command. [Example] # netstat -antp | grep LISTEN tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 2828/smbd tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2800/vsftpd # # telnet 127.0.0.1 139 # telnet 127.0.0.1 21 # telnet 127.0.0.1 21 3.Duplication of a local transmission port. [Example] # netstat -antp tcp 0 0 127.0.0.1:32769 127.0.0.1:139 ESTABLISHED 18147/telnet tcp 0 0 127.0.0.1:32769 127.0.0.1:21 ESTABLISHED 18157/telnet Actual results: The local port number may duplicate. Expected results: The local port number doesn't duplicate. Additional info: [Investigation] "man 7 ip" contains following text: ----------------------------------------------------------------- When listen(2) or connect(2) are called on an unbound socket, it is automatically bound to a random free port with the local address set to INADDR_ANY. ----------------------------------------------------------------- Although indicated as "it is automatically bound to a random free port", the port number which is not free like in a reproduce procedure may be bound. Therefore, based on the description of this "man 7 ip", it can be judged that it is bug to use the local port where the process duplicated. --- Comment by Leitner, Flavio on 2/7/2012 2:55 PM --- It's allowed to have multiple tasks using the same port (as a result of calling connect(2)) as long as the other connection information (4-tuple) differs to resolve the conflict. Thus, it must be an unique 4-tuple consisting of source and destination IP addresses and port numbers to not conflict. In the example, the dest port is different. tcp 0 0 127.0.0.1:32769 127.0.0.1:139 ESTABLISHED 18147/telnet tcp 0 0 127.0.0.1:32769 127.0.0.1:21 ESTABLISHED 18157/telnet Reported-by: Peter Schiffer Signed-off-by: Michael Kerrisk --- man7/ip.7 | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/man7/ip.7 b/man7/ip.7 index ede006cee..8a17e1254 100644 --- a/man7/ip.7 +++ b/man7/ip.7 @@ -93,12 +93,11 @@ For you may specify a valid IANA IP protocol defined in RFC\ 1700 assigned numbers. .PP -.\" FIXME ip current does an autobind in listen, but I'm not sure -.\" if that should be documented. When a process wants to receive new incoming packets or connections, it should bind a socket to a local interface address using .BR bind (2). -Only one IP socket may be bound to any given local (address, port) pair. +In this case, only one IP socket may be bound to any given local +(address, port) pair. When .B INADDR_ANY is specified in the bind call, the socket will be bound to @@ -106,10 +105,14 @@ is specified in the bind call, the socket will be bound to local interfaces. When .BR listen (2) -or +is called on an unbound socket, the socket is automatically bound +to a random free port with the local address set to +.BR INADDR_ANY . +When .BR connect (2) -are called on an unbound socket, it is automatically bound to a -random free port with the local address set to +is called on an unbound socket, the socket is automatically bound +to a random free port or an usable shared port with the local address +set to .BR INADDR_ANY . A TCP local socket address that has been bound is unavailable for