From: Thorsten Kukuk <kukuk@suse.de>
To: Guillem Jover <gjover@sipwise.com>,
Steve Dickson <SteveD@RedHat.com>,
libtirpc-devel@lists.sourceforge.net, linux-nfs@vger.kernel.org
Subject: Re: [Libtirpc-devel] [PATCH] Do not bind to reserved ports registered in /etc/services
Date: Fri, 12 Jan 2018 20:12:47 +0100 [thread overview]
Message-ID: <20180112191247.GA9828@suse.de> (raw)
In-Reply-To: <20180112184151.GA10261@thunder.hadrons.org>
On Fri, Jan 12, Guillem Jover wrote:
> On Thu, 2018-01-11 at 10:18:46 -0500, Steve Dickson wrote:
> > Overall I think this makes sense, but this eliminates 240 privilege
> > ports and worried we would run out of port (due to them in TIME_WAIT)
> > during a v3 mount storms. A port goes into TIME_WAIT after a v3 mount
> > is done... But on the other hand v3 is no longer the default and
> > there are 784 available ports.... Hopefully that is enough.
>
> Hmm, those numbers do not match my own. bindresvport() uses the port
> range between 512 and 1023 inclusive. On my Debian stable (stretch)
> and unstable systems these are the number of registered ports in
> /etc/services:
>
> ,---
> # UDP
> $ awk '/^[^#]/ { print $2 }' /etc/services | \
> sed -n -e 's,/udp,,p' | \
> while read port; do if [ $port -ge 512 -a $port -lt 1024 ]; \
> then echo $port; fi; done | sort -u | wc -l
> 31
> # TCP
> $ awk '/^[^#]/ { print $2 }' /etc/services | \
> sed -n -e 's,/tcp,,p' | \
> while read port; do if [ $port -ge 512 -a $port -lt 1024 ]; \
> then echo $port; fi; done | sort -u | wc -l
> 48
> `---
This numbers are only low, since Debian is using a hand selected
/etc/services file with most entries missing. But your change
would not be limited to libtirpc on Debian.
I have 276 for TCP and 276 for UDP, that's much, much more. So
already about 50% of the available range.
Thorsten
--
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & CaaSP
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg)
next prev parent reply other threads:[~2018-01-12 19:12 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-10 0:49 [PATCH] Do not bind to reserved ports registered in /etc/services Guillem Jover
2018-01-11 15:18 ` Steve Dickson
2018-01-12 18:41 ` Guillem Jover
2018-01-12 19:12 ` Thorsten Kukuk [this message]
2018-01-12 19:19 ` Tom Talpey
2018-02-08 18:07 ` Chuck Lever
2018-02-08 18:36 ` Chuck Lever
2018-03-06 18:09 ` Chuck Lever
2018-03-08 20:24 ` J. Bruce Fields
2018-03-08 21:26 ` J. Bruce Fields
2018-03-08 21:28 ` [Libtirpc-devel] " Chuck Lever
2018-03-08 21:35 ` Bruce Fields
2018-01-11 15:50 ` Chuck Lever
2018-01-12 18:05 ` Guillem Jover
2018-01-12 19:12 ` Chuck Lever
2018-01-12 21:12 ` [Libtirpc-devel] " Thorsten Kukuk
2018-01-12 21:14 ` Chuck Lever
2018-01-12 21:30 ` Matt Benjamin
2018-01-12 22:08 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180112191247.GA9828@suse.de \
--to=kukuk@suse.de \
--cc=SteveD@RedHat.com \
--cc=gjover@sipwise.com \
--cc=libtirpc-devel@lists.sourceforge.net \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.