Re: bind() udp behavior 2.6.8.1

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Adam Denenberg <adam@dberg.org>
To: Jan Engelhardt <jengelh@linux01.gwdg.de>
Cc: linux-kernel@vger.kernel.org
Subject: Re: bind() udp behavior 2.6.8.1
Date: Tue, 14 Dec 2004 11:42:18 -0500	[thread overview]
Message-ID: <1103042538.10965.27.camel@sucka> (raw)
In-Reply-To: <Pine.LNX.4.61.0412141700430.24308@yvahk01.tjqt.qr>

sorry "closed" was the wrong term here.  We are using a PIX Firewall
Module and it keeps a state table of all connections (tcp and udp). 
Thus when a new udp connection comes in with same high numbered source
port and the firewall has not removed that connection from its state
table, the firewall drops the packet.  The firewall needs about 60ms in
order to clear that connection from the state table, so if a second udp
request with the same high number port/ip comes thru before the firewall
clears the connection from the state table, it will drop the connection
(which is what we are seeing).

FreeBSD seems to increment future udp requests which prevents this
problem.  It just seems strange that the kernel would not randomize or
increment these source ports for udp requests.

has anyone encountered this issue?

thanks
adam

please CC me I am not on the list.

On Tue, 2004-12-14 at 11:04, Jan Engelhardt wrote:
> >Hello,
> >
> > I am not subscribed to this list so please CC me personally in
> >response. 
> >
> > I am noticing some odd behavior with linux 2.6.8.1 on a redhat 8 box
> >when making udp requests.  It seems subsequent udp calls are all
> >allocating the same source ephemeral udp port.  I believe the kernel
> >should be randomizing these (or incrementing) these ports for subsequent
> >requests.
> 
> No, you can have a fixed port for any socket. (It's just a question whether 
> you actually get the socket, because it might be in use.)
> 
> See http://linux01.org:2222/f/UHXT/examples/src/fastsock.c , which contains an 
> example on how to choose a fixed port.
> 
> >  We ran a test C program that just put a gethostbyname_r call
> >in a for loop of 40 calls and all 40 requests used the same UDP source
> >port (32789).
> 
> Looks normal to me. It might select a random port upon "libc invocation" and 
> use it for all further requests. This is in fact very valid, because UDP is 
> connectionless; packets can go from anywhere to anywhere without any 
> pre-work.
> 
> >  This is causing our firewall to drop some packets since
> >it thinks it already closed that connection due to too many transactions
> >using same udp source/dest port passing thru in too short a time frame.
> 
> Then, the firewall UDP implementation is broken. Note, an UDP connection *can 
> not be closed*, because it never was "open". If it's trying to do something 
> like 
> 	iptables -p udp -m state --state RELATED
> it is doing it wrong, because that is an impossible situation.
> 
> 
> Jan Engelhardt

next prev parent reply	other threads:[~2004-12-14 16:42 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-12-14 15:38 bind() udp behavior 2.6.8.1 Adam Denenberg
2004-12-14 16:04 ` Jan Engelhardt
2004-12-14 16:42   ` Adam Denenberg [this message]
2004-12-14 16:44     ` Jan Engelhardt
2004-12-14 17:01       ` Adam Denenberg
2004-12-14 17:10         ` Jan Engelhardt
2004-12-14 17:38           ` Adam Denenberg
2004-12-14 17:49             ` Jan Engelhardt
2004-12-15  0:43             ` Wichert Akkerman
2004-12-16  5:49             ` Willy Tarreau
2004-12-14 22:07         ` Kyle Moffett
2004-12-15  2:23           ` Adam Denenberg
2004-12-15  3:19             ` Kyle Moffett
2004-12-15 14:16               ` Adam Denenberg
2004-12-15 19:07                 ` Jan Harkes
2004-12-15 19:22                   ` Adam Denenberg
2004-12-15 20:06                     ` linux-os
2004-12-15 20:19                       ` Adam Denenberg
2004-12-15 20:45                         ` Doug McNaught
2004-12-15 20:48                           ` Adam Denenberg
2004-12-15 20:57                             ` Doug McNaught
2004-12-16  6:10                     ` Willy Tarreau
2004-12-16 14:24                   ` Adam Denenberg
2004-12-16 14:51                     ` Jan Harkes
2004-12-16 15:00                       ` Adam Denenberg
2004-12-16  6:03             ` Willy Tarreau
2004-12-16 14:17               ` Adam Denenberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1103042538.10965.27.camel@sucka \
    --to=adam@dberg.org \
    --cc=jengelh@linux01.gwdg.de \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox