Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7bc027e5 authored by Subash Abhinov Kasiviswanathan's avatar Subash Abhinov Kasiviswanathan
Browse files

net: Fail explicit bind to local reserved ports 



Reserved ports may have some special use cases which are not suitable
for use by general userspace applications. Currently, ports specified
in ip_local_reserved_ports will not be returned only in case of
automatic port assignment.

Add a boolean sysctl flag 'reserved_port_bind'. Default value is 1
which preserves the existing behavior. Setting the value to 0 will
prevent userspace applications from binding to these ports even when
they are explicitly requested.

CRs-Fixed: 2156182
BUG=20663075
Change-Id: Ib1071ca5bd437cd3c4f71b56147e4858f3b9ebec
Signed-off-by: default avatarSubash Abhinov Kasiviswanathan <subashab@codeaurora.org>
parent 32213322

Documentation/networking/ip-sysctl.txt

+5 −0
Original line number Diff line number Diff line
@@ -857,6 +857,11 @@ ip_unprivileged_port_start - INTEGER 


	Default: 1024



reserved_port_bind - BOOLEAN

	If set, allows explicit bind requests to applications requesting

	any port within the range of ip_local_reserved_ports.

	Default: 1



ip_nonlocal_bind - BOOLEAN

	If set, allows processes to bind() to non-local IP addresses,

	which can be quite useful - but may break some applications.

include/net/ip.h

+2 −0
Original line number Diff line number Diff line
@@ -295,6 +295,8 @@ static inline int inet_prot_sock(struct net *net) 


__be32 inet_current_timestamp(void);



extern int sysctl_reserved_port_bind;



/* From inetpeer.c */

extern int inet_peer_threshold;

extern int inet_peer_minttl;

net/ipv4/af_inet.c

+2 −0
Original line number Diff line number Diff line
@@ -136,6 +136,8 @@ static inline int current_has_network(void) 
}

#endif



int sysctl_reserved_port_bind __read_mostly = 1;



/* The inetsw table contains everything that inet_create needs to

 * build a new socket.

 */

net/ipv4/inet_connection_sock.c

+7 −0
Original line number Diff line number Diff line
@@ -301,6 +301,13 @@ int inet_csk_get_port(struct sock *sk, unsigned short snum) 
	head = &hinfo->bhash[inet_bhashfn(net, port,

					  hinfo->bhash_size)];

	spin_lock_bh(&head->lock);



	if (inet_is_local_reserved_port(net, snum) &&

	    !sysctl_reserved_port_bind) {

		ret = 1;

		goto fail_unlock;

	}



	inet_bind_bucket_for_each(tb, &head->chain)

		if (net_eq(ib_net(tb), net) && tb->port == port)

			goto tb_found;

net/ipv4/sysctl_net_ipv4.c

+7 −0
Original line number Diff line number Diff line
@@ -893,6 +893,13 @@ static struct ctl_table ipv4_net_table[] = { 
		.mode		= 0644,

		.proc_handler	= proc_do_large_bitmap,

	},

	{

		.procname       = "reserved_port_bind",

		.data           = &sysctl_reserved_port_bind,

		.maxlen         = sizeof(int),

		.mode           = 0644,

		.proc_handler   = proc_dointvec

	},

	{

		.procname	= "ip_no_pmtu_disc",

		.data		= &init_net.ipv4.sysctl_ip_no_pmtu_disc,