ephemeral ports and port re-use for socket_wrapper emulated TCP bind()
Andrew Bartlett
abartlet at samba.org
Wed Oct 19 23:08:55 UTC 2016
I've found an interesting issue while working our Samba's RPC server.
I wanted to change Samba from listening only on 1024 to listening on
many ports for ncacn_ip_tcp so that I could multi-thread our netlogon
server.
The most practical way to do that is to have it listen on a distinct
socket.
However, because swrap_bind has the (new, at that point)
check_addr_port_in_use() function removed with an #if 0 by commit
064592d9cb6349e625b881cfcfab37b19d141ebe, no check is made to see if a
socket is available.
This means we just unilaterally unlink() the socket.
This broke this loop in stream_setup_socket() where we (yes, really...)
loop from 1024 up, binding on each port trying to get a free port!
https://git.samba.org/?p=samba.git;a=blob;f=source4/smbd/service_stream
.c;h=f0a379acf6a68be6f9296b0af51ecb1507dbfb5f;hb=HEAD#l334
In my patched case that put each ncacn_ip_tcp services on a new
endpoint (binding), it meant that we had 10 difference services
listening on 1024, the last of which was the only one actually able to
be contacted! :-)
So, given the limitations of unix domain sockets (it seems impossible
to determine without making a connect() if the socket is currently
bound by someone else), it seems the options are to:
1) specify the port in a config file
2) change the code to use 0 for a real ephemeral port and use the code
in swrap_auto_bind() to produce it
3) add some kind of lock file or (non-portably) use an fcntl() lock on
the socket to determine if it is bound.
I'm thinking to just do option 1 (with the advantage that many of our
users would like to be able to control these ports), but in the
meantime do you have any other suggestions?
Thanks,
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list