Page MenuHomeFreeBSD
Differential D47832

inpcb: Remove bogus SO_REUSEPORT(_LB) checks in in_pcbbind()
Needs ReviewPublic
Actions

Authored by markj on Thu, Nov 28, 9:12 PM.

Details

Reviewers
glebius
Group Reviewers
network
Summary

This check for SO_REUSEPORT was added way back in commit 52b65dbe85faf.
Per the commit log, this commit restricted this port-stealing check to
unicast addresses, and then only if the existing socket does not have
SO_REUSEPORT set. In other words, if there exists a socket bound to
INADDR_ANY, and we bind a socket to INADDR_ANY with the same port, then
the two sockets need not be owned by the same user if the existing
socket has SO_REUSEPORT set.

This is a surprising semantic; bugzilla PR 7713 gives some additional
context. That PR makes a case for the behaviour described above when
binding to a multicast address. But, the SO_REUSEPORT check is only
applied when binding to a non-multicast address, so it doesn't really
make sense. In the PR the committer notes that "unicast applications
don't set SO_REUSEPORT", which makes some sense, but also refers to
"multicast applications that bind to INADDR_ANY", which sounds a bit
suspicious.

OpenBSD performs the multicast check, but not the SO_REUSEPORT check.
DragonflyBSD removed the SO_REUSEPORT (and INADDR_ANY) checks back in
2014 (commit 0323d5fde12a4). NetBSD explicitly copied our logic and
still has it.

The plot thickens: 20 years later, SO_REUSEPORT_LB was ported from
DragonflyBSD: this option provides similar semantics to SO_REUSEPORT,
but for unicast addresses it causes incoming connections/datagrams to be
distributed among all sockets in the group. This commit (1a43cff92a20d)
inverted the check for SO_REUSEPORT while adding one for
SO_REUSEPORT_LB; this appears to have been inadvertent. However:

  • apparently no one has noticed that the semantics were changed;
  • sockets belonging to different users can now be bound to the same port so long as they belong to a single lbgroup bound to INADDR_ANY, which is absolutely not right.

Simply remove the SO_REUSEPORT(_LB) checks, as their original
justification was dubious and their current implementation is wrong; add
some tests.

I am still not sure why exactly we skip the check if both sockets are
bound to INADDR_ANY, and I think it doesn't make sense either. See the
XXX comment in the regression test.

Sponsored by: Klara, Inc.
Sponsored by: Stormshield

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 60867
Build 57751: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
netinet/
4 lines
netinet6/
4 lines
tests/
sys/
netinet/
240 lines

Diff 147134

View Options

sys/netinet/in_pcb.c

Loading...
View Options

sys/netinet6/in6_pcb.c

Loading...
View Options

tests/sys/netinet/socket_afinet.c

Loading...