diff options
author | peter <peter@FreeBSD.org> | 1996-02-22 21:32:23 +0000 |
---|---|---|
committer | peter <peter@FreeBSD.org> | 1996-02-22 21:32:23 +0000 |
commit | fe35eac01c2144b50535ae23a00660c11524fd22 (patch) | |
tree | 00ca04534534b22254d22056ecd77387d0c0ec90 /sys/netinet/in.h | |
parent | f7cfae926eb054cccf8e9a58065b4e8a2874d530 (diff) | |
download | FreeBSD-src-fe35eac01c2144b50535ae23a00660c11524fd22.zip FreeBSD-src-fe35eac01c2144b50535ae23a00660c11524fd22.tar.gz |
Make the default behavior of local port assignment match traditional
systems (my last change did not mix well with some firewall
configurations). As much as I dislike firewalls, this is one thing I
I was not prepared to break by default.. :-)
Allow the user to nominate one of three ranges of port numbers as
candidates for selecting a local address to replace a zero port number.
The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg)
call. The three ranges are: default, high (to bypass firewalls) and
low (to get a port below 1024).
The default and high port ranges are sysctl settable under sysctl
net.inet.ip.portrange.*
This code also fixes a potential deadlock if the system accidently ran out
of local port addresses. It'd drop into an infinite while loop.
The secure port selection (for root) should reduce overheads and increase
reliability of rlogin/rlogind/rsh/rshd if they are modified to take
advantage of it.
Partly suggested by: pst
Reviewed by: wollman
Diffstat (limited to 'sys/netinet/in.h')
-rw-r--r-- | sys/netinet/in.h | 62 |
1 files changed, 48 insertions, 14 deletions
diff --git a/sys/netinet/in.h b/sys/netinet/in.h index 48f5fab..b557684 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)in.h 8.3 (Berkeley) 1/3/94 - * $Id: in.h,v 1.13 1995/11/14 20:33:57 phk Exp $ + * $Id: in.h,v 1.14 1996/01/19 08:00:57 peter Exp $ */ #ifndef _NETINET_IN_H_ @@ -66,27 +66,52 @@ /* * Local port number conventions: + * + * When a user does a bind(2) or connect(2) with a port number of zero, + * a non-conflicting local port address is chosen. + * The default range is IPPORT_RESERVED through + * IPPORT_USERRESERVED, although that is settable by sysctl. + * + * A user may set the IPPROTO_IP option IP_PORTRANGE to change this + * default assignment range. + * + * The value IP_PORTRANGE_DEFAULT causes the default behavior. + * + * The value IP_PORTRANGE_HIGH changes the range of candidate port numbers + * into the "high" range. These are reserved for client outbound connections + * which do not want to be filtered by any firewalls. + * + * The value IP_PORTRANGE_LOW changes the range to the "low" are + * that is (by convention) restricted to privileged processes. This + * convention is based on "vouchsafe" principles only. It is only secure + * if you trust the remote host to restrict these ports. + * + * The default range of ports and the high range can be changed by + * sysctl(3). (net.inet.ip.port{hi}{first,last}_auto) + * + * Changing those values has bad security implications if you are + * using a a stateless firewall that is allowing packets outside of that + * range in order to allow transparent outgoing connections. + * + * Such a firewall configuration will generally depend on the use of these + * default values. If you change them, you may find your Security + * Administrator looking for you with a heavy object. + */ + +/* * Ports < IPPORT_RESERVED are reserved for - * privileged processes (e.g. root). + * privileged processes (e.g. root). (IP_PORTRANGE_LOW) * Ports > IPPORT_USERRESERVED are reserved - * for servers, not necessarily privileged. + * for servers, not necessarily privileged. (IP_PORTRANGE_DEFAULT) */ #define IPPORT_RESERVED 1024 #define IPPORT_USERRESERVED 5000 /* - * Range of ports for automatic assignment to local addresses that - * have not explicitly specified an address. - * - * These can be overridden at kernel config time, and are used to init - * sysctl variables. The sysctl variables can be changed at runtime. + * Default local port range to use by setting IP_PORTRANGE_HIGH */ -#ifndef IPPORT_FIRSTAUTO -#define IPPORT_FIRSTAUTO 20000 -#endif -#ifndef IPPORT_LASTAUTO -#define IPPORT_LASTAUTO 30000 -#endif +#define IPPORT_HIFIRSTAUTO 40000 +#define IPPORT_HILASTAUTO 44999 /* * Internet address (a structure for historical reasons) @@ -183,6 +208,7 @@ struct ip_opts { #define IP_RSVP_OFF 16 /* disable RSVP in kernel */ #define IP_RSVP_VIF_ON 17 /* set RSVP per-vif socket */ #define IP_RSVP_VIF_OFF 18 /* unset RSVP per-vif socket */ +#define IP_PORTRANGE 19 /* int; range to choose for unspec port */ /* * Defaults and limits for options @@ -200,6 +226,14 @@ struct ip_mreq { }; /* + * Argument for IP_PORTRANGE: + * - which range to search when port is unspecified at bind() or connect() + */ +#define IP_PORTRANGE_DEFAULT 0 /* default range */ +#define IP_PORTRANGE_HIGH 1 /* "high" - request firewall bypass */ +#define IP_PORTRANGE_LOW 2 /* "low" - vouchsafe security */ + +/* * Definitions for inet sysctl operations. * * Third level is protocol number. |