From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.4 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0572AC43603 for ; Thu, 19 Dec 2019 09:35:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id BFE1B24686 for ; Thu, 19 Dec 2019 09:35:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TRVX4Lc8" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726797AbfLSJf0 (ORCPT ); Thu, 19 Dec 2019 04:35:26 -0500 Received: from mail-il1-f196.google.com ([209.85.166.196]:34605 "EHLO mail-il1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726618AbfLSJf0 (ORCPT ); Thu, 19 Dec 2019 04:35:26 -0500 Received: by mail-il1-f196.google.com with SMTP id s15so4327521iln.1 for ; Thu, 19 Dec 2019 01:35:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=a2DXLhWG+1I/sxJa6YFBWn4bUqJF9bmSM3jLRi/c7dc=; b=TRVX4Lc8Y8ErxPbU6eqBYH6CyQy+QfNXWoP+LLwz0l1EvzGtkuSE2oF7wGtG6hkGcu KJFIaAtCUTin8SM+ymwrscIObOxEDQaUA5ficzV/EJiwK9hs6DEpMG5QSDBg5hvdwtxt lsOwh05wUG56husmLOH5Jwygk1fBcnrM8r08iBc4MvjoTswR9u+3Q/E7kADToRzUcbCF jbcrCR5TgBFdWjYrxP18tic69Ck+5+jggbCGc3gqrtFUuVJfQzfsIjG0qwnJT0AL//Om Q5ytQHbplugQ7gkUXICfJ0Cq3FLeXnB0/tDw6Qa2CZFYrHHNnovJjCZt/1zOy7LS9Yeh 6keQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=a2DXLhWG+1I/sxJa6YFBWn4bUqJF9bmSM3jLRi/c7dc=; b=lyn5i9FuKZJOJlMgWMVoZ9VcNGpstC6m8UqP5JxBzXZyOipVjj7NZYLGp0yNUkl9Wr 19NTpP9+W7mnEWp6FJeDPYagIzf8rh4VmZgXHVk9dLF7SJFAoLCW4mmwGdAD5itUlxT1 aPldCa5DS70qeuOFQFyiFv7DTbBaIpAKRU3T0rRmRon6DvvD73wGJrfFKNJ50PqYx2QA XGgOpEBEYN6w+bkm7po5NT1PMFb9epL4fQ5E73SYEnEnFzRdhW1fv6zFQaY4t2cvO+bD OszskQ3ruEavSJom7w01olyCZVvzRC1l1aZERmvj++QQhnKZaLjLtpQwqltVygbo2BWI 8q5Q== X-Gm-Message-State: APjAAAV4gTLAXB9r9zyKMdg+Jm2BTJuK283TcYF0PVc44AB4tfec1Qd/ /v5dn38uijJZ5GbuTvX1luazUVSANIl84FBSyogu+Q== X-Google-Smtp-Source: APXvYqxu+jMjNle+ACBvO1nRDbDvShivY/r2tlBkdLEsMASv7gZt8FOunyItaOXZPAMs744KqWkrYdN0Lr/vbe9IxY8= X-Received: by 2002:a92:ca82:: with SMTP id t2mr6256940ilo.242.1576748125586; Thu, 19 Dec 2019 01:35:25 -0800 (PST) MIME-Version: 1.0 References: <20191127001313.183170-1-zenczykowski@gmail.com> <20191213114934.GB5449@hmswarspite.think-freely.org> In-Reply-To: <20191213114934.GB5449@hmswarspite.think-freely.org> From: Lorenzo Colitti Date: Thu, 19 Dec 2019 18:35:13 +0900 Message-ID: Subject: Re: [PATCH] net: introduce ip_local_unbindable_ports sysctl To: Neil Horman Cc: =?UTF-8?Q?Maciej_=C5=BBenczykowski?= , =?UTF-8?Q?Maciej_=C5=BBenczykowski?= , "David S . Miller" , Linux NetDev , Sean Tranchetti , Subash Abhinov Kasiviswanathan , Eric Dumazet , Linux SCTP Content-Type: text/plain; charset="UTF-8" Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Fri, 13 Dec 2019, 20:49 Neil Horman, wrote: > Just out of curiosity, why are the portreserve and portrelease utilities not a > solution to this use case? As I understand it, those utilities keep the ports reserved by binding to them so that no other process can. This doesn't work for Android because there are conformance tests that probe the device from the network and check that there are no open ports. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Lorenzo Colitti Date: Thu, 19 Dec 2019 09:35:13 +0000 Subject: Re: [PATCH] net: introduce ip_local_unbindable_ports sysctl Message-Id: List-Id: References: <20191127001313.183170-1-zenczykowski@gmail.com> <20191213114934.GB5449@hmswarspite.think-freely.org> In-Reply-To: <20191213114934.GB5449@hmswarspite.think-freely.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Neil Horman Cc: =?UTF-8?Q?Maciej_=C5=BBenczykowski?= , =?UTF-8?Q?Maciej_=C5=BBenczykowski?= , "David S . Miller" , Linux NetDev , Sean Tranchetti , Subash Abhinov Kasiviswanathan , Eric Dumazet , Linux SCTP On Fri, 13 Dec 2019, 20:49 Neil Horman, wrote: > Just out of curiosity, why are the portreserve and portrelease utilities not a > solution to this use case? As I understand it, those utilities keep the ports reserved by binding to them so that no other process can. This doesn't work for Android because there are conformance tests that probe the device from the network and check that there are no open ports.