A call to revise sockets behaviour

A call to revise sockets behaviour

[Artem S. Tashkinov]

Hello,

Currently the Linux kernel disallows to start listening on a TCP/UDP socket if
there are open connections against the port, regardless connections status. So even
if _all_ you have is some stale (i.e. no longer active connections pending destruction)
the kernel will not allow to reuse this socket.

Stephen Hemminger argues that this behaviour is expected even though it's 100%
counter productive, it defies common sense and I cannot think of any security implications
should this feature be allowed.

Besides, when discussing this bug on Wine's bugzilla I have shown that this behavior not
only affect Windows applications running under Wine, but also native POSIX applications.

If nothing else is listening to incoming connections how can _old_ _stale_ connections
prevent an application from listening on the port? Windows has no qualms about allowing
that, why the Linux kernel works differently?

I want to hear how the current apparently _broken_ behaviour, "The current socket API
behavior is unlikely to be changed because so many applications expect it", can be expected.

Also I'd like to know which applications depend on this "feature".

Imagine a situation,

You have an apache server serving connections on port 80. For some reasons a crash in
one of its modules causes the daemon crash but during the crash Apache had some open
connections on this port.

According to Stephen Hemminger I cannot relaunch Apache until the kernel waits arbitrary
time in order to clean stale connections for its networking pool.

I fail to see how this behaviour can be "expected".

More on it here:

https://bugzilla.kernel.org/show_bug.cgi?id=45571
http://bugs.winehq.org/show_bug.cgi?id=26031

Artem

Re: A call to revise sockets behaviour

[Stephen Hemminger]

On Mon, 29 Jul 2013 15:10:34 +0000 (UTC)
"Artem S. Tashkinov" <t.artem@lycos.com> wrote:

> Hello,
> 
> Currently the Linux kernel disallows to start listening on a TCP/UDP socket if
> there are open connections against the port, regardless connections status. So even
> if _all_ you have is some stale (i.e. no longer active connections pending destruction)
> the kernel will not allow to reuse this socket.
> 
> Stephen Hemminger argues that this behaviour is expected even though it's 100%
> counter productive, it defies common sense and I cannot think of any security implications
> should this feature be allowed.
> 
> Besides, when discussing this bug on Wine's bugzilla I have shown that this behavior not
> only affect Windows applications running under Wine, but also native POSIX applications.
> 
> If nothing else is listening to incoming connections how can _old_ _stale_ connections
> prevent an application from listening on the port? Windows has no qualms about allowing
> that, why the Linux kernel works differently?
> 
> I want to hear how the current apparently _broken_ behaviour, "The current socket API
> behavior is unlikely to be changed because so many applications expect it", can be expected.
> 
> Also I'd like to know which applications depend on this "feature".
> 
> Imagine a situation,
> 
> You have an apache server serving connections on port 80. For some reasons a crash in
> one of its modules causes the daemon crash but during the crash Apache had some open
> connections on this port.
> 
> According to Stephen Hemminger I cannot relaunch Apache until the kernel waits arbitrary
> time in order to clean stale connections for its networking pool.
> 
> I fail to see how this behaviour can be "expected".
> 
> More on it here:
> 
> https://bugzilla.kernel.org/show_bug.cgi?id=45571
> http://bugs.winehq.org/show_bug.cgi?id=26031

I understand your problem, people have been having to deal with it for 30 years.
The attitude in your response makes it seem like you just discovered fire,
read a book like Steven's network programming if you need more info.

If you don't use SO_REUSEADDR then yes application has to wait for time wait
period.

If you do enable SO_REUSEADDR then it is possible to bind to a port with existing
stale connections.

Re: A call to revise sockets behaviour

[Artem S. Tashkinov]

Jul 29, 2013 09:35:25 PM, Stephen wrote:
On Mon, 29 Jul 2013 15:10:34 +0000 (UTC)
>"Artem S. Tashkinov" wrote:
>
>> Hello,
>> 
>> Currently the Linux kernel disallows to start listening on a TCP/UDP socket if
>> there are open connections against the port, regardless connections status. So even
>> if _all_ you have is some stale (i.e. no longer active connections pending destruction)
>> the kernel will not allow to reuse this socket.
>> 
>> Stephen Hemminger argues that this behaviour is expected even though it's 100%
>> counter productive, it defies common sense and I cannot think of any security implications
>> should this feature be allowed.
>> 
>> Besides, when discussing this bug on Wine's bugzilla I have shown that this behavior not
>> only affect Windows applications running under Wine, but also native POSIX applications.
>> 
>> If nothing else is listening to incoming connections how can _old_ _stale_ connections
>> prevent an application from listening on the port? Windows has no qualms about allowing
>> that, why the Linux kernel works differently?
>> 
>> I want to hear how the current apparently _broken_ behaviour, "The current socket API
>> behavior is unlikely to be changed because so many applications expect it", can be expected.
>> 
>> Also I'd like to know which applications depend on this "feature".
>> 
>> Imagine a situation,
>> 
>> You have an apache server serving connections on port 80. For some reasons a crash in
>> one of its modules causes the daemon crash but during the crash Apache had some open
>> connections on this port.
>> 
>> According to Stephen Hemminger I cannot relaunch Apache until the kernel waits arbitrary
>> time in order to clean stale connections for its networking pool.
>> 
>> I fail to see how this behaviour can be "expected".
>> 
>> More on it here:
>> 
>> https://bugzilla.kernel.org/show_bug.cgi?id=45571
>> http://bugs.winehq.org/show_bug.cgi?id=26031
>
>I understand your problem, people have been having to deal with it for 30 years.
>The attitude in your response makes it seem like you just discovered fire,
>read a book like Steven's network programming if you need more info.
>
>If you don't use SO_REUSEADDR then yes application has to wait for time wait
>period.
>
>If you do enable SO_REUSEADDR then it is possible to bind to a port with existing
>stale connections.
>

A wine developer clearly showed that this option simply doesn't work. 

http://bugs.winehq.org/show_bug.cgi?id=26031#c21

Output of strace:
getsockopt(24, SOL_SOCKET, SO_REUSEADDR, [0], [4]) = 0
setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
bind(24, {sa_family=AF_INET, sin_port=htons(43012), sin_addr=inet_addr("0.     
0.0.0")}, 16) = -1 EADDRINUSE (Address already in use)

Artem

Re: A call to revise sockets behaviour

[Rick Jones]

> A wine developer clearly showed that this option simply doesn't work.
>
> http://bugs.winehq.org/show_bug.cgi?id=26031#c21
>
> Output of strace:
> getsockopt(24, SOL_SOCKET, SO_REUSEADDR, [0], [4]) = 0
> setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
> bind(24, {sa_family=AF_INET, sin_port=htons(43012), sin_addr=inet_addr("0.
> 0.0.0")}, 16) = -1 EADDRINUSE (Address already in use)

The output of netstat -an didn't by any chance happen to still show an 
endpoint in the LISTEN state for that port number did it?

rick jones

Re: A call to revise sockets behaviour

[Artem S. Tashkinov]

Jul 29, 2013 11:27:00 PM, rick wrote:

>> A wine developer clearly showed that this option simply doesn't work.
>>
>> http://bugs.winehq.org/show_bug.cgi?id=26031#c21
>>
>> Output of strace:
>> getsockopt(24, SOL_SOCKET, SO_REUSEADDR, [0], [4]) = 0
>> setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
>> bind(24, {sa_family=AF_INET, sin_port=htons(43012), sin_addr=inet_addr("0.
>> 0.0.0")}, 16) = -1 EADDRINUSE (Address already in use)
>
>The output of netstat -an didn't by any chance happen to still show an 
>endpoint in the LISTEN state for that port number did it?
>
>rick jones
>


By chance - no, nothing is/was listening. You can recreate this test in an order of few
minutes without ever trusting my word.

Re: A call to revise sockets behaviour

[Eric Dumazet]

On Mon, 2013-07-29 at 15:47 +0000, Artem S. Tashkinov wrote:

> A wine developer clearly showed that this option simply doesn't work. 
> 
> http://bugs.winehq.org/show_bug.cgi?id=26031#c21
> 
> Output of strace:
> getsockopt(24, SOL_SOCKET, SO_REUSEADDR, [0], [4]) = 0
> setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
> bind(24, {sa_family=AF_INET, sin_port=htons(43012), sin_addr=inet_addr("0.     
> 0.0.0")}, 16) = -1 EADDRINUSE (Address already in use)

Its clear that some other socket did not use SO_REUSADDR

All sockets using a given port _must_ have use SO_REUSADDR to allow this
port being reused.

Re: A call to revise sockets behaviour

[Artem S. Tashkinov]

Jul 29, 2013 11:43:00 PM, Eric wrote:
On Mon, 2013-07-29 at 15:47 +0000, Artem S. Tashkinov wrote:
>
>> A wine developer clearly showed that this option simply doesn't work. 
>> 
>> http://bugs.winehq.org/show_bug.cgi?id=26031#c21
>> 
>> Output of strace:
>> getsockopt(24, SOL_SOCKET, SO_REUSEADDR, [0], [4]) = 0
>> setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
>> bind(24, {sa_family=AF_INET, sin_port=htons(43012), sin_addr=inet_addr("0.     
>> 0.0.0")}, 16) = -1 EADDRINUSE (Address already in use)
>
>Its clear that some other socket did not use SO_REUSADDR
>
>All sockets using a given port _must_ have use SO_REUSADDR to allow this
>port being reused.
>

It's exactly what's been tried. A program running with SO_REUSADDR, once no longer
running consequently fails to regain the rights for the port.

Re: A call to revise sockets behaviour

[John Heffner]

On Mon, Jul 29, 2013 at 2:02 PM, Artem S. Tashkinov <t.artem@lycos.com> wrote:
> Jul 29, 2013 11:43:00 PM, Eric wrote:
> On Mon, 2013-07-29 at 15:47 +0000, Artem S. Tashkinov wrote:
>>
>>> A wine developer clearly showed that this option simply doesn't work.
>>>
>>> http://bugs.winehq.org/show_bug.cgi?id=26031#c21
>>>
>>> Output of strace:
>>> getsockopt(24, SOL_SOCKET, SO_REUSEADDR, [0], [4]) = 0
>>> setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
>>> bind(24, {sa_family=AF_INET, sin_port=htons(43012), sin_addr=inet_addr("0.
>>> 0.0.0")}, 16) = -1 EADDRINUSE (Address already in use)
>>
>>Its clear that some other socket did not use SO_REUSADDR
>>
>>All sockets using a given port _must_ have use SO_REUSADDR to allow this
>>port being reused.
>>
>
> It's exactly what's been tried. A program running with SO_REUSADDR, once no longer
> running consequently fails to regain the rights for the port.

To reiterate what Eric said, it seems likely that the listen socket on
which the currently-open sockets were created did not have
SO_REUSEADDR set.  If you follow the sequence:

a = socket()
bind(a, 0.0.0.0, P)
listen(a)
accept(a)
close(a)

b = socket()
setsockopt(b, SOL_SOCKET, SO_REUSEADDR, 1)
bind(b, 0.0.0.0, P)

this last bind() will fail.  If you insert setsocket(a, SOL_SOCKET,
SO_REUSEADDR, 1) before the first bind, (assuming all existing sockets
on port P have timed out and entered the CLOSED state), this program
will succeed.

Put another way, when creating a listen socket, the creator has
control over whether it's willing to allow any address reuse.  This is
strict -- if any existing connections exist, its bind will fail, and
if any of its future connections exist, binds at that time will fail
(regardless of whether that future socket has SO_REUSEADDR set).

  -John