* A call to revise sockets behaviour @ 2013-07-29 15:10 Artem S. Tashkinov 2013-07-29 15:35 ` Stephen Hemminger 0 siblings, 1 reply; 8+ messages in thread From: Artem S. Tashkinov @ 2013-07-29 15:10 UTC (permalink / raw) To: linux-kernel; +Cc: netdev Hello, Currently the Linux kernel disallows to start listening on a TCP/UDP socket if there are open connections against the port, regardless connections status. So even if _all_ you have is some stale (i.e. no longer active connections pending destruction) the kernel will not allow to reuse this socket. Stephen Hemminger argues that this behaviour is expected even though it's 100% counter productive, it defies common sense and I cannot think of any security implications should this feature be allowed. Besides, when discussing this bug on Wine's bugzilla I have shown that this behavior not only affect Windows applications running under Wine, but also native POSIX applications. If nothing else is listening to incoming connections how can _old_ _stale_ connections prevent an application from listening on the port? Windows has no qualms about allowing that, why the Linux kernel works differently? I want to hear how the current apparently _broken_ behaviour, "The current socket API behavior is unlikely to be changed because so many applications expect it", can be expected. Also I'd like to know which applications depend on this "feature". Imagine a situation, You have an apache server serving connections on port 80. For some reasons a crash in one of its modules causes the daemon crash but during the crash Apache had some open connections on this port. According to Stephen Hemminger I cannot relaunch Apache until the kernel waits arbitrary time in order to clean stale connections for its networking pool. I fail to see how this behaviour can be "expected". More on it here: https://bugzilla.kernel.org/show_bug.cgi?id=45571 http://bugs.winehq.org/show_bug.cgi?id=26031 Artem ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: A call to revise sockets behaviour 2013-07-29 15:10 A call to revise sockets behaviour Artem S. Tashkinov @ 2013-07-29 15:35 ` Stephen Hemminger 2013-07-29 15:47 ` Artem S. Tashkinov 0 siblings, 1 reply; 8+ messages in thread From: Stephen Hemminger @ 2013-07-29 15:35 UTC (permalink / raw) To: Artem S. Tashkinov; +Cc: linux-kernel, netdev On Mon, 29 Jul 2013 15:10:34 +0000 (UTC) "Artem S. Tashkinov" <t.artem@lycos.com> wrote: > Hello, > > Currently the Linux kernel disallows to start listening on a TCP/UDP socket if > there are open connections against the port, regardless connections status. So even > if _all_ you have is some stale (i.e. no longer active connections pending destruction) > the kernel will not allow to reuse this socket. > > Stephen Hemminger argues that this behaviour is expected even though it's 100% > counter productive, it defies common sense and I cannot think of any security implications > should this feature be allowed. > > Besides, when discussing this bug on Wine's bugzilla I have shown that this behavior not > only affect Windows applications running under Wine, but also native POSIX applications. > > If nothing else is listening to incoming connections how can _old_ _stale_ connections > prevent an application from listening on the port? Windows has no qualms about allowing > that, why the Linux kernel works differently? > > I want to hear how the current apparently _broken_ behaviour, "The current socket API > behavior is unlikely to be changed because so many applications expect it", can be expected. > > Also I'd like to know which applications depend on this "feature". > > Imagine a situation, > > You have an apache server serving connections on port 80. For some reasons a crash in > one of its modules causes the daemon crash but during the crash Apache had some open > connections on this port. > > According to Stephen Hemminger I cannot relaunch Apache until the kernel waits arbitrary > time in order to clean stale connections for its networking pool. > > I fail to see how this behaviour can be "expected". > > More on it here: > > https://bugzilla.kernel.org/show_bug.cgi?id=45571 > http://bugs.winehq.org/show_bug.cgi?id=26031 I understand your problem, people have been having to deal with it for 30 years. The attitude in your response makes it seem like you just discovered fire, read a book like Steven's network programming if you need more info. If you don't use SO_REUSEADDR then yes application has to wait for time wait period. If you do enable SO_REUSEADDR then it is possible to bind to a port with existing stale connections. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: A call to revise sockets behaviour 2013-07-29 15:35 ` Stephen Hemminger @ 2013-07-29 15:47 ` Artem S. Tashkinov 2013-07-29 17:26 ` Rick Jones 2013-07-29 17:42 ` Eric Dumazet 0 siblings, 2 replies; 8+ messages in thread From: Artem S. Tashkinov @ 2013-07-29 15:47 UTC (permalink / raw) To: stephen; +Cc: linux-kernel, netdev Jul 29, 2013 09:35:25 PM, Stephen wrote: On Mon, 29 Jul 2013 15:10:34 +0000 (UTC) >"Artem S. Tashkinov" wrote: > >> Hello, >> >> Currently the Linux kernel disallows to start listening on a TCP/UDP socket if >> there are open connections against the port, regardless connections status. So even >> if _all_ you have is some stale (i.e. no longer active connections pending destruction) >> the kernel will not allow to reuse this socket. >> >> Stephen Hemminger argues that this behaviour is expected even though it's 100% >> counter productive, it defies common sense and I cannot think of any security implications >> should this feature be allowed. >> >> Besides, when discussing this bug on Wine's bugzilla I have shown that this behavior not >> only affect Windows applications running under Wine, but also native POSIX applications. >> >> If nothing else is listening to incoming connections how can _old_ _stale_ connections >> prevent an application from listening on the port? Windows has no qualms about allowing >> that, why the Linux kernel works differently? >> >> I want to hear how the current apparently _broken_ behaviour, "The current socket API >> behavior is unlikely to be changed because so many applications expect it", can be expected. >> >> Also I'd like to know which applications depend on this "feature". >> >> Imagine a situation, >> >> You have an apache server serving connections on port 80. For some reasons a crash in >> one of its modules causes the daemon crash but during the crash Apache had some open >> connections on this port. >> >> According to Stephen Hemminger I cannot relaunch Apache until the kernel waits arbitrary >> time in order to clean stale connections for its networking pool. >> >> I fail to see how this behaviour can be "expected". >> >> More on it here: >> >> https://bugzilla.kernel.org/show_bug.cgi?id=45571 >> http://bugs.winehq.org/show_bug.cgi?id=26031 > >I understand your problem, people have been having to deal with it for 30 years. >The attitude in your response makes it seem like you just discovered fire, >read a book like Steven's network programming if you need more info. > >If you don't use SO_REUSEADDR then yes application has to wait for time wait >period. > >If you do enable SO_REUSEADDR then it is possible to bind to a port with existing >stale connections. > A wine developer clearly showed that this option simply doesn't work. http://bugs.winehq.org/show_bug.cgi?id=26031#c21 Output of strace: getsockopt(24, SOL_SOCKET, SO_REUSEADDR, [0], [4]) = 0 setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 bind(24, {sa_family=AF_INET, sin_port=htons(43012), sin_addr=inet_addr("0. 0.0.0")}, 16) = -1 EADDRINUSE (Address already in use) Artem ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: A call to revise sockets behaviour 2013-07-29 15:47 ` Artem S. Tashkinov @ 2013-07-29 17:26 ` Rick Jones 2013-07-29 17:31 ` Artem S. Tashkinov 2013-07-29 17:42 ` Eric Dumazet 1 sibling, 1 reply; 8+ messages in thread From: Rick Jones @ 2013-07-29 17:26 UTC (permalink / raw) To: Artem S. Tashkinov; +Cc: stephen, linux-kernel, netdev > A wine developer clearly showed that this option simply doesn't work. > > http://bugs.winehq.org/show_bug.cgi?id=26031#c21 > > Output of strace: > getsockopt(24, SOL_SOCKET, SO_REUSEADDR, [0], [4]) = 0 > setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 > bind(24, {sa_family=AF_INET, sin_port=htons(43012), sin_addr=inet_addr("0. > 0.0.0")}, 16) = -1 EADDRINUSE (Address already in use) The output of netstat -an didn't by any chance happen to still show an endpoint in the LISTEN state for that port number did it? rick jones ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: A call to revise sockets behaviour 2013-07-29 17:26 ` Rick Jones @ 2013-07-29 17:31 ` Artem S. Tashkinov 0 siblings, 0 replies; 8+ messages in thread From: Artem S. Tashkinov @ 2013-07-29 17:31 UTC (permalink / raw) To: rick.jones2; +Cc: stephen, linux-kernel, netdev Jul 29, 2013 11:27:00 PM, rick wrote: >> A wine developer clearly showed that this option simply doesn't work. >> >> http://bugs.winehq.org/show_bug.cgi?id=26031#c21 >> >> Output of strace: >> getsockopt(24, SOL_SOCKET, SO_REUSEADDR, [0], [4]) = 0 >> setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 >> bind(24, {sa_family=AF_INET, sin_port=htons(43012), sin_addr=inet_addr("0. >> 0.0.0")}, 16) = -1 EADDRINUSE (Address already in use) > >The output of netstat -an didn't by any chance happen to still show an >endpoint in the LISTEN state for that port number did it? > >rick jones > By chance - no, nothing is/was listening. You can recreate this test in an order of few minutes without ever trusting my word. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: A call to revise sockets behaviour 2013-07-29 15:47 ` Artem S. Tashkinov 2013-07-29 17:26 ` Rick Jones @ 2013-07-29 17:42 ` Eric Dumazet 2013-07-29 18:02 ` Artem S. Tashkinov 1 sibling, 1 reply; 8+ messages in thread From: Eric Dumazet @ 2013-07-29 17:42 UTC (permalink / raw) To: Artem S. Tashkinov; +Cc: stephen, linux-kernel, netdev On Mon, 2013-07-29 at 15:47 +0000, Artem S. Tashkinov wrote: > A wine developer clearly showed that this option simply doesn't work. > > http://bugs.winehq.org/show_bug.cgi?id=26031#c21 > > Output of strace: > getsockopt(24, SOL_SOCKET, SO_REUSEADDR, [0], [4]) = 0 > setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 > bind(24, {sa_family=AF_INET, sin_port=htons(43012), sin_addr=inet_addr("0. > 0.0.0")}, 16) = -1 EADDRINUSE (Address already in use) Its clear that some other socket did not use SO_REUSADDR All sockets using a given port _must_ have use SO_REUSADDR to allow this port being reused. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: A call to revise sockets behaviour 2013-07-29 17:42 ` Eric Dumazet @ 2013-07-29 18:02 ` Artem S. Tashkinov 2013-07-29 19:00 ` John Heffner 0 siblings, 1 reply; 8+ messages in thread From: Artem S. Tashkinov @ 2013-07-29 18:02 UTC (permalink / raw) To: eric.dumazet; +Cc: stephen, linux-kernel, netdev Jul 29, 2013 11:43:00 PM, Eric wrote: On Mon, 2013-07-29 at 15:47 +0000, Artem S. Tashkinov wrote: > >> A wine developer clearly showed that this option simply doesn't work. >> >> http://bugs.winehq.org/show_bug.cgi?id=26031#c21 >> >> Output of strace: >> getsockopt(24, SOL_SOCKET, SO_REUSEADDR, [0], [4]) = 0 >> setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 >> bind(24, {sa_family=AF_INET, sin_port=htons(43012), sin_addr=inet_addr("0. >> 0.0.0")}, 16) = -1 EADDRINUSE (Address already in use) > >Its clear that some other socket did not use SO_REUSADDR > >All sockets using a given port _must_ have use SO_REUSADDR to allow this >port being reused. > It's exactly what's been tried. A program running with SO_REUSADDR, once no longer running consequently fails to regain the rights for the port. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: A call to revise sockets behaviour 2013-07-29 18:02 ` Artem S. Tashkinov @ 2013-07-29 19:00 ` John Heffner 0 siblings, 0 replies; 8+ messages in thread From: John Heffner @ 2013-07-29 19:00 UTC (permalink / raw) To: Artem S. Tashkinov; +Cc: Eric Dumazet, stephen, LKML, Netdev On Mon, Jul 29, 2013 at 2:02 PM, Artem S. Tashkinov <t.artem@lycos.com> wrote: > Jul 29, 2013 11:43:00 PM, Eric wrote: > On Mon, 2013-07-29 at 15:47 +0000, Artem S. Tashkinov wrote: >> >>> A wine developer clearly showed that this option simply doesn't work. >>> >>> http://bugs.winehq.org/show_bug.cgi?id=26031#c21 >>> >>> Output of strace: >>> getsockopt(24, SOL_SOCKET, SO_REUSEADDR, [0], [4]) = 0 >>> setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 >>> bind(24, {sa_family=AF_INET, sin_port=htons(43012), sin_addr=inet_addr("0. >>> 0.0.0")}, 16) = -1 EADDRINUSE (Address already in use) >> >>Its clear that some other socket did not use SO_REUSADDR >> >>All sockets using a given port _must_ have use SO_REUSADDR to allow this >>port being reused. >> > > It's exactly what's been tried. A program running with SO_REUSADDR, once no longer > running consequently fails to regain the rights for the port. To reiterate what Eric said, it seems likely that the listen socket on which the currently-open sockets were created did not have SO_REUSEADDR set. If you follow the sequence: a = socket() bind(a, 0.0.0.0, P) listen(a) accept(a) close(a) b = socket() setsockopt(b, SOL_SOCKET, SO_REUSEADDR, 1) bind(b, 0.0.0.0, P) this last bind() will fail. If you insert setsocket(a, SOL_SOCKET, SO_REUSEADDR, 1) before the first bind, (assuming all existing sockets on port P have timed out and entered the CLOSED state), this program will succeed. Put another way, when creating a listen socket, the creator has control over whether it's willing to allow any address reuse. This is strict -- if any existing connections exist, its bind will fail, and if any of its future connections exist, binds at that time will fail (regardless of whether that future socket has SO_REUSEADDR set). -John ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2013-07-29 19:00 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2013-07-29 15:10 A call to revise sockets behaviour Artem S. Tashkinov 2013-07-29 15:35 ` Stephen Hemminger 2013-07-29 15:47 ` Artem S. Tashkinov 2013-07-29 17:26 ` Rick Jones 2013-07-29 17:31 ` Artem S. Tashkinov 2013-07-29 17:42 ` Eric Dumazet 2013-07-29 18:02 ` Artem S. Tashkinov 2013-07-29 19:00 ` John Heffner
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).