Return-Path: Received: from mx2.suse.de ([195.135.220.15]:56111 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964998AbeALTMW (ORCPT ); Fri, 12 Jan 2018 14:12:22 -0500 Date: Fri, 12 Jan 2018 20:12:47 +0100 From: Thorsten Kukuk To: Guillem Jover , Steve Dickson , libtirpc-devel@lists.sourceforge.net, linux-nfs@vger.kernel.org Subject: Re: [Libtirpc-devel] [PATCH] Do not bind to reserved ports registered in /etc/services Message-ID: <20180112191247.GA9828@suse.de> References: <20180110004920.11100-1-gjover@sipwise.com> <20180112184151.GA10261@thunder.hadrons.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <20180112184151.GA10261@thunder.hadrons.org> Sender: linux-nfs-owner@vger.kernel.org List-ID: On Fri, Jan 12, Guillem Jover wrote: > On Thu, 2018-01-11 at 10:18:46 -0500, Steve Dickson wrote: > > Overall I think this makes sense, but this eliminates 240 privilege > > ports and worried we would run out of port (due to them in TIME_WAIT) > > during a v3 mount storms. A port goes into TIME_WAIT after a v3 mount > > is done... But on the other hand v3 is no longer the default and > > there are 784 available ports.... Hopefully that is enough. > > Hmm, those numbers do not match my own. bindresvport() uses the port > range between 512 and 1023 inclusive. On my Debian stable (stretch) > and unstable systems these are the number of registered ports in > /etc/services: > > ,--- > # UDP > $ awk '/^[^#]/ { print $2 }' /etc/services | \ > sed -n -e 's,/udp,,p' | \ > while read port; do if [ $port -ge 512 -a $port -lt 1024 ]; \ > then echo $port; fi; done | sort -u | wc -l > 31 > # TCP > $ awk '/^[^#]/ { print $2 }' /etc/services | \ > sed -n -e 's,/tcp,,p' | \ > while read port; do if [ $port -ge 512 -a $port -lt 1024 ]; \ > then echo $port; fi; done | sort -u | wc -l > 48 > `--- This numbers are only low, since Debian is using a hand selected /etc/services file with most entries missing. But your change would not be limited to libtirpc on Debian. I have 276 for TCP and 276 for UDP, that's much, much more. So already about 50% of the available range. Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & CaaSP SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg)