use ephemeral ports #643

Closed
Habbie opened this Issue Apr 26, 2013 · 3 comments

Projects

None yet

1 participant

@Habbie
Member
Habbie commented Apr 26, 2013

makeQuerySocket in pdns/resolver.cc has a line:
ourLocal.sin4.sin_port = htons(10000+(dns_random(10000)));
This uses ports defined as user ports.

From IANA[1]:
"Port numbers are assigned in various ways, based on three ranges: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535);

While writing an selinux policy for pdns I run into the issue that selinux only allows binding to the ephemeral port range[2], in the current case of linux that is port 32768-61000[3].
It would be great if powerdns can be changed, so it uses ports from this higher range.

[1] http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
[2] http://en.wikipedia.org/wiki/Ephemeral_port

[3] /proc/sys/net/ipv4/ip_local_port_range

Sander Hoentjen

@Habbie Habbie was assigned Apr 26, 2013
@Habbie Habbie closed this Apr 26, 2013
@Habbie Habbie added a commit that referenced this issue Apr 26, 2013
@Habbie Habbie use the right binding code for TCP vs UDP, thanks Sander Hoentjen. Cl…
…oses #644 and possibly #643

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@3014 d19b8d6e-7fed-0310-83ef-9ca221ded41b
eabdf7e
@Habbie
Member
Habbie commented Apr 26, 2013

Author: anon
If #644 outcome means that tcp port will be automatically chosen:

ourLocal.sin4.sin_port = 0

then this bug does probably not need fixing wrt selinux

@Habbie
Member
Habbie commented Apr 26, 2013

Author: peter
#644 was fixed in r3014, please let me know whether this fixes #643 for you too!

@Habbie
Member
Habbie commented Apr 26, 2013

Author: anon
Hi Peter,

yes, r3014 seems to fix this issue as well, thanks!

Sander

@mind04 mind04 pushed a commit to mind04/pdns that referenced this issue Apr 26, 2013
peter use the right binding code for TCP vs UDP, thanks Sander Hoentjen. Cl…
…oses #644 and possibly #643

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@3014 d19b8d6e-7fed-0310-83ef-9ca221ded41b
91d151d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment