> The problem occurs when a UDP or TCP socket has a local port number of
> zero. Normal un*x behavior is to assign a "random" port number
> between IPPORT_RESERVED (1024) and IPPORT_USERRESERVED (5000). Linux,
> however, assigns a port number between 1024 and 32767. This can be a
> problem, for instance, if X starts up and port 6000 is bound by
> something else. There are a number of servers out there that assume
> they can bind to a port number above 5000 without conflicting with the
> randomly assigned ports. That is, after all, the purpose of
> IPPOR_USERRESERVED. This can also screw with firewalls and packet
> filters which assume normal clients only use port numbers in the
> 1024-5000 range.
I am dealing with this in my Port ACL patch. The range used for random
(aren't they called anonymous as well?) port assignments will be tunable,
on a per-user basis if you like, and the range need not be contiguous, so
you could reserve 6000-6020 for X, another range for IRC, etc.
You can search the archives for the string "PACL" to see my original
announcement, or just send me mail. If anyone plans to do some work
on this, then PLEASE contact me. My scheme might not be the best one,
so if anyone else has a better idea, I'd like to integrate that into
PACL. Plus, the sysctl interface for pacl is sorta-close to done.
-- Todd Graham Lewis Manager of Web Engineering tlewis@MindSpring.net ---------------------------------------------------------------------------- "He who believes that a clock has a soul attributes the maker's glory to the work." -- Johannes Kepler