Ports < 1024 are a scarce resource and should not be used
carelessly. Technically they should be not used at all without
registration with IANA, but sometimes we need them despite that.
So: for the socket that RPC services listen on, don't use a <1024 port
by default. There is no need.
For sockets that we send messages on, that are long-lived, and that might
need to appear 'privileged', avoid using a number that is registered in
/etc/services if possible.
- if (bindresvport (sock, &addr))
- {
addr.sin_port = 0;
if (bind (sock, (struct sockaddr *) &addr, len) < 0)
{
addr.sin_port = 0;
if (bind (sock, (struct sockaddr *) &addr, len) < 0)
{
(void) __close (sock);
sock = -1;
}
(void) __close (sock);
sock = -1;
}
statd_get_socket(void)
{
struct sockaddr_in sin;
statd_get_socket(void)
{
struct sockaddr_in sin;
+ struct servent *se;
+ int loopcnt = 100;
if (sockfd >= 0)
return sockfd;
if (sockfd >= 0)
return sockfd;
- if ((sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
- note(N_CRIT, "Can't create socket: %m");
- return -1;
- }
+ while (loopcnt-- > 0) {
- FD_SET(sockfd, &SVC_FDSET);
+ if (sockfd >= 0) close(sockfd);
- memset(&sin, 0, sizeof(sin));
- sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = INADDR_ANY;
+ if ((sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+ note(N_CRIT, "Can't create socket: %m");
+ return -1;
+ }
- if (bindresvport(sockfd, &sin) < 0) {
- dprintf(N_WARNING,
- "process_hosts: can't bind to reserved port\n");
+
+ memset(&sin, 0, sizeof(sin));
+ sin.sin_family = AF_INET;
+ sin.sin_addr.s_addr = INADDR_ANY;
+
+ if (bindresvport(sockfd, &sin) < 0) {
+ dprintf(N_WARNING,
+ "process_hosts: can't bind to reserved port\n");
+ break;
+ }
+ se = getservbyport(sin.sin_port, "udp");
+ if (se == NULL)
+ break;
+ /* rather not use that port, try again */
+ FD_SET(sockfd, &SVC_FDSET);
nsm_address local_addr;
time_t failtime = 0;
int sock = -1;
nsm_address local_addr;
time_t failtime = 0;
int sock = -1;
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
perror("socket");
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
perror("socket");
(void) bindresvport(sock, (struct sockaddr_in *) &local_addr);
(void) bindresvport(sock, (struct sockaddr_in *) &local_addr);
+ /* try to avoid known ports */
+ se = getservbyport(local_addr.sin_port, "udp");
+ if (se && retry_cnt < 100) {
+ retry_cnt++;
+ close(sock);
+ goto retry;
+ }