diff options
| author | Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> | 2015-08-19 16:33:59 -0600 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-04-13 12:32:19 +0200 |
| commit | b814a93adfaebe63094da43ca155a871ed5bfd5d (patch) | |
| tree | 80fbe306cb71739bbbe02b991d567f3a1bd48a6e /Documentation | |
| parent | dc47ce72d5c98c73145c362e7defd2445dd526c2 (diff) | |
net: Fail explicit bind to local reserved ports
Reserved ports may have some special use cases which are not suitable
for use by general userspace applications. Currently, ports specified
in ip_local_reserved_ports will not be returned only in case of
automatic port assignment.
Add a boolean sysctl flag 'reserved_port_bind'. Default value is 1
which preserves the existing behavior. Setting the value to 0 will
prevent userspace applications from binding to these ports even when
they are explicitly requested.
BUG=20663075
Change-Id: Ib1071ca5bd437cd3c4f71b56147e4858f3b9ebec
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: Mekala Natarajan <mekalan@codeaurora.org>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/networking/ip-sysctl.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt index 0b7bef45c..b1d0c4c2f 100644 --- a/Documentation/networking/ip-sysctl.txt +++ b/Documentation/networking/ip-sysctl.txt @@ -698,6 +698,11 @@ ip_local_reserved_ports - list of comma separated ranges Default: Empty +reserved_port_bind - BOOLEAN + If set, allows explicit bind requests to applications requesting + any port within the range of ip_local_reserved_ports. + Default: 1 + ip_nonlocal_bind - BOOLEAN If set, allows processes to bind() to non-local IP addresses, which can be quite useful - but may break some applications. |