Page MenuHomeFreeBSD

inpcb: Remove bogus SO_REUSEPORT(_LB) checks in in_pcbbind()
ClosedPublic

Authored by markj on Nov 28 2024, 9:12 PM.
Tags
None
Referenced Files
F107475686: D47832.diff
Tue, Jan 14, 5:41 PM
Unknown Object (File)
Sun, Jan 5, 8:58 AM
Unknown Object (File)
Fri, Dec 27, 11:45 AM
Unknown Object (File)
Fri, Dec 27, 9:13 AM
Unknown Object (File)
Thu, Dec 26, 9:39 AM
Unknown Object (File)
Dec 12 2024, 2:38 PM
Unknown Object (File)
Dec 11 2024, 9:11 AM
Unknown Object (File)
Dec 4 2024, 8:33 AM

Details

Summary

This check for SO_REUSEPORT was added way back in commit 52b65dbe85faf.
Per the commit log, this commit restricted this port-stealing check to
unicast addresses, and then only if the existing socket does not have
SO_REUSEPORT set. In other words, if there exists a socket bound to
INADDR_ANY, and we bind a socket to INADDR_ANY with the same port, then
the two sockets need not be owned by the same user if the existing
socket has SO_REUSEPORT set.

This is a surprising semantic; bugzilla PR 7713 gives some additional
context. That PR makes a case for the behaviour described above when
binding to a multicast address. But, the SO_REUSEPORT check is only
applied when binding to a non-multicast address, so it doesn't really
make sense. In the PR the committer notes that "unicast applications
don't set SO_REUSEPORT", which makes some sense, but also refers to
"multicast applications that bind to INADDR_ANY", which sounds a bit
suspicious.

OpenBSD performs the multicast check, but not the SO_REUSEPORT check.
DragonflyBSD removed the SO_REUSEPORT (and INADDR_ANY) checks back in
2014 (commit 0323d5fde12a4). NetBSD explicitly copied our logic and
still has it.

The plot thickens: 20 years later, SO_REUSEPORT_LB was ported from
DragonflyBSD: this option provides similar semantics to SO_REUSEPORT,
but for unicast addresses it causes incoming connections/datagrams to be
distributed among all sockets in the group. This commit (1a43cff92a20d)
inverted the check for SO_REUSEPORT while adding one for
SO_REUSEPORT_LB; this appears to have been inadvertent. However:

  • apparently no one has noticed that the semantics were changed;
  • sockets belonging to different users can now be bound to the same port so long as they belong to a single lbgroup bound to INADDR_ANY, which is absolutely not right.

Simply remove the SO_REUSEPORT(_LB) checks, as their original
justification was dubious and their current implementation is wrong; add
some tests.

I am still not sure why exactly we skip the check if both sockets are
bound to INADDR_ANY, and I think it doesn't make sense either. See the
XXX comment in the regression test.

Sponsored by: Klara, Inc.
Sponsored by: Stormshield

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj requested review of this revision.Nov 28 2024, 9:12 PM
This revision is now accepted and ready to land.Dec 3 2024, 8:19 PM