Overview
Request 892306 accepted
- Use --disable-explicit-port-randomisation, the linux kernel
has source port randomization by default if port is 0 since ages.
- Use --disable-explicit-port-randomisation, the linux kernel
has source port randomization by default if port is 0 since ages.
- Created by elvigia
- In state accepted
- Package maintainer: jcronenberg
Loading...
Request History
elvigia created request
- Use --disable-explicit-port-randomisation, the linux kernel
has source port randomization by default if port is 0 since ages.
- Use --disable-explicit-port-randomisation, the linux kernel
has source port randomization by default if port is 0 since ages.
stroeder accepted request
Could you please elaborate on which particular issue you want to solve?
For UDP source port randomization to be implemented outside the kernel....the program must busyloop syscall bind() until it finds an application selected random source port free to use.. it is not nice to compete with the rest of the system for one of the 32k unused ports.. when the kernel has full knowledge which ports are available and will hand a random one here: https://elixir.bootlin.com/linux/v5.13-rc1/source/net/ipv4/udp.c#L238 using a field tested algortirhm since kernel 2.6.22..
even openbsd is shipped with unbound built this way, probably the other BSDs too, because it only makes sense for a portable codebase where the OS might not do this itself.
openbsd comments http://openbsd-archive.7691.n7.nabble.com/unbound-8-disable-explicit-port-randomisation-td397580.html
Upstream PR: https://github.com/NLnetLabs/unbound/pull/134 Linux is another of this operating systems on which you are better off relying on the kernel, in pretty much any circumstance the kernel knows better, if for some reason it does not, it is promtpy fixed to behave and no further software components need update.
@deadpoint, @stroeder: review reminder