Subject: Re: Reserved port range patches
To: Matthias Scheler <tron@zhadum.de>
From: Greg A. Woods <woods@weird.com>
List: tech-net
Date: 08/24/2000 17:14:19
[ On , August 24, 2000 at 18:56:58 (GMT), Matthias Scheler wrote: ]
> Subject: Re: Reserved port range patches
>
> In article <20000824185332.824CC99@proven.weird.com>,
> woods@weird.com (Greg A. Woods) writes:
> > It would: a) be nice if they were named the same as in FreeBSD; ...
>
> FreeBSD naming scheme is not consistent with the existing variables
> "net.inet.ip.anonportmin" and "net.inet.ip.anonportmax".
Yeah, I know. But FreeBSD's names are: a) prior art; and b) more
meaningful for their extended features.
However if FreeBSD's names are not chosen then I'd prefer a name that
relates to their semi-official IANA name: "Well Known Ports". Hmmm,
but there's no common name for a range of anonymous ports within that
group.... Your subsequent choice of "net.inet.ip.lowportmin" and
"net.inet.ip.lowportmax" is probably OK in that case (or maybe
anon_low_port_{min,max} with similar consistent renames in the existing
two related names).
> > b) be nice if they were accompanied by the other pair from FreeBSD;
>
> We already have variables to that the anonymous ports.
No, the *other* pair. There are three pairs of related variables in
FreeBSD. I described them in my response to the recent PR on this
subject, and mention them below too:
> > ... and c) be even nicer if they behaved the same way as they do in FreeBSD
> > (i.e. that the range can be specified in high-to-low order to do the
> > allocation from top down).....
>
> What advantage would this have? The purpose is to reserve ports for
> incoming connections to certain services.
Actually, I don't know, at least not for lowfirst and lowlast. I was
simply assuming there must have been a reason for the FreeBSD people to
implement it that way.
For the hifirst,hilast and first,last pairs it does make sense to allow
for top-down allocation. For example I would set their defaults to:
net.inet.ip.portrange.first: 65535
net.inet.ip.portrange.last: 49152
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.hilast: 65535
so that they grow togther....
I suppose top-down allocation lowfirst and lowlast could be useful for
the very same reason if IPNOPRIVPORTS is enabled -- in that case you'd
probably want to use the same official range of Dynamic Ports.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>