Debian Bug report logs - #638322
nfs-common: rpc.statd binds to udp port 631 preventing cups startup

Package: libtirpc1; Maintainer for libtirpc1 is Debian QA Group <packages@qa.debian.org>; Source for libtirpc1 is src:libtirpc.

Reported by: Jan Möbius <jan_moebius@web.de>

Date: Thu, 18 Aug 2011 16:12:25 UTC

Severity: normal

Tags: patch

Fix blocked by 638810: nfs-common: rpc.statd binds to udp port 631 preventing cups startup

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#638322; Package nfs-common. (Thu, 18 Aug 2011 16:12:27 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jan Möbius <jan_moebius@web.de>:
New Bug report received and forwarded. Copy sent to Debian kernel team <debian-kernel@lists.debian.org>. (Thu, 18 Aug 2011 16:12:28 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Jan Möbius <jan_moebius@web.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Thu, 18 Aug 2011 17:39:16 +0200
Package: nfs-common
Version: 1:1.2.4-1
Severity: normal

Hi,

sometimes rpc.statd binds to port 631 udp which is used by cups. Therefore cups is unable to bind to its port and no printers get discovered.

Rebooting the system helps as rpc.statd uses another port afterwards.

Regards,
Jan




-- Package-specific info:
-- rpcinfo --
   program vers proto   port
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100021    1   udp  54936  nlockmgr
    100021    3   udp  54936  nlockmgr
    100021    4   udp  54936  nlockmgr
    100021    1   tcp  47610  nlockmgr
    100021    3   tcp  47610  nlockmgr
    100021    4   tcp  47610  nlockmgr
    391002    2   tcp    819  sgi_fam
    100001    1   udp  51365  rstatd
    100001    2   udp  51365  rstatd
    100001    3   udp  51365  rstatd
    100001    4   udp  51365  rstatd
    100001    5   udp  51365  rstatd
    100002    2   udp  40406  rusersd
    100002    3   udp  40406  rusersd
    100024    1   udp  48845  status
    100024    1   tcp  37092  status
-- /etc/default/nfs-common --
NEED_STATD=
STATDOPTS=
NEED_IDMAPD=yes
NEED_GSSD=
-- /etc/idmapd.conf --
[General]
Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
-- /etc/fstab --
konrad:/install  /mnt/install      nfs4     noauto,nouser 0 0
konrad:/home3 /data1/home3 nfs4 auto,fsc,relatime,nodiratime 0 0
konrad:/home2 /data1/home2 nfs4 auto,fsc,relatime,nodiratime 0 0
konrad:/sysinfo /mnt/sysinfo nfs4 noauto,nouser 0 0
fontaine:/ACG /ACG nfs4 rsize=32768,wsize=32768,auto 0 0
konrad:/home1 /data1/home1 nfs4 auto,fsc,relatime,nodiratime 0 0
fontaine:/home3 /data/home3 nfs4 auto,fsc,relatime,nodiratime 0 0
fontaine:/home2 /data/home2 nfs4 auto,fsc,relatime,nodiratime 0 0
fontaine:/models /data/models nfs4 auto,fsc,relatime,nodiratime 0 0
fontaine:/repository /data/repository nfs4 auto,fsc,relatime,nodiratime 0 0
fontaine:/subversion-repository /data/subversion-repository nfs4 auto,fsc,relatime,nodiratime 0 0
fontaine:/git-repository /data/git-repository nfs4 auto,fsc,relatime,nodiratime 0 0
fontaine:/data/home1 /data/home1 nfs auto,fsc,relatime,nodiratime 0 0
fontaine:/data/home0 /data/home0 nfs auto,fsc,relatime,nodiratime 0 0
konrad:/home0 /data1/home0 nfs4 auto,fsc,relatime,nodiratime 0 0
-- /proc/mounts --
fontaine:/ACG /ACG nfs4 rw,relatime,vers=4,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=137.226.115.15,minorversion=0,local_lock=none,addr=137.226.115.62 0 0
konrad:/home1 /data1/home1 nfs4 rw,nodiratime,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=137.226.115.15,minorversion=0,fsc,local_lock=none,addr=137.226.115.49 0 0
fontaine:/home3 /data/home3 nfs4 rw,nodiratime,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=137.226.115.15,minorversion=0,fsc,local_lock=none,addr=137.226.115.62 0 0
fontaine:/home2 /data/home2 nfs4 rw,nodiratime,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=137.226.115.15,minorversion=0,fsc,local_lock=none,addr=137.226.115.62 0 0
fontaine:/models /data/models nfs4 rw,nodiratime,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=137.226.115.15,minorversion=0,fsc,local_lock=none,addr=137.226.115.62 0 0
fontaine:/repository /data/repository nfs4 rw,nodiratime,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=137.226.115.15,minorversion=0,fsc,local_lock=none,addr=137.226.115.62 0 0
fontaine:/subversion-repository /data/subversion-repository nfs4 rw,nodiratime,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=137.226.115.15,minorversion=0,fsc,local_lock=none,addr=137.226.115.62 0 0
fontaine:/git-repository /data/git-repository nfs4 rw,nodiratime,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=137.226.115.15,minorversion=0,fsc,local_lock=none,addr=137.226.115.62 0 0
fontaine:/data/home1/ /data/home1 nfs rw,nodiratime,relatime,vers=3,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=137.226.115.62,mountvers=3,mountport=44662,mountproto=udp,fsc,local_lock=none,addr=137.226.115.62 0 0
fontaine:/data/home0/ /data/home0 nfs rw,nodiratime,relatime,vers=3,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=137.226.115.62,mountvers=3,mountport=44662,mountproto=udp,fsc,local_lock=none,addr=137.226.115.62 0 0
konrad:/home2 /data1/home2 nfs4 rw,nodiratime,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=137.226.115.15,minorversion=0,fsc,local_lock=none,addr=137.226.115.49 0 0
konrad:/home3 /data1/home3 nfs4 rw,nodiratime,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=137.226.115.15,minorversion=0,fsc,local_lock=none,addr=137.226.115.49 0 0
rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs rw,relatime 0 0

-- System Information:
Debian Release: wheezy/sid
  APT prefers oldstable
  APT policy: (500, 'oldstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.39-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nfs-common depends on:
ii  adduser            3.113                 add and remove users and groups
ii  initscripts        2.88dsf-13.11         scripts for initializing and shutt
ii  libc6              2.13-10               Embedded GNU C Library: Shared lib
ii  libcap2            1:2.22-1              support for getting/setting POSIX.
ii  libcomerr2         1.42~WIP-2011-07-02-1 common error description library
ii  libevent-1.4-2     1.4.13-stable-1       An asynchronous event notification
ii  libgssapi-krb5-2   1.9.1+dfsg-1+b1       MIT Kerberos runtime libraries - k
ii  libgssglue1        0.3-2                 mechanism-switch gssapi library
ii  libk5crypto3       1.9.1+dfsg-1+b1       MIT Kerberos runtime libraries - C
ii  libkeyutils1       1.4-6                 Linux Key Management Utilities (li
ii  libkrb5-3          1.9.1+dfsg-1+b1       MIT Kerberos runtime libraries
ii  libnfsidmap2       0.24-1                An nfs idmapping library
ii  libtirpc1          0.2.2-5               transport-independent RPC library
ii  libwrap0           7.6.q-21              Wietse Venema's TCP wrappers libra
ii  lsb-base           3.2-27                Linux Standard Base 3.2 init scrip
ii  rpcbind            0.2.0-6               converts RPC program numbers into 
ii  ucf                3.0025+nmu2           Update Configuration File: preserv

Versions of packages nfs-common recommends:
ii  python                        2.6.7-2    interactive high-level object-orie

nfs-common suggests no packages.

-- no debconf information




Bug reassigned from package 'nfs-common' to 'general'. Request was from Ben Hutchings <ben@decadent.org.uk> to control@bugs.debian.org. (Thu, 18 Aug 2011 16:39:33 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions nfs-utils/1:1.2.4-1. Request was from Ben Hutchings <ben@decadent.org.uk> to control@bugs.debian.org. (Thu, 18 Aug 2011 16:39:33 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Thu, 18 Aug 2011 16:45:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ben Hutchings <ben@decadent.org.uk>:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Thu, 18 Aug 2011 16:45:07 GMT) Full text and rfc822 format available.

Message #14 received at 638322@bugs.debian.org (full text, mbox):

From: Ben Hutchings <ben@decadent.org.uk>
To: Jan Möbius <jan_moebius@web.de>, 638322@bugs.debian.org
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Thu, 18 Aug 2011 17:41:22 +0100
On Thu, Aug 18, 2011 at 05:39:16PM +0200, Jan Möbius wrote:
> Package: nfs-common
> Version: 1:1.2.4-1
> Severity: normal
> 
> Hi,
> 
> sometimes rpc.statd binds to port 631 udp which is used by cups. Therefore cups is unable to bind to its port and no printers get discovered.
> 
> Rebooting the system helps as rpc.statd uses another port afterwards.
 
This is a fundamental problem of the bindresvport() function, and
not specific to rpc.statd.  Reassigning to general.

The 'portreserve' package provides a kluge to avoid this, but it
requires other packages to register the ports that must be reserved.
It also won't work reliably, because insserv runs init scripts in
parallel and there is thus a race condition in the way services claim
their ports from the portreserve daemon.

A proper fix probably involves using systemd's socket-activation.
Yes, I said systemd - which presumably means we'll have to wait
another 5 years for this to be fixed.

Ben.

-- 
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
                                                              - Albert Camus




Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Thu, 18 Aug 2011 23:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "brian m. carlson" <sandals@crustytoothpaste.net>:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Thu, 18 Aug 2011 23:24:03 GMT) Full text and rfc822 format available.

Message #19 received at 638322@bugs.debian.org (full text, mbox):

From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: Ben Hutchings <ben@decadent.org.uk>, 638322@bugs.debian.org
Cc: Jan Möbius <jan_moebius@web.de>
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Thu, 18 Aug 2011 19:03:10 +0000
[Message part 1 (text/plain, inline)]
On Thu, Aug 18, 2011 at 05:41:22PM +0100, Ben Hutchings wrote:
> On Thu, Aug 18, 2011 at 05:39:16PM +0200, Jan Möbius wrote:
> > sometimes rpc.statd binds to port 631 udp which is used by cups. Therefore cups is unable to bind to its port and no printers get discovered.
> > 
> > Rebooting the system helps as rpc.statd uses another port afterwards.
>  
> This is a fundamental problem of the bindresvport() function, and
> not specific to rpc.statd.  Reassigning to general.

Actually, according to the manpage:

  Unlike some bindresvport() implementations, the glibc implementation
  ignores any value that the caller supplies in sin->sin_port.

Fixing this might be a useful way around the problem.  I'd code up a
patch, but eglibc won't take it without copyright assignment.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Thu, 18 Aug 2011 23:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ben Hutchings <ben@decadent.org.uk>:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Thu, 18 Aug 2011 23:57:03 GMT) Full text and rfc822 format available.

Message #24 received at 638322@bugs.debian.org (full text, mbox):

From: Ben Hutchings <ben@decadent.org.uk>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: 638322@bugs.debian.org, Jan Möbius <jan_moebius@web.de>
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Fri, 19 Aug 2011 00:53:02 +0100
[Message part 1 (text/plain, inline)]
On Thu, 2011-08-18 at 19:03 +0000, brian m. carlson wrote:
> On Thu, Aug 18, 2011 at 05:41:22PM +0100, Ben Hutchings wrote:
> > On Thu, Aug 18, 2011 at 05:39:16PM +0200, Jan Möbius wrote:
> > > sometimes rpc.statd binds to port 631 udp which is used by cups. Therefore cups is unable to bind to its port and no printers get discovered.
> > > 
> > > Rebooting the system helps as rpc.statd uses another port afterwards.
> >  
> > This is a fundamental problem of the bindresvport() function, and
> > not specific to rpc.statd.  Reassigning to general.
> 
> Actually, according to the manpage:
> 
>   Unlike some bindresvport() implementations, the glibc implementation
>   ignores any value that the caller supplies in sin->sin_port.
> 
> Fixing this might be a useful way around the problem.  I'd code up a
> patch, but eglibc won't take it without copyright assignment.

You can't fix that, because it can't rely on existing callers to
initialise the field at all.

Ben.

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Fri, 19 Aug 2011 00:21:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Fri, 19 Aug 2011 00:21:05 GMT) Full text and rfc822 format available.

Message #29 received at 638322@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: debian-devel@lists.debian.org, Ben Hutchings <ben@decadent.org.uk>, 638322@bugs.debian.org
Cc: "brian m. carlson" <sandals@crustytoothpaste.net>, Jan Möbius <jan_moebius@web.de>
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Fri, 19 Aug 2011 10:13:17 +1000
Systems running SE Linux tend not to have this problem.  In most cases the 
daemons which use RPC services are not permitted to bind to any of the ports 
that are reserved for services and therefore such a bind attempt fails with 
EPERM, glibc will just decrement the port number and try again when this 
happens.

http://etbe.coker.com.au/2007/11/06/squid-and-se-linux/

I mentioned this in the above blog post, I think it was in about 2002 that I 
wrote the policy to do this.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/




Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Fri, 19 Aug 2011 09:01:59 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guus Sliepen <guus@debian.org>:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Fri, 19 Aug 2011 09:02:11 GMT) Full text and rfc822 format available.

Message #34 received at 638322@bugs.debian.org (full text, mbox):

From: Guus Sliepen <guus@debian.org>
To: Russell Coker <russell@coker.com.au>
Cc: debian-devel@lists.debian.org, Ben Hutchings <ben@decadent.org.uk>, 638322@bugs.debian.org, "brian m. carlson" <sandals@crustytoothpaste.net>, Jan Möbius <jan_moebius@web.de>
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Fri, 19 Aug 2011 10:49:41 +0200
[Message part 1 (text/plain, inline)]
On Fri, Aug 19, 2011 at 10:13:17AM +1000, Russell Coker wrote:

> Systems running SE Linux tend not to have this problem.  In most cases the 
> daemons which use RPC services are not permitted to bind to any of the ports 
> that are reserved for services and therefore such a bind attempt fails with 
> EPERM, glibc will just decrement the port number and try again when this 
> happens.
> 
> http://etbe.coker.com.au/2007/11/06/squid-and-se-linux/
> 
> I mentioned this in the above blog post, I think it was in about 2002 that I 
> wrote the policy to do this.

We could also patch bindresvport() to skip all ports mentioned in
/etc/services, to get similar behaviour as with SE Linux. Or patch the programs
using it to first try to bind to a static port that does not conflict with
those in /etc/services, and if that fails fall back to bindresvport().

-- 
Met vriendelijke groet / with kind regards,
      Guus Sliepen <guus@debian.org>
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Fri, 19 Aug 2011 09:24:19 GMT) Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Fri, 19 Aug 2011 09:24:25 GMT) Full text and rfc822 format available.

Message #39 received at 638322@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: debian-devel@lists.debian.org
Cc: Guus Sliepen <guus@debian.org>, Ben Hutchings <ben@decadent.org.uk>, 638322@bugs.debian.org, "brian m. carlson" <sandals@crustytoothpaste.net>, Jan Möbius <jan_moebius@web.de>
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Fri, 19 Aug 2011 19:20:49 +1000
On Fri, 19 Aug 2011, Guus Sliepen <guus@debian.org> wrote:
> We could also patch bindresvport() to skip all ports mentioned in
> /etc/services, to get similar behaviour as with SE Linux. Or patch the
> programs using it to first try to bind to a static port that does not
> conflict with those in /etc/services, and if that fails fall back to
> bindresvport().

That would be a viable option.  On my system there are 124 TCP ports listed 
with numbers <1024 (which seems to be the main problem area).  Losing 12% of 
the address space seems viable.

One thing to note when comparing this to SE Linux is that the SE Linux policy 
labels some ports that aren't in /etc/services but which are in relatively 
common use.  One example is port 24 for LMTP.  Also with SE Linux there is an 
easy way of adding new port labels and as the typical daemon won't be 
permitted to bind to an unlabeled port the sysadmin is compelled to do the 
correct thing.

Now one could patch bindresvport() to also check /etc/services.local or some 
other source of configuration information about which ports are likely to be 
used.  But getting the users to accept that will take some effort.

Of course most users just don't have enough RPC traffic to generate the 
problem.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/




Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Fri, 19 Aug 2011 09:51:39 GMT) Full text and rfc822 format available.

Acknowledgement sent to Adam Borowski <kilobyte@angband.pl>:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Fri, 19 Aug 2011 09:51:44 GMT) Full text and rfc822 format available.

Message #44 received at 638322@bugs.debian.org (full text, mbox):

From: Adam Borowski <kilobyte@angband.pl>
To: debian-devel@lists.debian.org
Cc: 638322@bugs.debian.org
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Fri, 19 Aug 2011 11:47:12 +0200
On Fri, Aug 19, 2011 at 10:49:41AM +0200, Guus Sliepen wrote:
> On Fri, Aug 19, 2011 at 10:13:17AM +1000, Russell Coker wrote:
> > Systems running SE Linux tend not to have this problem.  In most cases the 
> > daemons which use RPC services are not permitted to bind to any of the ports 
> > that are reserved for services and therefore such a bind attempt fails with 
> > EPERM, glibc will just decrement the port number and try again when this 
> > happens.
> 
> We could also patch bindresvport() to skip all ports mentioned in
> /etc/services, to get similar behaviour as with SE Linux. Or patch the programs
> using it to first try to bind to a static port that does not conflict with
> those in /etc/services, and if that fails fall back to bindresvport().

Or use a whitelist rather than pretending that /etc/services was complete
anywhere within the last 20 years.

Not to mention bindresvport() removes the freedom of the sysadmin to bind
services to whatever ports she wishes.  Or, say, run multiple instances of a
service.

-- 
1KB		// Yo momma uses IPv4!




Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Fri, 19 Aug 2011 13:45:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Edward Allcutt <edward@allcutt.me.uk>:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Fri, 19 Aug 2011 13:45:09 GMT) Full text and rfc822 format available.

Message #49 received at 638322@bugs.debian.org (full text, mbox):

From: Edward Allcutt <edward@allcutt.me.uk>
To: 638322@bugs.debian.org
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Fri, 19 Aug 2011 14:36:48 +0100 (BST)
[Message part 1 (text/plain, inline)]
On Thu, 18 Aug 2011, Ben Hutchings wrote:
> On Thu, Aug 18, 2011 at 05:39:16PM +0200, Jan Möbius wrote:
>> sometimes rpc.statd binds to port 631 udp which is used by cups. Therefore cups is unable to bind to its port and no printers get discovered.
>>
>> Rebooting the system helps as rpc.statd uses another port afterwards.
>
> This is a fundamental problem of the bindresvport() function, and
> not specific to rpc.statd.  Reassigning to general.

Sure, bindresvport is archaic, but workarounds already exist. In
particular, Debian already adds /etc/bindresvport.blacklist and the
default already contains port 631. Does the submitter have this
file in place with the default contents?

> The 'portreserve' package provides a kluge to avoid this, but it
> requires other packages to register the ports that must be reserved.
> It also won't work reliably, because insserv runs init scripts in
> parallel and there is thus a race condition in the way services claim
> their ports from the portreserve daemon.

That seems like a much worse kluge than the existing blacklist. Allowing
packages to register reserved ports however seems a useful feature.

Reassign to eglibc as request for supporting /etc/bindresvport.blacklist.d ?

> A proper fix probably involves using systemd's socket-activation.
> Yes, I said systemd - which presumably means we'll have to wait
> another 5 years for this to be fixed.

Irrelevant. Promoting systemd for its side-effect as an amelioration for an
ureliable kluge is not a strong argument. ;) [0]

[0] Not intended as an argument against systemd either.

-- 
Edward Allcutt

Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Fri, 19 Aug 2011 14:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Fri, 19 Aug 2011 14:06:03 GMT) Full text and rfc822 format available.

Message #54 received at 638322@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: debian-devel@lists.debian.org
Cc: Adam Borowski <kilobyte@angband.pl>, 638322@bugs.debian.org
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Sat, 20 Aug 2011 00:02:12 +1000
On Fri, 19 Aug 2011, Adam Borowski <kilobyte@angband.pl> wrote:
> Or use a whitelist rather than pretending that /etc/services was complete
> anywhere within the last 20 years.

AFAIK /etc/services has always been a complete list of ports assigned by IANA.  
If someone makes a port commonly used without getting IANA approval that's 
their problem/mistake.

> Not to mention bindresvport() removes the freedom of the sysadmin to bind
> services to whatever ports she wishes.  Or, say, run multiple instances of
> a service.

If you make your program use bindresvport() then it means that you don't care 
what the port number is as long as it's in the reserved range.  This generally 
means that it's a RPC service and the Portmapper will tell everyone which port 
to use or that there is some other channel to tell the clients which port to 
connect to (maybe a bit like the FTP two-port setup).

If you run multiple instances of a service using RPC then I guess you could 
use different names with the Portmapper.

It seems to me that the only problem is if you run multiple instances of a 
daemon on different ports and don't use /etc/bindresvport.blacklist, SE Linux, 
or some other method of telling bindresvport() to leave your port alone.  That 
wouldn't be an issue of sysadmin freedom but sysadmin ignorance (and I am one 
of the people who was ignorant of bindresvport.blacklist).

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/




Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Fri, 19 Aug 2011 17:57:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Adam Borowski <kilobyte@angband.pl>:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Fri, 19 Aug 2011 17:57:05 GMT) Full text and rfc822 format available.

Message #59 received at 638322@bugs.debian.org (full text, mbox):

From: Adam Borowski <kilobyte@angband.pl>
To: debian-devel@lists.debian.org
Cc: 638322@bugs.debian.org
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Fri, 19 Aug 2011 19:53:46 +0200
On Sat, Aug 20, 2011 at 12:02:12AM +1000, Russell Coker wrote:
> On Fri, 19 Aug 2011, Adam Borowski <kilobyte@angband.pl> wrote:
> > Not to mention bindresvport() removes the freedom of the sysadmin to bind
> > services to whatever ports she wishes.  Or, say, run multiple instances of
> > a service.
> 
> If you make your program use bindresvport() then it means that you don't care 
> what the port number is as long as it's in the reserved range.

Except that it should not get into ports used by something else.

> It seems to me that the only problem is if you run multiple instances of a 
> daemon on different ports and don't use /etc/bindresvport.blacklist, SE Linux, 
> or some other method of telling bindresvport() to leave your port alone.  That 
> wouldn't be an issue of sysadmin freedom but sysadmin ignorance (and I am one 
> of the people who was ignorant of bindresvport.blacklist).

You can't blame "sysadmin ignorance".  I've just grepped through every
single man page in Debian (ok, amd64 main), and there is not a single
reference to /etc/bindresvport.blacklist.  In fact, even bindresvport() is
referenced only from its own manpage and from portreserve which is another
hack to work around this bug.  portreserve is neither recommended/suggested,
nor has any data that would allow it to work.

No other daemon I know has this problem.  If I install daemon foo, I can
expect it to not touch any ports it hasn't been configured to use.  It's
just portmap/SunRPC that uses random scatter-shot that can trample on
something else.

So what about this: let's reserve a number of ports for portmap's exclusive
usage[1].  There's like 900 unused assignments, so there's plenty of space
than could be parcelled off.  SunRPC has long since degenerated from
something with a general purpose to a peculiarity of NFS, so not many ports
are needed.  Only under a pathological configuration one could exceed any
reasonable static limit, and in that case bindresvport() would revert to the
blacklist+scattershot.



[1]. Unless the sysadmin knowingly takes them for some other purpose; no
different from, say, having sshd listen on port 443.

-- 
1KB		// Yo momma uses IPv4!




Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Sat, 20 Aug 2011 12:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Sat, 20 Aug 2011 12:24:36 GMT) Full text and rfc822 format available.

Message #64 received at 638322@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: debian-devel@lists.debian.org
Cc: Adam Borowski <kilobyte@angband.pl>, 638322@bugs.debian.org
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Sat, 20 Aug 2011 22:19:58 +1000
On Sat, 20 Aug 2011, Adam Borowski <kilobyte@angband.pl> wrote:
> > It seems to me that the only problem is if you run multiple instances of
> > a daemon on different ports and don't use /etc/bindresvport.blacklist,
> > SE Linux, or some other method of telling bindresvport() to leave your
> > port alone.  That wouldn't be an issue of sysadmin freedom but sysadmin
> > ignorance (and I am one of the people who was ignorant of
> > bindresvport.blacklist).
> 
> You can't blame "sysadmin ignorance".  I've just grepped through every
> single man page in Debian (ok, amd64 main), and there is not a single

Ignorance means not knowing.  Sure there are probably some bug reports about 
man pages due, but it's still something you or I could have found out.

apt-get source libc6

> No other daemon I know has this problem.  If I install daemon foo, I can
> expect it to not touch any ports it hasn't been configured to use.  It's
> just portmap/SunRPC that uses random scatter-shot that can trample on
> something else.

Yes, SunRPC and anything that opens a port for callback.

> So what about this: let's reserve a number of ports for portmap's exclusive
> usage[1].  There's like 900 unused assignments, so there's plenty of space
> than could be parcelled off.  SunRPC has long since degenerated from
> something with a general purpose to a peculiarity of NFS, so not many ports
> are needed.  Only under a pathological configuration one could exceed any
> reasonable static limit, and in that case bindresvport() would revert to
> the blacklist+scattershot.

The problem with this theory is the fact that the problem that was reported 
with CUPS only occurred after bindresvport() had used every port from 1023 
down to 631.  A casual scan of /etc/services reveals that there are no long 
contiguous ranges available without reserved ports.  If you start at the top 
the common ports pop3s and imaps could be reached quite quickly.

So it seems that some sort of blacklist is the only way to go.

The idea of a .d directory for blacklist files such that every package 
installation that is likely to use some ports will automatically have a 
reservation is a good one.  Of course there's still the corner case of trying 
to install CUPS (or some other daemon) after a long-running RPC service has 
grabbed the port.

Maybe we should default to having ports such as 631, 993, 995, 873, 587, 636, 
546, and 547 reserved at all times.  From a quick scan of /etc/services they 
seem to be the most likely ports to be used in the 500-1024 range.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/




Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Sat, 20 Aug 2011 12:42:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henrique de Moraes Holschuh <hmh@debian.org>:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Sat, 20 Aug 2011 12:43:29 GMT) Full text and rfc822 format available.

Message #69 received at 638322@bugs.debian.org (full text, mbox):

From: Henrique de Moraes Holschuh <hmh@debian.org>
To: Russell Coker <russell@coker.com.au>
Cc: debian-devel@lists.debian.org, Adam Borowski <kilobyte@angband.pl>, 638322@bugs.debian.org
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Sat, 20 Aug 2011 09:38:52 -0300
On Sat, 20 Aug 2011, Russell Coker wrote:
> On Sat, 20 Aug 2011, Adam Borowski <kilobyte@angband.pl> wrote:
> > > It seems to me that the only problem is if you run multiple instances of
> > > a daemon on different ports and don't use /etc/bindresvport.blacklist,
> > > SE Linux, or some other method of telling bindresvport() to leave your
> > > port alone.  That wouldn't be an issue of sysadmin freedom but sysadmin
> > > ignorance (and I am one of the people who was ignorant of
> > > bindresvport.blacklist).
> > 
> > You can't blame "sysadmin ignorance".  I've just grepped through every
> > single man page in Debian (ok, amd64 main), and there is not a single
> 
> Ignorance means not knowing.  Sure there are probably some bug reports about 
> man pages due, but it's still something you or I could have found out.

...

> > No other daemon I know has this problem.  If I install daemon foo, I can
> > expect it to not touch any ports it hasn't been configured to use.  It's
> > just portmap/SunRPC that uses random scatter-shot that can trample on
> > something else.
> 
> Yes, SunRPC and anything that opens a port for callback.

Firewall port blocking can also cause such problems (denial of service).
While it is a different problem, it has the same roots as SunRPC binding to
undesired sockets: applications that use random sockets do not know whether
they're going to get a socket they're supposed to use.

Intelligent use of conntrack can help on single hosts (reducing the problem
to incoming callback connections), but most sites have border policies that
forbid any traffic to flow for some ports.  It causes minor issues for DNS
traffic (timeouts on a small fraction of the queries), for example.

> So it seems that some sort of blacklist is the only way to go.

Yes.  And we can easily maintain a current one for Debian-packaged software,
although the initial build of such a blacklist will take some work.

> The idea of a .d directory for blacklist files such that every package 
> installation that is likely to use some ports will automatically have a 
> reservation is a good one.  Of course there's still the corner case of trying 
> to install CUPS (or some other daemon) after a long-running RPC service has 
> grabbed the port.

That's not such a big problem, as it will be noticed immediately and causes
no surprise downtime of a service.

> Maybe we should default to having ports such as 631, 993, 995, 873, 587, 636, 
> 546, and 547 reserved at all times.  From a quick scan of /etc/services they 
> seem to be the most likely ports to be used in the 500-1024 range.

Looks good, and we can take extra ports as bug reports.  A mail to d-d-a and
a short article to planet.d.o and LWN may help to raise awareness of such
issues: although this _is_ a longstanding and _well known_ issue, the ways
to avoid the worst problems it can cause are _not_ well known.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh




Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Sat, 20 Aug 2011 13:36:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ben Hutchings <ben@decadent.org.uk>:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Sat, 20 Aug 2011 13:36:07 GMT) Full text and rfc822 format available.

Message #74 received at 638322@bugs.debian.org (full text, mbox):

From: Ben Hutchings <ben@decadent.org.uk>
To: Edward Allcutt <edward@allcutt.me.uk>, 638322@bugs.debian.org
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Sat, 20 Aug 2011 14:34:09 +0100
[Message part 1 (text/plain, inline)]
On Fri, 2011-08-19 at 14:36 +0100, Edward Allcutt wrote:
> On Thu, 18 Aug 2011, Ben Hutchings wrote:
> > On Thu, Aug 18, 2011 at 05:39:16PM +0200, Jan Möbius wrote:
> >> sometimes rpc.statd binds to port 631 udp which is used by cups. Therefore cups is unable to bind to its port and no printers get discovered.
> >>
> >> Rebooting the system helps as rpc.statd uses another port afterwards.
> >
> > This is a fundamental problem of the bindresvport() function, and
> > not specific to rpc.statd.  Reassigning to general.
> 
> Sure, bindresvport is archaic, but workarounds already exist. In
> particular, Debian already adds /etc/bindresvport.blacklist and the
> default already contains port 631. Does the submitter have this
> file in place with the default contents?

Oh, I completely missed that.

> > The 'portreserve' package provides a kluge to avoid this, but it
> > requires other packages to register the ports that must be reserved.
> > It also won't work reliably, because insserv runs init scripts in
> > parallel and there is thus a race condition in the way services claim
> > their ports from the portreserve daemon.
> 
> That seems like a much worse kluge than the existing blacklist. Allowing
> packages to register reserved ports however seems a useful feature.
> 
> Reassign to eglibc as request for supporting /etc/bindresvport.blacklist.d ?
[...]

That seems like it would be necessary in the general case.  However, if
port 631 is already on the list then it has nothing to do with the
current bug report.

In fact, the problem seems to be that bindresvport() supports IPv4 only
and therefore libtirpc (the new SunRPC client library) does not use it
(for either IPv4 or IPv6).  glibc declares bindresvport6() for IPv6
addresses, but it doesn't appear to define it.  So it seems like we need
to:

1. Add bindresvport6() to glibc
2. Use glibc's bindresvport{,6}() in libtirpc
3. Add configuration directory for reserving more ports (not for this
bug)

Ben.

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Sat, 20 Aug 2011 14:21:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Barth <aba@not.so.argh.org>:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Sat, 20 Aug 2011 14:21:06 GMT) Full text and rfc822 format available.

Message #79 received at 638322@bugs.debian.org (full text, mbox):

From: Andreas Barth <aba@not.so.argh.org>
To: Henrique de Moraes Holschuh <hmh@debian.org>
Cc: Russell Coker <russell@coker.com.au>, debian-devel@lists.debian.org, Adam Borowski <kilobyte@angband.pl>, 638322@bugs.debian.org
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Sat, 20 Aug 2011 16:17:25 +0200
* Henrique de Moraes Holschuh (hmh@debian.org) [110820 14:39]:
> Yes.  And we can easily maintain a current one for Debian-packaged software,
> although the initial build of such a blacklist will take some work.

Actually, the existing interface net.ipv4.ip_local_port_range seems to
work quite well. And there are so many ports that for most servers it
seems acceptable to limit the outgoing ports to only a tiny portion of
port numbers (like 1/4th or so).


Andi




Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Sat, 20 Aug 2011 16:00:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ben Hutchings <ben@decadent.org.uk>:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Sat, 20 Aug 2011 16:00:10 GMT) Full text and rfc822 format available.

Message #84 received at 638322@bugs.debian.org (full text, mbox):

From: Ben Hutchings <ben@decadent.org.uk>
To: Andreas Barth <aba@not.so.argh.org>
Cc: Henrique de Moraes Holschuh <hmh@debian.org>, Russell Coker <russell@coker.com.au>, debian-devel@lists.debian.org, Adam Borowski <kilobyte@angband.pl>, 638322@bugs.debian.org
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Sat, 20 Aug 2011 16:57:39 +0100
[Message part 1 (text/plain, inline)]
On Sat, 2011-08-20 at 16:17 +0200, Andreas Barth wrote:
> * Henrique de Moraes Holschuh (hmh@debian.org) [110820 14:39]:
> > Yes.  And we can easily maintain a current one for Debian-packaged software,
> > although the initial build of such a blacklist will take some work.
> 
> Actually, the existing interface net.ipv4.ip_local_port_range seems to
> work quite well. And there are so many ports that for most servers it
> seems acceptable to limit the outgoing ports to only a tiny portion of
> port numbers (like 1/4th or so).

This has nothing to do with bindresvport().

Ben.

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Sun, 21 Aug 2011 03:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henrique de Moraes Holschuh <hmh@debian.org>:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Sun, 21 Aug 2011 03:57:03 GMT) Full text and rfc822 format available.

Message #89 received at 638322@bugs.debian.org (full text, mbox):

From: Henrique de Moraes Holschuh <hmh@debian.org>
To: Andreas Barth <aba@not.so.argh.org>, Russell Coker <russell@coker.com.au>, debian-devel@lists.debian.org, Adam Borowski <kilobyte@angband.pl>, 638322@bugs.debian.org
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Sun, 21 Aug 2011 00:51:56 -0300
On Sat, 20 Aug 2011, Andreas Barth wrote:
> * Henrique de Moraes Holschuh (hmh@debian.org) [110820 14:39]:
> > Yes.  And we can easily maintain a current one for Debian-packaged software,
> > although the initial build of such a blacklist will take some work.
> 
> Actually, the existing interface net.ipv4.ip_local_port_range seems to
> work quite well. And there are so many ports that for most servers it

No, it doesn't.  And we have at least one extremely important protocol that
needs as many ports as we can give it (DNS).

A blacklist is the way to go, and we already have it.  We just need to fill
it, make it easier to extend (.d directory), tell people about it, and teach
stuff other than SunRPC to use it when necessary.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh




Information forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org:
Bug#638322; Package general. (Sun, 21 Aug 2011 12:39:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to debian-devel@lists.debian.org. (Sun, 21 Aug 2011 12:39:10 GMT) Full text and rfc822 format available.

Message #94 received at 638322@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: debian-devel@lists.debian.org
Cc: Henrique de Moraes Holschuh <hmh@debian.org>, Andreas Barth <aba@not.so.argh.org>, Adam Borowski <kilobyte@angband.pl>, 638322@bugs.debian.org
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Date: Sun, 21 Aug 2011 22:38:05 +1000
On Sun, 21 Aug 2011, Henrique de Moraes Holschuh <hmh@debian.org> wrote:
> On Sat, 20 Aug 2011, Andreas Barth wrote:
> > * Henrique de Moraes Holschuh (hmh@debian.org) [110820 14:39]:
> > > Yes.  And we can easily maintain a current one for Debian-packaged
> > > software, although the initial build of such a blacklist will take
> > > some work.
> > 
> > Actually, the existing interface net.ipv4.ip_local_port_range seems to
> > work quite well. And there are so many ports that for most servers it

# cat /proc/sys/net/ipv4/ip_local_port_range 
32768   61000

The above is from one of my systems.  This isn't used for RPC, presumably 
because they want the special <1024 port numbers that imply root ownership.

> No, it doesn't.  And we have at least one extremely important protocol that
> needs as many ports as we can give it (DNS).

Aug 21 11:42:48 ns named[2382]: using default UDP/IPv4 port range: [1024, 
65535]
Aug 21 11:42:48 ns named[2382]: using default UDP/IPv6 port range: [1024, 
65535]

BIND seems to use ports >1024 as well, again this is different from the 
typical RPC issues but does have the potential to cause problems (there are 
more than a few UDP ports >1024 in /etc/services).  Maybe BIND should be 
patched to use the same port reservation procedure as RPC.
 
> A blacklist is the way to go, and we already have it.  We just need to fill
> it, make it easier to extend (.d directory), tell people about it, and
> teach stuff other than SunRPC to use it when necessary.

Yes.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/




Bug 638322 cloned as bug 638810. Request was from Ben Hutchings <ben@decadent.org.uk> to control@bugs.debian.org. (Mon, 22 Aug 2011 02:27:01 GMT) Full text and rfc822 format available.

Bug reassigned from package 'general' to 'nfs-common'. Request was from Ben Hutchings <ben@decadent.org.uk> to control@bugs.debian.org. (Mon, 22 Aug 2011 02:27:04 GMT) Full text and rfc822 format available.

Added blocking bug(s) of 638322: 638810 Request was from Ben Hutchings <ben@decadent.org.uk> to control@bugs.debian.org. (Mon, 22 Aug 2011 02:27:05 GMT) Full text and rfc822 format available.

Bug reassigned from package 'nfs-common' to 'libtirpc1'. Request was from Ben Hutchings <ben@decadent.org.uk> to control@bugs.debian.org. (Mon, 22 Aug 2011 02:51:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Steinar H. Gunderson <sesse@debian.org>:
Bug#638322; Package libtirpc1. (Mon, 22 Aug 2011 03:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ben Hutchings <ben@decadent.org.uk>:
Extra info received and forwarded to list. Copy sent to Steinar H. Gunderson <sesse@debian.org>. (Mon, 22 Aug 2011 03:36:03 GMT) Full text and rfc822 format available.

Message #107 received at 638322@bugs.debian.org (full text, mbox):

From: Ben Hutchings <ben@decadent.org.uk>
To: 638322@bugs.debian.org
Subject: [PATCH] Use bindresvport{,6}() from libc
Date: Mon, 22 Aug 2011 04:32:58 +0100
[Message part 1 (text/plain, inline)]
This depends on eglibc being patched as in #638810.

Ben.

--- libtirpc-0.2.2.orig/src/bindresvport.c
+++ libtirpc-0.2.2/src/bindresvport.c
@@ -58,12 +58,8 @@
         return bindresvport_sa(sd, (struct sockaddr *)sin);
 }
 
-#ifdef __linux__
-
-#define STARTPORT 600
-#define LOWPORT 512
-#define ENDPORT (IPPORT_RESERVED - 1)
-#define NPORTS  (ENDPORT - STARTPORT + 1)
+/* We now want to call libc's bindresvport() */
+#undef bindresvport
 
 int
 bindresvport_sa(sd, sa)
@@ -72,17 +68,7 @@
 {
         int res, af;
         struct sockaddr_storage myaddr;
-	struct sockaddr_in *sin;
-#ifdef INET6
-	struct sockaddr_in6 *sin6;
-#endif
-	u_int16_t *portp;
-	static u_int16_t port;
-	static short startport = STARTPORT;
 	socklen_t salen;
-	int nports = ENDPORT - startport + 1;
-	int endport = ENDPORT;
-	int i;
 
         if (sa == NULL) {
                 salen = sizeof(myaddr);
@@ -97,140 +83,11 @@
 
         switch (af) {
         case AF_INET:
-		sin = (struct sockaddr_in *)sa;
-                salen = sizeof(struct sockaddr_in);
-                port = ntohs(sin->sin_port);
-		portp = &sin->sin_port;
-		break;
-#ifdef INET6
+                return bindresvport(sd, (struct sockaddr_in *)sa);
         case AF_INET6:
-		sin6 = (struct sockaddr_in6 *)sa;
-                salen = sizeof(struct sockaddr_in6);
-                port = ntohs(sin6->sin6_port);
-                portp = &sin6->sin6_port;
-                break;
-#endif
+                return bindresvport6(sd, (struct sockaddr_in6 *)sa);
         default:
                 errno = EPFNOSUPPORT;
                 return (-1);
         }
-        sa->sa_family = af;
-
-        if (port == 0) {
-                port = (getpid() % NPORTS) + STARTPORT;
-        }
-        res = -1;
-        errno = EADDRINUSE;
-		again:
-        for (i = 0; i < nports; ++i) {
-                *portp = htons(port++);
-                 if (port > endport) 
-                        port = startport;
-                res = bind(sd, sa, salen);
-		if (res >= 0 || errno != EADDRINUSE)
-	                break;
-        }
-	if (i == nports && startport != LOWPORT) {
-	    startport = LOWPORT;
-	    endport = STARTPORT - 1;
-	    nports = STARTPORT - LOWPORT;
-	    port = LOWPORT + port % (STARTPORT - LOWPORT);
-	    goto again;
-	}
-        return (res);
-}
-#else
-
-#define IP_PORTRANGE 19
-#define IP_PORTRANGE_LOW 2
-
-/*
- * Bind a socket to a privileged IP port
- */
-int
-bindresvport_sa(sd, sa)
-	int sd;
-	struct sockaddr *sa;
-{
-	int old, error, af;
-	struct sockaddr_storage myaddr;
-	struct sockaddr_in *sin;
-#ifdef INET6
-	struct sockaddr_in6 *sin6;
-#endif
-	int proto, portrange, portlow;
-	u_int16_t *portp;
-	socklen_t salen;
-
-	if (sa == NULL) {
-		salen = sizeof(myaddr);
-		sa = (struct sockaddr *)&myaddr;
-
-		if (getsockname(sd, sa, &salen) == -1)
-			return -1;	/* errno is correctly set */
-
-		af = sa->sa_family;
-		memset(sa, 0, salen);
-	} else
-		af = sa->sa_family;
-
-	switch (af) {
-	case AF_INET:
-		proto = IPPROTO_IP;
-		portrange = IP_PORTRANGE;
-		portlow = IP_PORTRANGE_LOW;
-		sin = (struct sockaddr_in *)sa;
-		salen = sizeof(struct sockaddr_in);
-		portp = &sin->sin_port;
-		break;
-#ifdef INET6
-	case AF_INET6:
-		proto = IPPROTO_IPV6;
-		portrange = IPV6_PORTRANGE;
-		portlow = IPV6_PORTRANGE_LOW;
-		sin6 = (struct sockaddr_in6 *)sa;
-		salen = sizeof(struct sockaddr_in6);
-		portp = &sin6->sin6_port;
-		break;
-#endif
-	default:
-		errno = EPFNOSUPPORT;
-		return (-1);
-	}
-	sa->sa_family = af;
-
-	if (*portp == 0) {
-		socklen_t oldlen = sizeof(old);
-
-		error = getsockopt(sd, proto, portrange, &old, &oldlen);
-		if (error < 0)
-			return (error);
-
-		error = setsockopt(sd, proto, portrange, &portlow,
-		    sizeof(portlow));
-		if (error < 0)
-			return (error);
-	}
-
-	error = bind(sd, sa, salen);
-
-	if (*portp == 0) {
-		int saved_errno = errno;
-
-		if (error < 0) {
-			if (setsockopt(sd, proto, portrange, &old,
-			    sizeof(old)) < 0)
-				errno = saved_errno;
-			return (error);
-		}
-
-		if (sa != (struct sockaddr *)&myaddr) {
-			/* Hmm, what did the kernel assign? */
-			if (getsockname(sd, sa, &salen) < 0)
-				errno = saved_errno;
-			return (error);
-		}
-	}
-	return (error);
 }
-#endif
--- libtirpc-0.2.2.orig/tirpc/rpc/rpc.h
+++ libtirpc-0.2.2/tirpc/rpc/rpc.h
@@ -79,6 +79,10 @@
 #define UDPMSGSIZE 8800
 #endif
 
+/* Change the real name of our bindresvport() function so it can easily
+ * call libc's bindresvport() */
+#define bindresvport tirpc_bindresvport
+
 __BEGIN_DECLS
 extern int get_myaddress(struct sockaddr_in *);
 extern int bindresvport(int, struct sockaddr_in *) __THROW;
---

[signature.asc (application/pgp-signature, inline)]

Added tag(s) patch. Request was from Ben Hutchings <ben@decadent.org.uk> to control@bugs.debian.org. (Mon, 22 Aug 2011 03:36:07 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 02:21:40 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.