William Ahern wrote:
>> Regarding closing UDP sockets. You can't rebind a socket (if I understand
>> the man page correctly), so if you want to randomize ports, you'll have
>> to close/recreate it. And from recent year's injection attacks, I think you
>> do want to randomize ports.
> No, but you can reconnect a datagram socket, which is what matters if you're
> on the client end. That may be useful depending on the policy, e.g.
> randomize ports every N queries, possibly keeping a pool of sockets to
> regain some entropy. (I'm unsure if that's relevant 'cause I've long
> forgotten the context of the thread.)
Gliding slightly off-topic, the thread is really about a timeout issue:
Does a re-connect() cause the client socket address to be
rebound? From what I could see in Linux's udp(7), it looked
like the kernel will only do an automatic bind once per socket.
In that case, you won't get randomized client ports without
re-opening the socket.
"[---] In order to receive packets the socket can be bound to a
local address first by using bind(2). Otherwise the socket
layer will automatically assign a free local port out of the
range defined by net.ipv4.ip_local_port_range and bind
the socket to INADDR_ANY."
Received on 2010-12-02