On 2012/01/06 22:16:07, dho wrote: > Hello mailto:rsc@golang.org (cc: mailto:golang-dev@googlegroups.com), > > I'd like you ...
13 years, 11 months ago
(2012-01-07 01:39:07 UTC)
#2
On 2012/01/06 22:16:07, dho wrote:
> Hello mailto:rsc@golang.org (cc: mailto:golang-dev@googlegroups.com),
>
> I'd like you to review this change to
> https://go.googlecode.com/hg/
Actually, this change isn't good.
Because there was never any explanation as to why this was happening either in
Issue 1692 or in the mailing list thread at
http://groups.google.com/group/golang-nuts/browse_thread/thread/4cbbc28d5aa7ca52,
I'll go into it.
The netFD returned by calling file, _ := conn.(*net.UDPConn).File() explicitly
dup(2)s the descriptor and returns one that is explicitly a blocking socket.
There's a comment in fd.go:635 -- "We want blocking mode for the new fd, hence
the double negative" and it's explicitly set to block (this is documented in all
of the File() exports). So the code in the example is just incorrect.
Unfortunately, there's not a way to set SO_REUSEADDR on a TCPConn or UDPConn.
The patch referenced fixes that, and the call "setNoReuseAddress(conn)" would
simply change to conn.SetReuseAddr(false).
I think we must allow setting this for UDP sockets given the unicast / multicast
use case. I'm willing to get rid of the TCPConn export in the patch.
But it goes further: in both Linux and FreeBSD, it seems not well defined which
socket gets the data (tested with Issue 1692's code + nc -4u 10000). This opens
the door for a local user denial of service attack on UDP sockets. (I'd actually
vote that we don't turn on SO_REUSEADDR by default on UDP sockets for precisely
this reason, but still export SetReuseAddr so that those writing multicast
applications over UDP can use it.
FreeBSD also makes the assumption in UDP that once set, you never unset
SO_REUSEADDR (see comment in udp_usrreq.c); I'm not sure what Linux does here.
I'll submit an updated patch removing SO_REUSEADDR from being set on UDP sockets
by default (as I think we should given the two reasons above), but let me know
regarding exporting TCPConn.SetReuseAddr.
--dho
On 2012/01/07 19:45:30, dho wrote: > Hello mailto:rsc@golang.org, mailto:mikioh.mikioh@gmail.com (cc: mailto:golang-dev@googlegroups.com), > > Please take ...
13 years, 11 months ago
(2012-01-07 19:46:18 UTC)
#5
On 2012/01/07 19:45:30, dho wrote:
> Hello mailto:rsc@golang.org, mailto:mikioh.mikioh@gmail.com (cc:
mailto:golang-dev@googlegroups.com),
>
> Please take another look.
Argh, don't. I've forgotten how to add files to these changes. Gimme a sec,
here.
Hi, I'm still not convinced whether we should have SetReuseAddr/Port methods on UDPConn, TCPConn or ...
13 years, 11 months ago
(2012-01-08 02:51:09 UTC)
#7
Hi,
I'm still not convinced whether we should have SetReuseAddr/Port
methods on UDPConn, TCPConn or not.
But even if UDP multicast is the case, I don't see why because
a) we can set TCP,UDPConn to transport protocol, platform
suitable settings in socket w/ setKernelSpecificSocketOptions,
b) other methods on ProtocolConn such as JoinGroup would be
a trigger for multicast settings as someone suggested to fix the
UDP multicast on Windows issue.
-- Mikio
On Sat, Jan 7, 2012 at 10:39 AM, <devon.odell@gmail.com> wrote:
> On 2012/01/06 22:16:07, dho wrote:
>>
>> Hello mailto:rsc@golang.org (cc: mailto:golang-dev@googlegroups.com),
>
>
>> I'd like you to review this change to
>> https://go.googlecode.com/hg/
>
>
> Actually, this change isn't good.
>
> Because there was never any explanation as to why this was happening
> either in Issue 1692 or in the mailing list thread at
>
http://groups.google.com/group/golang-nuts/browse_thread/thread/4cbbc28d5aa7ca52,
> I'll go into it.
>
> The netFD returned by calling file, _ := conn.(*net.UDPConn).File()
> explicitly dup(2)s the descriptor and returns one that is explicitly a
> blocking socket. There's a comment in fd.go:635 -- "We want blocking
> mode for the new fd, hence the double negative" and it's explicitly set
> to block (this is documented in all of the File() exports). So the code
> in the example is just incorrect. Unfortunately, there's not a way to
> set SO_REUSEADDR on a TCPConn or UDPConn. The patch referenced fixes
> that, and the call "setNoReuseAddress(conn)" would simply change to
> conn.SetReuseAddr(false).
>
> I think we must allow setting this for UDP sockets given the unicast /
> multicast use case. I'm willing to get rid of the TCPConn export in the
> patch.
>
> But it goes further: in both Linux and FreeBSD, it seems not well
> defined which socket gets the data (tested with Issue 1692's code + nc
> -4u 10000). This opens the door for a local user denial of service
> attack on UDP sockets. (I'd actually vote that we don't turn on
> SO_REUSEADDR by default on UDP sockets for precisely this reason, but
> still export SetReuseAddr so that those writing multicast applications
> over UDP can use it.
>
> FreeBSD also makes the assumption in UDP that once set, you never unset
> SO_REUSEADDR (see comment in udp_usrreq.c); I'm not sure what Linux does
> here.
>
> I'll submit an updated patch removing SO_REUSEADDR from being set on UDP
> sockets by default (as I think we should given the two reasons above),
> but let me know regarding exporting TCPConn.SetReuseAddr.
>
> --dho
>
> http://codereview.appspot.com/5520057/
2012/1/7 Mikio Hara <mikioh.mikioh@gmail.com>: > Hi, > > I'm still not convinced whether we should ...
13 years, 11 months ago
(2012-01-08 03:08:54 UTC)
#8
2012/1/7 Mikio Hara <mikioh.mikioh@gmail.com>:
> Hi,
>
> I'm still not convinced whether we should have SetReuseAddr/Port
> methods on UDPConn, TCPConn or not.
I detail below why it should be allowed for TCP, but I don't care so
much how it works for UDP as long as they're not set for UDP by
default on at least Linux and BSD.
> But even if UDP multicast is the case, I don't see why because
> a) we can set TCP,UDPConn to transport protocol, platform
> suitable settings in socket w/ setKernelSpecificSocketOptions,
The new code only sets SO_REUSE(ADDR|PORT) on TCP sockets in
setKernelSpecificSocketOptions under Linux and BSD. Windows doesn't
appear to set it at all. I really don't think these should be set on
UDP sockets because the behavior of both in the common case is at
least unexpected, if not undesirable for the reasons I mentioned in my
previous comment (poorly defined behavior for unicast packets over
UDP, and the fact that, in FreeBSD at least, the kernel effectively
ignores unsetting these sockopts after they're set).
> b) other methods on ProtocolConn such as JoinGroup would be
> a trigger for multicast settings as someone suggested to fix the
> UDP multicast on Windows issue.
I'm not really familiar with multicast in Go (or sockets on Windows in
general), but I'm happy to make JoinGroup set SO_REUSEPORT (on BSD)
and SO_REUSEADDR (on BSD and Linux) for UDP. I don't see any
compelling argument to turn them off by default for TCP, but there is
a compelling argument to export them for TCP: namely, binding to a
port on inaddr_any or inaddr6_any with SO_REUSEADDR set allows another
application to bind to the same port on a more specific address. Not
being able to turn off this behavior can create additional local user
denial of service conditions on ports >1024 (which is a *ton* of
services these days).
It'd definitely be useful to get some input on how these things work
on Windows, but I think there's a pretty good case to export them and
turn them off by default for UDP on Linux / BSD.
--dho
> -- Mikio
>
> On Sat, Jan 7, 2012 at 10:39 AM, <devon.odell@gmail.com> wrote:
>> On 2012/01/06 22:16:07, dho wrote:
>>>
>>> Hello mailto:rsc@golang.org (cc: mailto:golang-dev@googlegroups.com),
>>
>>
>>> I'd like you to review this change to
>>> https://go.googlecode.com/hg/
>>
>>
>> Actually, this change isn't good.
>>
>> Because there was never any explanation as to why this was happening
>> either in Issue 1692 or in the mailing list thread at
>>
http://groups.google.com/group/golang-nuts/browse_thread/thread/4cbbc28d5aa7ca52,
>> I'll go into it.
>>
>> The netFD returned by calling file, _ := conn.(*net.UDPConn).File()
>> explicitly dup(2)s the descriptor and returns one that is explicitly a
>> blocking socket. There's a comment in fd.go:635 -- "We want blocking
>> mode for the new fd, hence the double negative" and it's explicitly set
>> to block (this is documented in all of the File() exports). So the code
>> in the example is just incorrect. Unfortunately, there's not a way to
>> set SO_REUSEADDR on a TCPConn or UDPConn. The patch referenced fixes
>> that, and the call "setNoReuseAddress(conn)" would simply change to
>> conn.SetReuseAddr(false).
>>
>> I think we must allow setting this for UDP sockets given the unicast /
>> multicast use case. I'm willing to get rid of the TCPConn export in the
>> patch.
>>
>> But it goes further: in both Linux and FreeBSD, it seems not well
>> defined which socket gets the data (tested with Issue 1692's code + nc
>> -4u 10000). This opens the door for a local user denial of service
>> attack on UDP sockets. (I'd actually vote that we don't turn on
>> SO_REUSEADDR by default on UDP sockets for precisely this reason, but
>> still export SetReuseAddr so that those writing multicast applications
>> over UDP can use it.
>>
>> FreeBSD also makes the assumption in UDP that once set, you never unset
>> SO_REUSEADDR (see comment in udp_usrreq.c); I'm not sure what Linux does
>> here.
>>
>> I'll submit an updated patch removing SO_REUSEADDR from being set on UDP
>> sockets by default (as I think we should given the two reasons above),
>> but let me know regarding exporting TCPConn.SetReuseAddr.
>>
>> --dho
>>
>> http://codereview.appspot.com/5520057/
Thank you for the details, now I can see your point. On Sun, Jan 8, ...
13 years, 11 months ago
(2012-01-08 13:10:07 UTC)
#9
Thank you for the details, now I can see your point.
On Sun, Jan 8, 2012 at 12:08 PM, Devon H. O'Dell <devon.odell@gmail.com> wrote:
> I don't see any
> compelling argument to turn them off by default for TCP, but there is
> a compelling argument to export them for TCP: namely, binding to a
> port on inaddr_any or inaddr6_any with SO_REUSEADDR set allows another
> application to bind to the same port on a more specific address. Not
> being able to turn off this behavior can create additional local user
> denial of service conditions on ports >1024 (which is a *ton* of
> services these days).
Sounds like we need a new test case, so please add it
especially you described above.
> It'd definitely be useful to get some input on how these things work
> on Windows, but I think there's a pretty good case to export them and
> turn them off by default for UDP on Linux / BSD.
SO_REUSEADDR in Windows
<http://groups.google.com/group/golang-dev/browse_thread/thread/b71aa6f44a1118...>
Also I guess you can poke Paul Lalonde. ;-)
Since SO_REUSEADDR has such wildly different meanings on Windows and on Unix, I think exposing ...
13 years, 11 months ago
(2012-01-09 18:22:33 UTC)
#11
Since SO_REUSEADDR has such wildly different meanings
on Windows and on Unix, I think exposing this in the public
net API is a mistake.
Why are we doing this? What isn't doing the right thing?
Can we make it do the right thing?
Russ
Hi, On Tue, Jan 10, 2012 at 3:22 AM, Russ Cox <rsc@golang.org> wrote: > Since ...
13 years, 11 months ago
(2012-01-12 16:42:26 UTC)
#12
Hi,
On Tue, Jan 10, 2012 at 3:22 AM, Russ Cox <rsc@golang.org> wrote:
> Since SO_REUSEADDR has such wildly different meanings
> on Windows and on Unix, I think exposing this in the public
> net API is a mistake.
Probably you are right but I'd like to hear a bit more Devon's
use case for TCP.
> Why are we doing this? What isn't doing the right thing?
> Can we make it do the right thing?
To make things smoother I've just sent a separate CL to fix
default socket options stuff.
I like your CL better than this one. 2012/1/12 Mikio Hara <mikioh.mikioh@gmail.com>: > Hi, > ...
13 years, 11 months ago
(2012-01-12 17:06:16 UTC)
#13
I like your CL better than this one.
2012/1/12 Mikio Hara <mikioh.mikioh@gmail.com>:
> Hi,
>
> On Tue, Jan 10, 2012 at 3:22 AM, Russ Cox <rsc@golang.org> wrote:
>
>> Since SO_REUSEADDR has such wildly different meanings
>> on Windows and on Unix, I think exposing this in the public
>> net API is a mistake.
>
> Probably you are right but I'd like to hear a bit more Devon's
> use case for TCP.
>
>> Why are we doing this? What isn't doing the right thing?
>> Can we make it do the right thing?
>
> To make things smoother I've just sent a separate CL to fix
> default socket options stuff.
Issue 5520057: code review 5520057: net: Export SetReuseAddr on the underlying netFD for bo...
(Closed)
Created 13 years, 11 months ago by dho
Modified 13 years, 11 months ago
Reviewers: rsc, mikio
Base URL:
Comments: 11
