diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2024-08-29 19:58:46 +1000 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2024-08-29 22:26:05 +0200 |
commit | 4a41dc58d67e910c3a1f505a6a20988c4555e735 (patch) | |
tree | 39a3a400e0fdc3271eaa2ffbe543fd149de02191 | |
parent | 1daf6f4615226a2cdd9523a80d70736af4a9f3c0 (diff) | |
download | passt-4a41dc58d67e910c3a1f505a6a20988c4555e735.tar passt-4a41dc58d67e910c3a1f505a6a20988c4555e735.tar.gz passt-4a41dc58d67e910c3a1f505a6a20988c4555e735.tar.bz2 passt-4a41dc58d67e910c3a1f505a6a20988c4555e735.tar.lz passt-4a41dc58d67e910c3a1f505a6a20988c4555e735.tar.xz passt-4a41dc58d67e910c3a1f505a6a20988c4555e735.tar.zst passt-4a41dc58d67e910c3a1f505a6a20988c4555e735.zip |
conf, fwd: Don't attempt to forward port 0
When using -t all, -u all or exclude-only ranges, we'll attempt to forward
all non-ephemeral port numbers, including port 0. However, this won't work
as intended: bind() treats a zero port not as literal port 0, but as
"pick a port for me". Because of the special meaning of port 0, we mostly
outright exclude it in our handling.
Do the same for setting up forwards, not attempting to forward for port 0.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r-- | conf.c | 10 |
1 files changed, 8 insertions, 2 deletions
@@ -157,7 +157,10 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, fwd->mode = FWD_ALL; - for (i = 0; i < NUM_PORTS; i++) { + /* Skip port 0. It has special meaning for many socket APIs, so + * trying to bind it is not really safe. + */ + for (i = 1; i < NUM_PORTS; i++) { if (fwd_port_is_ephemeral(i)) continue; @@ -262,7 +265,10 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, } while ((p = next_chunk(p, ','))); if (exclude_only) { - for (i = 0; i < NUM_PORTS; i++) { + /* Skip port 0. It has special meaning for many socket APIs, so + * trying to bind it is not really safe. + */ + for (i = 1; i < NUM_PORTS; i++) { if (fwd_port_is_ephemeral(i) || bitmap_isset(exclude, i)) continue; |