From 4a41dc58d67e910c3a1f505a6a20988c4555e735 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Thu, 29 Aug 2024 19:58:46 +1000 Subject: conf, fwd: Don't attempt to forward port 0 When using -t all, -u all or exclude-only ranges, we'll attempt to forward all non-ephemeral port numbers, including port 0. However, this won't work as intended: bind() treats a zero port not as literal port 0, but as "pick a port for me". Because of the special meaning of port 0, we mostly outright exclude it in our handling. Do the same for setting up forwards, not attempting to forward for port 0. Signed-off-by: David Gibson Reviewed-by: Laurent Vivier Signed-off-by: Stefano Brivio --- conf.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/conf.c b/conf.c index 6b3dafd..3eb117f 100644 --- a/conf.c +++ b/conf.c @@ -157,7 +157,10 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, fwd->mode = FWD_ALL; - for (i = 0; i < NUM_PORTS; i++) { + /* Skip port 0. It has special meaning for many socket APIs, so + * trying to bind it is not really safe. + */ + for (i = 1; i < NUM_PORTS; i++) { if (fwd_port_is_ephemeral(i)) continue; @@ -262,7 +265,10 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, } while ((p = next_chunk(p, ','))); if (exclude_only) { - for (i = 0; i < NUM_PORTS; i++) { + /* Skip port 0. It has special meaning for many socket APIs, so + * trying to bind it is not really safe. + */ + for (i = 1; i < NUM_PORTS; i++) { if (fwd_port_is_ephemeral(i) || bitmap_isset(exclude, i)) continue; -- cgit v1.2.3