Choose client ports in a well-known range#134
Conversation
Instead of letting the kernel assign us a port number, request a specific port number and increment until one is available. This makes writing firewall rules easier, when a known number of clients will be in use.
|
I'm undecided if this should be a configure option (or at least the starting port number) vs. always-on. |
| return errno; | ||
| } else { | ||
| bindin.sin_port = 0; | ||
| bindin.sin_port = htons(60000); |
There was a problem hiding this comment.
Note that Mosh uses almost the same port range, picking the first available port in 60001–60999.
There was a problem hiding this comment.
Mosh's range was prominent in shaping my initial choice here (though I find it amusing that I was off by one for the start port!). Probably I was thinking that a single hole in the firewall would cover both, but some amount of discussion is appropriate before a choice is made.
There was a problem hiding this comment.
I’m a little worried it might break Mosh for users who only open one firewall port for it instead of a range. Only a little, since those users are probably smart enough to figure out what happened. Maybe that risk can be avoided by starting at 60500 or something.
There was a problem hiding this comment.
We had a bit of discussion about this involving Keith from the mosh side and a few other folks. The conclusion (if there could be said to be one) was:
To the extent it matters, though, I guess it's probably better for
every random UDP app that needs a range of port numbers (instead of a
single port that can be multiplexed because each peer will use a
different IP address or port) to 'standardize' on 60000-61000 than for
us all to go separately. So, go for it if you want.
2 participants
Instead of letting the kernel assign us a port number, request
a specific port number and increment until one is available.
This makes writing firewall rules easier, when a known number
of clients will be in use.