net: Fail explicit bind to local reserved ports

Reserved ports may have some special use cases which are not suitable for use by general userspace applications. Currently, ports specified in ip_local_reserved_ports will not be returned only in case of automatic port assignment. Add a boolean sysctl flag 'reserved_port_bind'. Default value is 1 which preserves the existing behavior. Setting the value to 0 will prevent userspace applications from binding to these ports even when they are explicitly requested. BUG=20663075 Change-Id: Ib1071ca5bd437cd3c4f71b56147e4858f3b9ebec Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
author: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> 2015-09-08 16:06:41 -0600
committer: David Keitel <dkeitel@codeaurora.org> 2016-03-22 11:09:45 -0700
commit: d04abc1ab24a0ba0c3803257ac89c7c5b3b9c374 (patch)
tree: 895a6a3af14450b821e40bba9395080cf910ba10 /net/ipv4/inet_connection_sock.c
parent: 63bb8bb2cc1a3ff07ead253d6922813ab7443348 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index a4cfa14c73ee..fd1946ca8aec 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -179,6 +179,13 @@ have_snum:
 		head = &hashinfo->bhash[inet_bhashfn(net, snum,
 				hashinfo->bhash_size)];
 		spin_lock(&head->lock);
+
+		if (inet_is_local_reserved_port(net, snum) &&
+		    !sysctl_reserved_port_bind) {
+			ret = 1;
+			goto fail_unlock;
+		}
+
 		inet_bind_bucket_for_each(tb, &head->chain)
 			if (net_eq(ib_net(tb), net) && tb->port == snum)
 				goto tb_found;
author	Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>	2015-09-08 16:06:41 -0600
committer	David Keitel <dkeitel@codeaurora.org>	2016-03-22 11:09:45 -0700
commit	d04abc1ab24a0ba0c3803257ac89c7c5b3b9c374 (patch)
tree	895a6a3af14450b821e40bba9395080cf910ba10 /net/ipv4/inet_connection_sock.c
parent	63bb8bb2cc1a3ff07ead253d6922813ab7443348 (diff)