[Gllug] How does ypbind decide which ports to use?
Ian Northeast
ian at house-from-hell.demon.co.uk
Sun May 30 15:54:55 UTC 2004
John Winters wrote:
> I've just hit a problem with ypbind on one of my boxes. It's been
> running fine for some time (Debian Testing) but after the latest
> software upgrade it's decided it just has to use port 631 (along with
> several others) for one of its listens. Trouble is, this then stops
> CUPS from starting up because it expects to use 631 too.
>
> I remember this happening on a box once before. My fix then was simply
> to disable ypbind, but I'm now using NIS for logon so I can't.
>
> Anyone know how ypbind decides which ports to use, and how to tell it to
> lay off some?
By default it calls svc[tcp|upd]_create with RPC_ANYSOCK which tells RPC
to use "an arbitrary port". This uses bindresvport() which does:
#define STARTPORT 600
#define ENDPORT (IPPORT_RESERVED - 1)
#define NPORTS (ENDPORT - STARTPORT + 1)
if (port == 0)
{
port = (__getpid () % NPORTS) + STARTPORT;
}
res = -1;
__set_errno (EADDRINUSE);
for (i = 0; i < NPORTS && res < 0 && errno == EADDRINUSE; ++i)
{
sin->sin_port = htons (port++);
if (port > ENDPORT)
{
port = STARTPORT;
}
res = bind (sd, sin, sizeof (struct sockaddr_in));
}
This is from Woody with glibc 2.2.5-11.2; the starting port number may
have been changed. What PIDs do your ypbind processes have?
The above shows that there is no way to persuade RPC to avoid certain
ports unless they are already in use. You could start an unnecessary
process or two before ypbind to get the PID up but that would be most
kludgy and unreliable.
But ypbind has a "-p" option to force it to use a specific port number.
Of course this won't prevent RPC from giving 631 to something else, but
on my system ypbind is the only RPC program using a dynamically assigned
low port number.
I don't use CUPS myself. Does it have any dependency on ypbind being
started before it can start? If not, the easiest solution might be to
start it first.
I don't think this logic is in the original Sun RPC, as Solaris uses
high port numbers for ypbind, and doesn't have a "-p" option. Using a
low port is no doubt a security enhancement (not that NIS and security
have a lot in common really:)
Some concept of a "low ephemeral range" might be useful.
Regards, Ian
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list