[Gllug] How does ypbind decide which ports to use?

Ian Northeast ian at house-from-hell.demon.co.uk
Sun May 30 15:54:55 UTC 2004


John Winters wrote:
> I've just hit a problem with ypbind on one of my boxes.  It's been
> running fine for some time (Debian Testing) but after the latest
> software upgrade it's decided it just has to use port 631 (along with
> several others) for one of its listens.  Trouble is, this then stops
> CUPS from starting up because it expects to use 631 too.
> 
> I remember this happening on a box once before.  My fix then was simply
> to disable ypbind, but I'm now using NIS for logon so I can't.
> 
> Anyone know how ypbind decides which ports to use, and how to tell it to
> lay off some?

By default it calls svc[tcp|upd]_create with RPC_ANYSOCK which tells RPC 
to use "an arbitrary port". This uses bindresvport() which does:

#define STARTPORT 600
#define ENDPORT (IPPORT_RESERVED - 1)
#define NPORTS  (ENDPORT - STARTPORT + 1)

if (port == 0)
     {
       port = (__getpid () % NPORTS) + STARTPORT;
     }
   res = -1;
   __set_errno (EADDRINUSE);

   for (i = 0; i < NPORTS && res < 0 && errno == EADDRINUSE; ++i)
     {
       sin->sin_port = htons (port++);
       if (port > ENDPORT)
         {
           port = STARTPORT;
         }
       res = bind (sd, sin, sizeof (struct sockaddr_in));
     }



This is from Woody with glibc 2.2.5-11.2; the starting port number may 
have been changed. What PIDs do your ypbind processes have?

The above shows that there is no way to persuade RPC to avoid certain 
ports unless they are already in use. You could start an unnecessary 
process or two before ypbind to get the PID up but that would be most 
kludgy and unreliable.

But ypbind has a "-p" option to force it to use a specific port number. 
Of course this won't prevent RPC from giving 631 to something else, but 
on my system ypbind is the only RPC program using a dynamically assigned 
low port number.

I don't use CUPS myself. Does it have any dependency on ypbind being 
started before it can start? If not, the easiest solution might be to 
start it first.


I don't think this logic is in the original Sun RPC, as Solaris uses 
high port numbers for ypbind, and doesn't have a "-p" option. Using a 
low port is no doubt a security enhancement (not that NIS and security 
have a lot in common really:)


Some concept of a "low ephemeral range" might be useful.

Regards, Ian

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list