Message ID | 20120403095018.rm7gil9xz0gsgccs@webmail.int.intellilink.co.jp |
---|---|
State | Rejected, archived |
Delegated to: | David Miller |
Headers | show |
From: fernando@intellilink.co.jp Date: Tue, 3 Apr 2012 09:50:18 +0900 > There was a time when the ip masquerading code reserved the > 61000-65095 port range, which is the reason why the current default > upper limit in ip_local_port_range is 61000. However, the current > iptables-based masquerading and SNAT implementation does not have > that restriction; ipchains and the compatibilty mode that used the > range over 61000 exclusively is lone gone. I don't think so, anyone out there using "--to-port 61000-65095" or similar in their firewall setup will suddenly break with your change. I'm not applying this patch. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Quoting David Miller <davem@davemloft.net>: > From: fernando@intellilink.co.jp > Date: Tue, 3 Apr 2012 09:50:18 +0900 > >> There was a time when the ip masquerading code reserved the >> 61000-65095 port range, which is the reason why the current default >> upper limit in ip_local_port_range is 61000. However, the current >> iptables-based masquerading and SNAT implementation does not have >> that restriction; ipchains and the compatibilty mode that used the >> range over 61000 exclusively is lone gone. > > I don't think so, anyone out there using "--to-port 61000-65095" > or similar in their firewall setup will suddenly break with > your change. Yes, I considered that. The thing is that certain non-linux hosts already use a superset of the 61000-65095 range and 61000 looks like a magic number to most users. I just thought that anyone using --to-ports would set ip_local_port_range accordingly. Do you want me to document where 61000 comes from instead? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: fernando@intellilink.co.jp Date: Tue, 3 Apr 2012 14:18:27 +0900 > The thing is that certain non-linux hosts already use a superset of > the 61000-65095 range and 61000 looks like a magic number to most > users. Who cares what other systems usage, it's only an issue about local port allocations and locally performed masquerading. > Do you want me to document where 61000 comes from instead? I think the current documentation on this is adequate. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff -urNp linux-3.4-rc1-orig/Documentation/networking/ip-sysctl.txt linux-3.4-rc1/Documentation/networking/ip-sysctl.txt --- linux-3.4-rc1-orig/Documentation/networking/ip-sysctl.txt 2012-04-03 08:51:37.325983165 +0900 +++ linux-3.4-rc1/Documentation/networking/ip-sysctl.txt 2012-04-03 08:53:52.282652377 +0900 @@ -605,7 +605,7 @@ ip_local_port_range - 2 INTEGERS Defines the local port range that is used by TCP and UDP to choose the local port. The first number is the first, the second the last local port number. The default values are - 32768 and 61000 respectively. + 32768 and 65535 respectively. These two numbers determine the number of active connections which this system can issue simultaneously to systems not diff -urNp linux-3.4-rc1-orig/net/ipv4/inet_connection_sock.c linux-3.4-rc1/net/ipv4/inet_connection_sock.c --- linux-3.4-rc1-orig/net/ipv4/inet_connection_sock.c 2012-03-19 08:15:34.000000000 +0900 +++ linux-3.4-rc1/net/ipv4/inet_connection_sock.c 2012-04-03 08:52:15.350171717 +0900 @@ -34,7 +34,7 @@ EXPORT_SYMBOL(inet_csk_timer_bug_msg); */ struct local_ports sysctl_local_ports __read_mostly = { .lock = __SEQLOCK_UNLOCKED(sysctl_local_ports.lock), - .range = { 32768, 61000 }, + .range = { 32768, 65535 }, }; unsigned long *sysctl_local_reserved_ports;