From: Subash Abhinov Kasiviswanathan <subas...@codeaurora.org> Date: Wed, 28 Aug 2019 21:26:54 -0600
> Reserved ports may have some special use cases which are not suitable > for use by general userspace applications. Currently, ports specified > in ip_local_reserved_ports will not be returned only in case of > automatic port assignment. > > In some cases, it maybe required to prevent the host from assigning > the ports even in case of explicit binds. Consider the case of a > transparent proxy where packets are being redirected. In case a socket > matches this connection, packets from this application would be > incorrectly sent to one of the endpoints. > > Add a boolean sysctl flag 'reserved_port_bind'. Default value is 1 > which preserves the existing behavior. Setting the value to 0 will > prevent userspace applications from binding to these ports even when > they are explicitly requested. > > Cc: Sean Tranchetti <stran...@codeaurora.org> > Signed-off-by: Subash Abhinov Kasiviswanathan <subas...@codeaurora.org> I don't know how happy I am about this. Whatever sets up the transparent proxy business can block any attempt to communicate over these ports. Also, protocols like SCTP need the new handling too.
