Re: [RFC Patch] net: reserve ports for applications using fixed portnumbers

[Cong Wang]

Octavian Purdila wrote:
> On Friday 05 February 2010 02:41:12 you wrote:
> > David Miller wrote:
> > > > Octavian Purdila wrote:
> > > > > int inet_is_reserved_local_port(int port)
> > > > > {
> > > > > 	if (test_bit(port, reserved_ports))
> > > > > 		return 1;
> > > > > 	return 0;
> > > > > }
> > > > Above check is exactly what I'm doing in the LSM hook.
> > > But his version can be done inline in 2 or 3 instructions.
> > >
> > > An LSM hook will result in an indirect function call,
> > > all live registers spilled to the stack, then all of
> > > those reloaded when the function returns.
> > >
> > > It will be much more expensive.
> > If you can accept his version, I want to use his version (with an interface
> >  for updating above "reserved_ports" by not only root user's sysctl() but
> >  also MAC's policy configuration).
>
> I think that simply using an interface to update the reserved_ports from MAC 
> policy configuration module wouldn't work, as root will be able to modify the 
> policy via sysctl.
>
> I think that we might need to:
>
> a) have a reserved_port updater
>
> b) put a LSM hook into that
>
> c) use the reserved_port updater from sysctl

Ideally, you'd provide an interface for port allocator to use, so
doing port reservation will be easier.

Thanks.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/