Subject: udp with dst port 0
To: None <>
From: Jun-ichiro itojun Hagino <>
List: tech-net
Date: 01/08/2000 03:33:17
	4.4BSD udp behavior disagrees with what spec says about port# of 0,
	and the fact can be used for certain kind of attacks (though it should
	be very rare).

	- inbound: udp spec seem to disallow dst port == 0.  however, 4.4BSD
	  udp stack does not check such case.
	  any udp socket will mistakingly accept such packet, between the
	  creation time (socket(2)) and lport bind time (bind(2) or connect(2)).
	  this is critical as attacker may be able to confuse udp-based
	  protocol exchnage.
	- outbound: udp spec allows src port == 0.  src port == 0 means that
	  "there's no particular source port".  however, we can never generate
	  such packet using udp socket. (non-critical)

	this is basically because 4.4BSD udp/tcp code overloads "port == 0"
	to mean "port is not assigned yet".  fundamental fix would be to have
	separate flag bit to disambiguate "not assigned" situation from
	"port is really 0" situation.

	Could I commit the fix presented in PR 9137, to fix the former problem