Subject: Re: Reserved port range patches
To: Matthias Scheler <tron@zhadum.de>
From: Greg A. Woods <woods@weird.com>
List: tech-net
Date: 08/24/2000 17:14:19 
[ On , August 24, 2000 at 18:56:58 (GMT), Matthias Scheler wrote: ]
> Subject: Re: Reserved port range patches
>
> In article <20000824185332.824CC99@proven.weird.com>,
> 	woods@weird.com (Greg A. Woods) writes:
> > It would: a) be nice if they were named the same as in FreeBSD; ...
> 
> FreeBSD naming scheme is not consistent with the existing variables
> "net.inet.ip.anonportmin" and "net.inet.ip.anonportmax".

Yeah, I know.  But FreeBSD's names are: a) prior art; and b) more
meaningful for their extended features.

However if FreeBSD's names are not chosen then I'd prefer a name that
relates to their semi-official IANA name:  "Well Known Ports".  Hmmm,
but there's no common name for a range of anonymous ports within that
group....   Your subsequent choice of "net.inet.ip.lowportmin" and
"net.inet.ip.lowportmax" is probably OK in that case (or maybe
anon_low_port_{min,max} with similar consistent renames in the existing
two related names).

> > b) be nice if they were accompanied by the other pair from FreeBSD;
> 
> We already have variables to that the anonymous ports.

No, the *other* pair.  There are three pairs of related variables in
FreeBSD.  I described them in my response to the recent PR on this
subject, and mention them below too:

> > ... and c) be even nicer if they behaved the same way as they do in FreeBSD
> > (i.e. that the range can be specified in high-to-low order to do the
> > allocation from top down).....
> 
> What advantage would this have? The purpose is to reserve ports for
> incoming connections to certain services.

Actually, I don't know, at least not for lowfirst and lowlast.  I was
simply assuming there must have been a reason for the FreeBSD people to
implement it that way.

For the hifirst,hilast and first,last pairs it does make sense to allow
for top-down allocation.  For example I would set their defaults to:

	net.inet.ip.portrange.first: 65535
	net.inet.ip.portrange.last: 49152
	net.inet.ip.portrange.hifirst: 49152
	net.inet.ip.portrange.hilast: 65535

so that they grow togther....

I suppose top-down allocation lowfirst and lowlast could be useful for
the very same reason if IPNOPRIVPORTS is enabled -- in that case you'd
probably want to use the same official range of Dynamic Ports.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>