Home > Archive > Unix Programming > September 2006 > Passive open and active open
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Passive open and active open
|
|
| Shrikrishna Khare 2006-09-10, 7:01 pm |
| Hello All,
Can we do passive open on a port that has already (successfully)
done active open? Let me elaborate on my problem by giving concrete
example:
Consider a server waiting on well defined port 7797. When a client
connects to it, we can observe following configuration using netstat:
mann320-19-172% netstat -a | grep 7797
tcp 0 0 *:7797 *:*
LISTEN
tcp 1 0 localhost.localdomain:7797
localhost.localdomain:33958 ESTABLISHED
tcp 0 0 localhost.localdomain:33958
localhost.localdomain:7797 ESTABLISHED
7797 continues to listen while it can still talk with ephemeral client
port 33958. This is possible as TCP connection is defined by the 4
tuple of endpoint IP addresses as well as ports.
Once the connection is established, I require to listen on port "33958"
and accept connection on it.
I can use another port, however, I believe that logically it should be
possible to do it. I tried the program but when I try to bind 33958, I
get bind error.
[ Please note that I did active open on 33958, so, I am quoting the
number of my sample run, it varies every run ].
Could anyone please suggest as to how I can go about solving this?
Thanks in advance,
Shri
| |
| Barry Margolin 2006-09-10, 7:01 pm |
| In article <1157904663.801666.97880@h48g2000cwc.googlegroups.com>,
"Shrikrishna Khare" <shri.khare@gmail.com> wrote:
> Hello All,
>
> Can we do passive open on a port that has already (successfully)
> done active open? Let me elaborate on my problem by giving concrete
> example:
>
> Consider a server waiting on well defined port 7797. When a client
> connects to it, we can observe following configuration using netstat:
>
> mann320-19-172% netstat -a | grep 7797
> tcp 0 0 *:7797 *:*
> LISTEN
> tcp 1 0 localhost.localdomain:7797
> localhost.localdomain:33958 ESTABLISHED
> tcp 0 0 localhost.localdomain:33958
> localhost.localdomain:7797 ESTABLISHED
>
> 7797 continues to listen while it can still talk with ephemeral client
> port 33958. This is possible as TCP connection is defined by the 4
> tuple of endpoint IP addresses as well as ports.
>
> Once the connection is established, I require to listen on port "33958"
> and accept connection on it.
Where did this requirement come from?
>
> I can use another port, however, I believe that logically it should be
> possible to do it. I tried the program but when I try to bind 33958, I
> get bind error.
Have you tried setting the SO_REUSEADDR socket option on the new socket
before calling bind()?
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
| |
| Alan Curry 2006-09-11, 4:01 am |
| In article <barmar-DE4D2C.20045810092006@comcast.dca.giganews.com>,
Barry Margolin <barmar@alum.mit.edu> wrote:
>In article <1157904663.801666.97880@h48g2000cwc.googlegroups.com>,
> "Shrikrishna Khare" <shri.khare@gmail.com> wrote:
>
>
>Where did this requirement come from?
>
One place it might come from is FTP. If neither PORT nor PASV is given before
a transfer command, the FTP server will connect to the client on the default
port, which is the same port that is being used on the client's end of the
control connection. To accept that connection, the client must be able to
listen on the (usually ephemeral) port that it has already made an outgoing
connection with.
RFC959 says that all implementations "must" support the default port.
The classic BSD ftp client supports it with the sendport command:
ftp> sendport
Use of PORT cmds off.
>Have you tried setting the SO_REUSEADDR socket option on the new socket
>before calling bind()?
That's what ftp does in the "Use of PORT cmds off" mode. It should work, but
if you try with the Linux netkit-ftp you'll find a portability problem. Even
with SO_REUSEADDR, Linux won't let the bind succeed, as seen in this strace
fragment:
setsockopt(6, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
bind(6, {sa_family=AF_INET, sin_port=htons(57430), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EADDRINUSE (Address already in use)
--
The attacker\x92s overall goal would very probably be to convince other users
to run an unsafe program, by using the digital signature to convince them
that it is actually bona fide Microsoft software and therefore safe to run.
-- security bulletin MS01-017 ushers in a new definition of "safe"
|
|
|
|
|