SO_EXCLBIND, socket exclusive binding This case requests a Patch/Micro release binding and Stability level is Committed. The Consolidation Private socket options [TCP|UDP]_EXCLBIND were introduced in PSARC 1999/609, "Exclusive Binding Socket Option for TCP and UDP." At that time, there was an urgent need to fix a security issue, port stealing, in RPC. The options were introduced so that the RPC code could use it to bind a port exclusively, hence no port stealing could happen. But it was not clear whether this solution had some unwanted side effects. So the options were marked as Consolidation Private. After so many years of experience, it seems that the options are a reasonable solution to the port stealing issue without adverse side effect. And there have been customers asking how they can solve the port stealing issue. This case introduces a new SOL_SOCKET level socket option, SO_EXCLBIND. The semantics of this socket option is dependent on the type of socket it is applied on. When enabled on a TCP and a UDP socket, this option is equivalent to TCP_EXCLBIND and UDP_EXCLBIND respectively. This case does not remove the [TCP|UDP]_EXCLBIND options so that existiing apps do not need to be changed. This case also does not define the semantics of this socket option when applied to other kinds of socket. The man pages of [set|get]sockopt(3SOCKET), tcp(7P) and udp(7P) will be modified as follows. Diff on [set|get]sockopt(3SOCKET) + SO_EXCLBIND enable/disable exlusive binding of the + socket + + + SO_TYPE get the type of the socket (get only) *************** *** 230,235 **** --- 235,247 ---- tamp in the native data format, corresponding to when the datagram was received. + The option SO_EXCLBIND option is used to enable/disable the + exclusive binding of a socket. It overrides the use of + SO_REUSEADDR option to reuse an address on bind(3SOCKET). + The actual semantics of this option depends on the underlying + protocol. Refer to the protocol man page for the protocol + specific meaning. + Finally, SO_TYPE and SO_ERROR are options used only with getsockopt(). SO_TYPE returns the type of the socket, for example, SOCK_STREAM. It is useful for servers that inherit *************** *** 355,362 **** SEE ALSO ndd(1M), close(2), ioctl(2), read(2), bind(3SOCKET), getprotobyname(3SOCKET), recv(3SOCKET), recvmsg(3XNET), ! send(3SOCKET), socket(3SOCKET), socket.h(3HEAD), attri- ! butes(5) Solaris Tunable Parameters Reference Manual --- 367,374 ---- SEE ALSO ndd(1M), close(2), ioctl(2), read(2), bind(3SOCKET), getprotobyname(3SOCKET), recv(3SOCKET), recvmsg(3XNET), ! send(3SOCKET), socket(3SOCKET), socket.h(3HEAD), udp(7P), ! tcp(7P), attributes(5) Solaris Tunable Parameters Reference Manual Diff on tcp(7P) at connection time to the address of the network interface used to service the connection. + A note about binding a TCP socket. No two TCP sockets can + be bound to the same port unless the bound IP addresses are + different. IPv4 INADDR_ANY and IPv6 unspecified addresses + compare as equal to any IPv4 or IPv6 address. For example, if a + socket is bound to INADDR_ANY or unspecified address and port X, + no other socket can bind to port X, regardless of the binding + address. This special consideration of INADDR_ANY and unspecified + address can be changed using the socket option SO_REUSEADDR. + If this option is set on a socket doing a bind, IPv4 INADDR_ANY + and IPv6 unspecified address do not compare as equal to any IP + address. This means that as long as the two sockets are not + both bound to INADDR_ANY/unspecified address or the same + IP address, the two sockets can be bound to the same port. + + If an application does not want to allow another socket + using the SO_REUSEADDR option to bind to a port its socket + is bound to, the application can set the socket level option + SO_EXCLBIND on a socket. The option values of 0 and 1 mean + enabling and disabling the option respectively. Once this + option is enabled on a socket, no other socket can be bound + to the same port. + Once a connection has been established, data can be exchanged using the read(2) and write(2) system calls. Diff on udp(7P) work interface dependent. Broadcasts may only be sent by the privileged user. + A note about binding a UDP socket. No two UDP sockets can + be bound to the same port unless the bound IP addresses are + different. IPv4 INADDR_ANY and IPv6 unspecified addresses + compare as equal to any IPv4 or IPv6 address. For example, if a + socket is bound to INADDR_ANY or unspecified address and port X, + no other socket can bind to port X, regardless of the binding + address. This special consideration of INADDR_ANY and unspecified + address can be changed using the socket option SO_REUSEADDR. + If this option is set on a socket doing a bind, IPv4 INADDR_ANY + and IPv6 unspecified address do not compare as equal to any IP + address. This means that as long as the two sockets are not + both bound to INADDR_ANY/unspecified address or the same + IP address, the two sockets can be bound to the same port. + + If an application does not want to allow another socket + using the SO_REUSEADDR option to bind to a port its socket + is bound to, the application can set the socket level option + SO_EXCLBIND on a socket. The option values of 0 and 1 mean + enabling and disabling the option respectively. Once this + option is enabled on a socket, no other socket can be bound + to the same port. + IPv6 does not support broadcast addresses; their function is supported by IPv6 multicast addresses.