This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: SSH Local Port Forwarding


On Feb  1 10:15, Corinna Vinschen wrote:
> On Jan 31 15:25, Jon Dixon wrote:
> > Hi Corinna,
> > 
> > I have tested the cygwin-inst-20060130.tar.bz2 snapshot. 
> > Unfortunately, this snapshot runs the same way as release 1.5.19-4. 
> 
> No, it doesn't, definitely.  1.5.19-4 has not set the SO_EXCLUSIVEADDRUSE
> option, and I could easily reuse ports for listening before.  I didn't
> just add SO_EXCLUSIVEADDRUSE without testing.  Keep in mind that the
> ssh testcase is sort of flawed by the fact, that ssh uses the SO_REUSEADDR
> option on locally forwarded ports.  There's a combination which already
> disallowed port reuse without implementing SO_EXCLUSIVEADDRUSE.

I was mulling over this for a while and I think I found the problem you
were referring to.  If you try to start

  ssh -L9998:server:1234 server

twice, on the same machine, both ssh's will successfully bind to the
same local address 127.0.0.1/9998.

The reason is that WinSock's behaviour in case of using SO_REUSEADDR is
non-standard.  Per definition it should never be possible to bind to
the same local address/port combination using TCP, even if SO_REUSEADDR
has been used by all processes.  Unfortunately this is not the case with
WinSock which allows exactly that.  And, also unfortunately, there's no
way to set the socket options SO_REUSEADDR and SO_EXCLUSIVEADDRUSE
together on the same socket in the hope that this could heal it.  The
second setsockopt inescapably returns WSAEINVAL.

So, what I did now is to add another patch which tests for exactly this
situation, using the IP Helper library.  If a process tries to bind to a
local TCP address and if it has set SO_REUSEADDR on the socket, then
Cygwin's bind now tests if the local TCP address is currently in use.
If so, it refuses to bind and bind returns EADDRINUSE.

However, there's nothing to prevent this on Windows outside of Cygwin!
If you have a native application which uses SO_REUSEADDR and your
server process has also used SO_REUSEADDR, then you're still doomed.

Anyway, even using IP Helper here isn't quite foolproof.  Since the IP
Helper function is called in a non-atomic way within the bind call,
there's a chance for races.  So this patch might only help in 99% of the
cases.  And if it turns out to be more a problem than a solution, I'll
rip it out again.

Ok, as usual, please test the next developer's snapshot from
http://cygwin.com/snapshots/


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]