Bug 465

Summary: outgoing-port-permit requires manual outgoing-port-avoid first
Product: unbound Reporter: stu-nlnetlabs
Component: serverAssignee: unbound team <unbound-team>
Status: RESOLVED FIXED    
Severity: enhancement CC: wouter
Priority: P5    
Version: 1.4.17   
Hardware: Other   
OS: OpenBSD   
Attachments: clear port ranges automatically

Description stu-nlnetlabs 2012-08-28 18:57:45 CEST
Created attachment 212 [details]
clear port ranges automatically

While investigating switching Unbound to use the OS port allocator on OpenBSD I noticed that outgoing-port-permit fails unless there's a prior outgoing-port-avoid statement to remove the default ports.

Attached configparser.y diff clears the port range if outgoing-port-permit is the first port-range related configuration option.

It's probably also worth making it clear in the sample config that options are additive (the manpage is already clear).

--- doc/example.conf.in	23 Aug 2012 22:56:27 -0000	1.1.1.3
+++ doc/example.conf.in	28 Aug 2012 16:57:07 -0000
@@ -67,6 +67,8 @@ server:
 	# Use this to make sure unbound does not grab a UDP port that some
 	# other server on this computer needs. The default is to avoid
 	# IANA-assigned port numbers.
+	# If multiple outgoing-port-permit and outgoing-port-avoid options
+	# are present, they are processed in order.
 	# outgoing-port-avoid: "3200-3208"
 
 	# number of outgoing simultaneous tcp buffers to hold per thread.
Comment 1 Wouter Wijngaards 2012-08-29 09:12:10 CEST
Hi Stu,

The documentation patch is good, and applied.

Do you want to avoid having to put
outgoing-port-avoid: 0-65535 in the config file as the first outgoing-port line in unbound.conf?

You seem to want to change the meaning of having a outgoing-port-permit: x as the first statement from 'additionally allow x with the defaults' to 'allow only x but not the defaults' ?

I do not really have an issue with the patch code, but I want to know what you are trying to do.

Best regards,
   Wouter
Comment 2 Wouter Wijngaards 2013-04-18 15:31:57 CEST
Hi,

I think we should keep our defaults the way they are.  The statements build on top of one another, without statements it starts with its builtin default ranges to allow/deny.  (this denies the ports that have been IANA allocated).

Please reopen this if you feel other actions are more appropriate.

Best regards, Wouter