Bug 465 - outgoing-port-permit requires manual outgoing-port-avoid first
outgoing-port-permit requires manual outgoing-port-avoid first
Status: RESOLVED FIXED
Product: unbound
Classification: Unclassified
Component: server
1.4.17
Other OpenBSD
: P5 enhancement
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-28 18:57 CEST by stu-nlnetlabs
Modified: 2013-04-18 15:31 CEST (History)
1 user (show)

See Also:


Attachments
clear port ranges automatically (1.63 KB, application/octet-stream)
2012-08-28 18:57 CEST, stu-nlnetlabs
Details

Note You need to log in before you can comment on or make changes to this bug.
Description stu-nlnetlabs 2012-08-28 18:57:45 CEST
Created attachment 212 [details]
clear port ranges automatically

While investigating switching Unbound to use the OS port allocator on OpenBSD I noticed that outgoing-port-permit fails unless there's a prior outgoing-port-avoid statement to remove the default ports.

Attached configparser.y diff clears the port range if outgoing-port-permit is the first port-range related configuration option.

It's probably also worth making it clear in the sample config that options are additive (the manpage is already clear).

--- doc/example.conf.in	23 Aug 2012 22:56:27 -0000	1.1.1.3
+++ doc/example.conf.in	28 Aug 2012 16:57:07 -0000
@@ -67,6 +67,8 @@ server:
 	# Use this to make sure unbound does not grab a UDP port that some
 	# other server on this computer needs. The default is to avoid
 	# IANA-assigned port numbers.
+	# If multiple outgoing-port-permit and outgoing-port-avoid options
+	# are present, they are processed in order.
 	# outgoing-port-avoid: "3200-3208"
 
 	# number of outgoing simultaneous tcp buffers to hold per thread.
Comment 1 Wouter Wijngaards 2012-08-29 09:12:10 CEST
Hi Stu,

The documentation patch is good, and applied.

Do you want to avoid having to put
outgoing-port-avoid: 0-65535 in the config file as the first outgoing-port line in unbound.conf?

You seem to want to change the meaning of having a outgoing-port-permit: x as the first statement from 'additionally allow x with the defaults' to 'allow only x but not the defaults' ?

I do not really have an issue with the patch code, but I want to know what you are trying to do.

Best regards,
   Wouter
Comment 2 Wouter Wijngaards 2013-04-18 15:31:57 CEST
Hi,

I think we should keep our defaults the way they are.  The statements build on top of one another, without statements it starts with its builtin default ranges to allow/deny.  (this denies the ports that have been IANA allocated).

Please reopen this if you feel other actions are more appropriate.

Best regards, Wouter