自RHEL 7.3起,系统为优化连接调用和绑定调用的效率,引入了源端口分配策略:偶数端口优先分配给connect()调用,而奇数端口则保留给bind()调用,以减少忙碌系统中寻找可用端口的时间。
https://access.redhat.com/solutions/3307511
Why only even number source ports are assigned as ephemeral TCP source port?
SOLUTION 已验证 - 已更新 2018年二月15日17:39 -
环境
- Red Hat Enterprise Linux 7.3 and above
问题
- RHEL host is not assigning random source ports for the new connection.
- Source port randomization doesn't work.
- RHEL 7.3 system is assigning even source ports for the connect call.
决议
-
As a part of enhancement, this is an accepted behaviour from
RHEL7.3andabovesystems as a result of commit happened inRHEL7.3. -
This commit segregates the allocation of ports from available local port range for
connect()andbind()call and will try to favoureven portstoconnect()call leavingodd portsforbind()calls.
- bind() call associates the socket with its local address, whereas
- connect() is used to connect to a remote [server] address (source port/system for a new connection)
根源
-
Before
RHEL7.3there was no segregation of ports betweenbind()andconnect()call, where in order to create new connection system used to scan through all available port range/proc/sys/net/ipv4/ip_local_port_rangeto find a random port and this whole process consumes a considerable amount of time on a busy system. -
On a busy host, when the system makes a
connect()call, in order to save a significant amount of time to scan for the available source port , the port range has been by-fragmented in 2 parts : -
Even port range will favour the connect() call or will provide the priority to
connect()call. - Odd port range will favour the bind() call or will provide the priority to
bind()call.
扫一扫
1381
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
