[avahi] Re: [avahi-commits] r646 - in /trunk: avahi-core/core.h avahi-core/server.c avahi-core/socket.c avahi-core/socket.h avahi-daemon/avahi-daemon.conf avahi-daemon/main.c docs/TODO

Lennart Poettering lennart at poettering.de
Thu Sep 29 09:59:00 PDT 2005 

On Wed, 28.09.05 18:00, Marc Krochmal (marc at apple.com) wrote:

> Hey Lennart,

Hey!

> 
> I can't say that this check-in makes me happy.  :-(

Nice to know that someone from Apple takes so much interest in Avahi
that he takes notice of every commit. ;-)

> You should always be setting SO_REUSEADDR.  In fact, this is a MUST  
> in the spec.
> 
>    Continuing the previous point, since using an unprivileged port
>    allows normal user-level code to bind, a given machine may have more
>    than one such user-level application running at a time. Because of
>    this, any code binding to UDP port 5353 MUST use the SO_REUSEPORT
>    option, so as to be a good citizen and not block other clients on the
>    machine from also binding to that port.

I wonder if it is a good idea to put such a requirement in an RFC (or
spec). This is clearly an implementation issue and not a specification
issue. Whether REUSEADDR/REUSEPORT is set or not, doesn't change the
protocol behaviour at all, so I guess a SHOULD is what should be put
here, if at all.

Linux doesn't implement REUSEPORT, and I guess some embedded TCP/IP
stacks don't implement either REUSEPORT or REUSEADDR, so I think it is
very odd to require this feature in the spec. In addition the exact
behaviour of REUSEADDR/REUSEPORT is not well the defined. (we already
had a discussion about that)

In short: please change this MUST to a SHOULD and please refer to
REUSEADDR in addition to REUSEPORT.

> I even responded to someone on the Bonjour list who was asking  
> questions about the comments on the Avahi web site, where it says you  
> must not run multiple responders on the same machine.  I told him  
> that running Avahi, Howl, and Bonjour on the same machine will work  
> fine in reality, which is true.

Hrm. You know that I don't think that mDNS is reliable when multiple
stacks run on the same host. I hope I already made my reasoning for
that clear.

The reason why I added this disallow-other-stacks option was primarily
security. Some guy came up on IRC and needed a way to make sure that
all mDNS traffic sent out from or recieved by the local machine was
done through Avahi and *only* through Avahi. Blocking port 5353 for
other apps by not setting REUSEADDR is an efficient way to do this.

> Could you at least set SO_REUSEADDR by default?

Ok, I did so in r652.

BTW, could you please reply to commits directly to the main mailing
list instead of just me? 

I modified the configuration of avahi-commits now in away that it sets
a Reply-To: header pointing to the main mailing list. If you don't
object I will forward all older mails to the main mailing list now?

Lennart

-- 
Lennart Poettering; lennart [at] poettering [dot] de
ICQ# 11060553; GPG 0x1A015CC4; http://0pointer.de/lennart/

More information about the avahi mailing list