PDA

View Full Version : Ephemeral Source Ports



Graeme
February 11th, 2013, 03:11 AM
Amanda seems to have a considerable amount of code dedicated to selecting a source port for TCP tansmission.
For the insallations at the company I work for, this always equates to port 571.

I have been searching for the reason that the method for choosing the port was chosen, but I have come up empty handed.
Is anyone able to assist?

The reason I ask is due to security and interoperability issues we have experienced in our environment.
Some of these iisues are highlighted in RFC 6056.

This can be easily eliminated by removing the source port logic and allowing the operating system to decide.
Thies greatly simplifies the code and removes the risks of choosing predictable ports.

martineau
February 11th, 2013, 03:59 AM
The amanda server use a port in the 'reserved-tcp-port' range to connect to the client, this is done to facilitate the firewall configuration y opening only a few port.
It scan the port sequentially and use the first available.

I will accept a patch that do it randomly instead of sequentially.

Graeme
February 28th, 2013, 05:34 AM
Sorry for the late reply. I was on holiday. I believe random ports within the configured range is a good compromise.
I am happy to do the code and tests for this if required.

I have not done any developement for Amanda before. Where should I begin (coding standards doco, code review process, etc)?