[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: netstat inet.c inetprint()



Theo de Raadt <deraadt_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org> wrote:
> Damn rights.  That is because someone (IANA or the protocol auther)
> was stupid enough to go and allocate their port within the reserved
> dynamic allocation range.

> This is their fault.  The kernel has support to block some out
> using the following:

Agreed! It's their fault, but I believe that having netstat look for
a matching rpc service before relying on a static service table is
an advantage. This way the netstat user is also able to syntactically
distinguish between names obtained through getrpcportnam() vs.
getservbyport().

Are there other reasons - reserved for sticking to an established
output format - not to modify netstat's behavior?

> % sysctl -a | grep baddynamic
> net.inet.tcp.baddynamic = 587,749,750,751,760,761,871
> net.inet.udp.baddynamic = 587,749

Thanks for the pointer!

gruss... / regards...
fabian
-- 
  "They that can give up liberty to obtain a little temporary safety
   deserve neither liberty nor safety"  --  Benjamin Franklin