X-Spam-Check-By:	sourceware.org
Date:	Wed, 1 Feb 2006 12:27:11 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: SSH Local Port Forwarding
Message-ID:	<20060201112711.GE15572@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<242f7d730601311525q537172d2l23e572154b475cd9 AT mail DOT gmail DOT com> <20060201091518 DOT GC15572 AT calimero DOT vinschen DOT de>
Mime-Version:	1.0
In-Reply-To:	<20060201091518.GC15572@calimero.vinschen.de>
User-Agent:	Mutt/1.4.2i
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

On Feb  1 10:15, Corinna Vinschen wrote:
> On Jan 31 15:25, Jon Dixon wrote:
> > Hi Corinna,
> > 
> > I have tested the cygwin-inst-20060130.tar.bz2 snapshot. 
> > Unfortunately, this snapshot runs the same way as release 1.5.19-4. 
> 
> No, it doesn't, definitely.  1.5.19-4 has not set the SO_EXCLUSIVEADDRUSE
> option, and I could easily reuse ports for listening before.  I didn't
> just add SO_EXCLUSIVEADDRUSE without testing.  Keep in mind that the
> ssh testcase is sort of flawed by the fact, that ssh uses the SO_REUSEADDR
> option on locally forwarded ports.  There's a combination which already
> disallowed port reuse without implementing SO_EXCLUSIVEADDRUSE.

I was mulling over this for a while and I think I found the problem you
were referring to.  If you try to start

  ssh -L9998:server:1234 server

twice, on the same machine, both ssh's will successfully bind to the
same local address 127.0.0.1/9998.

The reason is that WinSock's behaviour in case of using SO_REUSEADDR is
non-standard.  Per definition it should never be possible to bind to
the same local address/port combination using TCP, even if SO_REUSEADDR
has been used by all processes.  Unfortunately this is not the case with
WinSock which allows exactly that.  And, also unfortunately, there's no
way to set the socket options SO_REUSEADDR and SO_EXCLUSIVEADDRUSE
together on the same socket in the hope that this could heal it.  The
second setsockopt inescapably returns WSAEINVAL.

So, what I did now is to add another patch which tests for exactly this
situation, using the IP Helper library.  If a process tries to bind to a
local TCP address and if it has set SO_REUSEADDR on the socket, then
Cygwin's bind now tests if the local TCP address is currently in use.
If so, it refuses to bind and bind returns EADDRINUSE.

However, there's nothing to prevent this on Windows outside of Cygwin!
If you have a native application which uses SO_REUSEADDR and your
server process has also used SO_REUSEADDR, then you're still doomed.

Anyway, even using IP Helper here isn't quite foolproof.  Since the IP
Helper function is called in a non-atomic way within the bind call,
there's a chance for races.  So this patch might only help in 99% of the
cases.  And if it turns out to be more a problem than a solution, I'll
rip it out again.

Ok, as usual, please test the next developer's snapshot from
http://cygwin.com/snapshots/


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -