Bug 6997 - admin isn't informed that thinlinc reconfigures the system's TCP stack
Summary: admin isn't informed that thinlinc reconfigures the system's TCP stack
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: VSM Agent (show other bugs)
Version: 1.3.1
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Pierre Ossman
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-20 13:49 CEST by Pierre Ossman
Modified: 2019-11-26 12:52 CET (History)
1 user (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio 2017-06-20 13:49:20 CEST 
ThinLinc currently always reconfigures the port allocation in the local TCP stack (using sysctl) based on the setting "/vsmagent/lowest_user_port". This fact is not really made clear to the admin, which may have a different desired configuration. Not even the reference documentation for that setting mentions what it really does.

One option could be to rethink how we handle port allocation and remove the need for system changes.
Comment 1 Karl Mikaelsson cendio 2017-08-03 13:07:44 CEST 
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt:

> ip_local_port_range - 2 INTEGERS
>	Defines the local port range that is used by TCP and UDP to
>	choose the local port. The first number is the first, the
>	second the last local port number.
>	If possible, it is better these numbers have different parity.
>	(one even and one odd values)
>	The default values are 32768 and 60999 respectively.

To compare, our defaults are 32768 and 65535. This is merely 16% larger than the default range.
Comment 2 Karl Mikaelsson cendio 2017-08-03 13:12:27 CEST 
Based on the internal discussions around why we're modifying this setting in vsmagent, I've understood that we want to eliminate the possibility that other applications gets an automatically assigned port number in a range we want to use.

If this scenario is valid and we want to prevent it from happening, we should look at ip_local_reserved_ports. The documentation is fairly clear about what it does, so I'll just quote from https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt:

> ip_local_reserved_ports - list of comma separated ranges
>	Specify the ports which are reserved for known third-party
>	applications. These ports will not be used by automatic port
>	assignments (e.g. when calling connect() or bind() with port
>	number 0). Explicit port allocation behavior is unchanged.
>
>	The format used for both input and output is a comma separated
>	list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
>	10). Writing to the file will clear all previously reserved
>	ports and update the current list with the one given in the
>	input.
>
>	Note that ip_local_port_range and ip_local_reserved_ports
>	settings are independent and both are considered by the kernel
>	when determining which ports are available for automatic port
>	assignments.
>
>	You can reserve ports which are not in the current
>	ip_local_port_range, e.g.:
>
>	$ cat /proc/sys/net/ipv4/ip_local_port_range
>	32000	60999
>	$ cat /proc/sys/net/ipv4/ip_local_reserved_ports
>	8080,9148
>
>	although this is redundant. However such a setting is useful
>	if later the port range is changed to a value that will
>	include the reserved ports.
>
>	Default: Empty
Note You need to log in before you can comment on or make changes to this bug.