From: Gerrit Hotzel (gt_at_hzhome.mine.nu)
Date: Fri 24 Jan 2003 - 23:44:01 GMT
On Wed, 1 Jan 2003 15:39 Jesper FA wrote:
"... I discovered that when you call netcat with an IP or port number
it creates a socket, binds to the IP/port given and then listens. But if you
call netcat without an IP or port it just creates a socket and then calls
listen to bind any IP (0.0.0.0) and get a random port and this is where it
I then looked into the kernel patch and noticed than when bind is called
inside a vserver the IP's are limited based on what IP's the process is
limited to (the IP's of the vserver). No changes are apparently made to
listen. When a socket is created no limiting is done. This all works find if
you call create socket, bind, listen as most programs do.
But as we both have discovered some programs do want a random port on any IP
and just calls create socket, listen. The problem is then that the newly
created socket is not limited and as listen does not check anything it binds
to all IP's on the box. ..."
The patch works great for me.
But it seems that the code hasn't been picked up.
May I ask why?