Re: OT use port under 1024 on OSX
Re: OT use port under 1024 on OSX
- Subject: Re: OT use port under 1024 on OSX
- From: Quinn <email@hidden>
- Date: Mon, 21 Oct 2002 13:13:53 +0100
At 17:46 +0800 21/10/02, Kevin Yu wrote:
I know this is because OSX is based on unix system, but how to solve this
problem?
There are a variety of solutions to this problem. Here's an extract
from an, as yet, unpublished document that I wrote discussing it.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
There are a number of solutions for binding to a low-numbered port.
Each solution has its advantages and disadvantages.
You may not need to bind at all. A common mistake is to bind to a
specific port when an an anonymous port would work just as well. See
DTS Technote 1145 Living in a Dynamic TCP/IP Environment for hints
on how to bind correctly.
If you define the on-the-wire protocol you can avoid this problem by
either
not using a well-known port, but instead use an anonymous port and
advertise your service via Rendevous, or
chosing a well-known port above 1024.
If you are a permanent network service (like a file server), you
should consider running your service as a plug-in to some other
privileged service.
If you're writing a typical GUI application, you probably should a
setuid root helper tool. There are a number of different strategies
you can take here.
If it's feasible to split all of your networking code into a
separate tool, you can use the techniques described below to open
and bind your listening socket/endpoint in privileged mode and then
run the rest of your tool in non-privileged mode. The problem with
this approach is that it may not be easy to separate your networking
code from the rest of your application.
If you're programming with BSD sockets you can use a setuid root
helper tool to open and bind your listening socket and then pass the
file descriptor back to your main application via a message on a
UNIX domain socket. This technique is described in detail in Section
14.7 of UNIX Network Programming. The problem with this approach is
that it does not work if you're using the Open Transport
compatibility library; there is no way to create an OT endpoint
given a file descriptor, nor is there a way to pass an OT endpoint
between processes.
If you have an Open Transport application that is not performance
sensitive you might consider writing a setuid root helper tool that
listens on the low-numbered socket and then routes connections
through to some high-numbered port. You can download an example of
this here [ask me for a copy if you're interested]. This solution
is not ideal because it is slow--each chunk of network data passes
in and out of the kernel three times!
If you have a performance sensitive Open Transport-based networking
application where the network code is intimately intertwined with
the user interface, there really is no good solution to this
problem.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
S+E
--
Quinn "The Eskimo!" <
http://www.apple.com/developer/>
Apple Developer Technical Support * Networking, Communications, Hardware
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.