2019-04-29 21:25:05 +00:00
|
|
|
// Copyright 2018 The gVisor Authors.
|
2018-07-09 21:03:03 +00:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
2018-04-27 17:37:02 +00:00
|
|
|
|
|
|
|
// Package ports provides PortManager that manages allocating, reserving and releasing ports.
|
|
|
|
package ports
|
|
|
|
|
|
|
|
import (
|
|
|
|
"math"
|
|
|
|
"math/rand"
|
|
|
|
"sync"
|
|
|
|
|
2019-06-13 23:49:09 +00:00
|
|
|
"gvisor.dev/gvisor/pkg/tcpip"
|
2018-04-27 17:37:02 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2018-09-18 03:42:48 +00:00
|
|
|
// FirstEphemeral is the first ephemeral port.
|
|
|
|
FirstEphemeral = 16000
|
2018-04-27 17:37:02 +00:00
|
|
|
|
2018-09-12 16:37:57 +00:00
|
|
|
anyIPAddress tcpip.Address = ""
|
2018-04-27 17:37:02 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type portDescriptor struct {
|
|
|
|
network tcpip.NetworkProtocolNumber
|
|
|
|
transport tcpip.TransportProtocolNumber
|
|
|
|
port uint16
|
|
|
|
}
|
|
|
|
|
|
|
|
// PortManager manages allocating, reserving and releasing ports.
|
|
|
|
type PortManager struct {
|
|
|
|
mu sync.RWMutex
|
|
|
|
allocatedPorts map[portDescriptor]bindAddresses
|
|
|
|
}
|
|
|
|
|
2018-12-28 19:26:01 +00:00
|
|
|
type portNode struct {
|
|
|
|
reuse bool
|
|
|
|
refs int
|
|
|
|
}
|
|
|
|
|
2018-04-27 17:37:02 +00:00
|
|
|
// bindAddresses is a set of IP addresses.
|
2018-12-28 19:26:01 +00:00
|
|
|
type bindAddresses map[tcpip.Address]portNode
|
2018-04-27 17:37:02 +00:00
|
|
|
|
|
|
|
// isAvailable checks whether an IP address is available to bind to.
|
2018-12-28 19:26:01 +00:00
|
|
|
func (b bindAddresses) isAvailable(addr tcpip.Address, reuse bool) bool {
|
2018-04-27 17:37:02 +00:00
|
|
|
if addr == anyIPAddress {
|
2018-12-28 19:26:01 +00:00
|
|
|
if len(b) == 0 {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
if !reuse {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
for _, n := range b {
|
|
|
|
if !n.reuse {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true
|
2018-04-27 17:37:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// If all addresses for this portDescriptor are already bound, no
|
|
|
|
// address is available.
|
2018-12-28 19:26:01 +00:00
|
|
|
if n, ok := b[anyIPAddress]; ok {
|
|
|
|
if !reuse {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if !n.reuse {
|
|
|
|
return false
|
|
|
|
}
|
2018-04-27 17:37:02 +00:00
|
|
|
}
|
|
|
|
|
2018-12-28 19:26:01 +00:00
|
|
|
if n, ok := b[addr]; ok {
|
|
|
|
if !reuse {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return n.reuse
|
2018-04-27 17:37:02 +00:00
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewPortManager creates new PortManager.
|
|
|
|
func NewPortManager() *PortManager {
|
|
|
|
return &PortManager{allocatedPorts: make(map[portDescriptor]bindAddresses)}
|
|
|
|
}
|
|
|
|
|
|
|
|
// PickEphemeralPort randomly chooses a starting point and iterates over all
|
|
|
|
// possible ephemeral ports, allowing the caller to decide whether a given port
|
|
|
|
// is suitable for its needs, and stopping when a port is found or an error
|
|
|
|
// occurs.
|
|
|
|
func (s *PortManager) PickEphemeralPort(testPort func(p uint16) (bool, *tcpip.Error)) (port uint16, err *tcpip.Error) {
|
2018-09-18 03:42:48 +00:00
|
|
|
count := uint16(math.MaxUint16 - FirstEphemeral + 1)
|
2018-04-27 17:37:02 +00:00
|
|
|
offset := uint16(rand.Int31n(int32(count)))
|
|
|
|
|
|
|
|
for i := uint16(0); i < count; i++ {
|
2018-09-18 03:42:48 +00:00
|
|
|
port = FirstEphemeral + (offset+i)%count
|
2018-04-27 17:37:02 +00:00
|
|
|
ok, err := testPort(port)
|
|
|
|
if err != nil {
|
|
|
|
return 0, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if ok {
|
|
|
|
return port, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0, tcpip.ErrNoPortAvailable
|
|
|
|
}
|
|
|
|
|
2018-09-18 03:42:48 +00:00
|
|
|
// IsPortAvailable tests if the given port is available on all given protocols.
|
2018-12-28 19:26:01 +00:00
|
|
|
func (s *PortManager) IsPortAvailable(networks []tcpip.NetworkProtocolNumber, transport tcpip.TransportProtocolNumber, addr tcpip.Address, port uint16, reuse bool) bool {
|
2018-09-18 03:42:48 +00:00
|
|
|
s.mu.Lock()
|
|
|
|
defer s.mu.Unlock()
|
2018-12-28 19:26:01 +00:00
|
|
|
return s.isPortAvailableLocked(networks, transport, addr, port, reuse)
|
2018-09-18 03:42:48 +00:00
|
|
|
}
|
|
|
|
|
2018-12-28 19:26:01 +00:00
|
|
|
func (s *PortManager) isPortAvailableLocked(networks []tcpip.NetworkProtocolNumber, transport tcpip.TransportProtocolNumber, addr tcpip.Address, port uint16, reuse bool) bool {
|
2018-09-18 03:42:48 +00:00
|
|
|
for _, network := range networks {
|
|
|
|
desc := portDescriptor{network, transport, port}
|
|
|
|
if addrs, ok := s.allocatedPorts[desc]; ok {
|
2018-12-28 19:26:01 +00:00
|
|
|
if !addrs.isAvailable(addr, reuse) {
|
2018-09-18 03:42:48 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2018-04-27 17:37:02 +00:00
|
|
|
// ReservePort marks a port/IP combination as reserved so that it cannot be
|
|
|
|
// reserved by another endpoint. If port is zero, ReservePort will search for
|
|
|
|
// an unreserved ephemeral port and reserve it, returning its value in the
|
|
|
|
// "port" return value.
|
2018-12-28 19:26:01 +00:00
|
|
|
func (s *PortManager) ReservePort(networks []tcpip.NetworkProtocolNumber, transport tcpip.TransportProtocolNumber, addr tcpip.Address, port uint16, reuse bool) (reservedPort uint16, err *tcpip.Error) {
|
2018-04-27 17:37:02 +00:00
|
|
|
s.mu.Lock()
|
|
|
|
defer s.mu.Unlock()
|
|
|
|
|
|
|
|
// If a port is specified, just try to reserve it for all network
|
|
|
|
// protocols.
|
|
|
|
if port != 0 {
|
2018-12-28 19:26:01 +00:00
|
|
|
if !s.reserveSpecificPort(networks, transport, addr, port, reuse) {
|
2018-04-27 17:37:02 +00:00
|
|
|
return 0, tcpip.ErrPortInUse
|
|
|
|
}
|
|
|
|
return port, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// A port wasn't specified, so try to find one.
|
|
|
|
return s.PickEphemeralPort(func(p uint16) (bool, *tcpip.Error) {
|
2018-12-28 19:26:01 +00:00
|
|
|
return s.reserveSpecificPort(networks, transport, addr, p, reuse), nil
|
2018-04-27 17:37:02 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// reserveSpecificPort tries to reserve the given port on all given protocols.
|
2018-12-28 19:26:01 +00:00
|
|
|
func (s *PortManager) reserveSpecificPort(networks []tcpip.NetworkProtocolNumber, transport tcpip.TransportProtocolNumber, addr tcpip.Address, port uint16, reuse bool) bool {
|
|
|
|
if !s.isPortAvailableLocked(networks, transport, addr, port, reuse) {
|
2018-09-18 03:42:48 +00:00
|
|
|
return false
|
2018-04-27 17:37:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Reserve port on all network protocols.
|
2018-09-12 16:37:57 +00:00
|
|
|
for _, network := range networks {
|
|
|
|
desc := portDescriptor{network, transport, port}
|
2018-04-27 17:37:02 +00:00
|
|
|
m, ok := s.allocatedPorts[desc]
|
|
|
|
if !ok {
|
|
|
|
m = make(bindAddresses)
|
|
|
|
s.allocatedPorts[desc] = m
|
|
|
|
}
|
2018-12-28 19:26:01 +00:00
|
|
|
if n, ok := m[addr]; ok {
|
|
|
|
n.refs++
|
|
|
|
m[addr] = n
|
|
|
|
} else {
|
|
|
|
m[addr] = portNode{reuse: reuse, refs: 1}
|
|
|
|
}
|
2018-04-27 17:37:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// ReleasePort releases the reservation on a port/IP combination so that it can
|
|
|
|
// be reserved by other endpoints.
|
2018-09-12 16:37:57 +00:00
|
|
|
func (s *PortManager) ReleasePort(networks []tcpip.NetworkProtocolNumber, transport tcpip.TransportProtocolNumber, addr tcpip.Address, port uint16) {
|
2018-04-27 17:37:02 +00:00
|
|
|
s.mu.Lock()
|
|
|
|
defer s.mu.Unlock()
|
|
|
|
|
2018-09-12 16:37:57 +00:00
|
|
|
for _, network := range networks {
|
|
|
|
desc := portDescriptor{network, transport, port}
|
2018-09-18 03:42:48 +00:00
|
|
|
if m, ok := s.allocatedPorts[desc]; ok {
|
2018-12-28 19:26:01 +00:00
|
|
|
n, ok := m[addr]
|
|
|
|
if !ok {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
n.refs--
|
|
|
|
if n.refs == 0 {
|
|
|
|
delete(m, addr)
|
|
|
|
} else {
|
|
|
|
m[addr] = n
|
|
|
|
}
|
2018-09-18 03:42:48 +00:00
|
|
|
if len(m) == 0 {
|
|
|
|
delete(s.allocatedPorts, desc)
|
|
|
|
}
|
2018-04-27 17:37:02 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|