0

I have some iptables port-forwards and I want to make SURE that no other process on the system uses those ports. I can bind() a socket myself, so other processes get EADDRINUSE, but if my process dies those sockets become available for use again and I can lose the race.

For example:

  • I set a port-forward on port 8000 to some other destination
  • other process tries to bind() to 8000
  • other process should fail

In the other order:

  • other process binds() to 8000
  • I try to set a port-forward on port 8000
  • I fail

I'm looking for some clever trick to make the kernel treat a port as if I have it open, even without a living PID. Something like NS FDs (https://lwn.net/Articles/407495/).

I know it's a stretch, but I am grasping, trying to avoid a process-based solution.

Tim Hockin
  • 282
  • 1
  • 6
  • Why are you trying to do this? – Michael Hampton Oct 21 '20 at 19:03
  • I have programmatic port forwarding, which happens through iptables. I don't want to later bind() and accept on a port that can never reach me because it is forwarded. The existence of the iptables `--dport 8000` happens early, but my (errant) process doesn't know about that. And in fact, the mechanism may change from iptables. – Tim Hockin Oct 21 '20 at 19:58

0 Answers0