You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by am...@apache.org on 2015/06/16 00:01:35 UTC
trafficserver git commit: TS-2054: Generate warning on reserved port
open failure.
Repository: trafficserver
Updated Branches:
refs/heads/master 78143684b -> 1e710ce74
TS-2054: Generate warning on reserved port open failure.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/1e710ce7
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/1e710ce7
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/1e710ce7
Branch: refs/heads/master
Commit: 1e710ce7477ad7bccb47e9d52debc2bc1bf77801
Parents: 7814368
Author: Alan M. Carroll <so...@yahoo-inc.com>
Authored: Mon Jun 15 14:55:16 2015 -0500
Committer: Alan M. Carroll <am...@apache.org>
Committed: Mon Jun 15 17:01:16 2015 -0500
----------------------------------------------------------------------
CHANGES | 2 ++
iocore/net/UnixNetProcessor.cc | 7 +++++++
2 files changed, 9 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/1e710ce7/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 80ffb93..8cd6d80 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache Traffic Server 6.0.0
+ *) [TS-2054] Generate warning for reserved port open failure.
+
*) [TS-3170] Eliminate proxy pac / autoconf features, and backdoors. This
also eliminates almost everything in web2, leaving just a bit of cluster
code which I moved to the cmd/traffic_manager code area.
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/1e710ce7/iocore/net/UnixNetProcessor.cc
----------------------------------------------------------------------
diff --git a/iocore/net/UnixNetProcessor.cc b/iocore/net/UnixNetProcessor.cc
index d2b81a6..afe1c69 100644
--- a/iocore/net/UnixNetProcessor.cc
+++ b/iocore/net/UnixNetProcessor.cc
@@ -156,6 +156,13 @@ UnixNetProcessor::accept_internal(Continuation *cont, int fd, AcceptOptions cons
Debug("iocore_net_accept", "Created accept thread #%d for port %d", accept_threads, ats_ip_port_host_order(&accept_ip));
snprintf(thr_name, MAX_THREAD_NAME_LENGTH, "[ACCEPT %d:%d]", accept_threads - 1, ats_ip_port_host_order(&accept_ip));
na->init_accept_loop(thr_name);
+# if ! TS_USE_POSIX_CAP
+ } else if (fd == ts::NO_FD && opt.local_port < 1024 && 0 != geteuid()) {
+ // TS-2054 - we can fail to bind a privileged port if we waited for cache and we tried
+ // to open the socket in do_listen and we're not using libcap (POSIX_CAP) and so have reduced
+ // privilege. Mention this to the admin.
+ Warning("Failed to open reserved port %d due to lack of process privilege. Use POSIX capabilities if possible or disable wait_for_cache.", opt.local_port);
+# endif // TS_USE_POSIX_CAP
}
} else {
na->init_accept_per_thread(opt.f_inbound_transparent);