You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by am...@apache.org on 2015/06/16 00:01:35 UTC

trafficserver git commit: TS-2054: Generate warning on reserved port open failure.

Repository: trafficserver
Updated Branches:
  refs/heads/master 78143684b -> 1e710ce74


TS-2054: Generate warning on reserved port open failure.


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/1e710ce7
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/1e710ce7
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/1e710ce7

Branch: refs/heads/master
Commit: 1e710ce7477ad7bccb47e9d52debc2bc1bf77801
Parents: 7814368
Author: Alan M. Carroll <so...@yahoo-inc.com>
Authored: Mon Jun 15 14:55:16 2015 -0500
Committer: Alan M. Carroll <am...@apache.org>
Committed: Mon Jun 15 17:01:16 2015 -0500

----------------------------------------------------------------------
 CHANGES                        | 2 ++
 iocore/net/UnixNetProcessor.cc | 7 +++++++
 2 files changed, 9 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/1e710ce7/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 80ffb93..8cd6d80 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache Traffic Server 6.0.0
 
+  *) [TS-2054] Generate warning for reserved port open failure.
+
   *) [TS-3170] Eliminate proxy pac / autoconf features, and backdoors. This
    also eliminates almost everything in web2, leaving just a bit of cluster
    code which I moved to the cmd/traffic_manager code area.

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/1e710ce7/iocore/net/UnixNetProcessor.cc
----------------------------------------------------------------------
diff --git a/iocore/net/UnixNetProcessor.cc b/iocore/net/UnixNetProcessor.cc
index d2b81a6..afe1c69 100644
--- a/iocore/net/UnixNetProcessor.cc
+++ b/iocore/net/UnixNetProcessor.cc
@@ -156,6 +156,13 @@ UnixNetProcessor::accept_internal(Continuation *cont, int fd, AcceptOptions cons
         Debug("iocore_net_accept", "Created accept thread #%d for port %d", accept_threads, ats_ip_port_host_order(&accept_ip));
         snprintf(thr_name, MAX_THREAD_NAME_LENGTH, "[ACCEPT %d:%d]", accept_threads - 1, ats_ip_port_host_order(&accept_ip));
         na->init_accept_loop(thr_name);
+# if ! TS_USE_POSIX_CAP
+      } else if (fd == ts::NO_FD && opt.local_port < 1024 && 0 != geteuid()) {
+        // TS-2054 - we can fail to bind a privileged port if we waited for cache and we tried
+        // to open the socket in do_listen and we're not using libcap (POSIX_CAP) and so have reduced
+        // privilege. Mention this to the admin.
+        Warning("Failed to open reserved port %d due to lack of process privilege. Use POSIX capabilities if possible or disable wait_for_cache.", opt.local_port);
+# endif // TS_USE_POSIX_CAP
       }
     } else {
       na->init_accept_per_thread(opt.f_inbound_transparent);