SO_REUSEADDR 和 SO_REUSEPORT 的区别

注:机翻,未校。


Difference Between SO_REUSEADDR and SO_REUSEPORT

Last Updated : 05 Feb, 2023

Processes use sockets as endpoints of a two-way channel to transfer data. The socket options SO_REUSEADDR and SO_REUSEPORT have different man pages and programmer documentation for various operating systems, which can be very confusing. The option SO_REUSEPORT is not even available on some operating systems. To perform socket operations, such as connecting to a socket address or listening for a new connection, processes use a variety of socket-layer functions.

进程使用套接字作为双向通道的端点来传输数据。套接字选项 SO_REUSEADDR 和 SO_REUSEPORT 具有不同的手册页和适用于各种操作系统的程序员文档,这可能非常令人困惑。选项 SO_REUSEPORT 在某些操作系统上甚至不可用。为了执行套接字操作,例如连接到套接字地址或侦听新连接,进程使用各种套接字层函数。

Understanding Socket Implementation 了解套接字实现

Pipes and sockets are comparable. To the programs that use them, both appear to be filed. Both aid in the communication between processes. Sockets interact with a remote program; pipes interact with a local program. As you mentioned, sockets also provide bidirectional communication (much like a pair of properly connected pipes could). The values of a socket are the protocol, source IP address, source port, destination IP address, and port. A socket is a five-tuple. In order to maintain a connection between the two endpoints, no two sockets can have the same five values. A call to the socket() function is used to initially create a socket. A socket's unique identifier, or socket descriptor, is what this function returns. We can give the socket a source IP address and a source port with the bind() function. The connect() function sets the destination IP address and destination port. At last, it is normal for programs on a solitary machine to convey utilizing standard organization conventions, like TCP; it would be inefficient to go the whole way to the organization equipment (if any!) and compute checksums.

管道和套接字具有可比性。对于使用它们的程序来说,两者似乎都已归档。两者都有助于进程之间的通信。套接字与远程程序交互;管道与本地程序交互。正如您提到的,套接字还提供双向通信(就像一对正确连接的管道一样)。套接字的值包括协议、源 IP 地址、源端口、目标 IP 地址和端口。套接字是一个五元组。为了保持两个端点之间的连接,任何两个套接字都不能具有相同的五个值。对 socket() 函数的调用用于初始创建套接字。套接字的唯一标识符或套接字描述符是此函数返回的内容。我们可以使用 bind() 函数为套接字提供源 IP 地址和源端口。connect() 函数设置目标 IP 地址和目标端口。最后,独立机器上的程序使用标准组织约定(如 TCP)进行传输是正常的;全程到组织设备(如果有的话!)并计算校验和是低效的。

The protocol, source IP address, source port, destination IP address, and port are the values of a socket, which is a five-tuple. In order to maintain a connection between the two endpoints, no two sockets can have the same five values. Connecting to www.geeksforgeeks.org in our web browser will allow us to verify this.

协议、源 IP 地址、源端口、目标 IP 地址和端口是套接字的值,套接字是一个五元组。为了保持两个端点之间的连接,任何两个套接字都不能具有相同的五个值。在我们的网络浏览器中连接到 www.geeksforgeeks.org 将使我们能够验证这一点。

shell 复制代码
nslookup www.geeksforgeeks.org 

A collection of IPV4 and IPV6 addresses are retrieved. Then, when we use the ss command, we'll search for any of these IP addresses. This command aids in our ongoing investigation of the socket:

检索 IPV4 和 IPV6 地址的集合。然后,当我们使用 ss 命令时,我们将搜索这些 IP 地址中的任何一个。此命令有助于我们对套接字的持续调查:

shell 复制代码
ss- t

Output 输出

We can see that the socket we have has a working connection. The source IP address in this instance is 180.149.59.201, and the source port is 52984. Additionally, the destination IP address (180.149.59.203) and port (192 for HTTPS) are both those of the youtube server.

我们可以看到我们拥有的套接字有一个工作连接。本实例中的源 IP 地址为 180.149.59.201,源端口为 52984。此外,目标 IP 地址 (180.149.59.203) 和端口(HTTPS 为 192)都是 youtube 服务器的地址。

What Are Socket Options? 什么是套接字选项?

A network socket's identifier is a socket file descriptor. It is essential to keep in mind that while all file descriptors are sockets, not all sockets are file descriptors. This is due to the fact that file descriptors can serve as identifiers for pipes, sockets, and files. The option name, such as SO_BROADCAST, indicates that the property is set. There are various options for various protocol levels. The protocol level is a necessary parameter because of this. When examining the socket level, the protocol level to use is SOL SOCKET. By looking at the option name's prefix, we can tell the options for a level apart. For example, we can perceive that SO_DEBUG is on the attachment level just from the initial two letters of the chchosenoice name. IP_DONTFRAG operates at the IP protocol level, whereas TCP_NODELAY operates at the TCP protocol level. Socket management must be possible for processes. For instance, a process might need to enable the recording of debugging information or broadcast messages. The values of SO BROADCAST and SO DEBUG would change in this situation. This is accomplished by a process using the setsockopt() function. The setsockopt function needs the following five inputs: Name of the socket, file descriptor, Protocol level, value, and length.

网络套接字的标识符是套接字文件描述符。必须记住,虽然所有文件描述符都是套接字,但并非所有套接字都是文件描述符。这是因为文件描述符可以用作管道、套接字和文件的标识符。选项名称(如 SO_BROADCAST)表示已设置属性。对于不同的协议级别,有各种选项。因此,协议级别是一个必要的参数。检查套接字级别时,要使用的协议级别是 SOL SOCKET。通过查看选项名称的前缀,我们可以分辨出不同级别的选项。例如,我们可以从 chchosenoice 名称的前两个字母中感知到 SO_DEBUG 处于依恋级别。IP_DONTFRAG 在 IP 协议级别运行,而 TCP_NODELAY 在 TCP 协议级别运行。对于进程,套接字管理必须是可行的。例如,进程可能需要启用调试信息的记录或广播消息。在这种情况下,SO BROADCAST 和 SO DEBUG 的值将更改。这是通过使用 setsockopt() 函数的进程实现的。setsockopt 函数需要以下五个输入:套接字名称、文件描述符、协议级别、值和长度。

What Is SO_REUSEADDR? 什么是 SO_REUSEADDR?

Local addresses and ports can be reused with the SO_REUSEADDR socket option. Your server can bind to an address that is in the TIME-WAIT state using SO REUSEADDR. It prevents multiple servers from binding to the same address. The fact that another server can bind to the same port by binding to a specific address rather than INADDR_ANY poses a security risk when this flag is used. Starting with the Linux kernel version 2.4 and later, SO REUSEADDR is used. Different operating systems have different ways of implementing this socket option.

本地地址和端口可以通过 SO_REUSEADDR 套接字选项重复使用。您的服务器可以使用 SO REUSEADDR 绑定到处于 TIME-WAIT 状态的地址。它可以防止多个服务器绑定到同一地址。使用此标志时,另一台服务器可以通过绑定到特定地址而不是 INADDR_ANY 地址来绑定到同一端口,这一事实会带来安全风险。从 Linux 内核版本 2.4 及更高版本开始,将使用 SO REUSEADDR。不同的操作系统有不同的方式来实现此套接字选项。

The same address/port combination will be used every time the process stops and starts over. We would need to explicitly request this behavior by activating the SO_REUSEADDR socket option with setsockopt() in order for this to take place. Before calling the bind() function, the setsockopt() function needs to be called. Additionally, the restarted process will fail if the SO_REUSEADDR socket option is not enabled. The way wildcard addresses are handled changes when the SO REUSEADDR socket option is set. Because more than one socket needs to bind to the UDP port, SO_REUSEADDR is required. This guarantees that the source IP will send a message to each socket that is connected to the UDP port.

每次进程停止和重新开始时,都将使用相同的地址 / 端口组合。我们需要通过使用 setsockopt() 激活 SO_REUSEADDR 套接字选项来明确请求此行为,以便发生此操作。在调用 bind() 函数之前,需要调用 setsockopt() 函数。此外,如果未启用 SO_REUSEADDR 套接字选项,重新启动的过程将失败。设置 SO REUSEADDR 套接字选项时,通配符地址的处理方式会发生变化。 由于需要将多个套接字绑定到 UDP 端口,因此需要 SO_REUSEADDR 套接字。这保证了源 IP 将向连接到 UDP 端口的每个套接字发送消息。

Additionally, wildcard addresses can bind to the same port with this socket option. A socket binding to 0.0.0.0:80 and another socket b attempting to bind to 10.1.0.1:40 will fail without SO_REUSEADDR. Since 0.0.0.0 also includes 10.1.0.1, there would be a conflict because it lists all possible local addresses. This is interpreted by the kernel as a pair of sockets sharing the same local address and port. The way wildcard addresses are handled changes when the SO REUSEADDR socket option is set. There won't be a conflict between a socket bound to 0.0.0.0:40 and a socket bound to 10.1.0.1:40 if SO REUSEADDR is enabled. This is due to the fact that the IP address 0.0.0.0:40 is treated as a wildcard address and isn't the same as the precise local address of 10.1.0.1.

此外,通配符地址可以使用此套接字选项绑定到同一端口。绑定到 0.0.0.0:80 的套接字和尝试绑定到 10.1.0.1:40 的另一个套接字 b 将失败,且不 SO_REUSEADDR。由于 0.0.0.0 还包括 10.1.0.1,因此会存在冲突,因为它列出了所有可能的本地地址。这被内核解释为一对共享相同本地地址和端口的套接字。设置 SO REUSEADDR 套接字选项时,通配符地址的处理方式会发生变化。如果启用了 SO REUSEADDR,则绑定到 0.0.0.0:40 的套接字和绑定到 10.1.0.1:40 的套接字之间不会发生冲突。这是因为 IP 地址 0.0.0.0:40 被视为通配符地址,与精确的本地地址 10.1.0.1 不同。

What Is SO_REUSEPORT? 什么是 SO_REUSEPORT?

Multiple sockets can bind to the same address and port combination when SO REUSEPORT is enabled, just like SO REUSEADDR does. If all of the processes use the SO_REUSEPORT option, the SO_REUSEPORT flag allows them to bind to the same address. The rule stipulates that the socket option SO_REUSEPORT must be enabled for each socket binding to the address and port. Before binding to a specific local IP and port combination, for instance, no socket can bind to socket A if SO_REUSEPORT is not enabled.

当启用 SO REUSEPORT 时,多个套接字可以绑定到相同的地址和端口组合,就像 SO REUSEADDR 一样。如果所有进程都使用 SO_REUSEPORT 选项,则 SO_REUSEPORT 标志允许它们绑定到同一地址。该规则规定,必须为绑定到地址和端口的每个套接字启用套接字选项 SO_REUSEPORT。例如,在绑定到特定的本地 IP 和端口组合之前,如果未启用 SO_REUSEPORT 套接字,则任何套接字都无法绑定到套接字 A。

As previously mentioned, a socket enters the synchronized state known as TIME WAIT when it closes. Unless both sockets have the SO REUSEPORT option, another socket won't be able to use the IP address and port combination of the socket in the TIME-WAIT state. The SO_REUSEPORT socket option behaves similarly to SO_REUSEADDR when it comes to multicasting. The user's restriction is what differentiates SO_REUSEPORT from the others. With SO_REUSEPORT, one compelling userID ought to achieve all attachments that share a similar IP and port. In point of fact, this holds true for both TCP and UDP.

如前所述,套接字在关闭时会进入称为 TIME WAIT 的同步状态。除非两个套接字都有 SO REUSEPORT 选项,否则另一个套接字将无法在 TIME-WAIT 状态下使用套接字的 IP 地址和端口组合。SO_REUSEPORT 套接字选项的行为类似于 SO_REUSEADDR 在组播方面。用户的限制是 SO_REUSEPORT 与其他人的区别。借助 SO_REUSEPORT,一个引人注目的 userID 应该实现共享相似 IP 和端口的所有附件。事实上,TCP 和 UDP 都是如此。

Difference Between SO_REUSEADDR and SO_REUSEPORT SO_REUSEADDR 和 SO_REUSEPORT 之间的区别

SO_REUSEADDR SO_REUSEPORT
Local addresses and ports may be reused with the SO REUSEADDR socket option. Multiple sockets may bind to the same address and port combination with SO REUSEPORT enabled.
Starting with Linux kernel version 2.4 and up, SO_REUSEADDR can be used. This socket option was only implemented in Linux kernel version 3.9, making it relatively recent.
Different operating systems have different ways of implementing this socket option. Different operating systems have the same ways of implementing this socket option.
In a multicast, packets are sent in a group communication to multiple destination IPs at once. The SO REUSEPORT socket option functions similarly to SO REUSEADDR when multicasting.
Using setsockopt(), set the SO_REUSEADDR socket option. unless both sockets have the SO_REUSEPORT option, the TIME_WAIT state.
this holds true for only UDP. this holds true for both TCP and UDP.
For example, SO REUSEADDR doesn't examine whether any of the different sockets tying to the IP/port combination have a particular socket option set. For example, Before binding to a particular local IP and port combination, no socket can do so if socket A does not have SO_REUSEPORT enabled.

via:

相关推荐
Sun_12_227 分钟前
SQL注入(SQL lnjection Base)21
网络·数据库
网络安全Jack1 小时前
网络安全概论——身份认证
网络·数据库·web安全
易我数据恢复大师1 小时前
如何彻底删除电脑数据以防止隐私泄露
网络·电脑·数据删除·擦除
学习溢出2 小时前
【网络安全】逆向工程 练习示例
网络·安全·网络安全·渗透测试·逆向工程
_微风轻起2 小时前
linux下网络编程socket&select&epoll的底层实现原理
linux·网络
vortex54 小时前
Burp与其他安全工具联动及代理设置教程
网络·安全
xserver25 小时前
ensp 基于端口安全的财务部网络组建
网络·安全
从后端到QT6 小时前
boost asio 异步服务器
服务器·网络·tcp/ip
Blankspace学6 小时前
Wireshark软件下载安装及基础
网络·学习·测试工具·网络安全·wireshark