summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket/netlink/port/port.go
blob: 20b9a6e37a3f478eb71723ec3d1b647a798dd664 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
// Copyright 2018 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Package port provides port ID allocation for netlink sockets.
//
// A netlink port is any int32 value. Positive ports are typically equivalent
// to the PID of the binding process. If that port is unavailable, negative
// ports are searched to find a free port that will not conflict with other
// PIDS.
package port

import (
	"fmt"
	"math"
	"math/rand"
	"sync"
)

// maxPorts is a sanity limit on the maximum number of ports to allocate per
// protocol.
const maxPorts = 10000

// Manager allocates netlink port IDs.
//
// +stateify savable
type Manager struct {
	// mu protects the fields below.
	mu sync.Mutex `state:"nosave"`

	// ports contains a map of allocated ports for each protocol.
	ports map[int]map[int32]struct{}
}

// New creates a new Manager.
func New() *Manager {
	return &Manager{
		ports: make(map[int]map[int32]struct{}),
	}
}

// Allocate reserves a new port ID for protocol. hint will be taken if
// available.
func (m *Manager) Allocate(protocol int, hint int32) (int32, bool) {
	m.mu.Lock()
	defer m.mu.Unlock()

	proto, ok := m.ports[protocol]
	if !ok {
		proto = make(map[int32]struct{})
		// Port 0 is reserved for the kernel.
		proto[0] = struct{}{}
		m.ports[protocol] = proto
	}

	if len(proto) >= maxPorts {
		return 0, false
	}

	if _, ok := proto[hint]; !ok {
		// Hint is available, reserve it.
		proto[hint] = struct{}{}
		return hint, true
	}

	// Search for any free port in [math.MinInt32, -4096). The positive
	// port space is left open for pid-based allocations. This behavior is
	// consistent with Linux.
	start := int32(math.MinInt32 + rand.Int63n(math.MaxInt32-4096+1))
	curr := start
	for {
		if _, ok := proto[curr]; !ok {
			proto[curr] = struct{}{}
			return curr, true
		}

		curr--
		if curr >= -4096 {
			curr = -4097
		}
		if curr == start {
			// Nothing found. We should always find a free port
			// because maxPorts < -4096 - MinInt32.
			panic(fmt.Sprintf("No free port found in %+v", proto))
		}
	}
}

// Release frees the specified port for protocol.
//
// Preconditions: port is already allocated.
func (m *Manager) Release(protocol int, port int32) {
	m.mu.Lock()
	defer m.mu.Unlock()

	proto, ok := m.ports[protocol]
	if !ok {
		panic(fmt.Sprintf("Released port %d for protocol %d which has no allocations", port, protocol))
	}

	if _, ok := proto[port]; !ok {
		panic(fmt.Sprintf("Released port %d for protocol %d is not allocated", port, protocol))
	}

	delete(proto, port)
}