On Friday, August 30, 2019 4:33:11 AM MST Björn Persson wrote:
John Harris wrote:
> Thing is, binding a port and expecting it to be open to every network
> interface you've got are two very different things.
Once again John Harris is completely wrong. The bind system call is
precisely how a program specifies which network interfaces it wants to
open a socket to. A program that calls bind with IN6ADDR_ANY_INIT or
INADDR_ANY and a specific port number expects that port to be open to
every network interface the computer has.
A program that doesn't intend to listen on every network interface will
bind to an IP address assigned to one interface to listen only on that
network, or maybe a localhost address to listen only on the loopback
interface. The port and the network interface are specified together in
a single sockaddr object passed to a single system call, so it's very
much the same thing.
Björn Persson
This is a bit hostile, and certainly comes off as passive aggressive. When you
bind a port, it isn't open on every interface unless you specify that, you're
partially correct. Many programs, however, bind all interfaces regardless. For
example, dnsmasq does this by default, and many other programs do it without a
configuration option on ports. So, while the software may be open to all ports
because of the code itself, that is often not the intention. Many programs
just bind all interfaces, and expect that you'll configure your firewall to
whatever should be able to access the network service it's serving.
Programs that don't intend to listen on every interface generally don't bind
only to one interface, though they should. Especially not proprietary
software. If an interface is not specified, you get all interfaces bound.
binding a port has nothing to do with opening a socket to something else. In
nearly all cases, it's used to open your system to incoming connections.
--
John M. Harris, Jr. <johnmh(a)splentity.com>
Splentity
https://splentity.com/