(const char *) &on, sizeof on);
debug_printf ("%d = setsockopt (SO_EXCLUSIVEADDRUSE), %E", ret);
}
- else
+ else if (!wincap.has_enhanced_socket_security ())
{
debug_printf ("SO_REUSEADDR set");
/* There's a bug in SO_REUSEADDR handling in WinSock.
Per standards, we must not be able to reuse a complete
duplicate of a local TCP address (same IP, same port),
even if SO_REUSEADDR has been set. That's unfortunately
- possible in WinSock. So we're testing here if the local
- address is already in use and don't bind, if so. This
- only works for OSes with IP Helper support. */
- if (get_socket_type () == SOCK_STREAM
+ possible in WinSock.
+
+ So we're testing here if the local address is already in
+ use and don't bind, if so. This only works for OSes with
+ IP Helper support and is, of course, still prone to races.
+
+ However, we don't have to do this on systems supporting
+ "enhanced socket security" (2K3 and later). On these
+ systems the default binding behaviour is exactly as you'd
+ expect for SO_REUSEADDR, while setting SO_REUSEADDR re-enables
+ the wrong behaviour. So all we have to do on these newer
+ systems is never to set SO_REUSEADDR but only to note that
+ it has been set for the above SO_EXCLUSIVEADDRUSE setting.
+ See setsockopt() in net.cc. */
+ if (name->sa_family == AF_INET
+ && get_socket_type () == SOCK_STREAM
&& wincap.has_ip_helper_lib ()
&& address_in_use ((struct sockaddr_in *) name))
{
if (level == IPPROTO_IP && CYGWIN_VERSION_CHECK_FOR_USING_WINSOCK1_VALUES)
optname = convert_ws1_ip_optname (optname);
- res = setsockopt (fh->get_socket (), level, optname,
- (const char *) optval, optlen);
+ /* On systems supporting "enhanced socket security (2K3 and later),
+ the default behaviour of socket binding is equivalent to the POSIX
+ behaviour with SO_REUSEADDR. Setting SO_REUSEADDR would only result
+ in wrong behaviour. See also fhandler_socket::bind(). */
+ if (level == SOL_SOCKET && optname == SO_REUSEADDR
+ && wincap.has_enhanced_socket_security ())
+ res = 0;
+ else
+ res = setsockopt (fh->get_socket (), level, optname,
+ (const char *) optval, optlen);
if (optlen == 4)
syscall_printf ("setsockopt optval=%x", *(long *) optval);
has_disabled_user_tos_setting:false,
has_fileid_dirinfo:false,
has_exclusiveaddruse:false,
+ has_enhanced_socket_security:false,
has_buggy_restart_scan:false,
has_mandatory_integrity_control:false,
needs_logon_sid_in_sid_list:true,
has_disabled_user_tos_setting:false,
has_fileid_dirinfo:false,
has_exclusiveaddruse:false,
+ has_enhanced_socket_security:false,
has_buggy_restart_scan:false,
has_mandatory_integrity_control:false,
needs_logon_sid_in_sid_list:true,
has_disabled_user_tos_setting:false,
has_fileid_dirinfo:false,
has_exclusiveaddruse:true,
+ has_enhanced_socket_security:false,
has_buggy_restart_scan:false,
has_mandatory_integrity_control:false,
needs_logon_sid_in_sid_list:true,
has_disabled_user_tos_setting:true,
has_fileid_dirinfo:true,
has_exclusiveaddruse:true,
+ has_enhanced_socket_security:false,
has_buggy_restart_scan:true,
has_mandatory_integrity_control:false,
needs_logon_sid_in_sid_list:true,
has_disabled_user_tos_setting:true,
has_fileid_dirinfo:true,
has_exclusiveaddruse:true,
+ has_enhanced_socket_security:false,
has_buggy_restart_scan:true,
has_mandatory_integrity_control:false,
needs_logon_sid_in_sid_list:true,
has_disabled_user_tos_setting:true,
has_fileid_dirinfo:true,
has_exclusiveaddruse:true,
+ has_enhanced_socket_security:false,
has_buggy_restart_scan:false,
has_mandatory_integrity_control:false,
needs_logon_sid_in_sid_list:false,
has_disabled_user_tos_setting:true,
has_fileid_dirinfo:true,
has_exclusiveaddruse:true,
+ has_enhanced_socket_security:false,
has_buggy_restart_scan:false,
has_mandatory_integrity_control:false,
needs_logon_sid_in_sid_list:false,
has_disabled_user_tos_setting:true,
has_fileid_dirinfo:true,
has_exclusiveaddruse:true,
+ has_enhanced_socket_security:false,
has_buggy_restart_scan:false,
has_mandatory_integrity_control:false,
needs_logon_sid_in_sid_list:false,
has_disabled_user_tos_setting:true,
has_fileid_dirinfo:true,
has_exclusiveaddruse:true,
+ has_enhanced_socket_security:true,
has_buggy_restart_scan:false,
has_mandatory_integrity_control:false,
needs_logon_sid_in_sid_list:false,
has_disabled_user_tos_setting:true,
has_fileid_dirinfo:true,
has_exclusiveaddruse:true,
+ has_enhanced_socket_security:true,
has_buggy_restart_scan:false,
has_mandatory_integrity_control:true,
needs_logon_sid_in_sid_list:false,