Port ranges - restricting opening and closing ranges

[roger peppe]

On 6 August 2014 10:32, Gustavo Niemeyer <gustavo at niemeyer.net> wrote:
> How many port ranges are typically made available? One.. Two? Sounds like a
> trivial problem.

Some applications might open thousands of individual ports.
It would be nice if it worked well in that case too.

> In terms of concurrency, there are issues either way. Someone can open a
> port while it is being closed, and whether that works or not depends purely
> on timing.

When we've got several units sharing a port space, we'll want to
keep a unique owner for each port range. That's trivial if the
reference can be keyed by the port range, but not
as straightforward if the lookup is two-phase.

What we don't want is two units in the same machine to be
able to have the same port open at the same time. I suppose
we could rely on the fact that hooks do not execute simultaneously,
but it would be preferable in my view to keep those
concerns separate.

In my view, "always close the range you've opened" is an easy
to explain rule, and makes quite a few things simpler,
without being overly restrictive.

> gustavo @ http://niemeyer.net
>
> On Aug 6, 2014 9:41 AM, "roger peppe" <roger.peppe at canonical.com> wrote:
>>
>> On 5 August 2014 19:34, Gustavo Niemeyer <gustavo at niemeyer.net> wrote:
>> > On Tue, Aug 5, 2014 at 4:18 PM, roger peppe <rogpeppe at gmail.com> wrote:
>> >> close ports 80-110 -> error (mismatched port range?)
>> >
>> > I'd expect ports to be closed here, and also on 0-65536.
>>
>> I'm not sure. An advantage of requiring that exactly the
>> same ports must be closed as were opened, you can use the port range
>> as a key, which makes for a very simple (and trivially concurrent-safe)
>> implementation in a mongo collection.
>>
>> I'd suggest that this compromise is worth it. We could always make an
>> initial
>> special case for 0-65535 too, if desired.