Hi Dick, --- BRIDGES Dick <Dick.Bridges@us.thalesgroup.com> wrote:
No. SO_REUSEADDR does increase the attack surface. Not a lot and less now than in the past but IMHO there's no point in helping the bad guys even a little bit if it's not required. Besides, I doubt all that many people would find it useful. My mumbling was aimed more toward myself than anything else - I have written a fair amount of "server" code and should have developed better habits by now. ;)
I just checked my copy of Unix Network Programming Vol. 1 and it does recommend always setting the SO_REUSEADDR option (even though it notes the security issue).
Hmmm. The copy of the library I downloaded on 14 September doesn't have socket_acceptor::reuse_address and linux.softpedia.com says the last update was 5 September. I used stream_socket::reuse_address instead and that worked. Is there a newer version of the library somewhere else?
There's the version I'm working on in sourceforge CVS, which is what I had based my answer on, sorry.
I would like to see this initialization code pushed back down into the acceptor. Maybe something along the lines of an "option_policy", but I can't come up with anything to suggest that isn't more trouble than it's worth.
Yeah, these sort of options might somehow be associated with the protocol, since I can see different protocols (e.g. UNIX domain sockets, Bluetooth RFCOMM, etc) needing different defaults. I might leave this until asio gets more use in other types of socket to see what can be made reusable. Cheers, Chris