wsdd icon indicating copy to clipboard operation
wsdd copied to clipboard
verified publisher icon christgau

Reuse port 3702 and ws-discovery service from firewalld

Open hgraeber opened this issue 7 months ago • 3 comments

Whay do wsdd and its firewall services use port 37020. Sure port 3702 is already assigned. But exactly for ws-discovery and not for some other unrelated protocol.

Calling getent services 3702/udp results in

ws-discovery 3702/udp

And firewall-cmd --info-service=ws-discovery-udp in

ws-discovery-udp
  ports: 3702/udp
  protocols: 
  source-ports: 
  modules: 
  destination: ipv4:239.255.255.250 ipv6:ff02::c
  includes: 
  helpers:

So there is no need for using another port or your own firewalld service file. Instead the ones which are already present shall be reused.

hgraeber avatar Jun 04 '25 19:06 hgraeber

Sure port 3702 is already assigned.

It's not only about assigned ports, in the sense of "there is an IANA number". It's about sockets being bound to ports.

So there is no need for using another port or your own firewalld service file.

There is. You cannot bind multiple sockets to the same port (and address). To be functional, wsdd needs multiple sockets:

  • a socket for sending datagrams to unicast addresses from the local IP (see ProbeMatch pattern) and port 3702.
  • a socket for sending datagrams to multicast addresses from a port to which other machines will reply.

Until #216, the multicast socket used a random port. Consequently, replies were sent to that random port as well, which makes it difficult for firewalls to let replies go through (see #215). However, setting both of them to the same port is not possible from an OS perspective (try wsdd --source-port 3702).

At the moment, I don't see a way to make both sockets using the same port (ideally 3702).

christgau avatar Jun 05 '25 21:06 christgau

You cannot bind multiple sockets to the same port

AFAIK there is a socket option SO_REUSEPORT to do the magic. But I must admit, that have no experience in using it. Maybe it's os dependent.

hgraeber avatar Jun 05 '25 21:06 hgraeber

AFAIK there is a socket option SO_REUSEPORT to do the magic

Yes, but as far as I understand Linux's version, it's supposed to be used for load balancing. Not sure if that works out if one socket is a multicast and the other is a "regular" one. But it's worth a try.

Maybe it's os dependent.

It appears to be. On FreeBSD there is also SO_REUSEPORT_LB...

christgau avatar Jun 05 '25 21:06 christgau