Filter invalid source ports and ips

[dns2utf8]

Hi all

I had a couple of server crashes because my application was trying to respond to UDP requests from source port 0. It lead to a huge amount of CPU load and the socket states were lingering until the application was terminated (no crash)

Thanks to the trust-dns maintainers they put a filter in which should stop the behaviour: https://github.com/bluejekyll/trust-dns/pull/1690

I think it would be beneficial to add a similar check to mio or tokio so all applications built on top are protected too. What do you think? I could send a PR next weekend or so if you are interested

Cheers, Stefan

[Thomasdezeeuw]

I'm not sure. Currently Mio just wraps std's UdpSocket, so maybe it worth it to open an issue with Rust? I think we'll mostly want to do the same thing the standard library decides to do.

[dns2utf8]

It is valid to create an UdpSocket with port 0 when opening a connection. For most cases receiving a packet with source port 0 is a buggy or an attacking remote machine. Weirdly some OSes accept these packages and forward them to applications

[Thomasdezeeuw]

It is valid to create an UdpSocket with port 0 when opening a connection. For most cases receiving a packet with source port 0 is a buggy or an attacking remote machine. Weirdly some OSes accept these packages and forward them to applications

I'm not saying your wrong, you're very correct. But again I think this should be solved in the standard library and Mio will follow suit.

[Thomasdezeeuw]

I don't think there is anything actionable here, so closing.