Why doesn't Linux use the IANA Ephemeral port range?

linux ip tcp
12,263

There was a time when IANA only assigned ports up to 1023. See RFC1700. At one time this was a standard. Most of the time I have no trouble finding when things change in the stream of RFC's but for the question of changing ports from 1024 to 49152 from registered to assigned I came up short.

In terms of Linux history, there was a question raised about the default ip_local_port_range in 2007. At that time it was decided to use the Linux range you mention for fear that high port numbers might cause problems and beginning the range at 49152 might leave too few port numbers in the pool. See this and its thread. The expressed thought at the time was that beginning at 32768 was within the spirit of the IANA's procedures, if not fully conformant. In reading this I infer that the developers assumed most assignments would occur from the bottom of the range and move up. At this writing I count a little more than 100 port numbers assigned (not counting different protocols as separate) between 32768 and 49152, so that has held up pretty well over the last five years.

I don't know why the range was considered too small, but I can imagine two reasons:

  1. Port numbers are randomized to thwart certain attacks. The more addresses in the pool, the better this defense can work.
  2. High activity servers might have trouble with port number exhaustion. While ports might be ephemeral, their use is not instantaneous. In particular sockets can last several minutes after TCP close.

This blog post touches on number 2, and suggests an answer should you wish your Linux systems to use a different range of local ports. (Using /etc/sysctl.d to define a range you like. There is also a ip_local_reserved_ports entry that may be of use if a particular conflict arrises. These match up with the /proc/sys entry you quote.)

In summary. The Linux defaults don't match the current IANA specifications, but any particular Linux system can, if its owner desires.

Share:
12,263
Brandon Condrey
Author by

Brandon Condrey

Consider opposing apartheid in Palestine and signing onto the BDS Movement; #1 User for DBA.SE 2017. Available for contracting: 281.901.0011 PostgreSQL & PostGIS / MySQL / SQL Server JavaScript, Typescript, Rx.js, Node.js, Angular Also: C / Perl / Python / Rust / x86 Assembly

Updated on September 18, 2022

Comments

  • Brandon Condrey
    Brandon Condrey over 1 year

    According to Wikipedia

    The Internet Assigned Numbers Authority (IANA) suggests the range 49152 to 65535 for dynamic or private ports. Many Linux kernels use the port range 32768 to 61000.

    Even though there seems to be some historical deviation from IANA's suggested range, it seems awkward that Windows Vista, Windows 7, Windows Server 2008, FreeBSD 4.6+ and many others all have agreed upon this range and yet Linux still stands out.

    Looking into it though, lo and behold:

    $ cat /proc/sys/net/ipv4/ip_local_port_range 
32768   61000

    Why hasn't Linux adopted the standard range?

  • Brandon Condrey
    Brandon Condrey almost 12 years
    Here is the thread about Linux uses ports near IANA ceiling
  • jmb
    jmb over 10 years
    @evan RFC 6056 goes on to say that "port numbers that may be needed for providing a particular service at the local host SHOULD NOT be included in the pool of port numbers available for ephemeral port randomization" and that "administrators should identify services that may be offered by the local host and SHOULD exclude only the corresponding registered ports" but that's not something that the OS typically provides for you to do. The only practical exclusion mechanism is to raise the lower bound.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

In Linux, how do I send packets of a certain size to an IP?
Can TCP provide more than 65535 ports?
multiple default gateways for alias interfaces
Executing script on receiving incoming connection with xinetd
what is the command in linux to kill tcp connection or session?
get ip address from bssid
Get IP address from python
JAVA: How to create http url connection selecting the ip address to use
TCP/IP file transfer C++
Haproxy Bind Error