1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
'\" t
.\" Copyright (C) 2007, Michael Kerrisk <mtk.manpages@gmail.com>
.\" and Copyright (C) 2008, Linux Foundation, written by Michael Kerrisk
.\" <mtk.manpages@gmail.com>
.\"
.\" SPDX-License-Identifier: Linux-man-pages-copyleft
.\"
.\" 2007-05-31, mtk: Rewrite and substantial additional text.
.\" 2008-12-03, mtk: Rewrote some pieces and fixed some errors
.\"
.TH bindresvport 3 2023-07-20 "Linux man-pages 6.05.01"
.SH NAME
bindresvport \- bind a socket to a privileged IP port
.SH LIBRARY
Standard C library
.RI ( libc ", " \-lc )
.SH SYNOPSIS
.nf
.B #include <sys/types.h>
.B #include <netinet/in.h>
.PP
.BI "int bindresvport(int " sockfd ", struct sockaddr_in *" sin );
.fi
.SH DESCRIPTION
.BR bindresvport ()
is used to bind the socket referred to by the
file descriptor
.I sockfd
to a privileged anonymous IP port,
that is, a port number arbitrarily selected from the range 512 to 1023.
.\" glibc actually starts searching with a port # in the range 600 to 1023
.PP
If the
.BR bind (2)
performed by
.BR bindresvport ()
is successful, and
.I sin
is not NULL, then
.I sin\->sin_port
returns the port number actually allocated.
.PP
.I sin
can be NULL, in which case
.I sin\->sin_family
is implicitly taken to be
.BR AF_INET .
However, in this case,
.BR bindresvport ()
has no way to return the port number actually allocated.
(This information can later be obtained using
.BR getsockname (2).)
.SH RETURN VALUE
.BR bindresvport ()
returns 0 on success; otherwise \-1 is returned and
.I errno
is set to indicate the error.
.SH ERRORS
.BR bindresvport ()
can fail for any of the same reasons as
.BR bind (2).
In addition, the following errors may occur:
.TP
.B EACCES
The calling process was not privileged
(on Linux: the calling process did not have the
.B CAP_NET_BIND_SERVICE
capability in the user namespace governing its network namespace).
.TP
.B EADDRINUSE
All privileged ports are in use.
.TP
.BR EAFNOSUPPORT " (" EPFNOSUPPORT " in glibc 2.7 and earlier)"
.I sin
is not NULL and
.I sin\->sin_family
is not
.BR AF_INET .
.SH ATTRIBUTES
For an explanation of the terms used in this section, see
.BR attributes (7).
.TS
allbox;
lb lb lbx
l l l.
Interface Attribute Value
T{
.na
.nh
.BR bindresvport ()
T} Thread safety T{
.na
.nh
glibc\ >=\ 2.17: MT-Safe;
.\" commit f6da27e53695ad1cc0e2a9490358decbbfdff5e5
glibc\ <\ 2.17: MT-Unsafe
T}
.TE
.sp 1
.PP
The
.BR bindresvport ()
function uses a static variable that was not protected by a lock
before glibc 2.17, rendering the function MT-Unsafe.
.SH VERSIONS
Present on the BSDs, Solaris, and many other systems.
.SH NOTES
Unlike some
.BR bindresvport ()
implementations,
the glibc implementation ignores any value that the caller supplies in
.IR sin\->sin_port .
.SH STANDARDS
BSD.
.SH SEE ALSO
.BR bind (2),
.BR getsockname (2)
|