bpo-37228: Fix loop.create_datagram_endpoint()'s usage of SO_REUSEADDR (#17311)

2025-11-02 03:01:58 +00:00 · 2019-12-09 09:21:10 -05:00 · 2019-12-09 09:21:10 -05:00 · ab513a38c9
commit ab513a38c9
parent 82b4950b5e
4 changed files with 67 additions and 29 deletions
--- a/Doc/library/asyncio-eventloop.rst
+++ b/Doc/library/asyncio-eventloop.rst
@ -473,6 +473,21 @@ Opening network connections
                        reuse_address=None, reuse_port=None, \
                        allow_broadcast=None, sock=None)

+   .. note::
+      The parameter *reuse_address* is no longer supported, as using
+      :py:data:`~sockets.SO_REUSEADDR` poses a significant security concern for
+      UDP. Explicitly passing ``reuse_address=True`` will raise an exception.
+
+      When multiple processes with differing UIDs assign sockets to an
+      indentical UDP socket address with ``SO_REUSEADDR``, incoming packets can
+      become randomly distributed among the sockets.
+
+      For supported platforms, *reuse_port* can be used as a replacement for
+      similar functionality. With *reuse_port*,
+      :py:data:`~sockets.SO_REUSEPORT` is used instead, which specifically
+      prevents processes with differing UIDs from assigning sockets to the same
+      socket address.
+
   Create a datagram connection.

   The socket family can be either :py:data:`~socket.AF_INET`,
@ -501,11 +516,6 @@ Opening network connections
     resolution. If given, these should all be integers from the
     corresponding :mod:`socket` module constants.

-   * *reuse_address* tells the kernel to reuse a local socket in
-     ``TIME_WAIT`` state, without waiting for its natural timeout to
-     expire. If not specified will automatically be set to ``True`` on
-     Unix.
-
   * *reuse_port* tells the kernel to allow this endpoint to be bound to the
     same port as other existing endpoints are bound to, so long as they all
     set this flag when being created. This option is not supported on Windows
@ -527,6 +537,10 @@ Opening network connections
      The *family*, *proto*, *flags*, *reuse_address*, *reuse_port,
      *allow_broadcast*, and *sock* parameters were added.

+   .. versionchanged:: 3.8.1
+      The *reuse_address* parameter is no longer supported due to security
+      concerns.
+
   .. versionchanged:: 3.8
      Added support for Windows.