Overview

The Scout module manages all TCP and UDP ports and ICMP IDs to ensure that there are no collisions between safe raw sockets and TCP/UDP/ICMP sockets. For each IP address, all ports are either free or "owned" by a slice. This means that two slices may split ownership of a port by binding it to different IP addresses. Right now only two IP addresses are supported: the external and loopback addresses. A port/IP address pair that is owned by one slice is unavailable to all other slices. A slice can claim ownership of a port in two ways:

1. It can bind a socket to that port and IP address

2. It can reserve the port. This means that only this slice can bind the port to any IP address.

A slice that owns a port bound to the external IP address can open three sockets on that port. First, it can open one "consumer" socket. A consumer socket is a communication endpoint, and may be either a standard TCP/UDP socket or a safe raw socket (these sockets consume packets, in contrast to a "sniffer" socket). Second, it can open one ICMP error socket to receive ICMP Destination Unreachable messages on a TCP/UDP port. Third, it can open one sniffer socket. A current limitation of the module is that only one ICMP error and sniffer socket is allowed per port. A slice that owns a port bound to the loopback address can only open one standard TCP/UDP socket on that port. A TCP/UDP socket bound to INADDR_ANY binds to both the external and loopback IP addresses.

Relevant files:

/proc/scout/ports/summary:  Summarizes port ownership/usage
/proc/scout/ports/reserve:  Write to reserve a port
/proc/scout/ports/release:  Write to release a port reservation