Sharing Transport Addresses
In most situations, a Winsock Kernel (WSK) application cannot bind a socket to a local transport address that is already in use by another socket. WSK applications can use the SO_EXCLUSIVEADDRUSE and SO_REUSEADDR socket options to control the sharing of the local transport address to which a socket is bound. Neither of these socket options are set for a socket by default. For more information about setting socket options, see Performing Control Operations on a Socket.
The following table shows the result of binding a second socket to a local transport address that is already in use by another socket. The Wildcard and Specific cases specify whether the socket is bound to a wildcard local transport address or to a specific local transport address.
Second bind | First bind | ||||||
---|---|---|---|---|---|---|---|
No socket options (default) |
SO_REUSEADDR |
SO_EXCLUSIVEADDRUSE |
|||||
Wildcard |
Specific |
Wildcard |
Specific |
Wildcard |
Specific |
||
No socket options (default) |
Wildcard |
INUSE |
SUCCESS |
INUSE |
SUCCESS |
INUSE |
SUCCESS |
Specific |
CHECK |
INUSE |
CHECK |
DENIED |
DENIED |
INUSE |
|
SO_REUSEADDR |
Wildcard |
DENIED |
SUCCESS |
SUCCESS |
SUCCESS |
DENIED |
SUCCESS |
Specific |
CHECK |
DENIED |
SUCCESS |
SUCCESS |
DENIED |
DENIED |
|
SO_EXCLUSIVEADDRUSE |
Wildcard |
INUSE |
INUSE |
INUSE |
INUSE |
INUSE |
INUSE |
Specific |
CHECK |
INUSE |
CHECK |
INUSE |
DENIED |
INUSE |
The results are defined as follows:
SUCCESS
The bind operation for the second socket succeeds. The WSK subsystem returns a status of STATUS_SUCCESS.
INUSE
The bind operation on the second socket fails. The WSK subsystem returns a status of STATUS_ADDRESS_ALREADY_EXISTS.
DENIED
The bind operation on the second socket fails. The WSK subsystem returns a status of STATUS_ACCESS_DENIED.
CHECK
An access check is performed to determine if the bind operation on the second socket succeeds or fails. If access is granted, the bind succeeds and the WSK subsystem returns a status of STATUS_SUCCESS. If access is denied, the bind fails and the WSK subsystem returns a status of STATUS_ACCESS_DENIED.
In the cases defined in the previous table where an access check is performed, the second socket's security context is checked against the first socket's security descriptor.
A socket's security context is determined by the OwningProcess and OwningThread parameters that are passed to either the WskSocket function or the WskSocketConnect function when the socket is created. If no specific process or thread is specified when the socket is created, the security context of the process that created the socket is used.
A socket's security descriptor is specified by the SecurityDescriptor parameter that is passed to either the WskSocket function or the WskSocketConnect function when the socket is created. If no specific security descriptor is specified, the WSK subsystem uses a default security descriptor that does not permit sharing of transport addresses. A security descriptor can also be applied to a socket after the socket has been created by using the SO_WSK_SECURITY socket option.
If the two sockets are bound to two different specific local transport addresses, there is no sharing of either transport address. In this situation the second bind operation will always complete successfully.