Sharing Transport Addresses

In most situations, a Winsock Kernel (WSK) application cannot bind a socket to a local transport address that is already in use by another socket. WSK applications can use the SO_EXCLUSIVEADDRUSE and SO_REUSEADDR socket options to control the sharing of the local transport address to which a socket is bound. Neither of these socket options are set for a socket by default. For more information about setting socket options, see Performing Control Operations on a Socket.

The following table shows the result of binding a second socket to a local transport address that is already in use by another socket. The Wildcard and Specific cases specify whether the socket is bound to a wildcard local transport address or to a specific local transport address.

Second bind First bind

No socket options (default)

SO_REUSEADDR

SO_EXCLUSIVEADDRUSE

Wildcard

Specific

Wildcard

Specific

Wildcard

Specific

No socket options (default)

Wildcard

INUSE

SUCCESS

INUSE

SUCCESS

INUSE

SUCCESS

Specific

CHECK

INUSE

CHECK

DENIED

DENIED

INUSE

SO_REUSEADDR

Wildcard

DENIED

SUCCESS

SUCCESS

SUCCESS

DENIED

SUCCESS

Specific

CHECK

DENIED

SUCCESS

SUCCESS

DENIED

DENIED

SO_EXCLUSIVEADDRUSE

Wildcard

INUSE

INUSE

INUSE

INUSE

INUSE

INUSE

Specific

CHECK

INUSE

CHECK

INUSE

DENIED

INUSE

The results are defined as follows:

SUCCESS
The bind operation for the second socket succeeds. The WSK subsystem returns a status of STATUS_SUCCESS.

INUSE
The bind operation on the second socket fails. The WSK subsystem returns a status of STATUS_ADDRESS_ALREADY_EXISTS.

DENIED
The bind operation on the second socket fails. The WSK subsystem returns a status of STATUS_ACCESS_DENIED.

CHECK
An access check is performed to determine if the bind operation on the second socket succeeds or fails. If access is granted, the bind succeeds and the WSK subsystem returns a status of STATUS_SUCCESS. If access is denied, the bind fails and the WSK subsystem returns a status of STATUS_ACCESS_DENIED.

In the cases defined in the previous table where an access check is performed, the second socket's security context is checked against the first socket's security descriptor.

  • A socket's security context is determined by the OwningProcess and OwningThread parameters that are passed to either the WskSocket function or the WskSocketConnect function when the socket is created. If no specific process or thread is specified when the socket is created, the security context of the process that created the socket is used.

  • A socket's security descriptor is specified by the SecurityDescriptor parameter that is passed to either the WskSocket function or the WskSocketConnect function when the socket is created. If no specific security descriptor is specified, the WSK subsystem uses a default security descriptor that does not permit sharing of transport addresses. A security descriptor can also be applied to a socket after the socket has been created by using the SO_WSK_SECURITY socket option.

If the two sockets are bound to two different specific local transport addresses, there is no sharing of either transport address. In this situation the second bind operation will always complete successfully.