Can TCP provide more than 65535 ports?
Looking at the RFC for TCP: RFC 793 - Transmission Control Protocol, the answer would seem to be no because of the fact that a TCP header is limited to 16-bits for the source/destination port field.
Does IPv6 improve things?
No. Even though IPv6 will give us a much larger IP address space, 32-bit vs. 128-bits, it makes no attempt to improve the TCP packet limitation of 16-bits for the port numbers. Interestingly the RFC for IPv6: Internet Protocol, Version 6 (IPv6) Specification, the IP field needed to be expanded.
When TCP runs over IPv6, the method used to compute the checksum is changed, as per RFC 2460:
Any transport or other upper-layer protocol that includes the addresses from the IP header in its checksum computation must be modified for use over IPv6, to include the 128-bit IPv6 addresses instead of 32-bit IPv4 addresses.
So how can you get more ports?
One approach would be to stack additional IP addresses using more interfaces. If your system has multiple NICs this is easier, but even with just a single NIC, one can make use of virtual interfaces (aka. aliases) to allocate more IPs if needed.
NOTE: Using aliases have been supplanted by iproute2 which you can use to stack IP addresses on a single interface (i.e. eth0) instead.
Example
$ sudo ip link set eth0 up
$ sudo ip addr add 192.0.2.1/24 dev eth0
$ sudo ip addr add 192.0.2.2/24 dev eth0
$ ip addr show dev eth0
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast state DOWN qlen 1000
link/ether 00:d0:b7:2d:ce:cf brd ff:ff:ff:ff:ff:ff
inet 192.0.2.1/24 brd 192.0.2.255 scope global eth1
inet 192.0.2.2/24 scope global secondary eth1
Source: iproute2: Life after ifconfig
References
- OpenWrt Wiki » Documentation » Networking » Linux Network Interfaces
- Some useful command with iproute2
- Linux Advanced Routing & Traffic Control HOWTO
- Multiple default routes / public gateway IPs under Linux
- iproute2 cheat sheet - Daniil Baturin's website
Is it possible to setup a Linux system so that it provides more than 65,535 ports?
Nope.
The intent would be to have more than 65k daemons listening on a given system.
Then you need:
an
iptablesconfiguration that redirects on traffic content ora "service broker service" or "multiplexor service" that will accept incoming connections on a single port and route it to the appropriate daemon "behind it". If you want standard protocols to pass unmodified you may have to implement protocol sniffing/recognization in this multiplexor service, in a fashion that an IDS or layer-7 firewall would anaylze; completely possible with the great majority of protocols.
Per the second item, you could design this service to handle more than 2^16 "ports" if you really wanted to. I'm sure the performance impact will be minimal compared to the load of 2^16+ listeners running.
Daemons in Linux can be listening on unix sockets which exist in the filesystem, so your "multiplexor service" could maintain an internal mapping of external port <-> internal unix socket. You'll likely run into a kernel process limit (32Kbyte processes?) before running out of inodes on any modern filesystem.
Just because there is no good answer I wanted to chime in.
One way to do this would be to add an IP option which specifies the port extension. The option must be designed to fit within the optional portion of the IP header and would be skipped by unknown hops.
You would use this option and it's information information to extend the source, destination or both port numbers.
The limitations are not going to automatically work in existing software just by adding the option anyway, they will have to be rewritten to take advantage of the option no matter how it's implemented, existing software and firewalls will either ignore the packet or process it as usual using the value in the source and destination port fields.
In short it is not easy to do and would be better done using a single reusable listener and data contained in the payload of the packet.
You can also more easily allow port reuse in the software, which can help to overcome this limitation by reusing ports of the server for multiple client connections.
Rtsp for example can use the SessionId header in conjunction with various other headers in the payload of the IP packet to determine what connection the request was issued for and act accordingly e.g. if the socket from which the message was delivered is not the same as the socket's remote address to which the session corresponds then then one can either allow a session to be updated with the new socket for processing, deny the message or a variety of other actions depending on the application.
An Http server can also do this or any other type of server.
The key thing to remember when allowing reuse of ports is that you must also take into account the source IP address.