From: Roy Marples Date: Mon, 8 May 2023 14:52:11 +0000 (+0100) Subject: DHCP: Don't enforce the message came port 67 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e127eac6903524d401b31893167e4529b8ab111;p=thirdparty%2Fdhcpcd.git DHCP: Don't enforce the message came port 67 RFC2131 and updates make no mention of what the source port should or must be. Update for #179. --- diff --git a/src/bpf.c b/src/bpf.c index 339f3a01..44b08e6e 100644 --- a/src/bpf.c +++ b/src/bpf.c @@ -612,16 +612,19 @@ static const struct bpf_insn bpf_bootp_base[] = { #define BPF_BOOTP_BASE_LEN __arraycount(bpf_bootp_base) static const struct bpf_insn bpf_bootp_read[] = { - /* Make sure it's from and to the right port. */ - BPF_STMT(BPF_LD + BPF_W + BPF_IND, 0), - BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, (BOOTPS << 16) + BOOTPC, 1, 0), + /* Make sure it's to the right port. + * RFC2131 makes no mention of enforcing a source port. */ + BPF_STMT(BPF_LD + BPF_H + BPF_IND, offsetof(struct udphdr, uh_dport)), + BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, BOOTPC, 1, 0), BPF_STMT(BPF_RET + BPF_K, 0), }; #define BPF_BOOTP_READ_LEN __arraycount(bpf_bootp_read) #ifdef BIOCSETWF static const struct bpf_insn bpf_bootp_write[] = { - /* Make sure it's from and to the right port. */ + /* Make sure it's from and to the right port. + * RFC2131 makes no mention of encforcing a source port, + * but dhcpcd does enforce it for sending. */ BPF_STMT(BPF_LD + BPF_W + BPF_IND, 0), BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, (BOOTPC << 16) + BOOTPS, 1, 0), BPF_STMT(BPF_RET + BPF_K, 0), diff --git a/src/dhcp.c b/src/dhcp.c index f7680760..9a790b50 100644 --- a/src/dhcp.c +++ b/src/dhcp.c @@ -3459,8 +3459,8 @@ is_packet_udp_bootp(void *packet, size_t plen) if (ip_hlen + ntohs(udp.uh_ulen) > plen) return false; - /* Check it's to and from the right ports. */ - if (udp.uh_dport != htons(BOOTPC) || udp.uh_sport != htons(BOOTPS)) + /* Check it's to the right port. */ + if (udp.uh_dport != htons(BOOTPC)) return false; return true;