From: Tobias Brunner Date: Tue, 26 Jun 2018 13:48:07 +0000 (+0200) Subject: dhcp: Only use DHCP server port if explicitly configured X-Git-Tag: 5.7.0dr5~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=707b70725a7d4f91d96aee9c00ccfe549327e12f;p=thirdparty%2Fstrongswan.git dhcp: Only use DHCP server port if explicitly configured If a DHCP server is running on the same host it isn't necessary to bind the server port and might even cause conflicts. --- diff --git a/conf/plugins/dhcp.opt b/conf/plugins/dhcp.opt index 6b337bc347..7c6d31c879 100644 --- a/conf/plugins/dhcp.opt +++ b/conf/plugins/dhcp.opt @@ -15,6 +15,21 @@ charon.plugins.dhcp.identity_lease = no charon.plugins.dhcp.server = 255.255.255.255 DHCP server unicast or broadcast IP address. +charon.plugins.dhcp.use_server_port = no + Use the DHCP server port (67) as source port when a unicast server address + is configured. + + Use the DHCP server port (67) as source port, instead of the DHCP client + port (68), when a unicast server address is configured and the plugin acts + as relay agent. When replying in this mode the DHCP server will always send + packets to the DHCP server port and if no process binds that port an ICMP + port unreachables will be sent back, which might be problematic for some + DHCP servers. To avoid that, enabling this option will cause the plugin to + bind the DHCP server port to send its requests when acting as relay agent. + This is not necessary if a DHCP server is already running on the same host + and might even cause conflicts (and since the server port is already bound, + ICMPs should not be an issue). + charon.plugins.dhcp.interface Interface name the plugin uses for address allocation. diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index c26fcc9209..1e208d094f 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -800,7 +800,10 @@ dhcp_socket_t *dhcp_socket_create() destroy(this); return NULL; } - if (!is_broadcast(this->dst)) + if (!is_broadcast(this->dst) && + lib->settings->get_bool(lib->settings, + "%s.plugins.dhcp.use_server_port", FALSE, + lib->ns)) { /* when setting giaddr (which we do when we don't broadcast), the server * should respond to the server port on that IP, according to RFC 2131, @@ -808,7 +811,9 @@ dhcp_socket_t *dhcp_socket_create() * kernel will respond with an ICMP port unreachable if there is no * socket bound to that port, which might be problematic with certain * DHCP servers. instead of opening an additional socket, that we don't - * actually use, we can also just send our requests from port 67 */ + * actually use, we can also just send our requests from port 67. + * we don't do this by default, as it might cause conflicts with DHCP + * servers running on the same host */ src.sin_port = htons(DHCP_SERVER_PORT); } if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1)