From: Roy Marples Date: Mon, 8 May 2023 14:52:11 +0000 (+0100) Subject: DHCP: Don't enforce the message came port 67 X-Git-Tag: v10.0.2~24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b9ac3021af19088fc70e0e7466adb717296cd3c7;p=thirdparty%2Fdhcpcd.git DHCP: Don't enforce the message came port 67 RFC2131 and updates make no mention of what the source port should or must be. Update for #179. --- diff --git a/src/bpf.c b/src/bpf.c index b75bfb04..caf9fda6 100644 --- a/src/bpf.c +++ b/src/bpf.c @@ -610,16 +610,19 @@ static const struct bpf_insn bpf_bootp_base[] = { #define BPF_BOOTP_BASE_LEN __arraycount(bpf_bootp_base) static const struct bpf_insn bpf_bootp_read[] = { - /* Make sure it's from and to the right port. */ - BPF_STMT(BPF_LD + BPF_W + BPF_IND, 0), - BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, (BOOTPS << 16) + BOOTPC, 1, 0), + /* Make sure it's to the right port. + * RFC2131 makes no mention of enforcing a source port. */ + BPF_STMT(BPF_LD + BPF_H + BPF_IND, offsetof(struct udphdr, uh_dport)), + BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, BOOTPC, 1, 0), BPF_STMT(BPF_RET + BPF_K, 0), }; #define BPF_BOOTP_READ_LEN __arraycount(bpf_bootp_read) #ifdef BIOCSETWF static const struct bpf_insn bpf_bootp_write[] = { - /* Make sure it's from and to the right port. */ + /* Make sure it's from and to the right port. + * RFC2131 makes no mention of encforcing a source port, + * but dhcpcd does enforce it for sending. */ BPF_STMT(BPF_LD + BPF_W + BPF_IND, 0), BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, (BOOTPC << 16) + BOOTPS, 1, 0), BPF_STMT(BPF_RET + BPF_K, 0), diff --git a/src/dhcp.c b/src/dhcp.c index 233bd107..edd1c011 100644 --- a/src/dhcp.c +++ b/src/dhcp.c @@ -3436,8 +3436,8 @@ is_packet_udp_bootp(void *packet, size_t plen) if (ip_hlen + ntohs(udp.uh_ulen) > plen) return false; - /* Check it's to and from the right ports. */ - if (udp.uh_dport != htons(BOOTPC) || udp.uh_sport != htons(BOOTPS)) + /* Check it's to the right port. */ + if (udp.uh_dport != htons(BOOTPC)) return false; return true;