[Dnsmasq-discuss] Bug in 2.31 and dhcp relay

Simon Kelley simon at thekelleys.org.uk
Tue Jun 27 14:46:34 BST 2006


Dirk Schenkewitz wrote:
> On Monday, 26. June 2006 15:11, Simon Kelley wrote:
> 

> Although I have no idea what this really is about, I have an opinion.
>  ;-)
> 
> Just to be sure: The change was made around 2.28 to deal with a 
> certain issue (and it really solved the problem, isn't it?) and now 
> it turned out that it breaks another thing - is that correct?


> 
> If that's correct, then my idea/suggestion is: Simon, please don't 
> revert it completely, make it a compile-time option instead. This
> would still have the disadvantage that one cannot have a solution for
> both problems at the
> 
> same time, but this will hopefully happen very rarely.
> 
> The story goes like this: prior to 2.28, DHCP replies were always 
> send
to port 67 (client) or port 68 (relay) and the source port in the
original DHCP request was ignored.]

In 2.28 this changed, the source port  is now used and long as it's not
zero. The main reason for this is for non-privileged clients which do
DHCPINFORM queries to get configuration information. In theory, a web
browser (for instance) can get the location of the proxy it is to use
from a DHCP option.) But a web browser can't send the DHCPINFORM message
from port 67, since that is probably in use by the DHCP client, and a
process not running as root can't binf ports < 1024 anyway. By replying
to the real source port, DHCPINFORM queries from high ports will get
answers.

For completeness (or because I didn't appreciate that it might cause
problems), the same change was made to the code that talks to relays.
This might be useful for a relay which is using non-standard ports, but
it's utility is much less than for the client code. Since it's only the
relay stuff which has broken, I'm happy to revert that, and leave the
more useful client change.

There's no need for an obscure option since the useful change isn't
broken and doesn't need to be reverted, whilst the broken change (for
relays) can be revereted without losing any new functionality.

Cheers,

Simon.



More information about the Dnsmasq-discuss mailing list