dhcp: Only use DHCP server port if explicitly configured
If a DHCP server is running on the same host it isn't necessary to bind the server port and might even cause conflicts.
This commit is contained in:
parent
50c4c1bb40
commit
707b70725a
|
@ -15,6 +15,21 @@ charon.plugins.dhcp.identity_lease = no
|
|||
charon.plugins.dhcp.server = 255.255.255.255
|
||||
DHCP server unicast or broadcast IP address.
|
||||
|
||||
charon.plugins.dhcp.use_server_port = no
|
||||
Use the DHCP server port (67) as source port when a unicast server address
|
||||
is configured.
|
||||
|
||||
Use the DHCP server port (67) as source port, instead of the DHCP client
|
||||
port (68), when a unicast server address is configured and the plugin acts
|
||||
as relay agent. When replying in this mode the DHCP server will always send
|
||||
packets to the DHCP server port and if no process binds that port an ICMP
|
||||
port unreachables will be sent back, which might be problematic for some
|
||||
DHCP servers. To avoid that, enabling this option will cause the plugin to
|
||||
bind the DHCP server port to send its requests when acting as relay agent.
|
||||
This is not necessary if a DHCP server is already running on the same host
|
||||
and might even cause conflicts (and since the server port is already bound,
|
||||
ICMPs should not be an issue).
|
||||
|
||||
charon.plugins.dhcp.interface
|
||||
Interface name the plugin uses for address allocation.
|
||||
|
||||
|
|
|
@ -800,7 +800,10 @@ dhcp_socket_t *dhcp_socket_create()
|
|||
destroy(this);
|
||||
return NULL;
|
||||
}
|
||||
if (!is_broadcast(this->dst))
|
||||
if (!is_broadcast(this->dst) &&
|
||||
lib->settings->get_bool(lib->settings,
|
||||
"%s.plugins.dhcp.use_server_port", FALSE,
|
||||
lib->ns))
|
||||
{
|
||||
/* when setting giaddr (which we do when we don't broadcast), the server
|
||||
* should respond to the server port on that IP, according to RFC 2131,
|
||||
|
@ -808,7 +811,9 @@ dhcp_socket_t *dhcp_socket_create()
|
|||
* kernel will respond with an ICMP port unreachable if there is no
|
||||
* socket bound to that port, which might be problematic with certain
|
||||
* DHCP servers. instead of opening an additional socket, that we don't
|
||||
* actually use, we can also just send our requests from port 67 */
|
||||
* actually use, we can also just send our requests from port 67.
|
||||
* we don't do this by default, as it might cause conflicts with DHCP
|
||||
* servers running on the same host */
|
||||
src.sin_port = htons(DHCP_SERVER_PORT);
|
||||
}
|
||||
if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1)
|
||||
|
|
Loading…
Reference in New Issue