dhcp: Only use DHCP server port if explicitly configured
If a DHCP server is running on the same host it isn't necessary to bind the server port and might even cause conflicts.
This commit is contained in:
parent
50c4c1bb40
commit
707b70725a
|
@ -15,6 +15,21 @@ charon.plugins.dhcp.identity_lease = no
|
||||||
charon.plugins.dhcp.server = 255.255.255.255
|
charon.plugins.dhcp.server = 255.255.255.255
|
||||||
DHCP server unicast or broadcast IP address.
|
DHCP server unicast or broadcast IP address.
|
||||||
|
|
||||||
|
charon.plugins.dhcp.use_server_port = no
|
||||||
|
Use the DHCP server port (67) as source port when a unicast server address
|
||||||
|
is configured.
|
||||||
|
|
||||||
|
Use the DHCP server port (67) as source port, instead of the DHCP client
|
||||||
|
port (68), when a unicast server address is configured and the plugin acts
|
||||||
|
as relay agent. When replying in this mode the DHCP server will always send
|
||||||
|
packets to the DHCP server port and if no process binds that port an ICMP
|
||||||
|
port unreachables will be sent back, which might be problematic for some
|
||||||
|
DHCP servers. To avoid that, enabling this option will cause the plugin to
|
||||||
|
bind the DHCP server port to send its requests when acting as relay agent.
|
||||||
|
This is not necessary if a DHCP server is already running on the same host
|
||||||
|
and might even cause conflicts (and since the server port is already bound,
|
||||||
|
ICMPs should not be an issue).
|
||||||
|
|
||||||
charon.plugins.dhcp.interface
|
charon.plugins.dhcp.interface
|
||||||
Interface name the plugin uses for address allocation.
|
Interface name the plugin uses for address allocation.
|
||||||
|
|
||||||
|
|
|
@ -800,7 +800,10 @@ dhcp_socket_t *dhcp_socket_create()
|
||||||
destroy(this);
|
destroy(this);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (!is_broadcast(this->dst))
|
if (!is_broadcast(this->dst) &&
|
||||||
|
lib->settings->get_bool(lib->settings,
|
||||||
|
"%s.plugins.dhcp.use_server_port", FALSE,
|
||||||
|
lib->ns))
|
||||||
{
|
{
|
||||||
/* when setting giaddr (which we do when we don't broadcast), the server
|
/* when setting giaddr (which we do when we don't broadcast), the server
|
||||||
* should respond to the server port on that IP, according to RFC 2131,
|
* should respond to the server port on that IP, according to RFC 2131,
|
||||||
|
@ -808,7 +811,9 @@ dhcp_socket_t *dhcp_socket_create()
|
||||||
* kernel will respond with an ICMP port unreachable if there is no
|
* kernel will respond with an ICMP port unreachable if there is no
|
||||||
* socket bound to that port, which might be problematic with certain
|
* socket bound to that port, which might be problematic with certain
|
||||||
* DHCP servers. instead of opening an additional socket, that we don't
|
* DHCP servers. instead of opening an additional socket, that we don't
|
||||||
* actually use, we can also just send our requests from port 67 */
|
* actually use, we can also just send our requests from port 67.
|
||||||
|
* we don't do this by default, as it might cause conflicts with DHCP
|
||||||
|
* servers running on the same host */
|
||||||
src.sin_port = htons(DHCP_SERVER_PORT);
|
src.sin_port = htons(DHCP_SERVER_PORT);
|
||||||
}
|
}
|
||||||
if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1)
|
if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1)
|
||||||
|
|
Loading…
Reference in New Issue