Randomize ports
This commit is contained in:
Petr Menšík
parent
72fa98ca1a
commit
8a0901a90e
87
dnsmasq-2.79-randomize-ports.patch
Normal file
87
dnsmasq-2.79-randomize-ports.patch
Normal file
@ -0,0 +1,87 @@
|
|||||||
|
From 6899c5c5b9a32aa2ce0513b5e69356844988c64e Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||||
|
Date: Thu, 9 Aug 2018 18:17:26 +0200
|
||||||
|
Subject: [PATCH] Use OS random ports by default
|
||||||
|
|
||||||
|
Unless max-port or min-port is given, let OS allocate random ports for
|
||||||
|
DNS queries. Randomize similar to --query-port=0, but for each query
|
||||||
|
separately. Would use port according to system policy.
|
||||||
|
---
|
||||||
|
src/dnsmasq.c | 2 +-
|
||||||
|
src/network.c | 15 ++++++++++++---
|
||||||
|
src/option.c | 4 +++-
|
||||||
|
3 files changed, 16 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
|
||||||
|
index 9f6c020..4cd478e 100644
|
||||||
|
--- a/src/dnsmasq.c
|
||||||
|
+++ b/src/dnsmasq.c
|
||||||
|
@@ -226,7 +226,7 @@ int main (int argc, char **argv)
|
||||||
|
die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
- if (daemon->max_port < daemon->min_port)
|
||||||
|
+ if (daemon->max_port >= 0 && daemon->max_port < daemon->min_port)
|
||||||
|
die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF);
|
||||||
|
|
||||||
|
now = dnsmasq_time();
|
||||||
|
diff --git a/src/network.c b/src/network.c
|
||||||
|
index 0381513..9747d26 100644
|
||||||
|
--- a/src/network.c
|
||||||
|
+++ b/src/network.c
|
||||||
|
@@ -1138,18 +1138,27 @@ int random_sock(int family)
|
||||||
|
if ((fd = socket(family, SOCK_DGRAM, 0)) != -1)
|
||||||
|
{
|
||||||
|
union mysockaddr addr;
|
||||||
|
- unsigned int ports_avail = ((unsigned short)daemon->max_port - (unsigned short)daemon->min_port) + 1;
|
||||||
|
- int tries = ports_avail < 30 ? 3 * ports_avail : 100;
|
||||||
|
+ unsigned short ports_avail = 0;
|
||||||
|
+ int tries = 100;
|
||||||
|
+ unsigned short port = 0;
|
||||||
|
|
||||||
|
memset(&addr, 0, sizeof(addr));
|
||||||
|
addr.sa.sa_family = family;
|
||||||
|
|
||||||
|
+ if (daemon->max_port >= 0)
|
||||||
|
+ {
|
||||||
|
+ ports_avail = ((unsigned short)daemon->max_port - (unsigned short)daemon->min_port) + 1;
|
||||||
|
+ if (ports_avail < 30)
|
||||||
|
+ tries = 3 * ports_avail;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* don't loop forever if all ports in use. */
|
||||||
|
|
||||||
|
if (fix_fd(fd))
|
||||||
|
while(tries--)
|
||||||
|
{
|
||||||
|
- unsigned short port = htons(daemon->min_port + (rand16() % ((unsigned short)ports_avail)));
|
||||||
|
+ if (ports_avail)
|
||||||
|
+ port = htons(daemon->min_port + (rand16() % ports_avail));
|
||||||
|
|
||||||
|
if (family == AF_INET)
|
||||||
|
{
|
||||||
|
diff --git a/src/option.c b/src/option.c
|
||||||
|
index d358d99..b7eaff0 100644
|
||||||
|
--- a/src/option.c
|
||||||
|
+++ b/src/option.c
|
||||||
|
@@ -2602,6 +2602,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
|
||||||
|
case LOPT_MINPORT: /* --min-port */
|
||||||
|
if (!atoi_check16(arg, &daemon->min_port))
|
||||||
|
ret_err(gen_err);
|
||||||
|
+ if (daemon->max_port < 0)
|
||||||
|
+ daemon->max_port = MAX_PORT;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case LOPT_MAXPORT: /* --max-port */
|
||||||
|
@@ -4678,7 +4680,7 @@ void read_opts(int argc, char **argv, char *compile_opts)
|
||||||
|
daemon->soa_refresh = SOA_REFRESH;
|
||||||
|
daemon->soa_retry = SOA_RETRY;
|
||||||
|
daemon->soa_expiry = SOA_EXPIRY;
|
||||||
|
- daemon->max_port = MAX_PORT;
|
||||||
|
+ daemon->max_port = -1;
|
||||||
|
daemon->min_port = MIN_PORT;
|
||||||
|
|
||||||
|
#ifndef NO_ID
|
||||||
|
--
|
||||||
|
2.14.4
|
||||||
|
|
||||||
@ -13,7 +13,7 @@
|
|||||||
|
|
||||||
Name: dnsmasq
|
Name: dnsmasq
|
||||||
Version: 2.79
|
Version: 2.79
|
||||||
Release: 7%{?extraversion:.%{extraversion}}%{?dist}
|
Release: 8%{?extraversion:.%{extraversion}}%{?dist}
|
||||||
Summary: A lightweight DHCP/caching DNS server
|
Summary: A lightweight DHCP/caching DNS server
|
||||||
|
|
||||||
License: GPLv2 or GPLv3
|
License: GPLv2 or GPLv3
|
||||||
@ -26,6 +26,7 @@ Source2: dnsmasq-systemd-sysusers.conf
|
|||||||
Patch1: dnsmasq-2.77-underflow.patch
|
Patch1: dnsmasq-2.77-underflow.patch
|
||||||
Patch3: dnsmasq-2.78-fips.patch
|
Patch3: dnsmasq-2.78-fips.patch
|
||||||
Patch4: dnsmasq-2.80-dnssec.patch
|
Patch4: dnsmasq-2.80-dnssec.patch
|
||||||
|
Patch5: dnsmasq-2.79-randomize-ports.patch
|
||||||
|
|
||||||
# This is workaround to nettle bug #1549190
|
# This is workaround to nettle bug #1549190
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
|
||||||
@ -63,6 +64,7 @@ server's leases.
|
|||||||
%patch1 -p1 -b .underflow
|
%patch1 -p1 -b .underflow
|
||||||
%patch3 -p1 -b .fips
|
%patch3 -p1 -b .fips
|
||||||
%patch4 -p1 -b .dnssec
|
%patch4 -p1 -b .dnssec
|
||||||
|
%patch5 -p1 -b .ports
|
||||||
|
|
||||||
# use /var/lib/dnsmasq instead of /var/lib/misc
|
# use /var/lib/dnsmasq instead of /var/lib/misc
|
||||||
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
|
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
|
||||||
@ -163,6 +165,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
|
|||||||
%{_mandir}/man1/dhcp_*
|
%{_mandir}/man1/dhcp_*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 09 2018 Petr Menšík <pemensik@redhat.com> - 2.79-8
|
||||||
|
- Better randomize ports
|
||||||
|
|
||||||
* Tue Jul 31 2018 Florian Weimer <fweimer@redhat.com> - 2.79-7
|
* Tue Jul 31 2018 Florian Weimer <fweimer@redhat.com> - 2.79-7
|
||||||
- Rebuild with fixed binutils
|
- Rebuild with fixed binutils
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user