Re: dhcrelay(8): filter BOOTREPLY packets

[Jeremie Courreges-Anglas]

Rafael Zalamena  writes:

> This diff makes dhcrelay(8) drop packets that were not meant for us.
> This is a safety check suggested by jca@ to avoid relaying packets with
> the address of other relays.
>
> ok?

ok

In the commit message please mention that the most likely source of this
kind of packets is the BPF socket.

> Index: dhcrelay.c
> ===
> RCS file: /cvs/src/usr.sbin/dhcrelay/dhcrelay.c,v
> retrieving revision 1.49
> diff -u -p -r1.49 dhcrelay.c
> --- dhcrelay.c8 Dec 2016 19:18:15 -   1.49
> +++ dhcrelay.c8 Dec 2016 19:52:51 -
> @@ -276,6 +276,11 @@ relay(struct interface_info *ip, struct 
>  
>   /* If it's a bootreply, forward it to the client. */
>   if (packet->op == BOOTREPLY) {
> + /* Filter packet that were not meant for us. */
> + if (packet->giaddr.s_addr !=
> + interfaces->primary_address.s_addr)
> + return;
> +
>   bzero(, sizeof(to));
>   if (!(packet->flags & htons(BOOTP_BROADCAST))) {
>   to.sin_addr = packet->yiaddr;
>

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

dhcrelay(8): filter BOOTREPLY packets

[Rafael Zalamena]

This diff makes dhcrelay(8) drop packets that were not meant for us.
This is a safety check suggested by jca@ to avoid relaying packets with
the address of other relays.

ok?

Index: dhcrelay.c
===
RCS file: /cvs/src/usr.sbin/dhcrelay/dhcrelay.c,v
retrieving revision 1.49
diff -u -p -r1.49 dhcrelay.c
--- dhcrelay.c  8 Dec 2016 19:18:15 -   1.49
+++ dhcrelay.c  8 Dec 2016 19:52:51 -
@@ -276,6 +276,11 @@ relay(struct interface_info *ip, struct 
 
/* If it's a bootreply, forward it to the client. */
if (packet->op == BOOTREPLY) {
+   /* Filter packet that were not meant for us. */
+   if (packet->giaddr.s_addr !=
+   interfaces->primary_address.s_addr)
+   return;
+
bzero(, sizeof(to));
if (!(packet->flags & htons(BOOTP_BROADCAST))) {
to.sin_addr = packet->yiaddr;