|
 |
429959 |
From 333856b1c1b032f937dd24d604f98cdb6dfe3d91 Mon Sep 17 00:00:00 2001
|
|
|
429959 |
From: Simon Kelley <simon@thekelleys.org.uk>
|
|
|
429959 |
Date: Mon, 29 Jan 2018 22:49:27 +0000
|
|
|
429959 |
Subject: [PATCH] Default min-port to 1024 to avoid reserved ports.
|
|
|
429959 |
|
|
|
429959 |
(cherry picked from commit baf553db0cdb50707ddab464fb3eff7786ea576c)
|
|
|
429959 |
---
|
|
|
429959 |
man/dnsmasq.8 | 3 ++-
|
|
|
429959 |
src/dns-protocol.h | 1 +
|
|
|
429959 |
src/dnsmasq.c | 3 ---
|
|
|
429959 |
src/network.c | 5 +----
|
|
|
429959 |
src/option.c | 1 +
|
|
|
429959 |
5 files changed, 5 insertions(+), 8 deletions(-)
|
|
|
429959 |
|
|
|
429959 |
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
|
|
|
429959 |
index 1f1b048..9b7adde 100644
|
|
|
429959 |
--- a/man/dnsmasq.8
|
|
|
429959 |
+++ b/man/dnsmasq.8
|
|
|
429959 |
@@ -182,7 +182,8 @@ OS: this was the default behaviour in versions prior to 2.43.
|
|
|
429959 |
Do not use ports less than that given as source for outbound DNS
|
|
|
429959 |
queries. Dnsmasq picks random ports as source for outbound queries:
|
|
|
429959 |
when this option is given, the ports used will always to larger
|
|
|
429959 |
-than that specified. Useful for systems behind firewalls.
|
|
|
429959 |
+than that specified. Useful for systems behind firewalls. If not specified,
|
|
|
429959 |
+defaults to 1024.
|
|
|
429959 |
.TP
|
|
|
429959 |
.B --max-port=<port>
|
|
|
429959 |
Use ports lower than that given as source for outbound DNS queries.
|
|
|
429959 |
diff --git a/src/dns-protocol.h b/src/dns-protocol.h
|
|
|
429959 |
index 75d8ffb..dd69b28 100644
|
|
|
429959 |
--- a/src/dns-protocol.h
|
|
|
429959 |
+++ b/src/dns-protocol.h
|
|
|
429959 |
@@ -16,6 +16,7 @@
|
|
|
429959 |
|
|
|
429959 |
#define NAMESERVER_PORT 53
|
|
|
429959 |
#define TFTP_PORT 69
|
|
|
429959 |
+#define MIN_PORT 1024 /* first non-reserved port */
|
|
|
429959 |
#define MAX_PORT 65535u
|
|
|
429959 |
|
|
|
429959 |
#define IN6ADDRSZ 16
|
|
|
429959 |
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
|
|
|
429959 |
index 83631ef..ae1aa96 100644
|
|
|
429959 |
--- a/src/dnsmasq.c
|
|
|
429959 |
+++ b/src/dnsmasq.c
|
|
|
429959 |
@@ -220,9 +220,6 @@ int main (int argc, char **argv)
|
|
|
429959 |
die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF);
|
|
|
429959 |
#endif
|
|
|
429959 |
|
|
|
429959 |
- if (daemon->max_port != MAX_PORT && daemon->min_port == 0)
|
|
|
429959 |
- daemon->min_port = 1024u;
|
|
|
429959 |
-
|
|
|
429959 |
if (daemon->max_port < daemon->min_port)
|
|
|
429959 |
die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF);
|
|
|
429959 |
|
|
|
429959 |
diff --git a/src/network.c b/src/network.c
|
|
|
429959 |
index fcd9d8d..d75f560 100644
|
|
|
429959 |
--- a/src/network.c
|
|
|
429959 |
+++ b/src/network.c
|
|
|
429959 |
@@ -1149,10 +1149,7 @@ int random_sock(int family)
|
|
|
429959 |
if (fix_fd(fd))
|
|
|
429959 |
while(tries--)
|
|
|
429959 |
{
|
|
|
429959 |
- unsigned short port = rand16();
|
|
|
429959 |
-
|
|
|
429959 |
- if (daemon->min_port != 0 || daemon->max_port != MAX_PORT)
|
|
|
429959 |
- port = htons(daemon->min_port + (port % ((unsigned short)ports_avail)));
|
|
|
429959 |
+ unsigned short port = htons(daemon->min_port + (rand16() % ((unsigned short)ports_avail)));
|
|
|
429959 |
|
|
|
429959 |
if (family == AF_INET)
|
|
|
429959 |
{
|
|
|
429959 |
diff --git a/src/option.c b/src/option.c
|
|
|
429959 |
index 3469f53..22846f6 100644
|
|
|
429959 |
--- a/src/option.c
|
|
|
429959 |
+++ b/src/option.c
|
|
|
429959 |
@@ -4521,6 +4521,7 @@ void read_opts(int argc, char **argv, char *compile_opts)
|
|
|
429959 |
daemon->soa_retry = SOA_RETRY;
|
|
|
429959 |
daemon->soa_expiry = SOA_EXPIRY;
|
|
|
429959 |
daemon->max_port = MAX_PORT;
|
|
|
429959 |
+ daemon->min_port = MIN_PORT;
|
|
|
429959 |
|
|
|
429959 |
add_txt("version.bind", "dnsmasq-" VERSION, 0 );
|
|
|
429959 |
add_txt("authors.bind", "Simon Kelley", 0);
|
|
|
429959 |
--
|
|
|
429959 |
2.20.1
|
|
|
429959 |
|