Notification time stamped 2018-10-25 13:32:54 UTC
From 8a0901a90e38fb504c3127b7ec382dbf546fda50 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Oct 24 2018 16:54:52 +0000
Subject: Randomize ports
---
diff --git a/dnsmasq-2.79-randomize-ports.patch b/dnsmasq-2.79-randomize-ports.patch
new file mode 100644
index 0000000..e37931b
--- /dev/null
+++ b/dnsmasq-2.79-randomize-ports.patch
@@ -0,0 +1,87 @@
+From 6899c5c5b9a32aa2ce0513b5e69356844988c64e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik(a)redhat.com>
+Date: Thu, 9 Aug 2018 18:17:26 +0200
+Subject: [PATCH] Use OS random ports by default
+
+Unless max-port or min-port is given, let OS allocate random ports for
+DNS queries. Randomize similar to --query-port=0, but for each query
+separately. Would use port according to system policy.
+---
+ src/dnsmasq.c | 2 +-
+ src/network.c | 15 ++++++++++++---
+ src/option.c | 4 +++-
+ 3 files changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 9f6c020..4cd478e 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -226,7 +226,7 @@ int main (int argc, char **argv)
+ die(_("loop detection not available: set HAVE_LOOP in src/config.h"),
NULL, EC_BADCONF);
+ #endif
+
+- if (daemon->max_port < daemon->min_port)
++ if (daemon->max_port >= 0 && daemon->max_port <
daemon->min_port)
+ die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF);
+
+ now = dnsmasq_time();
+diff --git a/src/network.c b/src/network.c
+index 0381513..9747d26 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -1138,18 +1138,27 @@ int random_sock(int family)
+ if ((fd = socket(family, SOCK_DGRAM, 0)) != -1)
+ {
+ union mysockaddr addr;
+- unsigned int ports_avail = ((unsigned short)daemon->max_port - (unsigned
short)daemon->min_port) + 1;
+- int tries = ports_avail < 30 ? 3 * ports_avail : 100;
++ unsigned short ports_avail = 0;
++ int tries = 100;
++ unsigned short port = 0;
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sa.sa_family = family;
+
++ if (daemon->max_port >= 0)
++ {
++ ports_avail = ((unsigned short)daemon->max_port - (unsigned
short)daemon->min_port) + 1;
++ if (ports_avail < 30)
++ tries = 3 * ports_avail;
++ }
++
+ /* don't loop forever if all ports in use. */
+
+ if (fix_fd(fd))
+ while(tries--)
+ {
+- unsigned short port = htons(daemon->min_port + (rand16() % ((unsigned
short)ports_avail)));
++ if (ports_avail)
++ port = htons(daemon->min_port + (rand16() % ports_avail));
+
+ if (family == AF_INET)
+ {
+diff --git a/src/option.c b/src/option.c
+index d358d99..b7eaff0 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -2602,6 +2602,8 @@ static int one_opt(int option, char *arg, char *errstr, char
*gen_err, int comma
+ case LOPT_MINPORT: /* --min-port */
+ if (!atoi_check16(arg, &daemon->min_port))
+ ret_err(gen_err);
++ if (daemon->max_port < 0)
++ daemon->max_port = MAX_PORT;
+ break;
+
+ case LOPT_MAXPORT: /* --max-port */
+@@ -4678,7 +4680,7 @@ void read_opts(int argc, char **argv, char *compile_opts)
+ daemon->soa_refresh = SOA_REFRESH;
+ daemon->soa_retry = SOA_RETRY;
+ daemon->soa_expiry = SOA_EXPIRY;
+- daemon->max_port = MAX_PORT;
++ daemon->max_port = -1;
+ daemon->min_port = MIN_PORT;
+
+ #ifndef NO_ID
+--
+2.14.4
+
diff --git a/dnsmasq.spec b/dnsmasq.spec
index f1a5a9f..3319fd7 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -13,7 +13,7 @@
Name: dnsmasq
Version: 2.79
-Release: 7%{?extraversion:.%{extraversion}}%{?dist}
+Release: 8%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
@@ -26,6 +26,7 @@ Source2: dnsmasq-systemd-sysusers.conf
Patch1: dnsmasq-2.77-underflow.patch
Patch3: dnsmasq-2.78-fips.patch
Patch4: dnsmasq-2.80-dnssec.patch
+Patch5: dnsmasq-2.79-randomize-ports.patch
# This is workaround to nettle bug #1549190
#
https://bugzilla.redhat.com/show_bug.cgi?id=1549190
@@ -63,6 +64,7 @@ server's leases.
%patch1 -p1 -b .underflow
%patch3 -p1 -b .fips
%patch4 -p1 -b .dnssec
+%patch5 -p1 -b .ports
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
@@ -163,6 +165,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Thu Aug 09 2018 Petr Menšík <pemensik(a)redhat.com> - 2.79-8
+- Better randomize ports
+
* Tue Jul 31 2018 Florian Weimer <fweimer(a)redhat.com> - 2.79-7
- Rebuild with fixed binutils
https://src.fedoraproject.org/rpms/dnsmasq/c/8a0901a90e38fb504c3127b7ec38...