Change the method of allocation of random source ports for DNS.
Previously, without min-port or max-port configured, dnsmasq would
default to the compiled in defaults for those, which are 1024 and
65535. Now, when neither are configured, it defaults instead to
the kernel's ephemeral port range, which is typically
32768 to 60999 on Linux systems. This change eliminates the
possibility that dnsmasq may be using a registered port > 1024
when a long-running daemon starts up and wishes to claim it.
This change does likely slighly reduce the number of random ports
and therefore the protection from reply spoofing. The older
behaviour can be restored using the min-port and max-port config
switches should that be a concern.
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index d1806fc..fa9ae15 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -237,9 +237,16 @@
die(_("Ubus not available: set HAVE_UBUS in src/config.h"), NULL, EC_BADCONF);
#endif
+ /* Handle only one of min_port/max_port being set. */
+ if (daemon->min_port != 0 && daemon->max_port == 0)
+ daemon->max_port = MAX_PORT;
+
+ if (daemon->max_port != 0 && daemon->min_port == 0)
+ daemon->min_port = MIN_PORT;
+
if (daemon->max_port < daemon->min_port)
die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF);
-
+
now = dnsmasq_time();
if (daemon->auth_zones)