[systemd-commits] src/libsystemd-network

Tom Gundersen tomegun at kemper.freedesktop.org
Wed Apr 2 05:50:03 PDT 2014


 src/libsystemd-network/dhcp-network.c |   18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

New commits:
commit bc29e507e2731d594ab577d04c13d771b39fa0c1
Author: Tom Gundersen <teg at jklm.no>
Date:   Mon Mar 31 09:54:18 2014 +0200

    sd-dhcp-client: use BPF on raw socket
    
    Filter out everything except UDP packets destined for the DHCP client port,
    this should avoid the vast majority of spurious wakeups.
    
    Filter based on [0], with permission.
    
    Possible improvemnts: also check for the DHCP magic cookie to drop invalid
    packets. Check for our xid to filter out packets destined for other clients.
    
    [0]: <https://github.com/ambrop72/badvpn/blob/master/dhcpclient/BDHCPClient.c#L57>

diff --git a/src/libsystemd-network/dhcp-network.c b/src/libsystemd-network/dhcp-network.c
index ecc94b9..8bfb2d5 100644
--- a/src/libsystemd-network/dhcp-network.c
+++ b/src/libsystemd-network/dhcp-network.c
@@ -25,6 +25,7 @@
 #include <net/ethernet.h>
 #include <stdio.h>
 #include <unistd.h>
+#include <linux/filter.h>
 
 #include "socket-util.h"
 
@@ -32,6 +33,19 @@
 
 int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link)
 {
+        struct sock_filter filter[] = {
+            BPF_STMT(BPF_LD + BPF_B + BPF_ABS, offsetof(DHCPPacket, ip.protocol)), /* A <- IP protocol */
+            BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 1, 0),                /* IP protocol = UDP? */
+            BPF_STMT(BPF_RET + BPF_K, 0),                                          /* ignore */
+            BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(DHCPPacket, udp.dest)),    /* A <- UDP destination port */
+            BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, DHCP_PORT_CLIENT, 1, 0),           /* UDP destination port = DHCP client? */
+            BPF_STMT(BPF_RET + BPF_K, 0),                                          /* ignore */
+            BPF_STMT(BPF_RET + BPF_K, 65535),                                      /* return all */
+        };
+        struct sock_fprog fprog = {
+            .len = ELEMENTSOF(filter),
+            .filter = filter
+        };
         int s, one = 1;
 
         assert(index > 0);
@@ -50,6 +64,10 @@ int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link)
         if (setsockopt (s, SOL_PACKET, PACKET_AUXDATA, &one, sizeof(one)) < 0)
                 return -errno;
 
+        if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &fprog, sizeof(fprog)) < 0) {
+                return -errno;
+        }
+
         if (bind(s, &link->sa, sizeof(link->ll)) < 0) {
                 safe_close(s);
                 return -errno;



More information about the systemd-commits mailing list