[systemd-commits] src/libsystemd-network
Tom Gundersen
tomegun at kemper.freedesktop.org
Wed Apr 2 05:50:03 PDT 2014
src/libsystemd-network/dhcp-network.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
New commits:
commit bc29e507e2731d594ab577d04c13d771b39fa0c1
Author: Tom Gundersen <teg at jklm.no>
Date: Mon Mar 31 09:54:18 2014 +0200
sd-dhcp-client: use BPF on raw socket
Filter out everything except UDP packets destined for the DHCP client port,
this should avoid the vast majority of spurious wakeups.
Filter based on [0], with permission.
Possible improvemnts: also check for the DHCP magic cookie to drop invalid
packets. Check for our xid to filter out packets destined for other clients.
[0]: <https://github.com/ambrop72/badvpn/blob/master/dhcpclient/BDHCPClient.c#L57>
diff --git a/src/libsystemd-network/dhcp-network.c b/src/libsystemd-network/dhcp-network.c
index ecc94b9..8bfb2d5 100644
--- a/src/libsystemd-network/dhcp-network.c
+++ b/src/libsystemd-network/dhcp-network.c
@@ -25,6 +25,7 @@
#include <net/ethernet.h>
#include <stdio.h>
#include <unistd.h>
+#include <linux/filter.h>
#include "socket-util.h"
@@ -32,6 +33,19 @@
int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link)
{
+ struct sock_filter filter[] = {
+ BPF_STMT(BPF_LD + BPF_B + BPF_ABS, offsetof(DHCPPacket, ip.protocol)), /* A <- IP protocol */
+ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 1, 0), /* IP protocol = UDP? */
+ BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */
+ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(DHCPPacket, udp.dest)), /* A <- UDP destination port */
+ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, DHCP_PORT_CLIENT, 1, 0), /* UDP destination port = DHCP client? */
+ BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */
+ BPF_STMT(BPF_RET + BPF_K, 65535), /* return all */
+ };
+ struct sock_fprog fprog = {
+ .len = ELEMENTSOF(filter),
+ .filter = filter
+ };
int s, one = 1;
assert(index > 0);
@@ -50,6 +64,10 @@ int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link)
if (setsockopt (s, SOL_PACKET, PACKET_AUXDATA, &one, sizeof(one)) < 0)
return -errno;
+ if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &fprog, sizeof(fprog)) < 0) {
+ return -errno;
+ }
+
if (bind(s, &link->sa, sizeof(link->ll)) < 0) {
safe_close(s);
return -errno;
More information about the systemd-commits
mailing list