diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 index 6b914ec..eb2cf3e 100644 --- a/man/dnsmasq.8 +++ b/man/dnsmasq.8 @@ -182,7 +182,8 @@ OS: this was the default behaviour in versions prior to 2.43. Do not use ports less than that given as source for outbound DNS queries. Dnsmasq picks random ports as source for outbound queries: when this option is given, the ports used will always to larger -than that specified. Useful for systems behind firewalls. +than that specified. Useful for systems behind firewalls. If not specified, +defaults to 1024. .TP .B --max-port= Use ports lower than that given as source for outbound DNS queries. diff --git a/src/dns-protocol.h b/src/dns-protocol.h index 4d560f6..4958830 100644 --- a/src/dns-protocol.h +++ b/src/dns-protocol.h @@ -16,6 +16,7 @@ #define NAMESERVER_PORT 53 #define TFTP_PORT 69 +#define MIN_PORT 1024 /* first non-reserved port */ #define MAX_PORT 65535u #define IN6ADDRSZ 16 diff --git a/src/dnsmasq.c b/src/dnsmasq.c index b3b9ed0..ad01944 100644 --- a/src/dnsmasq.c +++ b/src/dnsmasq.c @@ -224,9 +224,6 @@ int main (int argc, char **argv) die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF); #endif - if (daemon->max_port != MAX_PORT && daemon->min_port == 0) - daemon->min_port = 1024u; - if (daemon->max_port < daemon->min_port) die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF); diff --git a/src/network.c b/src/network.c index d92c003..0381513 100644 --- a/src/network.c +++ b/src/network.c @@ -1149,10 +1149,7 @@ int random_sock(int family) if (fix_fd(fd)) while(tries--) { - unsigned short port = rand16(); - - if (daemon->min_port != 0 || daemon->max_port != MAX_PORT) - port = htons(daemon->min_port + (port % ((unsigned short)ports_avail))); + unsigned short port = htons(daemon->min_port + (rand16() % ((unsigned short)ports_avail))); if (family == AF_INET) { diff --git a/src/option.c b/src/option.c index 831593b..e36734a 100644 --- a/src/option.c +++ b/src/option.c @@ -4653,6 +4653,7 @@ void read_opts(int argc, char **argv, char *compile_opts) daemon->soa_retry = SOA_RETRY; daemon->soa_expiry = SOA_EXPIRY; daemon->max_port = MAX_PORT; + daemon->min_port = MIN_PORT; #ifndef NO_ID add_txt("version.bind", "dnsmasq-" VERSION, 0 );