Re: Iptables not blocking DHCP/UDP correctly?
On 29 Oct 2004, Mike Mestnik wrote:
> --- Bart-Jan Vrielink <email@example.com> wrote:
>> On Fri, 2004-10-29 at 00:27 +0200, Bernd Eckenfels wrote:
>>> On Thu, Oct 28, 2004 at 11:20:24PM +0200, Bart-Jan Vrielink wrote:
>>>> On Thu, 2004-10-28 at 14:15 -0400, Larry Kelly wrote:
>>> DHCP is not UDP, it is protocol "bootp"
DHCP is a UDP protocol, primarily.
> DHCP protocol is complex in that it uses MAC and IP tricks to work
> correctly. I'm sure you could use UDP sockets, but I think the code for
> this would be vary messy. Instead the authors of DHCP have decided to
> handel the UDP protocol them selfs, I for one respect there discision.
Actually, the authors of the ISC DHCP stack, which is the most commonly
used stack, dislike implementing the protocol parsing themselves (well,
himself, anyway) intensely.
Traditionally, Linux would allow a NIC to be assigned the address
'0.0.0.0', and would route packets correctly from that.
That changed, for what seem like sound technical reasons, and prevented
the ISC DHCP code working as a side-effect.
After that the ISC code fell back to the raw socket parser which, in the
opinion of the Linux network developers, is more correct any.
A stupid man's report of what a clever man says can never be accurate, because
he unconsciously translates what he hears into something he can understand.
-- Bertrand Russell