No DHCP IP if OFFER or ACK coming from non-BOOTPS port

[Shoikan]

Hi,

We've run into some problems that took us a while to troubleshoot with iPXE. Imagine a random setup with a DHCP server, a DHCP relay, and a client. All is set up as one normally would. The following flow will then proceed:

• Client performs a DHCP discover
• DHCP relay passes on discover to DHCP server
• Server receives DHCP discover
• Server sends DHCP offer
• Relay passes on offer to client
• etc.
  

This all works nicely if the DHCP relay is a well behaving relay, or the client is not too picky. In our case, we use a Checkpoint firewall as a relay. The Checkpoint firewall is.. euhh.. not quite well behaved: it sends the packets on to the client on a random non-privileged port (>1024). So you get:

• Discover
• Offer
• Discover
• etc..
  

When checking the iPXE source we see there is a hard requirement that the source port that the offer and ack packets are sent from to the client HAVE to be on the BOOTPS port (from: https://git.ipxe.org/ipxe.git/blob/maste...dp/dhcp.c, line 400):

Code:

if ( ip.s_addr && ( peer->sin_port == htons ( BOOTPS_PORT ) ) &&

.

Now, if I check the RFC, I couldn't find a solid confirmation that this behaviour is a requirement. Apparently, the client in the OS (happens to be Linux) is more lenient and accepts it just fine.

So I wonder: is Checkpoint wrong in answering from an odd port, or is iPXE unnecessarily picky in this case?[/code]