Blob Blame Raw
diff -up dhcp-4.3.4/server/bootp.c.unicast dhcp-4.3.4/server/bootp.c
--- dhcp-4.3.4/server/bootp.c.unicast	2016-03-22 14:16:51.000000000 +0100
+++ dhcp-4.3.4/server/bootp.c	2016-05-02 15:09:40.023243008 +0200
@@ -52,6 +52,7 @@ void bootp (packet)
 	char msgbuf [1024];
 	int ignorep;
 	int peer_has_leases = 0;
+	int norelay = 0;
 
 	if (packet -> raw -> op != BOOTREQUEST)
 		return;
@@ -67,7 +68,7 @@ void bootp (packet)
 		 ? inet_ntoa (packet -> raw -> giaddr)
 		 : packet -> interface -> name);
 
-	if (!locate_network (packet)) {
+	if ((norelay = locate_network (packet)) == 0) {
 		log_info ("%s: network unknown", msgbuf);
 		return;
 	}
@@ -428,6 +429,15 @@ void bootp (packet)
 
 			goto out;
 		}
+	} else if (norelay == 2) {
+		to.sin_addr = raw.ciaddr;
+		to.sin_port = remote_port;
+		if (fallback_interface) {
+			result = send_packet (fallback_interface, NULL, &raw,
+					      outgoing.packet_length, from,
+					      &to, &hto);
+			goto out;
+		}
 
 	/* If it comes from a client that already knows its address
 	   and is not requesting a broadcast response, and we can
diff -up dhcp-4.3.4/server/dhcp.c.unicast dhcp-4.3.4/server/dhcp.c
--- dhcp-4.3.4/server/dhcp.c.unicast	2016-03-22 14:16:51.000000000 +0100
+++ dhcp-4.3.4/server/dhcp.c	2016-05-02 15:10:13.255267511 +0200
@@ -5132,6 +5132,7 @@ int locate_network (packet)
 	struct data_string data;
 	struct subnet *subnet = (struct subnet *)0;
 	struct option_cache *oc;
+	int norelay = 0;
 
 #if defined(DHCPv6) && defined(DHCP4o6)
 	if (dhcpv4_over_dhcpv6 && (packet->dhcp4o6_response != NULL)) {
@@ -5153,12 +5154,24 @@ int locate_network (packet)
 	   from the interface, if there is one.   If not, fail. */
 	if (!oc && !packet -> raw -> giaddr.s_addr) {
 		if (packet -> interface -> shared_network) {
-			shared_network_reference
-				(&packet -> shared_network,
-				 packet -> interface -> shared_network, MDL);
-			return 1;
+			struct in_addr any_addr;
+			any_addr.s_addr = INADDR_ANY;
+
+			if (!packet -> packet_type && memcmp(&packet -> raw -> ciaddr, &any_addr, 4)) {
+				struct iaddr cip;
+				memcpy(cip.iabuf, &packet -> raw -> ciaddr, 4);
+				cip.len = 4;
+				if (!find_grouped_subnet(&subnet, packet->interface->shared_network, cip, MDL))
+					norelay = 2;
+			}
+
+			if (!norelay) {
+				shared_network_reference(&packet -> shared_network, packet -> interface -> shared_network, MDL);
+				return 1;
+			}
+		} else {
+			return 0;
 		}
-		return 0;
 	}
 
 	/* If there's an option indicating link connection, and it's valid,
@@ -5185,7 +5198,10 @@ int locate_network (packet)
 		data_string_forget (&data, MDL);
 	} else {
 		ia.len = 4;
-		memcpy (ia.iabuf, &packet -> raw -> giaddr, 4);
+		if (norelay)
+			memcpy (ia.iabuf, &packet->raw->ciaddr, 4);
+		else
+			memcpy (ia.iabuf, &packet->raw->giaddr, 4);
 	}
 
 	/* If we know the subnet on which the IP address lives, use it. */
@@ -5193,7 +5209,10 @@ int locate_network (packet)
 		shared_network_reference (&packet -> shared_network,
 					  subnet -> shared_network, MDL);
 		subnet_dereference (&subnet, MDL);
-		return 1;
+		if (norelay)
+			return norelay;
+		else
+			return 1;
 	}
 
 	/* Otherwise, fail. */