summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-02 15:18:23 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-02 22:16:16 +0100
commit8ad182a1245c31bdfe6c0cf66ee93d43d1c5ae63 (patch)
treeae50cbc59b0ef2031952c4c3412b4af739e1e575
parent7f10b629f8d1517aa1588b43dc50966fb16320db (diff)
resolved: explain why we don't check IP addresses/ports of incoming DNS UDP traffic
-rw-r--r--src/resolve/resolved-dns-transaction.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index fb95554db3..c8248761b2 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -588,6 +588,11 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
break;
case DNS_PROTOCOL_DNS:
+ /* Note that we do not need to verify the
+ * addresses/port numbers of incoming traffic, as we
+ * invoked connect() on our UDP socket in which case
+ * the kernel already does the needed verification for
+ * us. */
break;
default: