diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-02 15:18:23 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-02 22:16:16 +0100 |
commit | 8ad182a1245c31bdfe6c0cf66ee93d43d1c5ae63 (patch) | |
tree | ae50cbc59b0ef2031952c4c3412b4af739e1e575 | |
parent | 7f10b629f8d1517aa1588b43dc50966fb16320db (diff) |
resolved: explain why we don't check IP addresses/ports of incoming DNS UDP traffic
-rw-r--r-- | src/resolve/resolved-dns-transaction.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index fb95554db3..c8248761b2 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -588,6 +588,11 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) { break; case DNS_PROTOCOL_DNS: + /* Note that we do not need to verify the + * addresses/port numbers of incoming traffic, as we + * invoked connect() on our UDP socket in which case + * the kernel already does the needed verification for + * us. */ break; default: |