diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-07-29 23:52:57 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-07-29 23:53:08 +0200 |
commit | 2442b93d15f5523aba0c5dc56a42757af889c483 (patch) | |
tree | 095c1e7ee80cb2dc152b2926270578ee06ac9dac | |
parent | a2a416f768e2aa7db5b975cd50eb19237cac9cce (diff) |
resolved: the llmnr destination address check applies to queries, not to responses
-rw-r--r-- | src/resolve/resolved-dns-query.c | 11 | ||||
-rw-r--r-- | src/resolve/resolved-dns-scope.c | 12 |
2 files changed, 12 insertions, 11 deletions
diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index f3007aa19c..271b8fd9c9 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -269,17 +269,6 @@ void dns_query_transaction_process_reply(DnsQueryTransaction *t, DnsPacket *p) { if (p->family != t->scope->family) return; - /* Don't accept UDP packets directed to anything but - * the LLMNR multicast addresses. */ - - if (p->ipproto == IPPROTO_UDP) { - if (p->family == AF_INET && !in_addr_equal(AF_INET, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV4_ADDRESS)) - return; - - if (p->family == AF_INET6 && !in_addr_equal(AF_INET6, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV6_ADDRESS)) - return; - } - /* Tentative replies shall be discarded, see RFC 4795, * 2.1.1 */ diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 5742f3ef47..b975ac4092 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -452,6 +452,18 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) { if (p->protocol != DNS_PROTOCOL_LLMNR) return; + if (p->ipproto == IPPROTO_UDP) { + /* Don't accept UDP queries directed to anything but + * the LLMNR multicast addresses. See RFC 4795, + * section 2.5.*/ + + if (p->family == AF_INET && !in_addr_equal(AF_INET, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV4_ADDRESS)) + return; + + if (p->family == AF_INET6 && !in_addr_equal(AF_INET6, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV6_ADDRESS)) + return; + } + r = dns_packet_extract(p); if (r < 0) { log_debug("Failed to extract resources from incoming packet: %s", strerror(-r)); |