From c73ee39d1031f8d7e01448bf1a9810943d7c6560 Mon Sep 17 00:00:00 2001 From: Tom Gundersen Date: Sat, 25 Jul 2015 05:14:08 +0200 Subject: resolved: transaction - don't explicitly verify packet source This is handled by the kernel now that the socket is connect()ed. --- src/resolve/resolved-dns-transaction.c | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index a8ff233673..b235fda3d2 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -350,24 +350,6 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) { } } - if (t->scope->protocol == DNS_PROTOCOL_DNS) { - - /* For DNS we are fine with accepting packets on any - * interface, but the source IP address must be the - * one of the DNS server we queried */ - - assert(t->server); - - if (t->server->family != p->family) - return; - - if (!in_addr_equal(p->family, &p->sender, &t->server->address)) - return; - - if (p->sender_port != 53) - return; - } - if (t->received != p) { dns_packet_unref(t->received); t->received = dns_packet_ref(p); -- cgit v1.2.3-54-g00ecf