resolved: we don't need the DNS server "source" concept anymore, remove it

[elogind.git] / src / resolve / resolved-dns-query.c

diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index 42f4f23cb98ee83a612eabf35584a68db9c14243..ecffe069592ac1a7c60cd88bc72bd5b49101c6d5 100644 (file)
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -261,6 +261,9 @@ void dns_query_transaction_process_reply(DnsQueryTransaction *t, DnsPacket *p) {
                 if (p->family != t->scope->family)
                         return;
 
+                /* Don't accept UDP packets directed to anything but
+                 * the LLMNR multicast addresses. */
+
                 if (p->ipproto == IPPROTO_UDP) {
                         if (p->family == AF_INET && !in_addr_equal(AF_INET, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV4_ADDRESS))
                                 return;
@@ -268,6 +271,12 @@ void dns_query_transaction_process_reply(DnsQueryTransaction *t, DnsPacket *p) {
                         if (p->family == AF_INET6 && !in_addr_equal(AF_INET6, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV6_ADDRESS))
                                 return;
                 }
+
+                /* Tentative replies shall be discarded, see RFC 4795,
+                 * 2.1.1 */
+
+                if (DNS_PACKET_T(p))
+                        return;
         }
 
         if (t->scope->protocol == DNS_PROTOCOL_DNS) {