chiark / gitweb /
~ianmdlvl / elogind.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a2a416f)
resolved: the llmnr destination address check applies to queries, not to responses
authorLennart Poettering <lennart@poettering.net>
Tue, 29 Jul 2014 21:52:57 +0000 (23:52 +0200)
committerLennart Poettering <lennart@poettering.net>
Tue, 29 Jul 2014 21:53:08 +0000 (23:53 +0200)
src/resolve/resolved-dns-query.c patch | blob | history
src/resolve/resolved-dns-scope.c patch | blob | history

diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index f3007aa19c49b6bd57614759e484564f6819f459..271b8fd9c901ead0538d2bd0ea385e4c0bbc9468 100644 (file)
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -269,17 +269,6 @@ void dns_query_transaction_process_reply(DnsQueryTransaction *t, DnsPacket *p) {
                 if (p->family != t->scope->family)
                         return;
 
-                /* Don't accept UDP packets directed to anything but
-                 * the LLMNR multicast addresses. */
-
-                if (p->ipproto == IPPROTO_UDP) {
-                        if (p->family == AF_INET && !in_addr_equal(AF_INET, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV4_ADDRESS))
-                                return;
-
-                        if (p->family == AF_INET6 && !in_addr_equal(AF_INET6, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV6_ADDRESS))
-                                return;
-                }
-
                 /* Tentative replies shall be discarded, see RFC 4795,
                  * 2.1.1 */
 
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index 5742f3ef472c3bb98cf7be8fee1dcf465c0dc5b4..b975ac409230797e89915cf6cf64cf06da2e981e 100644 (file)
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -452,6 +452,18 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) {
         if (p->protocol != DNS_PROTOCOL_LLMNR)
                 return;
 
+        if (p->ipproto == IPPROTO_UDP) {
+                /* Don't accept UDP queries directed to anything but
+                 * the LLMNR multicast addresses. See RFC 4795,
+                 * section 2.5.*/
+
+                if (p->family == AF_INET && !in_addr_equal(AF_INET, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV4_ADDRESS))
+                        return;
+
+                if (p->family == AF_INET6 && !in_addr_equal(AF_INET6, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV6_ADDRESS))
+                        return;
+        }
+
         r = dns_packet_extract(p);
         if (r < 0) {
                 log_debug("Failed to extract resources from incoming packet: %s", strerror(-r));
Unnamed repository; edit this file 'description' to name the repository.