don't accidentally increase repttl if it was small because of another (short-ttl...

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Wed, 17 May 2017 12:43:48 +0000 (12:43 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Wed, 17 May 2017 12:43:48 +0000 (12:43 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Wed, 17 May 2017 12:43:48 +0000 (12:43 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Wed, 17 May 2017 12:43:48 +0000 (12:43 +0000)
diff --git a/ipsecmod/ipsecmod.c b/ipsecmod/ipsecmod.c

index 132078a802e37e4bf04aace10374eb2584820270..f132c7e9f91f1cfba159b4aecbbd39f6cae32177 100644 (file)
--- a/ipsecmod/ipsecmod.c
+++ b/ipsecmod/ipsecmod.c
@@ -337,10 +337,12 @@ ipsecmod_handle_query(struct module_qstate* qstate,
                                 for(i=0; i<rrset_data->count+rrset_data->rrsig_count; i++)
                                         rrset_data->rr_ttl[i] = qstate->env->cfg->ipsecmod_max_ttl;
                                 /* Also update reply_info's TTL */
-                               qstate->return_msg->rep->ttl =
-                                       qstate->env->cfg->ipsecmod_max_ttl;
-                               qstate->return_msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(
-                                       qstate->return_msg->rep->ttl);
+                               if(qstate->return_msg->rep->ttl > (time_t)qstate->env->cfg->ipsecmod_max_ttl) {
+                                       qstate->return_msg->rep->ttl =
+                                               qstate->env->cfg->ipsecmod_max_ttl;
+                                       qstate->return_msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(
+                                               qstate->return_msg->rep->ttl);
+                               }
                         }
                 }
         }
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Wed, 17 May 2017 12:43:48 +0000 (12:43 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Wed, 17 May 2017 12:43:48 +0000 (12:43 +0000)