From: Lennart Poettering <lennart@poettering.net>
Date: Sat, 2 Jan 2016 14:18:23 +0000 (+0100)
Subject: resolved: explain why we don't check IP addresses/ports of incoming DNS UDP traffic
X-Git-Tag: v229~179^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8ad182a1245c31bdfe6c0cf66ee93d43d1c5ae63;p=thirdparty%2Fsystemd.git

resolved: explain why we don't check IP addresses/ports of incoming DNS UDP traffic
---

diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index fb95554db33..c8248761b21 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -588,6 +588,11 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
                 break;
 
         case DNS_PROTOCOL_DNS:
+                /* Note that we do not need to verify the
+                 * addresses/port numbers of incoming traffic, as we
+                 * invoked connect() on our UDP socket in which case
+                 * the kernel already does the needed verification for
+                 * us. */
                 break;
 
         default: