From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 21 Dec 2015 15:23:48 +0000 (+0100)
Subject: resolved: split out a new dns_type_may_redirect() call
X-Git-Tag: v229~189^2~39
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d3c7e9139c50bec5096925a09b9c1341942c72c4;p=thirdparty%2Fsystemd.git

resolved: split out a new dns_type_may_redirect() call

Let's abstract which RRs shall honour CNAMEs, and which ones should not.
---

diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c
index cc52ef9abe0..0571d65f0ba 100644
--- a/src/resolve/dns-type.c
+++ b/src/resolve/dns-type.c
@@ -95,6 +95,25 @@ bool dns_class_is_valid_rr(uint16_t class) {
         return class != DNS_CLASS_ANY;
 }
 
+bool dns_type_may_redirect(uint16_t type) {
+        /* The following record types should never be redirected using
+         * CNAME/DNAME RRs. See
+         * <https://tools.ietf.org/html/rfc4035#section-2.5>. */
+
+        if (dns_type_is_pseudo(type))
+                return false;
+
+        return !IN_SET(type,
+                       DNS_TYPE_CNAME,
+                       DNS_TYPE_DNAME,
+                       DNS_TYPE_NSEC3,
+                       DNS_TYPE_NSEC,
+                       DNS_TYPE_RRSIG,
+                       DNS_TYPE_NXT,
+                       DNS_TYPE_SIG,
+                       DNS_TYPE_KEY);
+}
+
 const char *dns_class_to_string(uint16_t class) {
 
         switch (class) {
diff --git a/src/resolve/dns-type.h b/src/resolve/dns-type.h
index bea0adaa16f..c3bb26a5eef 100644
--- a/src/resolve/dns-type.h
+++ b/src/resolve/dns-type.h
@@ -128,6 +128,7 @@ enum {
 bool dns_type_is_pseudo(uint16_t type);
 bool dns_type_is_valid_query(uint16_t type);
 bool dns_type_is_valid_rr(uint16_t type);
+bool dns_type_may_redirect(uint16_t type);
 
 bool dns_class_is_pseudo(uint16_t class);
 bool dns_class_is_valid_rr(uint16_t class);
diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c
index f50d780ebbb..31154fbc771 100644
--- a/src/resolve/resolved-dns-cache.c
+++ b/src/resolve/resolved-dns-cache.c
@@ -672,11 +672,7 @@ static DnsCacheItem *dns_cache_get_by_key_follow_cname_dname_nsec(DnsCache *c, D
         if (i && i->type == DNS_CACHE_NXDOMAIN)
                 return i;
 
-        /* The following record types should never be redirected. See
-         * <https://tools.ietf.org/html/rfc4035#section-2.5>. */
-        if (!IN_SET(k->type, DNS_TYPE_CNAME, DNS_TYPE_DNAME,
-                            DNS_TYPE_NSEC3, DNS_TYPE_NSEC, DNS_TYPE_RRSIG,
-                            DNS_TYPE_NXT, DNS_TYPE_SIG, DNS_TYPE_KEY)) {
+        if (dns_type_may_redirect(k->type)) {
                 /* Check if we have a CNAME record instead */
                 i = hashmap_get(c->by_key, &DNS_RESOURCE_KEY_CONST(k->class, DNS_TYPE_CNAME, n));
                 if (i)