resolved: explain why we don't check IP addresses/ports of incoming DNS UDP traffic

2016-01-02 15:18:23 +01:00 · 2016-01-02 15:18:23 +01:00 · 8ad182a124
parent 7f10b629f8
commit 8ad182a124
1 changed files with 5 additions and 0 deletions
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@ -588,6 +588,11 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
                break;

        case DNS_PROTOCOL_DNS:
+                /* Note that we do not need to verify the
+                 * addresses/port numbers of incoming traffic, as we
+                 * invoked connect() on our UDP socket in which case
+                 * the kernel already does the needed verification for
+                 * us. */
                break;

        default: