From 8ad182a1245c31bdfe6c0cf66ee93d43d1c5ae63 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Sat, 2 Jan 2016 15:18:23 +0100 Subject: [PATCH] resolved: explain why we don't check IP addresses/ports of incoming DNS UDP traffic --- src/resolve/resolved-dns-transaction.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index fb95554db3..c8248761b2 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -588,6 +588,11 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) { break; case DNS_PROTOCOL_DNS: + /* Note that we do not need to verify the + * addresses/port numbers of incoming traffic, as we + * invoked connect() on our UDP socket in which case + * the kernel already does the needed verification for + * us. */ break; default: -- 2.25.1