diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-11-05 16:27:55 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2021-02-14 23:12:22 +0100 |
| commit | 49ef064c8dcd8ed12d98e6c705e676babade0897 (patch) | |
| tree | dabc1284d3ab84209bab5b0f2eef29de4e38e308 /src/resolve/resolved-manager.c | |
| parent | resolved: refuse packets looped back to us (diff) | |
| download | systemd-49ef064c8dcd8ed12d98e6c705e676babade0897.tar.xz systemd-49ef064c8dcd8ed12d98e6c705e676babade0897.zip | |
resolved: refuse sending packets to our own stub listeners
A previous commit made sure that when one of our own packets is looped
back to us, we ignore it. But let's go one step further, and refuse
operation if we notice the server we talk to is our own. This way we
won't generate unnecessary traffic and can return a cleaner error.
Fixes: #17413
Diffstat (limited to 'src/resolve/resolved-manager.c')
| -rw-r--r-- | src/resolve/resolved-manager.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c index 9d178abcb5..b41308204e 100644 --- a/src/resolve/resolved-manager.c +++ b/src/resolve/resolved-manager.c @@ -1618,3 +1618,27 @@ bool manager_next_dnssd_names(Manager *m) { return tried; } + +bool manager_server_is_stub(Manager *m, DnsServer *s) { + DnsStubListenerExtra *l; + + assert(m); + assert(s); + + /* Safety check: we generally already skip the main stub when parsing configuration. But let's be + * extra careful, and check here again */ + if (s->family == AF_INET && + s->address.in.s_addr == htobe32(INADDR_DNS_STUB) && + dns_server_port(s) == 53) + return true; + + /* Main reason to call this is to check server data against the extra listeners, and filter things + * out. */ + ORDERED_SET_FOREACH(l, m->dns_extra_stub_listeners) + if (s->family == l->family && + in_addr_equal(s->family, &s->address, &l->address) && + dns_server_port(s) == dns_stub_listener_extra_port(l)) + return true; + + return false; +} |