diff options
author | Lennart Poettering <lennart@poettering.net> | 2020-11-10 18:06:19 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-02-16 10:03:43 +0100 |
commit | 43fc4baa26ccf3bc5ee65d4c6fa4890084632f2b (patch) | |
tree | 48a1349811c1c8e62c10e7dada6f6a3a99bcc2f7 /src/resolve/resolved-dns-query.h | |
parent | 6f055e43b817b66e6d4f6e4022f0a115dc35651b (diff) | |
download | systemd-43fc4baa26ccf3bc5ee65d4c6fa4890084632f2b.tar.gz |
resolved: add "confidential" flag for replies passed to clients
Let's introduce a new flag that indicates whether the response was
acquired in "confidential" mode, i.e. via encrypted DNS-over-TLS, or
synthesized locally.
Fixes: #12859
Diffstat (limited to 'src/resolve/resolved-dns-query.h')
-rw-r--r-- | src/resolve/resolved-dns-query.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-query.h b/src/resolve/resolved-dns-query.h index 1a30433e8c..607390b8ef 100644 --- a/src/resolve/resolved-dns-query.h +++ b/src/resolve/resolved-dns-query.h @@ -72,6 +72,7 @@ struct DnsQuery { DnsSearchDomain *answer_search_domain; int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */ bool previous_redirect_unauthenticated; + bool previous_redirect_non_confidential; DnsPacket *answer_full_packet; /* Bus + Varlink client information */ @@ -132,3 +133,13 @@ const char *dns_query_string(DnsQuery *q); DEFINE_TRIVIAL_CLEANUP_FUNC(DnsQuery*, dns_query_free); bool dns_query_fully_authenticated(DnsQuery *q); +bool dns_query_fully_confidential(DnsQuery *q); + +static inline uint64_t dns_query_reply_flags_make(DnsQuery *q) { + assert(q); + + return SD_RESOLVED_FLAGS_MAKE(q->answer_protocol, + q->answer_family, + dns_query_fully_authenticated(q), + dns_query_fully_confidential(q)); +} |