diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-03-05 18:01:27 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-03-06 14:04:21 +0100 |
commit | 39005e187095062718621880e5d8ad707ac8fe8f (patch) | |
tree | 09dd429ad707c74e24e47ca326a17b708b409511 /src/resolve/resolved-dns-stub.c | |
parent | 4838dc4f2be1d29da9ce9a930c48717a4491d70e (diff) | |
download | systemd-39005e187095062718621880e5d8ad707ac8fe8f.tar.gz |
resolved: split out helper that checks whether we shall reply with EDNS0 DO
Just some refactoring, no actual code changes.
Diffstat (limited to 'src/resolve/resolved-dns-stub.c')
-rw-r--r-- | src/resolve/resolved-dns-stub.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c index c3a28d390a..b4df5837aa 100644 --- a/src/resolve/resolved-dns-stub.c +++ b/src/resolve/resolved-dns-stub.c @@ -561,6 +561,19 @@ static int dns_stub_send( return 0; } +static int dns_stub_reply_with_edns0_do(DnsQuery *q) { + assert(q); + + /* Reply with DNSSEC DO set? Only if client supports it; and we did any DNSSEC verification + * ourselves, or consider the data fully authenticated because we generated it locally, or the client + * set cd */ + + return DNS_PACKET_DO(q->request_packet) && + (q->answer_dnssec_result >= 0 || /* we did proper DNSSEC validation … */ + dns_query_fully_authenticated(q) || /* … or we considered it authentic otherwise … */ + DNS_PACKET_CD(q->request_packet)); /* … or client set CD */ +} + static int dns_stub_send_reply( DnsQuery *q, int rcode) { @@ -571,14 +584,7 @@ static int dns_stub_send_reply( assert(q); - /* Reply with DNSSEC DO set? Only if client supports it; and we did any DNSSEC verification - * ourselves, or consider the data fully authenticated because we generated it locally, or - * the client set cd */ - edns0_do = - DNS_PACKET_DO(q->request_packet) && - (q->answer_dnssec_result >= 0 || /* we did proper DNSSEC validation … */ - dns_query_fully_authenticated(q) || /* … or we considered it authentic otherwise … */ - DNS_PACKET_CD(q->request_packet)); /* … or client set CD */ + edns0_do = dns_stub_reply_with_edns0_do(q); /* let's check if we shall reply with EDNS0 DO? */ r = dns_stub_assign_sections( q, |