diff options
author | Lennart Poettering <lennart@poettering.net> | 2020-11-10 17:14:16 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-02-16 10:03:43 +0100 |
commit | 6f055e43b817b66e6d4f6e4022f0a115dc35651b (patch) | |
tree | cf9268a61926b62a850abc7c8cbc418c9427b8f2 /src/resolve/resolved-dns-transaction.h | |
parent | 0e703bb48dbecdcbbf14cfdfb36ed2618cb597fd (diff) | |
download | systemd-6f055e43b817b66e6d4f6e4022f0a115dc35651b.tar.gz |
resolved: replace "answer_authenticated" bool by uint64_t query_flags field
Let's use the same flags type we use for client communication, i.e.
instead of "bool answer_authenticated", let's use "uint64_t
answer_query_flags", with the SD_RESOLVED_AUTHENTICATED flag.
This is mostly just search/replace, i.e. a refactoring, no change in
behaviour.
This becomes useful once in a later commit SD_RESOLVED_CONFIDENTIAL is
added to indicate resolution that either were encrypted (DNS-over-TLS)
or never left the local system.
Diffstat (limited to 'src/resolve/resolved-dns-transaction.h')
-rw-r--r-- | src/resolve/resolved-dns-transaction.h | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h index 9376d504bf..dab26d01fc 100644 --- a/src/resolve/resolved-dns-transaction.h +++ b/src/resolve/resolved-dns-transaction.h @@ -77,15 +77,12 @@ struct DnsTransaction { uint32_t answer_nsec_ttl; int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */ - /* Indicates whether the primary answer is authenticated, - * i.e. whether the RRs from answer which directly match the - * question are authenticated, or, if there are none, whether - * the NODATA or NXDOMAIN case is. It says nothing about - * additional RRs listed in the answer, however they have - * their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit - * is defined different than the AD bit in DNS packets, as - * that covers more than just the actual primary answer. */ - bool answer_authenticated; + /* SD_RESOLVED_AUTHENTICATED here indicates whether the primary answer is authenticated, i.e. whether + * the RRs from answer which directly match the question are authenticated, or, if there are none, + * whether the NODATA or NXDOMAIN case is. It says nothing about additional RRs listed in the answer, + * however they have their own DNS_ANSWER_AUTHORIZED FLAGS. Note that this bit is defined different + * than the AD bit in DNS packets, as that covers more than just the actual primary answer. */ + uint64_t answer_query_flags; /* Contains DNSKEY, DS, SOA RRs we already verified and need * to authenticate this reply */ |