diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-11-11 21:19:22 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2021-02-16 18:41:08 +0100 |
| commit | d8592a4e2ff31610b3029a3067c8207a124f284a (patch) | |
| tree | cefc8681e208b83844d524e5a419bbe316d221c7 /src | |
| parent | 2c42a217a2ef4a62933290f5ef204bcf89ea52fd (diff) | |
| download | systemd-d8592a4e2ff31610b3029a3067c8207a124f284a.tar.gz | |
resolved: make feature level checks a bit more discriptive
The levels have an order, but the order is sometimes a bit arbitrary.
Hence add simple macros to check for specific features and use those, so
that the ordering leaks a bit less into all files.
Diffstat (limited to 'src')
| -rw-r--r-- | src/resolve/resolved-dns-server.c | 8 | ||||
| -rw-r--r-- | src/resolve/resolved-dns-server.h | 1 |
2 files changed, 6 insertions, 3 deletions
diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c index 70bb7178dd..5f0d54acc5 100644 --- a/src/resolve/resolved-dns-server.c +++ b/src/resolve/resolved-dns-server.c @@ -446,8 +446,10 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) { * work. Upgrade back to UDP again. */ log_debug("Reached maximum number of failed TCP connection attempts, trying UDP again..."); s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_UDP; + } else if (s->n_failed_tls > 0 && - DNS_SERVER_FEATURE_LEVEL_IS_TLS(s->possible_feature_level) && dns_server_get_dns_over_tls_mode(s) != DNS_OVER_TLS_YES) { + DNS_SERVER_FEATURE_LEVEL_IS_TLS(s->possible_feature_level) && + dns_server_get_dns_over_tls_mode(s) != DNS_OVER_TLS_YES) { /* We tried to connect using DNS-over-TLS, and it didn't work. Downgrade to plaintext UDP * if we don't require DNS-over-TLS */ @@ -471,7 +473,7 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) { DNS_SERVER_FEATURE_LEVEL_UDP; } else if (s->packet_bad_opt && - s->possible_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) { + DNS_SERVER_FEATURE_LEVEL_IS_EDNS0(s->possible_feature_level)) { /* A reply to one of our EDNS0 queries didn't carry a valid OPT RR, then downgrade to below * EDNS0 levels. After all, some records generate different responses with and without OPT RR @@ -486,7 +488,7 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) { log_level = LOG_NOTICE; } else if (s->packet_rrsig_missing && - s->possible_feature_level >= DNS_SERVER_FEATURE_LEVEL_DO) { + DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(s->possible_feature_level)) { /* RRSIG data was missing on a EDNS0 packet with DO bit set. This means the server doesn't * augment responses with DNSSEC RRs. If so, let's better not ask the server for it anymore, diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h index b6f9660748..16e492743d 100644 --- a/src/resolve/resolved-dns-server.h +++ b/src/resolve/resolved-dns-server.h @@ -40,6 +40,7 @@ typedef enum DnsServerFeatureLevel { #define DNS_SERVER_FEATURE_LEVEL_WORST 0 #define DNS_SERVER_FEATURE_LEVEL_BEST (_DNS_SERVER_FEATURE_LEVEL_MAX - 1) +#define DNS_SERVER_FEATURE_LEVEL_IS_EDNS0(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_EDNS0) #define DNS_SERVER_FEATURE_LEVEL_IS_TLS(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN, DNS_SERVER_FEATURE_LEVEL_TLS_DO) #define DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_DO) |