resolved: add "confidential" flag for replies passed to clients

Let's introduce a new flag that indicates whether the response was acquired in "confidential" mode, i.e. via encrypted DNS-over-TLS, or synthesized locally. Fixes: #12859
author: Lennart Poettering <lennart@poettering.net> 2020-11-10 18:06:19 +0100
committer: Lennart Poettering <lennart@poettering.net> 2021-02-16 10:03:43 +0100
commit: 43fc4baa26ccf3bc5ee65d4c6fa4890084632f2b (patch)
tree: 48a1349811c1c8e62c10e7dada6f6a3a99bcc2f7 /src/resolve/resolved-def.h
parent: resolved: replace "answer_authenticated" bool by uint64_t query_flags field (diff)
download: systemd-43fc4baa26ccf3bc5ee65d4c6fa4890084632f2b.tar.xz
systemd-43fc4baa26ccf3bc5ee65d4c6fa4890084632f2b.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/resolve/resolved-def.h b/src/resolve/resolved-def.h
index 133cf0556f..cdcd06d820 100644
--- a/src/resolve/resolved-def.h
+++ b/src/resolve/resolved-def.h
@@ -52,6 +52,9 @@
 /* Input: If reply is answered from cache, the TTLs will be adjusted by age of cache entry */
 #define SD_RESOLVED_CLAMP_TTL       (UINT64_C(1) << 17)
 
+/* Output: Result was only sent via encrypted channels, or never left this system */
+#define SD_RESOLVED_CONFIDENTIAL    (UINT64_C(1) << 18)
+
 #define SD_RESOLVED_LLMNR           (SD_RESOLVED_LLMNR_IPV4|SD_RESOLVED_LLMNR_IPV6)
 #define SD_RESOLVED_MDNS            (SD_RESOLVED_MDNS_IPV4|SD_RESOLVED_MDNS_IPV6)
 #define SD_RESOLVED_PROTOCOLS_ALL   (SD_RESOLVED_MDNS|SD_RESOLVED_LLMNR|SD_RESOLVED_DNS)
author	Lennart Poettering <lennart@poettering.net>	2020-11-10 18:06:19 +0100
committer	Lennart Poettering <lennart@poettering.net>	2021-02-16 10:03:43 +0100
commit	43fc4baa26ccf3bc5ee65d4c6fa4890084632f2b (patch)
tree	48a1349811c1c8e62c10e7dada6f6a3a99bcc2f7 /src/resolve/resolved-def.h
parent	resolved: replace "answer_authenticated" bool by uint64_t query_flags field (diff)
download	systemd-43fc4baa26ccf3bc5ee65d4c6fa4890084632f2b.tar.xz systemd-43fc4baa26ccf3bc5ee65d4c6fa4890084632f2b.zip