libc DNS functions will now use the new dnssocket() / dnsconnect()

system calls.  These signal to the pledge kernel code that a DNS
transaction is happening.  These special sockets only work well with
port 53 (there are some cute plans...).
Programs calling pledge "inet" will not work! You need pledge "dns",

and of course, you need a fairly fresh kernel.

ok guenther kettenis tedu

diff --git a/lib/libc/asr/res_send_async.c b/lib/libc/asr/res_send_async.c
index e32638e..e6c57f4 100644 (file)
--- a/lib/libc/asr/res_send_async.c
+++ b/lib/libc/asr/res_send_async.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: res_send_async.c,v 1.27 2015/09/20 14:19:21 eric Exp $        */
+/*     $OpenBSD: res_send_async.c,v 1.28 2015/10/18 15:15:00 deraadt Exp $     */
 /*
  * Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
  *
@@ -304,10 +304,10 @@ sockaddr_connect(const struct sockaddr *sa, int socktype)
 {
        int errno_save, sock;
 
-       if ((sock = socket(sa->sa_family, socktype | SOCK_NONBLOCK, 0)) == -1)
+       if ((sock = dnssocket(sa->sa_family, socktype | SOCK_NONBLOCK, 0)) == -1)
                goto fail;
 
-       if (connect(sock, sa, sa->sa_len) == -1) {
+       if (dnsconnect(sock, sa, sa->sa_len) == -1) {
                /*
                 * In the TCP case, the caller will be asked to poll for
                 * POLLOUT so that we start writing the packet in tcp_write()