Peter J. Philipp <p...@delphinusdns.org> wrote:
> On Fri, Apr 14, 2023 at 10:20:39AM -0600, Theo de Raadt wrote:
> > Doctor! Doctor! It hurts when I stick a knife in here!
> >
> > When you do weird, harsh, or unrealistic packet filtering, application
> > software will occasionally log that you are losing packets which should
> > not be filtered, to alert that normal network operation isn't occuring.
> > That is to be expected. It is even desirable.
> >
> > So I think you are only thinking of your own usage case, and trying
> > too hard to show that it is synthetic.
> >
> > But let's get back to the real story: libunbound is upstream software.
> > We carry diffs against upstream software, but only when the case is
> > extremely compelling.
> >
> > So how about taking your case up with those doctors, instead.
>
> Perhaps I didn't explain myself well enough. I understand. You don't
> want to deal with it, and you're protecting Florian from unrealistic waste
> of time. In my network port 53 had a free course before I got these weird
> messages which I thought my software was causing. When I examined unwind a
> little it was ignoring my "forwarder" that I set for it and went to the
> destination nameservers (arpa. NS's perhaps, or pool.ntp.org.'s) on
> it's own accord. I only added stricter firewall rules so that I could
> isolate the issue and then it became clearer what the log was trying to
> say. If you don't want misleading logs then why log at all?
>
> I know next to nothing about libunbound and I'm trying to understand what
> unwind was telling me in my logs. So I won't bother with going upstream
> because they can tell me something but I will only understand the half.
I think you explained yourself quite well:
1. When you create a synthetic network filtering condition, log messages
are generated from a piece of upstream software
2. And you want to remove those log messages.
3. You are showing little concern if those log messages matter in other
non-synthetic conditions experienced by other users
4. You are not interested in having a discussion with the upstream about
how those messages could be modified so that they don't bother you, but
still serve the other purposes intended by that code they wrote.
5. It is easier to accuse Theo of protecting Florian.
Have a nice day!
