Re: [LEDE-DEV] [PATCH 1/3] Remove ttl==255 restriction for queries

2017-09-29 Thread Philip Prindeville
> On Sep 29, 2017, at 3:49 AM, Matthias May wrote: > > The link from Philip Prindeville shows quite well why this removal was > required: > [quote] > check-response-ttl= Takes a boolean value ("yes" or "no"). If set to "yes", > an additional security check is

Re: [LEDE-DEV] [PATCH 1/3] Remove ttl==255 restriction for queries

2017-09-29 Thread Bjørn Mork
Matthias May writes: > While unfortunate that the actual patch which got merged didn't have the > explanation why the patch was done, if you look > at the mailing list archive you will see that there was a thread discussing > this topic: >

Re: [LEDE-DEV] [PATCH 1/3] Remove ttl==255 restriction for queries

2017-09-29 Thread Matthias May
On 29/09/17 10:28, Syrone Wong wrote: > The sad truth is it has been pushed via > https://github.com/lede-project/source/commit/00e9a7aacb66b3f00df2002e8210bdb5086d2e0c > > > Best Regards, > Syrone Wong > > > On Fri, Sep 29, 2017 at 3:52 PM, Bjørn Mork wrote: >> Note that

Re: [LEDE-DEV] [PATCH 1/3] Remove ttl==255 restriction for queries

2017-09-29 Thread Syrone Wong
The sad truth is it has been pushed via https://github.com/lede-project/source/commit/00e9a7aacb66b3f00df2002e8210bdb5086d2e0c Best Regards, Syrone Wong On Fri, Sep 29, 2017 at 3:52 PM, Bjørn Mork wrote: > Note that security is the usual (only?) reason one would enforce

Re: [LEDE-DEV] [PATCH 1/3] Remove ttl==255 restriction for queries

2017-09-29 Thread Bjørn Mork
Note that security is the usual (only?) reason one would enforce TTL=255. Requiring TTL=255 is the same as guaranteeing that the packet source is in the same L2 domain. This prevents any direct remote attack. Please do not propose any patches removing such a restriction without at least

Re: [LEDE-DEV] [PATCH 1/3] Remove ttl==255 restriction for queries

2017-09-28 Thread Philip Prindeville
> On Sep 28, 2017, at 2:32 PM, Christian Lamparter > wrote: > >> On Thursday, September 28, 2017 1:36:52 PM CEST Philip Prindeville wrote: >> Why was this test there and equally why are we removing it? > I guess it was there so umdns would ignore any forwarded mdns? >

Re: [LEDE-DEV] [PATCH 1/3] Remove ttl==255 restriction for queries

2017-09-28 Thread Christian Lamparter via Lede-dev
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software.--- Begin Message --- On Thursday, September 28, 2017

Re: [LEDE-DEV] [PATCH 1/3] Remove ttl==255 restriction for queries

2017-09-28 Thread Philip Prindeville
Why was this test there and equally why are we removing it? > On Sep 28, 2017, at 1:09 AM, Philipp Meier wrote: > > Signed-off-by: Philipp Meier > --- > interface.c | 6 -- > 1 file changed, 6 deletions(-) > > diff --git a/interface.c

[LEDE-DEV] [PATCH 1/3] Remove ttl==255 restriction for queries

2017-09-28 Thread Philipp Meier
Signed-off-by: Philipp Meier --- interface.c | 6 -- 1 file changed, 6 deletions(-) diff --git a/interface.c b/interface.c index 3904c89..7f814d2 100644 --- a/interface.c +++ b/interface.c @@ -233,9 +233,6 @@ read_socket4(struct uloop_fd *u, unsigned int events)