]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3a4432f)
resolve: refuse traffic from the local host only for queries
authorCarlos Peón Costa <carlospeon@gmail.com>
Wed, 11 Feb 2026 08:19:26 +0000 (09:19 +0100)
committerLuca Boccassi <luca.boccassi@gmail.com>
Fri, 27 Feb 2026 21:57:05 +0000 (21:57 +0000)
(cherry picked from commit e6fd7a3f501b4a1f6f4de3390e0b1cb04455d443)
(cherry picked from commit 526f1594daec073269c3e70ee7914f6dd8740d5c)
(cherry picked from commit 6001dd29a1b94807936f1ee94cf867533bf92f6c)

src/resolve/resolved-mdns.c patch | blob | blame | history

diff --git a/src/resolve/resolved-mdns.c b/src/resolve/resolved-mdns.c
index b61b6b6502a5a74fe8ebb65845d5f124d8eae142..3b455c577dc113a7136d9825437af2e666367a91 100644 (file)
--- a/src/resolve/resolved-mdns.c
+++ b/src/resolve/resolved-mdns.c
@@ -398,14 +398,6 @@ static int on_mdns_packet(sd_event_source *s, int fd, uint32_t revents, void *us
         if (r <= 0)
                 return r;
 
-        /* Refuse traffic from the local host, to avoid query loops. However, allow legacy mDNS
-         * unicast queries through anyway (we never send those ourselves, hence no risk).
-         * i.e. check for the source port nr. */
-        if (p->sender_port == MDNS_PORT && manager_packet_from_local_address(m, p)) {
-                log_debug("Got mDNS UDP packet from local host, ignoring.");
-                return 0;
-        }
-
         scope = manager_find_scope(m, p);
         if (!scope) {
                 log_debug("Got mDNS UDP packet on unknown scope. Ignoring.");
@@ -519,6 +511,14 @@ static int on_mdns_packet(sd_event_source *s, int fd, uint32_t revents, void *us
                         scope->manager->stale_retention_usec);
 
         } else if (dns_packet_validate_query(p) > 0)  {
+                /* Refuse traffic from the local host, to avoid query loops. However, allow legacy mDNS
+                 * unicast queries through anyway (we never send those ourselves, hence no risk).
+                 * i.e. check for the source port nr. */
+                if (p->sender_port == MDNS_PORT && manager_packet_from_local_address(m, p)) {
+                        log_debug("Got mDNS UDP packet from local host, ignoring.");
+                        return 0;
+                }
+
                 log_debug("Got mDNS query packet for id %u", DNS_PACKET_ID(p));
 
                 r = mdns_scope_process_query(scope, p);
Unnamed repository; edit this file 'description' to name the repository.