From: Carlos Peón Costa Date: Wed, 11 Feb 2026 08:19:26 +0000 (+0100) Subject: resolve: refuse traffic from the local host only for queries X-Git-Tag: v257.11~37 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fcd87869d90f1ef462397c7ba814da98b657ecaf;p=thirdparty%2Fsystemd.git resolve: refuse traffic from the local host only for queries (cherry picked from commit e6fd7a3f501b4a1f6f4de3390e0b1cb04455d443) (cherry picked from commit 526f1594daec073269c3e70ee7914f6dd8740d5c) (cherry picked from commit 6001dd29a1b94807936f1ee94cf867533bf92f6c) --- diff --git a/src/resolve/resolved-mdns.c b/src/resolve/resolved-mdns.c index b61b6b6502a..3b455c577dc 100644 --- a/src/resolve/resolved-mdns.c +++ b/src/resolve/resolved-mdns.c @@ -398,14 +398,6 @@ static int on_mdns_packet(sd_event_source *s, int fd, uint32_t revents, void *us if (r <= 0) return r; - /* Refuse traffic from the local host, to avoid query loops. However, allow legacy mDNS - * unicast queries through anyway (we never send those ourselves, hence no risk). - * i.e. check for the source port nr. */ - if (p->sender_port == MDNS_PORT && manager_packet_from_local_address(m, p)) { - log_debug("Got mDNS UDP packet from local host, ignoring."); - return 0; - } - scope = manager_find_scope(m, p); if (!scope) { log_debug("Got mDNS UDP packet on unknown scope. Ignoring."); @@ -519,6 +511,14 @@ static int on_mdns_packet(sd_event_source *s, int fd, uint32_t revents, void *us scope->manager->stale_retention_usec); } else if (dns_packet_validate_query(p) > 0) { + /* Refuse traffic from the local host, to avoid query loops. However, allow legacy mDNS + * unicast queries through anyway (we never send those ourselves, hence no risk). + * i.e. check for the source port nr. */ + if (p->sender_port == MDNS_PORT && manager_packet_from_local_address(m, p)) { + log_debug("Got mDNS UDP packet from local host, ignoring."); + return 0; + } + log_debug("Got mDNS query packet for id %u", DNS_PACKET_ID(p)); r = mdns_scope_process_query(scope, p);