Robert Pluim writes: > More information hiding by default is a good thing. (Iʼm not the > original author, I just changed it to look at the actual local > addresses instead of hardcoding them) D'oh, I see that now. The original author was one Mr. Wong. If you'd like to be spared any further spam related to this bug, please say so, and I'll remove you from the Cc's. (But if not, I could certainly use the input.) > JP> The API could be as simple as: > > JP> (make-network-process ... :nolookup t ...) > > Iʼm not sure what suppressing DNS lookups would get us apart from more > failure modes, but I havenʼt thought about it deeply. Hm, right. I suppose doing that would mostly be useless for this type of proxy because the :host property of the process is usually the one being looked up, and if the `socks' side is handling things properly, :host should only ever be the proxy server itself. Also, the lookups I was hoping to prevent (or redirect through Tor with something like the attached 0002 PoC patch) would need to be limited to only a specific application rather than all of Emacs, which seems rather unrealistic. > JP> * lisp/net/nsm.el (nsm-should-check): Rework in a functionally > JP> equivalent way, except forgo calling both `network-lookup-address-info' > JP> and `network-interface-list' unless the various conditions regarding > JP> `nsm-trust-local-network' are first satisfied. Replace `mapc' with > JP> `dolist' to align with modern sensibilities. (Bug#53941) > > Careful now, somebody even more modern might come along and replace `dolist' with > `seq-do' ☺️ Good point. I'll be sure and use `brat-do' from now on, just to be safe. (Hopefully, you have no idea what that means.) > JP> + (not (and-let* (((or (and (functionp nsm-trust-local-network) > JP> + (funcall nsm-trust-local-network)) > JP> + nsm-trust-local-network)) > JP> + (addresses (network-lookup-address-info host)) > JP> + (network-interface-list (network-interface-list t))) > JP> + (catch 'off-net > JP> + (dolist (ip addresses) > JP> + (dolist (info network-interface-list) > JP> + (when (nsm-network-same-subnet (substring (nth 1 info) 0 -1) > JP> + (substring (nth 3 info) 0 -1) > JP> + (substring ip 0 -1)) > JP> + (throw 'off-net t)))))))) > > Since youʼve inverted the test, you should probably invert the name of > `off-net'. Ah, took that "by rote" from the old sentinel variable, but as you say, it doesn't comport with the semantics. Changed to `nsm-should-check'. Overall, I'll have to think on this bug a bit more. If Christopher or the Elpher people want this specific workaround in tree, I suppose we can accommodate, but I doubt there's any rush. Cheers.