From: "Peter Müller" <peter.mueller@ipfire.org>
To: location@lists.ipfire.org
Subject: Re: [PATCH 2/2] overrides: clarify file contents and policies
Date: Sun, 08 Aug 2021 17:16:12 +0200 [thread overview]
Message-ID: <ebbe123c-a715-3b32-3edc-8189630331b0@ipfire.org> (raw)
In-Reply-To: <E776B514-D1E7-4A2A-9E79-38FD0DACD6CD@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 8644 bytes --]
Hello Michael,
I really hate to say so, but it does on my machine.
Since I spotted a couple of other networks in need of an override the other day (and apparently
flubbed up the AS names additions :-/ ), I will hand in a second patchset later on.
Sorry for the inconvenience.
Thanks, and best regards,
Peter Müller
> Hello,
>
> This doesn’t seem to apply :(
>
> -Michael
>
>> On 6 Aug 2021, at 17:07, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>>
>> This patch updates the disclaimer blocks at the beginning of the
>> override-*.txt files, to be more accurate and helpful to people wishing
>> to propose changes to them.
>>
>> In addition, a remark regarding the A[1-3] country codes has been added.
>>
>> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
>> ---
>> overrides/override-a1.txt | 26 ++++++++++++++++----------
>> overrides/override-a2.txt | 20 ++++++++++++++------
>> overrides/override-a3.txt | 20 +++++++++++++++-----
>> overrides/override-other.txt | 26 ++++++++++++++++++--------
>> 4 files changed, 63 insertions(+), 29 deletions(-)
>>
>> diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
>> index 284c3e8..77d5b08 100644
>> --- a/overrides/override-a1.txt
>> +++ b/overrides/override-a1.txt
>> @@ -1,19 +1,25 @@
>> #
>> # override-a1 [.txt]
>> #
>> -# This file contains Autonomous Systems (AS) or IP networks/adresses
>> -# which are - in fact or with a high level of confidence - anonymous
>> -# proxies (special country code: A1).
>> +# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
>> +# confidence - for publicly available services for forwarding traffic anonymously, such as
>> +# VPN providers.
>> #
>> -# Since it does not make sense to assign them to a county, they
>> -# will be flagged as "A1" in the database.
>> +# While their country code set is preserved in libloc - unless utterly bogus -, it does not
>> +# actually make sense to assign these to a distinct country. Therefore, they will be flagged
>> +# as "anonymous proxies" in libloc query results.
>> #
>> -# Although we do not consider them to be bad entirely, they might
>> -# be unwanted in certain scenarios.
>> +# For historical reasons, parts of IPFire's web interface use "A1" as a country code for them.
>> +# This violates ISO 3166, and might be changed to a different country code inside a reserved
>> +# range in the future.
>> #
>> -# Please note only long-living Tor relay providers with static IPs
>> -# are listed here, as the list of all Tor relays will be dynamically
>> -# generated by another script.
>> +# At the moment, major Tor exit relay providers are included here as well. They will be dropped
>> +# from this file in the future, as soon as bug #11754 has been solved and a list of Tor exit
>> +# relays is imported dynamically while compiling the database.
>> +#
>> +# Improvement suggestions are appreciated, please submit them as patches to the location mailing
>> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
>> +# for further information.
>> #
>> # Please keep this file sorted.
>> #
>> diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt
>> index 502948f..223b4df 100644
>> --- a/overrides/override-a2.txt
>> +++ b/overrides/override-a2.txt
>> @@ -1,13 +1,21 @@
>> #
>> # override-a2 [.txt]
>> #
>> -# This file contains Autonomous Systems (AS) or IP networks/addresses
>> -# which are - in fact or with a high level of confidence - belonging
>> -# to satellite network providers (special country code: A2).
>> +# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
>> +# confidence - for customers or dial-in pools of satellite-based internet services.
>> #
>> -# Since a satellite uplink connection is possible from almost
>> -# anywhere in the world, it does not make sense to assign them to a
>> -# specific country. They will be flagged as "A2" in the database.
>> +# While their country code set is preserved in libloc - unless utterly bogus -, it does not
>> +# actually make sense to assign these to a distinct country, since a satellite connection is
>> +# possible from virtually any place in the world. Therefore, they will be flagged as "satellite
>> +# providers" in libloc query results.
>> +#
>> +# For historical reasons, parts of IPFire's web interface use "A2" as a country code for them.
>> +# This violates ISO 3166, and might be changed to a different country code inside a reserved
>> +# range in the future.
>> +#
>> +# Improvement suggestions are appreciated, please submit them as patches to the location mailing
>> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
>> +# for further information.
>> #
>> # Please keep this file sorted.
>> #
>> diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt
>> index d810d93..b07d4b8 100644
>> --- a/overrides/override-a3.txt
>> +++ b/overrides/override-a3.txt
>> @@ -1,12 +1,22 @@
>> #
>> # override-a3 [.txt]
>> #
>> -# This file contains Autonomous Systems (AS) or IP networks/addresses
>> -# which are - in fact or with a high level of confidence - believed
>> -# to be worldwide anycast instances (special country codes: A3).
>> +# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
>> +# confidence - for worldwide anycast services.
>> #
>> -# It does not make sense to assign them to a certain country, they
>> -# will be flagged as "A3" in the database.
>> +# While their country code set is preserved in libloc - unless utterly bogus -, it does not
>> +# make sense to assign these to a distinct country. Therefore, they will be flagged as "anycast"
>> +# in libloc query results.
>> +#
>> +# For historical reasons, parts of IPFire's web interface use "A3" as a country code for them.
>> +# This violates ISO 3166, and might be changed to a different country code inside a reserved
>> +# range in the future.
>> +#
>> +# Improvement suggestions are appreciated, please submit them as patches to the location mailing
>> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
>> +# for further information.
>> +#
>> +# Please keep this file sorted.
>> #
>>
>> aut-num: AS69
>> diff --git a/overrides/override-other.txt b/overrides/override-other.txt
>> index 045b515..d232fc6 100644
>> --- a/overrides/override-other.txt
>> +++ b/overrides/override-other.txt
>> @@ -1,14 +1,24 @@
>> #
>> -# override-other [.txt]
>> +# override-a3 [.txt]
>> #
>> -# This file contains Autonomous Systems (AS) or IP networks/addresses
>> -# whose country information in corresponding RIR data is believed or proven
>> -# to be invalid or inaccurate and which do not match to one of the special categories
>> -# A[1-3].
>> +# This file contains Autonomous Systems and IP networks whose RIR data are believed to be inaccurate,
>> +# incomplete, or bogus on purpose and by chance. A small subset of its entries applies to AS descriptions,
>> +# while the majority covers country code assignments.
>> #
>> -# Such networks might be legitimate (poorly maintained WHOIS data), shady
>> -# (networks owned by letterbox companies in offshore jurisdictions) or
>> -# hostile (faked RIR data in order to bypass location-based filtering).
>> +# The latter are crucial due to location-based firewalling or routing. Inaccurate country code assignments
>> +# therefore pose a security threat to these users, especially if being set intentionally to circumvent such
>> +# filters.
>> +#
>> +# The term "Location" may refer to the actual, physical location of a network (usually hard to enumerate
>> +# beyond a country-level), or its jurisdiction. To the best of our knowledge, the contents of "country"-fields
>> +# in RIR databases were never clarified in this conext.
>> +#
>> +# When in doubt, the physical location of a network will be used below, especially if the jurisdiction of a
>> +# network appears to be not helpful at all, such as offshore letterbox companies on the other end of the world.
>> +#
>> +# Improvement suggestions are appreciated, please submit them as patches to the location mailing
>> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
>> +# for further information.
>> #
>> # Please keep this file sorted.
>> #
>> --
>> 2.26.2
>
prev parent reply other threads:[~2021-08-08 15:16 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-06 15:06 [PATCH 1/2] overrides: regular batch of various overrides Peter Müller
2021-08-06 15:07 ` [PATCH 2/2] overrides: clarify file contents and policies Peter Müller
2021-08-06 15:20 ` Michael Tremer
2021-08-08 15:16 ` Peter Müller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ebbe123c-a715-3b32-3edc-8189630331b0@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=location@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox