CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Tue May 19 00:56:25 UTC 2020 Modified Files: src/external/bsd/blacklist/bin: blacklistd.conf.5 Log Message: Typo fixes from FreeBSD via Ed Maste To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/external/bsd/blacklist/bin/blacklistd.conf.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.conf.5 diff -u src/external/bsd/blacklist/bin/blacklistd.conf.5:1.9 src/external/bsd/blacklist/bin/blacklistd.conf.5:1.10 --- src/external/bsd/blacklist/bin/blacklistd.conf.5:1.9 Wed Nov 6 15:33:30 2019 +++ src/external/bsd/blacklist/bin/blacklistd.conf.5 Mon May 18 20:56:25 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.conf.5,v 1.9 2019/11/06 20:33:30 para Exp $ +.\" $NetBSD: blacklistd.conf.5,v 1.10 2020/05/19 00:56:25 christos Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 5, 2017 +.Dd May 18, 2020 .Dt BLACKLISTD.CONF 5 .Os .Sh NAME @@ -125,18 +125,18 @@ The second field is the socket .Dv dgram , or numeric. The third field is the -.Va prococol : +.Va protocol : .Dv tcp , .Dv udp , .Dv tcp6 , .Dv udp6 , or numeric. -The fourth file is the effective user +The fourth field is the effective user .Va ( owner ) of the daemon process reporting the event, either as a username or a userid. .Pp -The rest of the fields are controlling the behavior of the filter. +The rest of the fields control the behavior of the filter. .Pp The .Va name
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: snj Date: Wed May 6 14:59:51 UTC 2020 Modified Files: src/external/bsd/blacklist/bin: blacklistd.8 Log Message: The name of the action used with blacklistd's control script is rem, not remove. From Jose Luis Duran in PR bin/55195. To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/external/bsd/blacklist/bin/blacklistd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.23 src/external/bsd/blacklist/bin/blacklistd.8:1.24 --- src/external/bsd/blacklist/bin/blacklistd.8:1.23 Tue Apr 21 13:57:12 2020 +++ src/external/bsd/blacklist/bin/blacklistd.8 Wed May 6 14:59:51 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.8,v 1.23 2020/04/21 13:57:12 christos Exp $ +.\" $NetBSD: blacklistd.8,v 1.24 2020/05/06 14:59:51 snj Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -123,10 +123,10 @@ that is not required as all information kept. .Pp If the action is -.Dq remove +.Dq rem Then the same control script is invoked as: .Bd -literal -offset indent -control remove +control rem .Ed .Pp where
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Tue Apr 21 13:57:12 UTC 2020 Modified Files: src/external/bsd/blacklist/bin: blacklistd.8 Log Message: PR/55193: Jose Luis Duran: Fix wrong location for the db file. To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.23 src/external/bsd/blacklist/bin/blacklistd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.22 src/external/bsd/blacklist/bin/blacklistd.8:1.23 --- src/external/bsd/blacklist/bin/blacklistd.8:1.22 Mon Mar 30 04:45:09 2020 +++ src/external/bsd/blacklist/bin/blacklistd.8 Tue Apr 21 09:57:12 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.8,v 1.22 2020/03/30 08:45:09 wiz Exp $ +.\" $NetBSD: blacklistd.8,v 1.23 2020/04/21 13:57:12 christos Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd March 29, 2020 +.Dd April 21, 2020 .Dt BLACKLISTD 8 .Os .Sh NAME @@ -189,7 +189,7 @@ The name of the configuration file to re The Berkeley DB file where .Nm stores its state, usually -.Pa /var/run/blacklistd.db . +.Pa /var/db/blacklistd.db . .It Fl d Normally, .Nm
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: wiz Date: Mon Mar 30 08:45:09 UTC 2020 Modified Files: src/external/bsd/blacklist/bin: blacklistd.8 Log Message: Fix typos. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 src/external/bsd/blacklist/bin/blacklistd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.21 src/external/bsd/blacklist/bin/blacklistd.8:1.22 --- src/external/bsd/blacklist/bin/blacklistd.8:1.21 Mon Mar 30 03:02:41 2020 +++ src/external/bsd/blacklist/bin/blacklistd.8 Mon Mar 30 08:45:09 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.8,v 1.21 2020/03/30 03:02:41 christos Exp $ +.\" $NetBSD: blacklistd.8,v 1.22 2020/03/30 08:45:09 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -68,7 +68,7 @@ Each entry contains a number of tries li The way .Nm does configuration entry matching is by having the client side pass the -file dscriptor associated with the connection the client wants to blacklist +file descriptor associated with the connection the client wants to blacklist as well as passing socket credentials. .Pp The file descriptor is used to retrieve information (address and port) @@ -85,17 +85,17 @@ the port. By examining the optional address portion on the local side, it can match interfaces. By examining the remote address, it can match specific allow or deny rules. -.Pp +.Pp Finally .Nm can examine the socket credentials to match the user in the configuration file. .Pp While this works well for TCP sockets, it cannot be relied on for unbound -UDP sockets. +UDP sockets. It is also less meaningful when it comes to connections using non-privileged ports. -On the other hand, if we receive a request that has a local endpoind indicating -UDP privileged port, we can presume that the client was privileged to be +On the other hand, if we receive a request that has a local endpoint indicating +a UDP privileged port, we can presume that the client was privileged to be able to acquire that port. .Pp Once an entry is matched
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Mon Mar 30 03:02:41 UTC 2020 Modified Files: src/external/bsd/blacklist/bin: blacklistd.8 Log Message: Explain how configuration matching is done. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/external/bsd/blacklist/bin/blacklistd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.20 src/external/bsd/blacklist/bin/blacklistd.8:1.21 --- src/external/bsd/blacklist/bin/blacklistd.8:1.20 Wed Nov 6 18:17:37 2019 +++ src/external/bsd/blacklist/bin/blacklistd.8 Sun Mar 29 23:02:41 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.8,v 1.20 2019/11/06 23:17:37 wiz Exp $ +.\" $NetBSD: blacklistd.8,v 1.21 2020/03/30 03:02:41 christos Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 6, 2019 +.Dd March 29, 2020 .Dt BLACKLISTD 8 .Os .Sh NAME @@ -65,6 +65,42 @@ with syntax specified in If an entry is matched, a state entry is created for that tuple. Each entry contains a number of tries limit and a duration. .Pp +The way +.Nm +does configuration entry matching is by having the client side pass the +file dscriptor associated with the connection the client wants to blacklist +as well as passing socket credentials. +.Pp +The file descriptor is used to retrieve information (address and port) +about the remote side with +.Xr getpeername 2 +and the local side with +.Xr getsockname 2 . +.Pp +By examining the port of the local side, +.Nm +can determine if the client program +.Dq owns +the port. +By examining the optional address portion on the local side, it can match +interfaces. +By examining the remote address, it can match specific allow or deny rules. +.Pp +Finally +.Nm +can examine the socket credentials to match the user in the configuration file. +.Pp +While this works well for TCP sockets, it cannot be relied on for unbound +UDP sockets. +It is also less meaningful when it comes to connections using non-privileged +ports. +On the other hand, if we receive a request that has a local endpoind indicating +UDP privileged port, we can presume that the client was privileged to be +able to acquire that port. +.Pp +Once an entry is matched +.Nm +can perform various actions. If the action is .Dq add and the number of tries limit is reached, then a
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Fri Mar 13 16:38:45 UTC 2020
Modified Files:
src/external/bsd/blacklist/bin: conf.c
Log Message:
Re-enable the routing perm check now that the kernel has been fixed to return
valid information.
To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/external/bsd/blacklist/bin/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/conf.c
diff -u src/external/bsd/blacklist/bin/conf.c:1.30 src/external/bsd/blacklist/bin/conf.c:1.31
--- src/external/bsd/blacklist/bin/conf.c:1.30 Thu Mar 12 15:47:32 2020
+++ src/external/bsd/blacklist/bin/conf.c Fri Mar 13 12:38:45 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.30 2020/03/12 19:47:32 christos Exp $ */
+/* $NetBSD: conf.c,v 1.31 2020/03/13 16:38:45 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: conf.c,v 1.30 2020/03/12 19:47:32 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.31 2020/03/13 16:38:45 christos Exp $");
#include
#ifdef HAVE_LIBUTIL_H
@@ -1006,7 +1006,7 @@ confset_match(const struct confset *cs,
static int
conf_route_perm(int fd) {
/* Disable for now, the access check in the routing socket uses curlwp */
-#if defined(RTM_IFANNOUNCE) && defined(RT_ROUNDUP) && 0
+#if defined(RTM_IFANNOUNCE) && defined(RT_ROUNDUP)
/*
* Send a routing message that is not supported to check for access
* We expect EOPNOTSUPP for having access, since we are sending a
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Thu Mar 12 19:47:32 UTC 2020
Modified Files:
src/external/bsd/blacklist/bin: conf.c
Log Message:
Disable routing perms check for now.
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/external/bsd/blacklist/bin/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/conf.c
diff -u src/external/bsd/blacklist/bin/conf.c:1.29 src/external/bsd/blacklist/bin/conf.c:1.30
--- src/external/bsd/blacklist/bin/conf.c:1.29 Thu Mar 12 15:35:11 2020
+++ src/external/bsd/blacklist/bin/conf.c Thu Mar 12 15:47:32 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.29 2020/03/12 19:35:11 christos Exp $ */
+/* $NetBSD: conf.c,v 1.30 2020/03/12 19:47:32 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: conf.c,v 1.29 2020/03/12 19:35:11 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.30 2020/03/12 19:47:32 christos Exp $");
#include
#ifdef HAVE_LIBUTIL_H
@@ -1005,7 +1005,8 @@ confset_match(const struct confset *cs,
#ifdef AF_ROUTE
static int
conf_route_perm(int fd) {
-#if defined(RTM_IFANNOUNCE) && defined(RT_ROUNDUP)
+/* Disable for now, the access check in the routing socket uses curlwp */
+#if defined(RTM_IFANNOUNCE) && defined(RT_ROUNDUP) && 0
/*
* Send a routing message that is not supported to check for access
* We expect EOPNOTSUPP for having access, since we are sending a
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Thu Mar 12 19:35:11 UTC 2020
Modified Files:
src/external/bsd/blacklist/bin: conf.c
Log Message:
Handle fds that are pointing to routing sockets. If the fd has access to
make changes via the routing socket, grant full permission to make filter
changes.
To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/external/bsd/blacklist/bin/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/conf.c
diff -u src/external/bsd/blacklist/bin/conf.c:1.28 src/external/bsd/blacklist/bin/conf.c:1.29
--- src/external/bsd/blacklist/bin/conf.c:1.28 Thu Mar 12 07:31:23 2020
+++ src/external/bsd/blacklist/bin/conf.c Thu Mar 12 15:35:11 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.28 2020/03/12 11:31:23 roy Exp $ */
+/* $NetBSD: conf.c,v 1.29 2020/03/12 19:35:11 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: conf.c,v 1.28 2020/03/12 11:31:23 roy Exp $");
+__RCSID("$NetBSD: conf.c,v 1.29 2020/03/12 19:35:11 christos Exp $");
#include
#ifdef HAVE_LIBUTIL_H
@@ -46,6 +46,7 @@ __RCSID("$NetBSD: conf.c,v 1.28 2020/03/
#include
#include
#include
+#include
#include
#include
#include
@@ -55,6 +56,7 @@ __RCSID("$NetBSD: conf.c,v 1.28 2020/03/
#include
#include
#include
+#include
#include
#include "bl.h"
@@ -90,7 +92,7 @@ advance(char **p)
}
static int
-getnum(const char *f, size_t l, bool local, void *rp, const char *name,
+conf_getnum(const char *f, size_t l, bool local, void *rp, const char *name,
const char *p)
{
int e;
@@ -127,13 +129,14 @@ out:
}
static int
-getnfail(const char *f, size_t l, bool local, struct conf *c, const char *p)
+conf_getnfail(const char *f, size_t l, bool local, struct conf *c,
+const char *p)
{
- return getnum(f, l, local, >c_nfail, "nfail", p);
+ return conf_getnum(f, l, local, >c_nfail, "nfail", p);
}
static int
-getsecs(const char *f, size_t l, bool local, struct conf *c, const char *p)
+conf_getsecs(const char *f, size_t l, bool local, struct conf *c, const char *p)
{
int e;
char *ep;
@@ -193,7 +196,7 @@ out:
}
static int
-getport(const char *f, size_t l, bool local, void *r, const char *p)
+conf_getport(const char *f, size_t l, bool local, void *r, const char *p)
{
struct servent *sv;
@@ -207,11 +210,11 @@ getport(const char *f, size_t l, bool lo
return 0;
}
- return getnum(f, l, local, r, "service", p);
+ return conf_getnum(f, l, local, r, "service", p);
}
static int
-getmask(const char *f, size_t l, bool local, const char **p, int *mask)
+conf_getmask(const char *f, size_t l, bool local, const char **p, int *mask)
{
char *d;
const char *s = *p;
@@ -226,11 +229,12 @@ getmask(const char *f, size_t l, bool lo
}
*d++ = '\0';
- return getnum(f, l, local, mask, "mask", d);
+ return conf_getnum(f, l, local, mask, "mask", d);
}
static int
-gethostport(const char *f, size_t l, bool local, struct conf *c, const char *p)
+conf_gethostport(const char *f, size_t l, bool local, struct conf *c,
+const char *p)
{
char *d; // XXX: Ok to write to string.
in_port_t *port = NULL;
@@ -249,7 +253,7 @@ gethostport(const char *f, size_t l, boo
} else
pstr = p;
- if (getmask(f, l, local, , >c_lmask) == -1)
+ if (conf_getmask(f, l, local, , >c_lmask) == -1)
goto out;
if (d) {
@@ -300,7 +304,7 @@ gethostport(const char *f, size_t l, boo
}
}
- if (getport(f, l, local, >c_port, pstr) == -1)
+ if (conf_getport(f, l, local, >c_port, pstr) == -1)
return -1;
if (port && c->c_port != FSTAR && c->c_port != FEQUAL)
@@ -320,7 +324,7 @@ out2:
}
static int
-getproto(const char *f, size_t l, bool local __unused, struct conf *c,
+conf_getproto(const char *f, size_t l, bool local __unused, struct conf *c,
const char *p)
{
if (strcmp(p, "stream") == 0) {
@@ -331,22 +335,22 @@ getproto(const char *f, size_t l, bool l
c->c_proto = IPPROTO_UDP;
return 0;
}
- return getnum(f, l, local, >c_proto, "protocol", p);
+ return conf_getnum(f, l, local, >c_proto, "protocol", p);
}
static int
-getfamily(const char *f, size_t l, bool local __unused, struct conf *c,
+conf_getfamily(const char *f, size_t l, bool local __unused, struct conf *c,
const char *p)
{
if (strncmp(p, "tcp", 3) == 0 || strncmp(p, "udp", 3) == 0) {
c->c_family = p[3] == '6' ? AF_INET6 : AF_INET;
return 0;
}
- return getnum(f, l, local, >c_family, "family", p);
+ return conf_getnum(f, l, local, >c_family, "family", p);
}
static int
-getuid(const char *f, size_t l, bool local __unused, struct conf *c,
+conf_getuid(const char *f, size_t l, bool local __unused, struct conf *c,
const char *p)
{
struct passwd *pw;
@@ -356,15 +360,15 @@ getuid(const char *f, size_t l, bool loc
return 0;
}
- return getnum(f, l, local,
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: roy
Date: Wed Mar 11 02:33:18 UTC 2020
Modified Files:
src/external/bsd/blacklist/bin: blacklistd.c
Log Message:
blacklist: Don't remove a ruleset if we have already added it
The noted argument is wrong - if it's already been deleted then the id we
have for it is invalid.
Because we don't track deletions to the ruleset, working it out is
problematic at best.
Instead, if we have already added the rule treat it as a non-op.
This is a valid use case because we might receive a burst of messages
in the downstream application for the same address and process them
one by one. It's not the job of the downstream application to track
blacklistd state.
To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.42 src/external/bsd/blacklist/bin/blacklistd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistd.c
diff -u src/external/bsd/blacklist/bin/blacklistd.c:1.41 src/external/bsd/blacklist/bin/blacklistd.c:1.42
--- src/external/bsd/blacklist/bin/blacklistd.c:1.41 Wed Mar 11 02:12:08 2020
+++ src/external/bsd/blacklist/bin/blacklistd.c Wed Mar 11 02:33:18 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.41 2020/03/11 02:12:08 roy Exp $ */
+/* $NetBSD: blacklistd.c,v 1.42 2020/03/11 02:33:18 roy Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include "config.h"
#endif
#include
-__RCSID("$NetBSD: blacklistd.c,v 1.41 2020/03/11 02:12:08 roy Exp $");
+__RCSID("$NetBSD: blacklistd.c,v 1.42 2020/03/11 02:33:18 roy Exp $");
#include
#include
@@ -230,24 +230,19 @@ process(bl_t bl)
case BL_ADD:
dbi.count++;
dbi.last = ts.tv_sec;
- if (dbi.id[0]) {
+ if (c.c_nfail != -1 && dbi.count >= c.c_nfail) {
/*
- * We should not be getting this since the rule
- * should have blocked the address. A possible
- * explanation is that someone removed that rule,
- * and another would be that we got another attempt
- * before we added the rule. In anycase, we remove
- * and re-add the rule because we don't want to add
- * it twice, because then we'd lose track of it.
+ * No point in re-adding the rule.
+ * It might exist already due to latency in processing
+ * and removing the rule is the wrong thing to do as
+ * it allows a window to attack again.
*/
- (*lfun)(LOG_DEBUG, "rule exists %s", dbi.id);
- (void)run_change("rem", , dbi.id, 0);
- dbi.id[0] = '\0';
- }
- if (c.c_nfail != -1 && dbi.count >= c.c_nfail) {
- int res = run_change("add", , dbi.id, sizeof(dbi.id));
- if (res == -1)
-goto out;
+ if (dbi.id[0] == '\0') {
+int res = run_change("add", ,
+dbi.id, sizeof(dbi.id));
+if (res == -1)
+ goto out;
+ }
sockaddr_snprintf(rbuf, sizeof(rbuf), "%a",
(void *));
(*lfun)(LOG_INFO,
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Wed Feb 27 02:20:19 UTC 2019
Modified Files:
src/external/bsd/blacklist/bin: blacklistd.c
Log Message:
Instead of deleting the rules individually use flush to kill them all at
once for efficiently. Also when restoring, don't nuke the database
(Phil Rulon).
To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/external/bsd/blacklist/bin/blacklistd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistd.c
diff -u src/external/bsd/blacklist/bin/blacklistd.c:1.37 src/external/bsd/blacklist/bin/blacklistd.c:1.38
--- src/external/bsd/blacklist/bin/blacklistd.c:1.37 Fri Feb 17 19:26:16 2017
+++ src/external/bsd/blacklist/bin/blacklistd.c Tue Feb 26 21:20:18 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.37 2017/02/18 00:26:16 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.38 2019/02/27 02:20:18 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include "config.h"
#endif
#include
-__RCSID("$NetBSD: blacklistd.c,v 1.37 2017/02/18 00:26:16 christos Exp $");
+__RCSID("$NetBSD: blacklistd.c,v 1.38 2019/02/27 02:20:18 christos Exp $");
#include
#include
@@ -394,7 +394,6 @@ rules_restore(void)
for (f = 1; state_iterate(state, , , f) == 1; f = 0) {
if (dbi.id[0] == '\0')
continue;
- (void)run_change("rem", , dbi.id, 0);
(void)run_change("add", , dbi.id, sizeof(dbi.id));
}
}
@@ -491,7 +490,8 @@ main(int argc, char *argv[])
conf_parse(configfile);
if (flush) {
rules_flush();
- flags |= O_TRUNC;
+ if (!restore)
+ flags |= O_TRUNC;
}
struct pollfd *pfd = NULL;
@@ -522,8 +522,11 @@ main(int argc, char *argv[])
if (state == NULL)
return EXIT_FAILURE;
- if (restore)
+ if (restore) {
+ if (!flush)
+ rules_flush();
rules_restore();
+ }
if (!debug) {
if (daemon(0, 0) == -1)
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Tue Sep 18 22:12:19 UTC 2018
Modified Files:
src/external/bsd/blacklist/bin: support.c
Log Message:
fix ymdhms calculation
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/external/bsd/blacklist/bin/support.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/support.c
diff -u src/external/bsd/blacklist/bin/support.c:1.8 src/external/bsd/blacklist/bin/support.c:1.9
--- src/external/bsd/blacklist/bin/support.c:1.8 Mon Apr 4 11:52:56 2016
+++ src/external/bsd/blacklist/bin/support.c Tue Sep 18 18:12:19 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: support.c,v 1.8 2016/04/04 15:52:56 christos Exp $ */
+/* $NetBSD: support.c,v 1.9 2018/09/18 22:12:19 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: support.c,v 1.8 2016/04/04 15:52:56 christos Exp $");
+__RCSID("$NetBSD: support.c,v 1.9 2018/09/18 22:12:19 christos Exp $");
#include
#include
@@ -105,12 +105,16 @@ fmtydhms(char *b, size_t l, time_t t)
s = t % 60;
t /= 60;
+
m = t % 60;
t /= 60;
- h = t % 60;
+
+ h = t % 24;
t /= 24;
- d = t % 24;
- t /= 356;
+
+ d = t % 365;
+ t /= 365;
+
y = t;
z = 0;
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Thu May 24 19:21:01 UTC 2018
Modified Files:
src/external/bsd/blacklist/bin: blacklistctl.c
Log Message:
One more possible star.
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/external/bsd/blacklist/bin/blacklistctl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistctl.c
diff -u src/external/bsd/blacklist/bin/blacklistctl.c:1.22 src/external/bsd/blacklist/bin/blacklistctl.c:1.23
--- src/external/bsd/blacklist/bin/blacklistctl.c:1.22 Thu May 24 15:19:37 2018
+++ src/external/bsd/blacklist/bin/blacklistctl.c Thu May 24 15:21:01 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistctl.c,v 1.22 2018/05/24 19:19:37 christos Exp $ */
+/* $NetBSD: blacklistctl.c,v 1.23 2018/05/24 19:21:01 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: blacklistctl.c,v 1.22 2018/05/24 19:19:37 christos Exp $");
+__RCSID("$NetBSD: blacklistctl.c,v 1.23 2018/05/24 19:21:01 christos Exp $");
#include
#include
@@ -160,7 +160,8 @@ main(int argc, char *argv[])
else
fmttime(buf, sizeof(buf), dbi.last);
}
- printf("%s\t%d/%d\t%-s\n", dbi.id, dbi.count, c.c_nfail, buf);
+ printf("%s\t%d/%s\t%-s\n", dbi.id, dbi.count,
+ star(mbuf, sizeof(mbuf), c.c_nfail), buf);
}
state_close(db);
return EXIT_SUCCESS;
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Thu May 24 19:19:37 UTC 2018
Modified Files:
src/external/bsd/blacklist/bin: blacklistctl.c
Log Message:
handle '*' entries in rules.
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 src/external/bsd/blacklist/bin/blacklistctl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistctl.c
diff -u src/external/bsd/blacklist/bin/blacklistctl.c:1.21 src/external/bsd/blacklist/bin/blacklistctl.c:1.22
--- src/external/bsd/blacklist/bin/blacklistctl.c:1.21 Tue Nov 1 23:15:07 2016
+++ src/external/bsd/blacklist/bin/blacklistctl.c Thu May 24 15:19:37 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistctl.c,v 1.21 2016/11/02 03:15:07 jnemeth Exp $ */
+/* $NetBSD: blacklistctl.c,v 1.22 2018/05/24 19:19:37 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: blacklistctl.c,v 1.21 2016/11/02 03:15:07 jnemeth Exp $");
+__RCSID("$NetBSD: blacklistctl.c,v 1.22 2018/05/24 19:19:37 christos Exp $");
#include
#include
@@ -67,6 +67,15 @@ usage(int c)
exit(EXIT_FAILURE);
}
+static const char *
+star(char *buf, size_t len, int val)
+{
+ if (val == -1)
+ return "*";
+ snprintf(buf, len, "%d", val);
+ return buf;
+}
+
int
main(int argc, char *argv[])
{
@@ -128,9 +137,10 @@ main(int argc, char *argv[])
"address", remain ? "remaining time" : "last access");
for (i = 1; state_iterate(db, , , i) != 0; i = 0) {
char buf[BUFSIZ];
+ char mbuf[64], pbuf[64];
if (!all) {
if (blocked) {
-if (dbi.count < c.c_nfail)
+if (c.c_nfail == -1 || dbi.count < c.c_nfail)
continue;
} else {
if (dbi.count >= c.c_nfail)
@@ -138,12 +148,18 @@ main(int argc, char *argv[])
}
}
sockaddr_snprintf(buf, sizeof(buf), "%a", (void *)_ss);
- printf("%*.*s/%d:%d\t", wide, wide, buf, c.c_lmask, c.c_port);
- if (remain)
- fmtydhms(buf, sizeof(buf),
- c.c_duration - (ts.tv_sec - dbi.last));
- else
- fmttime(buf, sizeof(buf), dbi.last);
+ printf("%*.*s/%s:%s\t", wide, wide, buf,
+ star(mbuf, sizeof(mbuf), c.c_lmask),
+ star(pbuf, sizeof(pbuf), c.c_port));
+ if (c.c_duration == -1) {
+ strlcpy(buf, "never", sizeof(buf));
+ } else {
+ if (remain)
+fmtydhms(buf, sizeof(buf),
+c.c_duration - (ts.tv_sec - dbi.last));
+ else
+fmttime(buf, sizeof(buf), dbi.last);
+ }
printf("%s\t%d/%d\t%-s\n", dbi.id, dbi.count, c.c_nfail, buf);
}
state_close(db);
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: wiz Date: Wed Jun 7 13:50:57 UTC 2017 Modified Files: src/external/bsd/blacklist/bin: blacklistd.conf.5 Log Message: Add missing argument to macro. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/external/bsd/blacklist/bin/blacklistd.conf.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.conf.5 diff -u src/external/bsd/blacklist/bin/blacklistd.conf.5:1.6 src/external/bsd/blacklist/bin/blacklistd.conf.5:1.7 --- src/external/bsd/blacklist/bin/blacklistd.conf.5:1.6 Mon Jun 5 21:34:58 2017 +++ src/external/bsd/blacklist/bin/blacklistd.conf.5 Wed Jun 7 13:50:57 2017 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.conf.5,v 1.6 2017/06/05 21:34:58 sevan Exp $ +.\" $NetBSD: blacklistd.conf.5,v 1.7 2017/06/07 13:50:57 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -201,7 +201,7 @@ or the block duration. Configuration file. .El .Sh EXAMPLES -.Bd -literal -offset +.Bd -literal -offset 8n # Block ssh, after 3 attempts for 6 hours on the bnx0 interface [local] # location type proto owner name nfail duration
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: sevan Date: Mon Jun 5 21:34:58 UTC 2017 Modified Files: src/external/bsd/blacklist/bin: blacklistd.conf.5 Log Message: Improve wording. Bump date. ok christos To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/external/bsd/blacklist/bin/blacklistd.conf.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.conf.5 diff -u src/external/bsd/blacklist/bin/blacklistd.conf.5:1.5 src/external/bsd/blacklist/bin/blacklistd.conf.5:1.6 --- src/external/bsd/blacklist/bin/blacklistd.conf.5:1.5 Wed Jun 8 12:48:37 2016 +++ src/external/bsd/blacklist/bin/blacklistd.conf.5 Mon Jun 5 21:34:58 2017 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.conf.5,v 1.5 2016/06/08 12:48:37 wiz Exp $ +.\" $NetBSD: blacklistd.conf.5,v 1.6 2017/06/05 21:34:58 sevan Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 7, 2016 +.Dd June 5, 2017 .Dt BLACKLISTD.CONF 5 .Os .Sh NAME @@ -36,12 +36,13 @@ .Sh DESCRIPTION The .Nm -files contains configuration lines for -.Xr blacklistd 8 . -It contains one entry per line, and is similar to +files contains configuration entries for +.Xr blacklistd 8 +in a fashion similar to .Xr inetd.conf 5 . -There must be an entry for each field of the configuration file, with -entries for each field separated by a tab or a space. +Only one entry per line is permitted. +Every entry must have all fields populated. +Each field can be separated by a tab or a space. Comments are denoted by a .Dq # at the beginning of a line. @@ -109,7 +110,7 @@ The can be an IPv4 address in numeric format, an IPv6 address in numeric format and enclosed by square brackets, or an interface name. Mask modifiers are not allowed on interfaces because interfaces -have multiple address in different protocols where the mask has a different +can have multiple addresses in different protocols where the mask has a different size. .Pp The @@ -150,8 +151,8 @@ If the contains a .Dq / , the remaining portion of the name is interpreted as the mask to be -applied to the address specified in the rule, so one can block whole -subnets for a single rule violation. +applied to the address specified in the rule, causing a single rule violation to +block the entire subnet for the configured prefix. .Pp The .Va nfail @@ -176,10 +177,11 @@ for days. .Pp Matching is done first by checking the .Va local -rules one by one, from the most specific to the least specific. +rules individually, in the order of the most specific to the least specific. If a match is found, then the .Va remote -rules are applied, and if a match is found the +rules are applied. +The .Va name , .Va nfail , and @@ -191,8 +193,8 @@ rule that matched. The .Va remote rules can be used for whitelisting specific addresses, changing the mask -size, or the rule that the packet filter uses, the number of failed attempts, -or the blocked duration. +size, the rule that the packet filter uses, the number of failed attempts, +or the block duration. .Sh FILES .Bl -tag -width /etc/blacklistd.conf -compact .It Pa /etc/blacklistd.conf
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Sat Feb 18 00:26:16 UTC 2017
Modified Files:
src/external/bsd/blacklist/bin: blacklistd.c
Log Message:
more debugging from Kurt Lidl
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/external/bsd/blacklist/bin/blacklistd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistd.c
diff -u src/external/bsd/blacklist/bin/blacklistd.c:1.36 src/external/bsd/blacklist/bin/blacklistd.c:1.37
--- src/external/bsd/blacklist/bin/blacklistd.c:1.36 Sun Jan 8 22:05:48 2017
+++ src/external/bsd/blacklist/bin/blacklistd.c Fri Feb 17 19:26:16 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.36 2017/01/09 03:05:48 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.37 2017/02/18 00:26:16 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include "config.h"
#endif
#include
-__RCSID("$NetBSD: blacklistd.c,v 1.36 2017/01/09 03:05:48 christos Exp $");
+__RCSID("$NetBSD: blacklistd.c,v 1.37 2017/02/18 00:26:16 christos Exp $");
#include
#include
@@ -207,7 +207,7 @@ process(bl_t bl)
if (debug) {
char b1[128], b2[128];
- (*lfun)(LOG_DEBUG, "%s: db state info for %s: count=%d/%d "
+ (*lfun)(LOG_DEBUG, "%s: initial db state for %s: count=%d/%d "
"last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail,
fmttime(b1, sizeof(b1), dbi.last),
fmttime(b2, sizeof(b2), ts.tv_sec));
@@ -246,15 +246,24 @@ process(bl_t bl)
case BL_DELETE:
if (dbi.last == 0)
goto out;
+ dbi.count = 0;
dbi.last = 0;
break;
default:
(*lfun)(LOG_ERR, "unknown message %d", bi->bi_type);
}
- if (state_put(state, , ) == -1)
- goto out;
+ state_put(state, , );
+
out:
close(bi->bi_fd);
+
+ if (debug) {
+ char b1[128], b2[128];
+ (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d "
+ "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail,
+ fmttime(b1, sizeof(b1), dbi.last),
+ fmttime(b2, sizeof(b2), ts.tv_sec));
+ }
}
static void
@@ -393,7 +402,7 @@ rules_restore(void)
int
main(int argc, char *argv[])
{
- int c, tout, flags, flush, restore;
+ int c, tout, flags, flush, restore, ret;
const char *spath, **blsock;
size_t nblsock, maxblsock;
@@ -528,7 +537,10 @@ main(int argc, char *argv[])
readconf = 0;
conf_parse(configfile);
}
- switch (poll(pfd, (nfds_t)nfd, tout)) {
+ ret = poll(pfd, (nfds_t)nfd, tout);
+ if (debug)
+ (*lfun)(LOG_DEBUG, "received %d from poll()", ret);
+ switch (ret) {
case -1:
if (errno == EINTR)
continue;
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Mon Jan 9 03:05:48 UTC 2017
Modified Files:
src/external/bsd/blacklist/bin: blacklistd.c
Log Message:
PR/51801: Matthew Mondor: Support multiple -s options and -P and -s at the
same time.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 src/external/bsd/blacklist/bin/blacklistd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistd.c
diff -u src/external/bsd/blacklist/bin/blacklistd.c:1.35 src/external/bsd/blacklist/bin/blacklistd.c:1.36
--- src/external/bsd/blacklist/bin/blacklistd.c:1.35 Mon Sep 26 15:43:43 2016
+++ src/external/bsd/blacklist/bin/blacklistd.c Sun Jan 8 22:05:48 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.35 2016/09/26 19:43:43 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.36 2017/01/09 03:05:48 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include "config.h"
#endif
#include
-__RCSID("$NetBSD: blacklistd.c,v 1.35 2016/09/26 19:43:43 christos Exp $");
+__RCSID("$NetBSD: blacklistd.c,v 1.36 2017/01/09 03:05:48 christos Exp $");
#include
#include
@@ -394,12 +394,14 @@ int
main(int argc, char *argv[])
{
int c, tout, flags, flush, restore;
- const char *spath, *blsock;
+ const char *spath, **blsock;
+ size_t nblsock, maxblsock;
setprogname(argv[0]);
spath = NULL;
- blsock = _PATH_BLSOCK;
+ blsock = NULL;
+ maxblsock = nblsock = 0;
flush = 0;
restore = 0;
tout = 0;
@@ -431,7 +433,17 @@ main(int argc, char *argv[])
restore++;
break;
case 's':
- blsock = optarg;
+ if (nblsock >= maxblsock) {
+maxblsock += 10;
+void *p = realloc(blsock,
+sizeof(*blsock) * maxblsock);
+if (p == NULL)
+err(EXIT_FAILURE,
+ "Can't allocate memory for %zu sockets",
+ maxblsock);
+blsock = p;
+ }
+ blsock[nblsock++] = optarg;
break;
case 't':
tout = atoi(optarg) * 1000;
@@ -478,9 +490,11 @@ main(int argc, char *argv[])
size_t nfd = 0;
size_t maxfd = 0;
- if (spath == NULL)
- addfd(, , , , blsock);
- else {
+ for (size_t i = 0; i < nblsock; i++)
+ addfd(, , , , blsock[i]);
+ free(blsock);
+
+ if (spath) {
FILE *fp = fopen(spath, "r");
char *line;
if (fp == NULL)
@@ -490,6 +504,8 @@ main(int argc, char *argv[])
addfd(, , , , line);
fclose(fp);
}
+ if (nfd == 0)
+ addfd(, , , , _PATH_BLSOCK);
state = state_open(dbfile, flags, 0600);
if (state == NULL)
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: jnemeth
Date: Wed Nov 2 03:15:07 UTC 2016
Modified Files:
src/external/bsd/blacklist/bin: blacklistctl.c
Log Message:
Correct misplaced break; from FreeBSD.
Approved By: christos
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/external/bsd/blacklist/bin/blacklistctl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistctl.c
diff -u src/external/bsd/blacklist/bin/blacklistctl.c:1.20 src/external/bsd/blacklist/bin/blacklistctl.c:1.21
--- src/external/bsd/blacklist/bin/blacklistctl.c:1.20 Mon Apr 4 15:52:56 2016
+++ src/external/bsd/blacklist/bin/blacklistctl.c Wed Nov 2 03:15:07 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistctl.c,v 1.20 2016/04/04 15:52:56 christos Exp $ */
+/* $NetBSD: blacklistctl.c,v 1.21 2016/11/02 03:15:07 jnemeth Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: blacklistctl.c,v 1.20 2016/04/04 15:52:56 christos Exp $");
+__RCSID("$NetBSD: blacklistctl.c,v 1.21 2016/11/02 03:15:07 jnemeth Exp $");
#include
#include
@@ -96,10 +96,10 @@ main(int argc, char *argv[])
break;
case 'b':
blocked = 1;
+ break;
case 'D':
dbname = optarg;
break;
- break;
case 'd':
debug++;
break;
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Mon Sep 26 19:43:43 UTC 2016
Modified Files:
src/external/bsd/blacklist/bin: blacklistd.c state.c
Log Message:
restore rules after the database is open, add error message to prevent
silent failure in the future. (Kurt Lidl)
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/external/bsd/blacklist/bin/blacklistd.c
cvs rdiff -u -r1.18 -r1.19 src/external/bsd/blacklist/bin/state.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistd.c
diff -u src/external/bsd/blacklist/bin/blacklistd.c:1.34 src/external/bsd/blacklist/bin/blacklistd.c:1.35
--- src/external/bsd/blacklist/bin/blacklistd.c:1.34 Mon Apr 4 11:52:56 2016
+++ src/external/bsd/blacklist/bin/blacklistd.c Mon Sep 26 15:43:43 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.34 2016/04/04 15:52:56 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.35 2016/09/26 19:43:43 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include "config.h"
#endif
#include
-__RCSID("$NetBSD: blacklistd.c,v 1.34 2016/04/04 15:52:56 christos Exp $");
+__RCSID("$NetBSD: blacklistd.c,v 1.35 2016/09/26 19:43:43 christos Exp $");
#include
#include
@@ -473,9 +473,6 @@ main(int argc, char *argv[])
flags |= O_TRUNC;
}
- if (restore)
- rules_restore();
-
struct pollfd *pfd = NULL;
bl_t *bl = NULL;
size_t nfd = 0;
@@ -500,6 +497,9 @@ main(int argc, char *argv[])
if (state == NULL)
return EXIT_FAILURE;
+ if (restore)
+ rules_restore();
+
if (!debug) {
if (daemon(0, 0) == -1)
err(EXIT_FAILURE, "daemon failed");
Index: src/external/bsd/blacklist/bin/state.c
diff -u src/external/bsd/blacklist/bin/state.c:1.18 src/external/bsd/blacklist/bin/state.c:1.19
--- src/external/bsd/blacklist/bin/state.c:1.18 Mon Apr 4 11:52:56 2016
+++ src/external/bsd/blacklist/bin/state.c Mon Sep 26 15:43:43 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: state.c,v 1.18 2016/04/04 15:52:56 christos Exp $ */
+/* $NetBSD: state.c,v 1.19 2016/09/26 19:43:43 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: state.c,v 1.18 2016/04/04 15:52:56 christos Exp $");
+__RCSID("$NetBSD: state.c,v 1.19 2016/09/26 19:43:43 christos Exp $");
#include
#include
@@ -200,8 +200,10 @@ state_iterate(DB *db, struct conf *c, st
int rv;
DBT k, v;
- if (db == NULL)
+ if (db == NULL) {
+ (*lfun)(LOG_ERR, "%s: called with no database file", __func__);
return -1;
+ }
first = first ? R_FIRST : R_NEXT;
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: dholland Date: Sat Jul 30 06:09:29 UTC 2016 Modified Files: src/external/bsd/blacklist/bin: blacklistd.8 Log Message: typo To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/external/bsd/blacklist/bin/blacklistd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.17 src/external/bsd/blacklist/bin/blacklistd.8:1.18 --- src/external/bsd/blacklist/bin/blacklistd.8:1.17 Wed Jun 8 12:48:37 2016 +++ src/external/bsd/blacklist/bin/blacklistd.8 Sat Jul 30 06:09:29 2016 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.8,v 1.17 2016/06/08 12:48:37 wiz Exp $ +.\" $NetBSD: blacklistd.8,v 1.18 2016/07/30 06:09:29 dholland Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -47,7 +47,7 @@ .Nm is a daemon similar to .Xr syslogd 8 -that listens to a sockets at paths specified in the +that listens to sockets at paths specified in the .Ar sockpathsfile for notifications from other daemons about successful or failed connection attempts.
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: wiz Date: Wed Jun 8 12:48:38 UTC 2016 Modified Files: src/external/bsd/blacklist/bin: blacklistctl.8 blacklistd.8 blacklistd.conf.5 Log Message: .Fx should only have version numbers as argument. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/external/bsd/blacklist/bin/blacklistctl.8 cvs rdiff -u -r1.16 -r1.17 src/external/bsd/blacklist/bin/blacklistd.8 cvs rdiff -u -r1.4 -r1.5 src/external/bsd/blacklist/bin/blacklistd.conf.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistctl.8 diff -u src/external/bsd/blacklist/bin/blacklistctl.8:1.8 src/external/bsd/blacklist/bin/blacklistctl.8:1.9 --- src/external/bsd/blacklist/bin/blacklistctl.8:1.8 Tue Jun 7 17:31:02 2016 +++ src/external/bsd/blacklist/bin/blacklistctl.8 Wed Jun 8 12:48:37 2016 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistctl.8,v 1.8 2016/06/07 17:31:02 christos Exp $ +.\" $NetBSD: blacklistctl.8,v 1.9 2016/06/08 12:48:37 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -77,7 +77,8 @@ it to make sure that there is only one r .Nm first appeared in .Nx 7 . -.Fx support for +.Fx +support for .Nm was implemented in .Fx 11 . Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.16 src/external/bsd/blacklist/bin/blacklistd.8:1.17 --- src/external/bsd/blacklist/bin/blacklistd.8:1.16 Tue Jun 7 17:31:02 2016 +++ src/external/bsd/blacklist/bin/blacklistd.8 Wed Jun 8 12:48:37 2016 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.8,v 1.16 2016/06/07 17:31:02 christos Exp $ +.\" $NetBSD: blacklistd.8,v 1.17 2016/06/08 12:48:37 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -218,7 +218,8 @@ Socket to receive connection notificatio .Nm first appeared in .Nx 7 . -.Fx support for +.Fx +support for .Nm was implemented in .Fx 11 . Index: src/external/bsd/blacklist/bin/blacklistd.conf.5 diff -u src/external/bsd/blacklist/bin/blacklistd.conf.5:1.4 src/external/bsd/blacklist/bin/blacklistd.conf.5:1.5 --- src/external/bsd/blacklist/bin/blacklistd.conf.5:1.4 Tue Jun 7 17:31:02 2016 +++ src/external/bsd/blacklist/bin/blacklistd.conf.5 Wed Jun 8 12:48:37 2016 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.conf.5,v 1.4 2016/06/07 17:31:02 christos Exp $ +.\" $NetBSD: blacklistd.conf.5,v 1.5 2016/06/08 12:48:37 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -218,7 +218,8 @@ bnx0:ssh * * * * 3 6h .Nm first appeared in .Nx 7 . -.Fx support for +.Fx +support for .Nm was implemented in .Fx 11 .
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Tue Jun 7 17:31:02 UTC 2016 Modified Files: src/external/bsd/blacklist/bin: blacklistctl.8 blacklistd.8 blacklistd.conf.5 Log Message: Add FreeBSD release notes (Kurt Lidl) To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/external/bsd/blacklist/bin/blacklistctl.8 cvs rdiff -u -r1.15 -r1.16 src/external/bsd/blacklist/bin/blacklistd.8 cvs rdiff -u -r1.3 -r1.4 src/external/bsd/blacklist/bin/blacklistd.conf.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistctl.8 diff -u src/external/bsd/blacklist/bin/blacklistctl.8:1.7 src/external/bsd/blacklist/bin/blacklistctl.8:1.8 --- src/external/bsd/blacklist/bin/blacklistctl.8:1.7 Thu Apr 30 02:20:43 2015 +++ src/external/bsd/blacklist/bin/blacklistctl.8 Tue Jun 7 13:31:02 2016 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistctl.8,v 1.7 2015/04/30 06:20:43 riz Exp $ +.\" $NetBSD: blacklistctl.8,v 1.8 2016/06/07 17:31:02 christos Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd April 29, 2015 +.Dd June 7, 2016 .Dt BLACKLISTCTL 8 .Os .Sh NAME @@ -75,7 +75,11 @@ will first attempt to remove the existin it to make sure that there is only one rule active. .Sh HISTORY .Nm -appeared in +first appeared in .Nx 7 . +.Fx support for +.Nm +was implemented in +.Fx 11 . .Sh AUTHORS .An Christos Zoulas Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.15 src/external/bsd/blacklist/bin/blacklistd.8:1.16 --- src/external/bsd/blacklist/bin/blacklistd.8:1.15 Fri Mar 11 12:16:40 2016 +++ src/external/bsd/blacklist/bin/blacklistd.8 Tue Jun 7 13:31:02 2016 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.8,v 1.15 2016/03/11 17:16:40 christos Exp $ +.\" $NetBSD: blacklistd.8,v 1.16 2016/06/07 17:31:02 christos Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 4, 2015 +.Dd June 7, 2016 .Dt BLACKLISTD 8 .Os .Sh NAME @@ -216,7 +216,11 @@ Socket to receive connection notificatio .Xr syslogd 8 .Sh HISTORY .Nm -appeared in +first appeared in .Nx 7 . +.Fx support for +.Nm +was implemented in +.Fx 11 . .Sh AUTHORS .An Christos Zoulas Index: src/external/bsd/blacklist/bin/blacklistd.conf.5 diff -u src/external/bsd/blacklist/bin/blacklistd.conf.5:1.3 src/external/bsd/blacklist/bin/blacklistd.conf.5:1.4 --- src/external/bsd/blacklist/bin/blacklistd.conf.5:1.3 Thu Apr 30 02:20:43 2015 +++ src/external/bsd/blacklist/bin/blacklistd.conf.5 Tue Jun 7 13:31:02 2016 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.conf.5,v 1.3 2015/04/30 06:20:43 riz Exp $ +.\" $NetBSD: blacklistd.conf.5,v 1.4 2016/06/07 17:31:02 christos Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd April 29, 2015 +.Dd June 7, 2016 .Dt BLACKLISTD.CONF 5 .Os .Sh NAME @@ -216,7 +216,11 @@ bnx0:ssh * * * * 3 6h .Xr blacklistd 8 .Sh HISTORY .Nm -appeared in +first appeared in .Nx 7 . +.Fx support for +.Nm +was implemented in +.Fx 11 . .Sh AUTHORS .An Christos Zoulas
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Mon Apr 4 15:52:56 UTC 2016
Modified Files:
src/external/bsd/blacklist/bin: blacklistctl.c blacklistd.c conf.c
internal.h run.c state.c support.c support.h
Log Message:
FreeBSD patches from Kurt Lidl.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/external/bsd/blacklist/bin/blacklistctl.c
cvs rdiff -u -r1.33 -r1.34 src/external/bsd/blacklist/bin/blacklistd.c
cvs rdiff -u -r1.23 -r1.24 src/external/bsd/blacklist/bin/conf.c
cvs rdiff -u -r1.13 -r1.14 src/external/bsd/blacklist/bin/internal.h \
src/external/bsd/blacklist/bin/run.c
cvs rdiff -u -r1.17 -r1.18 src/external/bsd/blacklist/bin/state.c
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/blacklist/bin/support.c
cvs rdiff -u -r1.6 -r1.7 src/external/bsd/blacklist/bin/support.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistctl.c
diff -u src/external/bsd/blacklist/bin/blacklistctl.c:1.19 src/external/bsd/blacklist/bin/blacklistctl.c:1.20
--- src/external/bsd/blacklist/bin/blacklistctl.c:1.19 Wed Nov 4 11:21:52 2015
+++ src/external/bsd/blacklist/bin/blacklistctl.c Mon Apr 4 11:52:56 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistctl.c,v 1.19 2015/11/04 16:21:52 christos Exp $ */
+/* $NetBSD: blacklistctl.c,v 1.20 2016/04/04 15:52:56 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,10 +33,13 @@
#endif
#include
-__RCSID("$NetBSD: blacklistctl.c,v 1.19 2015/11/04 16:21:52 christos Exp $");
+__RCSID("$NetBSD: blacklistctl.c,v 1.20 2016/04/04 15:52:56 christos Exp $");
#include
#include
+#ifdef HAVE_LIBUTIL_H
+#include
+#endif
#ifdef HAVE_UTIL_H
#include
#endif
Index: src/external/bsd/blacklist/bin/blacklistd.c
diff -u src/external/bsd/blacklist/bin/blacklistd.c:1.33 src/external/bsd/blacklist/bin/blacklistd.c:1.34
--- src/external/bsd/blacklist/bin/blacklistd.c:1.33 Sat Jun 20 21:13:21 2015
+++ src/external/bsd/blacklist/bin/blacklistd.c Mon Apr 4 11:52:56 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.33 2015/06/21 01:13:21 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.34 2016/04/04 15:52:56 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,12 +32,15 @@
#include "config.h"
#endif
#include
-__RCSID("$NetBSD: blacklistd.c,v 1.33 2015/06/21 01:13:21 christos Exp $");
+__RCSID("$NetBSD: blacklistd.c,v 1.34 2016/04/04 15:52:56 christos Exp $");
#include
#include
#include
+#ifdef HAVE_LIBUTIL_H
+#include
+#endif
#ifdef HAVE_UTIL_H
#include
#endif
Index: src/external/bsd/blacklist/bin/conf.c
diff -u src/external/bsd/blacklist/bin/conf.c:1.23 src/external/bsd/blacklist/bin/conf.c:1.24
--- src/external/bsd/blacklist/bin/conf.c:1.23 Wed Jun 3 11:11:40 2015
+++ src/external/bsd/blacklist/bin/conf.c Mon Apr 4 11:52:56 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.23 2015/06/03 15:11:40 christos Exp $ */
+/* $NetBSD: conf.c,v 1.24 2016/04/04 15:52:56 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,9 +33,15 @@
#endif
#include
-__RCSID("$NetBSD: conf.c,v 1.23 2015/06/03 15:11:40 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.24 2016/04/04 15:52:56 christos Exp $");
#include
+#ifdef HAVE_LIBUTIL_H
+#include
+#endif
+#ifdef HAVE_UTIL_H
+#include
+#endif
#include
#include
#include
@@ -43,9 +49,6 @@ __RCSID("$NetBSD: conf.c,v 1.23 2015/06/
#include
#include
#include
-#ifdef HAVE_UTIL_H
-#include
-#endif
#include
#include
#include
@@ -495,8 +498,8 @@ out:
if (debug > 1) {
char b1[256], b2[256];
len <<= 2;
- hexdump(b1, sizeof(b1), "a1", v1, len);
- hexdump(b2, sizeof(b2), "a2", v2, len);
+ blhexdump(b1, sizeof(b1), "a1", v1, len);
+ blhexdump(b2, sizeof(b2), "a2", v2, len);
(*lfun)(LOG_DEBUG, "%s: %s != %s [0x%x]", __func__,
b1, b2, omask);
}
Index: src/external/bsd/blacklist/bin/internal.h
diff -u src/external/bsd/blacklist/bin/internal.h:1.13 src/external/bsd/blacklist/bin/internal.h:1.14
--- src/external/bsd/blacklist/bin/internal.h:1.13 Wed Oct 14 12:01:29 2015
+++ src/external/bsd/blacklist/bin/internal.h Mon Apr 4 11:52:56 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: internal.h,v 1.13 2015/10/14 16:01:29 christos Exp $ */
+/* $NetBSD: internal.h,v 1.14 2016/04/04 15:52:56 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -51,7 +51,7 @@ extern struct ifaddrs *ifas;
#define __syslog__ __printf__
#endif
-void (*lfun)(int, const char *, ...)
+extern void (*lfun)(int, const char *, ...)
__attribute__((__format__(__syslog__, 2, 3)));
#endif /* _INTERNAL_H */
Index: src/external/bsd/blacklist/bin/run.c
diff -u src/external/bsd/blacklist/bin/run.c:1.13 src/external/bsd/blacklist/bin/run.c:1.14
--- src/external/bsd/blacklist/bin/run.c:1.13 Tue Jun 2 10:02:10 2015
+++ src/external/bsd/blacklist/bin/run.c Mon Apr 4 11:52:56
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Wed Nov 4 16:21:52 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: blacklistctl.c
Log Message:
add 'n' to getopt
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/external/bsd/blacklist/bin/blacklistctl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistctl.c
diff -u src/external/bsd/blacklist/bin/blacklistctl.c:1.18 src/external/bsd/blacklist/bin/blacklistctl.c:1.19
--- src/external/bsd/blacklist/bin/blacklistctl.c:1.18 Tue Jun 2 10:02:10 2015
+++ src/external/bsd/blacklist/bin/blacklistctl.c Wed Nov 4 11:21:52 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistctl.c,v 1.18 2015/06/02 14:02:10 christos Exp $ */
+/* $NetBSD: blacklistctl.c,v 1.19 2015/11/04 16:21:52 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: blacklistctl.c,v 1.18 2015/06/02 14:02:10 christos Exp $");
+__RCSID("$NetBSD: blacklistctl.c,v 1.19 2015/11/04 16:21:52 christos Exp $");
#include
#include
@@ -85,7 +85,7 @@ main(int argc, char *argv[])
argc--;
argv++;
- while ((o = getopt(argc, argv, "abD:drw")) != -1)
+ while ((o = getopt(argc, argv, "abD:dnrw")) != -1)
switch (o) {
case 'a':
all = 1;
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Wed Oct 14 16:01:29 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: internal.h Log Message: syslog attribute. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/external/bsd/blacklist/bin/internal.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/internal.h diff -u src/external/bsd/blacklist/bin/internal.h:1.12 src/external/bsd/blacklist/bin/internal.h:1.13 --- src/external/bsd/blacklist/bin/internal.h:1.12 Tue Jan 27 14:40:37 2015 +++ src/external/bsd/blacklist/bin/internal.h Wed Oct 14 12:01:29 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: internal.h,v 1.12 2015/01/27 19:40:37 christos Exp $ */ +/* $NetBSD: internal.h,v 1.13 2015/10/14 16:01:29 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -47,7 +47,11 @@ extern const char *rulename; extern const char *controlprog; extern struct ifaddrs *ifas; +#if !defined(__syslog_attribute__) && !defined(__syslog__) +#define __syslog__ __printf__ +#endif + void (*lfun)(int, const char *, ...) -__attribute__((__format__(__printf__, 2, 3))); +__attribute__((__format__(__syslog__, 2, 3))); #endif /* _INTERNAL_H */
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Sun Jun 21 01:13:21 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: blacklistd.c
Log Message:
Restart the loop each time we delete an entry because the hash code does
not handle it well. Is that a db bug?
To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 src/external/bsd/blacklist/bin/blacklistd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistd.c
diff -u src/external/bsd/blacklist/bin/blacklistd.c:1.32 src/external/bsd/blacklist/bin/blacklistd.c:1.33
--- src/external/bsd/blacklist/bin/blacklistd.c:1.32 Wed Jan 28 17:30:42 2015
+++ src/external/bsd/blacklist/bin/blacklistd.c Sat Jun 20 21:13:21 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.32 2015/01/28 22:30:42 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.33 2015/06/21 01:13:21 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include config.h
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: blacklistd.c,v 1.32 2015/01/28 22:30:42 christos Exp $);
+__RCSID($NetBSD: blacklistd.c,v 1.33 2015/06/21 01:13:21 christos Exp $);
#include sys/types.h
#include sys/socket.h
@@ -284,6 +284,7 @@ update(void)
return;
}
+again:
for (n = 0, f = 1; state_iterate(state, c, dbi, f) == 1;
f = 0, n++)
{
@@ -305,6 +306,7 @@ update(void)
buf, c.c_lmask, c.c_port, c.c_duration);
}
state_del(state, c);
+ goto again;
}
}
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: wiz Date: Thu Jun 4 16:11:48 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: blacklistd.8 Log Message: Whitespace and macro fixes. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/external/bsd/blacklist/bin/blacklistd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.13 src/external/bsd/blacklist/bin/blacklistd.8:1.14 --- src/external/bsd/blacklist/bin/blacklistd.8:1.13 Thu Jun 4 16:01:09 2015 +++ src/external/bsd/blacklist/bin/blacklistd.8 Thu Jun 4 16:11:48 2015 @@ -1,4 +1,4 @@ -.\ $NetBSD: blacklistd.8,v 1.13 2015/06/04 16:01:09 christos Exp $ +.\ $NetBSD: blacklistd.8,v 1.14 2015/06/04 16:11:48 wiz Exp $ .\ .\ Copyright (c) 2015 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -111,7 +111,6 @@ seconds (default .Dv 15 ) and removes entries and block rules using the control program as necessary. .Pp -.Pp The following options are available: .Bl -tag -width indent .It Fl C Ar controlprog @@ -120,13 +119,13 @@ Use to communicate with the packet filter, usually .Pa /libexec/blacklistd-helper . The following arguments are passed to the control program: -.Bl -tag -width protocol indent +.Bl -tag -width protocol .It action -The action to perform: +The action to perform: .Dv add , .Dv rem , or -.Dv flush +.Dv flush to add, remove or flush a firewall rule. .It name The rule name.
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Thu Jun 4 16:01:09 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: blacklistd.8 Log Message: Document the options as a list instead of embedded text. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/external/bsd/blacklist/bin/blacklistd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.12 src/external/bsd/blacklist/bin/blacklistd.8:1.13 --- src/external/bsd/blacklist/bin/blacklistd.8:1.12 Tue Jun 2 17:03:46 2015 +++ src/external/bsd/blacklist/bin/blacklistd.8 Thu Jun 4 12:01:09 2015 @@ -1,4 +1,4 @@ -.\ $NetBSD: blacklistd.8,v 1.12 2015/06/02 21:03:46 snj Exp $ +.\ $NetBSD: blacklistd.8,v 1.13 2015/06/04 16:01:09 christos Exp $ .\ .\ Copyright (c) 2015 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\ POSSIBILITY OF SUCH DAMAGE. .\ -.Dd April 29, 2015 +.Dd June 4, 2015 .Dt BLACKLISTD 8 .Os .Sh NAME @@ -90,7 +90,7 @@ If the action is .Dq remove Then the same control script is invoked as: .Bd -literal -offset indent -control add rulename proto address mask port +control remove rulename proto address mask port id .Ed .Pp where @@ -103,19 +103,6 @@ action. maintains a database of known connections in .Ar dbfile . On startup it reads entries from that file, and updates its internal state. -If the -.Fl f -flag is specified, then the database is truncated an all the rules named -.Ar rulename -are deleted by invoking the control script as: -.Bd -literal -offset indent -control flush rulename -.Ed -If the -.Fl r -flag is specified, the firewall rules are re-read from the internal database -and are removed and re-added. -This helps for packet filters that don't retain state across reboots. .Pp .Nm checks the list of active entries every @@ -124,22 +111,94 @@ seconds (default .Dv 15 ) and removes entries and block rules using the control program as necessary. .Pp +.Pp +The following options are available: +.Bl -tag -width indent +.It Fl C Ar controlprog +Use +.Ar controlprog +to communicate with the packet filter, usually +.Pa /libexec/blacklistd-helper . +The following arguments are passed to the control program: +.Bl -tag -width protocol indent +.It action +The action to perform: +.Dv add , +.Dv rem , +or +.Dv flush +to add, remove or flush a firewall rule. +.It name +The rule name. +.It protocol +The optional protocol name (can be empty): +.Dv tcp , +.Dv tcp6 , +.Dv udp , +.Dv udp6 . +.It address +The IPv4 or IPv6 numeric address to be blocked or released. +.It mask +The numeric mask to be applied to the blocked or released address +.It port +The optional numeric port to be blocked (can be empty). +.It id +For packet filters that support removal of rules by rule identifier, the +identifier of the rule to be removed. +The add command is expected to return the rule identifier string to stdout. +.El +.It Fl c Ar configuration +The name of the configuration file to read, usually +.Pa /etc/blacklistd.conf . +.It Fl D Ar dbfile +The Berkeley DB file where +.Nm +stores its state, usually +.Pa /var/run/blacklistd.db . +.It Fl d Normally, .Nm -disassociates itself from the terminal and writes messages to -.Xr syslogd 8 , -unless the +disassociates itself from the terminal unless the .Fl d flag is specified, in which case it stays in the foreground. -The -.Fl v -cases +.It Fl f +Truncate the state database and flush all the rules named +.Ar rulename +are deleted by invoking the control script as: +.Bd -literal -offset indent +control flush rulename +.Ed +.It Fl P Ar sockspathsfile +A file containing a list of pathnames, one per line that +.Nm +will create sockets to listen to. +This is useful for chrooted environments. +.It Fl R Ar rulename +Specify the default rule name for the packet filter rules, usually +.Dv blacklistd . +.It Fl r +Re-read the firewall rules from the internal database, then +remove and re-add them. +This helps for packet filters that don't retain state across reboots. +.It Fl s Ar sockpath +Add +.Ar sockpath +to the list of Unix sockets +.Nm +listens to. +.It Fl t Ar timeout +The interval in seconds +.Nm +polls the state file to update the rules. +.It Fl v +Cause .Nm to print diagnostic messages to .Dv stdout instead of .Xr syslogd 8 . +.El .Sh FILES .Bl -tag -width /libexec/blacklistd-helper -compact .It Pa /libexec/blacklistd-helper
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Wed Jun 3 15:11:40 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: conf.c
Log Message:
dissallow interface spec in remote config (since we check against the remote
address, it does not make sense).
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/external/bsd/blacklist/bin/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/conf.c
diff -u src/external/bsd/blacklist/bin/conf.c:1.22 src/external/bsd/blacklist/bin/conf.c:1.23
--- src/external/bsd/blacklist/bin/conf.c:1.22 Tue Jun 2 16:52:00 2015
+++ src/external/bsd/blacklist/bin/conf.c Wed Jun 3 11:11:40 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.22 2015/06/02 20:52:00 christos Exp $ */
+/* $NetBSD: conf.c,v 1.23 2015/06/03 15:11:40 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: conf.c,v 1.22 2015/06/02 20:52:00 christos Exp $);
+__RCSID($NetBSD: conf.c,v 1.23 2015/06/03 15:11:40 christos Exp $);
#include stdio.h
#include string.h
@@ -271,6 +271,8 @@ gethostport(const char *f, size_t l, boo
(*lfun)(LOG_DEBUG, %s: host4 %s, __func__, p);
if (strcmp(p, *) != 0) {
if (conf_is_interface(p)) {
+if (!local)
+ goto out2;
if (debug)
(*lfun)(LOG_DEBUG, %s: interface %s,
__func__, p);
@@ -308,6 +310,10 @@ out1:
(*lfun)(LOG_ERR, %s: %s, %zu: Can't specify mask %d with
interface [%s], __func__, f, l, c-c_lmask, p);
return -1;
+out2:
+ (*lfun)(LOG_ERR, %s: %s, %zu: Interface spec does not make sense
+ with remote config [%s], __func__, f, l, p);
+ return -1;
}
static int
@@ -490,7 +496,7 @@ out:
char b1[256], b2[256];
len = 2;
hexdump(b1, sizeof(b1), a1, v1, len);
- hexdump(b2, sizeof(b2), a1, v2, len);
+ hexdump(b2, sizeof(b2), a2, v2, len);
(*lfun)(LOG_DEBUG, %s: %s != %s [0x%x], __func__,
b1, b2, omask);
}
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Tue Jun 2 20:52:00 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: conf.c
Log Message:
restore address length before printing.
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 src/external/bsd/blacklist/bin/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/conf.c
diff -u src/external/bsd/blacklist/bin/conf.c:1.21 src/external/bsd/blacklist/bin/conf.c:1.22
--- src/external/bsd/blacklist/bin/conf.c:1.21 Tue Jun 2 10:02:10 2015
+++ src/external/bsd/blacklist/bin/conf.c Tue Jun 2 16:52:00 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.21 2015/06/02 14:02:10 christos Exp $ */
+/* $NetBSD: conf.c,v 1.22 2015/06/02 20:52:00 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: conf.c,v 1.21 2015/06/02 14:02:10 christos Exp $);
+__RCSID($NetBSD: conf.c,v 1.22 2015/06/02 20:52:00 christos Exp $);
#include stdio.h
#include string.h
@@ -488,6 +488,7 @@ conf_amask_eq(const void *v1, const void
out:
if (debug 1) {
char b1[256], b2[256];
+ len = 2;
hexdump(b1, sizeof(b1), a1, v1, len);
hexdump(b2, sizeof(b2), a1, v2, len);
(*lfun)(LOG_DEBUG, %s: %s != %s [0x%x], __func__,
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: snj Date: Tue Jun 2 21:03:46 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: blacklistd.8 Log Message: prune bogus comma from Nm args To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/external/bsd/blacklist/bin/blacklistd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.11 src/external/bsd/blacklist/bin/blacklistd.8:1.12 --- src/external/bsd/blacklist/bin/blacklistd.8:1.11 Thu Apr 30 06:20:43 2015 +++ src/external/bsd/blacklist/bin/blacklistd.8 Tue Jun 2 21:03:46 2015 @@ -1,4 +1,4 @@ -.\ $NetBSD: blacklistd.8,v 1.11 2015/04/30 06:20:43 riz Exp $ +.\ $NetBSD: blacklistd.8,v 1.12 2015/06/02 21:03:46 snj Exp $ .\ .\ Copyright (c) 2015 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -31,7 +31,7 @@ .Dt BLACKLISTD 8 .Os .Sh NAME -.Nm blacklistd , +.Nm blacklistd .Nd block and release ports on demand to avoid DoS abuse .Sh SYNOPSIS .Nm
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Tue Jun 2 14:02:10 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: blacklistctl.c conf.c run.c state.c
support.c support.h
Log Message:
Add more debugging, simplify.
Use symbolic constants: -2=FEQUALS, -1=FSTAR
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/external/bsd/blacklist/bin/blacklistctl.c
cvs rdiff -u -r1.20 -r1.21 src/external/bsd/blacklist/bin/conf.c
cvs rdiff -u -r1.12 -r1.13 src/external/bsd/blacklist/bin/run.c
cvs rdiff -u -r1.16 -r1.17 src/external/bsd/blacklist/bin/state.c
cvs rdiff -u -r1.6 -r1.7 src/external/bsd/blacklist/bin/support.c
cvs rdiff -u -r1.5 -r1.6 src/external/bsd/blacklist/bin/support.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistctl.c
diff -u src/external/bsd/blacklist/bin/blacklistctl.c:1.17 src/external/bsd/blacklist/bin/blacklistctl.c:1.18
--- src/external/bsd/blacklist/bin/blacklistctl.c:1.17 Mon Feb 2 17:01:55 2015
+++ src/external/bsd/blacklist/bin/blacklistctl.c Tue Jun 2 10:02:10 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistctl.c,v 1.17 2015/02/02 22:01:55 christos Exp $ */
+/* $NetBSD: blacklistctl.c,v 1.18 2015/06/02 14:02:10 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: blacklistctl.c,v 1.17 2015/02/02 22:01:55 christos Exp $);
+__RCSID($NetBSD: blacklistctl.c,v 1.18 2015/06/02 14:02:10 christos Exp $);
#include stdio.h
#include time.h
@@ -85,7 +85,7 @@ main(int argc, char *argv[])
argc--;
argv++;
- while ((o = getopt(argc, argv, abdrw)) != -1)
+ while ((o = getopt(argc, argv, abD:drw)) != -1)
switch (o) {
case 'a':
all = 1;
@@ -93,6 +93,9 @@ main(int argc, char *argv[])
break;
case 'b':
blocked = 1;
+ case 'D':
+ dbname = optarg;
+ break;
break;
case 'd':
debug++;
Index: src/external/bsd/blacklist/bin/conf.c
diff -u src/external/bsd/blacklist/bin/conf.c:1.20 src/external/bsd/blacklist/bin/conf.c:1.21
--- src/external/bsd/blacklist/bin/conf.c:1.20 Sat May 30 18:39:14 2015
+++ src/external/bsd/blacklist/bin/conf.c Tue Jun 2 10:02:10 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.20 2015/05/30 22:39:14 christos Exp $ */
+/* $NetBSD: conf.c,v 1.21 2015/06/02 14:02:10 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: conf.c,v 1.20 2015/05/30 22:39:14 christos Exp $);
+__RCSID($NetBSD: conf.c,v 1.21 2015/06/02 14:02:10 christos Exp $);
#include stdio.h
#include string.h
@@ -56,6 +56,7 @@ __RCSID($NetBSD: conf.c,v 1.20 2015/05/
#include bl.h
#include internal.h
+#include support.h
#include conf.h
@@ -71,6 +72,9 @@ struct sockaddr_if {
static int conf_is_interface(const char *);
+#define FSTAR -1
+#define FEQUAL -2
+
static void
advance(char **p)
{
@@ -91,13 +95,13 @@ getnum(const char *f, size_t l, bool loc
int *r = rp;
if (strcmp(p, *) == 0) {
- *r = -1;
+ *r = FSTAR;
return 0;
}
if (strcmp(p, =) == 0) {
if (local)
goto out;
- *r = -2;
+ *r = FEQUAL;
return 0;
}
@@ -134,13 +138,13 @@ getsecs(const char *f, size_t l, bool lo
tot = 0;
if (strcmp(p, *) == 0) {
- c-c_duration = -1;
+ c-c_duration = FSTAR;
return 0;
}
if (strcmp(p, =) == 0) {
if (local)
goto out;
- c-c_duration = -2;
+ c-c_duration = FEQUAL;
return 0;
}
again:
@@ -204,39 +208,22 @@ getport(const char *f, size_t l, bool lo
}
static int
-getmask(const char *f, size_t l, bool local __unused, const char **p, int def)
+getmask(const char *f, size_t l, bool local, const char **p, int *mask)
{
char *d;
- int e;
- intmax_t im;
const char *s = *p;
if ((d = strchr(s, ':')) != NULL) {
*d++ = '\0';
*p = d;
}
- if ((d = strchr(s, '/')) == NULL)
- return def;
-
- *d++ = '\0';
- if (strcmp(d, =) == 0) {
- if (local)
- goto out;
- return -2;
+ if ((d = strchr(s, '/')) == NULL) {
+ *mask = FSTAR;
+ return 0;
}
- if (strcmp(d, *) == 0)
- return def;
-
- im = strtoi(d, NULL, 0, 0, def, e);
- if (e == 0)
- return (int)im;
- (*lfun)(LOG_ERR, %s: %s, %zu: Bad mask [%s], __func__, f, l, d);
- return -1;
-out:
- (*lfun)(LOG_ERR, %s: %s, %zu: `=' name not allowed in local
- config, __func__, f, l);
- return -1;
+ *d++ = '\0';
+ return getnum(f, l, local, mask, mask, d);
}
static int
@@ -247,8 +234,8 @@ gethostport(const char *f, size_t l, boo
const char *pstr;
if (strcmp(p, *) == 0) {
- c-c_port = -1;
- c-c_lmask = -1;
+ c-c_port = FSTAR;
+ c-c_lmask = FSTAR;
return 0;
}
@@ -259,12 +246,9 @@ gethostport(const char *f, size_t l, boo
} else
pstr = p;
- if ((c-c_lmask = getmask(f, l, local, pstr, 256)) == -1)
+ if (getmask(f, l, local, pstr, c-c_lmask) == -1)
goto out;
- if (c-c_lmask == 256)
-
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Sat May 30 22:39:14 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: conf.c
Log Message:
Centralize and fix =/* parsing, now =/24 works again.
XXX: pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/external/bsd/blacklist/bin/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/conf.c
diff -u src/external/bsd/blacklist/bin/conf.c:1.19 src/external/bsd/blacklist/bin/conf.c:1.20
--- src/external/bsd/blacklist/bin/conf.c:1.19 Wed May 27 18:39:01 2015
+++ src/external/bsd/blacklist/bin/conf.c Sat May 30 18:39:14 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.19 2015/05/27 22:39:01 christos Exp $ */
+/* $NetBSD: conf.c,v 1.20 2015/05/30 22:39:14 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: conf.c,v 1.19 2015/05/27 22:39:01 christos Exp $);
+__RCSID($NetBSD: conf.c,v 1.20 2015/05/30 22:39:14 christos Exp $);
#include stdio.h
#include string.h
@@ -83,20 +83,38 @@ advance(char **p)
}
static int
-getnum(const char *f, size_t l, void *r, const char *p)
+getnum(const char *f, size_t l, bool local, void *rp, const char *name,
+const char *p)
{
int e;
intmax_t im;
+ int *r = rp;
+
+ if (strcmp(p, *) == 0) {
+ *r = -1;
+ return 0;
+ }
+ if (strcmp(p, =) == 0) {
+ if (local)
+ goto out;
+ *r = -2;
+ return 0;
+ }
im = strtoi(p, NULL, 0, 0, INT_MAX, e);
if (e == 0) {
- *(int *)r = (int)im;
+ *r = (int)im;
return 0;
}
if (f == NULL)
return -1;
- (*lfun)(LOG_ERR, %s: %s, %zu: Bad number [%s], __func__, f, l, p);
+ (*lfun)(LOG_ERR, %s: %s, %zu: Bad number for %s [%s], __func__, f, l,
+ name, p);
+ return -1;
+out:
+ (*lfun)(LOG_ERR, %s: %s, %zu: `=' for %s not allowed in local config,
+ __func__, f, l, name);
return -1;
}
@@ -104,25 +122,7 @@ getnum(const char *f, size_t l, void *r,
static int
getnfail(const char *f, size_t l, bool local, struct conf *c, const char *p)
{
- if (strcmp(p, *) == 0) {
- c-c_nfail = -1;
- return 0;
- }
- if (strcmp(p, =) == 0) {
- if (local)
- goto out;
- c-c_nfail = -2;
- return 0;
- }
- if (getnum(NULL, 0, c-c_nfail, p) == 0)
- return 0;
-
- (*lfun)(LOG_ERR, %s: %s, %zu: Bad nfail [%s], __func__, f, l, p);
- return -1;
-out:
- (*lfun)(LOG_ERR, %s: %s, %zu: `=' nfail not allowed in local config,
- __func__, f, l);
- return -1;
+ return getnum(f, l, local, c-c_nfail, nfail, p);
}
static int
@@ -186,7 +186,7 @@ out:
}
static int
-getport(const char *f, size_t l, void *r, const char *p)
+getport(const char *f, size_t l, bool local, void *r, const char *p)
{
struct servent *sv;
@@ -200,11 +200,7 @@ getport(const char *f, size_t l, void *r
return 0;
}
- if (getnum(NULL, 0, r, p) == 0)
- return 0;
-
- (*lfun)(LOG_ERR, %s: %s, %zu: Bad service [%s], __func__, f, l, p);
- return -1;
+ return getnum(f, l, local, r, service, p);
}
static int
@@ -317,7 +313,7 @@ gethostport(const char *f, size_t l, boo
if (strcmp(pstr, *) == 0)
c-c_port = -1;
- else if (getport(f, l, c-c_port, pstr) == -1)
+ else if (getport(f, l, local, c-c_port, pstr) == -1)
return -1;
if (port c-c_port != -1)
@@ -336,10 +332,6 @@ static int
getproto(const char *f, size_t l, bool local __unused, struct conf *c,
const char *p)
{
- if (strcmp(p, *) == 0) {
- c-c_proto = -1;
- return 0;
- }
if (strcmp(p, stream) == 0) {
c-c_proto = IPPROTO_TCP;
return 0;
@@ -348,31 +340,18 @@ getproto(const char *f, size_t l, bool l
c-c_proto = IPPROTO_UDP;
return 0;
}
- if (getnum(NULL, 0, c-c_proto, p) == 0)
- return 0;
-
- (*lfun)(LOG_ERR, %s: %s, %zu: Bad protocol [%s], __func__, f, l, p);
- return -1;
+ return getnum(f, l, local, c-c_proto, protocol, p);
}
static int
getfamily(const char *f, size_t l, bool local __unused, struct conf *c,
const char *p)
{
- if (strcmp(p, *) == 0) {
- c-c_family = -1;
- return 0;
- }
-
if (strncmp(p, tcp, 3) == 0 || strncmp(p, udp, 3) == 0) {
c-c_family = p[3] == '6' ? AF_INET6 : AF_INET;
return 0;
}
- if (getnum(NULL, 0, c-c_family, p) == 0)
- return 0;
-
- (*lfun)(LOG_ERR, %s: %s, %zu: Bad family [%s], __func__, f, l, p);
- return -1;
+ return getnum(f, l, local, c-c_family, family, p);
}
static int
@@ -381,21 +360,12 @@ getuid(const char *f, size_t l, bool loc
{
struct passwd *pw;
- if (strcmp(p, *) == 0) {
- c-c_uid = -1;
- return 0;
- }
-
if ((pw = getpwnam(p)) != NULL) {
c-c_uid = (int)pw-pw_uid;
return 0;
}
- if (getnum(NULL, 0, c-c_uid, p) == 0)
- return 0;
-
- (*lfun)(LOG_ERR, %s: %s, %zu: Bad user [%s], __func__, f, l, p);
- return -1;
+ return getnum(f, l, local, c-c_uid, user, p);
}
@@ -720,7 +690,7 @@ conf_eq(const struct conf *c1, const str
return 0;
#define CMP(a, b, f) \
- if ((a)-f != (b)-f
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Wed May 27 22:37:37 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: state.c Log Message: print the key in human readable form when debugging. To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 src/external/bsd/blacklist/bin/state.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/state.c diff -u src/external/bsd/blacklist/bin/state.c:1.15 src/external/bsd/blacklist/bin/state.c:1.16 --- src/external/bsd/blacklist/bin/state.c:1.15 Tue Jan 27 14:40:37 2015 +++ src/external/bsd/blacklist/bin/state.c Wed May 27 18:37:37 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: state.c,v 1.15 2015/01/27 19:40:37 christos Exp $ */ +/* $NetBSD: state.c,v 1.16 2015/05/27 22:37:37 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #endif #include sys/cdefs.h -__RCSID($NetBSD: state.c,v 1.15 2015/01/27 19:40:37 christos Exp $); +__RCSID($NetBSD: state.c,v 1.16 2015/05/27 22:37:37 christos Exp $); #include sys/types.h #include sys/socket.h @@ -115,6 +115,9 @@ dumpkey(const struct conf *k) z = sizeof(buf); } (*lfun)(LOG_DEBUG, %s, buf); + (*lfun)(LOG_DEBUG, %s: %s, __func__, + conf_print(buf, sizeof(buf), , , k)); + } int
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Wed May 27 22:39:01 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: conf.c Log Message: Merge the uid data too, so that we don't end up with multiple entries when we don't care about the uid in the config file. In this case sshd returns either uid=root|sshd depending on how we failed, so we used to get two entries. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/external/bsd/blacklist/bin/conf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/conf.c diff -u src/external/bsd/blacklist/bin/conf.c:1.18 src/external/bsd/blacklist/bin/conf.c:1.19 --- src/external/bsd/blacklist/bin/conf.c:1.18 Tue Jan 27 19:42:15 2015 +++ src/external/bsd/blacklist/bin/conf.c Wed May 27 18:39:01 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: conf.c,v 1.18 2015/01/28 00:42:15 christos Exp $ */ +/* $NetBSD: conf.c,v 1.19 2015/05/27 22:39:01 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #endif #include sys/cdefs.h -__RCSID($NetBSD: conf.c,v 1.18 2015/01/28 00:42:15 christos Exp $); +__RCSID($NetBSD: conf.c,v 1.19 2015/05/27 22:39:01 christos Exp $); #include stdio.h #include string.h @@ -882,6 +882,7 @@ conf_apply(struct conf *c, const struct conf_print(buf, sizeof(buf), to:\t, , c)); } memcpy(c-c_name, sc-c_name, CONFNAMESZ); + c-c_uid = sc-c_uid; c-c_rmask = sc-c_rmask; c-c_nfail = sc-c_nfail; c-c_duration = sc-c_duration; @@ -908,6 +909,8 @@ conf_merge(struct conf *c, const struct if (sc-c_name[0]) memcpy(c-c_name, sc-c_name, CONFNAMESZ); + if (sc-c_uid != -2) + c-c_uid = sc-c_uid; if (sc-c_rmask != -2) c-c_lmask = c-c_rmask = sc-c_rmask; if (sc-c_nfail != -2)
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: riz Date: Thu Apr 30 06:20:43 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: blacklistctl.8 blacklistd.8 blacklistd.conf.5 Log Message: blacklistd and friends will actually be in NetBSD 7. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/external/bsd/blacklist/bin/blacklistctl.8 cvs rdiff -u -r1.10 -r1.11 src/external/bsd/blacklist/bin/blacklistd.8 cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blacklist/bin/blacklistd.conf.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistctl.8 diff -u src/external/bsd/blacklist/bin/blacklistctl.8:1.6 src/external/bsd/blacklist/bin/blacklistctl.8:1.7 --- src/external/bsd/blacklist/bin/blacklistctl.8:1.6 Wed Jan 28 16:47:00 2015 +++ src/external/bsd/blacklist/bin/blacklistctl.8 Thu Apr 30 06:20:43 2015 @@ -1,4 +1,4 @@ -.\ $NetBSD: blacklistctl.8,v 1.6 2015/01/28 16:47:00 christos Exp $ +.\ $NetBSD: blacklistctl.8,v 1.7 2015/04/30 06:20:43 riz Exp $ .\ .\ Copyright (c) 2015 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\ POSSIBILITY OF SUCH DAMAGE. .\ -.Dd January 28, 2015 +.Dd April 29, 2015 .Dt BLACKLISTCTL 8 .Os .Sh NAME @@ -76,6 +76,6 @@ it to make sure that there is only one r .Sh HISTORY .Nm appeared in -.Nx 8 . +.Nx 7 . .Sh AUTHORS .An Christos Zoulas Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.10 src/external/bsd/blacklist/bin/blacklistd.8:1.11 --- src/external/bsd/blacklist/bin/blacklistd.8:1.10 Wed Jan 28 22:30:42 2015 +++ src/external/bsd/blacklist/bin/blacklistd.8 Thu Apr 30 06:20:43 2015 @@ -1,4 +1,4 @@ -.\ $NetBSD: blacklistd.8,v 1.10 2015/01/28 22:30:42 christos Exp $ +.\ $NetBSD: blacklistd.8,v 1.11 2015/04/30 06:20:43 riz Exp $ .\ .\ Copyright (c) 2015 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\ POSSIBILITY OF SUCH DAMAGE. .\ -.Dd January 25, 2015 +.Dd April 29, 2015 .Dt BLACKLISTD 8 .Os .Sh NAME @@ -159,6 +159,6 @@ Socket to receive connection notificatio .Sh HISTORY .Nm appeared in -.Nx 8 . +.Nx 7 . .Sh AUTHORS .An Christos Zoulas Index: src/external/bsd/blacklist/bin/blacklistd.conf.5 diff -u src/external/bsd/blacklist/bin/blacklistd.conf.5:1.2 src/external/bsd/blacklist/bin/blacklistd.conf.5:1.3 --- src/external/bsd/blacklist/bin/blacklistd.conf.5:1.2 Wed Jan 28 07:32:28 2015 +++ src/external/bsd/blacklist/bin/blacklistd.conf.5 Thu Apr 30 06:20:43 2015 @@ -1,4 +1,4 @@ -.\ $NetBSD: blacklistd.conf.5,v 1.2 2015/01/28 07:32:28 wiz Exp $ +.\ $NetBSD: blacklistd.conf.5,v 1.3 2015/04/30 06:20:43 riz Exp $ .\ .\ Copyright (c) 2015 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\ POSSIBILITY OF SUCH DAMAGE. .\ -.Dd January 25, 2015 +.Dd April 29, 2015 .Dt BLACKLISTD.CONF 5 .Os .Sh NAME @@ -217,6 +217,6 @@ bnx0:ssh * * * * 3 6h .Sh HISTORY .Nm appeared in -.Nx 8 . +.Nx 7 . .Sh AUTHORS .An Christos Zoulas
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Mon Feb 2 22:01:55 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: blacklistctl.c Log Message: CID/1267866: Missing break in switch To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/external/bsd/blacklist/bin/blacklistctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistctl.c diff -u src/external/bsd/blacklist/bin/blacklistctl.c:1.16 src/external/bsd/blacklist/bin/blacklistctl.c:1.17 --- src/external/bsd/blacklist/bin/blacklistctl.c:1.16 Tue Jan 27 14:40:36 2015 +++ src/external/bsd/blacklist/bin/blacklistctl.c Mon Feb 2 17:01:55 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: blacklistctl.c,v 1.16 2015/01/27 19:40:36 christos Exp $ */ +/* $NetBSD: blacklistctl.c,v 1.17 2015/02/02 22:01:55 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #endif #include sys/cdefs.h -__RCSID($NetBSD: blacklistctl.c,v 1.16 2015/01/27 19:40:36 christos Exp $); +__RCSID($NetBSD: blacklistctl.c,v 1.17 2015/02/02 22:01:55 christos Exp $); #include stdio.h #include time.h @@ -99,6 +99,7 @@ main(int argc, char *argv[]) break; case 'n': noheader = 1; + break; case 'r': remain = 1; break;
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Wed Jan 28 22:30:42 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: blacklistd.8 blacklistd.c
Log Message:
add an option to restore rules, and run the flush command only once per
rule name.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/external/bsd/blacklist/bin/blacklistd.8
cvs rdiff -u -r1.31 -r1.32 src/external/bsd/blacklist/bin/blacklistd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistd.8
diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.9 src/external/bsd/blacklist/bin/blacklistd.8:1.10
--- src/external/bsd/blacklist/bin/blacklistd.8:1.9 Tue Jan 27 14:40:36 2015
+++ src/external/bsd/blacklist/bin/blacklistd.8 Wed Jan 28 17:30:42 2015
@@ -1,4 +1,4 @@
-.\ $NetBSD: blacklistd.8,v 1.9 2015/01/27 19:40:36 christos Exp $
+.\ $NetBSD: blacklistd.8,v 1.10 2015/01/28 22:30:42 christos Exp $
.\
.\ Copyright (c) 2015 The NetBSD Foundation, Inc.
.\ All rights reserved.
@@ -35,12 +35,12 @@
.Nd block and release ports on demand to avoid DoS abuse
.Sh SYNOPSIS
.Nm
-.Op Fl dvf
+.Op Fl dfrv
.Op Fl C Ar controlprog
.Op Fl c Ar configfile
.Op Fl D Ar dbfile
.Op Fl P Ar sockpathsfile
-.Op Fl r Ar rulename
+.Op Fl R Ar rulename
.Op Fl s Ar sockpath
.Op Fl t Ar timeout
.Sh DESCRIPTION
@@ -111,6 +111,11 @@ are deleted by invoking the control scri
.Bd -literal -offset indent
control flush rulename
.Ed
+If the
+.Fl r
+flag is specified, the firewall rules are re-read from the internal database
+and are removed and re-added.
+This helps for packet filters that don't retain state across reboots.
.Pp
.Nm
checks the list of active entries every
Index: src/external/bsd/blacklist/bin/blacklistd.c
diff -u src/external/bsd/blacklist/bin/blacklistd.c:1.31 src/external/bsd/blacklist/bin/blacklistd.c:1.32
--- src/external/bsd/blacklist/bin/blacklistd.c:1.31 Wed Jan 28 00:08:55 2015
+++ src/external/bsd/blacklist/bin/blacklistd.c Wed Jan 28 17:30:42 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.31 2015/01/28 05:08:55 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.32 2015/01/28 22:30:42 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include config.h
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: blacklistd.c,v 1.31 2015/01/28 05:08:55 christos Exp $);
+__RCSID($NetBSD: blacklistd.c,v 1.32 2015/01/28 22:30:42 christos Exp $);
#include sys/types.h
#include sys/socket.h
@@ -104,7 +104,7 @@ usage(int c)
{
if (c)
warnx(Unknown option `%c', (char)c);
- fprintf(stderr, Usage: %s [-vdf] [-c config] [-r rulename]
+ fprintf(stderr, Usage: %s [-vdfr] [-c config] [-R rulename]
[-P sockpathsfile] [-C controlprog] [-D dbfile]
[-s sockpath] [-t timeout]\n, getprogname());
exit(EXIT_FAILURE);
@@ -273,11 +273,11 @@ static void
update(void)
{
struct timespec ts;
- struct sockaddr_storage ss;
struct conf c;
struct dbinfo dbi;
unsigned int f, n;
char buf[128];
+ void *ss = c.c_ss;
if (clock_gettime(CLOCK_REALTIME, ts) == -1) {
(*lfun)(LOG_ERR, clock_gettime failed (%m));
@@ -290,21 +290,18 @@ update(void)
time_t when = c.c_duration + dbi.last;
if (debug 1) {
char b1[64], b2[64];
- sockaddr_snprintf(buf, sizeof(buf), %a:%p,
- (void *)ss);
- (*lfun)(LOG_DEBUG,
- %s:[%u] %s count=%d duration=%d last=%s
- now=%s, __func__, n, buf, dbi.count,
- c.c_duration, fmttime(b1, sizeof(b1), dbi.last),
- fmttime(b2, sizeof(b2), ts.tv_sec));
+ sockaddr_snprintf(buf, sizeof(buf), %a:%p, ss);
+ (*lfun)(LOG_DEBUG, %s:[%u] %s count=%d duration=%d
+ last=%s now=%s, __func__, n, buf, dbi.count,
+ c.c_duration, fmttime(b1, sizeof(b1), dbi.last),
+ fmttime(b2, sizeof(b2), ts.tv_sec));
}
if (c.c_duration == -1 || when = ts.tv_sec)
continue;
if (dbi.id[0]) {
run_change(rem, c, dbi.id, 0);
- sockaddr_snprintf(buf, sizeof(buf), %a, (void *)ss);
- syslog(LOG_INFO,
- released %s/%d:%d after %d seconds,
+ sockaddr_snprintf(buf, sizeof(buf), %a, ss);
+ syslog(LOG_INFO, released %s/%d:%d after %d seconds,
buf, c.c_lmask, c.c_port, c.c_duration);
}
state_del(state, c);
@@ -334,20 +331,75 @@ addfd(struct pollfd **pfdp, bl_t **blp,
*nfd += 1;
}
+static void
+uniqueadd(struct conf ***listp, size_t *nlist, size_t *mlist, struct conf *c)
+{
+ struct conf **list = *listp;
+
+ if (c-c_name[0] == '\0')
+ return;
+ for (size_t i = 0; i *nlist; i++) {
+ if (strcmp(list[i]-c_name, c-c_name) == 0)
+ return;
+ }
+ if (*nlist == *mlist) {
+ *mlist += 10;
+ void *p = realloc(*listp, *mlist * sizeof(*list));
+ if (p == NULL)
+ err(EXIT_FAILURE, Can't allocate for rule list);
+ list = *listp = p;
+ }
+ list[(*nlist)++] = c;
+}
+
+static void
+rules_flush(void)
+{
+ struct conf **list;
+ size_t nlist, mlist;
+
+ list = NULL;
+
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Wed Jan 28 16:47:00 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: blacklistctl.8 Log Message: explain why nfail maxfail in the report. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/external/bsd/blacklist/bin/blacklistctl.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistctl.8 diff -u src/external/bsd/blacklist/bin/blacklistctl.8:1.5 src/external/bsd/blacklist/bin/blacklistctl.8:1.6 --- src/external/bsd/blacklist/bin/blacklistctl.8:1.5 Sun Jan 25 23:12:46 2015 +++ src/external/bsd/blacklist/bin/blacklistctl.8 Wed Jan 28 11:47:00 2015 @@ -1,4 +1,4 @@ -.\ $NetBSD: blacklistctl.8,v 1.5 2015/01/26 04:12:46 christos Exp $ +.\ $NetBSD: blacklistctl.8,v 1.6 2015/01/28 16:47:00 christos Exp $ .\ .\ Copyright (c) 2015 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\ POSSIBILITY OF SUCH DAMAGE. .\ -.Dd January 25, 2015 +.Dd January 28, 2015 .Dt BLACKLISTCTL 8 .Os .Sh NAME @@ -61,6 +61,18 @@ flag, makes the display wide enough for .El .Sh SEE ALSO .Xr blacklistd 8 +.Sh NOTES +Sometimes the reported number of failed attempts can exceed the number +of attempts that +.Xr blacklistd 8 +is configured to block. +This can happen either because the rule has been removed manually, or +because there were more attempts in flight while the rule block was being +added. +This condition is normal; in that case +.Xr blacklistd 8 +will first attempt to remove the existing rule, and then it will re-add +it to make sure that there is only one rule active. .Sh HISTORY .Nm appeared in
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Tue Jan 27 20:16:11 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: conf.c
Log Message:
apply the mask to the resulting address correctly.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/external/bsd/blacklist/bin/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/conf.c
diff -u src/external/bsd/blacklist/bin/conf.c:1.16 src/external/bsd/blacklist/bin/conf.c:1.17
--- src/external/bsd/blacklist/bin/conf.c:1.16 Tue Jan 27 14:40:36 2015
+++ src/external/bsd/blacklist/bin/conf.c Tue Jan 27 15:16:11 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.16 2015/01/27 19:40:36 christos Exp $ */
+/* $NetBSD: conf.c,v 1.17 2015/01/27 20:16:11 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: conf.c,v 1.16 2015/01/27 19:40:36 christos Exp $);
+__RCSID($NetBSD: conf.c,v 1.17 2015/01/27 20:16:11 christos Exp $);
#include stdio.h
#include string.h
@@ -521,10 +521,10 @@ conf_amask_eq(const void *v1, const void
for (size_t i = 0; i len; i++) {
if (mask 32) {
- m = (uint32_t)~0;
+ m = htonl((uint32_t)~0);
mask -= 32;
} else if (mask) {
- m = MASK(mask);
+ m = htonl(MASK(mask));
mask = 0;
} else
return 1;
@@ -557,12 +557,13 @@ conf_apply_mask(void *v, size_t len, int
for (size_t i = 0; i len; i++) {
if (mask 32) {
- m = (uint32_t)~0;
+ m = htonl((uint32_t)~0);
mask -= 32;
} else if (mask) {
- m = MASK(mask);
+ m = htonl(MASK(mask));
mask = 0;
- }
+ } else
+ m = 0;
a[i] = m;
}
}
@@ -1099,6 +1100,8 @@ conf_find(int fd, uid_t uid, const struc
conf_addr_set(cr, rss);
/* match the remote config */
confset_match(rconf, cr, conf_merge);
+ /* to apply the mask */
+ conf_addr_set(cr, cr-c_ss);
return cr;
}
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Wed Jan 28 00:42:15 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: conf.c Log Message: one would think that I'd learn to cast htons() by now... To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/external/bsd/blacklist/bin/conf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/conf.c diff -u src/external/bsd/blacklist/bin/conf.c:1.17 src/external/bsd/blacklist/bin/conf.c:1.18 --- src/external/bsd/blacklist/bin/conf.c:1.17 Tue Jan 27 15:16:11 2015 +++ src/external/bsd/blacklist/bin/conf.c Tue Jan 27 19:42:15 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: conf.c,v 1.17 2015/01/27 20:16:11 christos Exp $ */ +/* $NetBSD: conf.c,v 1.18 2015/01/28 00:42:15 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #endif #include sys/cdefs.h -__RCSID($NetBSD: conf.c,v 1.17 2015/01/27 20:16:11 christos Exp $); +__RCSID($NetBSD: conf.c,v 1.18 2015/01/28 00:42:15 christos Exp $); #include stdio.h #include string.h @@ -608,7 +608,7 @@ conf_addr_set(struct conf *c, const stru abort(); } - *port = htons(c-c_port); + *port = htons((in_port_t)c-c_port); conf_apply_mask(addr, alen, c-c_lmask); if (c-c_lmask == -1) c-c_lmask = (int)(alen * 8);
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: wiz Date: Wed Jan 28 07:32:28 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: blacklistd.conf.5 Log Message: Sort SEE ALSO. Nit fixes. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/external/bsd/blacklist/bin/blacklistd.conf.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.conf.5 diff -u src/external/bsd/blacklist/bin/blacklistd.conf.5:1.1 src/external/bsd/blacklist/bin/blacklistd.conf.5:1.2 --- src/external/bsd/blacklist/bin/blacklistd.conf.5:1.1 Tue Jan 27 19:40:36 2015 +++ src/external/bsd/blacklist/bin/blacklistd.conf.5 Wed Jan 28 07:32:28 2015 @@ -1,4 +1,4 @@ -.\ $NetBSD: blacklistd.conf.5,v 1.1 2015/01/27 19:40:36 christos Exp $ +.\ $NetBSD: blacklistd.conf.5,v 1.2 2015/01/28 07:32:28 wiz Exp $ .\ .\ Copyright (c) 2015 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -87,7 +87,7 @@ are used to match the .Va local or .Va remote -addresses whereas, the last 3 fields +addresses, whereas the last 3 fields .Va name , .Va nfail , and @@ -100,7 +100,7 @@ as an address, mask, and port. The syntax for the .Va location is: -.Bd -literal -offset indent: +.Bd -literal -offset indent [address|interface][/mask][:port] .Ed .Pp @@ -130,8 +130,8 @@ The third field is the .Dv tcp6 , .Dv udp6 , or numeric. -The fourth file is the effective user ( -.Va owner ) +The fourth file is the effective user +.Va ( owner ) of the daemon process reporting the event, either as a username or a userid. .Pp @@ -140,7 +140,7 @@ The rest of the fields are controlling t The .Va name field, is the name of the packet filter rule to be used. -If the +If the .Va name starts with a .Dq - , @@ -212,8 +212,8 @@ bnx0:ssh * * * * 3 6h 8.8.0.0/16:ssh * * * /24 = = .Ed .Sh SEE ALSO -.Xr blacklistd 8 , -.Xr blacklistctl 8 +.Xr blacklistctl 8 , +.Xr blacklistd 8 .Sh HISTORY .Nm appeared in
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Wed Jan 28 05:08:55 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: blacklistd.c
Log Message:
Don't add a rule twice, but attempt to replace it.
To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/external/bsd/blacklist/bin/blacklistd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistd.c
diff -u src/external/bsd/blacklist/bin/blacklistd.c:1.30 src/external/bsd/blacklist/bin/blacklistd.c:1.31
--- src/external/bsd/blacklist/bin/blacklistd.c:1.30 Tue Jan 27 14:40:36 2015
+++ src/external/bsd/blacklist/bin/blacklistd.c Wed Jan 28 00:08:55 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.30 2015/01/27 19:40:36 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.31 2015/01/28 05:08:55 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include config.h
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: blacklistd.c,v 1.30 2015/01/27 19:40:36 christos Exp $);
+__RCSID($NetBSD: blacklistd.c,v 1.31 2015/01/28 05:08:55 christos Exp $);
#include sys/types.h
#include sys/socket.h
@@ -217,11 +217,16 @@ process(bl_t bl)
if (dbi.id[0]) {
/*
* We should not be getting this since the rule
- * should have blocked the address. Since a possible
+ * should have blocked the address. A possible
* explanation is that someone removed that rule,
- * we attempt to add it again, but we log an error.
+ * and another would be that we got another attempt
+ * before we added the rule. In anycase, we remove
+ * and re-add the rule because we don't want to add
+ * it twice, because then we'd lose track of it.
*/
- (*lfun)(LOG_ERR, rule exists %s, dbi.id);
+ (*lfun)(LOG_DEBUG, rule exists %s, dbi.id);
+ (void)run_change(rem, c, dbi.id, 0);
+ dbi.id[0] = '\0';
}
if (c.c_nfail != -1 dbi.count = c.c_nfail) {
int res = run_change(add, c, dbi.id, sizeof(dbi.id));
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Sun Jan 25 22:59:40 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: blacklistd.8 Log Message: sync rem control script api To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/external/bsd/blacklist/bin/blacklistd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.6 src/external/bsd/blacklist/bin/blacklistd.8:1.7 --- src/external/bsd/blacklist/bin/blacklistd.8:1.6 Sun Jan 25 15:59:39 2015 +++ src/external/bsd/blacklist/bin/blacklistd.8 Sun Jan 25 17:59:40 2015 @@ -1,4 +1,4 @@ -.\ $NetBSD: blacklistd.8,v 1.6 2015/01/25 20:59:39 christos Exp $ +.\ $NetBSD: blacklistd.8,v 1.7 2015/01/25 22:59:40 christos Exp $ .\ .\ Copyright (c) 2015 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\ POSSIBILITY OF SUCH DAMAGE. .\ -.Dd January 24, 2015 +.Dd January 25, 2015 .Dt BLACKLISTD 8 .Os .Sh NAME @@ -78,14 +78,16 @@ The .Ar rulename argument can be set from the command line (default .Dv blacklistd ). -The script should print a numerical id to stdout as a handle for -the rule that can be used later to remove that connection. +The script could print a numerical id to stdout as a handle for +the rule that can be used later to remove that connection, but +that is not required as all information to remove the rule is +kept. .Pp If the action is .Dq remove Then the same control script is invoked as: .Bd -literal -offset indent -control rem rulename id +control rem rulename proto port address id .Ed .Pp where
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: wiz Date: Sun Jan 25 23:07:16 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: blacklistctl.8 blacklistd.8 Log Message: Minor cleanups. XXX: blacklistd.conf.5 should be a separate man page, or the Xr to it in blacklistd(8) should be removed. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blacklist/bin/blacklistctl.8 cvs rdiff -u -r1.7 -r1.8 src/external/bsd/blacklist/bin/blacklistd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistctl.8 diff -u src/external/bsd/blacklist/bin/blacklistctl.8:1.2 src/external/bsd/blacklist/bin/blacklistctl.8:1.3 --- src/external/bsd/blacklist/bin/blacklistctl.8:1.2 Sat Jan 24 18:34:05 2015 +++ src/external/bsd/blacklist/bin/blacklistctl.8 Sun Jan 25 23:07:16 2015 @@ -1,5 +1,5 @@ -.\ $NetBSD: blacklistctl.8,v 1.2 2015/01/24 18:34:05 christos Exp $ -.\ +.\ $NetBSD: blacklistctl.8,v 1.3 2015/01/25 23:07:16 wiz Exp $ +.\ .\ Copyright (c) 2015 The NetBSD Foundation, Inc. .\ All rights reserved. .\ @@ -26,7 +26,7 @@ .\ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\ POSSIBILITY OF SUCH DAMAGE. -.\ +.\ .Dd January 24, 2015 .Dt BLACKLISTCTL 8 .Os @@ -35,8 +35,8 @@ .Nd display and change the state of blacklistd .Sh SYNOPSIS .Nm -dump -.Op Fl abdr +.Cm dump +.Op Fl abdr .Sh DESCRIPTION .Nm is a program used to display the state of @@ -58,6 +58,6 @@ Show the remaining blocked time instead .Sh HISTORY .Nm appeared in -.Nx 8 +.Nx 8 . .Sh AUTHORS .An Christos Zoulas Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.7 src/external/bsd/blacklist/bin/blacklistd.8:1.8 --- src/external/bsd/blacklist/bin/blacklistd.8:1.7 Sun Jan 25 22:59:40 2015 +++ src/external/bsd/blacklist/bin/blacklistd.8 Sun Jan 25 23:07:16 2015 @@ -1,5 +1,5 @@ -.\ $NetBSD: blacklistd.8,v 1.7 2015/01/25 22:59:40 christos Exp $ -.\ +.\ $NetBSD: blacklistd.8,v 1.8 2015/01/25 23:07:16 wiz Exp $ +.\ .\ Copyright (c) 2015 The NetBSD Foundation, Inc. .\ All rights reserved. .\ @@ -26,7 +26,7 @@ .\ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\ POSSIBILITY OF SUCH DAMAGE. -.\ +.\ .Dd January 25, 2015 .Dt BLACKLISTD 8 .Os @@ -37,8 +37,8 @@ .Sh SYNOPSIS .Nm .Op Fl dvf -.Op Fl c Ar configfile .Op Fl C Ar controlprog +.Op Fl c Ar configfile .Op Fl D Ar dbfile .Op Fl r Ar rulename .Op Fl P Ar sockpathsfile @@ -47,13 +47,13 @@ .Nm is a daemon similar to .Xr syslogd 8 -that listens to a sockets at paths specified in the +that listens to a sockets at paths specified in the .Ar sockpathsfile for notifications from other daemons about successful or failed connection attempts. If no such file is specified, then it only listens to the default socket .Pa /var/run/blsock . -Each notification contains a (action, port, protocol, address, owner) tuple +Each notification contains an (action, port, protocol, address, owner) tuple that identifies the remote connection and the action. This tuple is consulted against entries in .Ar configfile @@ -76,8 +76,8 @@ and should invoke a packet filter comman specified by the arguments. The .Ar rulename -argument can be set from the command line (default -.Dv blacklistd ). +argument can be set from the command line (default +.Dv blacklistd ) . The script could print a numerical id to stdout as a handle for the rule that can be used later to remove that connection, but that is not required as all information to remove the rule is @@ -90,7 +90,7 @@ Then the same control script is invoked control rem rulename proto port address id .Ed .Pp -where +where .Ar id is the number returned from the .Dq add @@ -117,15 +117,15 @@ seconds (default and removes entries and block rules using the control program as necessary. .Pp The configuration file contains one tuple per line, and is similar to -.Xr inetd.conf . +.Xr inetd.conf 5 . There must be an entry for each field of the configuration file, with entries for each field separated by a tab or a space. Comments are denoted by a .Dq # at the beginning of a line. There must be an entry for each field; entries can be numeric or symbolic, -where appropriate ( -.Dv service , +where appropriate +.Dv ( service , .Dv user ) and can be .Dq * @@ -148,13 +148,13 @@ disassociates itself from the terminal a unless the .Fl d flag is specified, in which case it stays in the foreground. -The +The .Fl v cases .Nm to print diagnostic messages to -.Dv stdout +.Dv stdout instead of .Xr syslogd 8 . .Sh FILES @@ -170,11 +170,12 @@ Socket to receive connection notificatio .El .Sh SEE ALSO .Xr blacklistd.conf 5 ,
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Sun Jan 25 23:15:56 UTC 2015 Removed Files: src/external/bsd/blacklist/bin: blacklist.h Log Message: this has been moved. To generate a diff of this commit: cvs rdiff -u -r1.3 -r0 src/external/bsd/blacklist/bin/blacklist.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Mon Jan 26 04:12:46 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: blacklistctl.8 Log Message: merge conflict To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/external/bsd/blacklist/bin/blacklistctl.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/blacklistctl.8 diff -u src/external/bsd/blacklist/bin/blacklistctl.8:1.4 src/external/bsd/blacklist/bin/blacklistctl.8:1.5 --- src/external/bsd/blacklist/bin/blacklistctl.8:1.4 Sun Jan 25 21:31:52 2015 +++ src/external/bsd/blacklist/bin/blacklistctl.8 Sun Jan 25 23:12:46 2015 @@ -1,4 +1,4 @@ -.\ $NetBSD: blacklistctl.8,v 1.4 2015/01/26 02:31:52 christos Exp $ +.\ $NetBSD: blacklistctl.8,v 1.5 2015/01/26 04:12:46 christos Exp $ .\ .\ Copyright (c) 2015 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -35,13 +35,8 @@ .Nd display and change the state of blacklistd .Sh SYNOPSIS .Nm - blacklistctl.8 -dump -.Op Fl abdnrw -=== .Cm dump -.Op Fl abdr - 1.3 +.Op Fl abdnrw .Sh DESCRIPTION .Nm is a program used to display the state of
CVS commit: src/external/bsd/blacklist/bin
Module Name:src Committed By: christos Date: Sun Jan 25 22:22:54 UTC 2015 Modified Files: src/external/bsd/blacklist/bin: support.h Log Message: mark log function as printflike To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/external/bsd/blacklist/bin/support.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/bin/support.h diff -u src/external/bsd/blacklist/bin/support.h:1.4 src/external/bsd/blacklist/bin/support.h:1.5 --- src/external/bsd/blacklist/bin/support.h:1.4 Sat Jan 24 01:05:08 2015 +++ src/external/bsd/blacklist/bin/support.h Sun Jan 25 17:22:54 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: support.h,v 1.4 2015/01/24 06:05:08 christos Exp $ */ +/* $NetBSD: support.h,v 1.5 2015/01/25 22:22:54 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -34,8 +34,10 @@ __BEGIN_DECLS const char *fmttime(char *, size_t, time_t); const char *fmtydhms(char *, size_t, time_t); -void vdlog(int, const char *, va_list); -void dlog(int, const char *, ...); +void vdlog(int, const char *, va_list) +__attribute__((__format__(__printf__, 2, 0))); +void dlog(int, const char *, ...) +__attribute__((__format__(__printf__, 2, 3))); __END_DECLS #endif /* _SUPPORT_H */
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Sun Jan 25 20:50:30 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: state.c
Log Message:
fix gcc warning.
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/external/bsd/blacklist/bin/state.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/state.c
diff -u src/external/bsd/blacklist/bin/state.c:1.13 src/external/bsd/blacklist/bin/state.c:1.14
--- src/external/bsd/blacklist/bin/state.c:1.13 Sat Jan 24 02:46:20 2015
+++ src/external/bsd/blacklist/bin/state.c Sun Jan 25 15:50:30 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: state.c,v 1.13 2015/01/24 07:46:20 christos Exp $ */
+/* $NetBSD: state.c,v 1.14 2015/01/25 20:50:30 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: state.c,v 1.13 2015/01/24 07:46:20 christos Exp $);
+__RCSID($NetBSD: state.c,v 1.14 2015/01/25 20:50:30 christos Exp $);
#include sys/types.h
#include sys/socket.h
@@ -116,15 +116,18 @@ static void
makekey(struct dbkey *k, const struct sockaddr_storage *ss,
const struct conf *c)
{
+ in_port_t port;
+
memset(k, 0, sizeof(*k));
+ port = htons((in_port_t)c-c_port);
k-c = *c;
k-ss = *ss;
switch (k-ss.ss_family) {
case AF_INET6:
- ((struct sockaddr_in6 *)k-ss)-sin6_port = htons(c-c_port);
+ ((struct sockaddr_in6 *)k-ss)-sin6_port = port;
break;
case AF_INET:
- ((struct sockaddr_in *)k-ss)-sin_port = htons(c-c_port);
+ ((struct sockaddr_in *)k-ss)-sin_port = port;
break;
default:
(*lfun)(LOG_ERR, %s: bad family %d, __func__,
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Sun Jan 25 20:59:39 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: blacklistd.8 blacklistd.c conf.c
internal.c internal.h
Log Message:
Handle interfaces in configuration files, requested by kardel@
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/external/bsd/blacklist/bin/blacklistd.8
cvs rdiff -u -r1.28 -r1.29 src/external/bsd/blacklist/bin/blacklistd.c
cvs rdiff -u -r1.13 -r1.14 src/external/bsd/blacklist/bin/conf.c
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/blacklist/bin/internal.c
cvs rdiff -u -r1.10 -r1.11 src/external/bsd/blacklist/bin/internal.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistd.8
diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.5 src/external/bsd/blacklist/bin/blacklistd.8:1.6
--- src/external/bsd/blacklist/bin/blacklistd.8:1.5 Sat Jan 24 13:34:05 2015
+++ src/external/bsd/blacklist/bin/blacklistd.8 Sun Jan 25 15:59:39 2015
@@ -1,4 +1,4 @@
-.\ $NetBSD: blacklistd.8,v 1.5 2015/01/24 18:34:05 christos Exp $
+.\ $NetBSD: blacklistd.8,v 1.6 2015/01/25 20:59:39 christos Exp $
.\
.\ Copyright (c) 2015 The NetBSD Foundation, Inc.
.\ All rights reserved.
@@ -130,7 +130,7 @@ and can be
for all fields.
The fields of the configuration file are as follows:
.Bd -literal -offset indent
-[address:]service
+[address|interface:]service
socket-type
protocol
user
Index: src/external/bsd/blacklist/bin/blacklistd.c
diff -u src/external/bsd/blacklist/bin/blacklistd.c:1.28 src/external/bsd/blacklist/bin/blacklistd.c:1.29
--- src/external/bsd/blacklist/bin/blacklistd.c:1.28 Sat Jan 24 02:46:20 2015
+++ src/external/bsd/blacklist/bin/blacklistd.c Sun Jan 25 15:59:39 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.28 2015/01/24 07:46:20 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.29 2015/01/25 20:59:39 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include config.h
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: blacklistd.c,v 1.28 2015/01/24 07:46:20 christos Exp $);
+__RCSID($NetBSD: blacklistd.c,v 1.29 2015/01/25 20:59:39 christos Exp $);
#include sys/types.h
#include sys/socket.h
@@ -58,6 +58,7 @@ __RCSID($NetBSD: blacklistd.c,v 1.28 20
#include stdlib.h
#include unistd.h
#include time.h
+#include ifaddrs.h
#include netinet/in.h
#include bl.h
@@ -101,7 +102,8 @@ sigdone(int n __unused)
static __dead void
usage(int c)
{
- warnx(Unknown option `%c', (char)c);
+ if (c)
+ warnx(Unknown option `%c', (char)c);
fprintf(stderr, Usage: %s [-vdf] [-c config] [-r rulename]
[-P sockpathsfile] [-C controlprog] [-D dbfile]
[-t timeout]\n, getprogname());
@@ -249,6 +251,21 @@ out:
}
static void
+update_interfaces(void)
+{
+ struct ifaddrs *oifas, *nifas;
+
+ if (getifaddrs(nifas) == -1)
+ return;
+
+ oifas = ifas;
+ ifas = nifas;
+
+ if (oifas)
+ freeifaddrs(oifas);
+}
+
+static void
update(void)
{
struct timespec ts;
@@ -359,6 +376,10 @@ main(int argc, char *argv[])
}
}
+ argc -= optind;
+ if (argc)
+ usage(0);
+
signal(SIGHUP, sighup);
signal(SIGINT, sigdone);
signal(SIGQUIT, sigdone);
@@ -377,6 +398,7 @@ main(int argc, char *argv[])
tout = 15000;
}
+ update_interfaces();
conf_parse(configfile);
if (reset) {
for (size_t i = 0; i nconf; i++)
@@ -436,6 +458,8 @@ main(int argc, char *argv[])
}
if (t % 100 == 0)
state_sync(state);
+ if (t % 1 == 0)
+ update_interfaces();
update();
}
state_close(state);
Index: src/external/bsd/blacklist/bin/conf.c
diff -u src/external/bsd/blacklist/bin/conf.c:1.13 src/external/bsd/blacklist/bin/conf.c:1.14
--- src/external/bsd/blacklist/bin/conf.c:1.13 Thu Jan 22 11:19:53 2015
+++ src/external/bsd/blacklist/bin/conf.c Sun Jan 25 15:59:39 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.13 2015/01/22 16:19:53 christos Exp $ */
+/* $NetBSD: conf.c,v 1.14 2015/01/25 20:59:39 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: conf.c,v 1.13 2015/01/22 16:19:53 christos Exp $);
+__RCSID($NetBSD: conf.c,v 1.14 2015/01/25 20:59:39 christos Exp $);
#include stdio.h
#include string.h
@@ -48,14 +48,29 @@ __RCSID($NetBSD: conf.c,v 1.13 2015/01/
#endif
#include stdlib.h
#include limits.h
+#include ifaddrs.h
#include arpa/inet.h
#include netinet/in.h
+#include net/if.h
#include sys/socket.h
#include bl.h
#include internal.h
#include conf.h
+
+struct sockaddr_if {
+uint8_t sif_len;
+ sa_family_t sif_family;
+ in_port_t sif_port;
+ char sif_name[16];
+};
+
+#define SIF_NAME(a) \
+((const struct sockaddr_if *)(const void *)(a))-sif_name
+
+static int conf_is_interface(const char *);
+
static void
advance(char **p)
{
@@ -164,34 +179,45 @@ gethostport(const char *f,
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Sun Jan 25 21:06:04 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: conf.c
Log Message:
whitespace
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/external/bsd/blacklist/bin/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/conf.c
diff -u src/external/bsd/blacklist/bin/conf.c:1.14 src/external/bsd/blacklist/bin/conf.c:1.15
--- src/external/bsd/blacklist/bin/conf.c:1.14 Sun Jan 25 15:59:39 2015
+++ src/external/bsd/blacklist/bin/conf.c Sun Jan 25 16:06:04 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.14 2015/01/25 20:59:39 christos Exp $ */
+/* $NetBSD: conf.c,v 1.15 2015/01/25 21:06:04 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: conf.c,v 1.14 2015/01/25 20:59:39 christos Exp $);
+__RCSID($NetBSD: conf.c,v 1.15 2015/01/25 21:06:04 christos Exp $);
#include stdio.h
#include string.h
@@ -60,9 +60,9 @@ __RCSID($NetBSD: conf.c,v 1.14 2015/01/
struct sockaddr_if {
-uint8_t sif_len;
- sa_family_t sif_family;
- in_port_t sif_port;
+ uint8_t sif_len;
+ sa_family_t sif_family;
+ in_port_t sif_port;
char sif_name[16];
};
CVS commit: src/external/bsd/blacklist/bin
Module Name:src
Committed By: christos
Date: Mon Jan 26 02:31:52 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: blacklistctl.8 blacklistctl.c
Log Message:
prettier display
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/blacklist/bin/blacklistctl.8
cvs rdiff -u -r1.14 -r1.15 src/external/bsd/blacklist/bin/blacklistctl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistctl.8
diff -u src/external/bsd/blacklist/bin/blacklistctl.8:1.3 src/external/bsd/blacklist/bin/blacklistctl.8:1.4
--- src/external/bsd/blacklist/bin/blacklistctl.8:1.3 Sun Jan 25 18:07:16 2015
+++ src/external/bsd/blacklist/bin/blacklistctl.8 Sun Jan 25 21:31:52 2015
@@ -1,4 +1,4 @@
-.\ $NetBSD: blacklistctl.8,v 1.3 2015/01/25 23:07:16 wiz Exp $
+.\ $NetBSD: blacklistctl.8,v 1.4 2015/01/26 02:31:52 christos Exp $
.\
.\ Copyright (c) 2015 The NetBSD Foundation, Inc.
.\ All rights reserved.
@@ -27,7 +27,7 @@
.\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\ POSSIBILITY OF SUCH DAMAGE.
.\
-.Dd January 24, 2015
+.Dd January 25, 2015
.Dt BLACKLISTCTL 8
.Os
.Sh NAME
@@ -35,8 +35,13 @@
.Nd display and change the state of blacklistd
.Sh SYNOPSIS
.Nm
+ blacklistctl.8
+dump
+.Op Fl abdnrw
+===
.Cm dump
.Op Fl abdr
+ 1.3
.Sh DESCRIPTION
.Nm
is a program used to display the state of
@@ -50,8 +55,14 @@ Show all database entries, by default it
Show only the blocked entries.
.It Fl d
Increase debugging level.
+.It Fl n
+Don't display a header.
.It Fl r
Show the remaining blocked time instead of the last activity time.
+.It Fl w
+Normally the width of addresses is good for IPv4, the
+.Fl w
+flag, makes the display wide enough for IPv6 addresses.
.El
.Sh SEE ALSO
.Xr blacklistd 8
Index: src/external/bsd/blacklist/bin/blacklistctl.c
diff -u src/external/bsd/blacklist/bin/blacklistctl.c:1.14 src/external/bsd/blacklist/bin/blacklistctl.c:1.15
--- src/external/bsd/blacklist/bin/blacklistctl.c:1.14 Sat Jan 24 10:33:03 2015
+++ src/external/bsd/blacklist/bin/blacklistctl.c Sun Jan 25 21:31:52 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistctl.c,v 1.14 2015/01/24 15:33:03 christos Exp $ */
+/* $NetBSD: blacklistctl.c,v 1.15 2015/01/26 02:31:52 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include sys/cdefs.h
-__RCSID($NetBSD: blacklistctl.c,v 1.14 2015/01/24 15:33:03 christos Exp $);
+__RCSID($NetBSD: blacklistctl.c,v 1.15 2015/01/26 02:31:52 christos Exp $);
#include stdio.h
#include time.h
@@ -60,7 +60,7 @@ usage(int c)
warnx(Missing/unknown command);
else
warnx(Unknown option `%c', (char)c);
- fprintf(stderr, Usage: %s dump [-abdr]\n, getprogname());
+ fprintf(stderr, Usage: %s dump [-abdnrw]\n, getprogname());
exit(EXIT_FAILURE);
}
@@ -74,10 +74,10 @@ main(int argc, char *argv[])
struct dbinfo dbi;
unsigned int i;
struct timespec ts;
- int all, blocked, remain;
+ int all, blocked, remain, wide, noheader;
int o;
- blocked = all = remain = 0;
+ noheader = wide = blocked = all = remain = 0;
lfun = dlog;
if (argc == 1 || strcmp(argv[1], dump) != 0)
@@ -86,7 +86,7 @@ main(int argc, char *argv[])
argc--;
argv++;
- while ((o = getopt(argc, argv, abdr)) != -1)
+ while ((o = getopt(argc, argv, abdrw)) != -1)
switch (o) {
case 'a':
all = 1;
@@ -98,9 +98,14 @@ main(int argc, char *argv[])
case 'd':
debug++;
break;
+ case 'n':
+ noheader = 1;
case 'r':
remain = 1;
break;
+ case 'w':
+ wide = 1;
+ break;
default:
usage(o);
break;
@@ -111,6 +116,10 @@ main(int argc, char *argv[])
err(EXIT_FAILURE, Can't open `%s', dbname);
clock_gettime(CLOCK_REALTIME, ts);
+ wide = wide ? 8 * 4 + 7 : 4 * 3 + 3;
+ if (!noheader)
+ printf(%*.*s:port\tid\tnfail\t%s\n, wide, wide,
+ address, remain ? remaining time : last access);
for (i = 1; state_iterate(db, ss, c, dbi, i) != 0; i = 0) {
char buf[BUFSIZ];
if (!all) {
@@ -123,7 +132,7 @@ main(int argc, char *argv[])
}
}
sockaddr_snprintf(buf, sizeof(buf), %a, (void *)ss);
- printf(%15.15s:%d\t, buf, c.c_port);
+ printf(%*.*s:%d\t, wide, wide, buf, c.c_port);
if (remain)
fmtydhms(buf, sizeof(buf),
c.c_duration - (ts.tv_sec - dbi.last));
