CVS commit: src/external/bsd/blocklist/bin
Module Name:src
Committed By: christos
Date: Fri Feb 9 15:15:32 UTC 2024
Modified Files:
src/external/bsd/blocklist/bin: conf.c
Log Message:
PR/57905: Mark Davies: handle empty string.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/external/bsd/blocklist/bin/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/bin/conf.c
diff -u src/external/bsd/blocklist/bin/conf.c:1.5 src/external/bsd/blocklist/bin/conf.c:1.6
--- src/external/bsd/blocklist/bin/conf.c:1.5 Thu Feb 8 19:39:16 2024
+++ src/external/bsd/blocklist/bin/conf.c Fri Feb 9 10:15:32 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.5 2024/02/09 00:39:16 christos Exp $ */
+/* $NetBSD: conf.c,v 1.6 2024/02/09 15:15:32 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: conf.c,v 1.5 2024/02/09 00:39:16 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.6 2024/02/09 15:15:32 christos Exp $");
#include
#ifdef HAVE_LIBUTIL_H
@@ -269,6 +269,8 @@ conf_gethostport(const char *f, size_t l
#endif
port = >sin6_port;
}
+ if (!*pstr)
+ pstr = "*";
} else if (pstr != p || strchr(p, '.') || conf_is_interface(p)) {
if (pstr == p)
pstr = "*";
CVS commit: src/external/bsd/blocklist/bin
Module Name:src Committed By: christos Date: Fri Feb 9 15:15:32 UTC 2024 Modified Files: src/external/bsd/blocklist/bin: conf.c Log Message: PR/57905: Mark Davies: handle empty string. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/external/bsd/blocklist/bin/conf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/etc
Module Name:src Committed By: wiz Date: Fri Feb 9 01:00:12 UTC 2024 Modified Files: src/external/bsd/blocklist/etc: blocklistd.conf Log Message: add an IPv6 example to blocklistd.conf example file To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blocklist/etc/blocklistd.conf Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blocklist/etc/blocklistd.conf diff -u src/external/bsd/blocklist/etc/blocklistd.conf:1.2 src/external/bsd/blocklist/etc/blocklistd.conf:1.3 --- src/external/bsd/blocklist/etc/blocklistd.conf:1.2 Mon Jun 15 21:27:57 2020 +++ src/external/bsd/blocklist/etc/blocklistd.conf Fri Feb 9 01:00:12 2024 @@ -10,5 +10,6 @@ domain * * named * 3 12h # adr/mask:port type proto owner name nfail disable [remote] #129.168.0.0/16 * * * = * * +#[2001:db8::]/32:ssh * * * = * * #6161 = = = =/24 = = #* stream tcp * = = =
CVS commit: src/external/bsd/blocklist/etc
Module Name:src Committed By: wiz Date: Fri Feb 9 01:00:12 UTC 2024 Modified Files: src/external/bsd/blocklist/etc: blocklistd.conf Log Message: add an IPv6 example to blocklistd.conf example file To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blocklist/etc/blocklistd.conf Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/bin
Module Name:src Committed By: wiz Date: Fri Feb 9 00:59:08 UTC 2024 Modified Files: src/external/bsd/blocklist/bin: blocklistd.conf.5 Log Message: add an IPv6 example to blocklistd.conf(5) To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blocklist/bin/blocklistd.conf.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blocklist/bin/blocklistd.conf.5 diff -u src/external/bsd/blocklist/bin/blocklistd.conf.5:1.2 src/external/bsd/blocklist/bin/blocklistd.conf.5:1.3 --- src/external/bsd/blocklist/bin/blocklistd.conf.5:1.2 Mon Jun 15 02:29:44 2020 +++ src/external/bsd/blocklist/bin/blocklistd.conf.5 Fri Feb 9 00:59:08 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: blocklistd.conf.5,v 1.2 2020/06/15 02:29:44 christos Exp $ +.\" $NetBSD: blocklistd.conf.5,v 1.3 2024/02/09 00:59:08 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd May 18, 2020 +.Dd February 9, 2024 .Dt BLOCKLISTD.CONF 5 .Os .Sh NAME @@ -209,6 +209,8 @@ bnx0:ssh * * * * 3 6h [remote] # Never block 1.2.3.4 1.2.3.4:ssh * * * * * * +# Never block the example IPv6 subnet either +[2001:db8::]/32:ssh * * * * * * # For addresses coming from 8.8.0.0/16 block class C networks instead # individual hosts, but keep the rest of the blocking parameters the same. 8.8.0.0/16:ssh * * * /24 = =
CVS commit: src/external/bsd/blocklist/bin
Module Name:src Committed By: wiz Date: Fri Feb 9 00:59:08 UTC 2024 Modified Files: src/external/bsd/blocklist/bin: blocklistd.conf.5 Log Message: add an IPv6 example to blocklistd.conf(5) To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blocklist/bin/blocklistd.conf.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist
Module Name:src
Committed By: wiz
Date: Fri Feb 9 00:53:30 UTC 2024
Modified Files:
src/external/bsd/blocklist: README
Log Message:
Spelling fixes
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blocklist/README
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/README
diff -u src/external/bsd/blocklist/README:1.2 src/external/bsd/blocklist/README:1.3
--- src/external/bsd/blocklist/README:1.2 Mon Jun 15 21:27:57 2020
+++ src/external/bsd/blocklist/README Fri Feb 9 00:53:30 2024
@@ -1,4 +1,4 @@
-# $NetBSD: README,v 1.2 2020/06/15 21:27:57 christos Exp $
+# $NetBSD: README,v 1.3 2024/02/09 00:53:30 wiz Exp $
This package contains library that can be used by network daemons to
communicate with a packet filter via a daemon to enforce opening and
@@ -15,7 +15,7 @@ blocklistd=YES in /etc/rc.conf, start it
There is also a startup file in etc/rc.d/blocklistd
-Patches to various daemons to add blocklisting capabilitiers are in the
+Patches to various daemons to add blocklisting capabilities are in the
"diff" directory:
- OpenSSH: diff/ssh.diff [tcp socket example]
- Bind: diff/named.diff [both tcp and udp]
@@ -24,7 +24,7 @@ Patches to various daemons to add blockl
These patches have been applied to NetBSD-current.
The network daemon (for example sshd) communicates to blocklistd, via
-a unix socket like syslog. The library calls are simple and everything
+a Unix socket like syslog. The library calls are simple and everything
is handled by the library. In the simplest form the only thing the
daemon needs to do is to call:
@@ -60,11 +60,11 @@ ssh stream tcp6 * * 6 60m
http stream tcp * * 6 60m
Here note that owner is * because the connection is done from the
-child ssh socket which runs with user privs. We treat ipv4 connections
+child ssh socket which runs with user privs. We treat IPv4 connections
differently by maintaining two different rules one for the external
interface and one from the internal We also register for both tcp
and tcp6 since those are different listening sockets and addresses;
-we don't bother with ipv6 and separate rules. We use nfail = 6,
+we don't bother with IPv6 and separate rules. We use nfail = 6,
because ssh allows 3 password attempts per connection, and this
will let us have 2 connections before blocking. Finally we block
for an hour; we could block forever too by specifying * in the
@@ -100,7 +100,7 @@ group "internal" on $int_if {
You can use 'blocklistctl dump -a' to list all the current entries
in the database; the ones that have nfail / where urrent
->= otal, should have an id assosiated with them; this means that
+>= otal, should have an id associated with them; this means that
there is a packet filter rule added for that entry. For npf, you
can examine the packet filter dynamic rule entries using 'npfctl
rule list'. The number of current entries can exceed
CVS commit: src/external/bsd/blocklist
Module Name:src Committed By: wiz Date: Fri Feb 9 00:53:30 UTC 2024 Modified Files: src/external/bsd/blocklist: README Log Message: Spelling fixes To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blocklist/README Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/bin
Module Name:src
Committed By: christos
Date: Fri Feb 9 00:39:16 UTC 2024
Modified Files:
src/external/bsd/blocklist/bin: conf.c
Log Message:
fix typo
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/blocklist/bin/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/bin/conf.c
diff -u src/external/bsd/blocklist/bin/conf.c:1.4 src/external/bsd/blocklist/bin/conf.c:1.5
--- src/external/bsd/blocklist/bin/conf.c:1.4 Thu Feb 8 19:37:06 2024
+++ src/external/bsd/blocklist/bin/conf.c Thu Feb 8 19:39:16 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.4 2024/02/09 00:37:06 christos Exp $ */
+/* $NetBSD: conf.c,v 1.5 2024/02/09 00:39:16 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: conf.c,v 1.4 2024/02/09 00:37:06 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.5 2024/02/09 00:39:16 christos Exp $");
#include
#ifdef HAVE_LIBUTIL_H
@@ -308,7 +308,7 @@ conf_gethostport(const char *f, size_t l
return -1;
if (port && c->c_port != FSTAR && c->c_port != FEQUAL)
- *port = htons((in_port_t)c->c_port)
+ *port = htons((in_port_t)c->c_port);
return 0;
out:
(*lfun)(LOG_ERR, "%s: %s, %zu: Bad address [%s]", __func__, f, l, p);
CVS commit: src/external/bsd/blocklist/bin
Module Name:src Committed By: christos Date: Fri Feb 9 00:39:16 UTC 2024 Modified Files: src/external/bsd/blocklist/bin: conf.c Log Message: fix typo To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/external/bsd/blocklist/bin/conf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/bin
Module Name:src
Committed By: christos
Date: Fri Feb 9 00:37:06 UTC 2024
Modified Files:
src/external/bsd/blocklist/bin: conf.c
Log Message:
PR/57905: Mark Davies: blocklistd fails to parse ipv6 addresses.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/blocklist/bin/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/bin/conf.c
diff -u src/external/bsd/blocklist/bin/conf.c:1.3 src/external/bsd/blocklist/bin/conf.c:1.4
--- src/external/bsd/blocklist/bin/conf.c:1.3 Fri Nov 18 11:01:00 2022
+++ src/external/bsd/blocklist/bin/conf.c Thu Feb 8 19:37:06 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.3 2022/11/18 16:01:00 christos Exp $ */
+/* $NetBSD: conf.c,v 1.4 2024/02/09 00:37:06 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: conf.c,v 1.3 2022/11/18 16:01:00 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.4 2024/02/09 00:37:06 christos Exp $");
#include
#ifdef HAVE_LIBUTIL_H
@@ -261,7 +261,7 @@ conf_gethostport(const char *f, size_t l
if (debug)
(*lfun)(LOG_DEBUG, "%s: host6 %s", __func__, p);
if (strcmp(p, "*") != 0) {
- if (inet_pton(AF_INET6, p, >sin6_addr) == -1)
+ if (inet_pton(AF_INET6, p, >sin6_addr) != 1)
goto out;
sin6->sin6_family = AF_INET6;
#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
@@ -308,10 +308,10 @@ conf_gethostport(const char *f, size_t l
return -1;
if (port && c->c_port != FSTAR && c->c_port != FEQUAL)
- *port = htons((in_port_t)c->c_port);
+ *port = htons((in_port_t)c->c_port)
return 0;
out:
- (*lfun)(LOG_ERR, "%s: %s, %zu: Bad address [%s]", __func__, f, l, pstr);
+ (*lfun)(LOG_ERR, "%s: %s, %zu: Bad address [%s]", __func__, f, l, p);
return -1;
out1:
(*lfun)(LOG_ERR, "%s: %s, %zu: Can't specify mask %d with "
@@ -1172,7 +1172,7 @@ conf_parse(const char *f)
return;
}
- lineno = 1;
+ lineno = 0;
confset_init();
confset_init();
CVS commit: src/external/bsd/blocklist/bin
Module Name:src Committed By: christos Date: Fri Feb 9 00:37:06 UTC 2024 Modified Files: src/external/bsd/blocklist/bin: conf.c Log Message: PR/57905: Mark Davies: blocklistd fails to parse ipv6 addresses. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/external/bsd/blocklist/bin/conf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/bin
Module Name:src
Committed By: christos
Date: Sat Dec 23 21:53:54 UTC 2023
Modified Files:
src/external/bsd/blocklist/bin: blocklistd.c
Log Message:
PR/57767: Yoshitaka Tokugawa: When restoring, do so from a readonly copy
of the database and update the read-write copy with the new firewall ids.
Before we did not update the state file so it contained the old firewall ids.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/blocklist/bin/blocklistd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/bin/blocklistd.c
diff -u src/external/bsd/blocklist/bin/blocklistd.c:1.3 src/external/bsd/blocklist/bin/blocklistd.c:1.4
--- src/external/bsd/blocklist/bin/blocklistd.c:1.3 Wed Oct 12 14:36:02 2022
+++ src/external/bsd/blocklist/bin/blocklistd.c Sat Dec 23 16:53:54 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: blocklistd.c,v 1.3 2022/10/12 18:36:02 christos Exp $ */
+/* $NetBSD: blocklistd.c,v 1.4 2023/12/23 21:53:54 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include "config.h"
#endif
#include
-__RCSID("$NetBSD: blocklistd.c,v 1.3 2022/10/12 18:36:02 christos Exp $");
+__RCSID("$NetBSD: blocklistd.c,v 1.4 2023/12/23 21:53:54 christos Exp $");
#include
#include
@@ -395,15 +395,25 @@ rules_flush(void)
static void
rules_restore(void)
{
+ DB *db;
struct conf c;
struct dbinfo dbi;
unsigned int f;
- for (f = 1; state_iterate(state, , , f) == 1; f = 0) {
+ db = state_open(dbfile, O_RDONLY, 0);
+ if (db == NULL) {
+ (*lfun)(LOG_ERR, "Can't open `%s' to restore state (%m)",
+ dbfile);
+ return;
+ }
+ for (f = 1; state_iterate(db, , , f) == 1; f = 0) {
if (dbi.id[0] == '\0')
continue;
(void)run_change("add", , dbi.id, sizeof(dbi.id));
+ state_put(state, , );
}
+ state_close(db);
+ state_sync(state);
}
int
CVS commit: src/external/bsd/blocklist/bin
Module Name:src Committed By: christos Date: Sat Dec 23 21:53:54 UTC 2023 Modified Files: src/external/bsd/blocklist/bin: blocklistd.c Log Message: PR/57767: Yoshitaka Tokugawa: When restoring, do so from a readonly copy of the database and update the read-write copy with the new firewall ids. Before we did not update the state file so it contained the old firewall ids. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/external/bsd/blocklist/bin/blocklistd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/bin
Module Name:src
Committed By: christos
Date: Fri Nov 18 16:01:01 UTC 2022
Modified Files:
src/external/bsd/blocklist/bin: conf.c
Log Message:
Allow configuration of addresses without a mask/prefix (Jose Luis Duran)
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blocklist/bin/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/bin/conf.c
diff -u src/external/bsd/blocklist/bin/conf.c:1.2 src/external/bsd/blocklist/bin/conf.c:1.3
--- src/external/bsd/blocklist/bin/conf.c:1.2 Mon Jun 13 11:00:20 2022
+++ src/external/bsd/blocklist/bin/conf.c Fri Nov 18 11:01:00 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.2 2022/06/13 15:00:20 christos Exp $ */
+/* $NetBSD: conf.c,v 1.3 2022/11/18 16:01:00 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: conf.c,v 1.2 2022/06/13 15:00:20 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.3 2022/11/18 16:01:00 christos Exp $");
#include
#ifdef HAVE_LIBUTIL_H
@@ -471,7 +471,6 @@ conf_amask_eq(const void *v1, const void
uint32_t m;
int omask = mask;
- len >>= 2;
switch (mask) {
case FSTAR:
if (memcmp(v1, v2, len) == 0)
@@ -485,7 +484,7 @@ conf_amask_eq(const void *v1, const void
break;
}
- for (size_t i = 0; i < len; i++) {
+ for (size_t i = 0; i < (len >> 2); i++) {
if (mask > 32) {
m = htonl((uint32_t)~0);
mask -= 32;
@@ -501,7 +500,6 @@ conf_amask_eq(const void *v1, const void
out:
if (debug > 1) {
char b1[256], b2[256];
- len <<= 2;
blhexdump(b1, sizeof(b1), "a1", v1, len);
blhexdump(b2, sizeof(b2), "a2", v2, len);
(*lfun)(LOG_DEBUG, "%s: %s != %s [0x%x]", __func__,
CVS commit: src/external/bsd/blocklist/bin
Module Name:src Committed By: christos Date: Fri Nov 18 16:01:01 UTC 2022 Modified Files: src/external/bsd/blocklist/bin: conf.c Log Message: Allow configuration of addresses without a mask/prefix (Jose Luis Duran) To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blocklist/bin/conf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/libexec
Module Name:src Committed By: christos Date: Tue Nov 15 21:05:00 UTC 2022 Modified Files: src/external/bsd/blocklist/libexec: blocklistd-helper Log Message: More ipfilter fixes (Jose Luis Duran) To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/external/bsd/blocklist/libexec/blocklistd-helper Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/libexec
Module Name:src
Committed By: christos
Date: Tue Nov 15 21:05:00 UTC 2022
Modified Files:
src/external/bsd/blocklist/libexec: blocklistd-helper
Log Message:
More ipfilter fixes (Jose Luis Duran)
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/external/bsd/blocklist/libexec/blocklistd-helper
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/libexec/blocklistd-helper
diff -u src/external/bsd/blocklist/libexec/blocklistd-helper:1.6 src/external/bsd/blocklist/libexec/blocklistd-helper:1.7
--- src/external/bsd/blocklist/libexec/blocklistd-helper:1.6 Tue Nov 15 15:58:50 2022
+++ src/external/bsd/blocklist/libexec/blocklistd-helper Tue Nov 15 16:05:00 2022
@@ -14,10 +14,18 @@ if [ -f "/etc/ipfw-blocklist.rc" ]; then
pf="ipfw"
. /etc/ipfw-blocklist.rc
ipfw_offset=${ipfw_offset:-2000}
-elif [ -f "/etc/ipfilter.conf" ]; then
- pf="ipf"
else
- for f in npf pf ipf; do
+ # ipfilter NetBSD, FreeBSD, Linux
+ for f in /etc/ipf.conf /etc/ipf.rules /etc/netscript/ipfilter.conf; do
+ if [ -f "$f" ]; then
+ pf="ipf"
+ break
+ fi
+ done
+fi
+
+if [ -z "$pf" ]; then
+ for f in npf pf; do
if [ -f "/etc/$f.conf" ]; then
pf="$f"
break
CVS commit: src/external/bsd/blocklist/libexec
Module Name:src
Committed By: christos
Date: Tue Nov 15 20:58:50 UTC 2022
Modified Files:
src/external/bsd/blocklist/libexec: blocklistd-helper
Log Message:
NetBSD uses ipf.conf for ipfilter not ipfilter.conf (Hose Luis Duran)
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/external/bsd/blocklist/libexec/blocklistd-helper
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/libexec/blocklistd-helper
diff -u src/external/bsd/blocklist/libexec/blocklistd-helper:1.5 src/external/bsd/blocklist/libexec/blocklistd-helper:1.6
--- src/external/bsd/blocklist/libexec/blocklistd-helper:1.5 Wed Oct 12 15:50:29 2022
+++ src/external/bsd/blocklist/libexec/blocklistd-helper Tue Nov 15 15:58:50 2022
@@ -14,10 +14,10 @@ if [ -f "/etc/ipfw-blocklist.rc" ]; then
pf="ipfw"
. /etc/ipfw-blocklist.rc
ipfw_offset=${ipfw_offset:-2000}
-fi
-
-if [ -z "$pf" ]; then
- for f in npf pf ipfilter; do
+elif [ -f "/etc/ipfilter.conf" ]; then
+ pf="ipf"
+else
+ for f in npf pf ipf; do
if [ -f "/etc/$f.conf" ]; then
pf="$f"
break
CVS commit: src/external/bsd/blocklist/libexec
Module Name:src Committed By: christos Date: Tue Nov 15 20:58:50 UTC 2022 Modified Files: src/external/bsd/blocklist/libexec: blocklistd-helper Log Message: NetBSD uses ipf.conf for ipfilter not ipfilter.conf (Hose Luis Duran) To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/external/bsd/blocklist/libexec/blocklistd-helper Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/libexec
Module Name:src Committed By: christos Date: Wed Oct 12 19:50:29 UTC 2022 Modified Files: src/external/bsd/blocklist/libexec: blocklistd-helper Log Message: fix typo (jlduran) To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/external/bsd/blocklist/libexec/blocklistd-helper Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blocklist/libexec/blocklistd-helper diff -u src/external/bsd/blocklist/libexec/blocklistd-helper:1.4 src/external/bsd/blocklist/libexec/blocklistd-helper:1.5 --- src/external/bsd/blocklist/libexec/blocklistd-helper:1.4 Wed Oct 12 14:34:43 2022 +++ src/external/bsd/blocklist/libexec/blocklistd-helper Wed Oct 12 15:50:29 2022 @@ -152,7 +152,7 @@ add) /sbin/pfctl -a "$2/$6" -f - # insert $ip/$mask into per-protocol/port anchored table /sbin/pfctl -qa "$2/$6" -t "port$6" -T add "$addr/$mask" && \ - /sbin/pcftl -qk "$addr" && echo OK + /sbin/pfctl -qk "$addr" && echo OK ;; esac
CVS commit: src/external/bsd/blocklist/libexec
Module Name:src Committed By: christos Date: Wed Oct 12 19:50:29 UTC 2022 Modified Files: src/external/bsd/blocklist/libexec: blocklistd-helper Log Message: fix typo (jlduran) To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/external/bsd/blocklist/libexec/blocklistd-helper Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/bin
Module Name:src
Committed By: christos
Date: Wed Oct 12 18:36:02 UTC 2022
Modified Files:
src/external/bsd/blocklist/bin: blocklistd.c
Log Message:
fix logging function which should have used function pointer (jlduran at github)
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blocklist/bin/blocklistd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/bin/blocklistd.c
diff -u src/external/bsd/blocklist/bin/blocklistd.c:1.2 src/external/bsd/blocklist/bin/blocklistd.c:1.3
--- src/external/bsd/blocklist/bin/blocklistd.c:1.2 Sat Jun 11 15:15:58 2022
+++ src/external/bsd/blocklist/bin/blocklistd.c Wed Oct 12 14:36:02 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: blocklistd.c,v 1.2 2022/06/11 19:15:58 christos Exp $ */
+/* $NetBSD: blocklistd.c,v 1.3 2022/10/12 18:36:02 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include "config.h"
#endif
#include
-__RCSID("$NetBSD: blocklistd.c,v 1.2 2022/06/11 19:15:58 christos Exp $");
+__RCSID("$NetBSD: blocklistd.c,v 1.3 2022/10/12 18:36:02 christos Exp $");
#include
#include
@@ -322,7 +322,7 @@ again:
if (dbi.id[0]) {
run_change("rem", , dbi.id, 0);
sockaddr_snprintf(buf, sizeof(buf), "%a", ss);
- syslog(LOG_INFO, "released %s/%d:%d after %d seconds",
+ (*lfun)(LOG_INFO, "released %s/%d:%d after %d seconds",
buf, c.c_lmask, c.c_port, c.c_duration);
}
state_del(state, );
CVS commit: src/external/bsd/blocklist/bin
Module Name:src Committed By: christos Date: Wed Oct 12 18:36:02 UTC 2022 Modified Files: src/external/bsd/blocklist/bin: blocklistd.c Log Message: fix logging function which should have used function pointer (jlduran at github) To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blocklist/bin/blocklistd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/libexec
Module Name:src
Committed By: christos
Date: Wed Oct 12 18:34:43 UTC 2022
Modified Files:
src/external/bsd/blocklist/libexec: blocklistd-helper
Log Message:
>From pjuran at github:
- Be quiet
- Kill active tcp connections from the blocked address
- Fix purge operation for pf, which must dynamically determine which filters
have been created, so the filters can be flushed by name.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/blocklist/libexec/blocklistd-helper
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/libexec/blocklistd-helper
diff -u src/external/bsd/blocklist/libexec/blocklistd-helper:1.3 src/external/bsd/blocklist/libexec/blocklistd-helper:1.4
--- src/external/bsd/blocklist/libexec/blocklistd-helper:1.3 Mon Mar 8 16:48:22 2021
+++ src/external/bsd/blocklist/libexec/blocklistd-helper Wed Oct 12 14:34:43 2022
@@ -151,8 +151,8 @@ add)
echo "block in quick $proto from to any $port" | \
/sbin/pfctl -a "$2/$6" -f -
# insert $ip/$mask into per-protocol/port anchored table
- /sbin/pfctl -a "$2/$6" -t "port$6" -T add "$addr/$mask" && \
- echo OK
+ /sbin/pfctl -qa "$2/$6" -t "port$6" -T add "$addr/$mask" && \
+ /sbin/pcftl -qk "$addr" && echo OK
;;
esac
@@ -184,7 +184,7 @@ rem)
;;
pf)
- /sbin/pfctl -a "$2/$6" -t "port$6" -T delete "$addr/$mask" && \
+ /sbin/pfctl -qa "$2/$6" -t "port$6" -T delete "$addr/$mask" && \
echo OK
;;
@@ -224,7 +224,12 @@ flush)
;;
pf)
- /sbin/pfctl -a "$2/$6" -t "port$6" -T flush && echo OK
+ # dynamically determine which anchors exist
+ for anchor in $(/sbin/pfctl -a "$2" -s Anchors); do
+ /sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush
+ /sbin/pfctl -a "$anchor" -F rules
+ done
+ echo OK
;;
esac
;;
CVS commit: src/external/bsd/blocklist/libexec
Module Name:src Committed By: christos Date: Wed Oct 12 18:34:43 UTC 2022 Modified Files: src/external/bsd/blocklist/libexec: blocklistd-helper Log Message: >From pjuran at github: - Be quiet - Kill active tcp connections from the blocked address - Fix purge operation for pf, which must dynamically determine which filters have been created, so the filters can be flushed by name. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/external/bsd/blocklist/libexec/blocklistd-helper Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/bin
Module Name:src
Committed By: christos
Date: Mon Jun 13 15:00:20 UTC 2022
Modified Files:
src/external/bsd/blocklist/bin: conf.c
Log Message:
Remove comment explaining why the code was disabled before (Jose Luis Duran)
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/blocklist/bin/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/bin/conf.c
diff -u src/external/bsd/blocklist/bin/conf.c:1.1.1.1 src/external/bsd/blocklist/bin/conf.c:1.2
--- src/external/bsd/blocklist/bin/conf.c:1.1.1.1 Sun Jun 14 21:52:53 2020
+++ src/external/bsd/blocklist/bin/conf.c Mon Jun 13 11:00:20 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $ */
+/* $NetBSD: conf.c,v 1.2 2022/06/13 15:00:20 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: conf.c,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.2 2022/06/13 15:00:20 christos Exp $");
#include
#ifdef HAVE_LIBUTIL_H
@@ -1005,7 +1005,6 @@ confset_match(const struct confset *cs,
#ifdef AF_ROUTE
static int
conf_route_perm(int fd) {
-/* Disable for now, the access check in the routing socket uses curlwp */
#if defined(RTM_IFANNOUNCE) && defined(RT_ROUNDUP)
/*
* Send a routing message that is not supported to check for access
CVS commit: src/external/bsd/blocklist/bin
Module Name:src Committed By: christos Date: Mon Jun 13 15:00:20 UTC 2022 Modified Files: src/external/bsd/blocklist/bin: conf.c Log Message: Remove comment explaining why the code was disabled before (Jose Luis Duran) To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/blocklist/bin/conf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/lib
Module Name:src
Committed By: christos
Date: Sun Jun 12 17:54:15 UTC 2022
Modified Files:
src/external/bsd/blocklist/lib: bl.c
Log Message:
Handle 0 sized messages (Jose Luis Duran)
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/blocklist/lib/bl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/lib/bl.c
diff -u src/external/bsd/blocklist/lib/bl.c:1.1.1.1 src/external/bsd/blocklist/lib/bl.c:1.2
--- src/external/bsd/blocklist/lib/bl.c:1.1.1.1 Sun Jun 14 21:52:53 2020
+++ src/external/bsd/blocklist/lib/bl.c Sun Jun 12 13:54:15 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: bl.c,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $ */
+/* $NetBSD: bl.c,v 1.2 2022/06/12 17:54:15 christos Exp $ */
/*-
* Copyright (c) 2014 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: bl.c,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $");
+__RCSID("$NetBSD: bl.c,v 1.2 2022/06/12 17:54:15 christos Exp $");
#include
#include
@@ -434,6 +434,7 @@ bl_recv(bl_t b)
} ub;
int got;
ssize_t rlen;
+ size_t rem;
bl_info_t *bi = >b_info;
got = 0;
@@ -503,10 +504,12 @@ bl_recv(bl_t b)
return NULL;
}
- if ((size_t)rlen <= sizeof(ub.bl)) {
+ rem = (size_t)rlen;
+ if (rem < sizeof(ub.bl)) {
bl_log(b->b_fun, LOG_ERR, "message too short %zd", rlen);
return NULL;
}
+ rem -= sizeof(ub.bl);
if (ub.bl.bl_version != BL_VERSION) {
bl_log(b->b_fun, LOG_ERR, "bad version %d", ub.bl.bl_version);
@@ -520,7 +523,10 @@ bl_recv(bl_t b)
bi->bi_uid = -1;
bi->bi_gid = -1;
#endif
- strlcpy(bi->bi_msg, ub.bl.bl_data, MIN(sizeof(bi->bi_msg),
- ((size_t)rlen - sizeof(ub.bl) + 1)));
+ rem = MIN(sizeof(bi->bi_msg), rem);
+ if (rem == 0)
+ bi->bi_msg[0] = '\0';
+ else
+ strlcpy(bi->bi_msg, ub.bl.bl_data, rem);
return bi;
}
CVS commit: src/external/bsd/blocklist/lib
Module Name:src Committed By: christos Date: Sun Jun 12 17:54:15 UTC 2022 Modified Files: src/external/bsd/blocklist/lib: bl.c Log Message: Handle 0 sized messages (Jose Luis Duran) To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/blocklist/lib/bl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/bin
Module Name:src Committed By: christos Date: Sat Jun 11 19:23:26 UTC 2022 Modified Files: src/external/bsd/blocklist/bin: blocklistctl.c Log Message: fix usage for ctl too (Jose Luis Duran) To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/blocklist/bin/blocklistctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/bin
Module Name:src
Committed By: christos
Date: Sat Jun 11 19:23:26 UTC 2022
Modified Files:
src/external/bsd/blocklist/bin: blocklistctl.c
Log Message:
fix usage for ctl too (Jose Luis Duran)
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/blocklist/bin/blocklistctl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/bin/blocklistctl.c
diff -u src/external/bsd/blocklist/bin/blocklistctl.c:1.1.1.1 src/external/bsd/blocklist/bin/blocklistctl.c:1.2
--- src/external/bsd/blocklist/bin/blocklistctl.c:1.1.1.1 Sun Jun 14 21:52:53 2020
+++ src/external/bsd/blocklist/bin/blocklistctl.c Sat Jun 11 15:23:26 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: blocklistctl.c,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $ */
+/* $NetBSD: blocklistctl.c,v 1.2 2022/06/11 19:23:26 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include
-__RCSID("$NetBSD: blocklistctl.c,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $");
+__RCSID("$NetBSD: blocklistctl.c,v 1.2 2022/06/11 19:23:26 christos Exp $");
#include
#include
@@ -61,7 +61,7 @@ usage(int c)
{
if (c == 0)
warnx("Missing/unknown command");
- else
+ else if (c != '?')
warnx("Unknown option `%c'", (char)c);
fprintf(stderr, "Usage: %s dump [-abdnrw]\n", getprogname());
exit(EXIT_FAILURE);
@@ -123,7 +123,6 @@ main(int argc, char *argv[])
break;
default:
usage(o);
- break;
}
db = state_open(dbname, O_RDONLY, 0);
CVS commit: src/external/bsd/blocklist/bin
Module Name:src Committed By: christos Date: Sat Jun 11 19:15:58 UTC 2022 Modified Files: src/external/bsd/blocklist/bin: blocklistd.c Log Message: fix usage error (Jose Luis Duran) To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/blocklist/bin/blocklistd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blocklist/bin
Module Name:src
Committed By: christos
Date: Sat Jun 11 19:15:58 UTC 2022
Modified Files:
src/external/bsd/blocklist/bin: blocklistd.c
Log Message:
fix usage error (Jose Luis Duran)
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/blocklist/bin/blocklistd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/bin/blocklistd.c
diff -u src/external/bsd/blocklist/bin/blocklistd.c:1.1.1.1 src/external/bsd/blocklist/bin/blocklistd.c:1.2
--- src/external/bsd/blocklist/bin/blocklistd.c:1.1.1.1 Sun Jun 14 21:52:53 2020
+++ src/external/bsd/blocklist/bin/blocklistd.c Sat Jun 11 15:15:58 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: blocklistd.c,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $ */
+/* $NetBSD: blocklistd.c,v 1.2 2022/06/11 19:15:58 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include "config.h"
#endif
#include
-__RCSID("$NetBSD: blocklistd.c,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $");
+__RCSID("$NetBSD: blocklistd.c,v 1.2 2022/06/11 19:15:58 christos Exp $");
#include
#include
@@ -105,7 +105,7 @@ sigdone(int n __unused)
static __dead void
usage(int c)
{
- if (c)
+ if (c != '?')
warnx("Unknown option `%c'", (char)c);
fprintf(stderr, "Usage: %s [-vdfr] [-c ] [-R ] "
"[-P ] [-C ] [-D ] "
@@ -474,7 +474,7 @@ main(int argc, char *argv[])
argc -= optind;
if (argc)
- usage(0);
+ usage('?');
signal(SIGHUP, sighup);
signal(SIGINT, sigdone);
