blocklist

Martin Husemann Sat, 17 Feb 2024 08:00:09 -0800

Module Name:    src
Committed By:   martin
Date:           Sat Feb 17 15:59:55 UTC 2024


Modified Files:
        src/external/bsd/blocklist/bin [netbsd-10]: blocklistd.conf.5 conf.c
        src/external/bsd/blocklist/etc [netbsd-10]: blocklistd.conf

Log Message:
Pull up following revision(s) (requested by markd in ticket #591):

        external/bsd/blocklist/bin/blocklistd.conf.5: revision 1.3
        external/bsd/blocklist/bin/conf.c: revision 1.4
        external/bsd/blocklist/bin/conf.c: revision 1.5
        external/bsd/blocklist/bin/conf.c: revision 1.6
        external/bsd/blocklist/etc/blocklistd.conf: revision 1.3

PR/57905: Mark Davies: blocklistd fails to parse ipv6 addresses.
fix typo

PR/57905: Mark Davies: handle empty string.

add an IPv6 example to blocklistd.conf(5)

add an IPv6 example to blocklistd.conf example file


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.6.1 src/external/bsd/blocklist/bin/blocklistd.conf.5
cvs rdiff -u -r1.3 -r1.3.2.1 src/external/bsd/blocklist/bin/conf.c
cvs rdiff -u -r1.2 -r1.2.6.1 src/external/bsd/blocklist/etc/blocklistd.conf

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/external/bsd/blocklist/bin/blocklistd.conf.5
diff -u src/external/bsd/blocklist/bin/blocklistd.conf.5:1.2 src/external/bsd/blocklist/bin/blocklistd.conf.5:1.2.6.1
--- src/external/bsd/blocklist/bin/blocklistd.conf.5:1.2	Mon Jun 15 02:29:44 2020
+++ src/external/bsd/blocklist/bin/blocklistd.conf.5	Sat Feb 17 15:59:55 2024
@@ -1,4 +1,4 @@
-.\" $NetBSD: blocklistd.conf.5,v 1.2 2020/06/15 02:29:44 christos Exp $
+.\" $NetBSD: blocklistd.conf.5,v 1.2.6.1 2024/02/17 15:59:55 martin Exp $
 .\"
 .\" Copyright (c) 2015 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd May 18, 2020
+.Dd February 9, 2024
 .Dt BLOCKLISTD.CONF 5
 .Os
 .Sh NAME
@@ -209,6 +209,8 @@ bnx0:ssh	*	*	*	*	3	6h
 [remote]
 # Never block 1.2.3.4
 1.2.3.4:ssh	*	*	*	*	*	*
+# Never block the example IPv6 subnet either
+[2001:db8::]/32:ssh	*	*	*	*	*	*
 # For addresses coming from 8.8.0.0/16 block class C networks instead
 # individual hosts, but keep the rest of the blocking parameters the same.
 8.8.0.0/16:ssh	*	*	*	/24	=	=

Index: src/external/bsd/blocklist/bin/conf.c
diff -u src/external/bsd/blocklist/bin/conf.c:1.3 src/external/bsd/blocklist/bin/conf.c:1.3.2.1
--- src/external/bsd/blocklist/bin/conf.c:1.3	Fri Nov 18 16:01:00 2022
+++ src/external/bsd/blocklist/bin/conf.c	Sat Feb 17 15:59:55 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: conf.c,v 1.3 2022/11/18 16:01:00 christos Exp $	*/
+/*	$NetBSD: conf.c,v 1.3.2.1 2024/02/17 15:59:55 martin Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
 #endif
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: conf.c,v 1.3 2022/11/18 16:01:00 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.3.2.1 2024/02/17 15:59:55 martin Exp $");
 
 #include <stdio.h>
 #ifdef HAVE_LIBUTIL_H
@@ -261,7 +261,7 @@ conf_gethostport(const char *f, size_t l
 		if (debug)
 			(*lfun)(LOG_DEBUG, "%s: host6 %s", __func__, p);
 		if (strcmp(p, "*") != 0) {
-			if (inet_pton(AF_INET6, p, &sin6->sin6_addr) == -1)
+			if (inet_pton(AF_INET6, p, &sin6->sin6_addr) != 1)
 				goto out;
 			sin6->sin6_family = AF_INET6;
 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
@@ -269,6 +269,8 @@ conf_gethostport(const char *f, size_t l
 #endif
 			port = &sin6->sin6_port;
 		}
+		if (!*pstr)
+			pstr = "*";
 	} else if (pstr != p || strchr(p, '.') || conf_is_interface(p)) {
 		if (pstr == p)
 			pstr = "*";
@@ -311,7 +313,7 @@ conf_gethostport(const char *f, size_t l
 		*port = htons((in_port_t)c->c_port);
 	return 0;
 out:
-	(*lfun)(LOG_ERR, "%s: %s, %zu: Bad address [%s]", __func__, f, l, pstr);
+	(*lfun)(LOG_ERR, "%s: %s, %zu: Bad address [%s]", __func__, f, l, p);
 	return -1;
 out1:
 	(*lfun)(LOG_ERR, "%s: %s, %zu: Can't specify mask %d with "
@@ -1172,7 +1174,7 @@ conf_parse(const char *f)
 		return;
 	}
 
-	lineno = 1;
+	lineno = 0;
 
 	confset_init(&rc);
 	confset_init(&lc);

Index: src/external/bsd/blocklist/etc/blocklistd.conf
diff -u src/external/bsd/blocklist/etc/blocklistd.conf:1.2 src/external/bsd/blocklist/etc/blocklistd.conf:1.2.6.1
--- src/external/bsd/blocklist/etc/blocklistd.conf:1.2	Mon Jun 15 21:27:57 2020
+++ src/external/bsd/blocklist/etc/blocklistd.conf	Sat Feb 17 15:59:55 2024
@@ -10,5 +10,6 @@ domain		*	*	named		*	3	12h
 # adr/mask:port	type	proto	owner		name	nfail	disable
 [remote]
 #129.168.0.0/16	*	*	*		=	*	*
+#[2001:db8::]/32:ssh	*	*	*		=	*	*
 #6161		=	=	=		=/24	=	=
 #*		stream	tcp	*		=	=	=

CVS commit: [netbsd-10] src/external/bsd/blocklist

Reply via email to