git: cbd8e3a0049a - stable/15 - MFV: Import blocklist 2025-10-25 (156df4f)

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Jose Luis Duran <jlduran_at_FreeBSD.org>
Date: Thu, 30 Oct 2025 01:52:15 UTC
The branch stable/15 has been updated by jlduran:

URL: https://cgit.FreeBSD.org/src/commit/?id=cbd8e3a0049aa300e0a92481d4f5a095765269bf

commit cbd8e3a0049aa300e0a92481d4f5a095765269bf
Author:     Jose Luis Duran <jlduran@FreeBSD.org>
AuthorDate: 2025-10-25 21:15:18 +0000
Commit:     Jose Luis Duran <jlduran@FreeBSD.org>
CommitDate: 2025-10-30 01:43:09 +0000

    MFV: Import blocklist 2025-10-25 (156df4f)
    
    Merge commit '1ae0b2f3a242a48af2deef1e88649bf4a3a74e2f'
    
    Changes:
    
    https://github.com/zoulasc/blocklist/compare/8aa81bf...156df4f
    
    MFC after:      2 days
    
    (cherry picked from commit bcbe0a3c924e09c4d78514e3d16d493e3da54f83)
---
 contrib/blocklist/bin/blocklistctl.8 |  5 ++---
 contrib/blocklist/bin/blocklistctl.c |  8 ++++----
 contrib/blocklist/bin/blocklistd.c   | 18 ++++++++----------
 3 files changed, 14 insertions(+), 17 deletions(-)

diff --git a/contrib/blocklist/bin/blocklistctl.8 b/contrib/blocklist/bin/blocklistctl.8
index a98c16374f19..7943c54159c1 100644
--- a/contrib/blocklist/bin/blocklistctl.8
+++ b/contrib/blocklist/bin/blocklistctl.8
@@ -1,4 +1,4 @@
-.\" $NetBSD: blocklistctl.8,v 1.4 2025/02/07 01:35:38 kre Exp $
+.\" $NetBSD: blocklistctl.8,v 1.5 2025/10/25 16:56:27 christos Exp $
 .\"
 .\" Copyright (c) 2015 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -45,7 +45,6 @@ is a program used to display and change the state of the
 database.
 The following sub-commands are supported:
 .Ss dump
-.Pp
 The following options are available for the
 .Cm dump
 sub-command:
@@ -90,7 +89,7 @@ associated with the database entry.
 column will show the identifier for the packet filter rule associated
 with the database entry, though this may only be the word
 .Ql OK
-for packet filters which do not creat a unique identifier for each rule.
+for packet filters which do not create a unique identifier for each rule.
 .It Ql nfail
 The number of
 .Em failures
diff --git a/contrib/blocklist/bin/blocklistctl.c b/contrib/blocklist/bin/blocklistctl.c
index 8c75e0430c61..b43d8b8aaab3 100644
--- a/contrib/blocklist/bin/blocklistctl.c
+++ b/contrib/blocklist/bin/blocklistctl.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $	*/
+/*	$NetBSD: blocklistctl.c,v 1.5 2025/10/25 16:56:10 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
 #ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $");
+__RCSID("$NetBSD: blocklistctl.c,v 1.5 2025/10/25 16:56:10 christos Exp $");
 
 #include <stdio.h>
 #include <time.h>
@@ -135,7 +135,7 @@ main(int argc, char *argv[])
 	clock_gettime(CLOCK_REALTIME, &ts);
 	wide = wide ? 8 * 4 + 7 : 4 * 3 + 3;
 	if (!noheader)
-		printf("%*.*s/ma:port\tid\tnfail\t%s\n", wide, wide,
+		printf("rulename\t%*.*s/ma:port\tid\tnfail\t%s\n", wide, wide,
 		    "address", remain ? "remaining time" : "last access");
 	for (i = 1; state_iterate(db, &c, &dbi, i) != 0; i = 0) {
 		char buf[BUFSIZ];
@@ -150,7 +150,7 @@ main(int argc, char *argv[])
 			}
 		}
 		sockaddr_snprintf(buf, sizeof(buf), "%a", (void *)&c.c_ss);
-		printf("%*.*s/%s:%s\t", wide, wide, buf,
+		printf("%s\t%*.*s/%s:%s\t", c.c_name, wide, wide, buf,
 		    star(mbuf, sizeof(mbuf), c.c_lmask),
 		    star(pbuf, sizeof(pbuf), c.c_port));
 		if (c.c_duration == -1) {
diff --git a/contrib/blocklist/bin/blocklistd.c b/contrib/blocklist/bin/blocklistd.c
index 03a1dbbf056c..c78c560613fc 100644
--- a/contrib/blocklist/bin/blocklistd.c
+++ b/contrib/blocklist/bin/blocklistd.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $	*/
+/*	$NetBSD: blocklistd.c,v 1.11 2025/10/25 16:55:23 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
 #ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $");
+__RCSID("$NetBSD: blocklistd.c,v 1.11 2025/10/25 16:55:23 christos Exp $");
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -191,12 +191,12 @@ process(bl_t bl)
 	}
 
 	if (getremoteaddress(bi, &rss, &rsl) == -1)
-		goto out;
+		return;
 
 	if (debug || bi->bi_msg[0]) {
 		sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss);
 		(*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG,
-		    "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu",
+		    "processing type=%d fd=%d remote=%s msg=\"%s\" uid=%lu gid=%lu",
 		    bi->bi_type, bi->bi_fd, rbuf,
 		    bi->bi_msg, (unsigned long)bi->bi_uid,
 		    (unsigned long)bi->bi_gid);
@@ -204,12 +204,12 @@ process(bl_t bl)
 
 	if (conf_find(bi->bi_fd, bi->bi_uid, &rss, &c) == NULL) {
 		(*lfun)(LOG_DEBUG, "no rule matched");
-		goto out;
+		return;
 	}
 
 
 	if (state_get(state, &c, &dbi) == -1)
-		goto out;
+		return;
 
 	if (debug) {
 		char b1[128], b2[128];
@@ -226,7 +226,7 @@ process(bl_t bl)
 		 * set the number of fails to be one less than the
 		 * configured limit.  Fallthrough to the normal BL_ADD
 		 * processing, which will increment the failure count
-		 * to the threshhold, and block the abusive address.
+		 * to the threshold, and block the abusive address.
 		 */
 		if (c.c_nfail != -1)
 			dbi.count = c.c_nfail - 1;
@@ -269,8 +269,6 @@ process(bl_t bl)
 	state_put(state, &c, &dbi);
 
 out:
-	close(bi->bi_fd);
-
 	if (debug) {
 		char b1[128], b2[128];
 		(*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d "
@@ -565,7 +563,7 @@ main(int argc, char *argv[])
 			conf_parse(configfile);
 		}
 		ret = poll(pfd, (nfds_t)nfd, tout);
-		if (debug)
+		if (debug && ret != 0)
 			(*lfun)(LOG_DEBUG, "received %d from poll()", ret);
 		switch (ret) {
 		case -1: