From nobody Thu Oct 30 01:52:15 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cxnDH3MW9z6DTRl; Thu, 30 Oct 2025 01:52:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cxnDH2rhgz3pWs; Thu, 30 Oct 2025 01:52:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1761789135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XI/t20du0NsH8oxT+IOan0xft42QPIol0BqHOrLzVeY=; b=faJC9Eu+FK7EhwuMZnLmgAbguNaIYi2coveyX0RoOIisi+XA8tmH1C/ni+SyWy5CeGdzav 7txHl5gtkv0AJ9QoP0lF9oMyOJeVwzNWfVOvs1UWMuVRH7SOrF8EcoZMORmM4NqOOQdFkh fg9ORN9g34Owp0GuVolJlbpZRqjP80rsAIbOZHJh3G2qsbXrdCZ6sG/UeY8z56ZoI5hhFu FaNi0KvMtGl9caiIxcaqP+poyDDv8lKsI4yzJWd3s3QGIO9H6Ao/RzI9z63dUpgWBp/HG9 mkKNjwIG/DmjorWueZMCoEqhTXQV3s5tijXCwzbLyQDSnppkbN8zOnNIdG/u1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1761789135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XI/t20du0NsH8oxT+IOan0xft42QPIol0BqHOrLzVeY=; b=OtqWs/xWFtR/i3erzQl1UZBZN6/UiYToLQ0hUMR4Rbpdpk4nx5OHxPGYzOq0ZJ1nyrl1Vb QsK6eiNH14bRUtDKB8euMgvXqD763EAY3OoeNFnPPbgqNTMfKwdpAEOhlbXUmbmZft0AWr n7afkUILfx7MPHo05IFn9dAooix70yfLRrxAYxAVPf4zFH8y+D5eyZvPucMRMuUUYizger E2DNfuRLOlUYwltxpgjjy9Su2LCTpKScbUx4g7DZFEijX4Ogmt42E+HfV89Fj+wPtOiKsT aW2pfWX2b4gC+AVtVnJ8K29Qq9upZhxiNNVp6m6wkTEW4gH03hPAZcTIP5z+fw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1761789135; a=rsa-sha256; cv=none; b=BiLymaPKpTxp3ih0tzHBdBiWjpuIPQfAOqZxeu4BiwlNEMsX7RSH7tigZOK7CSzUXCrROs 5QW+oxzwMNN3RG7cN6DO/LUg90Vw8yTgxgma12j8FNk2B8MwZ3ICWC8WtJeS9pvPTrcEk5 OcKtTpTAE21L15oYnwkuF/ZT1aSR2ktYD08HgZlafz3NJ2mo15/m9vWmZ3QJByM695cuLi +dKliVSfXXAPd6knGdtUPgGOEVmWbM2bHrbVc6Iyt6a7Q7VLU8HwKRjMgeWi3yI5+tMbj+ sTk3IKlUQERuZ7FliDRBEx7VSdpL+5b8vy+D6hz0D/W3Jkd+ec7Vcu4GFTTMvw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cxnDH2GCsz11wG; Thu, 30 Oct 2025 01:52:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59U1qFq1097355; Thu, 30 Oct 2025 01:52:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59U1qFXx097352; Thu, 30 Oct 2025 01:52:15 GMT (envelope-from git) Date: Thu, 30 Oct 2025 01:52:15 GMT Message-Id: <202510300152.59U1qFXx097352@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: cbd8e3a0049a - stable/15 - MFV: Import blocklist 2025-10-25 (156df4f) List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: cbd8e3a0049aa300e0a92481d4f5a095765269bf Auto-Submitted: auto-generated The branch stable/15 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=cbd8e3a0049aa300e0a92481d4f5a095765269bf commit cbd8e3a0049aa300e0a92481d4f5a095765269bf Author: Jose Luis Duran AuthorDate: 2025-10-25 21:15:18 +0000 Commit: Jose Luis Duran CommitDate: 2025-10-30 01:43:09 +0000 MFV: Import blocklist 2025-10-25 (156df4f) Merge commit '1ae0b2f3a242a48af2deef1e88649bf4a3a74e2f' Changes: https://github.com/zoulasc/blocklist/compare/8aa81bf...156df4f MFC after: 2 days (cherry picked from commit bcbe0a3c924e09c4d78514e3d16d493e3da54f83) --- contrib/blocklist/bin/blocklistctl.8 | 5 ++--- contrib/blocklist/bin/blocklistctl.c | 8 ++++---- contrib/blocklist/bin/blocklistd.c | 18 ++++++++---------- 3 files changed, 14 insertions(+), 17 deletions(-) diff --git a/contrib/blocklist/bin/blocklistctl.8 b/contrib/blocklist/bin/blocklistctl.8 index a98c16374f19..7943c54159c1 100644 --- a/contrib/blocklist/bin/blocklistctl.8 +++ b/contrib/blocklist/bin/blocklistctl.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: blocklistctl.8,v 1.4 2025/02/07 01:35:38 kre Exp $ +.\" $NetBSD: blocklistctl.8,v 1.5 2025/10/25 16:56:27 christos Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -45,7 +45,6 @@ is a program used to display and change the state of the database. The following sub-commands are supported: .Ss dump -.Pp The following options are available for the .Cm dump sub-command: @@ -90,7 +89,7 @@ associated with the database entry. column will show the identifier for the packet filter rule associated with the database entry, though this may only be the word .Ql OK -for packet filters which do not creat a unique identifier for each rule. +for packet filters which do not create a unique identifier for each rule. .It Ql nfail The number of .Em failures diff --git a/contrib/blocklist/bin/blocklistctl.c b/contrib/blocklist/bin/blocklistctl.c index 8c75e0430c61..b43d8b8aaab3 100644 --- a/contrib/blocklist/bin/blocklistctl.c +++ b/contrib/blocklist/bin/blocklistctl.c @@ -1,4 +1,4 @@ -/* $NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $ */ +/* $NetBSD: blocklistctl.c,v 1.5 2025/10/25 16:56:10 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef HAVE_SYS_CDEFS_H #include #endif -__RCSID("$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $"); +__RCSID("$NetBSD: blocklistctl.c,v 1.5 2025/10/25 16:56:10 christos Exp $"); #include #include @@ -135,7 +135,7 @@ main(int argc, char *argv[]) clock_gettime(CLOCK_REALTIME, &ts); wide = wide ? 8 * 4 + 7 : 4 * 3 + 3; if (!noheader) - printf("%*.*s/ma:port\tid\tnfail\t%s\n", wide, wide, + printf("rulename\t%*.*s/ma:port\tid\tnfail\t%s\n", wide, wide, "address", remain ? "remaining time" : "last access"); for (i = 1; state_iterate(db, &c, &dbi, i) != 0; i = 0) { char buf[BUFSIZ]; @@ -150,7 +150,7 @@ main(int argc, char *argv[]) } } sockaddr_snprintf(buf, sizeof(buf), "%a", (void *)&c.c_ss); - printf("%*.*s/%s:%s\t", wide, wide, buf, + printf("%s\t%*.*s/%s:%s\t", c.c_name, wide, wide, buf, star(mbuf, sizeof(mbuf), c.c_lmask), star(pbuf, sizeof(pbuf), c.c_port)); if (c.c_duration == -1) { diff --git a/contrib/blocklist/bin/blocklistd.c b/contrib/blocklist/bin/blocklistd.c index 03a1dbbf056c..c78c560613fc 100644 --- a/contrib/blocklist/bin/blocklistd.c +++ b/contrib/blocklist/bin/blocklistd.c @@ -1,4 +1,4 @@ -/* $NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $ */ +/* $NetBSD: blocklistd.c,v 1.11 2025/10/25 16:55:23 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef HAVE_SYS_CDEFS_H #include #endif -__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $"); +__RCSID("$NetBSD: blocklistd.c,v 1.11 2025/10/25 16:55:23 christos Exp $"); #include #include @@ -191,12 +191,12 @@ process(bl_t bl) } if (getremoteaddress(bi, &rss, &rsl) == -1) - goto out; + return; if (debug || bi->bi_msg[0]) { sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss); (*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG, - "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu", + "processing type=%d fd=%d remote=%s msg=\"%s\" uid=%lu gid=%lu", bi->bi_type, bi->bi_fd, rbuf, bi->bi_msg, (unsigned long)bi->bi_uid, (unsigned long)bi->bi_gid); @@ -204,12 +204,12 @@ process(bl_t bl) if (conf_find(bi->bi_fd, bi->bi_uid, &rss, &c) == NULL) { (*lfun)(LOG_DEBUG, "no rule matched"); - goto out; + return; } if (state_get(state, &c, &dbi) == -1) - goto out; + return; if (debug) { char b1[128], b2[128]; @@ -226,7 +226,7 @@ process(bl_t bl) * set the number of fails to be one less than the * configured limit. Fallthrough to the normal BL_ADD * processing, which will increment the failure count - * to the threshhold, and block the abusive address. + * to the threshold, and block the abusive address. */ if (c.c_nfail != -1) dbi.count = c.c_nfail - 1; @@ -269,8 +269,6 @@ process(bl_t bl) state_put(state, &c, &dbi); out: - close(bi->bi_fd); - if (debug) { char b1[128], b2[128]; (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d " @@ -565,7 +563,7 @@ main(int argc, char *argv[]) conf_parse(configfile); } ret = poll(pfd, (nfds_t)nfd, tout); - if (debug) + if (debug && ret != 0) (*lfun)(LOG_DEBUG, "received %d from poll()", ret); switch (ret) { case -1: