git: cd284c1e17ea - stable/15 - blocklist: blacklist: Chase recent upstream changes

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Jose Luis Duran <jlduran_at_FreeBSD.org>
Date: Thu, 30 Oct 2025 01:52:16 UTC
The branch stable/15 has been updated by jlduran:

URL: https://cgit.FreeBSD.org/src/commit/?id=cd284c1e17eab4884cf4bc9479e8272af527f6b7

commit cd284c1e17eab4884cf4bc9479e8272af527f6b7
Author:     Jose Luis Duran <jlduran@FreeBSD.org>
AuthorDate: 2025-10-25 21:24:13 +0000
Commit:     Jose Luis Duran <jlduran@FreeBSD.org>
CommitDate: 2025-10-30 01:44:43 +0000

    blocklist: blacklist: Chase recent upstream changes
    
    Upstream introduced an extra column in blocklistctl(8) to display the
    name of the rule associated in the database entry.
    
    It is intended to avoid confusion when seemingly duplicate locations
    appear in the output of the blocklistctl dump command.  Especially when
    users are transitioning from the old nomenclature to the new one.
    
    The latest patches will not be fully backported to blacklistctl(8), to
    avoid breaking current scripts that may be parsing its output.  Also we
    are slowly preparing to feature-freeze everything related to blacklist.
    
    MFC:    2 days
    
    (cherry picked from commit eae98e28a0e17f625e29f9849a4dc655636d9164)
---
 contrib/blocklist/bin/blacklistctl.8 |  3 +--
 contrib/blocklist/bin/blacklistd.c   | 18 ++++++++----------
 contrib/blocklist/bin/blocklistctl.8 |  6 +++++-
 3 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/contrib/blocklist/bin/blacklistctl.8 b/contrib/blocklist/bin/blacklistctl.8
index 4d557c0c979d..08f1d1b9e5af 100644
--- a/contrib/blocklist/bin/blacklistctl.8
+++ b/contrib/blocklist/bin/blacklistctl.8
@@ -45,7 +45,6 @@ is a program used to display and change the state of the
 database.
 The following sub-commands are supported:
 .Ss dump
-.Pp
 The following options are available for the
 .Cm dump
 sub-command:
@@ -90,7 +89,7 @@ associated with the database entry.
 column will show the identifier for the packet filter rule associated
 with the database entry, though this may only be the word
 .Ql OK
-for packet filters which do not creat a unique identifier for each rule.
+for packet filters which do not create a unique identifier for each rule.
 .It Ql nfail
 The number of
 .Em failures
diff --git a/contrib/blocklist/bin/blacklistd.c b/contrib/blocklist/bin/blacklistd.c
index ded3075ed707..b5f9358122ef 100644
--- a/contrib/blocklist/bin/blacklistd.c
+++ b/contrib/blocklist/bin/blacklistd.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $	*/
+/*	$NetBSD: blocklistd.c,v 1.11 2025/10/25 16:55:23 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
 #ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $");
+__RCSID("$NetBSD: blocklistd.c,v 1.11 2025/10/25 16:55:23 christos Exp $");
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -191,12 +191,12 @@ process(bl_t bl)
 	}
 
 	if (getremoteaddress(bi, &rss, &rsl) == -1)
-		goto out;
+		return;
 
 	if (debug || bi->bi_msg[0]) {
 		sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss);
 		(*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG,
-		    "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu",
+		    "processing type=%d fd=%d remote=%s msg=\"%s\" uid=%lu gid=%lu",
 		    bi->bi_type, bi->bi_fd, rbuf,
 		    bi->bi_msg, (unsigned long)bi->bi_uid,
 		    (unsigned long)bi->bi_gid);
@@ -204,12 +204,12 @@ process(bl_t bl)
 
 	if (conf_find(bi->bi_fd, bi->bi_uid, &rss, &c) == NULL) {
 		(*lfun)(LOG_DEBUG, "no rule matched");
-		goto out;
+		return;
 	}
 
 
 	if (state_get(state, &c, &dbi) == -1)
-		goto out;
+		return;
 
 	if (debug) {
 		char b1[128], b2[128];
@@ -226,7 +226,7 @@ process(bl_t bl)
 		 * set the number of fails to be one less than the
 		 * configured limit.  Fallthrough to the normal BL_ADD
 		 * processing, which will increment the failure count
-		 * to the threshhold, and block the abusive address.
+		 * to the threshold, and block the abusive address.
 		 */
 		if (c.c_nfail != -1)
 			dbi.count = c.c_nfail - 1;
@@ -269,8 +269,6 @@ process(bl_t bl)
 	state_put(state, &c, &dbi);
 
 out:
-	close(bi->bi_fd);
-
 	if (debug) {
 		char b1[128], b2[128];
 		(*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d "
@@ -565,7 +563,7 @@ main(int argc, char *argv[])
 			conf_parse(configfile);
 		}
 		ret = poll(pfd, (nfds_t)nfd, tout);
-		if (debug)
+		if (debug && ret != 0)
 			(*lfun)(LOG_DEBUG, "received %d from poll()", ret);
 		switch (ret) {
 		case -1:
diff --git a/contrib/blocklist/bin/blocklistctl.8 b/contrib/blocklist/bin/blocklistctl.8
index 7943c54159c1..75228599a9de 100644
--- a/contrib/blocklist/bin/blocklistctl.8
+++ b/contrib/blocklist/bin/blocklistctl.8
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 27, 2025
+.Dd October 25, 2025
 .Dt BLOCKLISTCTL 8
 .Os
 .Sh NAME
@@ -82,6 +82,10 @@ sub-command consists of a header (unless
 was given) and one line for each record in the database, where each line
 has the following columns:
 .Bl -tag -width indent
+.It Ql rulename
+The packet filter rule name associated with the database entry,
+usually
+.Dv blocklistd .
 .It Ql address/ma:port
 The remote address, mask, and local port number of the client connection
 associated with the database entry.