From nobody Thu Oct 30 04:36:52 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cxrtF33Gzz6DknB; Thu, 30 Oct 2025 04:36:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cxrtF0lsbz3MbJ; Thu, 30 Oct 2025 04:36:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1761799013; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=C0SpYOhoAsJx93GmpnkOgIw+ohO5KlZSK77vHGayblI=; b=ZHvqmUio2X4U25FLsyV0ZqbsJnIUlP76N5oqh54UZzin1pD3dEkr7ns+OV2/8WYkhJLmJ+ o7RV5cPLJ1E5KL3kU+OusCSN5VgjBmBXfA8lZccTiQpAOB0cS6W8/B14E6dJ+/xg7QzS26 OW3jIxGcMynFkt+ATz/2eYo8tpAPxi7d8CBCoV7fXWOR7CVUAo+vIF94Cfo0nV+yTAx3kQ TBrZ9V3kfTXXiQKdK12n9EWTgS96o2RfbgcSC95eAitERVMIvDJ2bpuAIW8nOlWckVMu/8 p41qRett7V9iJeYrZ2OYPQ38uTeXSMsbpY0UUHy9rIpSfVOgDn3mnzns88tsRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1761799013; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=C0SpYOhoAsJx93GmpnkOgIw+ohO5KlZSK77vHGayblI=; b=wXl+OfRXzz5G66YOJiFqO0rYH6kU6dKtV0aqLqx93iJJYx4ujKH440VUCoI6azSQ+LOMPA CaGU9pcM8KrxGmeI6BJKPe4KysVddgQF+b6CFMaLu0zWGvZ6e2x3T6Qs2VFDtc1VhDG1XV sbf++tAMfxCaWDL13aJEIFRcBn9DxhDGoTL/nqCCPZ25Q5PYcpfNILoOEcb3l/tGWiBjJj io3QVlM0tEiCKqoICsw9OYSY67JcQR4kb8cNK3k9vLxG7wR5o8ovlzFxZYyqdd5ayyN1vH x/muY9ySwc2eUANyfnSVK2Z+rhYelSA+llXg9EkweoEmmumE3l6Tbwo/ILADHQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1761799013; a=rsa-sha256; cv=none; b=vVkLyu8LIsOtMH9Hba6f/OJ78Stat4rKWa9F32bF2CVt6WxsYCmHeSXIIfns6JetA6ymtV +bB38VsB0/hQ8Lg3VjJctXerPOOCmCr0Oo/+RhqLQvDDVJlzUnXib8rA1vc/0akmCS/Mli 2X6UdxujNTzZHH0T456vkRuZgO7LRA9/P+wSBviO+j/mvmkHVtOS5rjMLTBQBqyqhOCBz5 cNlYMN7KMHq8gWr6pm7M0yXQWeBdQaH3dJIRgFqs3dsEWbH7ffxx/E+DsW8Ff6XNLjCHkw Y2qq6RmJt1TdAMV+FfFR2Hs/OXB0Gt53yqJ2QeKDMH4sFZRAqpNuZUWDp8jnQw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cxrtF0HCDz16PP; Thu, 30 Oct 2025 04:36:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59U4aq6D004986; Thu, 30 Oct 2025 04:36:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59U4aqU3004983; Thu, 30 Oct 2025 04:36:52 GMT (envelope-from git) Date: Thu, 30 Oct 2025 04:36:52 GMT Message-Id: <202510300436.59U4aqU3004983@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: 8ea3c27a0345 - releng/15.0 - MFV: Import blocklist 2025-10-25 (156df4f) List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: 8ea3c27a0345bfb1a6361ad5c8ccb13aae7aa7d1 Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=8ea3c27a0345bfb1a6361ad5c8ccb13aae7aa7d1 commit 8ea3c27a0345bfb1a6361ad5c8ccb13aae7aa7d1 Author: Jose Luis Duran AuthorDate: 2025-10-25 21:15:18 +0000 Commit: Colin Percival CommitDate: 2025-10-30 04:36:28 +0000 MFV: Import blocklist 2025-10-25 (156df4f) Merge commit '1ae0b2f3a242a48af2deef1e88649bf4a3a74e2f' Changes: https://github.com/zoulasc/blocklist/compare/8aa81bf...156df4f Approved by: re (cperciva) MFC after: 2 days (cherry picked from commit bcbe0a3c924e09c4d78514e3d16d493e3da54f83) (cherry picked from commit cbd8e3a0049aa300e0a92481d4f5a095765269bf) --- contrib/blocklist/bin/blocklistctl.8 | 5 ++--- contrib/blocklist/bin/blocklistctl.c | 8 ++++---- contrib/blocklist/bin/blocklistd.c | 18 ++++++++---------- 3 files changed, 14 insertions(+), 17 deletions(-) diff --git a/contrib/blocklist/bin/blocklistctl.8 b/contrib/blocklist/bin/blocklistctl.8 index a98c16374f19..7943c54159c1 100644 --- a/contrib/blocklist/bin/blocklistctl.8 +++ b/contrib/blocklist/bin/blocklistctl.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: blocklistctl.8,v 1.4 2025/02/07 01:35:38 kre Exp $ +.\" $NetBSD: blocklistctl.8,v 1.5 2025/10/25 16:56:27 christos Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -45,7 +45,6 @@ is a program used to display and change the state of the database. The following sub-commands are supported: .Ss dump -.Pp The following options are available for the .Cm dump sub-command: @@ -90,7 +89,7 @@ associated with the database entry. column will show the identifier for the packet filter rule associated with the database entry, though this may only be the word .Ql OK -for packet filters which do not creat a unique identifier for each rule. +for packet filters which do not create a unique identifier for each rule. .It Ql nfail The number of .Em failures diff --git a/contrib/blocklist/bin/blocklistctl.c b/contrib/blocklist/bin/blocklistctl.c index 8c75e0430c61..b43d8b8aaab3 100644 --- a/contrib/blocklist/bin/blocklistctl.c +++ b/contrib/blocklist/bin/blocklistctl.c @@ -1,4 +1,4 @@ -/* $NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $ */ +/* $NetBSD: blocklistctl.c,v 1.5 2025/10/25 16:56:10 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef HAVE_SYS_CDEFS_H #include #endif -__RCSID("$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $"); +__RCSID("$NetBSD: blocklistctl.c,v 1.5 2025/10/25 16:56:10 christos Exp $"); #include #include @@ -135,7 +135,7 @@ main(int argc, char *argv[]) clock_gettime(CLOCK_REALTIME, &ts); wide = wide ? 8 * 4 + 7 : 4 * 3 + 3; if (!noheader) - printf("%*.*s/ma:port\tid\tnfail\t%s\n", wide, wide, + printf("rulename\t%*.*s/ma:port\tid\tnfail\t%s\n", wide, wide, "address", remain ? "remaining time" : "last access"); for (i = 1; state_iterate(db, &c, &dbi, i) != 0; i = 0) { char buf[BUFSIZ]; @@ -150,7 +150,7 @@ main(int argc, char *argv[]) } } sockaddr_snprintf(buf, sizeof(buf), "%a", (void *)&c.c_ss); - printf("%*.*s/%s:%s\t", wide, wide, buf, + printf("%s\t%*.*s/%s:%s\t", c.c_name, wide, wide, buf, star(mbuf, sizeof(mbuf), c.c_lmask), star(pbuf, sizeof(pbuf), c.c_port)); if (c.c_duration == -1) { diff --git a/contrib/blocklist/bin/blocklistd.c b/contrib/blocklist/bin/blocklistd.c index 03a1dbbf056c..c78c560613fc 100644 --- a/contrib/blocklist/bin/blocklistd.c +++ b/contrib/blocklist/bin/blocklistd.c @@ -1,4 +1,4 @@ -/* $NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $ */ +/* $NetBSD: blocklistd.c,v 1.11 2025/10/25 16:55:23 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef HAVE_SYS_CDEFS_H #include #endif -__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $"); +__RCSID("$NetBSD: blocklistd.c,v 1.11 2025/10/25 16:55:23 christos Exp $"); #include #include @@ -191,12 +191,12 @@ process(bl_t bl) } if (getremoteaddress(bi, &rss, &rsl) == -1) - goto out; + return; if (debug || bi->bi_msg[0]) { sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss); (*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG, - "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu", + "processing type=%d fd=%d remote=%s msg=\"%s\" uid=%lu gid=%lu", bi->bi_type, bi->bi_fd, rbuf, bi->bi_msg, (unsigned long)bi->bi_uid, (unsigned long)bi->bi_gid); @@ -204,12 +204,12 @@ process(bl_t bl) if (conf_find(bi->bi_fd, bi->bi_uid, &rss, &c) == NULL) { (*lfun)(LOG_DEBUG, "no rule matched"); - goto out; + return; } if (state_get(state, &c, &dbi) == -1) - goto out; + return; if (debug) { char b1[128], b2[128]; @@ -226,7 +226,7 @@ process(bl_t bl) * set the number of fails to be one less than the * configured limit. Fallthrough to the normal BL_ADD * processing, which will increment the failure count - * to the threshhold, and block the abusive address. + * to the threshold, and block the abusive address. */ if (c.c_nfail != -1) dbi.count = c.c_nfail - 1; @@ -269,8 +269,6 @@ process(bl_t bl) state_put(state, &c, &dbi); out: - close(bi->bi_fd); - if (debug) { char b1[128], b2[128]; (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d " @@ -565,7 +563,7 @@ main(int argc, char *argv[]) conf_parse(configfile); } ret = poll(pfd, (nfds_t)nfd, tout); - if (debug) + if (debug && ret != 0) (*lfun)(LOG_DEBUG, "received %d from poll()", ret); switch (ret) { case -1: