git: 48e64ca13d4f - main - MFV: Import blocklist 2025-04-28 (8aa81bf)
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 12 Oct 2025 17:18:38 UTC
The branch main has been updated by jlduran:
URL: https://cgit.FreeBSD.org/src/commit/?id=48e64ca13d4f36795ac718911b805e3e9a726f1b
commit 48e64ca13d4f36795ac718911b805e3e9a726f1b
Merge: 039eba16f969 70f30afd4e9a
Author: Jose Luis Duran <jlduran@FreeBSD.org>
AuthorDate: 2025-10-12 17:01:03 +0000
Commit: Jose Luis Duran <jlduran@FreeBSD.org>
CommitDate: 2025-10-12 17:01:03 +0000
MFV: Import blocklist 2025-04-28 (8aa81bf)
Merge commit '70f30afd4e9af5a51ee324d97e4d8c5f2124ec15'
Breaking changes:
- Upstream commit 24932b6 ("blocklistd: log the conf file line number
with bad protocol errors") breaks backward database compatibility.
An error will be displayed:
Key size mismatch 296 != 288
A new and compatible database, with the new name, will be created when the
service starts (committed separately).
- Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a
"one-count" failure") introduced BLOCKLIST_BAD_USER with a one-count
failure mechanism. BLOCKLIST_AUTH_FAIL was implemented with a
two-count failure mechanism. Since we utilize BLOCKLIST_AUTH_FAIL, the
number of failed attempts now doubles towards the maximum limit
(nfails). This commit will be reverted separately.
Changes:
https://github.com/zoulasc/blocklist/compare/7093cd9...8aa81bf
Approved by: emaste (mentor)
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D52869
contrib/blocklist/Makefile | 2 +-
contrib/blocklist/Makefile.inc | 7 +-
contrib/blocklist/README | 52 ++--
contrib/blocklist/TODO | 49 +++-
contrib/blocklist/bin/Makefile | 12 +-
.../bin/{blacklistctl.8 => blocklistctl.8} | 69 +++++-
.../bin/{blacklistctl.c => blocklistctl.c} | 9 +-
.../blocklist/bin/{blacklistd.8 => blocklistd.8} | 75 +++---
.../blocklist/bin/{blacklistd.c => blocklistd.c} | 48 ++--
.../bin/{blacklistd.conf.5 => blocklistd.conf.5} | 82 ++++---
contrib/blocklist/bin/conf.c | 200 ++++++++++++---
contrib/blocklist/bin/conf.h | 3 +-
contrib/blocklist/bin/internal.c | 8 +-
contrib/blocklist/bin/internal.h | 8 +-
contrib/blocklist/bin/run.c | 9 +-
contrib/blocklist/bin/run.h | 2 +-
contrib/blocklist/bin/state.c | 6 +-
contrib/blocklist/bin/state.h | 2 +-
contrib/blocklist/bin/support.c | 11 +-
contrib/blocklist/bin/support.h | 7 +-
contrib/blocklist/diff/ftpd.diff | 12 +-
contrib/blocklist/diff/named.diff | 12 +-
contrib/blocklist/diff/postfix.diff | 98 ++++++++
contrib/blocklist/diff/proftpd.diff | 20 +-
contrib/blocklist/diff/ssh.diff | 14 +-
contrib/blocklist/etc/Makefile | 10 +-
.../etc/{blacklistd.conf => blocklistd.conf} | 7 +-
contrib/blocklist/etc/ipf.conf | 45 ++++
contrib/blocklist/etc/npf.conf | 4 +-
contrib/blocklist/etc/rc.d/Makefile | 4 +-
.../blocklist/etc/rc.d/{blacklistd => blocklistd} | 20 +-
contrib/blocklist/include/Makefile | 4 +-
contrib/blocklist/include/bl.h | 11 +-
.../blocklist/include/{blacklist.h => blocklist.h} | 44 ++--
contrib/blocklist/lib/Makefile | 20 +-
contrib/blocklist/lib/bl.c | 112 +++++----
contrib/blocklist/lib/{blacklist.c => blocklist.c} | 49 ++--
.../lib/{libblacklist.3 => libblocklist.3} | 124 +++++-----
contrib/blocklist/lib/shlib_version | 2 +-
contrib/blocklist/libexec/Makefile | 4 +-
contrib/blocklist/libexec/blacklistd-helper | 134 ----------
contrib/blocklist/libexec/blocklistd-helper | 272 +++++++++++++++++++++
contrib/blocklist/port/Makefile.am | 42 ++--
contrib/blocklist/port/_strtoi.h | 2 +-
contrib/blocklist/port/configure.ac | 12 +-
contrib/blocklist/port/fgetln.c | 2 +-
contrib/blocklist/port/fparseln.c | 6 +-
contrib/blocklist/port/pidfile.c | 6 +-
contrib/blocklist/port/popenve.c | 6 +-
contrib/blocklist/port/port.h | 32 ++-
contrib/blocklist/port/sockaddr_snprintf.c | 6 +-
contrib/blocklist/port/strlcat.c | 7 +-
contrib/blocklist/port/strlcpy.c | 7 +-
contrib/blocklist/port/strtoi.c | 6 +-
contrib/blocklist/port/vsyslog_r.c | 13 +
contrib/blocklist/test/Makefile | 2 +-
contrib/blocklist/test/cltest.c | 6 +-
contrib/blocklist/test/srvtest.c | 42 +++-
58 files changed, 1293 insertions(+), 587 deletions(-)
diff --cc contrib/blocklist/Makefile
index da4411d0ca75,000000000000..899746d01431
mode 100644,000000..100644
--- a/contrib/blocklist/Makefile
+++ b/contrib/blocklist/Makefile
@@@ -1,5 -1,0 +1,5 @@@
- # $NetBSD: Makefile,v 1.2 2015/01/22 17:49:41 christos Exp $
++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:52 christos Exp $
+
+SUBDIR = lib .WAIT include bin etc libexec
+
+.include <bsd.subdir.mk>
diff --cc contrib/blocklist/bin/Makefile
index 280c72fd3af1,000000000000..1856e2524f3c
mode 100644,000000..100644
--- a/contrib/blocklist/bin/Makefile
+++ b/contrib/blocklist/bin/Makefile
@@@ -1,15 -1,0 +1,15 @@@
- # $NetBSD: Makefile,v 1.11 2015/01/27 19:40:36 christos Exp $
++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:52 christos Exp $
+
+BINDIR=/sbin
+
- PROGS=blacklistd blacklistctl
- MAN.blacklistd=blacklistd.8 blacklistd.conf.5
- MAN.blacklistctl=blacklistctl.8
- SRCS.blacklistd = blacklistd.c conf.c run.c state.c support.c internal.c
- SRCS.blacklistctl = blacklistctl.c conf.c state.c support.c internal.c
++PROGS=blocklistd blocklistctl
++MAN.blocklistd=blocklistd.8 blocklistd.conf.5
++MAN.blocklistctl=blocklistctl.8
++SRCS.blocklistd = blocklistd.c conf.c run.c state.c support.c internal.c
++SRCS.blocklistctl = blocklistctl.c conf.c state.c support.c internal.c
+DBG=-g
+
+LDADD+=-lutil
+DPADD+=${LIBUTIL}
+
+.include <bsd.prog.mk>
diff --cc contrib/blocklist/bin/blocklistd.8
index 82e1f15f61c9,38bf22175361..e0b9fb482cbd
--- a/contrib/blocklist/bin/blocklistd.8
+++ b/contrib/blocklist/bin/blocklistd.8
@@@ -152,8 -165,8 +165,8 @@@ The following options are available
.It Fl C Ar controlprog
Use
.Ar controlprog
- to communicate with the packet filter, usually
- .Pa /usr/libexec/blacklistd-helper .
+ to communicate with the packet filter, instead of the default, which is
-.Pa /libexec/blocklistd-helper .
++.Pa /usr/libexec/blocklistd-helper .
The following arguments are passed to the control program:
.Bl -tag -width protocol
.It action
@@@ -256,20 -273,20 +273,22 @@@ This signal tell
to decrease the internal debugging level by 1.
.El
.Sh FILES
- .Bl -tag -width /usr/libexec/blacklistd-helper -compact
- .It Pa /usr/libexec/blacklistd-helper
-.Bl -tag -width /libexec/blocklistd-helper -compact
-.It Pa /libexec/blocklistd-helper
++.Bl -tag -width /usr/libexec/blocklistd-helper -compact
++.It Pa /usr/libexec/blocklistd-helper
Shell script invoked to interface with the packet filter.
- .It Pa /etc/blacklistd.conf
+ .It Pa /etc/blocklistd.conf
Configuration file.
- .It Pa /var/db/blacklistd.db
+ .It Pa /var/db/blocklistd.db
Database of current connection entries.
- .It Pa /var/run/blacklistd.sock
+ .It Pa /var/run/blocklistd.sock
Socket to receive connection notifications.
.El
.Sh SEE ALSO
- .Xr blacklistd.conf 5 ,
- .Xr blacklistctl 8 ,
+ .Xr blocklistd.conf 5 ,
+ .Xr blocklistctl 8 ,
-.Xr npfctl 8 ,
++.Xr ipf 8 ,
++.Xr ipfw 8 ,
+.Xr pfctl 8 ,
.Xr syslogd 8
.Sh HISTORY
.Nm
diff --cc contrib/blocklist/bin/internal.h
index 5a40e49fbbd5,b88e1330221a..553320e7afd5
--- a/contrib/blocklist/bin/internal.h
+++ b/contrib/blocklist/bin/internal.h
@@@ -32,13 -32,13 +32,13 @@@
#define _INTERNAL_H
#ifndef _PATH_BLCONF
- #define _PATH_BLCONF "/etc/blacklistd.conf"
+ #define _PATH_BLCONF "/etc/blocklistd.conf"
#endif
#ifndef _PATH_BLCONTROL
- #define _PATH_BLCONTROL "/libexec/blacklistd-helper"
-#define _PATH_BLCONTROL "/libexec/blocklistd-helper"
++#define _PATH_BLCONTROL "/usr/libexec/blocklistd-helper"
#endif
#ifndef _PATH_BLSTATE
- #define _PATH_BLSTATE "/var/db/blacklistd.db"
+ #define _PATH_BLSTATE "/var/db/blocklistd.db"
#endif
extern struct confset rconf, lconf;
diff --cc contrib/blocklist/diff/postfix.diff
index 000000000000,6f14389515cf..6f14389515cf
mode 000000,100644..100644
--- a/contrib/blocklist/diff/postfix.diff
+++ b/contrib/blocklist/diff/postfix.diff
diff --cc contrib/blocklist/etc/Makefile
index 669528ddca89,000000000000..f4f2dc79f857
mode 100644,000000..100644
--- a/contrib/blocklist/etc/Makefile
+++ b/contrib/blocklist/etc/Makefile
@@@ -1,10 -1,0 +1,10 @@@
- # $NetBSD: Makefile,v 1.3 2015/01/26 00:18:40 christos Exp $
++# $NetBSD: Makefile,v 1.2 2025/02/05 20:24:26 christos Exp $
+
- SUBDIR=rc.d
++SUBDIR= rc.d
+
- FILESDIR= /usr/share/examples/blacklist
- FILESMODE= 644
- FILES= blacklistd.conf npf.conf
++FILESDIR= /usr/share/examples/blocklist
++FILESMODE= 644
++FILES= blocklistd.conf ipf.conf npf.conf
+
+.include <bsd.files.mk>
+.include <bsd.subdir.mk>
diff --cc contrib/blocklist/etc/ipf.conf
index 000000000000,f6bec74238d6..f6bec74238d6
mode 000000,100644..100644
--- a/contrib/blocklist/etc/ipf.conf
+++ b/contrib/blocklist/etc/ipf.conf
diff --cc contrib/blocklist/include/Makefile
index 6854907be25e,000000000000..b7ce1eca278c
mode 100644,000000..100644
--- a/contrib/blocklist/include/Makefile
+++ b/contrib/blocklist/include/Makefile
@@@ -1,10 -1,0 +1,10 @@@
- # $NetBSD: Makefile,v 1.1 2015/01/21 16:16:00 christos Exp $
++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $
+
+# Doing a make includes builds /usr/include
+
+NOOBJ= # defined
+
- INCS= blacklist.h
++INCS= blocklist.h
+INCSDIR= /usr/include
+
+.include <bsd.prog.mk>
diff --cc contrib/blocklist/lib/Makefile
index 4f1ab7717a99,000000000000..147f311c4782
mode 100644,000000..100644
--- a/contrib/blocklist/lib/Makefile
+++ b/contrib/blocklist/lib/Makefile
@@@ -1,19 -1,0 +1,19 @@@
- # $NetBSD: Makefile,v 1.7 2019/03/08 20:40:05 christos Exp $
++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $
+
+.include <bsd.own.mk>
+
+USE_SHLIBDIR= yes
+
+CPPFLAGS+=-D_REENTRANT
+#LIBDPLIBS+=pthread ${NETBSDSRCDIR}/lib/libpthread
- LIB=blacklist
- SRCS=bl.c blacklist.c
- MAN=libblacklist.3
- MLINKS+=libblacklist.3 blacklist_open.3
- MLINKS+=libblacklist.3 blacklist_close.3
- MLINKS+=libblacklist.3 blacklist.3
- MLINKS+=libblacklist.3 blacklist_r.3
- MLINKS+=libblacklist.3 blacklist_sa.3
- MLINKS+=libblacklist.3 blacklist_sa_r.3
++LIB=blocklist
++SRCS=bl.c blocklist.c
++MAN=libblocklist.3
++MLINKS+=libblocklist.3 blocklist_open.3
++MLINKS+=libblocklist.3 blocklist_close.3
++MLINKS+=libblocklist.3 blocklist.3
++MLINKS+=libblocklist.3 blocklist_r.3
++MLINKS+=libblocklist.3 blocklist_sa.3
++MLINKS+=libblocklist.3 blocklist_sa_r.3
+
+.include <bsd.lib.mk>
diff --cc contrib/blocklist/libexec/Makefile
index 6537080bf465,000000000000..619d962c23b2
mode 100644,000000..100644
--- a/contrib/blocklist/libexec/Makefile
+++ b/contrib/blocklist/libexec/Makefile
@@@ -1,6 -1,0 +1,6 @@@
- # $NetBSD: Makefile,v 1.1 2015/01/22 17:49:41 christos Exp $
++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $
+
- SCRIPTS= blacklistd-helper
++SCRIPTS= blocklistd-helper
+SCRIPTSDIR= /libexec
+
+.include <bsd.prog.mk>
diff --cc contrib/blocklist/libexec/blocklistd-helper
index 000000000000,f27cde4ed4ea..f27cde4ed4ea
mode 000000,100755..100755
--- a/contrib/blocklist/libexec/blocklistd-helper
+++ b/contrib/blocklist/libexec/blocklistd-helper
diff --cc contrib/blocklist/port/vsyslog_r.c
index 000000000000,848f31b04453..848f31b04453
mode 000000,100644..100644
--- a/contrib/blocklist/port/vsyslog_r.c
+++ b/contrib/blocklist/port/vsyslog_r.c