From nobody Mon Oct 13 00:30:04 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clJCJ4pTWz6BVy7; Mon, 13 Oct 2025 00:30:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clJCJ49XCz48tT; Mon, 13 Oct 2025 00:30:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315404; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sLf3lkTgoS14cJzT2JY786Mmp7+R+gnx6cKmV7p6g1s=; b=MOa47Aixx45VcvVYJfF+MRvfPDor+o3SVX0Tg42u0c/ooxghWJ6QDD2bXvtC9j1WVXI8ye W4v7yqgtVaV2BVuC+vSTJsozks7630bzSU7MgAPqxUaSeIgjEX4zmsDgs2GA0SFMMpF5Gi 45UoDhuty77YSpmnHttveeYF7N9Q+fs2vo+HFpDFZ5Vswy1nxt7HP+96T7oKYFTNqrbZVd U0AQw687juUjhGBK7MB+fW62oved3ekZHngQ+1tSF/R1vGfhiMN2FvK1M3APQoi+TCd3u9 9JjNWfQPe6k2CMfRGps/dhJtnRkIAOyiEO5prCTMniGTJWaW20i287dxPjUWlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315404; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sLf3lkTgoS14cJzT2JY786Mmp7+R+gnx6cKmV7p6g1s=; b=rwNZQCiuTRvnZJCV9Hb7zPIyJ5MI4VDBDHQ7mosIEScvBZ3Gk0AwhqhN9iE7gQEzh/qPZ/ 66tM8C5JuFrB70KTjLM55C7IhrgZoGU/M6tghNFrbyNoD2g/YFklz5ndtppszW3L/HDwlT lZvU4VD1ABr7cgR2uBBrZIXqnC5pGm0UTPEXbsHY6Avrl8DjCl7Wd3bJFn7pEXR1vIhP6u sWv2leth3PeCgYEZHTTyywAQF3buU3ztDmuNGYXEi0e6SqYL98xxyxWR6XJX1UScg7HiwH aRhhzIumIRJ+GiGa/PrQWZCX3WNz7sSlBhqWEwdoQ4eEtYqG/rRjbZHH6UyP2Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760315404; a=rsa-sha256; cv=none; b=q1F0qmMUByn/1AdopB1O10OaHapUl9sxZFp2LcIq+K1lcjXzGN5UCtxx3XDQsVo78NZ3nv FXv2KDr9TD6J4n4c6hkE5sNp+bIDrVKaOY8bKLxfphl6MwpCsOAH3Aa52K8n29t7/gg4H1 gM202e+yLGY9RBYgh9TzauoleIJ9op+KZyp3nSM4u++i8HNmUsTMoFxeb1T8X9ERcHJ8Am Sn3iERXpWK/Yn/5reAhBRM2fkv/+a1gNZYia5RWF/ywgVEdzuU6jlMawaCo3Hp/2bcQesK RqKcgByQnNifTeX5d97oAO5WCADPVhGzNT8erLicyc5oLcCwWfPBnQaSXTAw7A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clJCJ3Ykyzk74; Mon, 13 Oct 2025 00:30:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D0U4Ww042364; Mon, 13 Oct 2025 00:30:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D0U4Wt042359; Mon, 13 Oct 2025 00:30:04 GMT (envelope-from git) Date: Mon, 13 Oct 2025 00:30:04 GMT Message-Id: <202510130030.59D0U4Wt042359@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: f0f57fde342d - stable/14 - kern_exit.c: do not leak reaper bitmap busy bits List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: f0f57fde342d79aec17ef56406aa08bb1eaa1f79 Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=f0f57fde342d79aec17ef56406aa08bb1eaa1f79 commit f0f57fde342d79aec17ef56406aa08bb1eaa1f79 Author: Konstantin Belousov AuthorDate: 2025-10-01 03:17:31 +0000 Commit: Konstantin Belousov CommitDate: 2025-10-13 00:23:42 +0000 kern_exit.c: do not leak reaper bitmap busy bits PR: 289917 (cherry picked from commit f19ef352ec63f9fcc10076a263b8ce402ba31379) --- sys/kern/kern_exit.c | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c index 0c3070f2e360..6f772b488b79 100644 --- a/sys/kern/kern_exit.c +++ b/sys/kern/kern_exit.c @@ -129,6 +129,27 @@ proc_realparent(struct proc *child) return (parent); } +static void +reaper_clear(struct proc *p, struct proc *rp) +{ + struct proc *p1; + bool clear; + + sx_assert(&proctree_lock, SX_XLOCKED); + LIST_REMOVE(p, p_reapsibling); + if (p->p_reapsubtree == 1) + return; + clear = true; + LIST_FOREACH(p1, &rp->p_reaplist, p_reapsibling) { + if (p1->p_reapsubtree == p->p_reapsubtree) { + clear = false; + break; + } + } + if (clear) + proc_id_clear(PROC_ID_REAP, p->p_reapsubtree); +} + void reaper_abandon_children(struct proc *p, bool exiting) { @@ -140,7 +161,7 @@ reaper_abandon_children(struct proc *p, bool exiting) return; p1 = p->p_reaper; LIST_FOREACH_SAFE(p2, &p->p_reaplist, p_reapsibling, ptmp) { - LIST_REMOVE(p2, p_reapsibling); + reaper_clear(p2, p); p2->p_reaper = p1; p2->p_reapsubtree = p->p_reapsubtree; LIST_INSERT_HEAD(&p1->p_reaplist, p2, p_reapsibling); @@ -154,27 +175,6 @@ reaper_abandon_children(struct proc *p, bool exiting) p->p_treeflag &= ~P_TREE_REAPER; } -static void -reaper_clear(struct proc *p) -{ - struct proc *p1; - bool clear; - - sx_assert(&proctree_lock, SX_LOCKED); - LIST_REMOVE(p, p_reapsibling); - if (p->p_reapsubtree == 1) - return; - clear = true; - LIST_FOREACH(p1, &p->p_reaper->p_reaplist, p_reapsibling) { - if (p1->p_reapsubtree == p->p_reapsubtree) { - clear = false; - break; - } - } - if (clear) - proc_id_clear(PROC_ID_REAP, p->p_reapsubtree); -} - void proc_clear_orphan(struct proc *p) { @@ -974,7 +974,7 @@ proc_reap(struct thread *td, struct proc *p, int *status, int options) sx_xunlock(PIDHASHLOCK(p->p_pid)); LIST_REMOVE(p, p_sibling); reaper_abandon_children(p, true); - reaper_clear(p); + reaper_clear(p, p->p_reaper); PROC_LOCK(p); proc_clear_orphan(p); PROC_UNLOCK(p); From nobody Mon Oct 13 00:30:05 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clJCK5DLGz6BWrY; Mon, 13 Oct 2025 00:30:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clJCK4Cjbz48rc; Mon, 13 Oct 2025 00:30:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315405; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=olbNBnJ+MKvQmoIasWinNn8zv7USh67F9Kcm4LqgvAA=; b=E86xcWS6vmrfwP54E4aKQzjEP0WWps46iC2u9p10cFOU4qjFZ3p9zxUBcbrV5KCtoPbbrW zwgHe/USk4NjJX+jPW0eCr/d6qJZKkUi4P4gJrx+Qq/eujPO10jt9gxU28Ss1vq3W6LEO2 tfXrsvgJJrC3L4+h5s4G+OGfb9MXR2qq7xv8HlzNA2ls+MjiSLoQILltpW3czfBDQVge68 Pu73KBvIVXYP4BYghvVud9tU670cImMM1015o0tQL/WeeajAcgwYlg962LtR7agZDYls9f YH4ZXHF1EBZVYjqiXc1ypo+8YW/n1KjtdnvKa+LlPdOYOYhizyVLiembGoqgHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315405; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=olbNBnJ+MKvQmoIasWinNn8zv7USh67F9Kcm4LqgvAA=; b=eHO+0pqmQjJ9v2VfeZFuvN9vq1oj61oLZfFgdUExa2+Epq8wRAHERFW/O3V83utFUkK5AD B99Eb8EJR+6xs8f5y3V9Egsd6OrWJp5NWIvRG5mBgGg96fyRXjmxnpStab5ZDa2AIdMFPl kV/5pUZBRMLhPumy68DGYlJfUpXuO+IE+FKZKMbAsLgPT5WgR1q6aHJeZt6Z2hqvbspAfL STNoOiCw8B2cU6/zDEGeyFzchiyVarS4J1GBz9QOgPCfteTeaJY6HH5a3POF0o031WtMml eYHRVBP4V7wJzF94MgvahcEkn/ErW+JEAsAScmY9LdJsEu06wFWHRDObH2paXw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760315405; a=rsa-sha256; cv=none; b=Hb7dE8Kq6AFA/Ae9+hTayhFK+fWsnPbHp1SsTIK1Sh5CFAa9F3q98CQhXCOn1RqqLAkdwF ul3YJq02ntijMrBbsGV9VhUw8R7LV96ADzhEGm4gzGgTU+gRXxtreiaSx8n30i61eqFe7D ZJXm0QF+Kju8vlZUb4Q207b+oNLgySsrvHQMM0enQv1wOxQvNr2wuKsm7ozONy6Zr8jubI lVYYfSW37eVMpmaj7+VSEDAqM5WI2qvn9xIiAFpRCLk9v4/zYLWE25VxV9M8YVj081QD3E P0mRHjDWiJkX2vDXoUa31sz0JQc8pi6j11ESBoU298aw1VRehP2w/sreiOwyTQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clJCK3knZzkFH; Mon, 13 Oct 2025 00:30:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D0U5nK042627; Mon, 13 Oct 2025 00:30:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D0U5cg042622; Mon, 13 Oct 2025 00:30:05 GMT (envelope-from git) Date: Mon, 13 Oct 2025 00:30:05 GMT Message-Id: <202510130030.59D0U5cg042622@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 3bd1780213bf - stable/14 - kern: replace several EBADF with EINVAL List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 3bd1780213bf53f6229ea2f00b1b975b18652836 Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=3bd1780213bf53f6229ea2f00b1b975b18652836 commit 3bd1780213bf53f6229ea2f00b1b975b18652836 Author: Konstantin Belousov AuthorDate: 2025-09-07 10:59:45 +0000 Commit: Konstantin Belousov CommitDate: 2025-10-13 00:23:43 +0000 kern: replace several EBADF with EINVAL (cherry picked from commit fd9e09cb2ab07993e8dc783c802f273329e70bb8) --- sys/kern/kern_event.c | 2 +- sys/kern/sys_procdesc.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c index 50d04e1fe253..d1145c37e128 100644 --- a/sys/kern/kern_event.c +++ b/sys/kern/kern_event.c @@ -1771,7 +1771,7 @@ kqueue_acquire(struct file *fp, struct kqueue **kqp) kq = fp->f_data; if (fp->f_type != DTYPE_KQUEUE || kq == NULL) - return (EBADF); + return (EINVAL); *kqp = kq; KQ_LOCK(kq); if ((kq->kq_state & KQ_CLOSING) == KQ_CLOSING) { diff --git a/sys/kern/sys_procdesc.c b/sys/kern/sys_procdesc.c index 3221885c9277..ef8c397a05b6 100644 --- a/sys/kern/sys_procdesc.c +++ b/sys/kern/sys_procdesc.c @@ -132,7 +132,7 @@ procdesc_find(struct thread *td, int fd, const cap_rights_t *rightsp, if (error) return (error); if (fp->f_type != DTYPE_PROCDESC) { - error = EBADF; + error = EINVAL; goto out; } pd = fp->f_data; @@ -178,7 +178,7 @@ kern_pdgetpid(struct thread *td, int fd, const cap_rights_t *rightsp, if (error) return (error); if (fp->f_type != DTYPE_PROCDESC) { - error = EBADF; + error = EINVAL; goto out; } *pidp = procdesc_pid(fp); From nobody Mon Oct 13 00:30:06 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clJCL6FJqz6BWts; Mon, 13 Oct 2025 00:30:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clJCL4pvtz48yX; Mon, 13 Oct 2025 00:30:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315406; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Nn1YvCykMmoq8BcrdjKJQoEamO/DfgaBj8xq8+CBN6M=; b=WSUZyufEY+Qqjofi+StNlKOs26+QEwImooIn8j9lWXy3xX7kqPpa3m+MbR0neaqj4gyQc6 jqJsWW38nn4z3+9bY3/2QA7OQ9DGvOs+8uFZY87Cm4JAN/kAfq1mF+OZ5UdA0bke97omT/ ppbqT8gNOVervY8q3MktNIFMs7AZ2S46UesbXo94dSHGlo49tPNFwq5UrAqjmThC+mUBTJ wArlRhuIZiX1wT2Y6ZAq91TMTCYbaAidR2njtZNqTfMEPhr4fz/2EZ3K4YbuZANqZpnh8G QYku/BODi02H9hHUCgH8Ud4MYATw4YHIIVGEcNjxw3Q1XZZw5BV+nZ9xjXGQlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315406; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Nn1YvCykMmoq8BcrdjKJQoEamO/DfgaBj8xq8+CBN6M=; b=J9Vaii/W2yt94YyqOguCbJV6Ns+AWqkE3MWq+w6sUY7uxUohNoiiicx6u3g6PHQc2oaYAn lbcxBVN4lTmMNfczo5n+PXai3zAIvKemQWcIPRVWTQdsxcchcwZp27BgFCIbqe1VQm2RX6 wpYmUDFDvAhBjQvKdJzjE0Ebcov+e5JGVScXR4hx29SH4Cc9Fm/iiTGmInclP3fNiRN4OF UjsOPYyvtdWokpXpOs86TKPfVig0OurnSLhbK/aKILLQdEFIBjp6tf1nVdaGCAxTzhK9m4 OJU/q4Laaykg7i6QSXZzIB1zfqIlKO+pjYabn4/TuHfKM1If5b61unz3QGv7Vw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760315406; a=rsa-sha256; cv=none; b=h3aNIi1TJ0qePuSKSLwTY8b0PFaQ+JBetV03+jcyWqUF9d3ZqPDGLDYuBY4WdjRLvjvRbF OLEMmKB3LW6bxB4g2naa7Vjn4AP0JEHHX6E07jiy3GRkcsBW6ZiZMdmvPrLp2v00S6C1TL 2d4/G2iEL+IhMj2cj3r6obkLXeqUDVuFJ6aqPHLF2Ky67McaFRG52fja/BqRz9eDy+cuKh ApqQWqsrnrFTPNrpgwhi36vt1hz/P0QQh6pBeMKJQN6lAZhdoIxm5khLBHAuOyJ2M9/DeP xtEqNUIAJWNQYPq+2i4nWUgMkzLrSwVFZOXdTNkWR9elofKKgzk3lury7yHzjQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clJCL4DdNzkNs; Mon, 13 Oct 2025 00:30:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D0U6MN042890; Mon, 13 Oct 2025 00:30:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D0U6Ud042885; Mon, 13 Oct 2025 00:30:06 GMT (envelope-from git) Date: Mon, 13 Oct 2025 00:30:06 GMT Message-Id: <202510130030.59D0U6Ud042885@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 84b512720455 - stable/14 - pdgetpid(2): switch back returning EBADF for non-procdesc fd List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 84b51272045564ef63787423105334176aa6014e Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=84b51272045564ef63787423105334176aa6014e commit 84b51272045564ef63787423105334176aa6014e Author: Konstantin Belousov AuthorDate: 2025-09-13 19:23:27 +0000 Commit: Konstantin Belousov CommitDate: 2025-10-13 00:23:43 +0000 pdgetpid(2): switch back returning EBADF for non-procdesc fd (cherry picked from commit a85525a5c8b28f1516d49e5d6ae5842873c24643) --- sys/kern/sys_procdesc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/sys_procdesc.c b/sys/kern/sys_procdesc.c index ef8c397a05b6..b2b638b6f99f 100644 --- a/sys/kern/sys_procdesc.c +++ b/sys/kern/sys_procdesc.c @@ -178,7 +178,7 @@ kern_pdgetpid(struct thread *td, int fd, const cap_rights_t *rightsp, if (error) return (error); if (fp->f_type != DTYPE_PROCDESC) { - error = EINVAL; + error = EBADF; goto out; } *pidp = procdesc_pid(fp); From nobody Mon Oct 13 00:30:07 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clJCN3J4Fz6BWcf; Mon, 13 Oct 2025 00:30:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clJCM5gGZz48lY; Mon, 13 Oct 2025 00:30:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315407; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WqPF7DTi6KePXw8c9tu2gkIrdnIk26REXkvdfuNks+k=; b=ggYZBnxvaRJ0n5nc9XGgwhnbxF5tG2/IZk0B0dR02nvqp2z0nf0u9eoZEsqurkXx7rTNZd zXUKAJEMyfP//v3icAO01goRx+ichsSzykklfpZsLTNTXM3vhR1BjFIqD8q0qsD5jg/sU1 D9KVmzYNQ5hpYXmrB2gS+P6diFq3Y68NPwKIdMMoEGqRWw8VMOlYEK8GwMYaSXE0sPx3KP 96Xc1VZm0b/fnHIqhn6YE5u+Q4CWgIs9sm+lg5s1dxY5zkV6KodxnEfLYXhMc+EkwyjnPz SLQy916NR+A7hgPI+4awK9bIjBT9bfmDgQ+QjPbDHuUhUYxGz9bMennRb2goqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315407; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WqPF7DTi6KePXw8c9tu2gkIrdnIk26REXkvdfuNks+k=; b=pu+XJF/77NNgnu/Pl18GNX7jQsk7hVoEUM/zVyuL9J3t7a3WH8rjTUOHEz6Shv1hpUoV1N obzvuOh4C7e+vZCQwCbPDk30uPJqFCQSDSzrP3rsE6tZWQJAnjjZh/YbBsSAqHRs44fSSa LkmQ7mV1gkZp60aH9DYQxEa8RKQzhYKucAm39EN272Jzt7GvtWl18YSb6hHyGkfScRA3xm thkdPZZ5oLWBxLke17IbHbhTvs7mUkNq+vAYu3D1ExM/KRCHMS2HWpCoEEoIuuHw4kVJ40 pKLnx3AJ5u4P8isaNJ1580J89DTCLL/zu15q50gZM4BpXDZPJAxpA64sbmaWgg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760315407; a=rsa-sha256; cv=none; b=QRId4w3WsFLYQk2tkShADp/3zI+zSmlW/PmVO2iDgsBKsBkniPwAgk+HeWnq+QNLKjLbvy TYxOQuwSCIq/jZPKyYh/e/2BodN0zosNSz1frjGtf2hBKyS+hU89MF2bJXj4MxhdcKSl1W vWp28QlvDEAsroYf3T0LJjBXQZQ6FRWa7pSGnF7Lo6FOVGc3ABUgvzJJasBXuzXczUh0ZO ScPRC2Dm7PYIYl1pvJApRVc3we4mOvXZf8ck9SAggITgHHNlRApeOSjoPUk+HlkDb2Mvj8 jgPh7K+RhT0bruZHVbybP8adZAg9kF+Sjn7zKPff8GFtycElS4UNR3XQnKormQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clJCM5Fqfzk9S; Mon, 13 Oct 2025 00:30:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D0U7rE043151; Mon, 13 Oct 2025 00:30:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D0U7Ow043146; Mon, 13 Oct 2025 00:30:07 GMT (envelope-from git) Date: Mon, 13 Oct 2025 00:30:07 GMT Message-Id: <202510130030.59D0U7Ow043146@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 5f4168fa9f29 - stable/14 - vm/vm_fault.c: cleanup includes List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 5f4168fa9f29a2985a16c34a5571c20c6775f622 Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=5f4168fa9f29a2985a16c34a5571c20c6775f622 commit 5f4168fa9f29a2985a16c34a5571c20c6775f622 Author: Konstantin Belousov AuthorDate: 2025-08-06 21:53:23 +0000 Commit: Konstantin Belousov CommitDate: 2025-10-13 00:23:43 +0000 vm/vm_fault.c: cleanup includes (cherry picked from commit 0854b4f569e1e68032e431b1efb45b9fd9849194) --- sys/vm/vm_fault.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 3e4fe7bdae36..5eb19d4e287b 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -73,11 +73,9 @@ * Page fault handling module. */ -#include #include "opt_ktrace.h" #include "opt_vm.h" -#include #include #include #include From nobody Mon Oct 13 00:30:08 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clJCP1JSpz6BX1G; Mon, 13 Oct 2025 00:30:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clJCN6PzNz48lN; Mon, 13 Oct 2025 00:30:08 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315408; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WAFa/SYI8PzP7GHqvuITgTmG4+Oh5j4jnTnprK1gKtk=; b=vZ5SHKOeKc/dGDAF5W+RHtFk0lNkjWl7lSeLFlSrR/frXgcooXn2GjeDIRr2nlrBgxZb5E WJiObG9J7RXZZQNXY+5F9LWVDMO0yqPHjIwYcC9vE506nG3b4QKouiNcmIOG7wQAOdnWl+ fa7vPjEPQaZkJJY5hLh1O9uRHTfscaUeJy8wvDmUbnzTvLG3Zn7noIdLzoABiTvl5jx0QT 84O5CoOtYZ3qEB/R17fpgeG1SjuveGqKf3NFaoYvqJa3y8Sr/GAwFUdOqv/EKAgki04/oW XMMXAfpUZivRlPgiaL/EVKob+v0xpPKmZ1EEyyWom/8DDLEeQf7SoKZsNqpNUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315408; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WAFa/SYI8PzP7GHqvuITgTmG4+Oh5j4jnTnprK1gKtk=; b=ql9AUT+vgvGNEObTDdV4Mt+wmvGNVzXQHUi8YN/1W0Cc2hmmPqZKLZv0AJ5oJXOezdXdvH NeJcL//LJSuHLyjlqjAmbdd+KN3BG3mg2L9zkGL2dTmZa+pkLpWXAB0g1C9ACF8v9ginbl 4u5QX95LkaUVekE7KZZzopki4MEHZEeiUY1d0S5OlHUqL/1VrpadC7RVRzwxCGmTjzFwxI tktsOzMq4uhexT4qV6PXU+BLUjPw1iLJ7MPIxzR6z6iGDYzUV0LV54lCMyKo/WfQZ4N4fA jvE8nbDmfbfSOQLSjfQl8pnpFfjZVWFdH9VNfPZQIUJ4Zp5qM/QvUdadUWcz9w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760315408; a=rsa-sha256; cv=none; b=DyKHpFR81PXygyHqaRLm1zrwM1nnj90CvUKO3JTPGQYPP+yVS1mnT7G3VvrqLh+bQ39sVl nHS8yu45Dy8BftVuAqgoN0YHueS8//fmBcPWrP4dJn7H7vZcGOI/4LfFfZUr0MbvaMReL4 QSxqJq+6jSpAyyqT1+GrAubkLog7Z9cCBfcvGx976OGAIBwwtjHYs/qNJZbp5JVbZsZFaJ Ux6ADbrTNv5iL1j4WDy8bVZTtMB+i8oCyK2p8QoUfOX31JQuPI4e1/atmDFeP7kABlh6Hs IBdfmcwf4X7SV0P2rcfhOj/WjCRrRVtaTVQWPtkLr51iWvyncJFyVewBEr6zyA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clJCN5Z1qzkFJ; Mon, 13 Oct 2025 00:30:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D0U8Rt043414; Mon, 13 Oct 2025 00:30:08 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D0U8Dj043409; Mon, 13 Oct 2025 00:30:08 GMT (envelope-from git) Date: Mon, 13 Oct 2025 00:30:08 GMT Message-Id: <202510130030.59D0U8Dj043409@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 3126c57163fb - stable/14 - vm_fault: drop never-true busy_sleep test List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 3126c57163fbbeb0d013d9c04d87a44a458b3f07 Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=3126c57163fbbeb0d013d9c04d87a44a458b3f07 commit 3126c57163fbbeb0d013d9c04d87a44a458b3f07 Author: Doug Moore AuthorDate: 2025-07-06 20:46:00 +0000 Commit: Konstantin Belousov CommitDate: 2025-10-13 00:23:44 +0000 vm_fault: drop never-true busy_sleep test (cherry picked from commit 2d6185cf87e815d4951a9ddcf5c535ebd07a8815) --- sys/vm/vm_fault.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 5eb19d4e287b..32c3d698b085 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -1423,8 +1423,7 @@ vm_fault_busy_sleep(struct faultstate *fs) } vm_object_pip_wakeup(fs->object); vm_fault_unlock_map(fs); - if (fs->m != vm_page_lookup(fs->object, fs->pindex) || - !vm_page_busy_sleep(fs->m, "vmpfw", 0)) + if (!vm_page_busy_sleep(fs->m, "vmpfw", 0)) VM_OBJECT_UNLOCK(fs->object); VM_CNT_INC(v_intrans); vm_object_deallocate(fs->first_object); From nobody Mon Oct 13 00:30:10 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clJCR3xRFz6BWrp; Mon, 13 Oct 2025 00:30:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clJCR0bq0z495J; Mon, 13 Oct 2025 00:30:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315411; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XCRiAn9nabcD0dJPTWBquWgH96qiKnce6lmJ9JWBGl4=; b=hm8hd+oZAAX4zfZayMz4tk7IIAskf8b+1HsnAYUu3Z1vdFhAtSr/rx41gdIDaRKVFg8ueJ PY4J1beaD5RBNZ1KxlAMdmmc1kUryPl9wAMhkwn4VPRU6TO5OWtoaiX5r2VcZHxbVPiOfZ C1rJGetEGEZTQ/L/WIJnf1os1CDtqBg3Snd3sRqwR8WHGj+kOYKIE/dF1w8XdQyKlX5uWF yPi2SpYvR9/pkDLf9R6yiFeUv1KhBz+/EdTW8hmyTMaZk6hYSyzbEy9IgzH18dg2OSD4Kg jIcWdSZZsxJ28Nou2ZRxurDa5OlzB6DVlOwz7MOxugttYaMwE4l4qffpRVoaFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315411; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XCRiAn9nabcD0dJPTWBquWgH96qiKnce6lmJ9JWBGl4=; b=cDq5ASrgtOOM7+akyuxBsNiGHo4q8lJW32IP63oT2o3DOLLElRs6Sv/zyDpk0s2asdsnWD pw7dy+FG4Kzc/3qml+DM9QJY/lYa70hTvSHJI4ILxTvn8Cb7GR6AFoXSP5lhun/f2DmK77 6T7vygZeHNVZoAFAoJbKobN9HcC5m2sid/UhaM8gBfjaYRFVV5G9b0QaNJw1C6kx3rUZev vGC7p9BQztBnT3xAvnh1I2yW2O8QSH8vosrTwffuTOFxcPR09IgOerDS+9ebmlpNdvwpyE Fh4hRQCXJ6tidbKTXdi4CMmlTbAdjuzHDPdPa5qBQtGBKZUK61wKDRrsdBNZew== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760315411; a=rsa-sha256; cv=none; b=bzN8WqdF31uQ8EMHD7W8q2k6slyokSVd8j0AZxiEphbrDLTNPlgBCUt5nC5C3zFqUi3SDW pHnP3A/WdsXngOW44aHmRCGNWIEiXU1SbmHMPwMC8BeFFfVx9FeMIX3GGugPIvnPtnTD74 f0ZTyjNyuWK2Py2IdnGHrbfci/Dv1Y8DzVReScKKV9DtqdY7QST93/O0rGwKG8JrXG1PSy Z+q72dyNjH48xQW2EJkjyMNgdZlnsUaQ/bnjJvmjqMp/xsyX9zeVFH4YyqniRJ6UN+VNUe OwTdRC5A//XZIRTm5bvwBKpMWZdon4KgyO0jOpNOrCJnh+K6z6/hKuRi82L7gg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clJCQ72kBzkFK; Mon, 13 Oct 2025 00:30:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D0UAm2044612; Mon, 13 Oct 2025 00:30:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D0UA48044606; Mon, 13 Oct 2025 00:30:10 GMT (envelope-from git) Date: Mon, 13 Oct 2025 00:30:10 GMT Message-Id: <202510130030.59D0UA48044606@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: e7422f7dfd0e - stable/14 - vm_fault: add vm_fault_might_be_cow() helper List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: e7422f7dfd0e4c1f0db5560f171260d78bad9383 Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=e7422f7dfd0e4c1f0db5560f171260d78bad9383 commit e7422f7dfd0e4c1f0db5560f171260d78bad9383 Author: Konstantin Belousov AuthorDate: 2025-08-14 03:39:05 +0000 Commit: Konstantin Belousov CommitDate: 2025-10-13 00:23:45 +0000 vm_fault: add vm_fault_might_be_cow() helper (cherry picked from commit 5bd4c04a4e7f7bda657e6027e64675d0caf50715) --- sys/vm/vm_fault.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 89acbb0095e9..796b4c44b3f9 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -259,6 +259,12 @@ vm_fault_unlock_vp(struct faultstate *fs) } } +static bool +vm_fault_might_be_cow(struct faultstate *fs) +{ + return (fs->object != fs->first_object); +} + static void vm_fault_deallocate(struct faultstate *fs) { @@ -266,7 +272,7 @@ vm_fault_deallocate(struct faultstate *fs) vm_fault_page_release(&fs->m_cow); vm_fault_page_release(&fs->m); vm_object_pip_wakeup(fs->object); - if (fs->object != fs->first_object) { + if (vm_fault_might_be_cow(fs)) { VM_OBJECT_WLOCK(fs->first_object); vm_fault_page_free(&fs->first_m); VM_OBJECT_WUNLOCK(fs->first_object); @@ -990,7 +996,7 @@ vm_fault_cow(struct faultstate *fs) { bool is_first_object_locked; - KASSERT(fs->object != fs->first_object, + KASSERT(vm_fault_might_be_cow(fs), ("source and target COW objects are identical")); /* @@ -1154,7 +1160,7 @@ vm_fault_zerofill(struct faultstate *fs) * If there's no object left, fill the page in the top * object with zeros. */ - if (fs->object != fs->first_object) { + if (vm_fault_might_be_cow(fs)) { vm_object_pip_wakeup(fs->object); fs->object = fs->first_object; fs->pindex = fs->first_pindex; @@ -1417,7 +1423,7 @@ vm_fault_busy_sleep(struct faultstate *fs, int allocflags) * likely to reclaim it. */ vm_page_aflag_set(fs->m, PGA_REFERENCED); - if (fs->object != fs->first_object) { + if (vm_fault_might_be_cow(fs)) { vm_fault_page_release(&fs->first_m); vm_object_pip_wakeup(fs->first_object); } @@ -1711,7 +1717,7 @@ found: * top-level object, we have to copy it into a new page owned by the * top-level object. */ - if (fs.object != fs.first_object) { + if (vm_fault_might_be_cow(&fs)) { /* * We only really need to copy if we want to write it. */ From nobody Mon Oct 13 00:30:09 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clJCQ3z7hz6BVyK; Mon, 13 Oct 2025 00:30:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clJCQ1KK5z48td; Mon, 13 Oct 2025 00:30:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315410; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QxPCMkwHwdWf7emq72ke/mU8KXo7gaC9ADtWazc/+z8=; b=Slytu+f51HH1rgmHQqmewWPyZsnX7p1YbE5XhhvmNsVGcO48JgADm4RtL4rP3LOh1XcGQi EZsbSE8oFlBa5dkW4ADkxc5fuIrOuktLbFqOQP7jZapsLSyY7qsOxMRHu8WLER2zGJJ0dz udiJ+3JXuFkBrSpbNfKWuyXF7UpXtd9av2bxBVpXeiC4VQsEL42GcuoostuvH98hiFMVTE /kSnT/j4vojmrr5di2I6B+RzksxzIscYbmHn3puS4OpNI14B+A0nSasP9daUVAGxjYxW9h +crOLZ6tW1hAadEFdwvLUbsb/KQo0UCOsxSCNGeWVtt0OJuvXAxM6iqzM8BcLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315410; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QxPCMkwHwdWf7emq72ke/mU8KXo7gaC9ADtWazc/+z8=; b=o1uO0SN9C03QgoRS8tdgH3AYLf6B5N7U07P0DPdGTkXGk+7EaojPshw5mp2Grh9lvot3Pq 239+b+8mPrUL+hq7ulMhAt6hNpy6E2tQ6CquApk+TQoe6byo4RT1VMZKEApA+Q6tEe/W8M BRn23C4+AzidviNuAXoAtJMrHpk73Kt+sRjb7iGK1+/k3HwYp/3Y2/z1L8vQaCeniRkGDf oc0+xOJwKz4aawyUhcqtMLgPLKqMPff2oQ7YUNnzJzHIkrQZHiqMLJgtcgBDLMzBmQPaM1 x+GBla8FKgC7ZRmQupYjeJ8Otaro8+85mYOauJeP8kNoBcCWNEBNkQJtzDdE4g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760315410; a=rsa-sha256; cv=none; b=jA4nsX45gr/LVjD8VxuxKqy6QVv7wUplFBh12tqvHSWb2PRTfHW2BD+jzZFNNcMHvCcttS t+TkAx2gN23pYtuiBJzAge1gFjGt+/GJUOiYV5UiPemvRjBOKxBlQoGCnu3Gtag+x21g+p W0Wr4exG83SY1OoT76OUxoDd0UwB9zlzJKKl+gEo+1LUoUS+ZfhbZro+62A1KneL63Nc1T sayleu1sm4fgzM/bLdDz3Zdipde6M5FBB+K276IBDeuWFNMRs9ygPFEGUJcchJuD4ys8/h S3qNHV33049inD7NpTTsHE8tgttq1a5/Mb33Rv2/ft/SronyUNZqiYMmbzJGFw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clJCQ0BHMzkcB; Mon, 13 Oct 2025 00:30:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D0U9l9043934; Mon, 13 Oct 2025 00:30:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D0U9eK043929; Mon, 13 Oct 2025 00:30:09 GMT (envelope-from git) Date: Mon, 13 Oct 2025 00:30:09 GMT Message-Id: <202510130030.59D0U9eK043929@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 4b938ed09069 - stable/14 - vm_fault_busy_sleep(): pass explicit allocflags for vm_page_busy_sleep() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 4b938ed09069e24e6c2714b62b4b5559081da67b Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=4b938ed09069e24e6c2714b62b4b5559081da67b commit 4b938ed09069e24e6c2714b62b4b5559081da67b Author: Konstantin Belousov AuthorDate: 2025-08-06 21:49:10 +0000 Commit: Konstantin Belousov CommitDate: 2025-10-13 00:23:44 +0000 vm_fault_busy_sleep(): pass explicit allocflags for vm_page_busy_sleep() (cherry picked from commit c6b79f587f27649f90e00bc131d37bafa50ffc62) --- sys/vm/vm_fault.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 32c3d698b085..89acbb0095e9 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -1409,7 +1409,7 @@ vm_fault_getpages(struct faultstate *fs, int *behindp, int *aheadp) * page except, perhaps, to pmap it. */ static void -vm_fault_busy_sleep(struct faultstate *fs) +vm_fault_busy_sleep(struct faultstate *fs, int allocflags) { /* * Reference the page before unlocking and @@ -1423,7 +1423,7 @@ vm_fault_busy_sleep(struct faultstate *fs) } vm_object_pip_wakeup(fs->object); vm_fault_unlock_map(fs); - if (!vm_page_busy_sleep(fs->m, "vmpfw", 0)) + if (!vm_page_busy_sleep(fs->m, "vmpfw", allocflags)) VM_OBJECT_UNLOCK(fs->object); VM_CNT_INC(v_intrans); vm_object_deallocate(fs->first_object); @@ -1468,7 +1468,7 @@ vm_fault_object(struct faultstate *fs, int *behindp, int *aheadp) fs->m = vm_page_lookup(fs->object, fs->pindex); if (fs->m != NULL) { if (!vm_page_tryxbusy(fs->m)) { - vm_fault_busy_sleep(fs); + vm_fault_busy_sleep(fs, 0); return (FAULT_RESTART); } From nobody Mon Oct 13 00:30:11 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clJCS4vHhz6BWfx; Mon, 13 Oct 2025 00:30:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clJCS18d4z49Dv; Mon, 13 Oct 2025 00:30:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315412; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H3xSv2VAVvKoZ8rEAg4jeH+LP6+g5Fu5O95dEOYZHDw=; b=Z+Ggk46/9nerdhlH3zNFrk2+iSfD3/U3cjcULSjt5uQHXZEU0yIT1KPAtXvjC5K0G57lVd 827sWg+El5dGE8+km/1r4xspM6VmI+agaIJ0tLJJjIM3TtOQ8vTOXHqwM9SdtJMAlEg1Hy hrqGsNvlZZ22fq23kp7E/ODkvgOtp+QrsRvJDtqopnSMkmtk7yPwfketiP/Fgn7uLiI3sB R67sjutRWbPmwmhIXFqKUkqfynKdqS7JTitedsXGuZ0cgx5WzuLkbDn4EujxRD554QuDSE w8YDHB7emUbZ3cJlZvCBotFY9Eiut43dLUo1S2594X8LG3S4KNb5+SNQoVvPhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315412; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H3xSv2VAVvKoZ8rEAg4jeH+LP6+g5Fu5O95dEOYZHDw=; b=Pnxn1Ag8hewCoIS56UGMNFnlEBmvBQ/iTuKWuo29nINGcbjjiZiirAplaJWpi2elQor31K oj5JmzD8lzay6k0VW5Kiu2lmDIXJ9Mx6EZ6d+sGxOcswQBCqzfynUu5wGvJNvSggMWOvf7 w9Z2S51uCgR1lJt4hGgYDfj7+SHjIHd0qWFA8Aa5WgaSe4oisD+VFk+tPNIrEyb06A7+I6 ilL5Q8Ua2pTzcZySqZeIytnKf+dKB6pFe+qkps68fEYvyBXzSxef0D8tPY+gBCBP+nJHCI 25QS96lootalq8EXAE3sjvJ792WL5EyxCQoYsi6rial2SZWr0zFkWukracYbcQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760315412; a=rsa-sha256; cv=none; b=APDq3dscdxs8euRmP9QphJH/U0sFsWA6jGlUca8cRx0T3lXaP+ViAQfRz2Oj0JP54N5j+e tAArSP7KkizbOtdX/FldUaSeAJRhFtubfj9Yf7OSO17tytWasHfwgKUrRMO9keIQnvSH39 k6ugkzbZjoCEpSXDEwO3rZUhNEPHTOKRe1ix5FHZclpu5kfUTjfAaN+/iogkSvSxRZ6siY V6TnxY+hp8RhpGwSLZ3prLz1GVX7tqXv8KwBfLfFnKz51bzrmiLBTeUl2mHm9ZCkIiEMsQ TSWr+ZoAjndsiGaDm9JnXz/OLTqdNAmuaCGrhZhENvcAJl65k8cbkW+jpySFeA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clJCS0VRbzkcC; Mon, 13 Oct 2025 00:30:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D0UBkj045241; Mon, 13 Oct 2025 00:30:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D0UBxl045236; Mon, 13 Oct 2025 00:30:11 GMT (envelope-from git) Date: Mon, 13 Oct 2025 00:30:11 GMT Message-Id: <202510130030.59D0UBxl045236@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: f4d5c6d65168 - stable/14 - vm_fault: add helper vm_fault_can_cow_rename() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: f4d5c6d65168d3d9b99a2332d854c14b231188e6 Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=f4d5c6d65168d3d9b99a2332d854c14b231188e6 commit f4d5c6d65168d3d9b99a2332d854c14b231188e6 Author: Konstantin Belousov AuthorDate: 2025-07-24 10:47:52 +0000 Commit: Konstantin Belousov CommitDate: 2025-10-13 00:23:45 +0000 vm_fault: add helper vm_fault_can_cow_rename() (cherry picked from commit 3f05bbdbd80f2eefb647e595dc73e80d6186d6a5) --- sys/vm/vm_fault.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 796b4c44b3f9..9ba96ab888d6 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -991,6 +991,16 @@ vm_fault_relookup(struct faultstate *fs) return (KERN_SUCCESS); } +static bool +vm_fault_can_cow_rename(struct faultstate *fs) +{ + return ( + /* Only one shadow object and no other refs. */ + fs->object->shadow_count == 1 && fs->object->ref_count == 1 && + /* No other ways to look the object up. */ + fs->object->handle == NULL && (fs->object->flags & OBJ_ANON) != 0); +} + static void vm_fault_cow(struct faultstate *fs) { @@ -1008,15 +1018,7 @@ vm_fault_cow(struct faultstate *fs) * object so that it will go out to swap when needed. */ is_first_object_locked = false; - if ( - /* - * Only one shadow object and no other refs. - */ - fs->object->shadow_count == 1 && fs->object->ref_count == 1 && - /* - * No other ways to look the object up - */ - fs->object->handle == NULL && (fs->object->flags & OBJ_ANON) != 0 && + if (vm_fault_can_cow_rename(fs) && /* * We don't chase down the shadow chain and we can acquire locks. */ From nobody Mon Oct 13 00:30:13 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clJCT6PNnz6BWg0; Mon, 13 Oct 2025 00:30:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clJCT1TtVz49Bf; Mon, 13 Oct 2025 00:30:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315413; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vISPoWGQOuOFpF5JnLp+NqhGqj8hrAUoihUqt+YGi+E=; b=MAc/HClJes9ydeDkIP6GjYoGLrhLtSZzPC4Y8NAmfSQhVS9mR0Auc0WqekBWacLVz8gZw+ 0fN+/uDrC/bfRgmJzk9/jsiooDKg55L1/4RdHZe+hMYV/taYpNrsiKFfTrhJ4dgRwGUKu2 UdCu/OjN84eQbHahI1ksJDktpVdj3M/aqGwRmQ7R2qnx3fbEGyLpVRu9IGnwoEZmUEhK/c hUT7fqgNv8s5rtj8pM80HmXsm3i6aoGb+RjjHKxUUJKb+jhK4mFbNUkSKTSIQuohB8uV5m jUMYvV7rEFR0+lPZ4hpnJAo1foNH7sW+U7LO55LcaxrHQc8jimozlrEItFBeaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315413; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vISPoWGQOuOFpF5JnLp+NqhGqj8hrAUoihUqt+YGi+E=; b=CuI2QzZKjhNxJx9JWJTIG5NgRusNEpuPpb9OistmKdfE0Y1slf0b2irB6zyi8vmv6V/ypo ImNgPAwTMSeBeKqdqPzkDVc0Gu+IwlEtbuTpzNC5ZhmmS261QMAWvewVl91uyrl9leWbpZ v7GnslvC617wA22WcsAk60nwhfWaDZ8U5mX6LVI25TP2dcG7pCkW23+9EJHEuzEG9cg829 mnYnXwAxdeULA0HECudH40u1AhlGyTSlUjUq2hUyKcotPoDsKzjMGRuYWF8MHWIixz5b52 RFSQ+Y2yrWqCw0BUhRHjFNhLWYGkTeTkbW8rolyBe66yrTo8Y5lw2evjRDhc3Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760315413; a=rsa-sha256; cv=none; b=f798y45SJvHy/hRfPRtVJ9f2quZzWJQ/dzOjyzkcGGX3Wh22D2LGV2dVuHWHTUFzTjAW7h LMynVSNJECyoLulMMxrhLhIrFrlbQTL7mcDUdTHKlbmvDx4KBwqA/s0LACjR7qt+eat+FJ TLbem92+N6Y/vOy9D7Op3PufvANZuPZY3/ee/iZahgdmS01tDgiTRXNyNWtdDnmHFzDZ1h p3/Dxjo6wuuDJ3LVliaq/ntm60s3XVY2aSmSLFSk2ya8V1T5Y/wb30LZZXiRE0RpTEbg4N avGvH3RWOwoJ21i50bTfcYgMnouPZfVmrT9udgqC1Ly8+7n8krZBpB3gPD0s3w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clJCT0yRhzjsS; Mon, 13 Oct 2025 00:30:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D0UDkC045882; Mon, 13 Oct 2025 00:30:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D0UDVd045875; Mon, 13 Oct 2025 00:30:13 GMT (envelope-from git) Date: Mon, 13 Oct 2025 00:30:13 GMT Message-Id: <202510130030.59D0UDVd045875@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 94ea60483bcc - stable/14 - vm_fault: try to only share-busy page for soft faults List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 94ea60483bcc0681e351901d1e466547a275a6da Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=94ea60483bcc0681e351901d1e466547a275a6da commit 94ea60483bcc0681e351901d1e466547a275a6da Author: Konstantin Belousov AuthorDate: 2025-07-23 10:44:29 +0000 Commit: Konstantin Belousov CommitDate: 2025-10-13 00:23:45 +0000 vm_fault: try to only share-busy page for soft faults (cherry picked from commit 149674bbac5842ac883414a6c1e75d829c70d42b) --- sys/vm/vm_fault.c | 108 ++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 93 insertions(+), 15 deletions(-) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 9ba96ab888d6..f6e75629864e 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -203,7 +203,10 @@ vm_fault_page_release(vm_page_t *mp) * pageout while optimizing fault restarts. */ vm_page_deactivate(m); - vm_page_xunbusy(m); + if (vm_page_xbusied(m)) + vm_page_xunbusy(m); + else + vm_page_sunbusy(m); *mp = NULL; } } @@ -334,6 +337,13 @@ vm_fault_dirty(struct faultstate *fs, vm_page_t m) } +static bool +vm_fault_is_read(const struct faultstate *fs) +{ + return ((fs->prot & VM_PROT_WRITE) == 0 && + (fs->fault_type & (VM_PROT_COPY | VM_PROT_WRITE)) == 0); +} + /* * Unlocks fs.first_object and fs.map on success. */ @@ -1004,7 +1014,7 @@ vm_fault_can_cow_rename(struct faultstate *fs) static void vm_fault_cow(struct faultstate *fs) { - bool is_first_object_locked; + bool is_first_object_locked, rename_cow; KASSERT(vm_fault_might_be_cow(fs), ("source and target COW objects are identical")); @@ -1018,13 +1028,29 @@ vm_fault_cow(struct faultstate *fs) * object so that it will go out to swap when needed. */ is_first_object_locked = false; - if (vm_fault_can_cow_rename(fs) && - /* - * We don't chase down the shadow chain and we can acquire locks. - */ - (is_first_object_locked = VM_OBJECT_TRYWLOCK(fs->first_object)) && - fs->object == fs->first_object->backing_object && - VM_OBJECT_TRYWLOCK(fs->object)) { + rename_cow = false; + + if (vm_fault_can_cow_rename(fs) && vm_page_xbusied(fs->m)) { + /* + * Check that we don't chase down the shadow chain and + * we can acquire locks. Recheck the conditions for + * rename after the shadow chain is stable after the + * object locking. + */ + is_first_object_locked = VM_OBJECT_TRYWLOCK(fs->first_object); + if (is_first_object_locked && + fs->object == fs->first_object->backing_object) { + if (VM_OBJECT_TRYWLOCK(fs->object)) { + rename_cow = vm_fault_can_cow_rename(fs); + if (!rename_cow) + VM_OBJECT_WUNLOCK(fs->object); + } + } + } + + if (rename_cow) { + vm_page_assert_xbusied(fs->m); + /* * Remove but keep xbusy for replace. fs->m is moved into * fs->first_object and left busy while fs->first_m is @@ -1081,8 +1107,12 @@ vm_fault_cow(struct faultstate *fs) * address space. If OBJ_ONEMAPPING is set after the check, * removing mappings will at worse trigger some unnecessary page * faults. + * + * In the fs->m shared busy case, the xbusy state of + * fs->first_m prevents new mappings of fs->m from + * being created because a parallel fault on this + * shadow chain should wait for xbusy on fs->first_m. */ - vm_page_assert_xbusied(fs->m_cow); if ((fs->first_object->flags & OBJ_ONEMAPPING) == 0) pmap_remove_all(fs->m_cow); } @@ -1475,6 +1505,51 @@ vm_fault_object(struct faultstate *fs, int *behindp, int *aheadp) */ fs->m = vm_page_lookup(fs->object, fs->pindex); if (fs->m != NULL) { + /* + * If the found page is valid, will be either shadowed + * or mapped read-only, and will not be renamed for + * COW, then busy it in shared mode. This allows + * other faults needing this page to proceed in + * parallel. + * + * Unlocked check for validity, rechecked after busy + * is obtained. + */ + if (vm_page_all_valid(fs->m) && + /* + * No write permissions for the new fs->m mapping, + * or the first object has only one mapping, so + * other writeable COW mappings of fs->m cannot + * appear under us. + */ + (vm_fault_is_read(fs) || vm_fault_might_be_cow(fs)) && + /* + * fs->m cannot be renamed from object to + * first_object. These conditions will be + * re-checked with proper synchronization in + * vm_fault_cow(). + */ + (!vm_fault_can_cow_rename(fs) || + fs->object != fs->first_object->backing_object)) { + if (!vm_page_trysbusy(fs->m)) { + vm_fault_busy_sleep(fs, VM_ALLOC_SBUSY); + return (FAULT_RESTART); + } + + /* + * Now make sure that racily checked + * conditions are still valid. + */ + if (__predict_true(vm_page_all_valid(fs->m) && + (vm_fault_is_read(fs) || + vm_fault_might_be_cow(fs)))) { + VM_OBJECT_UNLOCK(fs->object); + return (FAULT_SOFT); + } + + vm_page_sunbusy(fs->m); + } + if (!vm_page_tryxbusy(fs->m)) { vm_fault_busy_sleep(fs, 0); return (FAULT_RESTART); @@ -1708,10 +1783,10 @@ RetryFault: found: /* - * A valid page has been found and exclusively busied. The - * object lock must no longer be held. + * A valid page has been found and busied. The object lock + * must no longer be held if the page was busied. */ - vm_page_assert_xbusied(fs.m); + vm_page_assert_busied(fs.m); VM_OBJECT_ASSERT_UNLOCKED(fs.object); /* @@ -1780,7 +1855,7 @@ found: * Page must be completely valid or it is not fit to * map into user space. vm_pager_get_pages() ensures this. */ - vm_page_assert_xbusied(fs.m); + vm_page_assert_busied(fs.m); KASSERT(vm_page_all_valid(fs.m), ("vm_fault: page %p partially invalid", fs.m)); @@ -1812,7 +1887,10 @@ found: (*fs.m_hold) = fs.m; vm_page_wire(fs.m); } - vm_page_xunbusy(fs.m); + if (vm_page_xbusied(fs.m)) + vm_page_xunbusy(fs.m); + else + vm_page_sunbusy(fs.m); fs.m = NULL; /* From nobody Mon Oct 13 00:30:14 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clJCV5Cvlz6BWg1; Mon, 13 Oct 2025 00:30:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clJCV1ykRz49H8; Mon, 13 Oct 2025 00:30:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315414; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xGzxVSN5LSnkuOtQxUJxPZIt5c7qpbw7CgYJcAD3mDE=; b=CpnyqXJMmGKtoNksZW6rukBRpidfRmm41C2HrsdGx4HQXntpR+QFj6FuWPmrWly4MQlS2B gbw3uIVbCeMhgHDk73p7VTKh9cvkCMYiNjuCpDK7WMp7t4s64jxtv5tgNY9dO5NS0MzOpm HOglSTjbUUiLDgRzutFTXE8LZeg8V7p/OGEj4jml9QorAtYsjpY6MDF5mZeoYd913oUVFJ DyUBKc8LSp0WB4ZNW7O/hZ1VZFoJjuNPBRUHkzjC735cFYTZwX2NhBmjY3b2LJRBt2GTLK pTmmmXBu5xaY8njFkwDNGiws0WxsL9wZoyuEYM5bvo4EPByONhmLfRMbWX9yJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315414; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xGzxVSN5LSnkuOtQxUJxPZIt5c7qpbw7CgYJcAD3mDE=; b=qyuj3jHAsYSYfDLE2aAZ/+PgRgMkvhREuLZfY7sHQ7tfGrD4jstA3N7a6Fnl4/c1V1S24u IYIlUL50YLGUitzigfXtimQHnXbLj8BCVbhSNZDfVNI3TxKctPN4nszJbyqYIQJRDJTjDB JArxCst+tsEvNfeGrkJ+R7oY+86YQQMmnm0blWCLhUlgCmGKRixdX3ddXLSZssPQIyJW9K 4EqDY4YrDr1iNNKUHS0jRxV9GTKqd0+bW15n1IzWmAAk3JR3dZLBUOGmS3CzROPqy0H+90 SQ8qwIkOKq8vOFkL7A4gfHOVyYBq28AF7ki72Bp6Xa5tDqgMynIEywH9ZtdpJw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760315414; a=rsa-sha256; cv=none; b=noGNk304hzZlzTxmXidIpJXYqZy/zH6aQsETqFS4o4dcTFF3cuMSmDZrBpPuJ8dI404/wQ 0miC5YqZf6EeB3dKPi00sZiTSIkzXJWGjhi+uQFEenpjQypxaDZoqKvL2enZDlw/7815wz n0rQKKj2YBkjXub7W9C1R+GszAYISolXyOEzEbz/AhP7O5EDWjJw6LtlRa3Um3bLpPYD57 Z9ZbZpQXwuhRfSfA7hfZADw9MJkmhh0M5VexbFOnGESPOvMrmAxDRCditZvJhWAlLNRMw0 pSwABQk5AvTq4euZuNZHHiA6GURA+P7kldGDNvsigIKGHbwFgkDD2ibP1KXb2g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clJCV1Sr8zkNt; Mon, 13 Oct 2025 00:30:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D0UEbl046552; Mon, 13 Oct 2025 00:30:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D0UEcH046545; Mon, 13 Oct 2025 00:30:14 GMT (envelope-from git) Date: Mon, 13 Oct 2025 00:30:14 GMT Message-Id: <202510130030.59D0UEcH046545@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: d1cdb4a087e6 - stable/14 - vm_fault: assert that first_m is xbusy List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: d1cdb4a087e69e1515a855a928ced8a18f9b75f9 Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=d1cdb4a087e69e1515a855a928ced8a18f9b75f9 commit d1cdb4a087e69e1515a855a928ced8a18f9b75f9 Author: Konstantin Belousov AuthorDate: 2025-08-05 15:46:56 +0000 Commit: Konstantin Belousov CommitDate: 2025-10-13 00:23:46 +0000 vm_fault: assert that first_m is xbusy (cherry picked from commit a38483fa2b3a26414d3409b12dd35ac406c44cea) --- sys/vm/vm_fault.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index f6e75629864e..aad112a652ed 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -1785,6 +1785,11 @@ found: /* * A valid page has been found and busied. The object lock * must no longer be held if the page was busied. + * + * Regardless of the busy state of fs.m, fs.first_m is always + * exclusively busied after the first iteration of the loop + * calling vm_fault_object(). This is an ordering point for + * the parallel faults occuring in on the same page. */ vm_page_assert_busied(fs.m); VM_OBJECT_ASSERT_UNLOCKED(fs.object); @@ -1887,6 +1892,9 @@ found: (*fs.m_hold) = fs.m; vm_page_wire(fs.m); } + + KASSERT(fs.first_object == fs.object || vm_page_xbusied(fs.first_m), + ("first_m must be xbusy")); if (vm_page_xbusied(fs.m)) vm_page_xunbusy(fs.m); else From nobody Mon Oct 13 00:30:15 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clJCW3tf8z6BX2s; Mon, 13 Oct 2025 00:30:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clJCW2Pxcz49Kj; Mon, 13 Oct 2025 00:30:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315415; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6lPH01/exVEKha5/248S7SCCnQn4IhoLFcDPFGo9ukE=; b=mfpgX3bJMgl6jykmW8yxR6QFP07mvK87VnAHyPQzMSoIA9r7ak2H7ntdjPaUBsORgES5FB Gja2N1b178iUi5xzjcGZp0Vm7G2mRyHBK4eZkOLfSaoDueIxYg46f2StLEe0tP2Ne71jhf FGEa1UjxsQ47hUmYRrEp+PwVQZ4FVVwZKWVf0cn67OMo+RoRBo0rllvgLh3GthKimvBHZX W6UeOfhqfq7JgAcZaGV3qorIsulATMAoJ58xeP3/BCCVNpDMLRLBs+omNGvZ15Uo81/gUX PL5Z46CKR2LM1biBYduzSlseoAj6pT9HS/W1EpYTO8o6Q3rBYSynqxSabh6DPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315415; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6lPH01/exVEKha5/248S7SCCnQn4IhoLFcDPFGo9ukE=; b=ROXZ9IAMy0UF4z/6pdoSCYCLi6HdKxnr/w6uLlcNBJcmra+pKv9rmiM3DJT2Z46NCTMIHJ 8jcVRtc36Gry72W20xVpfEW06YiwRqjA+w8Itv7aqBnFVflJsgUFq5aUabWyrFxTbyDTSd mS6BO4RTt57cc9WESi4z+7N8I0oWB4TLs8Xm7g0Yu6xAYHD9rQ140Dz2rYrtQNHlCAPkOX cf5J3TG5duQPfJURNIEVLJvaLEFHyCQfdompTwyBkEJRoce0QL/9+LlYkwVA3PrT7wwyrW BTMrcT1SxqAIiRuSi+X+yrdqO0JxNiInQmOdngmX7l/CsFVceETP7fYn9OKPlg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760315415; a=rsa-sha256; cv=none; b=OG+E3swu0ljwxxQqK5SASKaCF1W8H19y5EbuEUfKOZPWkMjgJeyQNMKwt0e95fjFVkMdoB rE2KyErtoOEBaPjkMwdcptS2pVAzDgX5k3y/taBr9Ch/oOjHHS3V62ouluvZ/UWqqxtqoB m5cuWUITt8+yZzkRRBljD3sm0L7HmRgPabCcVOgvgtEdn2o6X04Q7Fb9IasFHLliRMDHka RYzhLzrH++mYw5RmeQjrQxPyzkM3ZTJ9gtWhMFUDvZgthb0fQhfhmhHnwUH2WjDYi0S1pe PT/NuDESEus+3rFmru2jDvdr14oUZqrgZ8Uv7/xGQRaZkBbqc6+f9+Ap8FSnTg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clJCW1zSjzjvr; Mon, 13 Oct 2025 00:30:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D0UFoE047234; Mon, 13 Oct 2025 00:30:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D0UFtZ047223; Mon, 13 Oct 2025 00:30:15 GMT (envelope-from git) Date: Mon, 13 Oct 2025 00:30:15 GMT Message-Id: <202510130030.59D0UFtZ047223@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 0c7c1c27ea9e - stable/14 - vm_fault_busy_sleep(): update comment after addition of allocflags arg List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 0c7c1c27ea9eed8aefa236daa13eabb5bd050cfc Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=0c7c1c27ea9eed8aefa236daa13eabb5bd050cfc commit 0c7c1c27ea9eed8aefa236daa13eabb5bd050cfc Author: Konstantin Belousov AuthorDate: 2025-09-15 00:52:47 +0000 Commit: Konstantin Belousov CommitDate: 2025-10-13 00:23:46 +0000 vm_fault_busy_sleep(): update comment after addition of allocflags arg (cherry picked from commit f1b656f14464c2e3ec4ab2eeade3b00dce4bd459) --- sys/vm/vm_fault.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index aad112a652ed..9f7176eebabb 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -1440,11 +1440,10 @@ vm_fault_getpages(struct faultstate *fs, int *behindp, int *aheadp) * and we could end up trying to pagein and pageout the same page * simultaneously. * - * We can theoretically allow the busy case on a read fault if the page - * is marked valid, but since such pages are typically already pmap'd, - * putting that special case in might be more effort then it is worth. - * We cannot under any circumstances mess around with a shared busied - * page except, perhaps, to pmap it. + * We allow the busy case on a read fault if the page is valid. We + * cannot under any circumstances mess around with a shared busied + * page except, perhaps, to pmap it. This is controlled by the + * VM_ALLOC_SBUSY bit in the allocflags argument. */ static void vm_fault_busy_sleep(struct faultstate *fs, int allocflags) From nobody Mon Oct 13 00:32:26 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clJG24xNvz6BX4H; Mon, 13 Oct 2025 00:32:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clJG23pnyz3DNN; Mon, 13 Oct 2025 00:32:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315546; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ur9SWKqZnmWkzHN3h+mBvAvFzOk2d5ZNriGzwZCWkg0=; b=P2Yfh1AU9pKeIvKR6W7Zuk3vOV+Uz2OLIsNBVw9YI0JGVfG6hHhjt+jPjwsAQBVivyXS2y nABKt1ZetAhgLCTFVDKWpfFSHypiW8KHCOeC/u8ad3aI/r4mSQpBMg4CdjkJl0FZpxE4XS rS4XCnbTN1B+TtOC3mPOVFcXUWl34iwCTtwyCd0jQDfRoRh9SGcB0TeNMh/I96KxP3rOxR sqJRgmoCsH4yhBJKsf/gt4iee66Q4p+OCequ+UWvt6M1b1arqvp12u0hno27hiOHk8QX2P 67KrI8TDY2Zzh1WJgP0j1txTg0RtR1uuLEJw84taM5oA7d3C3Q8dsSxSygQhSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760315546; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ur9SWKqZnmWkzHN3h+mBvAvFzOk2d5ZNriGzwZCWkg0=; b=ObiwOiAhC3WrNYEsSgz3djimTmHRfFPTXw7mFc3pgVYAjeyuvPkfVoShxEQJyZRXZGcera S7QtGyYfyfLb4UjlAvltsPfH3+/vRIZbcLLu/29cV9x//QTTN4+i9rn7C44ZOZ4wNPYeip RW0Zd6kmrlrkMRQ9VzrPLMZqtUINBfAgJkSH+WZId8hPwFzuXcyODrA7Ppwj8GOo0ydaK+ VnCx/yjoYQRF//+21IM4o8qinS7RZNVWNFnkFy8p2ymQ85QaNnhctClaJgukM+LBl1yM65 UoaPWKaL7RuXqQzAVyl71ocEn5e+t2ouYoT6DXvAhwcpY+8GWLkEOZDtyOvwXA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760315546; a=rsa-sha256; cv=none; b=saHw5P2BRVxSZD/Udl+cjVJM+9u6PMy/oIf5e4JKUTUMjXJ32x37GIdgu0rLwRJQqwBW8O aJ5cRUXkL2h7S744Zkw1Vf6Fu+B2/FDEX8GnB3XdhSB/liF6mm408OsdSuBYpScesMDg39 9L2pbyjproSsgMJC8T9CITXGlOfxOMi/G/z3KYdn3+ow5QE+VoIRZ1j7Oxa6DjZ6ebvpTU IFaS3r2jI+3r6x+49cs7vyqVaLPVi4Ul1aoANXd4XxaJeuQRQ9OicE0semBqKwqOqilkCS h2PO5BkK92N2hCsERUrtnVkqW4Iakh1dzjbzz8zrMwGu0yFDsqJbCQC3BI1RYA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clJG23DXMzkmN; Mon, 13 Oct 2025 00:32:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D0WQFE056293; Mon, 13 Oct 2025 00:32:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D0WQTg056290; Mon, 13 Oct 2025 00:32:26 GMT (envelope-from git) Date: Mon, 13 Oct 2025 00:32:26 GMT Message-Id: <202510130032.59D0WQTg056290@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: a7fc4e326c8d - stable/15 - rpc.tlsservd.c: Pin max threads at 1 for now List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: a7fc4e326c8db7b5429b616e0446aac1a041d239 Auto-Submitted: auto-generated The branch stable/15 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=a7fc4e326c8db7b5429b616e0446aac1a041d239 commit a7fc4e326c8db7b5429b616e0446aac1a041d239 Author: Rick Macklem AuthorDate: 2025-10-10 23:29:25 +0000 Commit: Rick Macklem CommitDate: 2025-10-13 00:29:26 +0000 rpc.tlsservd.c: Pin max threads at 1 for now PR#289734 reports a crash in tcp_use_close() when the rpc.tlsservd daemon is being used. Although I have no, as yet, had time to track down/fix the race, it turns out setting rpctls_maxthreads to 1 avoids the problem. This patch pins rpctls_maxthreads to 1 to avoid the problem, until there is a proper fix. PR: 289734 (cherry picked from commit 7a289fe3cd5c6de7ddbe394b7700b20b0bafdb3e) --- usr.sbin/rpc.tlsservd/rpc.tlsservd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c index f07385a2baa7..fb0501b2db4c 100644 --- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c +++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c @@ -168,7 +168,12 @@ main(int argc, char **argv) rpctls_verbose = false; ncpu = (u_int)sysconf(_SC_NPROCESSORS_ONLN); +#ifdef notnow rpctls_maxthreads = ncpu > 1 ? ncpu / 2 : 1; +#else + /* XXX For now, until fixed properly!! */ + rpctls_maxthreads = 1; +#endif while ((ch = getopt_long(argc, argv, "2C:D:dhl:N:n:mp:r:uvWw", longopts, NULL)) != -1) { @@ -199,6 +204,8 @@ main(int argc, char **argv) if (rpctls_maxthreads < 1 || rpctls_maxthreads > ncpu) errx(1, "maximum threads must be between 1 and " "number of CPUs (%d)", ncpu); + /* XXX For now, until fixed properly!! */ + rpctls_maxthreads = 1; break; case 'n': hostname[0] = '@'; From nobody Mon Oct 13 01:26:06 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clKRy6NmQz6Bbmv; Mon, 13 Oct 2025 01:26:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clKRy5WfLz3JqD; Mon, 13 Oct 2025 01:26:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760318766; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YvR1R6ODUTNn+Ap4DjwQBMz8fJtpoALck6mnA+4A3j0=; b=pppBBnunr9CpZio9bEF79Ecr+m7ZIPoTedZ3MTRBBAKIopcddtIKgwYg+UVk9/B2cyoX0O DxONwxLD6eUJvf5+1RuFlaKM7f/HIOYaCxWQ1taFJ6pWwqM83903vy4g0XpiGhOwDeWlKS krMdFfcfNY9CrHlQCBmTQGoal5uF/wqpV4S6XBF/De5Xti9KERGvhDotxcT0oPBbTj8waC WYKOXVN2qiPnGZrRBy+UCnxHbbbztkmTCPvua5tfPNnQ3UAf4IZLkXctfXXRVCaxs+bOB1 F3WdbdtXFi5DnsB9Mo3NeHyzMur3KugKwpq4xdI6hU0Ycl9OyNU/fTrT2YfEpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760318766; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YvR1R6ODUTNn+Ap4DjwQBMz8fJtpoALck6mnA+4A3j0=; b=mR+NCqTg2xnZ+3vxO6EYAWoQD5efL/ywHX8rd9kZjr8EFNmt3xBF9zIl8hH/i4YxHBzWbu Yr1plgiY4SqqNlB6TG6WSNGCNXGs/OjVEkGpds3wg1Yupsa33wiorQeLEUBQP4mGstXCe4 05zFyg+X67/es/ORBNGZNFkE++hSTFHiato4n0M3DUFIXCWj5aSrJirV4ngsCbBKyNk6yZ NMg8izHWTGFeUFOGQ2wltYLjGlvhGnDaNpiM5wXJRDypyIIvGDhsVvOyZdgHb9ZkIHVX+X yNQ2IB74eaTZY6WeLkLHnOLIE5womc3BuE/piZnArr9pN74g7pSzfp4P+tY+MA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760318766; a=rsa-sha256; cv=none; b=y2Hg3bYT64Cn12CVYuyT5BAZfqmcFy6WKvBlxaHtH0ZwEb06Fmo6I2Gqdg6Lx8jHCT7pIt PP95nehtIbrNI/uk9b2FZW5h8jpqGKOk05ksXijS9rIXCcoisOEd1V2+D7lRHO/c5EyNDv PpZSPqSvcLW4EHYnlKMUksSmLYoCgUGL7lfzVnv8KKt7vqSC5+06x3h+K3mw3FsQpiuonP YY7dhMgEZDXf162tEqB8qfAuoq8W6OXpGRzaasqZ6BR1q2sxVtoSi9O7T2n58+ZXzNwxjA SbuezRRnOqklB8RdiREa4yO2Ro9TqiOorUrvA0+fIa4OzdmTaf0RxdP07u610Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clKRy55jLzm17; Mon, 13 Oct 2025 01:26:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D1Q6RZ052337; Mon, 13 Oct 2025 01:26:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D1Q6Q1052335; Mon, 13 Oct 2025 01:26:06 GMT (envelope-from git) Date: Mon, 13 Oct 2025 01:26:06 GMT Message-Id: <202510130126.59D1Q6Q1052335@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: c904188d3515 - releng/15.0 - rpc.tlsservd.c: Pin max threads at 1 for now List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: c904188d35154b291c837603ed332eab694d3bb6 Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=c904188d35154b291c837603ed332eab694d3bb6 commit c904188d35154b291c837603ed332eab694d3bb6 Author: Rick Macklem AuthorDate: 2025-10-10 23:29:25 +0000 Commit: Colin Percival CommitDate: 2025-10-13 01:25:42 +0000 rpc.tlsservd.c: Pin max threads at 1 for now PR#289734 reports a crash in tcp_use_close() when the rpc.tlsservd daemon is being used. Although I have no, as yet, had time to track down/fix the race, it turns out setting rpctls_maxthreads to 1 avoids the problem. This patch pins rpctls_maxthreads to 1 to avoid the problem, until there is a proper fix. Approved by: re (cperciva) PR: 289734 (cherry picked from commit 7a289fe3cd5c6de7ddbe394b7700b20b0bafdb3e) (cherry picked from commit a7fc4e326c8db7b5429b616e0446aac1a041d239) --- usr.sbin/rpc.tlsservd/rpc.tlsservd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c index f07385a2baa7..fb0501b2db4c 100644 --- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c +++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c @@ -168,7 +168,12 @@ main(int argc, char **argv) rpctls_verbose = false; ncpu = (u_int)sysconf(_SC_NPROCESSORS_ONLN); +#ifdef notnow rpctls_maxthreads = ncpu > 1 ? ncpu / 2 : 1; +#else + /* XXX For now, until fixed properly!! */ + rpctls_maxthreads = 1; +#endif while ((ch = getopt_long(argc, argv, "2C:D:dhl:N:n:mp:r:uvWw", longopts, NULL)) != -1) { @@ -199,6 +204,8 @@ main(int argc, char **argv) if (rpctls_maxthreads < 1 || rpctls_maxthreads > ncpu) errx(1, "maximum threads must be between 1 and " "number of CPUs (%d)", ncpu); + /* XXX For now, until fixed properly!! */ + rpctls_maxthreads = 1; break; case 'n': hostname[0] = '@'; From nobody Mon Oct 13 06:08:45 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clRk533d8z6C03p; Mon, 13 Oct 2025 06:08:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clRk52XmGz3lcg; Mon, 13 Oct 2025 06:08:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760335725; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DJ/XgdXMnz/1y9OMkqTM+qvyelkNmckEg3zRjY8dpdg=; b=IP+1z28B32zwA+lA7IZMAePRLmnfkdrnedIn6A0nIOz+z10ZF/ynvckn57/DV8HUgCYePW pEROFoxAqaJiW6DP5SMImLgiKCcB9GK5mkmJnPC7f3GwG+NxAeW1XgzMoD7OSUoRuznM59 dQ2mdZIAmqxsesYmapGTSQW1aV8E/FFi0d+SFQuRb6SiGc55zORd00nCu3106Bh9jPGpSH kyN63DnxMx+p/SkNfmYBdt/EXrCkXuuOO7fogJAaiwmAFBoultNQE57iCqQGuhUfAmjCmx o3gnPBabO8Vv7e523GNvTFS21YIzxxWVPugJLbabdgD/wqKsDcnDS7g3yULjOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760335725; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DJ/XgdXMnz/1y9OMkqTM+qvyelkNmckEg3zRjY8dpdg=; b=huJzX9PNhivsz9l7ovmFUJtJOdIP32AE+G3JhdIAsxqzcsli0dm83RC0MVX1EtZ2kdCWQx 6GD7IcN9RxcqBbjfzFY+gbB0XgbFSZFIPXgNWfjHPa8BIfUWXOdSp98rZKP0c5gD/ffVfj 5OmliGpUq8Yaza0DzYDjNy5E3jmfdS7StNISPDEQPY/Jw585Jy7GlDxooVwIwAjYZtLMjN uLgWh3W79T2OEiWZHDD2ihcinVzBoglZzcTaO3ZPTjaFTtKdK0ALOUrhFYYJ7tLWZBs95t IZBvzrR2vIjnAq3GHOIZj6T4AIKax54jYTBZizG/j0DNFTAwiBQ/5Pltne4I5Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760335725; a=rsa-sha256; cv=none; b=GTVrCoftNp8NOpKQiNb9A3JPQV8q+TW48le4csA1suA7O6V3FT4CPEiGZZYlyvB7YRzPE1 bYarbLtd2+gP92oWSc7S71AL5/ezUCleoEVcRlbVhRdlc2OlVrP/v4pMJCDXgmk6uctJTV 18jPuvbYaV3G+++s55cTpKoCbK1XyobTzFO4aNvwxhn0eMx81Sf61h7xgtyiNaWTJ4Tba3 FdhVyXpBsnX7Wgqc/IyO4EpfL6zUFoh6R682T255cuXmZRzIFivzvtAFeR0JYMz0QBQZGk SVY6cVbEWKwRKdb43be5bbwThVTrVjXosNB+YVqQfFFet4htUrG1UrBCktWRQA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clRk51gwtzvPW; Mon, 13 Oct 2025 06:08:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D68j6c080441; Mon, 13 Oct 2025 06:08:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D68j8C080438; Mon, 13 Oct 2025 06:08:45 GMT (envelope-from git) Date: Mon, 13 Oct 2025 06:08:45 GMT Message-Id: <202510130608.59D68j8C080438@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Xin LI Subject: git: f139a644d3ee - stable/15 - MFC: libbz2: add pkg-config file (bzip2.pc) List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: delphij X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: f139a644d3ee01667480ff6d698757d3e3689794 Auto-Submitted: auto-generated The branch stable/15 has been updated by delphij: URL: https://cgit.FreeBSD.org/src/commit/?id=f139a644d3ee01667480ff6d698757d3e3689794 commit f139a644d3ee01667480ff6d698757d3e3689794 Author: Xin LI AuthorDate: 2025-10-10 05:35:54 +0000 Commit: Xin LI CommitDate: 2025-10-13 06:08:29 +0000 MFC: libbz2: add pkg-config file (bzip2.pc) Add generation of a bzip2.pc file for use with pkg-config and create a basic template as bzip2.pc.in. This allows other software to easily locate and link against libbz2 using standard pkg-config mechanisms instead of manual compiler and linker flags. The version number is extracted automatically from bzlib.h to keep it consistent with the library sources. Tested: pkg-config --exists --print-errors "bzip2 >= 1.0.9" (fail, expected) pkg-config --exists --print-errors "bzip2 >= 1.0" (succeeded) pkg-config --libs bzip2 (-lbz2) pkg-config --cflags bzip2 () (cherry picked from commit 586319793368cbc664b48187bda60d27e171753a) --- lib/libbz2/Makefile | 13 +++++++++++++ lib/libbz2/bzip2.pc.in | 11 +++++++++++ 2 files changed, 24 insertions(+) diff --git a/lib/libbz2/Makefile b/lib/libbz2/Makefile index d773f202dd67..2aedbaed4328 100644 --- a/lib/libbz2/Makefile +++ b/lib/libbz2/Makefile @@ -13,4 +13,17 @@ CFLAGS+= -I${BZ2DIR} WARNS?= 3 +BZIP2_VERSION!= sed -n '/bzip2\/libbzip2 version /{s/.*version //;s/ of.*//p;q;}' ${BZ2DIR}/bzlib.h + +bzip2.pc: bzip2.pc.in + sed -e 's,@prefix@,/usr,g ; \ + s,@exec_prefix@,$${prefix},g ; \ + s,@libdir@,${LIBDIR},g ; \ + s,@sharedlibdir@,${SHLIBDIR},g ; \ + s,@includedir@,${INCLUDEDIR},g ; \ + s,@VERSION@,${BZIP2_VERSION},g ;' \ + ${.ALLSRC} > ${.TARGET} + +PCFILES= bzip2.pc + .include diff --git a/lib/libbz2/bzip2.pc.in b/lib/libbz2/bzip2.pc.in new file mode 100644 index 000000000000..d91c9931a58a --- /dev/null +++ b/lib/libbz2/bzip2.pc.in @@ -0,0 +1,11 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +sharedlibdir=@sharedlibdir@ +includedir=@includedir@ + +Name: bzip2 +Description: bzip2 compression library +Version: @VERSION@ +Libs: -L${libdir} -lbz2 +Cflags: -I${includedir} From nobody Mon Oct 13 06:09:11 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clRkb4kdDz6Bymx; Mon, 13 Oct 2025 06:09:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clRkb4Df5z3ln8; Mon, 13 Oct 2025 06:09:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760335751; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0QdBompqpZuHbOD8diIZemCNUFz9je2UF+Q/s6FnZbA=; b=AtZGHEVuc9Kaiotnc6yN6e/3ETtagKZ7XKJIsOZGPeIwPYwwKtIGEQ3uM0OznsYjPWutfH TboJ16aLWNysDSfD5SIFON9aF3wZ0ZX7D7byG/DjEtOVKjNGYHEBFPpg+BZBPr/MYtRvaO 57GGGNdWXbMxRrzvjMVfbrQrG3M1jQ93IO6X+67A2+xMTtbIRcHIscFtX4e4RRq3i+NJqT wlt6oMJCNSOam7VRFQvIoCz94WYJqTFStrSYyWG7QV9E3oGXwl/hhg0PdHWRDGgM+xH7HZ BaMs5lga2Au0HQKLQhITdmQyKvfPrFiFkegq3xaW+d9S8E0KygJLvHgAjRhG7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760335751; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0QdBompqpZuHbOD8diIZemCNUFz9je2UF+Q/s6FnZbA=; b=r1aJRQ/dQlC/4I8L+ZEo3RDsMFLEpSXyjYcNoX6NhoN5LFLGCMD5nMfrFJ7AvRbiJ+3eR1 3MkM+ire+5OYCk0sptflvRQnev2rzzUMIkLWDxFOSnTIbARqtKxSpzLexfoMmAOJ+S7RtL nQWrfUw/1rRJV4MajfR+6f0mbJS8uKwXiW6nPj0myaWKdVV0nOsjiVPBny2WzI6d+jHAy+ UkfGqASuctH+cJdDClZ9LI87QKFu4HpAO+O9SGKvocYt9S7gisDxFOuzhhwu3Je1DjXc8L T4bw71sxaEpQS8B7mFuDJ7G3RHNZGkJ25RUgRI+GW3KHl7cZ0hLBQp3vXny9Gg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760335751; a=rsa-sha256; cv=none; b=MBJh0q8UyDMIOQqDVo4foy7QBw23QmTz+cr2WKHadjw1pfIRtOO+zd+Ts2gA4u469/qoI0 ybhEFdOsYP6ZtwoIrpfkZDhOBzisaNQ29Bf41yRyS2kewxzKiJ3UQhZYxzppXsqbmNQn9C zpWRPU46QVSItjU7hVPV1IxDvboCq8/3FVpDQHIpSCOZhsURWr5qY7rc1aZ+UpW6LJBK2p 4nrJxRxXNU0LUaKHC07owNwYxqLUEPTDVMOYBaq0tMgOhjxP30jPkZNwHeT0s7PwNGA65x zeKJISqFIENB9KYMg0sKwE0uRL0dilas4FVWCQ6+yiSvOiFEVUbkfGQQYERLzQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clRkb3r15zvBy; Mon, 13 Oct 2025 06:09:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D69B55080712; Mon, 13 Oct 2025 06:09:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D69Bif080709; Mon, 13 Oct 2025 06:09:11 GMT (envelope-from git) Date: Mon, 13 Oct 2025 06:09:11 GMT Message-Id: <202510130609.59D69Bif080709@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Xin LI Subject: git: e1ea6b7b70cf - stable/14 - MFC: libbz2: add pkg-config file (bzip2.pc) List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: delphij X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: e1ea6b7b70cf5204979f6c6112ad54c0036a9f7e Auto-Submitted: auto-generated The branch stable/14 has been updated by delphij: URL: https://cgit.FreeBSD.org/src/commit/?id=e1ea6b7b70cf5204979f6c6112ad54c0036a9f7e commit e1ea6b7b70cf5204979f6c6112ad54c0036a9f7e Author: Xin LI AuthorDate: 2025-10-10 05:35:54 +0000 Commit: Xin LI CommitDate: 2025-10-13 06:09:06 +0000 MFC: libbz2: add pkg-config file (bzip2.pc) Add generation of a bzip2.pc file for use with pkg-config and create a basic template as bzip2.pc.in. This allows other software to easily locate and link against libbz2 using standard pkg-config mechanisms instead of manual compiler and linker flags. The version number is extracted automatically from bzlib.h to keep it consistent with the library sources. Tested: pkg-config --exists --print-errors "bzip2 >= 1.0.9" (fail, expected) pkg-config --exists --print-errors "bzip2 >= 1.0" (succeeded) pkg-config --libs bzip2 (-lbz2) pkg-config --cflags bzip2 () (cherry picked from commit 586319793368cbc664b48187bda60d27e171753a) --- lib/libbz2/Makefile | 13 +++++++++++++ lib/libbz2/bzip2.pc.in | 11 +++++++++++ 2 files changed, 24 insertions(+) diff --git a/lib/libbz2/Makefile b/lib/libbz2/Makefile index 832ec15487b8..3f52b3df6f92 100644 --- a/lib/libbz2/Makefile +++ b/lib/libbz2/Makefile @@ -12,4 +12,17 @@ CFLAGS+= -I${BZ2DIR} WARNS?= 3 +BZIP2_VERSION!= sed -n '/bzip2\/libbzip2 version /{s/.*version //;s/ of.*//p;q;}' ${BZ2DIR}/bzlib.h + +bzip2.pc: bzip2.pc.in + sed -e 's,@prefix@,/usr,g ; \ + s,@exec_prefix@,$${prefix},g ; \ + s,@libdir@,${LIBDIR},g ; \ + s,@sharedlibdir@,${SHLIBDIR},g ; \ + s,@includedir@,${INCLUDEDIR},g ; \ + s,@VERSION@,${BZIP2_VERSION},g ;' \ + ${.ALLSRC} > ${.TARGET} + +PCFILES= bzip2.pc + .include diff --git a/lib/libbz2/bzip2.pc.in b/lib/libbz2/bzip2.pc.in new file mode 100644 index 000000000000..d91c9931a58a --- /dev/null +++ b/lib/libbz2/bzip2.pc.in @@ -0,0 +1,11 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +sharedlibdir=@sharedlibdir@ +includedir=@includedir@ + +Name: bzip2 +Description: bzip2 compression library +Version: @VERSION@ +Libs: -L${libdir} -lbz2 +Cflags: -I${includedir} From nobody Mon Oct 13 06:50:34 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clSfL2kdQz6C3gC; Mon, 13 Oct 2025 06:50:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clSfL26Vxz3LrB; Mon, 13 Oct 2025 06:50:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760338234; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5mKXkcVlIYAbdspUtjrv3wie6MGI9y2zstz3WIPHpLA=; b=klCUBwVORhQ0PwzAW8p0k+fz2G0/eKBduDRchaX0Eim102k8UDPCqr3EmkhEltka+jWxyO cLau77ApIQn8iJOZABT2fcHeJozmTqcpV0nGxccaJxSGr5wVQVMwHGfeVisVLLWD91iXkG 1LfI5EmG4aII0nMXUrcOD+nSiV1UQOBnCsCGu8nHgjjOWeLzbMxWFBL/sFxrJhQUFIN5Ag P4OOAWAbTfFtChBp2Izy8Ot2w2ddTKXRt/B2q2SVrvpe9ydDnQtY2EdLNks23bPPdob1XI mQNbsGaZYjPaUMb/5DjvIXvr75z1BCz1vFSjVVu9YGFuBPwYN2CdN6JySxFzEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760338234; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5mKXkcVlIYAbdspUtjrv3wie6MGI9y2zstz3WIPHpLA=; b=CjQg65vdHHHV/ibfQ5P1nEtxCwiJXDhqCiXgEDI6RoDJww8sPCpSj8yrWFrVMr1g4k39DK X2l/ts/xd0uTQt1k9/x77PcorLYEVi8U1FG41Nev7OjUbif/oVe8SojZmBDwLy/5m91i8a 9k+ZbXE7M+ZuB2RhtEgmMW8lsFbE1vP/ORdfz24OwCPhCaZJt/rOxskYwG4/fu65Ethi6C JgH7R5UX2Fkz2/6MHkRueK9U/O+6sylUQFKC9Gf8KBBiya7FAuCZ59oXPecj0dCCKgZADL w3borBydonAALwBWp+SYRKCaM68SQNCIyZ9sSwGQtIZTvqoaBrgyxbmTwUyXWw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760338234; a=rsa-sha256; cv=none; b=ajVaVnN7U7Mx/ouRI+OJYHKKrsJH5pbkjJFbUh2B/XCB/uJSsiMfQdzuYdHrkwE17aMNGw HyPLMoV2LHS0o1PCJ8s2znJSGWQIikS4Q1mEeuedQc/+4sOI/dENOdzsc79sUrsg6kilC8 /XVnM+mN6ovlH4u8EbowLTH1vvDkvBfRqmZ20Ia7iETugffhENyGCXV+Hts8YaN1vIXcfv xi/ookAnILX+xjpl4pjpCjGDZGlFSAlwGZ24lGusdKW8tbkvi2vSdI/Kdns7pTEmtx7UIk A0L3MYqHaMtf5s9154+dE7rNkLaUB7DGFaGcVLmzOp+mUGPlJ+v11Q+IDp3ruA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clSfL1cp6zwGR; Mon, 13 Oct 2025 06:50:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D6oYsK078901; Mon, 13 Oct 2025 06:50:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D6oYug078898; Mon, 13 Oct 2025 06:50:34 GMT (envelope-from git) Date: Mon, 13 Oct 2025 06:50:34 GMT Message-Id: <202510130650.59D6oYug078898@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Lexi Winter Subject: git: dced18c7703d - stable/15 - libbluetooth: Move to the bluetooth-lib package List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ivy X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: dced18c7703d256a9975bb7143d107f0f07dfd17 Auto-Submitted: auto-generated The branch stable/15 has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=dced18c7703d256a9975bb7143d107f0f07dfd17 commit dced18c7703d256a9975bb7143d107f0f07dfd17 Author: Lexi Winter AuthorDate: 2025-10-12 15:28:20 +0000 Commit: Lexi Winter CommitDate: 2025-10-13 06:32:57 +0000 libbluetooth: Move to the bluetooth-lib package Move the library, but not any of the runtime. This allows executables to link against libbluetooth without having to pull in the entire BT stack. MFC after: 3 days Reviewed by: dch, emaste Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53016 (cherry picked from commit 426891e0f8f1cfae0263ba81ea55f46c547d7762) --- lib/libbluetooth/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/libbluetooth/Makefile b/lib/libbluetooth/Makefile index a6ac291a0bf8..b935bdf3fc78 100644 --- a/lib/libbluetooth/Makefile +++ b/lib/libbluetooth/Makefile @@ -1,6 +1,8 @@ # $Id: Makefile,v 1.5 2003/07/22 18:38:04 max Exp $ PACKAGE= bluetooth +LIB_PACKAGE= + CONFS= hosts protocols CONFSDIR= /etc/bluetooth CONFSMODE_protocols= 444 From nobody Mon Oct 13 06:50:35 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clSfM4gc9z6C468; Mon, 13 Oct 2025 06:50:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clSfM382fz3Lfq; Mon, 13 Oct 2025 06:50:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760338235; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hP/VWUi76Gda6WgaWgTg+RMWFMgOSif84vI3wYR/zO4=; b=QUmiTq7ac8ih8I56rLTvgHCSX7ZHLFJ5hETQiZwOczGKaAJ6QM9m82WmWseFcdpUTqmCTj emAEKhvTixpIW32Vo8J9TqAnX2LJh325DvnJtq+YfxCAyW9j4ITffyLsX3Au5Yu9fdVgAq B9vtgWuvx/QqWh/FICsfZM6r181TKjuDlfrdwczFiHzIHX1Xa2CPlzbe4HuimWfUh3DG7t Vv378QJP5N/WmDuZ9SYzUseTkmTjwwl35PoIW/T0kn2DIuJRp+gDaha0EwB+Bn5gangNUT 4tV2U9P8q5jMzEn4e0Kj5D8gZ4Tff+EPHxusZq/4NvGxtePq2NZQSL7athbQEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760338235; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hP/VWUi76Gda6WgaWgTg+RMWFMgOSif84vI3wYR/zO4=; b=iJRoHXFibvFeyUPVJT4Qifm8obSnVJdq5Hcu9AklfEx3M1CCMzA+BOA7TJVyKuDWNgmSD+ fvdVrP1LNW86lLaQD45U+cxDLRu+drUzCgQlErbvPw39qmNTputd8GZk12y27Q+fneUe+I YwS4ODwmB9d79yY9QPLPlcBpzDxDi3qoTluV3XKi5uMqpbf0iio9AKMLSl4o1vgAQVGZE0 m10LNYYi4YJNT/z9zIF2yuVVeyPoATNwWIIQK1LOsHqGqDmfxFgk7H3g+LzOkx3Xc/MGAi aDPvSQX3Z+RPtxm94ha2eS27MaRRHdRmcg0bbfh84loE9KMrgg6l4Fh+cL/qKw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760338235; a=rsa-sha256; cv=none; b=n4SfHTY0iWgL3rei28VHhHTVy7muVMSQlEq9+H6RLWoPXnbiWd8HQF73RAck7rS2Mmjavy +B+jIoanK3lcbMH9aSZGQbpjoNJf28jSzpoCNd3wVQ5sF7yJUBLizT4sS238o0J5G+jOXb ERWDMhH4QfQuZ0bzrmLRYvtUSWTulPa62ua8cyVhX/3Z6m5CszYqrza1Lxno4xBf4ZoF3z 8qO+9juPI/E5PuAvWhyfbVCUudcuiuCaf9mWm5dMh33u7MLaRJMYtaKovDxG/NFvyNt0vN sbosWesi58c/Qn9xv8UatGT+KdWCpwBM201awXF81YL2y4Fg/ckDqYAHZwv8Qw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clSfM2Tv0zwC1; Mon, 13 Oct 2025 06:50:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D6oZ3J078935; Mon, 13 Oct 2025 06:50:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D6oZhi078932; Mon, 13 Oct 2025 06:50:35 GMT (envelope-from git) Date: Mon, 13 Oct 2025 06:50:35 GMT Message-Id: <202510130650.59D6oZhi078932@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Lexi Winter Subject: git: 861225fbe31b - stable/15 - virtual_oss: Move plugins to the sound package List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ivy X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 861225fbe31b86922d7f9fcfa1d280bde50f862e Auto-Submitted: auto-generated The branch stable/15 has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=861225fbe31b86922d7f9fcfa1d280bde50f862e commit 861225fbe31b86922d7f9fcfa1d280bde50f862e Author: Lexi Winter AuthorDate: 2025-10-12 15:29:17 +0000 Commit: Lexi Winter CommitDate: 2025-10-13 06:33:56 +0000 virtual_oss: Move plugins to the sound package This is the correct place for them, and also issues an incorrect dependency from utilities to sound. Fixes: 1b806e607f52 ("packages: Add a sound package") MFC after: 3 days Reviewed by: christos, dch Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53015 (cherry picked from commit 419dcdc2c981306b0ded44580977d2e053719b14) --- lib/virtual_oss/Makefile.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/virtual_oss/Makefile.inc b/lib/virtual_oss/Makefile.inc index 45c8e0b1fdfc..877465a5c548 100644 --- a/lib/virtual_oss/Makefile.inc +++ b/lib/virtual_oss/Makefile.inc @@ -1,3 +1,5 @@ +PACKAGE= sound + .include "../Makefile.inc" LDFLAGS+= -L${.OBJDIR:H:H}/libsamplerate From nobody Mon Oct 13 06:50:36 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clSfN6xFnz6C46F; Mon, 13 Oct 2025 06:50:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clSfN3yNrz3Lj4; Mon, 13 Oct 2025 06:50:36 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760338236; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2iys0lpsdYBkeJ8VZpS9GARZJu6JRx8DDI6COikuOzc=; b=v3ncUryhIOmhvzB+GHiZQVCzo2dOXKsLXRwnLEuGvSHxGFOt0eD4yhvWoqp/Vl+0+ZJGvh sgp7OihU9Sx02vWD2GklI6QJPG+AOhaiSmM+ysWKmnjOktsUIW/NBjCdXmv9HxhZBS9mUX 40CKQ2RLgYCeNoTnc55pTbK4rp7CAcBM/UF++CmWStM+1W2/AAPtCmn4nm7jig9fAm8vLP k2J3/X8S37B1dOapHiqwRGwEkuVzrvYzEkN8P7YAF/ffNi0+Fyg3BUkyUD7CLsQAZcawYy MvwnAp2wvLvOjIw5AANUplH1hUAwFOycrf48NPS/LLQAu2nMlCZf5QxZ949ynw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760338236; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2iys0lpsdYBkeJ8VZpS9GARZJu6JRx8DDI6COikuOzc=; b=AzeOgSTGJv79eqdSsMlA1eMDynvvp+ZQpHpIE71pF5cRwbyhBxrgKS5ShqpMKJ9/ZavwhV tnyz+XdrlSI0erwT3Y5kYGwP//fyvW/cvra5YmcWjQjovB10yIk9PZG1mHiv90pH0y9SS4 rHpC8PVJf1mmGLIsjL1lcWHVMrnumjabMn36nMvRdRlhpuibtAI2mxV77t3rdCJ1Zr9lum 66EoC73UmGknf8jn6oLiNwSj6gvnK/bL0yC0g+BuY/pTfdK0Z0X/kA4wHOk2tZreJCHD35 7lcXITiok9OOx5EYzIgWR+hZUxYIwmRxekKC0mqLXHnHdx8k60u+OPVAjZEgAw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760338236; a=rsa-sha256; cv=none; b=akS0ZM4Eh/LTYsZM3iMGu2nwRzo3uDSexk+rMHxhRlKrQTVdhEQSvCfinZesf9T8rqw0FQ aE/LITnpm1mCDig4qMf6ODJT4fGzTQYf7KlrBhW0tG3n4be+t6v1w0A9f+8yTUhAXJZyB2 wEhTrge0d1qRgLaQCwwSjduHp3oRSNkMJZcnPgpxST+YpZDhr8pNp8alyj1O1FCfijAIwt K9Pz1eBKnHkobSpEG5NyUVRJ1tCcnUE8Bvh8o2h0kWp/oorj0vqFYiXRslrk/icMgvlZ0F pnikxX4H9EkT7IOsnM06da10Oza42655pv3VI7SM3MLS4IbNPxPTgOrhAQurMw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clSfN3Qx9zvy2; Mon, 13 Oct 2025 06:50:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D6oalh078972; Mon, 13 Oct 2025 06:50:36 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D6oam9078969; Mon, 13 Oct 2025 06:50:36 GMT (envelope-from git) Date: Mon, 13 Oct 2025 06:50:36 GMT Message-Id: <202510130650.59D6oam9078969@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Lexi Winter Subject: git: 663a53d8e795 - stable/15 - release/packages/ucl: Fix typos List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ivy X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 663a53d8e795ff8502908da0be4c4df3cee41c33 Auto-Submitted: auto-generated The branch stable/15 has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=663a53d8e795ff8502908da0be4c4df3cee41c33 commit 663a53d8e795ff8502908da0be4c4df3cee41c33 Author: Lexi Winter AuthorDate: 2025-10-12 15:53:43 +0000 Commit: Lexi Winter CommitDate: 2025-10-13 06:34:08 +0000 release/packages/ucl: Fix typos MFC after: 3 days Sponsored by: https://www.patreon.com/bsdivy (cherry picked from commit 039eba16f969a3ebc6c169fa61880a33d2a95090) --- release/packages/ucl/acpi-all.ucl | 2 +- release/packages/ucl/audit-all.ucl | 2 +- release/packages/ucl/libbegemot-all.ucl | 4 ++-- release/packages/ucl/libbsdstat-all.ucl | 2 +- release/packages/ucl/mandoc-all.ucl | 2 +- release/packages/ucl/yp-all.ucl | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/release/packages/ucl/acpi-all.ucl b/release/packages/ucl/acpi-all.ucl index 9e75822a8a04..9b63b825bd60 100644 --- a/release/packages/ucl/acpi-all.ucl +++ b/release/packages/ucl/acpi-all.ucl @@ -23,7 +23,7 @@ ACPI is a hardware standard allowing the operating system to monitor various hardware devices and system state. For example, ACPI can report whether the system is on AC or battery power. -This packages provides several utilities that can be used to interact with the +This package provides several utilities that can be used to interact with the ACPI implementation in the kernel: * The /etc/rc.d/power_profile service can be used to change system performance diff --git a/release/packages/ucl/audit-all.ucl b/release/packages/ucl/audit-all.ucl index 3324795d8d9c..0ff79f7c6b73 100644 --- a/release/packages/ucl/audit-all.ucl +++ b/release/packages/ucl/audit-all.ucl @@ -39,7 +39,7 @@ The audit facility implements the de facto industry standard BSM API, file formats, and command line interface, first found in the Solaris operating system. -This packages provides the auditing daemon auditd(8) and various utilities +This package provides the auditing daemon auditd(8) and various utilities used to manage the auditing system and work with audit data. EOD diff --git a/release/packages/ucl/libbegemot-all.ucl b/release/packages/ucl/libbegemot-all.ucl index 812e94f72eaf..5bead26f69f8 100644 --- a/release/packages/ucl/libbegemot-all.ucl +++ b/release/packages/ucl/libbegemot-all.ucl @@ -41,8 +41,8 @@ calls are however clumsy to use and the usage of one of these calls is probably not portable to other systems - not all systems support both calls. The rpoll(3) family of functions is designed to overcome these restrictions. -They support the well known and understood technique of event driven programing -and, in addition to select(2) and poll(2) also support timers. +They support the well known and understood technique of event driven +programming and, in addition to select(2) and poll(2) also support timers. EOD annotations { diff --git a/release/packages/ucl/libbsdstat-all.ucl b/release/packages/ucl/libbsdstat-all.ucl index 144d4200fed9..56efee79a334 100644 --- a/release/packages/ucl/libbsdstat-all.ucl +++ b/release/packages/ucl/libbsdstat-all.ucl @@ -19,7 +19,7 @@ comment = "Periodic statistics library" desc = < To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Lexi Winter Subject: git: 53fcc7f9b0de - stable/15 - bridge.4: Fix the synopsis for -ifuntagged List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ivy X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 53fcc7f9b0de48449ff3c80140448dd620f44214 Auto-Submitted: auto-generated The branch stable/15 has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=53fcc7f9b0de48449ff3c80140448dd620f44214 commit 53fcc7f9b0de48449ff3c80140448dd620f44214 Author: Lexi Winter AuthorDate: 2025-10-13 05:57:57 +0000 Commit: Lexi Winter CommitDate: 2025-10-13 06:34:24 +0000 bridge.4: Fix the synopsis for -ifuntagged This command doesn't accept a vlan-id. PR: 290141 MFC after: 3 days Reported by: Paul Procacci Reviewed by: ziaee (manpages) Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53049 (cherry picked from commit dc978c5cb55b75d292c7ef32564f5c376685234b) --- sbin/ifconfig/ifconfig.8 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index c4184ba61ee4..bf9a032d8c58 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 12, 2025 +.Dd October 12, 2025 .Dt IFCONFIG 8 .Os .Sh NAME @@ -2769,7 +2769,7 @@ Set the untagged VLAN identifier for an interface. Frames received on this interface without an 802.1Q tag will be assigned to this VLAN instead of the default VLAN 0, and outgoing frames on this VLAN will have their 802.1Q tag removed. -.It Cm -ifuntagged Ar interface Ar vlan-id +.It Cm -ifuntagged Ar interface Clear the untagged VLAN identifier for an interface. .It Cm defuntagged Ar vlan-id Enable the From nobody Mon Oct 13 07:07:16 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clT1c3Ydyz6C5HN; Mon, 13 Oct 2025 07:07:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clT1c2n0Mz3Qc6; Mon, 13 Oct 2025 07:07:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760339236; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vdwawFqwdo91pp4oxY/bH6RDcxRFNQ6soEEcz0s6TLY=; b=Lgl9/T8PpG2YmuJBYglJ/Qmb5TmCZ5XXxxuwsVb+RRplZKxJrPG6eFBFi2STEl40YPhU5v ACRiRpDIiX1du1uOyKJRXFWcMzrVe80jMjoKsmWZOFpb1zGDQCSpDBaHjXwjbfBWY388vC CCwasB1nv95GBNbBWZsJZxlkf8JM28Lnn2gCZocC3O2uRUTPGKsivEEy5J2NgnfDt27VW6 fXtq07t6o5kAPG9eKZKrzETSm91cAGjh8WPTYAVc8IK0pS/V6xWXfDIVaSG0iMVZztPB76 aAP3TVy91idkQ9NRNEh1esv6tXHhcNTBXI4UEJGj+Fl6tBfQkTLm7lS6fu/cZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760339236; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vdwawFqwdo91pp4oxY/bH6RDcxRFNQ6soEEcz0s6TLY=; b=lkp8+W3VzQgjQpQqU3WoBVGha/fOChEpEOvIGM53q8/zY3gNkJeW/SIIV1GwavcE8ycF/B nwjoGkpO3/0wLMukkQKNJk9/cRkCIj8FBShdg/SYOGtlGrn6w+pF4y2M+/pI4MikE0gvE1 a/JONFn/y3k7SjWqltjTWs2TQAAFZvpuZggdst+v8uxDdaFjYI+Pp+O8wERtkBckDwVJh3 9hffxFWToiAIUBY/EHeW5d2RcoKUZ2PsHw2Kmp/nVT9fXjciRrOJ330Esxjq7u3z0Pkwf1 CeuLXbcSOkzYBg5Af/RshmA7nuhtVcc3p2QkzbZRD7TRdnd/3rASZDUF6Jk0fg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760339236; a=rsa-sha256; cv=none; b=T8zPAtQXfNByh1behNYQSe9x3FULsRIqAr3PTpr5CNWEddZ2V4RCJAS4tz8ELqVZw5uJai bdy0GzTekFJ75T8Qp+7KMD93TR88m8gfBULFiOya/G0qV8anogCjrPs24rluf8iSNhM9Wl MTZGZ/KTVQdy0rHZXJJtWnVeDgTZ8e/Att/HgrBBCbzmMUZwjDoVyg3BaidTvs1zGaGe8h 8/Uj7CmppF6tg431YArqRnyjPGIwBECm9YZ+2NExY2SnlXCxJFgqCbwDEOxbdAP0tBCZa7 M88b2rUYPtEktyTtoFD7oAQdEH3RxVqXVmdl0uMRyVsmhJZV8YTT/tXftrzy1w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clT1c2M3mzx3K; Mon, 13 Oct 2025 07:07:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D77Ggq008057; Mon, 13 Oct 2025 07:07:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D77GIF008054; Mon, 13 Oct 2025 07:07:16 GMT (envelope-from git) Date: Mon, 13 Oct 2025 07:07:16 GMT Message-Id: <202510130707.59D77GIF008054@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: 0fa9385d10c5 - releng/15.0 - bridge.4: Fix the synopsis for -ifuntagged List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: 0fa9385d10c530cccb36aef602840a7c0a094513 Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=0fa9385d10c530cccb36aef602840a7c0a094513 commit 0fa9385d10c530cccb36aef602840a7c0a094513 Author: Lexi Winter AuthorDate: 2025-10-13 05:57:57 +0000 Commit: Colin Percival CommitDate: 2025-10-13 07:06:21 +0000 bridge.4: Fix the synopsis for -ifuntagged This command doesn't accept a vlan-id. Approved by: re (cperciva) PR: 290141 MFC after: 3 days Reported by: Paul Procacci Reviewed by: ziaee (manpages) Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53049 (cherry picked from commit dc978c5cb55b75d292c7ef32564f5c376685234b) (cherry picked from commit 53fcc7f9b0de48449ff3c80140448dd620f44214) --- sbin/ifconfig/ifconfig.8 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index c4184ba61ee4..bf9a032d8c58 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 12, 2025 +.Dd October 12, 2025 .Dt IFCONFIG 8 .Os .Sh NAME @@ -2769,7 +2769,7 @@ Set the untagged VLAN identifier for an interface. Frames received on this interface without an 802.1Q tag will be assigned to this VLAN instead of the default VLAN 0, and outgoing frames on this VLAN will have their 802.1Q tag removed. -.It Cm -ifuntagged Ar interface Ar vlan-id +.It Cm -ifuntagged Ar interface Clear the untagged VLAN identifier for an interface. .It Cm defuntagged Ar vlan-id Enable the From nobody Mon Oct 13 07:07:17 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clT1d61wJz6C59J; Mon, 13 Oct 2025 07:07:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clT1d3jZYz3Qw9; Mon, 13 Oct 2025 07:07:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760339237; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hg/4+zixhSv5QpateL/Teyq2nEalKPDoyQj6fa0jK5I=; b=vlvKDruOWw18QxiYnILW5qTU7LZWwgmUnEGyY731L9Vj7ujA5qVi0zCwWtT5smEXZHDW80 0SeWPKhYDcM10Qo+dw7F9mkuwHDEy1XMRUPBXxUg9I/amY6eOXJbY8hDxiFEjRDNICU3WG 6zUVpA0wW4fBefZEJKMez751kVU0UXqX1bRrDAYPclJrUNejMITOnd//tuLGKvZ5vPPb8m vMiu1HhRvZqq5f1tsfpUodRYaXyn2BrmSnBThxAmwUNENE3So6JDxnmlKiIybyKjnCqEJO 12Rkd2yiW8G+8i7wO354lGUSMXYmg5iAiblpkUu4Hlytop5FAa/hSl0A/JZ1Jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760339237; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hg/4+zixhSv5QpateL/Teyq2nEalKPDoyQj6fa0jK5I=; b=qK9iOhhU8vhB46Q49inzKoHfhsYgj0fhydOIGHGah/ggmrNFOewpG9YQDLO8+pD3numLh1 9FX+EzP8Tf+FYnpX0kT77HdlMD28XwOMRcBTBhzJ3wyYS6aoqJTKx4R5wwDV4cEU2znYMD VGOhLGxU0p+ocxw3NmHV8U3SXY86nWLJZYpdKlZk/ZVB9gAGS+/jamIU3mQaVJgK//zFCy xbatSDDMI/5ptDHXi+gsrIklt+ZoLHTIgMn2jzjRGS++zFM/x87URC64srTwhYJm2Upi95 oQMCDC0htKloj6LBMOHdO04NzyU3XszJSuIdvQOjCajac4p08PoZgTpaRX8J4w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760339237; a=rsa-sha256; cv=none; b=Y6O3B7uLfv0zH9IrneB/BOtLhE7m1yCcaCHV95CSAl6CDF8I2lpfNH8kTK3CEc4FR27THF ag0mQRuxFlYdOYVs5gAPf9C/jrjUEnjr8QpZXdgMP9pwIQQ6otYayll9NNEF7R6wmFPsA6 rwAL3+dcmAM7hTS7QF1COFgU+39uTgzbFZ+0RpY8mXxSUeEhynCABKstfpAYLpUoJr53lx FO0WSYFIoRJPj0nkZKrJwMDD1KuXP+onXOcqdV8rT76fVK5BYm7q2nFRhnG3Hm2XRXRfa9 AkpGQTnOCUgNX0Z7UMBYYxTJQmqV3wT2rmfxk2FYXuumzq+ZYAygWusU7YAddw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clT1d3GZfzwm4; Mon, 13 Oct 2025 07:07:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D77He2008089; Mon, 13 Oct 2025 07:07:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D77H4q008086; Mon, 13 Oct 2025 07:07:17 GMT (envelope-from git) Date: Mon, 13 Oct 2025 07:07:17 GMT Message-Id: <202510130707.59D77H4q008086@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: fde09c830088 - releng/15.0 - release/packages/ucl: Fix typos List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: fde09c830088ba4fabdb5f05f608e04e60d83f11 Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=fde09c830088ba4fabdb5f05f608e04e60d83f11 commit fde09c830088ba4fabdb5f05f608e04e60d83f11 Author: Lexi Winter AuthorDate: 2025-10-12 15:53:43 +0000 Commit: Colin Percival CommitDate: 2025-10-13 07:06:29 +0000 release/packages/ucl: Fix typos Approved by: re (cperciva) MFC after: 3 days Sponsored by: https://www.patreon.com/bsdivy (cherry picked from commit 039eba16f969a3ebc6c169fa61880a33d2a95090) (cherry picked from commit 663a53d8e795ff8502908da0be4c4df3cee41c33) --- release/packages/ucl/acpi-all.ucl | 2 +- release/packages/ucl/audit-all.ucl | 2 +- release/packages/ucl/libbegemot-all.ucl | 4 ++-- release/packages/ucl/libbsdstat-all.ucl | 2 +- release/packages/ucl/mandoc-all.ucl | 2 +- release/packages/ucl/yp-all.ucl | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/release/packages/ucl/acpi-all.ucl b/release/packages/ucl/acpi-all.ucl index 9e75822a8a04..9b63b825bd60 100644 --- a/release/packages/ucl/acpi-all.ucl +++ b/release/packages/ucl/acpi-all.ucl @@ -23,7 +23,7 @@ ACPI is a hardware standard allowing the operating system to monitor various hardware devices and system state. For example, ACPI can report whether the system is on AC or battery power. -This packages provides several utilities that can be used to interact with the +This package provides several utilities that can be used to interact with the ACPI implementation in the kernel: * The /etc/rc.d/power_profile service can be used to change system performance diff --git a/release/packages/ucl/audit-all.ucl b/release/packages/ucl/audit-all.ucl index 3324795d8d9c..0ff79f7c6b73 100644 --- a/release/packages/ucl/audit-all.ucl +++ b/release/packages/ucl/audit-all.ucl @@ -39,7 +39,7 @@ The audit facility implements the de facto industry standard BSM API, file formats, and command line interface, first found in the Solaris operating system. -This packages provides the auditing daemon auditd(8) and various utilities +This package provides the auditing daemon auditd(8) and various utilities used to manage the auditing system and work with audit data. EOD diff --git a/release/packages/ucl/libbegemot-all.ucl b/release/packages/ucl/libbegemot-all.ucl index 812e94f72eaf..5bead26f69f8 100644 --- a/release/packages/ucl/libbegemot-all.ucl +++ b/release/packages/ucl/libbegemot-all.ucl @@ -41,8 +41,8 @@ calls are however clumsy to use and the usage of one of these calls is probably not portable to other systems - not all systems support both calls. The rpoll(3) family of functions is designed to overcome these restrictions. -They support the well known and understood technique of event driven programing -and, in addition to select(2) and poll(2) also support timers. +They support the well known and understood technique of event driven +programming and, in addition to select(2) and poll(2) also support timers. EOD annotations { diff --git a/release/packages/ucl/libbsdstat-all.ucl b/release/packages/ucl/libbsdstat-all.ucl index 144d4200fed9..56efee79a334 100644 --- a/release/packages/ucl/libbsdstat-all.ucl +++ b/release/packages/ucl/libbsdstat-all.ucl @@ -19,7 +19,7 @@ comment = "Periodic statistics library" desc = < To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: e74f3a9494cb - releng/15.0 - virtual_oss: Move plugins to the sound package List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: e74f3a9494cb54f3a5c80e439af72c76cb14b94c Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=e74f3a9494cb54f3a5c80e439af72c76cb14b94c commit e74f3a9494cb54f3a5c80e439af72c76cb14b94c Author: Lexi Winter AuthorDate: 2025-10-12 15:29:17 +0000 Commit: Colin Percival CommitDate: 2025-10-13 07:06:44 +0000 virtual_oss: Move plugins to the sound package This is the correct place for them, and also issues an incorrect dependency from utilities to sound. Approved by: re (cperciva) Fixes: 1b806e607f52 ("packages: Add a sound package") MFC after: 3 days Reviewed by: christos, dch Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53015 (cherry picked from commit 419dcdc2c981306b0ded44580977d2e053719b14) (cherry picked from commit 861225fbe31b86922d7f9fcfa1d280bde50f862e) --- lib/virtual_oss/Makefile.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/virtual_oss/Makefile.inc b/lib/virtual_oss/Makefile.inc index 45c8e0b1fdfc..877465a5c548 100644 --- a/lib/virtual_oss/Makefile.inc +++ b/lib/virtual_oss/Makefile.inc @@ -1,3 +1,5 @@ +PACKAGE= sound + .include "../Makefile.inc" LDFLAGS+= -L${.OBJDIR:H:H}/libsamplerate From nobody Mon Oct 13 07:07:19 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clT1h5nF6z6C5LF; Mon, 13 Oct 2025 07:07:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clT1g58V5z3QfM; Mon, 13 Oct 2025 07:07:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760339239; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MZBlag4JGu4Z7yabI0J/jUhS0vTgA3FuvjewtM2ap34=; b=oEfTrmnG1JlszdI2U0o8se0IK5V/hF8dtfnKFhsyWj4QsoCjMoA8QbQ+rGjxwjb2CmyVH0 s7pP875BqXUhJe/wSr7WFK28RxO0khKqPe6PsEpAgg3vybn64cN6Wh3Dv2xUQ6FTWblpfG LAa7Ly2wBsl60ldTk/md/AefnrTG0Y8GMb60hoZOFddFXlXT+fwv+rhicZsGnKa4jF8mG+ bjKPWJopPAJNrOjpa7ZOaVu6oTLSL7VOM1ZoGlK7JToalyoIJ7Jifdc32uKClAduJXYV3i zTGrtTbZrVK0/GryWKL0TwifhE1qJUdS6ejwVeXumLLnZJPnPMH+nJfnR/A6Aw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760339239; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MZBlag4JGu4Z7yabI0J/jUhS0vTgA3FuvjewtM2ap34=; b=Z2wui6h/SNsE5tEvLv1TDT+kXIu2bsc3phEL+sKi6s/fFJGa/v7KWUpPANTZjy9BKtebSh kWYi3/uL+oNL6Ea0UohBZf7sxUzAOgf7RCFd917+tIAMR6JTzh8uDG0IBRax92ATirY0po BemE8/rFs05ZFifSGZ9ZRLSZn+dT8ZHql9G9geEWU6YR/7FvW399rSYgPwdG0/q/GGWE6u F1h/+eAH4gAVpOkEk/hReJgbLzO4f8eRy2sZhGI3aX4ZsqJKp1wZsFyQDfRZflfW2iFYGT fsSQx954tu0xYkfXeFtzgzh1SMV/1wfHl9D774hpBCZ32gLeb1LN4J/idab7Pw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760339239; a=rsa-sha256; cv=none; b=xAjxUH2HALfiAGDII3GWY192UIA4yc9rJ4nl9BcdF1q6zWzXDYnN6Qwm99fYW2jwj/GczN AuXZ4XZSzcNGI4NmID9WzZmts+lfE6MNbg02uV+soW53VghHwLd52Au8nkkJMOEwrLsr8W udcBpxf4V/vZFZU1dBjw362Bq5vud2uc1nN+1yk4kKwWgYd5WXzvWs987dxTn03f2Ow9hu tIi4HNUG63tmVCu1KKkiVWX1WX8JSNz0UlX6GNsRZVnqcdQiq0JhRMi9U4coEGIevblAfF /e5xuW/2r2OdMoU8pAjrvM6p57HUjGiVxP9kGssixHUnEmIuyo3fWqQo0NFFQA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clT1g4dQ1zwHb; Mon, 13 Oct 2025 07:07:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59D77JkC008156; Mon, 13 Oct 2025 07:07:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59D77JPq008153; Mon, 13 Oct 2025 07:07:19 GMT (envelope-from git) Date: Mon, 13 Oct 2025 07:07:19 GMT Message-Id: <202510130707.59D77JPq008153@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: ab0d79d53721 - releng/15.0 - libbluetooth: Move to the bluetooth-lib package List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: ab0d79d5372194a1563b033cbc81dac4aba5ae09 Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=ab0d79d5372194a1563b033cbc81dac4aba5ae09 commit ab0d79d5372194a1563b033cbc81dac4aba5ae09 Author: Lexi Winter AuthorDate: 2025-10-12 15:28:20 +0000 Commit: Colin Percival CommitDate: 2025-10-13 07:06:47 +0000 libbluetooth: Move to the bluetooth-lib package Move the library, but not any of the runtime. This allows executables to link against libbluetooth without having to pull in the entire BT stack. Approved by: re (cperciva) MFC after: 3 days Reviewed by: dch, emaste Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53016 (cherry picked from commit 426891e0f8f1cfae0263ba81ea55f46c547d7762) (cherry picked from commit dced18c7703d256a9975bb7143d107f0f07dfd17) --- lib/libbluetooth/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/libbluetooth/Makefile b/lib/libbluetooth/Makefile index a6ac291a0bf8..b935bdf3fc78 100644 --- a/lib/libbluetooth/Makefile +++ b/lib/libbluetooth/Makefile @@ -1,6 +1,8 @@ # $Id: Makefile,v 1.5 2003/07/22 18:38:04 max Exp $ PACKAGE= bluetooth +LIB_PACKAGE= + CONFS= hosts protocols CONFSDIR= /etc/bluetooth CONFSMODE_protocols= 444 From nobody Mon Oct 13 15:28:54 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clh8Q3xkWz6Bwvx; Mon, 13 Oct 2025 15:28:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clh8Q2vjzz3pZT; Mon, 13 Oct 2025 15:28:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760369334; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=c08zRSFQ0sdRnq3AxGHzxE7VKpNNOMZULBA9VcsrIa8=; b=ffnk331u1jtIksxSvDsmarItr25PxF/zW72qs4+Gvc4ADHhNMp0Rxzti74fAyZBC7aT6Dv nDpyzHxZ+m0NfNwqpGWhFOZJyK0SN2kje4m6KH/ce4jeQ+xAgopfsdkldQmM7Pne+/+F4v 5xOYXC02gDajfETEqkB4i+964MxFSkg8Y6VBcVPD1u5Ki+dpwfYKRYTD+LjSjH8ubteMpC 90SQDUX7vQ/cUpcmSH0rN89zsKPP1EO8/Y+TSzBF5JLIDkBKtIACN1Y1DKPwTRW2OM/Z14 PgulE5ffrs37o4q/Dfw1VI9OquiUxZIBIYSSFoTn4V/LQ40CtSf6ggmJiRDk2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760369334; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=c08zRSFQ0sdRnq3AxGHzxE7VKpNNOMZULBA9VcsrIa8=; b=hK8YT09EJdqSH8c04DzJpo7mg+Af0BKwx8RLsoP3RZ4aIoNBtfcinR7VkseF8LOojRiGXc hjVjnQL3G+yT+MmVsmxOMSP/giA1J4+yqeX+utQyAuOCL1ggcC5lR4AcC/TWCpzeT32qoy ly4yWKHNb8ntfUFyWIUgqYOaNyCiqg60BPp0d0xqRJ/qEmGwPjgmjJ+AyvEsn/j7BaGCs0 HiXVWpZ14JLfQ7DCYQ2LDWBKdPUc9ARWevf0Ik99Soo2H0Eokctey7YUP0jl08pytDrhZs NAiiwAF1d6vT5uHu0gi4VkARplxzEUhNwLNA5Ao7rODlFDp5wZoLBinPNWi0eA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760369334; a=rsa-sha256; cv=none; b=W98VqQ8fxb17M3SsyMeVAvRMAKzSRsoQl5KDkUD8pPahCrgvt958nm2hZQuTBDSeqbN72l TkMr8vFw4NGjl8p1NXs4CDF18ONANgYxkgbpbLUvfgDZhXFfwKpoLh/ercPLryBCpzigaL xat7sTCxhGS9g89nhTcMICJj01sE3Gw++r9/48kVpGrujfshM13m815iILDNrJGUxmnKwt l+gIEcJ3+44oz5AoHn7ky4vBTnu2Zkjw09Dt1ZwvfvUpE2yCwGUTE34s29wjK7C33e1UAK 273zA8gLAhtXLTabIlOPHYFjCGRLaxw+LqSPyXuYm5uM+chV/BnEKQGfDV1WIw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clh8Q2MWxz1BlJ; Mon, 13 Oct 2025 15:28:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59DFSs9Z050725; Mon, 13 Oct 2025 15:28:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59DFSs8F050722; Mon, 13 Oct 2025 15:28:54 GMT (envelope-from git) Date: Mon, 13 Oct 2025 15:28:54 GMT Message-Id: <202510131528.59DFSs8F050722@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: 573cb59c35de - releng/15.0 - MFC: libbz2: add pkg-config file (bzip2.pc) List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: 573cb59c35deb4e9dd720c736d7984773fd1068d Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=573cb59c35deb4e9dd720c736d7984773fd1068d commit 573cb59c35deb4e9dd720c736d7984773fd1068d Author: Xin LI AuthorDate: 2025-10-10 05:35:54 +0000 Commit: Colin Percival CommitDate: 2025-10-13 15:28:24 +0000 MFC: libbz2: add pkg-config file (bzip2.pc) Add generation of a bzip2.pc file for use with pkg-config and create a basic template as bzip2.pc.in. This allows other software to easily locate and link against libbz2 using standard pkg-config mechanisms instead of manual compiler and linker flags. The version number is extracted automatically from bzlib.h to keep it consistent with the library sources. Approved by: re (cperciva) Tested: pkg-config --exists --print-errors "bzip2 >= 1.0.9" (fail, expected) pkg-config --exists --print-errors "bzip2 >= 1.0" (succeeded) pkg-config --libs bzip2 (-lbz2) pkg-config --cflags bzip2 () (cherry picked from commit 586319793368cbc664b48187bda60d27e171753a) (cherry picked from commit f139a644d3ee01667480ff6d698757d3e3689794) --- lib/libbz2/Makefile | 13 +++++++++++++ lib/libbz2/bzip2.pc.in | 11 +++++++++++ 2 files changed, 24 insertions(+) diff --git a/lib/libbz2/Makefile b/lib/libbz2/Makefile index d773f202dd67..2aedbaed4328 100644 --- a/lib/libbz2/Makefile +++ b/lib/libbz2/Makefile @@ -13,4 +13,17 @@ CFLAGS+= -I${BZ2DIR} WARNS?= 3 +BZIP2_VERSION!= sed -n '/bzip2\/libbzip2 version /{s/.*version //;s/ of.*//p;q;}' ${BZ2DIR}/bzlib.h + +bzip2.pc: bzip2.pc.in + sed -e 's,@prefix@,/usr,g ; \ + s,@exec_prefix@,$${prefix},g ; \ + s,@libdir@,${LIBDIR},g ; \ + s,@sharedlibdir@,${SHLIBDIR},g ; \ + s,@includedir@,${INCLUDEDIR},g ; \ + s,@VERSION@,${BZIP2_VERSION},g ;' \ + ${.ALLSRC} > ${.TARGET} + +PCFILES= bzip2.pc + .include diff --git a/lib/libbz2/bzip2.pc.in b/lib/libbz2/bzip2.pc.in new file mode 100644 index 000000000000..d91c9931a58a --- /dev/null +++ b/lib/libbz2/bzip2.pc.in @@ -0,0 +1,11 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +sharedlibdir=@sharedlibdir@ +includedir=@includedir@ + +Name: bzip2 +Description: bzip2 compression library +Version: @VERSION@ +Libs: -L${libdir} -lbz2 +Cflags: -I${includedir} From nobody Mon Oct 13 18:32:18 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clmD23sT1z6CB0t; Mon, 13 Oct 2025 18:32:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clmD233x5z3DHJ; Mon, 13 Oct 2025 18:32:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760380338; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rUvflG+cCRv2AfzLI9R/E/K6xwN6ROwmDmzoh3OnSD8=; b=V42ESnpn+x9jxFSqjG6nwM6uto0neCs8l3UD7NxN/ICGAO8zXN3LE78uvTUz9FjfVv873O VCZ+0sFRHYwmvsN4rrO799LQpVrw6LZIrcrCjaCuL/pnDdY451rbrbdx2kPPamEtUw66Wg JGeWSeXOdq+TGoUgTGrig8kzSEoUcfm8edP8zETyX9z38kD+xP6gVeHJhCa8bALVbfUxIB nhVugKyaMcPgeOGOqqqyiPsHvfyfRZM1ta/WqPLWNAGzRxqksezzIGAdQw/+IuZJySc3vQ IbsVtx+1QCZCHd1ETpi5ZvWyfqzyliZcM/1BGDMjFtjh7wu9S4xMg3ZqisZ59Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760380338; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rUvflG+cCRv2AfzLI9R/E/K6xwN6ROwmDmzoh3OnSD8=; b=H7qTZyMAXr79GJ7V/ZnRnAxGPx5g1iqvgXDl0XB+pqPCmmFlZ3+glOenO2+rQbtVpVoIDH NaNuOFYkImr/bsmxVtl/KIfOmsZe7ywwMXkZ7tdrigMB5TSqvMsgLUlUulfMlWT6yQQ/Zz jISGsszfB9CryMYeGX8dnnCxwCqUuCx3/QusiwABp15Hc4EZehXxdBqKDB+aBBM9pJbPwl qOfBTk7n8f63haJHpzdf1BJI5QOfGVasnnr7OPvqsBEC7nhzSXFAQCWIFmlaFeMz3s2kYB /sCjdmpqqUVx7d4NX1nCldmbD8MYzyM5w+QS3dq8fQJNK4j8IIFAaJE26nwGHw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760380338; a=rsa-sha256; cv=none; b=Kn/ZOojmFj5LHuRmlrB7BGXRx0e+dt25YopXGa+RBfwhjN98/rbT4iKsju5SCLmTSf4BYK o1xajaALmBNms77kKcFftnbmoh5Z4eJWQwVxXb3DyUg43VmTYTVaaA1Gd8Kr2gJIw8jXr0 8pfcj76swlitQX/uYRcwWmQOZUD59kMW03RcqpEQNidqPVL0q+aRQJFCdjoqgE46tdg34+ 30SyYYAOwnmP0tXcdw9Rphx+suDBrD8VgGJXz03869lJIBbWWUSu12HMbpXI2XOMVRPnL4 b++0MW8IijyFxP1RwHyoSKbvBqzTNNp+GwCZbnxktsC9lmQFtSOIZgpQRDD/Qg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clmD22gZFz3Zj; Mon, 13 Oct 2025 18:32:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59DIWIpO005413; Mon, 13 Oct 2025 18:32:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59DIWIEo005410; Mon, 13 Oct 2025 18:32:18 GMT (envelope-from git) Date: Mon, 13 Oct 2025 18:32:18 GMT Message-Id: <202510131832.59DIWIEo005410@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Lexi Winter Subject: git: 3b5ec539beef - stable/15 - Makefile.inc1: Build source packages before sets List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ivy X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 3b5ec539beefb82dd3210f51c0e2e0759b20dad8 Auto-Submitted: auto-generated The branch stable/15 has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=3b5ec539beefb82dd3210f51c0e2e0759b20dad8 commit 3b5ec539beefb82dd3210f51c0e2e0759b20dad8 Author: Lexi Winter AuthorDate: 2025-10-13 18:30:31 +0000 Commit: Lexi Winter CommitDate: 2025-10-13 18:32:06 +0000 Makefile.inc1: Build source packages before sets To build set-src, we first need to build the source packages. Add a .ORDER to ensure this happens. Otherwise, in a parallel build, sets might be built before the src-* packages have finished building, and set-src will be mysteriously missing. MFC after: 3 seconds Reported by: cperciva Actually diagnosed by: jrtc27 One-line fix by: ivy Reviewed by: cperciva Differential Revision: https://reviews.freebsd.org/D53076 (cherry picked from commit ea5685ba79fc9309698ef72cf48bc1f0c91ad3dd) --- Makefile.inc1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.inc1 b/Makefile.inc1 index cd3e3f007c3b..d530ca4e9584 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -2107,6 +2107,7 @@ create-packages-world: _pkgbootstrap _repodir .PHONY .ORDER: create-packages-world create-packages-sets .ORDER: create-packages-kernel create-packages-sets +.ORDER: create-packages-source create-packages-sets create-packages-sets: _pkgbootstrap _repodir .PHONY ${_+_}@cd ${.CURDIR}; \ ${MAKE} -f Makefile.inc1 \ From nobody Tue Oct 14 00:57:31 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clwmW3jfJz6CfJf; Tue, 14 Oct 2025 00:57:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clwmW3VC8z3vT0; Tue, 14 Oct 2025 00:57:31 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403451; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MwRGuIQjEYM0ZEHdAmB5jeaCuwWI+P+bo/gdPbYHBMQ=; b=hABVOkZQpAlEdqpFlyeQ1/5QZKc58hKjpxIaZVlcTQ+Rua9MLuMVS8F+zXRcU/q9kKN9yV A67xNSiTS2jcJOyFX45s6+p3Ua52qpaWXIO0T69kHInOLji8btWs2kBloMQmDJxKLj3709 8C9MVExUnrodUt+3yArTFU0hbUwEcDZGAMUV1IRYEZaNJZi8+RNse3D4IhIhtX0t48eg8y Ed3f4iYq1liu5jX+6Phq0rhUjOzOF6w8nlQQaDPSeTQ5ImuUv2r9ZRtiS5TseNEIyfdtXL 8lXo6Wo5OEvyDNLfk+tvIp0lRiLdPwxV+4EbTeQMn8aJ1X5LYYl2kUuWodvUMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403451; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MwRGuIQjEYM0ZEHdAmB5jeaCuwWI+P+bo/gdPbYHBMQ=; b=ZGvZpVKLLA7R/pu9KPAKhLHITeBU5wMi191ZV1TBvXtxQJwVQxKeA/9v96HuOfMb93snhC /ZqplgWD2Vtxo7B8U47zZ2Q+sq0z36XxSWFqpvkTglu9dO8IDwpT5/BLKmjVM1Int0faUO J8rS2dzhvUcWwJ5lL5kOjn15w8eTgHhi0LLU8K1DvZUoXp43tjJ94cDEez4ZYd+uqq5nZS 2bGY/ljmfb6vi0J1BI3pFJdkW6h9/fN30AJcI0KtY8WRz6qxzKpz0Nm+zSaILwBdJvqsDf Qg+OXDbZ5fEB74XgY318Hp9MFVMa/itla+5bNq5jIANpAClFVJt6XK7ZAWOl5A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760403451; a=rsa-sha256; cv=none; b=mTtOibC6iQ/oDHukM5CKzf8qgNIZ3q7w7bUEYxfgmU5i60XwjOePBmuhd4gwf/ilKu1VAL wdhlP6ID4CS4pkhjmb80bEwgmaG/mGxYPT0Upu8HbOCOi+TaTtBoYXcj8l9b7gwu0E2lBp yGgoDLlMCNWyAqmS7EC8JtXSBGCtCvd6lPk/EKpVA4nrmN06OYIMtNNoOMAKU9KWQv3ynF esCGu9arxN/3H7U7h6SgMKrSaoUy+LMCvKsEVmiey9fnrAxcG5upVKKUO+lAuPQoutvn9I xcBJ1v3h0zhobEWl9BluFqGVatUerSu0EuimDiLALpldPXaHtacsTh19iiFE5A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clwmW2tfxzVVM; Tue, 14 Oct 2025 00:57:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E0vVUd021525; Tue, 14 Oct 2025 00:57:31 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E0vVkr021522; Tue, 14 Oct 2025 00:57:31 GMT (envelope-from git) Date: Tue, 14 Oct 2025 00:57:31 GMT Message-Id: <202510140057.59E0vVkr021522@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: 1a08326c6f50 - stable/15 - MFV: Import blocklist 2025-04-28 (8aa81bf) List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 1a08326c6f503db5f0fb9201cdf55379bbe576e8 Auto-Submitted: auto-generated The branch stable/15 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=1a08326c6f503db5f0fb9201cdf55379bbe576e8 commit 1a08326c6f503db5f0fb9201cdf55379bbe576e8 Author: Jose Luis Duran AuthorDate: 2025-10-12 17:01:03 +0000 Commit: Jose Luis Duran CommitDate: 2025-10-14 00:51:43 +0000 MFV: Import blocklist 2025-04-28 (8aa81bf) Merge commit '70f30afd4e9af5a51ee324d97e4d8c5f2124ec15' Breaking changes: - Upstream commit 24932b6 ("blocklistd: log the conf file line number with bad protocol errors") breaks backward database compatibility. An error will be displayed: Key size mismatch 296 != 288 A new and compatible database, with the new name, will be created when the service starts (committed separately). - Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a "one-count" failure") introduced BLOCKLIST_BAD_USER with a one-count failure mechanism. BLOCKLIST_AUTH_FAIL was implemented with a two-count failure mechanism. Since we utilize BLOCKLIST_AUTH_FAIL, the number of failed attempts now doubles towards the maximum limit (nfails). This commit will be reverted separately. Changes: https://github.com/zoulasc/blocklist/compare/7093cd9...8aa81bf Approved by: emaste (mentor) MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D52869 (cherry picked from commit 48e64ca13d4f36795ac718911b805e3e9a726f1b) --- contrib/blocklist/Makefile | 2 +- contrib/blocklist/Makefile.inc | 7 +- contrib/blocklist/README | 52 ++-- contrib/blocklist/TODO | 49 +++- contrib/blocklist/bin/Makefile | 12 +- .../bin/{blacklistctl.8 => blocklistctl.8} | 69 +++++- .../bin/{blacklistctl.c => blocklistctl.c} | 9 +- .../blocklist/bin/{blacklistd.8 => blocklistd.8} | 75 +++--- .../blocklist/bin/{blacklistd.c => blocklistd.c} | 48 ++-- .../bin/{blacklistd.conf.5 => blocklistd.conf.5} | 82 ++++--- contrib/blocklist/bin/conf.c | 200 ++++++++++++--- contrib/blocklist/bin/conf.h | 3 +- contrib/blocklist/bin/internal.c | 8 +- contrib/blocklist/bin/internal.h | 8 +- contrib/blocklist/bin/run.c | 9 +- contrib/blocklist/bin/run.h | 2 +- contrib/blocklist/bin/state.c | 6 +- contrib/blocklist/bin/state.h | 2 +- contrib/blocklist/bin/support.c | 11 +- contrib/blocklist/bin/support.h | 7 +- contrib/blocklist/diff/ftpd.diff | 12 +- contrib/blocklist/diff/named.diff | 12 +- contrib/blocklist/diff/postfix.diff | 98 ++++++++ contrib/blocklist/diff/proftpd.diff | 20 +- contrib/blocklist/diff/ssh.diff | 14 +- contrib/blocklist/etc/Makefile | 10 +- .../etc/{blacklistd.conf => blocklistd.conf} | 7 +- contrib/blocklist/etc/ipf.conf | 45 ++++ contrib/blocklist/etc/npf.conf | 4 +- contrib/blocklist/etc/rc.d/Makefile | 4 +- .../blocklist/etc/rc.d/{blacklistd => blocklistd} | 20 +- contrib/blocklist/include/Makefile | 4 +- contrib/blocklist/include/bl.h | 11 +- .../blocklist/include/{blacklist.h => blocklist.h} | 44 ++-- contrib/blocklist/lib/Makefile | 20 +- contrib/blocklist/lib/bl.c | 112 +++++---- contrib/blocklist/lib/{blacklist.c => blocklist.c} | 49 ++-- .../lib/{libblacklist.3 => libblocklist.3} | 124 +++++----- contrib/blocklist/lib/shlib_version | 2 +- contrib/blocklist/libexec/Makefile | 4 +- contrib/blocklist/libexec/blacklistd-helper | 134 ---------- contrib/blocklist/libexec/blocklistd-helper | 272 +++++++++++++++++++++ contrib/blocklist/port/Makefile.am | 42 ++-- contrib/blocklist/port/_strtoi.h | 2 +- contrib/blocklist/port/configure.ac | 12 +- contrib/blocklist/port/fgetln.c | 2 +- contrib/blocklist/port/fparseln.c | 6 +- contrib/blocklist/port/pidfile.c | 6 +- contrib/blocklist/port/popenve.c | 6 +- contrib/blocklist/port/port.h | 32 ++- contrib/blocklist/port/sockaddr_snprintf.c | 6 +- contrib/blocklist/port/strlcat.c | 7 +- contrib/blocklist/port/strlcpy.c | 7 +- contrib/blocklist/port/strtoi.c | 6 +- contrib/blocklist/port/vsyslog_r.c | 13 + contrib/blocklist/test/Makefile | 2 +- contrib/blocklist/test/cltest.c | 6 +- contrib/blocklist/test/srvtest.c | 42 +++- 58 files changed, 1293 insertions(+), 587 deletions(-) diff --git a/contrib/blocklist/Makefile b/contrib/blocklist/Makefile index da4411d0ca75..899746d01431 100644 --- a/contrib/blocklist/Makefile +++ b/contrib/blocklist/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.2 2015/01/22 17:49:41 christos Exp $ +# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:52 christos Exp $ SUBDIR = lib .WAIT include bin etc libexec diff --git a/contrib/blocklist/Makefile.inc b/contrib/blocklist/Makefile.inc index 85c82783cd35..b22d4a801240 100644 --- a/contrib/blocklist/Makefile.inc +++ b/contrib/blocklist/Makefile.inc @@ -1,10 +1,11 @@ -# $NetBSD: Makefile.inc,v 1.3 2015/01/23 03:57:22 christos Exp $ +# $NetBSD: Makefile.inc,v 1.3 2025/02/11 17:48:30 christos Exp $ WARNS=6 .if !defined(LIB) -LDADD+= -lblacklist -DPADD+= ${LIBBLACKLIST} +LDADD+= -lblocklist +DPADD+= ${LIBBLOCKLIST} .endif CPPFLAGS+= -I${.CURDIR}/../include CPPFLAGS+=-DHAVE_STRUCT_SOCKADDR_SA_LEN -DHAVE_UTIL_H -DHAVE_DB_H +CPPFLAGS+=-DHAVE_SYS_CDEFS_H diff --git a/contrib/blocklist/README b/contrib/blocklist/README index 7da3317a77fe..4b34138e01ec 100644 --- a/contrib/blocklist/README +++ b/contrib/blocklist/README @@ -1,21 +1,21 @@ -# $NetBSD: README,v 1.8 2017/04/13 17:59:34 christos Exp $ +# $NetBSD: README,v 1.3 2024/02/09 00:53:30 wiz Exp $ This package contains library that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy. -The interface to the packet filter is in libexec/blacklistd-helper +The interface to the packet filter is in libexec/blocklistd-helper (this is currently designed for npf) and the configuration file -(inspired from inetd.conf) is in etc/blacklistd.conf. +(inspired from inetd.conf) is in etc/blocklistd.conf. -On NetBSD you can find an example npf.conf and blacklistd.conf in -/usr/share/examples/blacklistd; you need to adjust the interface +On NetBSD you can find an example npf.conf and blocklistd.conf in +/usr/share/examples/blocklistd; you need to adjust the interface in npf.conf and copy both files to /etc; then you just enable -blacklistd=YES in /etc/rc.conf, start it up, and you are all set. +blocklistd=YES in /etc/rc.conf, start it up, and you are all set. -There is also a startup file in etc/rc.d/blacklistd +There is also a startup file in etc/rc.d/blocklistd -Patches to various daemons to add blacklisting capabilitiers are in the +Patches to various daemons to add blocklisting capabilities are in the "diff" directory: - OpenSSH: diff/ssh.diff [tcp socket example] - Bind: diff/named.diff [both tcp and udp] @@ -23,21 +23,21 @@ Patches to various daemons to add blacklisting capabilitiers are in the These patches have been applied to NetBSD-current. -The network daemon (for example sshd) communicates to blacklistd, via -a unix socket like syslog. The library calls are simple and everything +The network daemon (for example sshd) communicates to blocklistd, via +a Unix socket like syslog. The library calls are simple and everything is handled by the library. In the simplest form the only thing the daemon needs to do is to call: - blacklist(action, acceptedfd, message); + blocklist(action, acceptedfd, message); Where: - action = 0 -> successful login clear blacklist state + action = 0 -> successful login clear blocklist state 1 -> failed login, add to the failed count acceptedfd -> the file descriptor where the server is connected to the remote client. It is used to determine the listening socket, and the remote address. This allows any program to - contact the blacklist daemon, since the verification + contact the blocklist daemon, since the verification if the program has access to the listening socket is done by virtue that the port number is retrieved from the kernel. @@ -46,13 +46,13 @@ Where: Unfortunately there is no way to get information about the "peer" from a udp socket, because there is no connection and that information is kept with the server. In that case the daemon can provide the -peer information to blacklistd via: +peer information to blocklistd via: - blacklist_sa(action, acceptedfd, sockaddr, sockaddr_len, message); + blocklist_sa(action, acceptedfd, sockaddr, sockaddr_len, message); The configuration file contains entries of the form: -# Blacklist rule +# Blocklist rule # host/Port type protocol owner name nfail disable 192.168.1.1:ssh stream tcp * -int 10 1m 8.8.8.8:ssh stream tcp * -ext 6 60m @@ -60,18 +60,18 @@ ssh stream tcp6 * * 6 60m http stream tcp * * 6 60m Here note that owner is * because the connection is done from the -child ssh socket which runs with user privs. We treat ipv4 connections +child ssh socket which runs with user privs. We treat IPv4 connections differently by maintaining two different rules one for the external interface and one from the internal We also register for both tcp and tcp6 since those are different listening sockets and addresses; -we don't bother with ipv6 and separate rules. We use nfail = 6, +we don't bother with IPv6 and separate rules. We use nfail = 6, because ssh allows 3 password attempts per connection, and this will let us have 2 connections before blocking. Finally we block for an hour; we could block forever too by specifying * in the duration column. -blacklistd and the library use syslog(3) to report errors. The -blacklist filter state is persisted automatically in /var/db/blacklistd.db +blocklistd and the library use syslog(3) to report errors. The +blocklist filter state is persisted automatically in /var/db/blocklistd.db so that if the daemon is restarted, it remembers what connections is currently handling. To start from a fresh state (if you restart npf too for example), you can use -f. To watch the daemon at work, @@ -80,27 +80,27 @@ you can use -d. The current control file is designed for npf, and it uses the dynamic rule feature. You need to create a dynamic rule in your /etc/npf.conf on the group referring to the interface you want to block -called blacklistd as follows: +called blocklistd as follows: ext_if=bge0 int_if=sk0 group "external" on $ext_if { ... - ruleset "blacklistd-ext" - ruleset "blacklistd" + ruleset "blocklistd-ext" + ruleset "blocklistd" ... } group "internal" on $int_if { ... - ruleset "blacklistd-int" + ruleset "blocklistd-int" ... } -You can use 'blacklistctl dump -a' to list all the current entries +You can use 'blocklistctl dump -a' to list all the current entries in the database; the ones that have nfail / where urrent ->= otal, should have an id assosiated with them; this means that +>= otal, should have an id associated with them; this means that there is a packet filter rule added for that entry. For npf, you can examine the packet filter dynamic rule entries using 'npfctl rule list'. The number of current entries can exceed diff --git a/contrib/blocklist/TODO b/contrib/blocklist/TODO index 9925020d54bb..d67111bd5139 100644 --- a/contrib/blocklist/TODO +++ b/contrib/blocklist/TODO @@ -1,4 +1,4 @@ -# $NetBSD: TODO,v 1.7 2015/01/23 21:34:01 christos Exp $ +# $NetBSD: TODO,v 1.3 2025/02/05 20:22:26 christos Exp $ - don't poll periodically, find the next timeout - use the socket also for commands? Or separate socket? @@ -17,5 +17,48 @@ -n block unblock -- do we need an api in blacklistctl to perform maintenance -- fix the blacklistctl output to be more user friendly +- do we need an api in blocklistctl to perform maintenance +- fix the blocklistctl output to be more user friendly + +- figure out some way to do distributed operation securely (perhaps with + a helper daemon that authenticates local sockets and then communicates + local DB changes to the central server over a secure channel -- + perhaps blocklistd-helper can have a back-end that can send updates to + a central server) + +- add "blocklistd -l" to enable filter logging on all rules by default + +- add some new options in the config file + + "/all" - block both TCP and UDP (on the proto field?) + + "/log" - enable filter logging (if not the default) (on the name field?) + "/nolog"- disable filter logging (if not the default) (on the name field?) + + The latter two probably require a new parameter for blocklistd-helper. + +- "blocklistd -f" should (also?) be a blocklistctl function!?!?! + +- if blocklistd was started with '-r' then a SIGHUP should also do a + "control flush $rulename" and then re-add all the filter rules? + +- should/could /etc/rc.conf.d/ipfilter be created with the following? + + reload_postcmd=blocklistd_reload + start_postcmd=blocklistd_start + stop_precmd=blocklistd_stop + blocklistd_reload () + { + /etc/rc.d/blocklistd reload # IFF SIGHUP does flush/re-add + # /etc/rc.d/blocklistd restart + } + blocklistd_stop () + { + /etc/rc.d/blocklistd stop + } + blocklistd_start () + { + /etc/rc.d/blocklistd start + } + + or is there a better way? diff --git a/contrib/blocklist/bin/Makefile b/contrib/blocklist/bin/Makefile index 280c72fd3af1..1856e2524f3c 100644 --- a/contrib/blocklist/bin/Makefile +++ b/contrib/blocklist/bin/Makefile @@ -1,12 +1,12 @@ -# $NetBSD: Makefile,v 1.11 2015/01/27 19:40:36 christos Exp $ +# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:52 christos Exp $ BINDIR=/sbin -PROGS=blacklistd blacklistctl -MAN.blacklistd=blacklistd.8 blacklistd.conf.5 -MAN.blacklistctl=blacklistctl.8 -SRCS.blacklistd = blacklistd.c conf.c run.c state.c support.c internal.c -SRCS.blacklistctl = blacklistctl.c conf.c state.c support.c internal.c +PROGS=blocklistd blocklistctl +MAN.blocklistd=blocklistd.8 blocklistd.conf.5 +MAN.blocklistctl=blocklistctl.8 +SRCS.blocklistd = blocklistd.c conf.c run.c state.c support.c internal.c +SRCS.blocklistctl = blocklistctl.c conf.c state.c support.c internal.c DBG=-g LDADD+=-lutil diff --git a/contrib/blocklist/bin/blacklistctl.8 b/contrib/blocklist/bin/blocklistctl.8 similarity index 59% rename from contrib/blocklist/bin/blacklistctl.8 rename to contrib/blocklist/bin/blocklistctl.8 index 7c6521117745..a98c16374f19 100644 --- a/contrib/blocklist/bin/blacklistctl.8 +++ b/contrib/blocklist/bin/blocklistctl.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistctl.8,v 1.9 2016/06/08 12:48:37 wiz Exp $ +.\" $NetBSD: blocklistctl.8,v 1.4 2025/02/07 01:35:38 kre Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,27 +27,43 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 7, 2016 -.Dt BLACKLISTCTL 8 +.Dd January 27, 2025 +.Dt BLOCKLISTCTL 8 .Os .Sh NAME -.Nm blacklistctl -.Nd display and change the state of blacklistd +.Nm blocklistctl +.Nd display and change the state of the blocklistd database .Sh SYNOPSIS .Nm .Cm dump .Op Fl abdnrw +.Op Fl D Ar dbname .Sh DESCRIPTION .Nm -is a program used to display the state of -.Xr blacklistd 8 +is a program used to display and change the state of the +.Xr blocklistd 8 +database. +The following sub-commands are supported: +.Ss dump .Pp -The following options are available: +The following options are available for the +.Cm dump +sub-command: .Bl -tag -width indent .It Fl a -Show all database entries, by default it shows only the embryonic ones. +Show all database entries, by default it shows only the active ones. +Inactive entries will be shown with a last-access (or, with +.Fl r , +the remaining) time of +.Ql never . .It Fl b Show only the blocked entries. +.It Fl D Ar dbname +Specify the location of the +.Ic blocklistd +database file to use. +The default is +.Pa /var/db/blocklistd.db . .It Fl d Increase debugging level. .It Fl n @@ -59,18 +75,47 @@ Normally the width of addresses is good for IPv4, the .Fl w flag, makes the display wide enough for IPv6 addresses. .El +.Pp +The output of the +.Cm dump +sub-command consists of a header (unless +.Fl n +was given) and one line for each record in the database, where each line +has the following columns: +.Bl -tag -width indent +.It Ql address/ma:port +The remote address, mask, and local port number of the client connection +associated with the database entry. +.It Ql id +column will show the identifier for the packet filter rule associated +with the database entry, though this may only be the word +.Ql OK +for packet filters which do not creat a unique identifier for each rule. +.It Ql nfail +The number of +.Em failures +reported for the client on the noted port, as well as the number of +failures allowed before blocking (or, with +.Fl a , +an asterisk +.Aq * ) +.It So last access Sc | So remaining time Sc +The last time a the client was reported as attempting access, or, with +.Fl r , +the time remaining before the rule blocking the client will be removed. +.El .Sh SEE ALSO -.Xr blacklistd 8 +.Xr blocklistd 8 .Sh NOTES Sometimes the reported number of failed attempts can exceed the number of attempts that -.Xr blacklistd 8 +.Xr blocklistd 8 is configured to block. This can happen either because the rule has been removed manually, or because there were more attempts in flight while the rule block was being added. This condition is normal; in that case -.Xr blacklistd 8 +.Xr blocklistd 8 will first attempt to remove the existing rule, and then it will re-add it to make sure that there is only one rule active. .Sh HISTORY diff --git a/contrib/blocklist/bin/blacklistctl.c b/contrib/blocklist/bin/blocklistctl.c similarity index 94% rename from contrib/blocklist/bin/blacklistctl.c rename to contrib/blocklist/bin/blocklistctl.c index 89b72921caf5..8c75e0430c61 100644 --- a/contrib/blocklist/bin/blacklistctl.c +++ b/contrib/blocklist/bin/blocklistctl.c @@ -1,4 +1,4 @@ -/* $NetBSD: blacklistctl.c,v 1.23 2018/05/24 19:21:01 christos Exp $ */ +/* $NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -32,8 +32,10 @@ #include "config.h" #endif +#ifdef HAVE_SYS_CDEFS_H #include -__RCSID("$NetBSD: blacklistctl.c,v 1.23 2018/05/24 19:21:01 christos Exp $"); +#endif +__RCSID("$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $"); #include #include @@ -63,7 +65,8 @@ usage(int c) warnx("Missing/unknown command"); else if (c != '?') warnx("Unknown option `%c'", (char)c); - fprintf(stderr, "Usage: %s dump [-abdnrw]\n", getprogname()); + fprintf(stderr, + "Usage: %s dump [-abdnrw] [-D dbname]\n", getprogname()); exit(EXIT_FAILURE); } diff --git a/contrib/blocklist/bin/blacklistd.8 b/contrib/blocklist/bin/blocklistd.8 similarity index 85% rename from contrib/blocklist/bin/blacklistd.8 rename to contrib/blocklist/bin/blocklistd.8 index 82e1f15f61c9..e0b9fb482cbd 100644 --- a/contrib/blocklist/bin/blacklistd.8 +++ b/contrib/blocklist/bin/blocklistd.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.8,v 1.23 2020/04/21 13:57:12 christos Exp $ +.\" $NetBSD: blocklistd.8,v 1.8 2025/02/25 22:13:34 christos Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,11 +27,11 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd April 21, 2020 -.Dt BLACKLISTD 8 +.Dd February 25, 2025 +.Dt BLOCKLISTD 8 .Os .Sh NAME -.Nm blacklistd +.Nm blocklistd .Nd block and release ports on demand to avoid DoS abuse .Sh SYNOPSIS .Nm @@ -53,22 +53,35 @@ for notifications from other daemons about successful or failed connection attempts. If no such file is specified, then it only listens to the socket path specified by -.Ar sockspath +.Ar sockpath or if that is not specified to -.Pa /var/run/blacklistd.sock . +.Pa /var/run/blocklistd.sock . Each notification contains an (action, port, protocol, address, owner) tuple that identifies the remote connection and the action. -This tuple is consulted against entries in -.Ar configfile -with syntax specified in -.Xr blacklistd.conf 5 . +This tuple is consulted against entries from the +.Ar configfile , +with the syntax specified in +.Xr blocklistd.conf 5 . If an entry is matched, a state entry is created for that tuple. Each entry contains a number of tries limit and a duration. .Pp +If +.Ar configfile +is a directory, or a directory exists with the same name as +.Ar configfile +with +.Qq .d +appended to it, each file in the directory will be read as configuration file. +If +.Ar configfile +exists as a file it will be processed before the contents of the +.Ar configfile Ns .d +directory if that also exists. +.Pp The way .Nm does configuration entry matching is by having the client side pass the -file descriptor associated with the connection the client wants to blacklist +file descriptor associated with the connection the client wants to blocklist as well as passing socket credentials. .Pp The file descriptor is used to retrieve information (address and port) @@ -116,7 +129,7 @@ specified by the arguments. The .Ar rulename argument can be set from the command line (default -.Dv blacklistd ) . +.Dv blocklistd ) . The script could print a numerical id to stdout as a handle for the rule that can be used later to remove that connection, but that is not required as all information to remove the rule is @@ -152,8 +165,8 @@ The following options are available: .It Fl C Ar controlprog Use .Ar controlprog -to communicate with the packet filter, usually -.Pa /usr/libexec/blacklistd-helper . +to communicate with the packet filter, instead of the default, which is +.Pa /usr/libexec/blocklistd-helper . The following arguments are passed to the control program: .Bl -tag -width protocol .It action @@ -161,7 +174,7 @@ The action to perform: .Dv add , .Dv rem , or -.Dv flush +.Dv flush ; to add, remove or flush a firewall rule. .It name The rule name. @@ -183,13 +196,17 @@ identifier of the rule to be removed. The add command is expected to return the rule identifier string to stdout. .El .It Fl c Ar configuration -The name of the configuration file to read, usually -.Pa /etc/blacklistd.conf . +The name of the configuration file to read. +The default when +.Fl c +is not given is +.Pa /etc/blocklistd.conf . .It Fl D Ar dbfile The Berkeley DB file where .Nm -stores its state, usually -.Pa /var/db/blacklistd.db . +stores its state. +It defaults to +.Pa /var/db/blocklistd.db . .It Fl d Normally, .Nm @@ -203,14 +220,14 @@ are deleted by invoking the control script as: .Bd -literal -offset indent control flush .Ed -.It Fl P Ar sockspathsfile +.It Fl P Ar sockpathsfile A file containing a list of pathnames, one per line that .Nm will create sockets to listen to. This is useful for chrooted environments. .It Fl R Ar rulename Specify the default rule name for the packet filter rules, usually -.Dv blacklistd . +.Dv blocklistd . .It Fl r Re-read the firewall rules from the internal database, then remove and re-add them. @@ -256,19 +273,21 @@ This signal tells to decrease the internal debugging level by 1. .El .Sh FILES -.Bl -tag -width /usr/libexec/blacklistd-helper -compact -.It Pa /usr/libexec/blacklistd-helper +.Bl -tag -width /usr/libexec/blocklistd-helper -compact +.It Pa /usr/libexec/blocklistd-helper Shell script invoked to interface with the packet filter. -.It Pa /etc/blacklistd.conf +.It Pa /etc/blocklistd.conf Configuration file. -.It Pa /var/db/blacklistd.db +.It Pa /var/db/blocklistd.db Database of current connection entries. -.It Pa /var/run/blacklistd.sock +.It Pa /var/run/blocklistd.sock Socket to receive connection notifications. .El .Sh SEE ALSO -.Xr blacklistd.conf 5 , -.Xr blacklistctl 8 , +.Xr blocklistd.conf 5 , +.Xr blocklistctl 8 , +.Xr ipf 8 , +.Xr ipfw 8 , .Xr pfctl 8 , .Xr syslogd 8 .Sh HISTORY diff --git a/contrib/blocklist/bin/blacklistd.c b/contrib/blocklist/bin/blocklistd.c similarity index 91% rename from contrib/blocklist/bin/blacklistd.c rename to contrib/blocklist/bin/blocklistd.c index 714abcbcaf0e..4846b507c8d1 100644 --- a/contrib/blocklist/bin/blacklistd.c +++ b/contrib/blocklist/bin/blocklistd.c @@ -1,4 +1,4 @@ -/* $NetBSD: blacklistd.c,v 1.38 2019/02/27 02:20:18 christos Exp $ */ +/* $NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -31,8 +31,11 @@ #ifdef HAVE_CONFIG_H #include "config.h" #endif + +#ifdef HAVE_SYS_CDEFS_H #include -__RCSID("$NetBSD: blacklistd.c,v 1.38 2019/02/27 02:20:18 christos Exp $"); +#endif +__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $"); #include #include @@ -175,6 +178,8 @@ process(bl_t bl) struct dbinfo dbi; struct timespec ts; + memset(&dbi, 0, sizeof(dbi)); + memset(&c, 0, sizeof(c)); if (clock_gettime(CLOCK_REALTIME, &ts) == -1) { (*lfun)(LOG_ERR, "clock_gettime failed (%m)"); return; @@ -188,10 +193,11 @@ process(bl_t bl) if (getremoteaddress(bi, &rss, &rsl) == -1) goto out; - if (debug) { + if (debug || bi->bi_msg[0]) { sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss); - (*lfun)(LOG_DEBUG, "processing type=%d fd=%d remote=%s msg=%s" - " uid=%lu gid=%lu", bi->bi_type, bi->bi_fd, rbuf, + (*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG, + "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu", + bi->bi_type, bi->bi_fd, rbuf, bi->bi_msg, (unsigned long)bi->bi_uid, (unsigned long)bi->bi_gid); } @@ -216,16 +222,19 @@ process(bl_t bl) switch (bi->bi_type) { case BL_ABUSE: /* - * If the application has signaled abusive behavior, - * set the number of fails to be one less than the - * configured limit. Fallthrough to the normal BL_ADD - * processing, which will increment the failure count - * to the threshhold, and block the abusive address. + * If the application has signaled abusive behavior, set the + * number of fails to be two less than the configured limit. + * Fall through to the normal BL_ADD and BL_BADUSER processing, + * which will increment the failure count to the threshhold, and + * block the abusive address. */ if (c.c_nfail != -1) - dbi.count = c.c_nfail - 1; + dbi.count = c.c_nfail - 2; /*FALLTHROUGH*/ case BL_ADD: + dbi.count++; /* will become += 2 */ + /*FALLTHROUGH*/ + case BL_BADUSER: dbi.count++; dbi.last = ts.tv_sec; if (c.c_nfail != -1 && dbi.count >= c.c_nfail) { @@ -254,9 +263,6 @@ process(bl_t bl) dbi.count = 0; dbi.last = 0; break; - case BL_BADUSER: - /* ignore for now */ - break; default: (*lfun)(LOG_ERR, "unknown message %d", bi->bi_type); } @@ -334,7 +340,7 @@ static void addfd(struct pollfd **pfdp, bl_t **blp, size_t *nfd, size_t *maxfd, const char *path) { - bl_t bl = bl_create(true, path, vflag ? vdlog : vsyslog); + bl_t bl = bl_create(true, path, vflag ? vdlog : vsyslog_r); if (bl == NULL || !bl_isconnected(bl)) exit(EXIT_FAILURE); if (*nfd >= *maxfd) { @@ -395,15 +401,25 @@ rules_flush(void) static void rules_restore(void) { + DB *db; struct conf c; struct dbinfo dbi; unsigned int f; - for (f = 1; state_iterate(state, &c, &dbi, f) == 1; f = 0) { + db = state_open(dbfile, O_RDONLY, 0); + if (db == NULL) { + (*lfun)(LOG_ERR, "Can't open `%s' to restore state (%m)", + dbfile); + return; + } + for (f = 1; state_iterate(db, &c, &dbi, f) == 1; f = 0) { if (dbi.id[0] == '\0') continue; (void)run_change("add", &c, dbi.id, sizeof(dbi.id)); + state_put(state, &c, &dbi); } + state_close(db); + state_sync(state); } int diff --git a/contrib/blocklist/bin/blacklistd.conf.5 b/contrib/blocklist/bin/blocklistd.conf.5 similarity index 83% rename from contrib/blocklist/bin/blacklistd.conf.5 rename to contrib/blocklist/bin/blocklistd.conf.5 index 70036441eb4b..3a7dbfc07f58 100644 --- a/contrib/blocklist/bin/blacklistd.conf.5 +++ b/contrib/blocklist/bin/blocklistd.conf.5 @@ -1,6 +1,6 @@ -.\" $NetBSD: blacklistd.conf.5,v 1.9 2019/11/06 20:33:30 para Exp $ +.\" $NetBSD: blocklistd.conf.5,v 1.7 2025/02/11 17:47:05 christos Exp $ .\" -.\" Copyright (c) 2015 The NetBSD Foundation, Inc. +.\" Copyright (c) 2015, 2025 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation @@ -27,17 +27,17 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd May 18, 2020 -.Dt BLACKLISTD.CONF 5 +.Dd February 5, 2025 +.Dt BLOCKLISTD.CONF 5 .Os .Sh NAME -.Nm blacklistd.conf -.Nd configuration file format for blacklistd +.Nm blocklistd.conf +.Nd configuration file format for blocklistd .Sh DESCRIPTION The .Nm file contains configuration entries for -.Xr blacklistd 8 +.Xr blocklistd 8 in a fashion similar to .Xr inetd.conf 5 . Only one entry per line is permitted. @@ -48,34 +48,34 @@ Comments are denoted by a at the beginning of a line. .Pp There are two kinds of configuration lines, -.Va local +.Va [local] and -.Va remote . +.Va [remote] . By default, configuration lines are -.Va local , +.Va [local] , i.e. the address specified refers to the addresses on the local machine. To switch to between -.Va local +.Va [local] and -.Va remote +.Va [remote] configuration lines you can specify the stanzas: .Dq [local] and .Dq [remote] . .Pp On -.Va local +.Va [local] and -.Va remote +.Va [remote] lines .Dq * means use the default, or wildcard match. In addition, for -.Va remote +.Va [remote] lines .Dq = means use the values from the matched -.Va local +.Va [local] configuration line. .Pp The first four fields, @@ -85,9 +85,9 @@ The first four fields, and .Va owner are used to match the -.Va local +.Va [local] or -.Va remote +.Va [remote] addresses, whereas the last 3 fields .Va name , .Va nfail , @@ -110,8 +110,8 @@ The can be an IPv4 address in numeric format, an IPv6 address in numeric format and enclosed by square brackets, or an interface name. Mask modifiers are not allowed on interfaces because interfaces -can have multiple addresses in different protocols where the mask has a different -size. +can have multiple addresses in different protocols where the mask has a +different size. .Pp The .Dv mask @@ -143,8 +143,8 @@ The field, is the name of the packet filter rule to be used. If the .Va name -starts with a -.Dq - , +starts with a hyphen +.Pq Dq - , then the default rulename is prepended to the given name. If the .Dv name @@ -160,13 +160,13 @@ field contains the number of failed attempts before access is blocked, defaulting to .Dq * meaning never, and the last field -.Va disable +.Va duration specifies the amount of time since the last access that the blocking rule should be active, defaulting to .Dq * meaning forever. The default unit for -.Va disable +.Va duration is seconds, but one can specify suffixes for different units, such as .Dq m for minutes @@ -176,28 +176,34 @@ for hours and for days. .Pp Matching is done first by checking the -.Va local +.Va [local] rules individually, in the order of the most specific to the least specific. -If a match is found, then the -.Va remote +If a match is found, then the matching +.Va [remote] rules are applied. The .Va name , .Va nfail , and -.Va disable +.Va duration fields can be altered by the -.Va remote +.Va [remote] rule that matched. .Pp The -.Va remote +.Va [remote] rules can be used for allowing specific addresses, changing the mask -size, the rule that the packet filter uses, the number of failed attempts, -or the block duration. +size (via +.Va name ) , +the rule that the packet filter uses (also via +.Va name ) , +the number of failed attempts (via +.Va nfail ) , +or the duration to block (via +.Va duration ) . .Sh FILES -.Bl -tag -width /etc/blacklistd.conf -compact -.It Pa /etc/blacklistd.conf +.Bl -tag -width /etc/blocklistd.conf -compact +.It Pa /etc/blocklistd.conf Configuration file. .El .Sh EXAMPLES @@ -209,13 +215,15 @@ bnx0:ssh * * * * 3 6h [remote] # Never block 1.2.3.4 1.2.3.4:ssh * * * * * * -# For addresses coming from 8.8.0.0/16 block whole /24 networks instead of +# Never block the example IPv6 subnet either +[2001:db8::]/32:ssh * * * * * * +# For addresses coming from 8.8.0.0/16 block whole /24 networks instead # individual hosts, but keep the rest of the blocking parameters the same. 8.8.0.0/16:ssh * * * /24 = = .Ed .Sh SEE ALSO -.Xr blacklistctl 8 , -.Xr blacklistd 8 +.Xr blocklistctl 8 , +.Xr blocklistd 8 .Sh HISTORY .Nm first appeared in *** 2790 LINES SKIPPED *** From nobody Tue Oct 14 00:57:32 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clwmX65P0z6Cf7k; Tue, 14 Oct 2025 00:57:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clwmX4TW0z3vLH; Tue, 14 Oct 2025 00:57:32 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403452; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=avv082mq+TMVcgd90z4b7ULaO4CHaccqui1zyKSKpBY=; b=E8wguCGYDeMwdiq6Q7X3B4YG4aDKh3K3K+V3Q2KzZMKYbAtD0Ot/89ie2x+BuXpA3jgluX sJ8BZ9XOuMfXob2mLq2kETIFsovN8nCXNdLOgbdJIURgE58iaYoEGhFpN2gVDNmqL/Do8C gLNdWnSYirpZgLbPf1XoHdHnCMA3cKEKItWrlQXWRGNIzu5GnidEi53qVyXbLAfJjJlEy5 BMu73Wzkl4Jz7F99lLgoapmBqqQ1yM/1bu+4PrESOzGl7Q7PAUfm8TIXHdogjzx8zXqOsM e8EtbKzFkH7lD8PBKyEa5AKK5MY5NNJXMe5J2ymuhckUM8fzdT7Mo2qctvuWVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403452; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=avv082mq+TMVcgd90z4b7ULaO4CHaccqui1zyKSKpBY=; b=g9Az4Rt+fx5We1S+0HFd/+yFOURQBB4AnLwbSQ9BO9hHMvwNiODer/wHMLEdCEQUv54j+P Zy9VLIhkkfmj21UeG+0UnSxR6mM6QJSuQV71KPo/Bamr1+0FVMZdJpolnCgLrjcITQnGf0 QPW8gMG5ZdSu0ynpjIDCI9KeVvK9RJ7j3lXZF+hziB9xVPA9uC0Y3qccAg8bh4TOmopSmU qT14a+gLsnFfHmAfShWGCHdtuKBCM5zqL41dL3fesCnvnmhbx5syrXC09h7fkHnKgD22tl DcDnf7WOEmT80I5cVswoMe4b7/fd54Axq8PhhZl8UrE0Y4J+25UuE5hzLXE8WA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760403452; a=rsa-sha256; cv=none; b=vrh+M7JjnQ8hpWyUamOoo9+LT8MkKbeL7LQFF6XxOvZq0Mk3Z0ME9/FnxpOwXMXq251CoY GKqkZXM1drQhiwVyJepknmOGdB3u1YnSGPV8mSG8+Tg+Gl7hfuMsUEdWs1h5NGLGOe5GcN sLv2FcvQ3ydhOBhl/bLLaywYB0RScYXSaitQxeSlrI0urZ7XDM3W565LdvC8bBb0ZeDzPd /g5nSz5qHuxyutWmARwNC8gEl4QWcbIwBvwkkyxCY0fon+pFJ/iqnAk2EfODPNiXGBItAX 2AXpGyDTVwVdupb6jdSkpPr9k7iLzbRonBqV1Q63fyXH23KRVPHNNbiEGa9pXA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clwmX3r19zVVB; Tue, 14 Oct 2025 00:57:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E0vW5a021562; Tue, 14 Oct 2025 00:57:32 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E0vWb1021559; Tue, 14 Oct 2025 00:57:32 GMT (envelope-from git) Date: Tue, 14 Oct 2025 00:57:32 GMT Message-Id: <202510140057.59E0vWb1021559@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: a719ef67e8ed - stable/15 - blocklist: Revert upstream commit ddf6d71 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: a719ef67e8ed2cbae5f397d2a4680a02495b79ab Auto-Submitted: auto-generated The branch stable/15 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=a719ef67e8ed2cbae5f397d2a4680a02495b79ab commit a719ef67e8ed2cbae5f397d2a4680a02495b79ab Author: Jose Luis Duran AuthorDate: 2025-10-11 14:15:03 +0000 Commit: Jose Luis Duran CommitDate: 2025-10-14 00:52:47 +0000 blocklist: Revert upstream commit ddf6d71 Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a "one-count" failure") introduced BLOCKLIST_BAD_USER with a one-count failure mechanism. BLOCKLIST_AUTH_FAIL was implemented with a two-count failure mechanism. Since we have been utilizing BLOCKLIST_AUTH_FAIL, the number of failed attempts now doubles towards the maximum limit (nfails), giving system administrators the impression that the number of failed authentication attempts is inaccurate. Revert this commit until a consensus has been reached. We do not want to introduce yet another breaking change with the renaming of the library. Approved by: emaste (mentor) MFC after: 2 days (cherry picked from commit 4d56eb007b18881becb2107f87bd2a7edca3e6bf) --- contrib/blocklist/bin/blocklistd.c | 18 +++++++++--------- contrib/blocklist/lib/libblocklist.3 | 32 +++++++++++++++++++------------- 2 files changed, 28 insertions(+), 22 deletions(-) diff --git a/contrib/blocklist/bin/blocklistd.c b/contrib/blocklist/bin/blocklistd.c index 4846b507c8d1..03a1dbbf056c 100644 --- a/contrib/blocklist/bin/blocklistd.c +++ b/contrib/blocklist/bin/blocklistd.c @@ -222,19 +222,16 @@ process(bl_t bl) switch (bi->bi_type) { case BL_ABUSE: /* - * If the application has signaled abusive behavior, set the - * number of fails to be two less than the configured limit. - * Fall through to the normal BL_ADD and BL_BADUSER processing, - * which will increment the failure count to the threshhold, and - * block the abusive address. + * If the application has signaled abusive behavior, + * set the number of fails to be one less than the + * configured limit. Fallthrough to the normal BL_ADD + * processing, which will increment the failure count + * to the threshhold, and block the abusive address. */ if (c.c_nfail != -1) - dbi.count = c.c_nfail - 2; + dbi.count = c.c_nfail - 1; /*FALLTHROUGH*/ case BL_ADD: - dbi.count++; /* will become += 2 */ - /*FALLTHROUGH*/ - case BL_BADUSER: dbi.count++; dbi.last = ts.tv_sec; if (c.c_nfail != -1 && dbi.count >= c.c_nfail) { @@ -263,6 +260,9 @@ process(bl_t bl) dbi.count = 0; dbi.last = 0; break; + case BL_BADUSER: + /* ignore for now */ + break; default: (*lfun)(LOG_ERR, "unknown message %d", bi->bi_type); } diff --git a/contrib/blocklist/lib/libblocklist.3 b/contrib/blocklist/lib/libblocklist.3 index 7a016625a047..fd6eb93eb756 100644 --- a/contrib/blocklist/lib/libblocklist.3 +++ b/contrib/blocklist/lib/libblocklist.3 @@ -106,20 +106,26 @@ The .Ar action parameter can take these values: .Bl -tag -width ".Dv BLOCKLIST_ABUSIVE_BEHAVIOR" -.It Va BLOCKLIST_BAD_USER -The sending daemon has determined the username presented for -authentication is invalid. -This is considered as one failure count. -.It Va BLOCKLIST_AUTH_FAIL +.It Dv BLOCKLIST_AUTH_FAIL There was an unsuccessful authentication attempt. -This is considered as two failure counts together. -.It Va BLOCKLIST_ABUSIVE_BEHAVIOR -The sending daemon has detected abusive behavior from the remote system. -This is considered as a total immediate failure. -The remote address will be blocked as soon as possible. -.It Va BLOCKLIST_AUTH_OK -A valid user successfully authenticated. -Any entry for the remote address will be removed as soon as possible. +.It Dv BLOCKLIST_AUTH_OK +A user successfully authenticated. +.It Dv BLOCKLIST_ABUSIVE_BEHAVIOR +The sending daemon has detected abusive behavior +from the remote system. +The remote address should +be blocked as soon as possible. +.It Dv BLOCKLIST_BAD_USER +The sending daemon has determined the username +presented for authentication is invalid. +The +.Xr blocklistd 8 +daemon compares the username to a configured list of forbidden +usernames and +blocks the address immediately if a forbidden username matches. +(The +.Dv BLOCKLIST_BAD_USER +support is not currently available.) .El .Pp The From nobody Tue Oct 14 00:57:33 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clwmZ1Nnhz6Cf7n; Tue, 14 Oct 2025 00:57:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clwmY6D0Lz3vTK; Tue, 14 Oct 2025 00:57:33 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403453; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SYEoRmB2eWwW72rV0Iik5942KuAMfyB1h4Xv+4O2Tsk=; b=pwahNlHZ1jLkaH+EdmYnd5Y6230iE/OehJlejOIxa+0OmVsy7B1v35TVYz6hFHaK1yawb4 Qih6Q29IUTHr/urEH2Bj40Evm0Yue8F7E8PJxkusGE+BrHLepxGCBcatipUjPh9VOwr0eU aj87srMcW+8yEIQCQLNlwWwvy9qkUXGfmpBNr1zR62c3hR7hpBX9TSRmD4+ypsca/mpara pMnYOhtwOwQwTdQGEp0yE/S8HmplHWLirPfzRU/JiImlzcqQGsabfzOBfss1YKuc2ED2Q/ bUp6NJLCf0IUet7WobQYPemh6BmlIO4BJtibC/Ak/+sUzL3WUIw/+0c4rfUJ8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403453; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SYEoRmB2eWwW72rV0Iik5942KuAMfyB1h4Xv+4O2Tsk=; b=trw0r0RTt6iTRbM/1DgedEK+opvF67NeiSKMjpSWSueBBZiJ+QF2XS2+Sy8Jc9enBvxFHe EG0u/ud6+L3d4OlI1/AVFQQGbbU4dZBGtJVtHqI47jsIs7KDsGyPK0l5aOnLmbnO0kdgF/ Khg748BqOkx7m40u7f5ODqnLoGNzwYR8hq8wyGtmoxj7Li6Lqkr26XRz7BvUnVRIopSIFd Mp13wdOwDKEYHOmRAAI+k4Smt0ThEhaKY7HzBDDAw+Wc+P6EAvv4gFX4zpgfg9NSFfzDKS UqZBXLWWMZopW7LDT5+dRX8JaT+GbddXdc+EeK6oaypmlyW2onoFk6+Ibrcj1g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760403453; a=rsa-sha256; cv=none; b=jlv5iaRc+vTDut9oO5qtTlCgDJHUxBtpNmsLmTBWbGDhdltC12HUG4ZOMIOgDH2E7dn+5X hdvLYPf3h/nBiyB7UEEle0GWHrQvRlvnoJsZRXHJUwC6Z9v/tXkPFjlmIZTAYje7W/WOd6 FtM8VNYnDUU4054e1BD2M/uwgIZZ5XyPXa4uMsvVVurLU7Qh8go6eLwmmFQuTEyEHD3uuG rsnSD4RPr8sbageQ+Rrxvse5VHz6e/RD7PfnT3BTNH0S76T4G+Us2j5iZY1fSeocdES9v5 wQLtz+omZxQJaoKMW31Y+B2zhVbblbwdjWS3eHOmCR2hpX7XUYvOjmgI8haqHw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clwmY4qKvzVC1; Tue, 14 Oct 2025 00:57:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E0vXdQ021599; Tue, 14 Oct 2025 00:57:33 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E0vXQf021596; Tue, 14 Oct 2025 00:57:33 GMT (envelope-from git) Date: Tue, 14 Oct 2025 00:57:33 GMT Message-Id: <202510140057.59E0vXQf021596@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: 7f6f2139eef9 - stable/15 - blocklist: Rename blacklist to blocklist List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 7f6f2139eef9f9fc263977c847c6dbf235a1b1b7 Auto-Submitted: auto-generated The branch stable/15 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=7f6f2139eef9f9fc263977c847c6dbf235a1b1b7 commit 7f6f2139eef9f9fc263977c847c6dbf235a1b1b7 Author: Jose Luis Duran AuthorDate: 2025-10-12 17:14:27 +0000 Commit: Jose Luis Duran CommitDate: 2025-10-14 00:53:16 +0000 blocklist: Rename blacklist to blocklist Follow up upstream rename from blacklist to blocklist. - Old names and rc scripts are still valid, but emitting an ugly warning - Old firewall rules and anchor names should work, but emitting an ugly warning - Old MK_BLACKLIST* knobs are wired to the new ones Although care has been taken not to break current configurations, this is a large patch containing mostly duplicated code. If issues arise, it will be swiftly reverted. Reviewed by: ivy (pkgbase) Approved by: emaste (mentor) MFC after: 2 days Relnotes: yes (cherry picked from commit 7238317403b95a8e35cf0bc7cd66fbd78ecbe521) --- contrib/blocklist/bin/blacklistctl.c | 170 ++++++ contrib/blocklist/bin/blacklistd.c | 592 +++++++++++++++++++++ contrib/blocklist/bin/old_internal.c | 50 ++ contrib/blocklist/bin/old_internal.h | 58 ++ contrib/blocklist/include/blacklist.h | 65 +++ contrib/blocklist/include/old_bl.h | 80 +++ contrib/blocklist/lib/blacklist.c | 117 ++++ contrib/blocklist/lib/old_bl.c | 554 +++++++++++++++++++ crypto/openssh/auth-pam.c | 4 +- crypto/openssh/auth.c | 8 +- crypto/openssh/{blacklist.c => blocklist.c} | 16 +- .../{blacklist_client.h => blocklist_client.h} | 30 +- crypto/openssh/monitor.c | 8 +- crypto/openssh/servconf.c | 18 +- crypto/openssh/servconf.h | 2 +- crypto/openssh/sshd-session.c | 10 +- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 14 +- lib/Makefile | 1 + lib/libblacklist/Makefile | 24 +- lib/libblocklist/Makefile | 30 ++ lib/libblocklist/Makefile.depend | 16 + lib/libsysdecode/Makefile.depend | 2 +- libexec/Makefile | 6 +- libexec/blacklistd-helper/Makefile | 7 - libexec/blocklistd-helper/Makefile | 10 + .../Makefile.depend | 0 libexec/blocklistd-helper/blacklistd-helper | 293 ++++++++++ libexec/fingerd/Makefile | 8 +- libexec/fingerd/Makefile.depend.options | 2 +- libexec/fingerd/fingerd.c | 16 +- libexec/rc/rc.conf | 6 +- libexec/rc/rc.d/Makefile | 5 +- libexec/rc/rc.d/blacklistd | 10 +- libexec/rc/rc.d/blocklistd | 46 ++ release/packages/ucl/blocklist-all.ucl | 8 +- secure/libexec/sshd-auth/Makefile | 10 +- secure/libexec/sshd-session/Makefile | 10 +- secure/usr.sbin/sshd/Makefile.depend.options | 2 +- share/man/man5/periodic.conf.5 | 2 +- share/man/man5/src.conf.5 | 43 +- share/mk/bsd.libnames.mk | 1 + share/mk/local.dirdeps-options.mk | 1 + share/mk/src.libnames.mk | 10 +- share/mk/src.opts.mk | 10 + targets/pseudo/userland/Makefile.depend | 6 + targets/pseudo/userland/lib/Makefile.depend | 4 + targets/pseudo/userland/libexec/Makefile.depend | 4 +- tools/build/mk/OptionalObsoleteFiles.inc | 21 +- tools/build/options/WITHOUT_BLACKLIST | 6 +- tools/build/options/WITHOUT_BLACKLIST_SUPPORT | 8 +- tools/build/options/WITHOUT_BLOCKLIST | 4 + tools/build/options/WITHOUT_BLOCKLIST_SUPPORT | 6 + usr.sbin/Makefile | 2 + usr.sbin/blacklistctl/Makefile | 10 +- usr.sbin/blacklistd/Makefile | 13 +- usr.sbin/blacklistd/blacklistd.conf | 10 +- usr.sbin/blocklistctl/Makefile | 22 + usr.sbin/blocklistctl/Makefile.depend | 18 + usr.sbin/blocklistd/Makefile | 23 + usr.sbin/blocklistd/Makefile.depend | 18 + usr.sbin/blocklistd/blocklistd.conf | 16 + usr.sbin/periodic/etc/security/520.pfdenied | 2 +- 63 files changed, 2426 insertions(+), 144 deletions(-) diff --git a/contrib/blocklist/bin/blacklistctl.c b/contrib/blocklist/bin/blacklistctl.c new file mode 100644 index 000000000000..6298a08b10b4 --- /dev/null +++ b/contrib/blocklist/bin/blacklistctl.c @@ -0,0 +1,170 @@ +/* $NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $ */ + +/*- + * Copyright (c) 2015 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#ifdef HAVE_SYS_CDEFS_H +#include +#endif +__RCSID("$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $"); + +#include +#include +#ifdef HAVE_LIBUTIL_H +#include +#endif +#ifdef HAVE_UTIL_H +#include +#endif +#include +#include +#include +#include +#include +#include +#include + +#include "conf.h" +#include "state.h" +#include "old_internal.h" +#include "support.h" + +static __dead void +usage(int c) +{ + if (c == 0) + warnx("Missing/unknown command"); + else if (c != '?') + warnx("Unknown option `%c'", (char)c); + fprintf(stderr, + "Usage: %s dump [-abdnrw] [-D dbname]\n", getprogname()); + exit(EXIT_FAILURE); +} + +static const char * +star(char *buf, size_t len, int val) +{ + if (val == -1) + return "*"; + snprintf(buf, len, "%d", val); + return buf; +} + +int +main(int argc, char *argv[]) +{ + const char *dbname = _PATH_BLSTATE; + DB *db; + struct conf c; + struct dbinfo dbi; + unsigned int i; + struct timespec ts; + int all, blocked, remain, wide, noheader; + int o; + + noheader = wide = blocked = all = remain = 0; + lfun = dlog; + + if (argc == 1 || strcmp(argv[1], "dump") != 0) + usage(0); + + argc--; + argv++; + + while ((o = getopt(argc, argv, "abD:dnrw")) != -1) + switch (o) { + case 'a': + all = 1; + blocked = 0; + break; + case 'b': + blocked = 1; + break; + case 'D': + dbname = optarg; + break; + case 'd': + debug++; + break; + case 'n': + noheader = 1; + break; + case 'r': + remain = 1; + break; + case 'w': + wide = 1; + break; + default: + usage(o); + } + + db = state_open(dbname, O_RDONLY, 0); + if (db == NULL) + err(EXIT_FAILURE, "Can't open `%s'", dbname); + + clock_gettime(CLOCK_REALTIME, &ts); + wide = wide ? 8 * 4 + 7 : 4 * 3 + 3; + if (!noheader) + printf("%*.*s/ma:port\tid\tnfail\t%s\n", wide, wide, + "address", remain ? "remaining time" : "last access"); + for (i = 1; state_iterate(db, &c, &dbi, i) != 0; i = 0) { + char buf[BUFSIZ]; + char mbuf[64], pbuf[64]; + if (!all) { + if (blocked) { + if (c.c_nfail == -1 || dbi.count < c.c_nfail) + continue; + } else { + if (dbi.count >= c.c_nfail) + continue; + } + } + sockaddr_snprintf(buf, sizeof(buf), "%a", (void *)&c.c_ss); + printf("%*.*s/%s:%s\t", wide, wide, buf, + star(mbuf, sizeof(mbuf), c.c_lmask), + star(pbuf, sizeof(pbuf), c.c_port)); + if (c.c_duration == -1) { + strlcpy(buf, "never", sizeof(buf)); + } else { + if (remain) + fmtydhms(buf, sizeof(buf), + c.c_duration - (ts.tv_sec - dbi.last)); + else + fmttime(buf, sizeof(buf), dbi.last); + } + printf("%s\t%d/%s\t%-s\n", dbi.id, dbi.count, + star(mbuf, sizeof(mbuf), c.c_nfail), buf); + } + state_close(db); + return EXIT_SUCCESS; +} diff --git a/contrib/blocklist/bin/blacklistd.c b/contrib/blocklist/bin/blacklistd.c new file mode 100644 index 000000000000..ded3075ed707 --- /dev/null +++ b/contrib/blocklist/bin/blacklistd.c @@ -0,0 +1,592 @@ +/* $NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $ */ + +/*- + * Copyright (c) 2015 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#ifdef HAVE_SYS_CDEFS_H +#include +#endif +__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $"); + +#include +#include +#include + +#ifdef HAVE_LIBUTIL_H +#include +#endif +#ifdef HAVE_UTIL_H +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "old_bl.h" +#include "old_internal.h" +#include "conf.h" +#include "run.h" +#include "state.h" +#include "support.h" + +static const char *configfile = _PATH_BLCONF; +static DB *state; +static const char *dbfile = _PATH_BLSTATE; +static sig_atomic_t readconf; +static sig_atomic_t done; +static int vflag; + +static void +sigusr1(int n __unused) +{ + debug++; +} + +static void +sigusr2(int n __unused) +{ + debug--; +} + +static void +sighup(int n __unused) +{ + readconf++; +} + +static void +sigdone(int n __unused) +{ + done++; +} + +static __dead void +usage(int c) +{ + if (c != '?') + warnx("Unknown option `%c'", (char)c); + fprintf(stderr, "Usage: %s [-vdfr] [-c ] [-R ] " + "[-P ] [-C ] [-D ] " + "[-s ] [-t ]\n", getprogname()); + exit(EXIT_FAILURE); +} + +static int +getremoteaddress(bl_info_t *bi, struct sockaddr_storage *rss, socklen_t *rsl) +{ + *rsl = sizeof(*rss); + memset(rss, 0, *rsl); + + if (getpeername(bi->bi_fd, (void *)rss, rsl) != -1) + return 0; + + if (errno != ENOTCONN) { + (*lfun)(LOG_ERR, "getpeername failed (%m)"); + return -1; + } + + if (bi->bi_slen == 0) { + (*lfun)(LOG_ERR, "unconnected socket with no peer in message"); + return -1; + } + + switch (bi->bi_ss.ss_family) { + case AF_INET: + *rsl = sizeof(struct sockaddr_in); + break; + case AF_INET6: + *rsl = sizeof(struct sockaddr_in6); + break; + default: + (*lfun)(LOG_ERR, "bad client passed socket family %u", + (unsigned)bi->bi_ss.ss_family); + return -1; + } + + if (*rsl != bi->bi_slen) { + (*lfun)(LOG_ERR, "bad client passed socket length %u != %u", + (unsigned)*rsl, (unsigned)bi->bi_slen); + return -1; + } + + memcpy(rss, &bi->bi_ss, *rsl); + +#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN + if (*rsl != rss->ss_len) { + (*lfun)(LOG_ERR, + "bad client passed socket internal length %u != %u", + (unsigned)*rsl, (unsigned)rss->ss_len); + return -1; + } +#endif + return 0; +} + +static void +process(bl_t bl) +{ + struct sockaddr_storage rss; + socklen_t rsl; + char rbuf[BUFSIZ]; + bl_info_t *bi; + struct conf c; + struct dbinfo dbi; + struct timespec ts; + + memset(&dbi, 0, sizeof(dbi)); + memset(&c, 0, sizeof(c)); + if (clock_gettime(CLOCK_REALTIME, &ts) == -1) { + (*lfun)(LOG_ERR, "clock_gettime failed (%m)"); + return; + } + + if ((bi = bl_recv(bl)) == NULL) { + (*lfun)(LOG_ERR, "no message (%m)"); + return; + } + + if (getremoteaddress(bi, &rss, &rsl) == -1) + goto out; + + if (debug || bi->bi_msg[0]) { + sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss); + (*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG, + "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu", + bi->bi_type, bi->bi_fd, rbuf, + bi->bi_msg, (unsigned long)bi->bi_uid, + (unsigned long)bi->bi_gid); + } + + if (conf_find(bi->bi_fd, bi->bi_uid, &rss, &c) == NULL) { + (*lfun)(LOG_DEBUG, "no rule matched"); + goto out; + } + + + if (state_get(state, &c, &dbi) == -1) + goto out; + + if (debug) { + char b1[128], b2[128]; + (*lfun)(LOG_DEBUG, "%s: initial db state for %s: count=%d/%d " + "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail, + fmttime(b1, sizeof(b1), dbi.last), + fmttime(b2, sizeof(b2), ts.tv_sec)); + } + + switch (bi->bi_type) { + case BL_ABUSE: + /* + * If the application has signaled abusive behavior, + * set the number of fails to be one less than the + * configured limit. Fallthrough to the normal BL_ADD + * processing, which will increment the failure count + * to the threshhold, and block the abusive address. + */ + if (c.c_nfail != -1) + dbi.count = c.c_nfail - 1; + /*FALLTHROUGH*/ + case BL_ADD: + dbi.count++; + dbi.last = ts.tv_sec; + if (c.c_nfail != -1 && dbi.count >= c.c_nfail) { + /* + * No point in re-adding the rule. + * It might exist already due to latency in processing + * and removing the rule is the wrong thing to do as + * it allows a window to attack again. + */ + if (dbi.id[0] == '\0') { + int res = run_change("add", &c, + dbi.id, sizeof(dbi.id)); + if (res == -1) + goto out; + } + sockaddr_snprintf(rbuf, sizeof(rbuf), "%a", + (void *)&rss); + (*lfun)(LOG_INFO, + "blocked %s/%d:%d for %d seconds", + rbuf, c.c_lmask, c.c_port, c.c_duration); + } + break; + case BL_DELETE: + if (dbi.last == 0) + goto out; + dbi.count = 0; + dbi.last = 0; + break; + case BL_BADUSER: + /* ignore for now */ + break; + default: + (*lfun)(LOG_ERR, "unknown message %d", bi->bi_type); + } + state_put(state, &c, &dbi); + +out: + close(bi->bi_fd); + + if (debug) { + char b1[128], b2[128]; + (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d " + "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail, + fmttime(b1, sizeof(b1), dbi.last), + fmttime(b2, sizeof(b2), ts.tv_sec)); + } +} + +static void +update_interfaces(void) +{ + struct ifaddrs *oifas, *nifas; + + if (getifaddrs(&nifas) == -1) + return; + + oifas = ifas; + ifas = nifas; + + if (oifas) + freeifaddrs(oifas); +} + +static void +update(void) +{ + struct timespec ts; + struct conf c; + struct dbinfo dbi; + unsigned int f, n; + char buf[128]; + void *ss = &c.c_ss; + + if (clock_gettime(CLOCK_REALTIME, &ts) == -1) { + (*lfun)(LOG_ERR, "clock_gettime failed (%m)"); + return; + } + +again: + for (n = 0, f = 1; state_iterate(state, &c, &dbi, f) == 1; + f = 0, n++) + { + time_t when = c.c_duration + dbi.last; + if (debug > 1) { + char b1[64], b2[64]; + sockaddr_snprintf(buf, sizeof(buf), "%a:%p", ss); + (*lfun)(LOG_DEBUG, "%s:[%u] %s count=%d duration=%d " + "last=%s " "now=%s", __func__, n, buf, dbi.count, + c.c_duration, fmttime(b1, sizeof(b1), dbi.last), + fmttime(b2, sizeof(b2), ts.tv_sec)); + } + if (c.c_duration == -1 || when >= ts.tv_sec) + continue; + if (dbi.id[0]) { + run_change("rem", &c, dbi.id, 0); + sockaddr_snprintf(buf, sizeof(buf), "%a", ss); + (*lfun)(LOG_INFO, "released %s/%d:%d after %d seconds", + buf, c.c_lmask, c.c_port, c.c_duration); + } + state_del(state, &c); + goto again; + } +} + +static void +addfd(struct pollfd **pfdp, bl_t **blp, size_t *nfd, size_t *maxfd, + const char *path) +{ + bl_t bl = bl_create(true, path, vflag ? vdlog : vsyslog_r); + if (bl == NULL || !bl_isconnected(bl)) + exit(EXIT_FAILURE); + if (*nfd >= *maxfd) { + *maxfd += 10; + *blp = realloc(*blp, sizeof(**blp) * *maxfd); + if (*blp == NULL) + err(EXIT_FAILURE, "malloc"); + *pfdp = realloc(*pfdp, sizeof(**pfdp) * *maxfd); + if (*pfdp == NULL) + err(EXIT_FAILURE, "malloc"); + } + + (*pfdp)[*nfd].fd = bl_getfd(bl); + (*pfdp)[*nfd].events = POLLIN; + (*blp)[*nfd] = bl; + *nfd += 1; +} + +static void +uniqueadd(struct conf ***listp, size_t *nlist, size_t *mlist, struct conf *c) +{ + struct conf **list = *listp; + + if (c->c_name[0] == '\0') + return; + for (size_t i = 0; i < *nlist; i++) { + if (strcmp(list[i]->c_name, c->c_name) == 0) + return; + } + if (*nlist == *mlist) { + *mlist += 10; + void *p = realloc(*listp, *mlist * sizeof(*list)); + if (p == NULL) + err(EXIT_FAILURE, "Can't allocate for rule list"); + list = *listp = p; + } + list[(*nlist)++] = c; +} + +static void +rules_flush(void) +{ + struct conf **list; + size_t nlist, mlist; + + list = NULL; + mlist = nlist = 0; + for (size_t i = 0; i < rconf.cs_n; i++) + uniqueadd(&list, &nlist, &mlist, &rconf.cs_c[i]); + for (size_t i = 0; i < lconf.cs_n; i++) + uniqueadd(&list, &nlist, &mlist, &lconf.cs_c[i]); + + for (size_t i = 0; i < nlist; i++) + run_flush(list[i]); + free(list); +} + +static void +rules_restore(void) +{ + DB *db; + struct conf c; + struct dbinfo dbi; + unsigned int f; + + db = state_open(dbfile, O_RDONLY, 0); + if (db == NULL) { + (*lfun)(LOG_ERR, "Can't open `%s' to restore state (%m)", + dbfile); + return; + } + for (f = 1; state_iterate(db, &c, &dbi, f) == 1; f = 0) { + if (dbi.id[0] == '\0') + continue; + (void)run_change("add", &c, dbi.id, sizeof(dbi.id)); + state_put(state, &c, &dbi); + } + state_close(db); + state_sync(state); +} + +int +main(int argc, char *argv[]) +{ + int c, tout, flags, flush, restore, ret; + const char *spath, **blsock; + size_t nblsock, maxblsock; + + setprogname(argv[0]); + + spath = NULL; + blsock = NULL; + maxblsock = nblsock = 0; + flush = 0; + restore = 0; + tout = 0; + flags = O_RDWR|O_EXCL|O_CLOEXEC; + while ((c = getopt(argc, argv, "C:c:D:dfP:rR:s:t:v")) != -1) { + switch (c) { + case 'C': + controlprog = optarg; + break; + case 'c': + configfile = optarg; + break; + case 'D': + dbfile = optarg; + break; + case 'd': + debug++; + break; + case 'f': + flush++; + break; + case 'P': + spath = optarg; + break; + case 'R': + rulename = optarg; + break; + case 'r': + restore++; + break; + case 's': + if (nblsock >= maxblsock) { + maxblsock += 10; + void *p = realloc(blsock, + sizeof(*blsock) * maxblsock); + if (p == NULL) + err(EXIT_FAILURE, + "Can't allocate memory for %zu sockets", + maxblsock); + blsock = p; + } + blsock[nblsock++] = optarg; + break; + case 't': + tout = atoi(optarg) * 1000; + break; + case 'v': + vflag++; + break; + default: + usage(c); + } + } + + argc -= optind; + if (argc) + usage('?'); + + signal(SIGHUP, sighup); + signal(SIGINT, sigdone); + signal(SIGQUIT, sigdone); + signal(SIGTERM, sigdone); + signal(SIGUSR1, sigusr1); + signal(SIGUSR2, sigusr2); + + openlog(getprogname(), LOG_PID, LOG_DAEMON); + + if (debug) { + lfun = dlog; + if (tout == 0) + tout = 5000; + } else { + if (tout == 0) + tout = 15000; + } + + update_interfaces(); + conf_parse(configfile); + if (flush) { + rules_flush(); + if (!restore) + flags |= O_TRUNC; + } + + struct pollfd *pfd = NULL; + bl_t *bl = NULL; + size_t nfd = 0; + size_t maxfd = 0; + + for (size_t i = 0; i < nblsock; i++) + addfd(&pfd, &bl, &nfd, &maxfd, blsock[i]); + free(blsock); + + if (spath) { + FILE *fp = fopen(spath, "r"); + char *line; + if (fp == NULL) + err(EXIT_FAILURE, "Can't open `%s'", spath); + for (; (line = fparseln(fp, NULL, NULL, NULL, 0)) != NULL; + free(line)) + addfd(&pfd, &bl, &nfd, &maxfd, line); + fclose(fp); + } + if (nfd == 0) + addfd(&pfd, &bl, &nfd, &maxfd, _PATH_BLSOCK); + + state = state_open(dbfile, flags, 0600); + if (state == NULL) + state = state_open(dbfile, flags | O_CREAT, 0600); + if (state == NULL) + return EXIT_FAILURE; + + if (restore) { + if (!flush) + rules_flush(); + rules_restore(); + } + + if (!debug) { + if (daemon(0, 0) == -1) + err(EXIT_FAILURE, "daemon failed"); + if (pidfile(NULL) == -1) + err(EXIT_FAILURE, "Can't create pidfile"); + } + + for (size_t t = 0; !done; t++) { + if (readconf) { + readconf = 0; + conf_parse(configfile); + } + ret = poll(pfd, (nfds_t)nfd, tout); + if (debug) + (*lfun)(LOG_DEBUG, "received %d from poll()", ret); + switch (ret) { + case -1: + if (errno == EINTR) + continue; + (*lfun)(LOG_ERR, "poll (%m)"); + return EXIT_FAILURE; + case 0: + state_sync(state); + break; + default: + for (size_t i = 0; i < nfd; i++) + if (pfd[i].revents & POLLIN) + process(bl[i]); + } + if (t % 100 == 0) + state_sync(state); + if (t % 10000 == 0) + update_interfaces(); + update(); + } + state_close(state); + return 0; +} diff --git a/contrib/blocklist/bin/old_internal.c b/contrib/blocklist/bin/old_internal.c new file mode 100644 index 000000000000..79093cc8b8ab --- /dev/null +++ b/contrib/blocklist/bin/old_internal.c @@ -0,0 +1,50 @@ +/* $NetBSD: internal.c,v 1.2 2025/02/11 17:48:30 christos Exp $ */ + +/*- + * Copyright (c) 2015 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#ifdef HAVE_SYS_CDEFS_H +#include +#endif +__RCSID("$NetBSD: internal.c,v 1.2 2025/02/11 17:48:30 christos Exp $"); + +#include +#include +#include "conf.h" +#include "old_internal.h" + +int debug; +const char *rulename = "blacklistd"; +const char *controlprog = _PATH_BLCONTROL; +struct confset lconf, rconf; +struct ifaddrs *ifas; +void (*lfun)(int, const char *, ...) = syslog; diff --git a/contrib/blocklist/bin/old_internal.h b/contrib/blocklist/bin/old_internal.h new file mode 100644 index 000000000000..becee563e81d --- /dev/null +++ b/contrib/blocklist/bin/old_internal.h @@ -0,0 +1,58 @@ +/* $NetBSD: internal.h,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $ */ + +/*- + * Copyright (c) 2015 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _OLD_INTERNAL_H +#define _OLD_INTERNAL_H + +#ifndef _PATH_BLCONF +#define _PATH_BLCONF "/etc/blacklistd.conf" +#endif +#ifndef _PATH_BLCONTROL +#define _PATH_BLCONTROL "/usr/libexec/blacklistd-helper" +#endif +#ifndef _PATH_BLSTATE +/* We want the new name, the old one would be incompatible after 24932b6 */ +#define _PATH_BLSTATE "/var/db/blocklistd.db" +#endif + +extern struct confset rconf, lconf; +extern int debug; +extern const char *rulename; +extern const char *controlprog; +extern struct ifaddrs *ifas; + +#if !defined(__syslog_attribute__) && !defined(__syslog__) +#define __syslog__ __printf__ +#endif + +extern void (*lfun)(int, const char *, ...) *** 2509 LINES SKIPPED *** From nobody Tue Oct 14 00:57:34 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clwmb0tgrz6CfGG; Tue, 14 Oct 2025 00:57:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clwmZ5TtYz3vJM; Tue, 14 Oct 2025 00:57:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403454; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AHKJ6NZA8VqJr78fJCror4iH+a3OPObm16K3Lb/u/MA=; b=XiaTspaZqZS7cN89tM91S9uskN4L0X8jAEEocCFRJcvWAeSDjPBc7r2N9ExSe1MsJ/C/2X w/si675qhyNbvmUH2UGnnvoFc5GrPaHe4JpA+oSeejhsPpGb94akaaTdkyTyXyX0UHxIVK t7UA6vVR+t4ydH9tNV4mbb5+j/OQQMOqqcaMBwD8+ueMAaWhTEqtWuf3lAfIr04Wcloeer Wzjvkq68ZYByvCMIZY+rZ4bPSkf3iXmBYCl84OPX5J6bg76EPxPHm9jpo1K//e0PQP9m3S cVPHHYkWRUuu9PopnpKyr7ZB/xL2BiMCCcfEroemVlV4pJDxhjasl65rBAueNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403454; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AHKJ6NZA8VqJr78fJCror4iH+a3OPObm16K3Lb/u/MA=; b=dfQRR8Jer9tu57ZxMckAYoDaimDBkwIWI5Z8CKRdazz5rfcVDlBAamPKw5ohfzW/9rCSst f6FKOHN44yQsUV9AOMoITqrUCV4QasfRVjnWZjRDLhnJWpkeevc9Udu2/s/eJ6i/6+5B9n KefvIngnNDRWIvnRRA107YRcDbC5eMAX/ViD46zKTIhv44sxt932H1x2bh/UY1fkvlU313 yw8s0tENiD6vMnzQLwDKx9Z2Clhf6aHbSNghH4ygqDA/ATWiuUk2/QjFBSa5nAjspIo/35 T/+uEz/7iAEh/3jnFzrZiW+FL/JOUm2Hg42l6VrUw4ehweY7JwymZkcWhJUGTw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760403454; a=rsa-sha256; cv=none; b=UrQ8pEOqrJbOHTI9TdI+3dq7yWRsTBErkFyQbutOC+JOyZhvyoG5rfzdcq2M4BZUOCzB/7 If0ZACYVGXfU1N95lALmNFicZoqHkKV66C7zmFXxuYpkKIe/Dm44uJTxPPCrTWjqVhnLjG 2tnvSSTjZPVcyk+vJnqw5rj981/CCNogVKmVQWAyrPDh+aI6BHzL/GDpDWqeHW18dwzxfO 4Cnj7SjIWD4eov10kUB9g3ZUzODsM9o6QELf0elvrEs5RB2xDnLsQ/aHjNsYK89TpaWcPD aTlxDE50Ca0sUJiskbAjDmPODJMn0Ma6TX16nO3SD8U2fd5LjwOui1i3VfWGPw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clwmZ55TWzTvS; Tue, 14 Oct 2025 00:57:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E0vYdR021640; Tue, 14 Oct 2025 00:57:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E0vYNV021637; Tue, 14 Oct 2025 00:57:34 GMT (envelope-from git) Date: Tue, 14 Oct 2025 00:57:34 GMT Message-Id: <202510140057.59E0vYNV021637@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: ba5768504bee - stable/15 - blocklist-helper: Silence a bogus pf warning List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: ba5768504bee39191754fc1aece3927c8936f27c Auto-Submitted: auto-generated The branch stable/15 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=ba5768504bee39191754fc1aece3927c8936f27c commit ba5768504bee39191754fc1aece3927c8936f27c Author: Jose Luis Duran AuthorDate: 2025-10-12 17:16:12 +0000 Commit: Jose Luis Duran CommitDate: 2025-10-14 00:53:40 +0000 blocklist-helper: Silence a bogus pf warning Silence a bogus warning about (an ethernet) anchor not being found. It has been reported as PR 280516. In the meantime, just sweep under the carpet. Approved by: emaste (mentor) MFC after: 2 days (cherry picked from commit 2347ca21d657121670e6e7246c6ac32efc996cac) --- contrib/blocklist/libexec/blocklistd-helper | 2 +- libexec/blocklistd-helper/blacklistd-helper | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/blocklist/libexec/blocklistd-helper b/contrib/blocklist/libexec/blocklistd-helper index f27cde4ed4ea..14a192ee35ce 100755 --- a/contrib/blocklist/libexec/blocklistd-helper +++ b/contrib/blocklist/libexec/blocklistd-helper @@ -258,7 +258,7 @@ flush) pf) # dynamically determine which anchors exist for anchor in $(/sbin/pfctl -a "$2" -s Anchors 2> /dev/null); do - /sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush + /sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush 2> /dev/null /sbin/pfctl -a "$anchor" -F rules done echo OK diff --git a/libexec/blocklistd-helper/blacklistd-helper b/libexec/blocklistd-helper/blacklistd-helper index 4195f070e8ee..92f768e86cdf 100644 --- a/libexec/blocklistd-helper/blacklistd-helper +++ b/libexec/blocklistd-helper/blacklistd-helper @@ -279,7 +279,7 @@ flush) pf) # dynamically determine which anchors exist for anchor in $(/sbin/pfctl -a "$2" -s Anchors 2> /dev/null); do - /sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush + /sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush 2> /dev/null /sbin/pfctl -a "$anchor" -F rules done echo OK From nobody Tue Oct 14 00:57:35 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clwmc2GC0z6Cf7s; Tue, 14 Oct 2025 00:57:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clwmb6chXz3vNw; Tue, 14 Oct 2025 00:57:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403456; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CaOQbPDJsEm6Ufb8MTac9QM4v0XUeH7ZSH9Bd1M7fUo=; b=R1uEX57CgNWzWlScHLFHZAUiZL8ojE17KgT5QvPkUXb90MqaF3zZL+EOpdcDMgtoMw5tas U0i3/PbN3xvMkSDi/v6A87/0NVirHPrn4QLWgspxJk9nJjVR9QcHJ/k0yn3CkjMo9Vdohd PvQAhGi0rauZNkBFz15fVVbwECLluMMLOSxDWj8+icR2LoDqP9/1fhixuCMRUqqvUG9AoS +dPoaJBie/zI8899mEHJHPvZAs3WI2TJGHtJcRpvssOBSExCZS4MqRAwj2OtzDdXeb7mhG pjEdwhkcIPHY+VKBL3GvNBILrholPKjEFEc72swYJb7Q0Gw+7gfO6nGBqHUpZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403456; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CaOQbPDJsEm6Ufb8MTac9QM4v0XUeH7ZSH9Bd1M7fUo=; b=RPMyw62szzI2nYS+x8GZdddSfBR3FPYohicVJ+F48lb9pOdnNcwpD99ZWusyT4SJcYTL+B LSeUhLHNTShLb8ExzexRx+JQrnjE0vKn6tCtiiB1TjD284qU//J+pn/o0iKQZz1vnfzE44 4LA6w4gQmXm9AFvI7nEV065PzOjLjZRbHp3yFY5r2FfMWgE/ub9m0GvMB7Rrr5mDlXRI16 3/i8bR9PC2bzCNj1lNmhghhX84cdMly1U/zBTXG6wm/3T8Z4O9Drj0dPI/nOvz5CNpupoj 11c0OaFsvAVZwM0DLwl6xCXyVZDNJyV8I16/fR2qyndyyPUcVSJWa8l3DU2r8Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760403456; a=rsa-sha256; cv=none; b=qOuFLs/MZMKWGbdO57Rw9+hVAqBJcoYCaYRVE1N13A/xX3eIJcBymMS7eMTIJ8mmpNGURj +MTaMd82vB6+CK7ReK7YBZXX1ZMm216VxCTuO9VdvLuA+ie7KoS+aOR8RL0D4Y2KfJZpHu wp8SPH/CT4kOym8jSDIwx9qjA/i4Cv+F3TtGeyTVYhGf2mF1LCXIp0ubZG+fetolrRQE8i mfWeSSKRLn9DefLJmBugFbYBPpMyBqtaK2+XOJF1tGR9A1nlqltEB6/bdcL177Lb93vw7+ jrVt3j3UPO4vwtc1Dz1EeNaZxOXeElvSNMRzLt1vZUvsaCSLRLbaHnJWsdacfQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clwmb68bbzTvT; Tue, 14 Oct 2025 00:57:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E0vZSb021680; Tue, 14 Oct 2025 00:57:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E0vZeR021677; Tue, 14 Oct 2025 00:57:35 GMT (envelope-from git) Date: Tue, 14 Oct 2025 00:57:35 GMT Message-Id: <202510140057.59E0vZeR021677@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: f935c0f66f75 - stable/15 - blacklist: Avoid duplicate manual pages in METALOG List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: f935c0f66f75e882185ed8bc46f39054f2ced4e1 Auto-Submitted: auto-generated The branch stable/15 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=f935c0f66f75e882185ed8bc46f39054f2ced4e1 commit f935c0f66f75e882185ed8bc46f39054f2ced4e1 Author: Jose Luis Duran AuthorDate: 2025-10-13 00:53:50 +0000 Commit: Jose Luis Duran CommitDate: 2025-10-14 00:54:07 +0000 blacklist: Avoid duplicate manual pages in METALOG Previously, blacklist man pages were just a symlink to their blocklist counterpart, this in turn installed blocklist man pages twice, and resulted in a duplicate error when running metalog_reader.lua -c. Take advantage of the duplication to document nuances in blacklist, such as the fact that it uses the new database and socket name (blocklist). Also, note that it has been renamed to blocklist. In the future, it will help to document its deprecation. Approved by: emaste (mentor) Fixes: 7238317403b9 ("blocklist: Rename blacklist to blocklist") MFC after: 2 days (cherry picked from commit c6240045536548c22ce40d9ef36c1dc52abcfc9c) --- contrib/blocklist/bin/blacklistctl.8 | 136 ++++++++++++++ contrib/blocklist/bin/blacklistd.8 | 308 ++++++++++++++++++++++++++++++++ contrib/blocklist/bin/blacklistd.conf.5 | 242 +++++++++++++++++++++++++ contrib/blocklist/lib/libblacklist.3 | 188 +++++++++++++++++++ lib/libblacklist/Makefile | 17 +- usr.sbin/blacklistctl/Makefile | 3 +- usr.sbin/blacklistd/Makefile | 4 +- 7 files changed, 884 insertions(+), 14 deletions(-) diff --git a/contrib/blocklist/bin/blacklistctl.8 b/contrib/blocklist/bin/blacklistctl.8 new file mode 100644 index 000000000000..4d557c0c979d --- /dev/null +++ b/contrib/blocklist/bin/blacklistctl.8 @@ -0,0 +1,136 @@ +.\" $NetBSD: blocklistctl.8,v 1.4 2025/02/07 01:35:38 kre Exp $ +.\" +.\" Copyright (c) 2015 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Christos Zoulas. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd January 27, 2025 +.Dt BLACKLISTCTL 8 +.Os +.Sh NAME +.Nm blacklistctl +.Nd display and change the state of the blacklistd database +.Sh SYNOPSIS +.Nm +.Cm dump +.Op Fl abdnrw +.Op Fl D Ar dbname +.Sh DESCRIPTION +.Nm +is a program used to display and change the state of the +.Xr blacklistd 8 +database. +The following sub-commands are supported: +.Ss dump +.Pp +The following options are available for the +.Cm dump +sub-command: +.Bl -tag -width indent +.It Fl a +Show all database entries, by default it shows only the active ones. +Inactive entries will be shown with a last-access (or, with +.Fl r , +the remaining) time of +.Ql never . +.It Fl b +Show only the blocked entries. +.It Fl D Ar dbname +Specify the location of the +.Ic blacklistd +database file to use. +The default is +.Pa /var/db/blocklistd.db . +.It Fl d +Increase debugging level. +.It Fl n +Don't display a header. +.It Fl r +Show the remaining blocked time instead of the last activity time. +.It Fl w +Normally the width of addresses is good for IPv4, the +.Fl w +flag, makes the display wide enough for IPv6 addresses. +.El +.Pp +The output of the +.Cm dump +sub-command consists of a header (unless +.Fl n +was given) and one line for each record in the database, where each line +has the following columns: +.Bl -tag -width indent +.It Ql address/ma:port +The remote address, mask, and local port number of the client connection +associated with the database entry. +.It Ql id +column will show the identifier for the packet filter rule associated +with the database entry, though this may only be the word +.Ql OK +for packet filters which do not creat a unique identifier for each rule. +.It Ql nfail +The number of +.Em failures +reported for the client on the noted port, as well as the number of +failures allowed before blocking (or, with +.Fl a , +an asterisk +.Aq * ) +.It So last access Sc | So remaining time Sc +The last time a the client was reported as attempting access, or, with +.Fl r , +the time remaining before the rule blocking the client will be removed. +.El +.Sh SEE ALSO +.Xr blacklistd 8 +.Sh NOTES +The +.Nm +program has been renamed to +.Xr blocklistctl 8 . +.Pp +Sometimes the reported number of failed attempts can exceed the number +of attempts that +.Xr blacklistd 8 +is configured to block. +This can happen either because the rule has been removed manually, or +because there were more attempts in flight while the rule block was being +added. +This condition is normal; in that case +.Xr blacklistd 8 +will first attempt to remove the existing rule, and then it will re-add +it to make sure that there is only one rule active. +.Sh HISTORY +.Nm +first appeared in +.Nx 7 . +.Fx +support for +.Nm +was implemented in +.Fx 11 . +.Sh AUTHORS +.An Christos Zoulas diff --git a/contrib/blocklist/bin/blacklistd.8 b/contrib/blocklist/bin/blacklistd.8 new file mode 100644 index 000000000000..9ca886e9c4d3 --- /dev/null +++ b/contrib/blocklist/bin/blacklistd.8 @@ -0,0 +1,308 @@ +.\" $NetBSD: blocklistd.8,v 1.8 2025/02/25 22:13:34 christos Exp $ +.\" +.\" Copyright (c) 2015 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Christos Zoulas. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd February 25, 2025 +.Dt BLACKLISTD 8 +.Os +.Sh NAME +.Nm blacklistd +.Nd block and release ports on demand to avoid DoS abuse +.Sh SYNOPSIS +.Nm +.Op Fl dfrv +.Op Fl C Ar controlprog +.Op Fl c Ar configfile +.Op Fl D Ar dbfile +.Op Fl P Ar sockpathsfile +.Op Fl R Ar rulename +.Op Fl s Ar sockpath +.Op Fl t Ar timeout +.Sh DESCRIPTION +.Nm +is a daemon similar to +.Xr syslogd 8 +that listens to sockets at paths specified in the +.Ar sockpathsfile +for notifications from other daemons about successful or failed connection +attempts. +If no such file is specified, then it only listens to the socket path +specified by +.Ar sockpath +or if that is not specified to +.Pa /var/run/blocklistd.sock . +Each notification contains an (action, port, protocol, address, owner) tuple +that identifies the remote connection and the action. +This tuple is consulted against entries from the +.Ar configfile , +with the syntax specified in +.Xr blacklistd.conf 5 . +If an entry is matched, a state entry is created for that tuple. +Each entry contains a number of tries limit and a duration. +.Pp +If +.Ar configfile +is a directory, or a directory exists with the same name as +.Ar configfile +with +.Qq .d +appended to it, each file in the directory will be read as configuration file. +If +.Ar configfile +exists as a file it will be processed before the contents of the +.Ar configfile Ns .d +directory if that also exists. +.Pp +The way +.Nm +does configuration entry matching is by having the client side pass the +file descriptor associated with the connection the client wants to blacklist +as well as passing socket credentials. +.Pp +The file descriptor is used to retrieve information (address and port) +about the remote side with +.Xr getpeername 2 +and the local side with +.Xr getsockname 2 . +.Pp +By examining the port of the local side, +.Nm +can determine if the client program +.Dq owns +the port. +By examining the optional address portion on the local side, it can match +interfaces. +By examining the remote address, it can match specific allow or deny rules. +.Pp +Finally +.Nm +can examine the socket credentials to match the user in the configuration file. +.Pp +While this works well for TCP sockets, it cannot be relied on for unbound +UDP sockets. +It is also less meaningful when it comes to connections using non-privileged +ports. +On the other hand, if we receive a request that has a local endpoint indicating +a UDP privileged port, we can presume that the client was privileged to be +able to acquire that port. +.Pp +Once an entry is matched +.Nm +can perform various actions. +If the action is +.Dq add +and the number of tries limit is reached, then a +control script +.Ar controlprog +is invoked with arguments: +.Bd -literal -offset indent +control add
+.Ed +.Pp +and should invoke a packet filter command to block the connection +specified by the arguments. +The +.Ar rulename +argument can be set from the command line (default +.Dv blacklistd ) . +The script could print a numerical id to stdout as a handle for +the rule that can be used later to remove that connection, but +that is not required as all information to remove the rule is +kept. +.Pp +If the action is +.Dq rem +Then the same control script is invoked as: +.Bd -literal -offset indent +control rem
+.Ed +.Pp +where +.Ar id +is the number returned from the +.Dq add +action. +.Pp +.Nm +maintains a database of known connections in +.Ar dbfile . +On startup it reads entries from that file, and updates its internal state. +.Pp +.Nm +checks the list of active entries every +.Ar timeout +seconds (default +.Dv 15 ) +and removes entries and block rules using the control program as necessary. +.Pp +The following options are available: +.Bl -tag -width indent +.It Fl C Ar controlprog +Use +.Ar controlprog +to communicate with the packet filter, instead of the default, which is +.Pa /usr/libexec/blacklistd-helper . +The following arguments are passed to the control program: +.Bl -tag -width protocol +.It action +The action to perform: +.Dv add , +.Dv rem , +or +.Dv flush ; +to add, remove or flush a firewall rule. +.It name +The rule name. +.It protocol +The optional protocol name (can be empty): +.Dv tcp , +.Dv tcp6 , +.Dv udp , +.Dv udp6 . +.It address +The IPv4 or IPv6 numeric address to be blocked or released. +.It mask +The numeric mask to be applied to the blocked or released address +.It port +The optional numeric port to be blocked (can be empty). +.It id +For packet filters that support removal of rules by rule identifier, the +identifier of the rule to be removed. +The add command is expected to return the rule identifier string to stdout. +.El +.It Fl c Ar configuration +The name of the configuration file to read. +The default when +.Fl c +is not given is +.Pa /etc/blacklistd.conf . +.It Fl D Ar dbfile +The Berkeley DB file where +.Nm +stores its state. +It defaults to +.Pa /var/db/blocklistd.db . +.It Fl d +Normally, +.Nm +disassociates itself from the terminal unless the +.Fl d +flag is specified, in which case it stays in the foreground. +.It Fl f +Truncate the state database and flush all the rules named +.Ar rulename +are deleted by invoking the control script as: +.Bd -literal -offset indent +control flush +.Ed +.It Fl P Ar sockpathsfile +A file containing a list of pathnames, one per line that +.Nm +will create sockets to listen to. +This is useful for chrooted environments. +.It Fl R Ar rulename +Specify the default rule name for the packet filter rules, usually +.Dv blacklistd . +.It Fl r +Re-read the firewall rules from the internal database, then +remove and re-add them. +This helps for packet filters that do not retain state across reboots. +.It Fl s Ar sockpath +Add +.Ar sockpath +to the list of Unix sockets +.Nm +listens to. +.It Fl t Ar timeout +The interval in seconds +.Nm +polls the state file to update the rules. +.It Fl v +Cause +.Nm +to print +diagnostic messages to +.Dv stdout +instead of +.Xr syslogd 8 . +.El +.Sh SIGNAL HANDLING +.Nm +deals with the following signals: +.Bl -tag -width "USR2" +.It Dv HUP +Receipt of this signal causes +.Nm +to re-read the configuration file. +.It Dv INT , Dv TERM & Dv QUIT +These signals tell +.Nm +to exit in an orderly fashion. +.It Dv USR1 +This signal tells +.Nm +to increase the internal debugging level by 1. +.It Dv USR2 +This signal tells +.Nm +to decrease the internal debugging level by 1. +.El +.Sh FILES +.Bl -tag -width /usr/libexec/blacklistd-helper -compact +.It Pa /usr/libexec/blacklistd-helper +Shell script invoked to interface with the packet filter. +.It Pa /etc/blacklistd.conf +Configuration file. +.It Pa /var/db/blocklistd.db +Database of current connection entries. +.It Pa /var/run/blocklistd.sock +Socket to receive connection notifications. +.El +.Sh SEE ALSO +.Xr blacklistd.conf 5 , +.Xr blacklistctl 8 , +.Xr ipf 8 , +.Xr ipfw 8 , +.Xr pfctl 8 , +.Xr syslogd 8 +.Sh NOTES +The +.Nm +daemon has been renamed to +.Xr blocklistd 8 . +.Sh HISTORY +.Nm +first appeared in +.Nx 7 . +.Fx +support for +.Nm +was implemented in +.Fx 11 . +.Sh AUTHORS +.An Christos Zoulas diff --git a/contrib/blocklist/bin/blacklistd.conf.5 b/contrib/blocklist/bin/blacklistd.conf.5 new file mode 100644 index 000000000000..e775d30e7e8e --- /dev/null +++ b/contrib/blocklist/bin/blacklistd.conf.5 @@ -0,0 +1,242 @@ +.\" $NetBSD: blocklistd.conf.5,v 1.7 2025/02/11 17:47:05 christos Exp $ +.\" +.\" Copyright (c) 2015, 2025 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Christos Zoulas. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd February 5, 2025 +.Dt BLACKLISTD.CONF 5 +.Os +.Sh NAME +.Nm blacklistd.conf +.Nd configuration file format for blacklistd +.Sh DESCRIPTION +The +.Nm +file contains configuration entries for +.Xr blacklistd 8 +in a fashion similar to +.Xr inetd.conf 5 . +Only one entry per line is permitted. +Every entry must have all fields populated. +Each field can be separated by a tab or a space. +Comments are denoted by a +.Dq # +at the beginning of a line. +.Pp +There are two kinds of configuration lines, +.Va [local] +and +.Va [remote] . +By default, configuration lines are +.Va [local] , +i.e. the address specified refers to the addresses on the local machine. +To switch to between +.Va [local] +and +.Va [remote] +configuration lines you can specify the stanzas: +.Dq [local] +and +.Dq [remote] . +.Pp +On +.Va [local] +and +.Va [remote] +lines +.Dq * +means use the default, or wildcard match. +In addition, for +.Va [remote] +lines +.Dq = +means use the values from the matched +.Va [local] +configuration line. +.Pp +The first four fields, +.Va location , +.Va type , +.Va proto , +and +.Va owner +are used to match the +.Va [local] +or +.Va [remote] +addresses, whereas the last 3 fields +.Va name , +.Va nfail , +and +.Va disable +are used to modify the filtering action. +.Pp +The first field denotes the +.Va location +as an address, mask, and port. +The syntax for the +.Va location +is: +.Bd -literal -offset indent + [
|][/][:] +.Ed +.Pp +The +.Dv address +can be an IPv4 address in numeric format, an IPv6 address +in numeric format and enclosed by square brackets, or an interface name. +Mask modifiers are not allowed on interfaces because interfaces +can have multiple addresses in different protocols where the mask has a +different size. +.Pp +The +.Dv mask +is always numeric, but the +.Dv port +can be either numeric or symbolic. +.Pp +The second field is the socket +.Va type : +.Dv stream , +.Dv dgram , +or numeric. +The third field is the +.Va protocol : +.Dv tcp , +.Dv udp , +.Dv tcp6 , +.Dv udp6 , +or numeric. +The fourth field is the effective user +.Va ( owner ) +of the daemon process reporting the event, +either as a username or a userid. +.Pp +The rest of the fields control the behavior of the filter. +.Pp +The +.Va name +field, is the name of the packet filter rule to be used. +If the +.Va name +starts with a hyphen +.Pq Dq - , +then the default rulename is prepended to the given name. +If the +.Dv name +contains a +.Dq / , +the remaining portion of the name is interpreted as the mask to be +applied to the address specified in the rule, causing a single rule violation to +block the entire subnet for the configured prefix. +.Pp +The +.Va nfail +field contains the number of failed attempts before access is blocked, +defaulting to +.Dq * +meaning never, and the last field +.Va duration +specifies the amount of time since the last access that the blocking +rule should be active, defaulting to +.Dq * +meaning forever. +The default unit for +.Va duration +is seconds, but one can specify suffixes for different units, such as +.Dq m +for minutes +.Dq h +for hours and +.Dq d +for days. +.Pp +Matching is done first by checking the +.Va [local] +rules individually, in the order of the most specific to the least specific. +If a match is found, then the matching +.Va [remote] +rules are applied. +The +.Va name , +.Va nfail , +and +.Va duration +fields can be altered by the +.Va [remote] +rule that matched. +.Pp +The +.Va [remote] +rules can be used for allowing specific addresses, changing the mask +size (via +.Va name ) , +the rule that the packet filter uses (also via +.Va name ) , +the number of failed attempts (via +.Va nfail ) , +or the duration to block (via +.Va duration ) . +.Sh FILES +.Bl -tag -width /etc/blacklistd.conf -compact +.It Pa /etc/blacklistd.conf +Configuration file. +.El +.Sh EXAMPLES +.Bd -literal -offset 8n +# Block ssh, after 3 attempts for 6 hours on the bnx0 interface +[local] +# location type proto owner name nfail duration +bnx0:ssh * * * * 3 6h +[remote] +# Never block 1.2.3.4 +1.2.3.4:ssh * * * * * * +# Never block the example IPv6 subnet either +[2001:db8::]/32:ssh * * * * * * +# For addresses coming from 8.8.0.0/16 block whole /24 networks instead +# individual hosts, but keep the rest of the blocking parameters the same. +8.8.0.0/16:ssh * * * /24 = = +.Ed +.Sh SEE ALSO +.Xr blacklistctl 8 , +.Xr blacklistd 8 +.Sh NOTES +The +.Nm +file has been renamed to +.Xr blocklistd.conf 8 . +.Sh HISTORY +.Nm +first appeared in +.Nx 7 . +.Fx +support for +.Nm +was implemented in +.Fx 11 . +.Sh AUTHORS +.An Christos Zoulas diff --git a/contrib/blocklist/lib/libblacklist.3 b/contrib/blocklist/lib/libblacklist.3 new file mode 100644 index 000000000000..5bc093c38f79 --- /dev/null +++ b/contrib/blocklist/lib/libblacklist.3 @@ -0,0 +1,188 @@ +.\" $NetBSD: libblocklist.3,v 1.7 2025/02/05 20:14:30 christos Exp $ +.\" +.\" Copyright (c) 2015 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Christos Zoulas. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd February 5, 2025 +.Dt LIBBLACKLIST 3 +.Os +.Sh NAME +.Nm blacklist_open , +.Nm blacklist_open2 , +.Nm blacklist_close , +.Nm blacklist_r , +.Nm blacklist , +.Nm blacklist_sa , +.Nm blacklist_sa_r +.Nd Blacklistd notification library +.Sh LIBRARY +.Lb libblacklist +.Sh SYNOPSIS +.In blacklist.h +.Ft struct blacklist * +.Fn blacklist_open "void" +.Ft struct blacklist * +.Fn blacklist_open2 "void (*logger)(int, struct syslog_data *, va_list)" +.Ft void +.Fn blacklist_close "struct blacklist *cookie" +.Ft int +.Fn blacklist "int action" "int fd" "const char *msg" +.Ft int +.Fn blacklist_r "struct blacklist *cookie" "int action" "int fd" "const char *msg" +.Ft int +.Fn blacklist_sa "int action" "int fd" "const struct sockaddr *sa" "socklen_t salen" "const char *msg" +.Ft int +.Fn blacklist_sa_r "struct blacklist *cookie" "int action" "int fd" "const struct sockaddr *sa" "socklen_t salen" "const char *msg" +.Sh DESCRIPTION +These functions can be used by daemons to notify +.Xr blacklistd 8 +about successful and failed remote connections so that blacklistd can +block or release port access to prevent Denial of Service attacks. +.Pp +The function +.Fn blacklist_open +creates the necessary state to communicate with +.Xr blacklistd 8 +and returns a pointer to it, or +.Dv NULL +on failure. +.Pp +The function +.Fn blacklist_open2 +is similar to +.Fn blacklist_open +but allows a +.Fa logger +to be specified. +If the +.Fa logger +is +.Dv NULL , +then no logging is performed. +.Pp +The +.Fn blacklist_close +function frees all memory and resources used. +.Pp +The +.Fn blacklist +function sends a message to +.Xr blacklistd 8 , +with an integer +.Ar action +argument specifying the type of notification, +a file descriptor +.Ar fd +specifying the accepted file descriptor connected to the client, +and an optional message in the +.Ar msg +argument. +.Pp +The +.Ar action +parameter can take these values: +.Bl -tag -width ".Dv BLACKLIST_ABUSIVE_BEHAVIOR" +.It Dv BLACKLIST_AUTH_FAIL +There was an unsuccessful authentication attempt. +.It Dv BLACKLIST_AUTH_OK +A user successfully authenticated. +.It Dv BLACKLIST_ABUSIVE_BEHAVIOR +The sending daemon has detected abusive behavior +from the remote system. +The remote address should +be blocked as soon as possible. +.It Dv BLACKLIST_BAD_USER +The sending daemon has determined the username +presented for authentication is invalid. +The +.Xr blacklistd 8 +daemon compares the username to a configured list of forbidden +usernames and +blocks the address immediately if a forbidden username matches. +(The +.Dv BLACKLIST_BAD_USER +support is not currently available.) +.El +.Pp +The +.Fn blacklist_r +function is more efficient because it keeps the blacklist state around. +.Pp +The +.Fn blacklist_sa +and +.Fn blacklist_sa_r +functions can be used with unconnected sockets, where +.Xr getpeername 2 +will not work, the server will pass the peer name in the message. +.Pp +In all cases the file descriptor passed in the +.Fa fd +argument must be pointing to a valid socket so that +.Xr blacklistd 8 +can establish ownership of the local endpoint +using +.Xr getsockname 2 . +.Pp +By default, +.Xr syslogd 8 +is used for message logging. +The internal +.Fn bl_create +function can be used to create the required internal +state and specify a custom logging function. +.Sh RETURN VALUES +The function +.Fn blacklist_open +returns a cookie on success and +.Dv NULL +on failure setting +.Dv errno +to an appropriate value. +.Pp +The functions +.Fn blacklist , +.Fn blacklist_sa , +and +.Fn blacklist_sa_r +return +.Dv 0 +on success and +.Dv \-1 +on failure setting +.Dv errno +to an appropriate value. +.Sh NOTES +The +.Lb libblacklist +has been renamed to +.Xr libblocklist 3 . +.Sh SEE ALSO +.Xr blacklistd.conf 5 , +.Xr blacklistd 8 +.Sh AUTHORS +.An Christos Zoulas diff --git a/lib/libblacklist/Makefile b/lib/libblacklist/Makefile index 07c770883eab..cac023d69bb7 100644 --- a/lib/libblacklist/Makefile +++ b/lib/libblacklist/Makefile @@ -18,14 +18,13 @@ CFLAGS+=-I${BLOCKLIST_DIR}/include -I${BLOCKLIST_DIR}/port \ SRCS= old_bl.c blacklist.c vsyslog_r.c INCS= blacklist.h -MAN= libblocklist.3 - -MLINKS+=libblocklist.3 libblacklist.3 \ - libblocklist.3 blacklist_open.3 \ - libblocklist.3 blacklist_close.3 \ - libblocklist.3 blacklist.3 \ - libblocklist.3 blacklist_r.3 \ - libblocklist.3 blacklist_sa.3 \ - libblocklist.3 blacklist_sa_r.3 +MAN= libblacklist.3 + +MLINKS= libblacklist.3 blacklist_open.3 \ + libblacklist.3 blacklist_close.3 \ + libblacklist.3 blacklist.3 \ + libblacklist.3 blacklist_r.3 \ + libblacklist.3 blacklist_sa.3 \ + libblacklist.3 blacklist_sa_r.3 .include diff --git a/usr.sbin/blacklistctl/Makefile b/usr.sbin/blacklistctl/Makefile index 8a01f52926a7..41c5f44b072b 100644 --- a/usr.sbin/blacklistctl/Makefile +++ b/usr.sbin/blacklistctl/Makefile @@ -6,8 +6,7 @@ PACKAGE= blocklist PROG= blacklistctl SRCS= blacklistctl.c conf.c state.c support.c old_internal.c \ sockaddr_snprintf.c pidfile.c strtoi.c popenve.c -MAN= blocklistctl.8 -MLINKS= blocklistctl.8 blacklistctl.8 +MAN= blacklistctl.8 LDFLAGS+=-L${LIBBLACKLISTDIR} LIBADD+= blocklist util diff --git a/usr.sbin/blacklistd/Makefile b/usr.sbin/blacklistd/Makefile index b4ba4ca2f9ad..490b12d46968 100644 --- a/usr.sbin/blacklistd/Makefile +++ b/usr.sbin/blacklistd/Makefile @@ -7,9 +7,7 @@ CONFS= blacklistd.conf PROG= blacklistd SRCS= blacklistd.c conf.c run.c state.c support.c old_internal.c \ sockaddr_snprintf.c pidfile.c strtoi.c popenve.c vsyslog_r.c -MAN= blocklistd.8 blocklistd.conf.5 -MLINKS= blocklistd.8 blacklistd.8 \ - blocklistd.conf.5 blacklistd.conf.5 *** 4 LINES SKIPPED *** From nobody Tue Oct 14 00:57:36 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clwmd1smFz6CfDm; Tue, 14 Oct 2025 00:57:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clwmd0DKgz3vZG; Tue, 14 Oct 2025 00:57:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403457; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=P5DDcIRhGQ2Ly9XBqud0zqvWY2nYfEeAtC2XwcDa1nI=; b=VTNfPVflNRAce7XVDPp7MIOVNYi6zMEyBWcBUFtGLeo1YzIOFlTzINaChxqhg3Tr0FH1cJ wYJ3Jk+hLCxLHvoeAyiGCbmtgjxe9Olxlo0UtHdEsl/7iPJC3sHzhVtXgCrVuog5tiuSJU J76lKTkg+9AxlF6UrXciOiAwwhFd7UyA/WJkLMfDOWL9nx0qxIZsM0pHCuNdfP768B3V1w zUdrt9FeMuOrCIUKspX8ZE78J5rS0MsEh6wcQW0vOgvasaZvTLCtz3W7xkHQt+igb3Fq1g gvbxfnfcmynKJIcelr4SSb38LnaMGg4w/VTUISqxWEsvc56gCHtyI6Ugj01iBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403457; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=P5DDcIRhGQ2Ly9XBqud0zqvWY2nYfEeAtC2XwcDa1nI=; b=QiWhJ5ixgZELi5dyuv26Tuo3Z+r3g8yG5/PsMtr8glOaf7DZAL38KYTN6Q1ApfzIbKqvBd fSuSerpJV+twC1nIxHVqVsgv3Z4zSFpSVrMFgnP2IR+9tZXjjhERHZfNt67WYdf3aKn6m1 bfTuHI54UCWH8BRYe+TxY9TThc4eMYDRf69PgNrHIZi1BzvWXq1Bdz8OQdkqN5ns0Kl26c KsoR+hObSLJCcaPEvMXcZ3RGDaw43znjVYOv5cNdq42FLZ1kozOtZBb1DLo1ds1y9rrDLf 3SfTVU4xgNcmneSwmxFNmtWrYI2daSytCajOpDPGpAoxszUPzGqOt+qReaqXNw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760403457; a=rsa-sha256; cv=none; b=Y7xw8NCahc85o4n5ysptsxeZxsJMj5u1JuPdq4tMOVGFoVwNyW+vGCi0Znt/IXuM8cqoLb guk+QIntNOC40B/AbeYI5ETjhtGhqQ/DTxeg0AvcXTxwAQbixwLPFlvtRpg7pN9hRF/ZPm b6yBLuc7+QONh/7QSOOEuWOkTlTf5Q4gvyiOidkWcpTkXkCDVCCkiy14+asFMjPAuV3T1A 0KHZ8Xb4DajRxqi/SKAYt/hPzYuRm389y+Epnjyy4mm+1MSIAm6RYYcZQrPG018umxVSz4 /0sPKEnkfj6WYZYHK/mgXeeoH4fnO192/fZ8iy7SOrXvsWz37KYwXM+AnM99yg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clwmc6mM2zVC2; Tue, 14 Oct 2025 00:57:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E0vaw5021720; Tue, 14 Oct 2025 00:57:36 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E0vaGm021717; Tue, 14 Oct 2025 00:57:36 GMT (envelope-from git) Date: Tue, 14 Oct 2025 00:57:36 GMT Message-Id: <202510140057.59E0vaGm021717@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: f22ca25404e7 - stable/15 - blocklist: Add an UPDATING entry List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: f22ca25404e795aa08efc35d8cdbb5b44304650f Auto-Submitted: auto-generated The branch stable/15 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=f22ca25404e795aa08efc35d8cdbb5b44304650f commit f22ca25404e795aa08efc35d8cdbb5b44304650f Author: Jose Luis Duran AuthorDate: 2025-10-13 14:35:12 +0000 Commit: Jose Luis Duran CommitDate: 2025-10-14 00:54:25 +0000 blocklist: Add an UPDATING entry Add an UPDATING entry about the renaming of blocklist. Approved by: emaste (mentor) Fixes: 7238317403b9 ("blocklist: Rename blacklist to blocklist") MFC after: 1 day (cherry picked from commit ffa8165009365ff93050626d880f2d1d6aacc31a) --- UPDATING | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/UPDATING b/UPDATING index 6e893f07df61..4b14159ceb4a 100644 --- a/UPDATING +++ b/UPDATING @@ -17,6 +17,12 @@ and/or ports. can install the ftp/freebsd-ftpd port. pkgbase users should remove the orphaned FreeBSD-ftpd package. +20251012: + Blacklist has been renamed upstream to Blocklist. If you have it + configured, rename all configuration files, firewall anchors or + sentinel files to reflect the new nomenclature. Old setups will + continue to work emitting a warning. + 20251002: Audio-related utilities including mixer(8) and virtual_oss(8) have moved to the new FreeBSD-sound package. If you have set-optional or From nobody Tue Oct 14 00:57:38 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clwmf43Rhz6Cf9k; Tue, 14 Oct 2025 00:57:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clwmf2VnYz3vRb; Tue, 14 Oct 2025 00:57:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403458; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JGEQoKkB73RdaKSDJTd+9ErgoCQzaw7U4uLp8BVxsHU=; b=oTkl3fWD6+/8o3Wo0IOOgnCRRoQzCBqHJ2m3Gz4kGApMpYHAi78J43d4KvHWZX2Boi2nGL loJ9Z/6MH4hUeTdij3sZb0xyGuoexuTMLSz3uvZAL4y1BWuwhgMxbyw6GdqmU+lSxkrM3y kTjsZhrE9mpTzFeZ6wtL8vZ00ZnVGtftS5vk/K73NFx6NlUptGzFvoxTTgqARqNOeFM7To DC8vSgY8wvBN4Mv+63DlFBwEJSX4FupnWkbv8UcG+WetLPzpClzWrs/v3UBUd7FS6ubbKk rODTxShdfEuEo/oGGz0QZQklh4B1EPUCl724mN7plOnK2PkHO8a5/lZEzIBRnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403458; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JGEQoKkB73RdaKSDJTd+9ErgoCQzaw7U4uLp8BVxsHU=; b=w+fv3uKs483t7+85aPqXF0b+J6bBbAzSdt03hVKexKm9XgXO8A5XEZZ8LJBpAyUMq/TV2W fM3crkY1XfBZUCjEwaYvk/7/m0UBfkvarbsx8HHdhGdJFsBmkRdFHrjRx3gbPXzk7uaqVr +KHM5bIPBNNYNNBhEbr5ZBCDCVRtwtieDTAhl1Oxxq0/YCb5PEnZDXVV6IAgph4M5lT+Ow atogiTuFr7gPtMas/DjFx4Bq7HpjPtpXjkeWsjY9bQVWM4M1ZKAesOJKWhRlDbI4XwfYDj tTjpNtIZQil7mOR2az5SmyNhMDADPpkfQaPFCxN4mImePp4uueR+VZxI2Nhi9A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760403458; a=rsa-sha256; cv=none; b=ReYyDnM3YzBG5g18R/TLNWSZAAD6iK9qcBNQ1XY3KTjYxTM9Xy2U7wChiOBWJy/SNUmSjE quSr0gUZxyMnb0HnEqJoN5gEkGrrCvsE+xb2aIDWzW2MzGiRBYzJuoTfuW97BJBBVhdqgY ebu8WuJjxdIX162frjUY3808Fa8Oek0/4HfAKNRB3gVVTv1CxO3hCTPFajaHdBTcSIB9EU 6PAF+caZNU7qtibVSZsX4yYcMeafdmkGMYGDAytft07kKqGVakX9P19DxyEAuz1efGqNT2 RZXALnBIgjuc/VJNUghypi9Xxnh0dC6YiNboVlzFAPIzSXcAFG04ApRaZFlFIg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clwmf0zhrzVC3; Tue, 14 Oct 2025 00:57:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E0vcBb021757; Tue, 14 Oct 2025 00:57:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E0vcPC021754; Tue, 14 Oct 2025 00:57:38 GMT (envelope-from git) Date: Tue, 14 Oct 2025 00:57:38 GMT Message-Id: <202510140057.59E0vcPC021754@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: 06889e177e7e - stable/15 - UPDATING: Fix typo objump should be objdump List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 06889e177e7e218a18a475e4747bc046078ef3c1 Auto-Submitted: auto-generated The branch stable/15 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=06889e177e7e218a18a475e4747bc046078ef3c1 commit 06889e177e7e218a18a475e4747bc046078ef3c1 Author: Jose Luis Duran AuthorDate: 2025-10-13 14:50:30 +0000 Commit: Jose Luis Duran CommitDate: 2025-10-14 00:54:38 +0000 UPDATING: Fix typo objump should be objdump Approved by: emaste (mentor) Fixes: 86edb11e7491 ("Always install llvm-objdump as objdump") MFC after: 1 day (cherry picked from commit 376508ef2f794a57606a791166f1ce7f20d3ccaf) --- UPDATING | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index 4b14159ceb4a..26c2355de1ac 100644 --- a/UPDATING +++ b/UPDATING @@ -690,7 +690,7 @@ and/or ports. Bump _FreeBSD_version to 1400078 to be able to detect this change. 20221212: - llvm-objump is now always installed as objdump. Previously there was + llvm-objdump is now always installed as objdump. Previously there was no /usr/bin/objdump unless the WITH_LLVM_BINUTILS knob was used. Some LLVM objdump options have a different output format compared to From nobody Tue Oct 14 00:58:02 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clwn70DZNz6Cf5r; Tue, 14 Oct 2025 00:58:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clwn65m6gz3wSk; Tue, 14 Oct 2025 00:58:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403482; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k1ylPWkUjhgxD7CVq38lt2jMm8v8XdQYU9cQ0MVt2k0=; b=HXoh608hBTmNTVXqqjF9MP4jOUIvbr+tUJeAR1drKbX38MnOj8bqj10UY+pHG916WdaiU6 qzTtZ1//cH0Xog7T3rMd27jCdFdoXGxc59EbUhRZ6JDIMM0ubEqx9PGLfxAWJzNHlCNSMU lQVoAcNCwaV/R/Ng+tJC2ztF7+gYQNoqwOdKEq7zimhWGYOri2bGbGNJ1h9STm9suBKbPV DW28IJue3vpfT53t3GVuKnrwjL57540LksKcTnhRC1KDc1F8Dy/5/OQaQ8yP9pJj1dKh4Z 9hLv1NFyaPnrjsh1K9oBxWe4GgI5GawgKyWIAKia9sCu8vCbp+YhMF8qOojVhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760403482; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k1ylPWkUjhgxD7CVq38lt2jMm8v8XdQYU9cQ0MVt2k0=; b=C68BKXwTqS4aP/SRGGnhF4u7pbMpwvFrL95MrZ3UEnDhjdLUZi4yv2hgP0Lux6AlqiR1Or 2xP8Z7bPZbbyZjgvjcmQSH0pAAICRdQD2MRlUUH+ocpSYrCBKphTvfMIT8LpyOC8DA5RWc /PR01N7vuzSCutcWM9cqA0Jrqlqgw4uF5S2vb8QdcjnKaciYl2tFcxgzmo7pcxGXnuUfVg Hp+y4DhMPTyXyMhxVrsSr6Cww/Jqk4BfQOdd2Hifi4dq8hXw/tYve1WJY7/tjre8deP01u y9/SRBCbusMe5CSM0oDliqPt5EKJaJcHzt1a1zxz9yOCPO8+kmOdDrPq5I4iCg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760403482; a=rsa-sha256; cv=none; b=XDfrTsZxzgNex27aDpgyk8ylL2EhqhaUiOFJ0onDYtQNC4LJ6YG97I6xU7NCJi/blMGQx7 cyQnlSrdo2xHhnUI3gXWemxRbLGcYWj6uB+dOC/+ovqfwVdYXcTKGqjHngj0IRJ8+njw+m wTxFM2IfY7beeGYwedvCjyxr9vUQb1zNYzuhlBGQUzt421EVhfreDYN1FhHIRo3oJ8IHmh PLk0yhAjbsPsHfEyzdmkngozB5IucB4i9CUJjhUGjsi/4kDUTDPMFD3dvMe0e0aFw+fybm dm4aQoYCXGJEpXkL4OjmVTer1GMyFnR2vCB7Urd/XRIO+nliSheANc4+rUDUfw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clwn65FsWzVVN; Tue, 14 Oct 2025 00:58:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E0w2bk022044; Tue, 14 Oct 2025 00:58:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E0w2be022041; Tue, 14 Oct 2025 00:58:02 GMT (envelope-from git) Date: Tue, 14 Oct 2025 00:58:02 GMT Message-Id: <202510140058.59E0w2be022041@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: 83a1049fcfb6 - stable/14 - UPDATING: Fix typo objump should be objdump List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 83a1049fcfb6cb5a1fd6cbeb4a193c41cd59ae54 Auto-Submitted: auto-generated The branch stable/14 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=83a1049fcfb6cb5a1fd6cbeb4a193c41cd59ae54 commit 83a1049fcfb6cb5a1fd6cbeb4a193c41cd59ae54 Author: Jose Luis Duran AuthorDate: 2025-10-13 14:50:30 +0000 Commit: Jose Luis Duran CommitDate: 2025-10-14 00:55:49 +0000 UPDATING: Fix typo objump should be objdump Approved by: emaste (mentor) Fixes: 86edb11e7491 ("Always install llvm-objdump as objdump") MFC after: 1 day (cherry picked from commit 376508ef2f794a57606a791166f1ce7f20d3ccaf) --- UPDATING | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index 644e17fc55be..5396fa8204c1 100644 --- a/UPDATING +++ b/UPDATING @@ -291,7 +291,7 @@ and/or ports. Bump _FreeBSD_version to 1400078 to be able to detect this change. 20221212: - llvm-objump is now always installed as objdump. Previously there was + llvm-objdump is now always installed as objdump. Previously there was no /usr/bin/objdump unless the WITH_LLVM_BINUTILS knob was used. Some LLVM objdump options have a different output format compared to From nobody Tue Oct 14 02:47:53 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clzCt0JGTz6CnW7; Tue, 14 Oct 2025 02:47:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clzCs5ByRz3CNJ; Tue, 14 Oct 2025 02:47:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760410073; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fPCt5xbRRvSNhNfWeQqYn1pmJaVhPKkKaDkzSqXfsa4=; b=VfFxHdWnttUfRfp2mL4ozGxBcUQ2cSzNSBynWR0Zqf9hR6+i/yKGTogvP9paSTvqMjme3p 9PRsGHlK4X11x+vajGb6A310rxXBcTbB2icKwLLNv6cAlAhJkU9m1ES5pz6hLaupZSSals sWBBL0ya75YhIxCm/YtvXnM6onkC4ef8Z14xlRkoYZuv13JIA/KyLagLhLy5DZl2UBpCbN syuxGaYboDiA3lO85gAc3i53rcjB8jmC51XwrwrWZqkpX4+noyvSqBCjRxiY3TEE2sBUeY /+pXdypM/6DZ2XKtoTYynviTAwW7jQT+O8W1IHFl32S3YsHZxKxd6sR98j+FuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760410073; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fPCt5xbRRvSNhNfWeQqYn1pmJaVhPKkKaDkzSqXfsa4=; b=YyDdKijs9zTygxgPpXXGGYrimeGYpHL+LZPdLQqSiCkJJ4dAqOLljwK2GAxS948H/QHe2s 19pB3zQlfPvJhEuxz6UuKCy0DevSK4nkg/ELjG03LRTM2rr/Pc71/Bdda9uG/rnV6J7c1H nYO0y9IrBszT8qnwesKk9uLSx4RInfxUL5UMkh0r9XatAqy8GdDPxSGjS5oVWQ3cDKb89s fSu3Nn+RWFhg3ikmeRleaW0ZfS5oP6+if6sTw06CjghwuCZTFhvF4g2QcvwdjFahJkEsqV pLBR7FzqO2/NYFFKxA4CzUqDJYTczdt3P5xQvVzs8LLPSiesLvUO08xffr0ZMQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760410073; a=rsa-sha256; cv=none; b=OLPhKjU8LkitWSuozUtbeU8luQ/wJZVj6jUXaKRhbS8kepU3CrxpG3/iXuCsDh3WvQxQ4u cL928s76lHuxmmSZKpxG8rFzJNBvMI9ObdIVTuzLH6Iwch5xDddoRpQjtUUBu2HstP1tLk r2zW7qb2hF0ZoAMWE4U+vLRjVTEkpIV/Qytc4k8/i0NUCdTldDd3SL1q98iOnvi1NR2y1C 6ozVxESt+31w4lCPx1DCzIjzyj0X5iltvtL0gycr/9aKicJWzjcqUXsUxfs8z6kzw2x2bJ zGitKn1XdysnNrRrZ1lpUE+h0E2AGLT86DCyiq1k5j/tIPBCcaxTPOLfvqwHUg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clzCs4JN4zb2p; Tue, 14 Oct 2025 02:47:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E2lr2k029485; Tue, 14 Oct 2025 02:47:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E2lr3j029482; Tue, 14 Oct 2025 02:47:53 GMT (envelope-from git) Date: Tue, 14 Oct 2025 02:47:53 GMT Message-Id: <202510140247.59E2lr3j029482@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: e01a58798f58 - releng/15.0 - mit-krb5.pc: Add missing -lkrb5profile List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: e01a58798f586c955b28db5dfe7bbddcb849f2bf Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=e01a58798f586c955b28db5dfe7bbddcb849f2bf commit e01a58798f586c955b28db5dfe7bbddcb849f2bf Author: Igor Ostapenko AuthorDate: 2025-10-11 10:20:44 +0000 Commit: Colin Percival CommitDate: 2025-10-14 02:47:32 +0000 mit-krb5.pc: Add missing -lkrb5profile Fixes the ports that prefer static linking: https://reviews.freebsd.org/D49277 Approved by: re (cperciva) Reviewed by: ivy, dch, cy Sponsored by: SkunkWerks, GmbH Differential Revision: https://reviews.freebsd.org/D52910 (cherry picked from commit 2d9fd2c573c318754e3f36d2549e0e57ce199d60) (cherry picked from commit 771ee17c88106fb07b5035a2f36c36ccafe94edd) --- crypto/krb5/src/build-tools/mit-krb5.pc.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/krb5/src/build-tools/mit-krb5.pc.in b/crypto/krb5/src/build-tools/mit-krb5.pc.in index fdc557785ad4..dca1654c8c9d 100644 --- a/crypto/krb5/src/build-tools/mit-krb5.pc.in +++ b/crypto/krb5/src/build-tools/mit-krb5.pc.in @@ -12,4 +12,4 @@ Description: An implementation of Kerberos network authentication Version: @KRB5_VERSION@ Cflags: -I${includedir} Libs: -L${libdir} -lkrb5 -lk5crypto @COM_ERR_LIB@ -Libs.private: -lkrb5support +Libs.private: -lkrb5support -lkrb5profile From nobody Tue Oct 14 02:47:54 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clzCt60Hwz6CnTM; Tue, 14 Oct 2025 02:47:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clzCt51FJz3CKj; Tue, 14 Oct 2025 02:47:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760410074; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Zl9KeYjSt6h5gkqcL/lHib5iDsR3UTvXurn/m4BBKHI=; b=n/NUt+jamFr5fZBt8EZkERKITVHUaycpEjnfDs2BNkznaYsu6Y1UI6pgDXvjQbJSbv9WRs n76kwDlNQoSH51ZSF43C//i2Lx3q1apreTc1uoKzp7yvHmccJDg28FIaF204ohBy3G5dnK FgA14fOrpqNjIy6bHavd1N3DmwAt/JHxZMKmOrdf7tQtH7GSmErVD3LXdpnOf+uJYoe0N6 R3BueD4T/By/B60FPbU5fk1tK0jg5Emary6Qd+CeNypnZgGSKVIobYU4FuX+3+3lHH+B0t nt9pgJCogSMVQHE4U6bAAQrlUpHSuLb9Q3mRmUJYZmQOSQxZahcRHD49+9EwrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760410074; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Zl9KeYjSt6h5gkqcL/lHib5iDsR3UTvXurn/m4BBKHI=; b=eM1V39+t/CcTMODR2wsVHx6AKsgTn51vD1QsOCbhKr0dzA4YPshZ37n1S+2hCnxfAv2PF3 GDBJMStv3nmgMrtHwdfNE1QCeZhppnvgseIcZlpjN2rukQmu0QDnMNEib71Z0YogmiDteZ ICXio0cqvw2tjc47IP7po0PNGKIOQ0RRs/9uOtW2xA8O2e8ZyI4FyZ7vHiGI2/fQDe0gEa BIMAHf+9dmlpHigslAAO8zJhof3dCGulL1YcTCXoXCEi3PGVpIZWTdAyhWzrzeAG28/Wql ZwKLgPfwzxZ4sWhwa0Ua7q20Upz6h6TNx8hbvFkhUjvRcWqeF9MgscoravI4rQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760410074; a=rsa-sha256; cv=none; b=w4Pq5IqtFgTjtP7pWajgjZEaxwR+pdM4V/CPGsBiYSO7YHdN4ltGSUr0bM4pa/diaSnvlS v38BL77oJLRY/Id6/ddE3l4bWNLhpR4Ux9oLknMIOR0oZuT3onUaUcf+tW+KS+CnoCjx+F g/ek/gAMrEVsBCBoPZhLrJoFH8vGVp4JlBtPMl/NdkxeOkiZwVMzM7PkocJG1hn7IMuDUS plQUW4erdoNHnNiD0dVVlDrKTBMFtrzS1R/ik9Klc8xJW3MJKOiDam6T9fBzzyb4FKjPrR Hts9ibpck8ncfLxWs7oRNqxjfnVPBN+cjb7t2c7DjRRy9XAOyZ+CDTaWrsQTUQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clzCt4d5VzZgF; Tue, 14 Oct 2025 02:47:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E2lsY3029520; Tue, 14 Oct 2025 02:47:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E2lsEe029517; Tue, 14 Oct 2025 02:47:54 GMT (envelope-from git) Date: Tue, 14 Oct 2025 02:47:54 GMT Message-Id: <202510140247.59E2lsEe029517@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: f01adba1e2ac - releng/15.0 - Makefile.inc1: Build source packages before sets List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: f01adba1e2acb05798238e11971b4b1535231fdb Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=f01adba1e2acb05798238e11971b4b1535231fdb commit f01adba1e2acb05798238e11971b4b1535231fdb Author: Lexi Winter AuthorDate: 2025-10-13 18:30:31 +0000 Commit: Colin Percival CommitDate: 2025-10-14 02:47:36 +0000 Makefile.inc1: Build source packages before sets To build set-src, we first need to build the source packages. Add a .ORDER to ensure this happens. Otherwise, in a parallel build, sets might be built before the src-* packages have finished building, and set-src will be mysteriously missing. Approved by: re (cperciva) MFC after: 3 seconds Reported by: cperciva Actually diagnosed by: jrtc27 One-line fix by: ivy Reviewed by: cperciva Differential Revision: https://reviews.freebsd.org/D53076 (cherry picked from commit ea5685ba79fc9309698ef72cf48bc1f0c91ad3dd) (cherry picked from commit 3b5ec539beefb82dd3210f51c0e2e0759b20dad8) --- Makefile.inc1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.inc1 b/Makefile.inc1 index cd3e3f007c3b..d530ca4e9584 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -2107,6 +2107,7 @@ create-packages-world: _pkgbootstrap _repodir .PHONY .ORDER: create-packages-world create-packages-sets .ORDER: create-packages-kernel create-packages-sets +.ORDER: create-packages-source create-packages-sets create-packages-sets: _pkgbootstrap _repodir .PHONY ${_+_}@cd ${.CURDIR}; \ ${MAKE} -f Makefile.inc1 \ From nobody Tue Oct 14 02:54:13 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clzM93Bb7z6Cp4N; Tue, 14 Oct 2025 02:54:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clzM92bnwz3FDY; Tue, 14 Oct 2025 02:54:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760410453; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7mq4e/xCUM1pu8TYX+ABqblyPJpY1Wfcw9XrvwR2FjY=; b=aAOkL0sLVG97uYD5t7jlNBVuGpebz/5MoChRKw5dshQzWJ+l1AKMsUDqVtoi+QS0MWZ6Ru oClGM4ZTAEYuouaG36alS2v2lgeNSbEUQS6u6HTed6nYTvKD2/vMKw9M35VpZsIYlQZhHZ qUMfK0vWPF6osKy74h8i02Qh0FPuI/sd8tnfHqttKzJg/ZTcAs28yBaYEiYS/eIQkUysS5 Ay9oodqYl0a31R9TRSOwUD/I4QXwCri8Qta3o2yr+LAudBzwsBxeTNSIS7cOsSIdW4IZwB hdt6tSo5+OIK80gVl76Tdtz1IvwLKADxFqBXWmsDPvYXZVJr9hSOdXL7X/FeqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760410453; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7mq4e/xCUM1pu8TYX+ABqblyPJpY1Wfcw9XrvwR2FjY=; b=Jw0vOUoVW/qmEYFYgM195KZDeVLR1/Ip5wJ+n0weSntSkm11BhsKnRZ7k8lS4Ndbs2vCQo fcQoyAXKzJ86U2D0KVgEMWZNR9oyVdw37CEmgzJnAzMX0XAp26Fwr/GFEZDleu/LScu2XL /BBK0iY+xdKSvcTX+pYCfQxlQ6hbYTs/92u/8jH6DdfhUq5qRnF/xaHcB9t06b+eWdA5zi TjU3mY9amFJadkWYPUZ8jLTYNxOmN64Q1bGpp+0scGXn7HxtEr+s/QR1zvbIipKM2e1ME1 gcYRIWDL+ejSeziWKaqeVcYZx7E8thGhd0O082IQRePavJrC1079CmL0N36jOQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760410453; a=rsa-sha256; cv=none; b=FJLsGxr7BKiFWM/BbJE8xKbG15a2VUc7yg7ntgYJTG7noImDJZZADWdv3JpMEr0+SjDKMA 8jsXRfst6zANn8r8r/ZcIQnHjmQycRYjWU8AB3fuxAFKXRJSVqI7GKPUy/10JQIoq3/II9 RDJ84NmPxjNJuc953NOFl5sy0IhPCyE6LawnGt02eQ9nZwiXpKUEIFvAhg59OesLVvEDA4 8vqL4++IcUwP5akAihsKdjMl+afzEqxXD6jWbB4PNS4pCyrzhUJ9khvby64z0qFrMJ+eDT Mt5GXkCOKaJMCdV3/JIpOm9YTfjar42EZQld5x6J2uU4hgtQw8c/XnmMkcpr4g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clzM929jrzbNQ; Tue, 14 Oct 2025 02:54:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E2sDmS046918; Tue, 14 Oct 2025 02:54:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E2sD15046915; Tue, 14 Oct 2025 02:54:13 GMT (envelope-from git) Date: Tue, 14 Oct 2025 02:54:13 GMT Message-Id: <202510140254.59E2sD15046915@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: e9010214e9be - stable/15 - EC2: Fix additional files on small+builder AMIs List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: e9010214e9bebbe6155c9f720551008a785b692c Auto-Submitted: auto-generated The branch stable/15 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=e9010214e9bebbe6155c9f720551008a785b692c commit e9010214e9bebbe6155c9f720551008a785b692c Author: Colin Percival AuthorDate: 2025-10-11 17:35:51 +0000 Commit: Colin Percival CommitDate: 2025-10-14 02:54:01 +0000 EC2: Fix additional files on small+builder AMIs The file /usr/local/etc/ssl/cert.pem is not present on "small" and "builder" AMIs, so we don't need to add it to METALOG. Fixes: 2b0ffc0ee48c ("EC2: metalog_add missing files from packages") MFC after: 3 days Sponsored by: https://www.patreon.com/cperciva (cherry picked from commit 8a7ac88aa3991e8c2c19007ac0c36a92fc94bc2d) --- release/tools/ec2-builder.conf | 1 - release/tools/ec2-small.conf | 1 - 2 files changed, 2 deletions(-) diff --git a/release/tools/ec2-builder.conf b/release/tools/ec2-builder.conf index bcea69331be5..3b0344f9eb9a 100644 --- a/release/tools/ec2-builder.conf +++ b/release/tools/ec2-builder.conf @@ -68,7 +68,6 @@ vm_extra_pre_umount() { # Add files from packages which weren't recorded in metalog metalog_add_data ./usr/local/etc/dhclient.conf - metalog_add_data ./usr/local/etc/ssl/cert.pem return 0 } diff --git a/release/tools/ec2-small.conf b/release/tools/ec2-small.conf index f12afec75a4f..6564a59c2cf6 100644 --- a/release/tools/ec2-small.conf +++ b/release/tools/ec2-small.conf @@ -51,7 +51,6 @@ vm_extra_pre_umount() { # Add files from packages which weren't recorded in metalog metalog_add_data ./usr/local/etc/dhclient.conf - metalog_add_data ./usr/local/etc/ssl/cert.pem return 0 } From nobody Tue Oct 14 02:55:18 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4clzNQ27yjz6Cp8F; Tue, 14 Oct 2025 02:55:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4clzNQ1Rkcz3FSh; Tue, 14 Oct 2025 02:55:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760410518; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TpneU0DiTnKrGdTtRHK7/OyEMcdn0h/XshPsxncBmRE=; b=alKmCGgoeQDyfSnBbYphYCZyfWPKrfD7u4GDPJFwKieatOSM/COh15QolL3JF2UBUrppyZ ofaOg9DsuBfUxQB/s28qdBEY8rbTKZSCeZqnpA45Qpv9rUhxEYhXl5rBM0rEvLM7a5W9zp pDmQGlfgYZrO0IBhUKEYDSI+n7raSeOHXu7PSuipXzwVgldrXZShS1mamn13Mh8cnMf/yC cPPyyD2rFMwtAee26o4iJ9EQBNgmc9AYDoXnaMnvHmGHFWEJkhSLu8dG8CFtobP+BwOmTR A/zR5e51PuId1dGVK0RfSg26fRWBJ2QFL/vJFx9cPdZyuEF9oo6/+YDJLc+vmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760410518; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TpneU0DiTnKrGdTtRHK7/OyEMcdn0h/XshPsxncBmRE=; b=GyEkpngndYTPNuqaFJdzjbZvr4dvHV5LuYM5zypl/gGvvIhS9ECL77qcJzjwzn1KsqdRFW yPWL+FhUYzbpEs0ZNXPSXyvvpltRs41dT0oafCXh5ExLjLG2NgeXzwqX1eDoNnTFB9CqJ1 8xkRiDiH5UETsayIDaktOR4zmVmaDQFdTh4GSH3OWROS7Ex5G1+DbS4DIcVs8Mr4f5HwkG 6NUTSEBnokqIr40I/CpWSetNYOJTiyET7B7U9hD4o8q/+doMxWOKhT1aaj+UoiemgNTiSd fhkij8tQJnkPAZ1DXSE4KPosKJz3Nkfbss3/LWqjzVQIx6qmwMjqJ2GaRD9z2Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760410518; a=rsa-sha256; cv=none; b=R1ZtRucDVnFS/UiYSld0aQqjqjBY9AZH0Ejgb2FuPl7iqSQwByWGVklimuuWO98NA9N4ec /Jnmijrq0nKm/Ft9xTg4eNZ4vFCbHbE5W5PvtGm5rtLenXcV32grmrz8q3lLtd3UxnmMLl 6niip2l4kl3J/o8UV+jw9vtDSQ5fByvcTxal4fDtZc8YqtXr9xfRyXcycEahvC9YD7Az4Y jgriKHDVN5eZutkroUuGRYX3+KnZYzB4RHfCo5torosKlsPPe2nRc9sVQjHYzwN6L/DQCm 1jmdBcrTPpmpYjV0GAJw3JXsdQiBbNJFjcv+Hl7DaMaIlmgoHR/0OotTN52fzg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4clzNQ0z32zb5q; Tue, 14 Oct 2025 02:55:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E2tIwi047368; Tue, 14 Oct 2025 02:55:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E2tIJB047365; Tue, 14 Oct 2025 02:55:18 GMT (envelope-from git) Date: Tue, 14 Oct 2025 02:55:18 GMT Message-Id: <202510140255.59E2tIJB047365@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: 6908a3580702 - releng/15.0 - EC2: Fix additional files on small+builder AMIs List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: 6908a3580702a446d8420bb93ed95530a98c936b Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=6908a3580702a446d8420bb93ed95530a98c936b commit 6908a3580702a446d8420bb93ed95530a98c936b Author: Colin Percival AuthorDate: 2025-10-11 17:35:51 +0000 Commit: Colin Percival CommitDate: 2025-10-14 02:54:24 +0000 EC2: Fix additional files on small+builder AMIs The file /usr/local/etc/ssl/cert.pem is not present on "small" and "builder" AMIs, so we don't need to add it to METALOG. Approved by: re (cperciva) Fixes: 2b0ffc0ee48c ("EC2: metalog_add missing files from packages") MFC after: 3 days Sponsored by: https://www.patreon.com/cperciva (cherry picked from commit 8a7ac88aa3991e8c2c19007ac0c36a92fc94bc2d) (cherry picked from commit e9010214e9bebbe6155c9f720551008a785b692c) --- release/tools/ec2-builder.conf | 1 - release/tools/ec2-small.conf | 1 - 2 files changed, 2 deletions(-) diff --git a/release/tools/ec2-builder.conf b/release/tools/ec2-builder.conf index bcea69331be5..3b0344f9eb9a 100644 --- a/release/tools/ec2-builder.conf +++ b/release/tools/ec2-builder.conf @@ -68,7 +68,6 @@ vm_extra_pre_umount() { # Add files from packages which weren't recorded in metalog metalog_add_data ./usr/local/etc/dhclient.conf - metalog_add_data ./usr/local/etc/ssl/cert.pem return 0 } diff --git a/release/tools/ec2-small.conf b/release/tools/ec2-small.conf index f12afec75a4f..6564a59c2cf6 100644 --- a/release/tools/ec2-small.conf +++ b/release/tools/ec2-small.conf @@ -51,7 +51,6 @@ vm_extra_pre_umount() { # Add files from packages which weren't recorded in metalog metalog_add_data ./usr/local/etc/dhclient.conf - metalog_add_data ./usr/local/etc/ssl/cert.pem return 0 } From nobody Tue Oct 14 04:36:55 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cm1dh0sXBz6BhXR; Tue, 14 Oct 2025 04:36:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cm1dh096pz3Prt; Tue, 14 Oct 2025 04:36:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760416616; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2NejBrp/i+0KQCe833rd7eesn6RvAlIkz1mUahdu4Us=; b=IyedO3wWBxmd++0ieCYYU/uhD/W840JM0ZFaYe0c2zSvNiynHwi+qnVb1YncIvI5znMhQ5 bgoquCF2VQcY6BE2hLu8R0dgTRirWSRLMAsL1rNMvYOwTb5n6NoR0nuNFiHMh6YYTgWh92 oFTERu1IsNZbOmOXjRua0XAo0cla3qdX1UFhge8d+D+IfBIFMXdADVWR6cSJ9kp444ybrJ l3BYnMJ4DYxhmfkpDSJ4BuBaHgD9Ca/zN9GMGbORX14nFrQCrvr8f3kwvfsuuU7ocFBnf+ Dexn7J8o5u9Hy1LeL9aILkz7Xxtyaf8lmwVhv492M5FrqaoJ85EOBE0AOO9k1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760416616; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2NejBrp/i+0KQCe833rd7eesn6RvAlIkz1mUahdu4Us=; b=qwilgZSLtf5kqZZt57Z3zRwM0OlV1osoQ1HPTavD1ND6k/QiYFSPKP3WiBMOAewpz2e8AF Mb5WuvDrg/kSPsud4gGJ68hCU61dGdlsINAVM1Aa7nI7iZFzcu30rx59yn0qIpOi1oaxu2 Q80blBYqG0MvY3XfsNpWtlYJTK93Xso/pK6S5Kn0J30PyTlxOZgCYnCX2Qn3CR6dpcN1eX oCgo3kbvNWLiJuGJUrMytuMqqPbfqZkVwC4wiSoCtsazBISJDOsOOHtr8LdYMZsJLoyrzl JjJ7dpZv4WYp3l7+ww5Kbetx4Vo4mbPIBQPx853WXk9kKSB7klX8dBnbO5HQvA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760416616; a=rsa-sha256; cv=none; b=lrhB5s/Fji7b19tIVkOhwNQcCmtGYrck2JeyavmCuSGyqBmNXGU4mC7cVMujsBOp/mDfl/ X9libIzeUGD0/1KSSPMhY8i3tEeEESWoswEUjC8sSivWMURBSIZmKCHIEjDvr6/+BSvwHJ rsh4SzDW0xZPZcuzVllBGlptq7R2LJz8K05WHTnY58a+L7wI656czTryv6ZfLcOwzidvtl jNXKsH+LPn2u3X73dJ8qnrRWKXRdX6pUBN5jWG/YBP2TK+GRSbqQRL0I8vUr+I5IUcPsp2 54GinPN5Nl4FOuau3cj0WBCSOmrw/ml6Oig90LpmT2Smr4iwpuJhIg1wtF+kGw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cm1dg6F3LzdcZ; Tue, 14 Oct 2025 04:36:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E4atkU038055; Tue, 14 Oct 2025 04:36:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E4atsV038052; Tue, 14 Oct 2025 04:36:55 GMT (envelope-from git) Date: Tue, 14 Oct 2025 04:36:55 GMT Message-Id: <202510140436.59E4atsV038052@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: e2dcc9fc4d2e - releng/15.0 - MFV: Import blocklist 2025-04-28 (8aa81bf) List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: e2dcc9fc4d2e6722190cf15bc5bf5dc2e9132ab5 Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=e2dcc9fc4d2e6722190cf15bc5bf5dc2e9132ab5 commit e2dcc9fc4d2e6722190cf15bc5bf5dc2e9132ab5 Author: Jose Luis Duran AuthorDate: 2025-10-12 17:01:03 +0000 Commit: Colin Percival CommitDate: 2025-10-14 04:36:12 +0000 MFV: Import blocklist 2025-04-28 (8aa81bf) Merge commit '70f30afd4e9af5a51ee324d97e4d8c5f2124ec15' Breaking changes: - Upstream commit 24932b6 ("blocklistd: log the conf file line number with bad protocol errors") breaks backward database compatibility. An error will be displayed: Key size mismatch 296 != 288 A new and compatible database, with the new name, will be created when the service starts (committed separately). - Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a "one-count" failure") introduced BLOCKLIST_BAD_USER with a one-count failure mechanism. BLOCKLIST_AUTH_FAIL was implemented with a two-count failure mechanism. Since we utilize BLOCKLIST_AUTH_FAIL, the number of failed attempts now doubles towards the maximum limit (nfails). This commit will be reverted separately. Changes: https://github.com/zoulasc/blocklist/compare/7093cd9...8aa81bf Approved by: re (cperciva) Approved by: emaste (mentor) MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D52869 (cherry picked from commit 48e64ca13d4f36795ac718911b805e3e9a726f1b) (cherry picked from commit 1a08326c6f503db5f0fb9201cdf55379bbe576e8) --- contrib/blocklist/Makefile | 2 +- contrib/blocklist/Makefile.inc | 7 +- contrib/blocklist/README | 52 ++-- contrib/blocklist/TODO | 49 +++- contrib/blocklist/bin/Makefile | 12 +- .../bin/{blacklistctl.8 => blocklistctl.8} | 69 +++++- .../bin/{blacklistctl.c => blocklistctl.c} | 9 +- .../blocklist/bin/{blacklistd.8 => blocklistd.8} | 75 +++--- .../blocklist/bin/{blacklistd.c => blocklistd.c} | 48 ++-- .../bin/{blacklistd.conf.5 => blocklistd.conf.5} | 82 ++++--- contrib/blocklist/bin/conf.c | 200 ++++++++++++--- contrib/blocklist/bin/conf.h | 3 +- contrib/blocklist/bin/internal.c | 8 +- contrib/blocklist/bin/internal.h | 8 +- contrib/blocklist/bin/run.c | 9 +- contrib/blocklist/bin/run.h | 2 +- contrib/blocklist/bin/state.c | 6 +- contrib/blocklist/bin/state.h | 2 +- contrib/blocklist/bin/support.c | 11 +- contrib/blocklist/bin/support.h | 7 +- contrib/blocklist/diff/ftpd.diff | 12 +- contrib/blocklist/diff/named.diff | 12 +- contrib/blocklist/diff/postfix.diff | 98 ++++++++ contrib/blocklist/diff/proftpd.diff | 20 +- contrib/blocklist/diff/ssh.diff | 14 +- contrib/blocklist/etc/Makefile | 10 +- .../etc/{blacklistd.conf => blocklistd.conf} | 7 +- contrib/blocklist/etc/ipf.conf | 45 ++++ contrib/blocklist/etc/npf.conf | 4 +- contrib/blocklist/etc/rc.d/Makefile | 4 +- .../blocklist/etc/rc.d/{blacklistd => blocklistd} | 20 +- contrib/blocklist/include/Makefile | 4 +- contrib/blocklist/include/bl.h | 11 +- .../blocklist/include/{blacklist.h => blocklist.h} | 44 ++-- contrib/blocklist/lib/Makefile | 20 +- contrib/blocklist/lib/bl.c | 112 +++++---- contrib/blocklist/lib/{blacklist.c => blocklist.c} | 49 ++-- .../lib/{libblacklist.3 => libblocklist.3} | 124 +++++----- contrib/blocklist/lib/shlib_version | 2 +- contrib/blocklist/libexec/Makefile | 4 +- contrib/blocklist/libexec/blacklistd-helper | 134 ---------- contrib/blocklist/libexec/blocklistd-helper | 272 +++++++++++++++++++++ contrib/blocklist/port/Makefile.am | 42 ++-- contrib/blocklist/port/_strtoi.h | 2 +- contrib/blocklist/port/configure.ac | 12 +- contrib/blocklist/port/fgetln.c | 2 +- contrib/blocklist/port/fparseln.c | 6 +- contrib/blocklist/port/pidfile.c | 6 +- contrib/blocklist/port/popenve.c | 6 +- contrib/blocklist/port/port.h | 32 ++- contrib/blocklist/port/sockaddr_snprintf.c | 6 +- contrib/blocklist/port/strlcat.c | 7 +- contrib/blocklist/port/strlcpy.c | 7 +- contrib/blocklist/port/strtoi.c | 6 +- contrib/blocklist/port/vsyslog_r.c | 13 + contrib/blocklist/test/Makefile | 2 +- contrib/blocklist/test/cltest.c | 6 +- contrib/blocklist/test/srvtest.c | 42 +++- 58 files changed, 1293 insertions(+), 587 deletions(-) diff --git a/contrib/blocklist/Makefile b/contrib/blocklist/Makefile index da4411d0ca75..899746d01431 100644 --- a/contrib/blocklist/Makefile +++ b/contrib/blocklist/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.2 2015/01/22 17:49:41 christos Exp $ +# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:52 christos Exp $ SUBDIR = lib .WAIT include bin etc libexec diff --git a/contrib/blocklist/Makefile.inc b/contrib/blocklist/Makefile.inc index 85c82783cd35..b22d4a801240 100644 --- a/contrib/blocklist/Makefile.inc +++ b/contrib/blocklist/Makefile.inc @@ -1,10 +1,11 @@ -# $NetBSD: Makefile.inc,v 1.3 2015/01/23 03:57:22 christos Exp $ +# $NetBSD: Makefile.inc,v 1.3 2025/02/11 17:48:30 christos Exp $ WARNS=6 .if !defined(LIB) -LDADD+= -lblacklist -DPADD+= ${LIBBLACKLIST} +LDADD+= -lblocklist +DPADD+= ${LIBBLOCKLIST} .endif CPPFLAGS+= -I${.CURDIR}/../include CPPFLAGS+=-DHAVE_STRUCT_SOCKADDR_SA_LEN -DHAVE_UTIL_H -DHAVE_DB_H +CPPFLAGS+=-DHAVE_SYS_CDEFS_H diff --git a/contrib/blocklist/README b/contrib/blocklist/README index 7da3317a77fe..4b34138e01ec 100644 --- a/contrib/blocklist/README +++ b/contrib/blocklist/README @@ -1,21 +1,21 @@ -# $NetBSD: README,v 1.8 2017/04/13 17:59:34 christos Exp $ +# $NetBSD: README,v 1.3 2024/02/09 00:53:30 wiz Exp $ This package contains library that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy. -The interface to the packet filter is in libexec/blacklistd-helper +The interface to the packet filter is in libexec/blocklistd-helper (this is currently designed for npf) and the configuration file -(inspired from inetd.conf) is in etc/blacklistd.conf. +(inspired from inetd.conf) is in etc/blocklistd.conf. -On NetBSD you can find an example npf.conf and blacklistd.conf in -/usr/share/examples/blacklistd; you need to adjust the interface +On NetBSD you can find an example npf.conf and blocklistd.conf in +/usr/share/examples/blocklistd; you need to adjust the interface in npf.conf and copy both files to /etc; then you just enable -blacklistd=YES in /etc/rc.conf, start it up, and you are all set. +blocklistd=YES in /etc/rc.conf, start it up, and you are all set. -There is also a startup file in etc/rc.d/blacklistd +There is also a startup file in etc/rc.d/blocklistd -Patches to various daemons to add blacklisting capabilitiers are in the +Patches to various daemons to add blocklisting capabilities are in the "diff" directory: - OpenSSH: diff/ssh.diff [tcp socket example] - Bind: diff/named.diff [both tcp and udp] @@ -23,21 +23,21 @@ Patches to various daemons to add blacklisting capabilitiers are in the These patches have been applied to NetBSD-current. -The network daemon (for example sshd) communicates to blacklistd, via -a unix socket like syslog. The library calls are simple and everything +The network daemon (for example sshd) communicates to blocklistd, via +a Unix socket like syslog. The library calls are simple and everything is handled by the library. In the simplest form the only thing the daemon needs to do is to call: - blacklist(action, acceptedfd, message); + blocklist(action, acceptedfd, message); Where: - action = 0 -> successful login clear blacklist state + action = 0 -> successful login clear blocklist state 1 -> failed login, add to the failed count acceptedfd -> the file descriptor where the server is connected to the remote client. It is used to determine the listening socket, and the remote address. This allows any program to - contact the blacklist daemon, since the verification + contact the blocklist daemon, since the verification if the program has access to the listening socket is done by virtue that the port number is retrieved from the kernel. @@ -46,13 +46,13 @@ Where: Unfortunately there is no way to get information about the "peer" from a udp socket, because there is no connection and that information is kept with the server. In that case the daemon can provide the -peer information to blacklistd via: +peer information to blocklistd via: - blacklist_sa(action, acceptedfd, sockaddr, sockaddr_len, message); + blocklist_sa(action, acceptedfd, sockaddr, sockaddr_len, message); The configuration file contains entries of the form: -# Blacklist rule +# Blocklist rule # host/Port type protocol owner name nfail disable 192.168.1.1:ssh stream tcp * -int 10 1m 8.8.8.8:ssh stream tcp * -ext 6 60m @@ -60,18 +60,18 @@ ssh stream tcp6 * * 6 60m http stream tcp * * 6 60m Here note that owner is * because the connection is done from the -child ssh socket which runs with user privs. We treat ipv4 connections +child ssh socket which runs with user privs. We treat IPv4 connections differently by maintaining two different rules one for the external interface and one from the internal We also register for both tcp and tcp6 since those are different listening sockets and addresses; -we don't bother with ipv6 and separate rules. We use nfail = 6, +we don't bother with IPv6 and separate rules. We use nfail = 6, because ssh allows 3 password attempts per connection, and this will let us have 2 connections before blocking. Finally we block for an hour; we could block forever too by specifying * in the duration column. -blacklistd and the library use syslog(3) to report errors. The -blacklist filter state is persisted automatically in /var/db/blacklistd.db +blocklistd and the library use syslog(3) to report errors. The +blocklist filter state is persisted automatically in /var/db/blocklistd.db so that if the daemon is restarted, it remembers what connections is currently handling. To start from a fresh state (if you restart npf too for example), you can use -f. To watch the daemon at work, @@ -80,27 +80,27 @@ you can use -d. The current control file is designed for npf, and it uses the dynamic rule feature. You need to create a dynamic rule in your /etc/npf.conf on the group referring to the interface you want to block -called blacklistd as follows: +called blocklistd as follows: ext_if=bge0 int_if=sk0 group "external" on $ext_if { ... - ruleset "blacklistd-ext" - ruleset "blacklistd" + ruleset "blocklistd-ext" + ruleset "blocklistd" ... } group "internal" on $int_if { ... - ruleset "blacklistd-int" + ruleset "blocklistd-int" ... } -You can use 'blacklistctl dump -a' to list all the current entries +You can use 'blocklistctl dump -a' to list all the current entries in the database; the ones that have nfail / where urrent ->= otal, should have an id assosiated with them; this means that +>= otal, should have an id associated with them; this means that there is a packet filter rule added for that entry. For npf, you can examine the packet filter dynamic rule entries using 'npfctl rule list'. The number of current entries can exceed diff --git a/contrib/blocklist/TODO b/contrib/blocklist/TODO index 9925020d54bb..d67111bd5139 100644 --- a/contrib/blocklist/TODO +++ b/contrib/blocklist/TODO @@ -1,4 +1,4 @@ -# $NetBSD: TODO,v 1.7 2015/01/23 21:34:01 christos Exp $ +# $NetBSD: TODO,v 1.3 2025/02/05 20:22:26 christos Exp $ - don't poll periodically, find the next timeout - use the socket also for commands? Or separate socket? @@ -17,5 +17,48 @@ -n block unblock -- do we need an api in blacklistctl to perform maintenance -- fix the blacklistctl output to be more user friendly +- do we need an api in blocklistctl to perform maintenance +- fix the blocklistctl output to be more user friendly + +- figure out some way to do distributed operation securely (perhaps with + a helper daemon that authenticates local sockets and then communicates + local DB changes to the central server over a secure channel -- + perhaps blocklistd-helper can have a back-end that can send updates to + a central server) + +- add "blocklistd -l" to enable filter logging on all rules by default + +- add some new options in the config file + + "/all" - block both TCP and UDP (on the proto field?) + + "/log" - enable filter logging (if not the default) (on the name field?) + "/nolog"- disable filter logging (if not the default) (on the name field?) + + The latter two probably require a new parameter for blocklistd-helper. + +- "blocklistd -f" should (also?) be a blocklistctl function!?!?! + +- if blocklistd was started with '-r' then a SIGHUP should also do a + "control flush $rulename" and then re-add all the filter rules? + +- should/could /etc/rc.conf.d/ipfilter be created with the following? + + reload_postcmd=blocklistd_reload + start_postcmd=blocklistd_start + stop_precmd=blocklistd_stop + blocklistd_reload () + { + /etc/rc.d/blocklistd reload # IFF SIGHUP does flush/re-add + # /etc/rc.d/blocklistd restart + } + blocklistd_stop () + { + /etc/rc.d/blocklistd stop + } + blocklistd_start () + { + /etc/rc.d/blocklistd start + } + + or is there a better way? diff --git a/contrib/blocklist/bin/Makefile b/contrib/blocklist/bin/Makefile index 280c72fd3af1..1856e2524f3c 100644 --- a/contrib/blocklist/bin/Makefile +++ b/contrib/blocklist/bin/Makefile @@ -1,12 +1,12 @@ -# $NetBSD: Makefile,v 1.11 2015/01/27 19:40:36 christos Exp $ +# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:52 christos Exp $ BINDIR=/sbin -PROGS=blacklistd blacklistctl -MAN.blacklistd=blacklistd.8 blacklistd.conf.5 -MAN.blacklistctl=blacklistctl.8 -SRCS.blacklistd = blacklistd.c conf.c run.c state.c support.c internal.c -SRCS.blacklistctl = blacklistctl.c conf.c state.c support.c internal.c +PROGS=blocklistd blocklistctl +MAN.blocklistd=blocklistd.8 blocklistd.conf.5 +MAN.blocklistctl=blocklistctl.8 +SRCS.blocklistd = blocklistd.c conf.c run.c state.c support.c internal.c +SRCS.blocklistctl = blocklistctl.c conf.c state.c support.c internal.c DBG=-g LDADD+=-lutil diff --git a/contrib/blocklist/bin/blacklistctl.8 b/contrib/blocklist/bin/blocklistctl.8 similarity index 59% rename from contrib/blocklist/bin/blacklistctl.8 rename to contrib/blocklist/bin/blocklistctl.8 index 7c6521117745..a98c16374f19 100644 --- a/contrib/blocklist/bin/blacklistctl.8 +++ b/contrib/blocklist/bin/blocklistctl.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistctl.8,v 1.9 2016/06/08 12:48:37 wiz Exp $ +.\" $NetBSD: blocklistctl.8,v 1.4 2025/02/07 01:35:38 kre Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,27 +27,43 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 7, 2016 -.Dt BLACKLISTCTL 8 +.Dd January 27, 2025 +.Dt BLOCKLISTCTL 8 .Os .Sh NAME -.Nm blacklistctl -.Nd display and change the state of blacklistd +.Nm blocklistctl +.Nd display and change the state of the blocklistd database .Sh SYNOPSIS .Nm .Cm dump .Op Fl abdnrw +.Op Fl D Ar dbname .Sh DESCRIPTION .Nm -is a program used to display the state of -.Xr blacklistd 8 +is a program used to display and change the state of the +.Xr blocklistd 8 +database. +The following sub-commands are supported: +.Ss dump .Pp -The following options are available: +The following options are available for the +.Cm dump +sub-command: .Bl -tag -width indent .It Fl a -Show all database entries, by default it shows only the embryonic ones. +Show all database entries, by default it shows only the active ones. +Inactive entries will be shown with a last-access (or, with +.Fl r , +the remaining) time of +.Ql never . .It Fl b Show only the blocked entries. +.It Fl D Ar dbname +Specify the location of the +.Ic blocklistd +database file to use. +The default is +.Pa /var/db/blocklistd.db . .It Fl d Increase debugging level. .It Fl n @@ -59,18 +75,47 @@ Normally the width of addresses is good for IPv4, the .Fl w flag, makes the display wide enough for IPv6 addresses. .El +.Pp +The output of the +.Cm dump +sub-command consists of a header (unless +.Fl n +was given) and one line for each record in the database, where each line +has the following columns: +.Bl -tag -width indent +.It Ql address/ma:port +The remote address, mask, and local port number of the client connection +associated with the database entry. +.It Ql id +column will show the identifier for the packet filter rule associated +with the database entry, though this may only be the word +.Ql OK +for packet filters which do not creat a unique identifier for each rule. +.It Ql nfail +The number of +.Em failures +reported for the client on the noted port, as well as the number of +failures allowed before blocking (or, with +.Fl a , +an asterisk +.Aq * ) +.It So last access Sc | So remaining time Sc +The last time a the client was reported as attempting access, or, with +.Fl r , +the time remaining before the rule blocking the client will be removed. +.El .Sh SEE ALSO -.Xr blacklistd 8 +.Xr blocklistd 8 .Sh NOTES Sometimes the reported number of failed attempts can exceed the number of attempts that -.Xr blacklistd 8 +.Xr blocklistd 8 is configured to block. This can happen either because the rule has been removed manually, or because there were more attempts in flight while the rule block was being added. This condition is normal; in that case -.Xr blacklistd 8 +.Xr blocklistd 8 will first attempt to remove the existing rule, and then it will re-add it to make sure that there is only one rule active. .Sh HISTORY diff --git a/contrib/blocklist/bin/blacklistctl.c b/contrib/blocklist/bin/blocklistctl.c similarity index 94% rename from contrib/blocklist/bin/blacklistctl.c rename to contrib/blocklist/bin/blocklistctl.c index 89b72921caf5..8c75e0430c61 100644 --- a/contrib/blocklist/bin/blacklistctl.c +++ b/contrib/blocklist/bin/blocklistctl.c @@ -1,4 +1,4 @@ -/* $NetBSD: blacklistctl.c,v 1.23 2018/05/24 19:21:01 christos Exp $ */ +/* $NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -32,8 +32,10 @@ #include "config.h" #endif +#ifdef HAVE_SYS_CDEFS_H #include -__RCSID("$NetBSD: blacklistctl.c,v 1.23 2018/05/24 19:21:01 christos Exp $"); +#endif +__RCSID("$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $"); #include #include @@ -63,7 +65,8 @@ usage(int c) warnx("Missing/unknown command"); else if (c != '?') warnx("Unknown option `%c'", (char)c); - fprintf(stderr, "Usage: %s dump [-abdnrw]\n", getprogname()); + fprintf(stderr, + "Usage: %s dump [-abdnrw] [-D dbname]\n", getprogname()); exit(EXIT_FAILURE); } diff --git a/contrib/blocklist/bin/blacklistd.8 b/contrib/blocklist/bin/blocklistd.8 similarity index 85% rename from contrib/blocklist/bin/blacklistd.8 rename to contrib/blocklist/bin/blocklistd.8 index 82e1f15f61c9..e0b9fb482cbd 100644 --- a/contrib/blocklist/bin/blacklistd.8 +++ b/contrib/blocklist/bin/blocklistd.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.8,v 1.23 2020/04/21 13:57:12 christos Exp $ +.\" $NetBSD: blocklistd.8,v 1.8 2025/02/25 22:13:34 christos Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,11 +27,11 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd April 21, 2020 -.Dt BLACKLISTD 8 +.Dd February 25, 2025 +.Dt BLOCKLISTD 8 .Os .Sh NAME -.Nm blacklistd +.Nm blocklistd .Nd block and release ports on demand to avoid DoS abuse .Sh SYNOPSIS .Nm @@ -53,22 +53,35 @@ for notifications from other daemons about successful or failed connection attempts. If no such file is specified, then it only listens to the socket path specified by -.Ar sockspath +.Ar sockpath or if that is not specified to -.Pa /var/run/blacklistd.sock . +.Pa /var/run/blocklistd.sock . Each notification contains an (action, port, protocol, address, owner) tuple that identifies the remote connection and the action. -This tuple is consulted against entries in -.Ar configfile -with syntax specified in -.Xr blacklistd.conf 5 . +This tuple is consulted against entries from the +.Ar configfile , +with the syntax specified in +.Xr blocklistd.conf 5 . If an entry is matched, a state entry is created for that tuple. Each entry contains a number of tries limit and a duration. .Pp +If +.Ar configfile +is a directory, or a directory exists with the same name as +.Ar configfile +with +.Qq .d +appended to it, each file in the directory will be read as configuration file. +If +.Ar configfile +exists as a file it will be processed before the contents of the +.Ar configfile Ns .d +directory if that also exists. +.Pp The way .Nm does configuration entry matching is by having the client side pass the -file descriptor associated with the connection the client wants to blacklist +file descriptor associated with the connection the client wants to blocklist as well as passing socket credentials. .Pp The file descriptor is used to retrieve information (address and port) @@ -116,7 +129,7 @@ specified by the arguments. The .Ar rulename argument can be set from the command line (default -.Dv blacklistd ) . +.Dv blocklistd ) . The script could print a numerical id to stdout as a handle for the rule that can be used later to remove that connection, but that is not required as all information to remove the rule is @@ -152,8 +165,8 @@ The following options are available: .It Fl C Ar controlprog Use .Ar controlprog -to communicate with the packet filter, usually -.Pa /usr/libexec/blacklistd-helper . +to communicate with the packet filter, instead of the default, which is +.Pa /usr/libexec/blocklistd-helper . The following arguments are passed to the control program: .Bl -tag -width protocol .It action @@ -161,7 +174,7 @@ The action to perform: .Dv add , .Dv rem , or -.Dv flush +.Dv flush ; to add, remove or flush a firewall rule. .It name The rule name. @@ -183,13 +196,17 @@ identifier of the rule to be removed. The add command is expected to return the rule identifier string to stdout. .El .It Fl c Ar configuration -The name of the configuration file to read, usually -.Pa /etc/blacklistd.conf . +The name of the configuration file to read. +The default when +.Fl c +is not given is +.Pa /etc/blocklistd.conf . .It Fl D Ar dbfile The Berkeley DB file where .Nm -stores its state, usually -.Pa /var/db/blacklistd.db . +stores its state. +It defaults to +.Pa /var/db/blocklistd.db . .It Fl d Normally, .Nm @@ -203,14 +220,14 @@ are deleted by invoking the control script as: .Bd -literal -offset indent control flush .Ed -.It Fl P Ar sockspathsfile +.It Fl P Ar sockpathsfile A file containing a list of pathnames, one per line that .Nm will create sockets to listen to. This is useful for chrooted environments. .It Fl R Ar rulename Specify the default rule name for the packet filter rules, usually -.Dv blacklistd . +.Dv blocklistd . .It Fl r Re-read the firewall rules from the internal database, then remove and re-add them. @@ -256,19 +273,21 @@ This signal tells to decrease the internal debugging level by 1. .El .Sh FILES -.Bl -tag -width /usr/libexec/blacklistd-helper -compact -.It Pa /usr/libexec/blacklistd-helper +.Bl -tag -width /usr/libexec/blocklistd-helper -compact +.It Pa /usr/libexec/blocklistd-helper Shell script invoked to interface with the packet filter. -.It Pa /etc/blacklistd.conf +.It Pa /etc/blocklistd.conf Configuration file. -.It Pa /var/db/blacklistd.db +.It Pa /var/db/blocklistd.db Database of current connection entries. -.It Pa /var/run/blacklistd.sock +.It Pa /var/run/blocklistd.sock Socket to receive connection notifications. .El .Sh SEE ALSO -.Xr blacklistd.conf 5 , -.Xr blacklistctl 8 , +.Xr blocklistd.conf 5 , +.Xr blocklistctl 8 , +.Xr ipf 8 , +.Xr ipfw 8 , .Xr pfctl 8 , .Xr syslogd 8 .Sh HISTORY diff --git a/contrib/blocklist/bin/blacklistd.c b/contrib/blocklist/bin/blocklistd.c similarity index 91% rename from contrib/blocklist/bin/blacklistd.c rename to contrib/blocklist/bin/blocklistd.c index 714abcbcaf0e..4846b507c8d1 100644 --- a/contrib/blocklist/bin/blacklistd.c +++ b/contrib/blocklist/bin/blocklistd.c @@ -1,4 +1,4 @@ -/* $NetBSD: blacklistd.c,v 1.38 2019/02/27 02:20:18 christos Exp $ */ +/* $NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -31,8 +31,11 @@ #ifdef HAVE_CONFIG_H #include "config.h" #endif + +#ifdef HAVE_SYS_CDEFS_H #include -__RCSID("$NetBSD: blacklistd.c,v 1.38 2019/02/27 02:20:18 christos Exp $"); +#endif +__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $"); #include #include @@ -175,6 +178,8 @@ process(bl_t bl) struct dbinfo dbi; struct timespec ts; + memset(&dbi, 0, sizeof(dbi)); + memset(&c, 0, sizeof(c)); if (clock_gettime(CLOCK_REALTIME, &ts) == -1) { (*lfun)(LOG_ERR, "clock_gettime failed (%m)"); return; @@ -188,10 +193,11 @@ process(bl_t bl) if (getremoteaddress(bi, &rss, &rsl) == -1) goto out; - if (debug) { + if (debug || bi->bi_msg[0]) { sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss); - (*lfun)(LOG_DEBUG, "processing type=%d fd=%d remote=%s msg=%s" - " uid=%lu gid=%lu", bi->bi_type, bi->bi_fd, rbuf, + (*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG, + "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu", + bi->bi_type, bi->bi_fd, rbuf, bi->bi_msg, (unsigned long)bi->bi_uid, (unsigned long)bi->bi_gid); } @@ -216,16 +222,19 @@ process(bl_t bl) switch (bi->bi_type) { case BL_ABUSE: /* - * If the application has signaled abusive behavior, - * set the number of fails to be one less than the - * configured limit. Fallthrough to the normal BL_ADD - * processing, which will increment the failure count - * to the threshhold, and block the abusive address. + * If the application has signaled abusive behavior, set the + * number of fails to be two less than the configured limit. + * Fall through to the normal BL_ADD and BL_BADUSER processing, + * which will increment the failure count to the threshhold, and + * block the abusive address. */ if (c.c_nfail != -1) - dbi.count = c.c_nfail - 1; + dbi.count = c.c_nfail - 2; /*FALLTHROUGH*/ case BL_ADD: + dbi.count++; /* will become += 2 */ + /*FALLTHROUGH*/ + case BL_BADUSER: dbi.count++; dbi.last = ts.tv_sec; if (c.c_nfail != -1 && dbi.count >= c.c_nfail) { @@ -254,9 +263,6 @@ process(bl_t bl) dbi.count = 0; dbi.last = 0; break; - case BL_BADUSER: - /* ignore for now */ - break; default: (*lfun)(LOG_ERR, "unknown message %d", bi->bi_type); } @@ -334,7 +340,7 @@ static void addfd(struct pollfd **pfdp, bl_t **blp, size_t *nfd, size_t *maxfd, const char *path) { - bl_t bl = bl_create(true, path, vflag ? vdlog : vsyslog); + bl_t bl = bl_create(true, path, vflag ? vdlog : vsyslog_r); if (bl == NULL || !bl_isconnected(bl)) exit(EXIT_FAILURE); if (*nfd >= *maxfd) { @@ -395,15 +401,25 @@ rules_flush(void) static void rules_restore(void) { + DB *db; struct conf c; struct dbinfo dbi; unsigned int f; - for (f = 1; state_iterate(state, &c, &dbi, f) == 1; f = 0) { + db = state_open(dbfile, O_RDONLY, 0); + if (db == NULL) { + (*lfun)(LOG_ERR, "Can't open `%s' to restore state (%m)", + dbfile); + return; + } + for (f = 1; state_iterate(db, &c, &dbi, f) == 1; f = 0) { if (dbi.id[0] == '\0') continue; (void)run_change("add", &c, dbi.id, sizeof(dbi.id)); + state_put(state, &c, &dbi); } + state_close(db); + state_sync(state); } int diff --git a/contrib/blocklist/bin/blacklistd.conf.5 b/contrib/blocklist/bin/blocklistd.conf.5 similarity index 83% rename from contrib/blocklist/bin/blacklistd.conf.5 rename to contrib/blocklist/bin/blocklistd.conf.5 index 70036441eb4b..3a7dbfc07f58 100644 --- a/contrib/blocklist/bin/blacklistd.conf.5 +++ b/contrib/blocklist/bin/blocklistd.conf.5 @@ -1,6 +1,6 @@ -.\" $NetBSD: blacklistd.conf.5,v 1.9 2019/11/06 20:33:30 para Exp $ +.\" $NetBSD: blocklistd.conf.5,v 1.7 2025/02/11 17:47:05 christos Exp $ .\" -.\" Copyright (c) 2015 The NetBSD Foundation, Inc. +.\" Copyright (c) 2015, 2025 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation @@ -27,17 +27,17 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd May 18, 2020 -.Dt BLACKLISTD.CONF 5 +.Dd February 5, 2025 +.Dt BLOCKLISTD.CONF 5 .Os .Sh NAME -.Nm blacklistd.conf -.Nd configuration file format for blacklistd +.Nm blocklistd.conf +.Nd configuration file format for blocklistd .Sh DESCRIPTION The .Nm file contains configuration entries for -.Xr blacklistd 8 +.Xr blocklistd 8 in a fashion similar to .Xr inetd.conf 5 . Only one entry per line is permitted. @@ -48,34 +48,34 @@ Comments are denoted by a at the beginning of a line. .Pp There are two kinds of configuration lines, -.Va local +.Va [local] and -.Va remote . +.Va [remote] . By default, configuration lines are -.Va local , +.Va [local] , i.e. the address specified refers to the addresses on the local machine. To switch to between -.Va local +.Va [local] and -.Va remote +.Va [remote] configuration lines you can specify the stanzas: .Dq [local] and .Dq [remote] . .Pp On -.Va local +.Va [local] and -.Va remote +.Va [remote] lines .Dq * means use the default, or wildcard match. In addition, for -.Va remote +.Va [remote] lines .Dq = means use the values from the matched -.Va local +.Va [local] configuration line. .Pp The first four fields, @@ -85,9 +85,9 @@ The first four fields, and .Va owner are used to match the -.Va local +.Va [local] or -.Va remote +.Va [remote] addresses, whereas the last 3 fields .Va name , .Va nfail , @@ -110,8 +110,8 @@ The can be an IPv4 address in numeric format, an IPv6 address in numeric format and enclosed by square brackets, or an interface name. Mask modifiers are not allowed on interfaces because interfaces -can have multiple addresses in different protocols where the mask has a different -size. +can have multiple addresses in different protocols where the mask has a +different size. .Pp The .Dv mask @@ -143,8 +143,8 @@ The field, is the name of the packet filter rule to be used. If the .Va name -starts with a -.Dq - , +starts with a hyphen +.Pq Dq - , then the default rulename is prepended to the given name. If the .Dv name @@ -160,13 +160,13 @@ field contains the number of failed attempts before access is blocked, defaulting to .Dq * meaning never, and the last field -.Va disable +.Va duration specifies the amount of time since the last access that the blocking rule should be active, defaulting to .Dq * meaning forever. The default unit for -.Va disable +.Va duration is seconds, but one can specify suffixes for different units, such as .Dq m for minutes @@ -176,28 +176,34 @@ for hours and for days. .Pp Matching is done first by checking the -.Va local +.Va [local] rules individually, in the order of the most specific to the least specific. -If a match is found, then the -.Va remote +If a match is found, then the matching +.Va [remote] rules are applied. The .Va name , .Va nfail , and -.Va disable +.Va duration fields can be altered by the -.Va remote +.Va [remote] rule that matched. .Pp The -.Va remote +.Va [remote] rules can be used for allowing specific addresses, changing the mask -size, the rule that the packet filter uses, the number of failed attempts, -or the block duration. +size (via +.Va name ) , +the rule that the packet filter uses (also via +.Va name ) , +the number of failed attempts (via +.Va nfail ) , +or the duration to block (via +.Va duration ) . .Sh FILES -.Bl -tag -width /etc/blacklistd.conf -compact -.It Pa /etc/blacklistd.conf +.Bl -tag -width /etc/blocklistd.conf -compact +.It Pa /etc/blocklistd.conf Configuration file. .El .Sh EXAMPLES @@ -209,13 +215,15 @@ bnx0:ssh * * * * 3 6h [remote] # Never block 1.2.3.4 1.2.3.4:ssh * * * * * * -# For addresses coming from 8.8.0.0/16 block whole /24 networks instead of +# Never block the example IPv6 subnet either +[2001:db8::]/32:ssh * * * * * * +# For addresses coming from 8.8.0.0/16 block whole /24 networks instead # individual hosts, but keep the rest of the blocking parameters the same. 8.8.0.0/16:ssh * * * /24 = = .Ed .Sh SEE ALSO -.Xr blacklistctl 8 , -.Xr blacklistd 8 +.Xr blocklistctl 8 , +.Xr blocklistd 8 .Sh HISTORY *** 2792 LINES SKIPPED *** From nobody Tue Oct 14 04:36:56 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cm1dj2zSRz6BhVQ; Tue, 14 Oct 2025 04:36:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cm1dj0TtRz3PxW; Tue, 14 Oct 2025 04:36:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760416617; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=73j5Fa3jd/Ip57tBiagQ8Eh/KX0mzHVs3MCFaYg+/Vg=; b=FjEPtFLnQG1emTE1oAlv2EILVurK6I1QvF2MYRN6wJo0SsNxopGHCkOhhV2C283JMWYHVA OLbXnkD6oNHLp6p69IKuWLMNXVfgH5HnblyX9z4ake94ovJxwQZm9IiOQaNiDottZGkIDB hKXuMmgmLl22+WTISKhpjZ99OoPXbHM1zV5CtgO3T26L01tw7HiY/RLk+SL3XbNF6/8ySr SVN5tWSxaWCRIsmAEjHwwEPgLHttcoDVGf1TxoZI+8MmekXH1m5ildihlIuU90F4fqEGE0 5wBGANZlq2aqfNafMPMSXMZtL9nJpihV+Ei+M9ik2edEqFGKHfIZTwsNsWcI0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760416617; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=73j5Fa3jd/Ip57tBiagQ8Eh/KX0mzHVs3MCFaYg+/Vg=; b=dyOKMEwdgIWQVTC1Gx5bWyXkGDtffOHm7/P8fl5GOoc9HQVMtbBge1eb50EgvyJTgN7JfB cWJ5LwfUfScMAAmTeHHxO7RVE01b9o+mgd07xPpntcqNCFcR6RWALY2ENt76STKnipe17I 0r9cg3EBTC4iaZjkDNX4Sfi8m+K267jaoMmOSiIFNlIyutKUNwbkjNKmq0PGUxpPk5YgbC 78/eDKZJtn3JlivFussmcXovjOP9acuinPpeGPqU05FR0wDUHaiQrlMBrlvno52D8/BbDf KGoLyTUDf7tzb9IC7RgsCgJtjayiJKVkm/2nMP8Qk1E/KQ0lpYaNvphloDmzJA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760416617; a=rsa-sha256; cv=none; b=AA3KdmWrLchzOmyjwxV6z2Fi/65s5I1IdFI0nfin3YUAAAGdi5SraxNJtDFlyzzlamKGNA uko8/wj0bkRsgPsAyFd/8GtwcrZ22IbAsopCQQDRkC61sSIgobiBg3zfeit9zuW8+QiSIF O8/MQrHv3szztyCQLIxkO2BiSZFy796TSOQB9Dc0e203zx2YxWetPPxt2+BrH6xa+QSF53 7G8cqmnqWshburEOW1gAdTOHGfi/V+XyHisjN4GCAMIyI0bE/r8Nhr4HUn7YVz3Okyryra FhSlOc6+4vetsm5qbaFIxWeu2u+lOLnenBSDN8lJORS5Cm9TX9BNVHiqCxzO/A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cm1dj05CpzdXY; Tue, 14 Oct 2025 04:36:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E4auJ9038090; Tue, 14 Oct 2025 04:36:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E4auCd038087; Tue, 14 Oct 2025 04:36:56 GMT (envelope-from git) Date: Tue, 14 Oct 2025 04:36:56 GMT Message-Id: <202510140436.59E4auCd038087@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: 803c373304ff - releng/15.0 - blocklist: Revert upstream commit ddf6d71 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: 803c373304ff607b84a17c8b020dccf3f558bead Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=803c373304ff607b84a17c8b020dccf3f558bead commit 803c373304ff607b84a17c8b020dccf3f558bead Author: Jose Luis Duran AuthorDate: 2025-10-11 14:15:03 +0000 Commit: Colin Percival CommitDate: 2025-10-14 04:36:31 +0000 blocklist: Revert upstream commit ddf6d71 Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a "one-count" failure") introduced BLOCKLIST_BAD_USER with a one-count failure mechanism. BLOCKLIST_AUTH_FAIL was implemented with a two-count failure mechanism. Since we have been utilizing BLOCKLIST_AUTH_FAIL, the number of failed attempts now doubles towards the maximum limit (nfails), giving system administrators the impression that the number of failed authentication attempts is inaccurate. Revert this commit until a consensus has been reached. We do not want to introduce yet another breaking change with the renaming of the library. Approved by: re (cperciva) Approved by: emaste (mentor) MFC after: 2 days (cherry picked from commit 4d56eb007b18881becb2107f87bd2a7edca3e6bf) (cherry picked from commit a719ef67e8ed2cbae5f397d2a4680a02495b79ab) --- contrib/blocklist/bin/blocklistd.c | 18 +++++++++--------- contrib/blocklist/lib/libblocklist.3 | 32 +++++++++++++++++++------------- 2 files changed, 28 insertions(+), 22 deletions(-) diff --git a/contrib/blocklist/bin/blocklistd.c b/contrib/blocklist/bin/blocklistd.c index 4846b507c8d1..03a1dbbf056c 100644 --- a/contrib/blocklist/bin/blocklistd.c +++ b/contrib/blocklist/bin/blocklistd.c @@ -222,19 +222,16 @@ process(bl_t bl) switch (bi->bi_type) { case BL_ABUSE: /* - * If the application has signaled abusive behavior, set the - * number of fails to be two less than the configured limit. - * Fall through to the normal BL_ADD and BL_BADUSER processing, - * which will increment the failure count to the threshhold, and - * block the abusive address. + * If the application has signaled abusive behavior, + * set the number of fails to be one less than the + * configured limit. Fallthrough to the normal BL_ADD + * processing, which will increment the failure count + * to the threshhold, and block the abusive address. */ if (c.c_nfail != -1) - dbi.count = c.c_nfail - 2; + dbi.count = c.c_nfail - 1; /*FALLTHROUGH*/ case BL_ADD: - dbi.count++; /* will become += 2 */ - /*FALLTHROUGH*/ - case BL_BADUSER: dbi.count++; dbi.last = ts.tv_sec; if (c.c_nfail != -1 && dbi.count >= c.c_nfail) { @@ -263,6 +260,9 @@ process(bl_t bl) dbi.count = 0; dbi.last = 0; break; + case BL_BADUSER: + /* ignore for now */ + break; default: (*lfun)(LOG_ERR, "unknown message %d", bi->bi_type); } diff --git a/contrib/blocklist/lib/libblocklist.3 b/contrib/blocklist/lib/libblocklist.3 index 7a016625a047..fd6eb93eb756 100644 --- a/contrib/blocklist/lib/libblocklist.3 +++ b/contrib/blocklist/lib/libblocklist.3 @@ -106,20 +106,26 @@ The .Ar action parameter can take these values: .Bl -tag -width ".Dv BLOCKLIST_ABUSIVE_BEHAVIOR" -.It Va BLOCKLIST_BAD_USER -The sending daemon has determined the username presented for -authentication is invalid. -This is considered as one failure count. -.It Va BLOCKLIST_AUTH_FAIL +.It Dv BLOCKLIST_AUTH_FAIL There was an unsuccessful authentication attempt. -This is considered as two failure counts together. -.It Va BLOCKLIST_ABUSIVE_BEHAVIOR -The sending daemon has detected abusive behavior from the remote system. -This is considered as a total immediate failure. -The remote address will be blocked as soon as possible. -.It Va BLOCKLIST_AUTH_OK -A valid user successfully authenticated. -Any entry for the remote address will be removed as soon as possible. +.It Dv BLOCKLIST_AUTH_OK +A user successfully authenticated. +.It Dv BLOCKLIST_ABUSIVE_BEHAVIOR +The sending daemon has detected abusive behavior +from the remote system. +The remote address should +be blocked as soon as possible. +.It Dv BLOCKLIST_BAD_USER +The sending daemon has determined the username +presented for authentication is invalid. +The +.Xr blocklistd 8 +daemon compares the username to a configured list of forbidden +usernames and +blocks the address immediately if a forbidden username matches. +(The +.Dv BLOCKLIST_BAD_USER +support is not currently available.) .El .Pp The From nobody Tue Oct 14 04:36:58 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cm1dl1rPdz6BhVT; Tue, 14 Oct 2025 04:36:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cm1dk5bfJz3Q3Z; Tue, 14 Oct 2025 04:36:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760416618; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MoiKLxOnYN5RNwhM+65M0PQ4ZqYe94prHma8JwtztMo=; b=sbcls/19/A1cLSJZSAa0Kg6nC40LSyGQ8TmuUxAzzZo+2kFatiOqDU9c1DYEKaVa7N6P/n jAA1kCgMN4qRhJt4H4cm2f1svxWs+Ldn4IPbhKhjb74UYLOhb+QtjSLMKmtygl5y36KQKb Pg/mZCWhOLcK9ltkbGPgLzh1qOyNiDSNJV9LyobGKRXyGZl+08vlZ/MaAKYIPmTq/wH4Pt 4boL5yQfpXw+8d6kyTyfKUFkSTDAIDXa1FM4ImPUOOTBSmKJkCtXw7M0nlBzS7fiiEuGIN jUOM9ySgLpl8fGemTyfitzXy9jhJd+5yr9J+moTGNxU+iEFWcuGgVIANHFlOpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760416618; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MoiKLxOnYN5RNwhM+65M0PQ4ZqYe94prHma8JwtztMo=; b=L7kvXKrh8Gr91gzfr/haEBny2CcopotihiAPwnIpWvXxpMSXLaxZWztt81rCVhQznvRrEC BorZiRdNm/TxRjhLxIRdGIasG9mde0cNPWrASZiYIkMvEP/MHZLieeGqai5wt6ww3Rgg2H Surghn3UT9e8VNFgX7SnoJuIFTJBfHS1x9qKPjhJYTeSu58MmEz5Bs25NjdB8Ud+f1hC1K vVx/FmxwPkWQqm55ua9qbHXYczlJ0C5BRP6U1HTHEWS2hLEQ2D6LYKpoUZSIK8snyLEdhD VtKY1cmUzws0ZZl3m4sfL5cyDh+6qYjJcCV7Uuu9J07GpfGteywh59IgWNfn1w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760416618; a=rsa-sha256; cv=none; b=sgk0QN9UK0k2plK/XI+N2JkMLUtNDrtwU9+GfldxcjMmKRCZzeP9Hl/ZctDKjNjty4NYPP bw4hGGGWD7LH7B5+1mDQWLPnGJpXmKkS0CtoHIU/OIEGX2NxhdjRkeAaelbSQjAju9r9Aw gx4wYJm0dNml5xICZXg+Am8hcwqAvr80KrxrU7RJXy8XPMrs2Lt+w+/pNGszNt+HrCR6nJ j2+7FGs7VTIK2FTSvmBR+nmiih6M8qs/r2mrCAbk1DwQPIfOFb2xKgmE6POlt/lhPCeW46 53o4j27QUzqJ2SiaYcxV8Ir3AGYet7KoP9ol+wBa8Oh6xAI9YDrwcZgFklsAjQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cm1dk1MJxzdcb; Tue, 14 Oct 2025 04:36:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E4awbw038124; Tue, 14 Oct 2025 04:36:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E4awON038121; Tue, 14 Oct 2025 04:36:58 GMT (envelope-from git) Date: Tue, 14 Oct 2025 04:36:58 GMT Message-Id: <202510140436.59E4awON038121@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: 2b6eb6561253 - releng/15.0 - blocklist: Rename blacklist to blocklist List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: 2b6eb65612539f7a9ee94899b310d18e3ae894a3 Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=2b6eb65612539f7a9ee94899b310d18e3ae894a3 commit 2b6eb65612539f7a9ee94899b310d18e3ae894a3 Author: Jose Luis Duran AuthorDate: 2025-10-12 17:14:27 +0000 Commit: Colin Percival CommitDate: 2025-10-14 04:36:35 +0000 blocklist: Rename blacklist to blocklist Follow up upstream rename from blacklist to blocklist. - Old names and rc scripts are still valid, but emitting an ugly warning - Old firewall rules and anchor names should work, but emitting an ugly warning - Old MK_BLACKLIST* knobs are wired to the new ones Although care has been taken not to break current configurations, this is a large patch containing mostly duplicated code. If issues arise, it will be swiftly reverted. Approved by: re (cperciva) Reviewed by: ivy (pkgbase) Approved by: emaste (mentor) MFC after: 2 days Relnotes: yes (cherry picked from commit 7238317403b95a8e35cf0bc7cd66fbd78ecbe521) (cherry picked from commit 7f6f2139eef9f9fc263977c847c6dbf235a1b1b7) --- contrib/blocklist/bin/blacklistctl.c | 170 ++++++ contrib/blocklist/bin/blacklistd.c | 592 +++++++++++++++++++++ contrib/blocklist/bin/old_internal.c | 50 ++ contrib/blocklist/bin/old_internal.h | 58 ++ contrib/blocklist/include/blacklist.h | 65 +++ contrib/blocklist/include/old_bl.h | 80 +++ contrib/blocklist/lib/blacklist.c | 117 ++++ contrib/blocklist/lib/old_bl.c | 554 +++++++++++++++++++ crypto/openssh/auth-pam.c | 4 +- crypto/openssh/auth.c | 8 +- crypto/openssh/{blacklist.c => blocklist.c} | 16 +- .../{blacklist_client.h => blocklist_client.h} | 30 +- crypto/openssh/monitor.c | 8 +- crypto/openssh/servconf.c | 18 +- crypto/openssh/servconf.h | 2 +- crypto/openssh/sshd-session.c | 10 +- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 14 +- lib/Makefile | 1 + lib/libblacklist/Makefile | 24 +- lib/libblocklist/Makefile | 30 ++ lib/libblocklist/Makefile.depend | 16 + lib/libsysdecode/Makefile.depend | 2 +- libexec/Makefile | 6 +- libexec/blacklistd-helper/Makefile | 7 - libexec/blocklistd-helper/Makefile | 10 + .../Makefile.depend | 0 libexec/blocklistd-helper/blacklistd-helper | 293 ++++++++++ libexec/fingerd/Makefile | 8 +- libexec/fingerd/Makefile.depend.options | 2 +- libexec/fingerd/fingerd.c | 16 +- libexec/rc/rc.conf | 6 +- libexec/rc/rc.d/Makefile | 5 +- libexec/rc/rc.d/blacklistd | 10 +- libexec/rc/rc.d/blocklistd | 46 ++ release/packages/ucl/blocklist-all.ucl | 8 +- secure/libexec/sshd-auth/Makefile | 10 +- secure/libexec/sshd-session/Makefile | 10 +- secure/usr.sbin/sshd/Makefile.depend.options | 2 +- share/man/man5/periodic.conf.5 | 2 +- share/man/man5/src.conf.5 | 43 +- share/mk/bsd.libnames.mk | 1 + share/mk/local.dirdeps-options.mk | 1 + share/mk/src.libnames.mk | 10 +- share/mk/src.opts.mk | 10 + targets/pseudo/userland/Makefile.depend | 6 + targets/pseudo/userland/lib/Makefile.depend | 4 + targets/pseudo/userland/libexec/Makefile.depend | 4 +- tools/build/mk/OptionalObsoleteFiles.inc | 21 +- tools/build/options/WITHOUT_BLACKLIST | 6 +- tools/build/options/WITHOUT_BLACKLIST_SUPPORT | 8 +- tools/build/options/WITHOUT_BLOCKLIST | 4 + tools/build/options/WITHOUT_BLOCKLIST_SUPPORT | 6 + usr.sbin/Makefile | 2 + usr.sbin/blacklistctl/Makefile | 10 +- usr.sbin/blacklistd/Makefile | 13 +- usr.sbin/blacklistd/blacklistd.conf | 10 +- usr.sbin/blocklistctl/Makefile | 22 + usr.sbin/blocklistctl/Makefile.depend | 18 + usr.sbin/blocklistd/Makefile | 23 + usr.sbin/blocklistd/Makefile.depend | 18 + usr.sbin/blocklistd/blocklistd.conf | 16 + usr.sbin/periodic/etc/security/520.pfdenied | 2 +- 63 files changed, 2426 insertions(+), 144 deletions(-) diff --git a/contrib/blocklist/bin/blacklistctl.c b/contrib/blocklist/bin/blacklistctl.c new file mode 100644 index 000000000000..6298a08b10b4 --- /dev/null +++ b/contrib/blocklist/bin/blacklistctl.c @@ -0,0 +1,170 @@ +/* $NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $ */ + +/*- + * Copyright (c) 2015 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#ifdef HAVE_SYS_CDEFS_H +#include +#endif +__RCSID("$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $"); + +#include +#include +#ifdef HAVE_LIBUTIL_H +#include +#endif +#ifdef HAVE_UTIL_H +#include +#endif +#include +#include +#include +#include +#include +#include +#include + +#include "conf.h" +#include "state.h" +#include "old_internal.h" +#include "support.h" + +static __dead void +usage(int c) +{ + if (c == 0) + warnx("Missing/unknown command"); + else if (c != '?') + warnx("Unknown option `%c'", (char)c); + fprintf(stderr, + "Usage: %s dump [-abdnrw] [-D dbname]\n", getprogname()); + exit(EXIT_FAILURE); +} + +static const char * +star(char *buf, size_t len, int val) +{ + if (val == -1) + return "*"; + snprintf(buf, len, "%d", val); + return buf; +} + +int +main(int argc, char *argv[]) +{ + const char *dbname = _PATH_BLSTATE; + DB *db; + struct conf c; + struct dbinfo dbi; + unsigned int i; + struct timespec ts; + int all, blocked, remain, wide, noheader; + int o; + + noheader = wide = blocked = all = remain = 0; + lfun = dlog; + + if (argc == 1 || strcmp(argv[1], "dump") != 0) + usage(0); + + argc--; + argv++; + + while ((o = getopt(argc, argv, "abD:dnrw")) != -1) + switch (o) { + case 'a': + all = 1; + blocked = 0; + break; + case 'b': + blocked = 1; + break; + case 'D': + dbname = optarg; + break; + case 'd': + debug++; + break; + case 'n': + noheader = 1; + break; + case 'r': + remain = 1; + break; + case 'w': + wide = 1; + break; + default: + usage(o); + } + + db = state_open(dbname, O_RDONLY, 0); + if (db == NULL) + err(EXIT_FAILURE, "Can't open `%s'", dbname); + + clock_gettime(CLOCK_REALTIME, &ts); + wide = wide ? 8 * 4 + 7 : 4 * 3 + 3; + if (!noheader) + printf("%*.*s/ma:port\tid\tnfail\t%s\n", wide, wide, + "address", remain ? "remaining time" : "last access"); + for (i = 1; state_iterate(db, &c, &dbi, i) != 0; i = 0) { + char buf[BUFSIZ]; + char mbuf[64], pbuf[64]; + if (!all) { + if (blocked) { + if (c.c_nfail == -1 || dbi.count < c.c_nfail) + continue; + } else { + if (dbi.count >= c.c_nfail) + continue; + } + } + sockaddr_snprintf(buf, sizeof(buf), "%a", (void *)&c.c_ss); + printf("%*.*s/%s:%s\t", wide, wide, buf, + star(mbuf, sizeof(mbuf), c.c_lmask), + star(pbuf, sizeof(pbuf), c.c_port)); + if (c.c_duration == -1) { + strlcpy(buf, "never", sizeof(buf)); + } else { + if (remain) + fmtydhms(buf, sizeof(buf), + c.c_duration - (ts.tv_sec - dbi.last)); + else + fmttime(buf, sizeof(buf), dbi.last); + } + printf("%s\t%d/%s\t%-s\n", dbi.id, dbi.count, + star(mbuf, sizeof(mbuf), c.c_nfail), buf); + } + state_close(db); + return EXIT_SUCCESS; +} diff --git a/contrib/blocklist/bin/blacklistd.c b/contrib/blocklist/bin/blacklistd.c new file mode 100644 index 000000000000..ded3075ed707 --- /dev/null +++ b/contrib/blocklist/bin/blacklistd.c @@ -0,0 +1,592 @@ +/* $NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $ */ + +/*- + * Copyright (c) 2015 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#ifdef HAVE_SYS_CDEFS_H +#include +#endif +__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $"); + +#include +#include +#include + +#ifdef HAVE_LIBUTIL_H +#include +#endif +#ifdef HAVE_UTIL_H +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "old_bl.h" +#include "old_internal.h" +#include "conf.h" +#include "run.h" +#include "state.h" +#include "support.h" + +static const char *configfile = _PATH_BLCONF; +static DB *state; +static const char *dbfile = _PATH_BLSTATE; +static sig_atomic_t readconf; +static sig_atomic_t done; +static int vflag; + +static void +sigusr1(int n __unused) +{ + debug++; +} + +static void +sigusr2(int n __unused) +{ + debug--; +} + +static void +sighup(int n __unused) +{ + readconf++; +} + +static void +sigdone(int n __unused) +{ + done++; +} + +static __dead void +usage(int c) +{ + if (c != '?') + warnx("Unknown option `%c'", (char)c); + fprintf(stderr, "Usage: %s [-vdfr] [-c ] [-R ] " + "[-P ] [-C ] [-D ] " + "[-s ] [-t ]\n", getprogname()); + exit(EXIT_FAILURE); +} + +static int +getremoteaddress(bl_info_t *bi, struct sockaddr_storage *rss, socklen_t *rsl) +{ + *rsl = sizeof(*rss); + memset(rss, 0, *rsl); + + if (getpeername(bi->bi_fd, (void *)rss, rsl) != -1) + return 0; + + if (errno != ENOTCONN) { + (*lfun)(LOG_ERR, "getpeername failed (%m)"); + return -1; + } + + if (bi->bi_slen == 0) { + (*lfun)(LOG_ERR, "unconnected socket with no peer in message"); + return -1; + } + + switch (bi->bi_ss.ss_family) { + case AF_INET: + *rsl = sizeof(struct sockaddr_in); + break; + case AF_INET6: + *rsl = sizeof(struct sockaddr_in6); + break; + default: + (*lfun)(LOG_ERR, "bad client passed socket family %u", + (unsigned)bi->bi_ss.ss_family); + return -1; + } + + if (*rsl != bi->bi_slen) { + (*lfun)(LOG_ERR, "bad client passed socket length %u != %u", + (unsigned)*rsl, (unsigned)bi->bi_slen); + return -1; + } + + memcpy(rss, &bi->bi_ss, *rsl); + +#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN + if (*rsl != rss->ss_len) { + (*lfun)(LOG_ERR, + "bad client passed socket internal length %u != %u", + (unsigned)*rsl, (unsigned)rss->ss_len); + return -1; + } +#endif + return 0; +} + +static void +process(bl_t bl) +{ + struct sockaddr_storage rss; + socklen_t rsl; + char rbuf[BUFSIZ]; + bl_info_t *bi; + struct conf c; + struct dbinfo dbi; + struct timespec ts; + + memset(&dbi, 0, sizeof(dbi)); + memset(&c, 0, sizeof(c)); + if (clock_gettime(CLOCK_REALTIME, &ts) == -1) { + (*lfun)(LOG_ERR, "clock_gettime failed (%m)"); + return; + } + + if ((bi = bl_recv(bl)) == NULL) { + (*lfun)(LOG_ERR, "no message (%m)"); + return; + } + + if (getremoteaddress(bi, &rss, &rsl) == -1) + goto out; + + if (debug || bi->bi_msg[0]) { + sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss); + (*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG, + "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu", + bi->bi_type, bi->bi_fd, rbuf, + bi->bi_msg, (unsigned long)bi->bi_uid, + (unsigned long)bi->bi_gid); + } + + if (conf_find(bi->bi_fd, bi->bi_uid, &rss, &c) == NULL) { + (*lfun)(LOG_DEBUG, "no rule matched"); + goto out; + } + + + if (state_get(state, &c, &dbi) == -1) + goto out; + + if (debug) { + char b1[128], b2[128]; + (*lfun)(LOG_DEBUG, "%s: initial db state for %s: count=%d/%d " + "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail, + fmttime(b1, sizeof(b1), dbi.last), + fmttime(b2, sizeof(b2), ts.tv_sec)); + } + + switch (bi->bi_type) { + case BL_ABUSE: + /* + * If the application has signaled abusive behavior, + * set the number of fails to be one less than the + * configured limit. Fallthrough to the normal BL_ADD + * processing, which will increment the failure count + * to the threshhold, and block the abusive address. + */ + if (c.c_nfail != -1) + dbi.count = c.c_nfail - 1; + /*FALLTHROUGH*/ + case BL_ADD: + dbi.count++; + dbi.last = ts.tv_sec; + if (c.c_nfail != -1 && dbi.count >= c.c_nfail) { + /* + * No point in re-adding the rule. + * It might exist already due to latency in processing + * and removing the rule is the wrong thing to do as + * it allows a window to attack again. + */ + if (dbi.id[0] == '\0') { + int res = run_change("add", &c, + dbi.id, sizeof(dbi.id)); + if (res == -1) + goto out; + } + sockaddr_snprintf(rbuf, sizeof(rbuf), "%a", + (void *)&rss); + (*lfun)(LOG_INFO, + "blocked %s/%d:%d for %d seconds", + rbuf, c.c_lmask, c.c_port, c.c_duration); + } + break; + case BL_DELETE: + if (dbi.last == 0) + goto out; + dbi.count = 0; + dbi.last = 0; + break; + case BL_BADUSER: + /* ignore for now */ + break; + default: + (*lfun)(LOG_ERR, "unknown message %d", bi->bi_type); + } + state_put(state, &c, &dbi); + +out: + close(bi->bi_fd); + + if (debug) { + char b1[128], b2[128]; + (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d " + "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail, + fmttime(b1, sizeof(b1), dbi.last), + fmttime(b2, sizeof(b2), ts.tv_sec)); + } +} + +static void +update_interfaces(void) +{ + struct ifaddrs *oifas, *nifas; + + if (getifaddrs(&nifas) == -1) + return; + + oifas = ifas; + ifas = nifas; + + if (oifas) + freeifaddrs(oifas); +} + +static void +update(void) +{ + struct timespec ts; + struct conf c; + struct dbinfo dbi; + unsigned int f, n; + char buf[128]; + void *ss = &c.c_ss; + + if (clock_gettime(CLOCK_REALTIME, &ts) == -1) { + (*lfun)(LOG_ERR, "clock_gettime failed (%m)"); + return; + } + +again: + for (n = 0, f = 1; state_iterate(state, &c, &dbi, f) == 1; + f = 0, n++) + { + time_t when = c.c_duration + dbi.last; + if (debug > 1) { + char b1[64], b2[64]; + sockaddr_snprintf(buf, sizeof(buf), "%a:%p", ss); + (*lfun)(LOG_DEBUG, "%s:[%u] %s count=%d duration=%d " + "last=%s " "now=%s", __func__, n, buf, dbi.count, + c.c_duration, fmttime(b1, sizeof(b1), dbi.last), + fmttime(b2, sizeof(b2), ts.tv_sec)); + } + if (c.c_duration == -1 || when >= ts.tv_sec) + continue; + if (dbi.id[0]) { + run_change("rem", &c, dbi.id, 0); + sockaddr_snprintf(buf, sizeof(buf), "%a", ss); + (*lfun)(LOG_INFO, "released %s/%d:%d after %d seconds", + buf, c.c_lmask, c.c_port, c.c_duration); + } + state_del(state, &c); + goto again; + } +} + +static void +addfd(struct pollfd **pfdp, bl_t **blp, size_t *nfd, size_t *maxfd, + const char *path) +{ + bl_t bl = bl_create(true, path, vflag ? vdlog : vsyslog_r); + if (bl == NULL || !bl_isconnected(bl)) + exit(EXIT_FAILURE); + if (*nfd >= *maxfd) { + *maxfd += 10; + *blp = realloc(*blp, sizeof(**blp) * *maxfd); + if (*blp == NULL) + err(EXIT_FAILURE, "malloc"); + *pfdp = realloc(*pfdp, sizeof(**pfdp) * *maxfd); + if (*pfdp == NULL) + err(EXIT_FAILURE, "malloc"); + } + + (*pfdp)[*nfd].fd = bl_getfd(bl); + (*pfdp)[*nfd].events = POLLIN; + (*blp)[*nfd] = bl; + *nfd += 1; +} + +static void +uniqueadd(struct conf ***listp, size_t *nlist, size_t *mlist, struct conf *c) +{ + struct conf **list = *listp; + + if (c->c_name[0] == '\0') + return; + for (size_t i = 0; i < *nlist; i++) { + if (strcmp(list[i]->c_name, c->c_name) == 0) + return; + } + if (*nlist == *mlist) { + *mlist += 10; + void *p = realloc(*listp, *mlist * sizeof(*list)); + if (p == NULL) + err(EXIT_FAILURE, "Can't allocate for rule list"); + list = *listp = p; + } + list[(*nlist)++] = c; +} + +static void +rules_flush(void) +{ + struct conf **list; + size_t nlist, mlist; + + list = NULL; + mlist = nlist = 0; + for (size_t i = 0; i < rconf.cs_n; i++) + uniqueadd(&list, &nlist, &mlist, &rconf.cs_c[i]); + for (size_t i = 0; i < lconf.cs_n; i++) + uniqueadd(&list, &nlist, &mlist, &lconf.cs_c[i]); + + for (size_t i = 0; i < nlist; i++) + run_flush(list[i]); + free(list); +} + +static void +rules_restore(void) +{ + DB *db; + struct conf c; + struct dbinfo dbi; + unsigned int f; + + db = state_open(dbfile, O_RDONLY, 0); + if (db == NULL) { + (*lfun)(LOG_ERR, "Can't open `%s' to restore state (%m)", + dbfile); + return; + } + for (f = 1; state_iterate(db, &c, &dbi, f) == 1; f = 0) { + if (dbi.id[0] == '\0') + continue; + (void)run_change("add", &c, dbi.id, sizeof(dbi.id)); + state_put(state, &c, &dbi); + } + state_close(db); + state_sync(state); +} + +int +main(int argc, char *argv[]) +{ + int c, tout, flags, flush, restore, ret; + const char *spath, **blsock; + size_t nblsock, maxblsock; + + setprogname(argv[0]); + + spath = NULL; + blsock = NULL; + maxblsock = nblsock = 0; + flush = 0; + restore = 0; + tout = 0; + flags = O_RDWR|O_EXCL|O_CLOEXEC; + while ((c = getopt(argc, argv, "C:c:D:dfP:rR:s:t:v")) != -1) { + switch (c) { + case 'C': + controlprog = optarg; + break; + case 'c': + configfile = optarg; + break; + case 'D': + dbfile = optarg; + break; + case 'd': + debug++; + break; + case 'f': + flush++; + break; + case 'P': + spath = optarg; + break; + case 'R': + rulename = optarg; + break; + case 'r': + restore++; + break; + case 's': + if (nblsock >= maxblsock) { + maxblsock += 10; + void *p = realloc(blsock, + sizeof(*blsock) * maxblsock); + if (p == NULL) + err(EXIT_FAILURE, + "Can't allocate memory for %zu sockets", + maxblsock); + blsock = p; + } + blsock[nblsock++] = optarg; + break; + case 't': + tout = atoi(optarg) * 1000; + break; + case 'v': + vflag++; + break; + default: + usage(c); + } + } + + argc -= optind; + if (argc) + usage('?'); + + signal(SIGHUP, sighup); + signal(SIGINT, sigdone); + signal(SIGQUIT, sigdone); + signal(SIGTERM, sigdone); + signal(SIGUSR1, sigusr1); + signal(SIGUSR2, sigusr2); + + openlog(getprogname(), LOG_PID, LOG_DAEMON); + + if (debug) { + lfun = dlog; + if (tout == 0) + tout = 5000; + } else { + if (tout == 0) + tout = 15000; + } + + update_interfaces(); + conf_parse(configfile); + if (flush) { + rules_flush(); + if (!restore) + flags |= O_TRUNC; + } + + struct pollfd *pfd = NULL; + bl_t *bl = NULL; + size_t nfd = 0; + size_t maxfd = 0; + + for (size_t i = 0; i < nblsock; i++) + addfd(&pfd, &bl, &nfd, &maxfd, blsock[i]); + free(blsock); + + if (spath) { + FILE *fp = fopen(spath, "r"); + char *line; + if (fp == NULL) + err(EXIT_FAILURE, "Can't open `%s'", spath); + for (; (line = fparseln(fp, NULL, NULL, NULL, 0)) != NULL; + free(line)) + addfd(&pfd, &bl, &nfd, &maxfd, line); + fclose(fp); + } + if (nfd == 0) + addfd(&pfd, &bl, &nfd, &maxfd, _PATH_BLSOCK); + + state = state_open(dbfile, flags, 0600); + if (state == NULL) + state = state_open(dbfile, flags | O_CREAT, 0600); + if (state == NULL) + return EXIT_FAILURE; + + if (restore) { + if (!flush) + rules_flush(); + rules_restore(); + } + + if (!debug) { + if (daemon(0, 0) == -1) + err(EXIT_FAILURE, "daemon failed"); + if (pidfile(NULL) == -1) + err(EXIT_FAILURE, "Can't create pidfile"); + } + + for (size_t t = 0; !done; t++) { + if (readconf) { + readconf = 0; + conf_parse(configfile); + } + ret = poll(pfd, (nfds_t)nfd, tout); + if (debug) + (*lfun)(LOG_DEBUG, "received %d from poll()", ret); + switch (ret) { + case -1: + if (errno == EINTR) + continue; + (*lfun)(LOG_ERR, "poll (%m)"); + return EXIT_FAILURE; + case 0: + state_sync(state); + break; + default: + for (size_t i = 0; i < nfd; i++) + if (pfd[i].revents & POLLIN) + process(bl[i]); + } + if (t % 100 == 0) + state_sync(state); + if (t % 10000 == 0) + update_interfaces(); + update(); + } + state_close(state); + return 0; +} diff --git a/contrib/blocklist/bin/old_internal.c b/contrib/blocklist/bin/old_internal.c new file mode 100644 index 000000000000..79093cc8b8ab --- /dev/null +++ b/contrib/blocklist/bin/old_internal.c @@ -0,0 +1,50 @@ +/* $NetBSD: internal.c,v 1.2 2025/02/11 17:48:30 christos Exp $ */ + +/*- + * Copyright (c) 2015 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#ifdef HAVE_SYS_CDEFS_H +#include +#endif +__RCSID("$NetBSD: internal.c,v 1.2 2025/02/11 17:48:30 christos Exp $"); + +#include +#include +#include "conf.h" +#include "old_internal.h" + +int debug; +const char *rulename = "blacklistd"; +const char *controlprog = _PATH_BLCONTROL; +struct confset lconf, rconf; +struct ifaddrs *ifas; +void (*lfun)(int, const char *, ...) = syslog; diff --git a/contrib/blocklist/bin/old_internal.h b/contrib/blocklist/bin/old_internal.h new file mode 100644 index 000000000000..becee563e81d --- /dev/null +++ b/contrib/blocklist/bin/old_internal.h @@ -0,0 +1,58 @@ +/* $NetBSD: internal.h,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $ */ + +/*- + * Copyright (c) 2015 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _OLD_INTERNAL_H +#define _OLD_INTERNAL_H + +#ifndef _PATH_BLCONF +#define _PATH_BLCONF "/etc/blacklistd.conf" +#endif +#ifndef _PATH_BLCONTROL +#define _PATH_BLCONTROL "/usr/libexec/blacklistd-helper" +#endif +#ifndef _PATH_BLSTATE +/* We want the new name, the old one would be incompatible after 24932b6 */ +#define _PATH_BLSTATE "/var/db/blocklistd.db" +#endif + +extern struct confset rconf, lconf; +extern int debug; +extern const char *rulename; +extern const char *controlprog; +extern struct ifaddrs *ifas; + +#if !defined(__syslog_attribute__) && !defined(__syslog__) +#define __syslog__ __printf__ +#endif *** 2511 LINES SKIPPED *** From nobody Tue Oct 14 04:36:59 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cm1dl5Ctlz6BhZv; Tue, 14 Oct 2025 04:36:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cm1dl3yTCz3QF2; Tue, 14 Oct 2025 04:36:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760416619; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FeO8/eMlsecJ8Quboo9ZcNgFaqQCUs13zFRxUr6bCxU=; b=hi7+ux+hgFNvTuxPWV86sTHbBFblpRYYQR8BzMvdNL+vd0x+QM961EZtR37q50yW31zkdB eYLJASTmOWgcf5JpJoMPUqT3Zel5SgGhj5hLB8GkeXK53gsBePuOYEbcRSKd0QZRWk4Ord j2w83LhDthgCtDcZiu/EB3JBu+c5Xk2O3o8vwtPD2CCYOt2Mr5ZT0cmngeTdzm0N3Of6eB JIV0R5uxtG+3HYO7WjbqaQj2Hg24HwnbKb8ZCzxFNxIBkUmCIG1UKdid4+ttX5BIvEN4LV VHO8xermM3Ekf7tqkpGUYEA4xhfFuoKiPgASfVIq2yFcvJyDh1AM2x78v4KTwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760416619; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FeO8/eMlsecJ8Quboo9ZcNgFaqQCUs13zFRxUr6bCxU=; b=dZhtTXym7jJtvoxpU+PlbD6YSOZl3gnneRDAnclV/U/42yfTqRzwRc/pjH5nD+b6gFseWq ys1V/Hc1D64D4vioYRW7yorWNkHRPyeswYaEAgU0l1iYNAxoVjSjgGTwFFa7cVLWrO75K8 qd4knyRnHpw7jRSxpDK/mpbmYB3iandmnV4EV8S3EJ1S4wsGK2PInm/yVTokUmt/RDWVRd oCHqCAo1hSrs/8G7w21fb/f0Sd6P/O2gOdyyhjCESQ4OvuVzBfnYvg/+msHQs9HMTZdK57 bw2aXwdsSMW9zfELu9hlGeO2X88lRYgPDlMxFr79CfmSzZgWGhsqjlhW0DwiQg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760416619; a=rsa-sha256; cv=none; b=lvRzpSVFw5rbY9QkvYN9uzdCesJi9NfgsMlpcJ+vJ0zmOWgYayGeHSuRU6TbgAXWe2JPq9 oHRbmd79VUSqJO8/mPGFNypQdRkw8weyRZ8fvjnlsHTk0EwyVx5FRHS8mg1Ri9VBDSNEhu aEDk/j6+fFmBG8eaDUemO/kpIjvAAROsQo6Q+wfYKm94zh5mFnklRc8nwI+lfrpWZD17vr DkBP7YizKLH2agjQ9SaVzpoyJrCo1Qr4FQQPOS1WdNz/JkHJbW8zTt0O4lAE5E0XYjYoEm ncQBUb2lW/tNytTSV0erVrtnrwli1Z+bEtEj6aNepfMUYO6dJDYrjNQtBC46LQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cm1dl2N8NzdZM; Tue, 14 Oct 2025 04:36:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E4axZ9038159; Tue, 14 Oct 2025 04:36:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E4axqx038156; Tue, 14 Oct 2025 04:36:59 GMT (envelope-from git) Date: Tue, 14 Oct 2025 04:36:59 GMT Message-Id: <202510140436.59E4axqx038156@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: f315a3512c70 - releng/15.0 - blocklist-helper: Silence a bogus pf warning List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: f315a3512c709afc2a59584791f29ebd7e9e047d Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=f315a3512c709afc2a59584791f29ebd7e9e047d commit f315a3512c709afc2a59584791f29ebd7e9e047d Author: Jose Luis Duran AuthorDate: 2025-10-12 17:16:12 +0000 Commit: Colin Percival CommitDate: 2025-10-14 04:36:39 +0000 blocklist-helper: Silence a bogus pf warning Silence a bogus warning about (an ethernet) anchor not being found. It has been reported as PR 280516. In the meantime, just sweep under the carpet. Approved by: re (cperciva) Approved by: emaste (mentor) MFC after: 2 days (cherry picked from commit 2347ca21d657121670e6e7246c6ac32efc996cac) (cherry picked from commit ba5768504bee39191754fc1aece3927c8936f27c) --- contrib/blocklist/libexec/blocklistd-helper | 2 +- libexec/blocklistd-helper/blacklistd-helper | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/blocklist/libexec/blocklistd-helper b/contrib/blocklist/libexec/blocklistd-helper index f27cde4ed4ea..14a192ee35ce 100755 --- a/contrib/blocklist/libexec/blocklistd-helper +++ b/contrib/blocklist/libexec/blocklistd-helper @@ -258,7 +258,7 @@ flush) pf) # dynamically determine which anchors exist for anchor in $(/sbin/pfctl -a "$2" -s Anchors 2> /dev/null); do - /sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush + /sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush 2> /dev/null /sbin/pfctl -a "$anchor" -F rules done echo OK diff --git a/libexec/blocklistd-helper/blacklistd-helper b/libexec/blocklistd-helper/blacklistd-helper index 4195f070e8ee..92f768e86cdf 100644 --- a/libexec/blocklistd-helper/blacklistd-helper +++ b/libexec/blocklistd-helper/blacklistd-helper @@ -279,7 +279,7 @@ flush) pf) # dynamically determine which anchors exist for anchor in $(/sbin/pfctl -a "$2" -s Anchors 2> /dev/null); do - /sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush + /sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush 2> /dev/null /sbin/pfctl -a "$anchor" -F rules done echo OK From nobody Tue Oct 14 04:37:00 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cm1dm431Fz6BhBM; Tue, 14 Oct 2025 04:37:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cm1dm3TP7z3Q3t; Tue, 14 Oct 2025 04:37:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760416620; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=o4afukLQ9RkRazTWfuBPQKJpacRSAlkx29x3CwLA8jA=; b=p8ZuC7gbUxpXAof2SPeLVPBfak9Fb8C1ma0mq84ir7jJVSX0CXon8kihVEwgAjlUeLqyze Ddc9KJh3gm39xvMfAtasdJAQ4l8/2QFIXcsg/nvjGG5JCv+zi6hmB83NmpizZxxpxpta3F 2O+LZZHLYwo7RLwpIapjFeMQpyBIqIA5mR6DZjTVQfpTO2RNserHM4mehnwLR5WpwGxOs4 IKxvCAL0TWa+rnafGoBL/RIh7sWwqMIdBrlg/HskkLYxObL9g36YSvStiophvXDhhSSRHL lcHpoyS6ZRQpDHHPO9RaVbXKRNYR83pCq8xoSQ4IhHwb/UpTY0OzDeUeKplwbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760416620; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=o4afukLQ9RkRazTWfuBPQKJpacRSAlkx29x3CwLA8jA=; b=nrIdmiMObCIh04/O2PJRXIhKGS2wQ+RESZgkMryj9qNfqNl4Bk/02RgbczrsGSC831R103 /XMo3dtlnI4BQ/uLN8AzKyWPmS9aNKMzif4Z/qP6vNOj6NN5YDZSywWjzvIPlt/2pOBKfy xCPbOhACEPrPLh+wd1ZeEJcXK4KktNrzbmqYD0GANGYkLCi/5/r2XQPryve02QFMaEEilj dCztmk45M3n26HDSWPqXPJGVA80qmbF3DsKJbSkCzCNgFmFSnPdqGZ1as5Je00pwUkzq2k doQMC3wyMVVfqJTanlceQfStPT8ybA0oa5fGh2dAOJDHqzv7OKelluDlZFD4Yw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760416620; a=rsa-sha256; cv=none; b=TsPtVxQ1+CGx91E5QWGMjt9L+b5rrqLPsVpsdspmAT40PjFasd5khN2EPcqoN7CroiEWc1 jGwkbHj3l1j1chUCLw9kI0DrqQEEGH8CB7DyNwqC8FxztHgUVebgmB/54GVAsFmFl/QkUT 9W1092/qZyTHs4/cBTPQFzjF7Z65JWqlvWA+Zv8m5r5p8dOjsriYEcz8v+aLLPTCsioWxy 0gAi1nX+XgnToYl3pGAUYNf59uki/ikO7JZVacbfj2dt6eI4nKNx8c57qYgv6uw1SC0cOv j9toYyzmK2O/zmNA49M6u+pIJ53u8ZKgD/JHY0hL1+Ari9XG9UBn7H0J51QwPQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cm1dm349CzdXZ; Tue, 14 Oct 2025 04:37:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E4b0rC038201; Tue, 14 Oct 2025 04:37:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E4b05u038198; Tue, 14 Oct 2025 04:37:00 GMT (envelope-from git) Date: Tue, 14 Oct 2025 04:37:00 GMT Message-Id: <202510140437.59E4b05u038198@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: 621d4b1d01d5 - releng/15.0 - blacklist: Avoid duplicate manual pages in METALOG List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: 621d4b1d01d55567de08ccec98120be5be7d257b Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=621d4b1d01d55567de08ccec98120be5be7d257b commit 621d4b1d01d55567de08ccec98120be5be7d257b Author: Jose Luis Duran AuthorDate: 2025-10-13 00:53:50 +0000 Commit: Colin Percival CommitDate: 2025-10-14 04:36:42 +0000 blacklist: Avoid duplicate manual pages in METALOG Previously, blacklist man pages were just a symlink to their blocklist counterpart, this in turn installed blocklist man pages twice, and resulted in a duplicate error when running metalog_reader.lua -c. Take advantage of the duplication to document nuances in blacklist, such as the fact that it uses the new database and socket name (blocklist). Also, note that it has been renamed to blocklist. In the future, it will help to document its deprecation. Approved by: re (cperciva) Approved by: emaste (mentor) Fixes: 7238317403b9 ("blocklist: Rename blacklist to blocklist") MFC after: 2 days (cherry picked from commit c6240045536548c22ce40d9ef36c1dc52abcfc9c) (cherry picked from commit f935c0f66f75e882185ed8bc46f39054f2ced4e1) --- contrib/blocklist/bin/blacklistctl.8 | 136 ++++++++++++++ contrib/blocklist/bin/blacklistd.8 | 308 ++++++++++++++++++++++++++++++++ contrib/blocklist/bin/blacklistd.conf.5 | 242 +++++++++++++++++++++++++ contrib/blocklist/lib/libblacklist.3 | 188 +++++++++++++++++++ lib/libblacklist/Makefile | 17 +- usr.sbin/blacklistctl/Makefile | 3 +- usr.sbin/blacklistd/Makefile | 4 +- 7 files changed, 884 insertions(+), 14 deletions(-) diff --git a/contrib/blocklist/bin/blacklistctl.8 b/contrib/blocklist/bin/blacklistctl.8 new file mode 100644 index 000000000000..4d557c0c979d --- /dev/null +++ b/contrib/blocklist/bin/blacklistctl.8 @@ -0,0 +1,136 @@ +.\" $NetBSD: blocklistctl.8,v 1.4 2025/02/07 01:35:38 kre Exp $ +.\" +.\" Copyright (c) 2015 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Christos Zoulas. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd January 27, 2025 +.Dt BLACKLISTCTL 8 +.Os +.Sh NAME +.Nm blacklistctl +.Nd display and change the state of the blacklistd database +.Sh SYNOPSIS +.Nm +.Cm dump +.Op Fl abdnrw +.Op Fl D Ar dbname +.Sh DESCRIPTION +.Nm +is a program used to display and change the state of the +.Xr blacklistd 8 +database. +The following sub-commands are supported: +.Ss dump +.Pp +The following options are available for the +.Cm dump +sub-command: +.Bl -tag -width indent +.It Fl a +Show all database entries, by default it shows only the active ones. +Inactive entries will be shown with a last-access (or, with +.Fl r , +the remaining) time of +.Ql never . +.It Fl b +Show only the blocked entries. +.It Fl D Ar dbname +Specify the location of the +.Ic blacklistd +database file to use. +The default is +.Pa /var/db/blocklistd.db . +.It Fl d +Increase debugging level. +.It Fl n +Don't display a header. +.It Fl r +Show the remaining blocked time instead of the last activity time. +.It Fl w +Normally the width of addresses is good for IPv4, the +.Fl w +flag, makes the display wide enough for IPv6 addresses. +.El +.Pp +The output of the +.Cm dump +sub-command consists of a header (unless +.Fl n +was given) and one line for each record in the database, where each line +has the following columns: +.Bl -tag -width indent +.It Ql address/ma:port +The remote address, mask, and local port number of the client connection +associated with the database entry. +.It Ql id +column will show the identifier for the packet filter rule associated +with the database entry, though this may only be the word +.Ql OK +for packet filters which do not creat a unique identifier for each rule. +.It Ql nfail +The number of +.Em failures +reported for the client on the noted port, as well as the number of +failures allowed before blocking (or, with +.Fl a , +an asterisk +.Aq * ) +.It So last access Sc | So remaining time Sc +The last time a the client was reported as attempting access, or, with +.Fl r , +the time remaining before the rule blocking the client will be removed. +.El +.Sh SEE ALSO +.Xr blacklistd 8 +.Sh NOTES +The +.Nm +program has been renamed to +.Xr blocklistctl 8 . +.Pp +Sometimes the reported number of failed attempts can exceed the number +of attempts that +.Xr blacklistd 8 +is configured to block. +This can happen either because the rule has been removed manually, or +because there were more attempts in flight while the rule block was being +added. +This condition is normal; in that case +.Xr blacklistd 8 +will first attempt to remove the existing rule, and then it will re-add +it to make sure that there is only one rule active. +.Sh HISTORY +.Nm +first appeared in +.Nx 7 . +.Fx +support for +.Nm +was implemented in +.Fx 11 . +.Sh AUTHORS +.An Christos Zoulas diff --git a/contrib/blocklist/bin/blacklistd.8 b/contrib/blocklist/bin/blacklistd.8 new file mode 100644 index 000000000000..9ca886e9c4d3 --- /dev/null +++ b/contrib/blocklist/bin/blacklistd.8 @@ -0,0 +1,308 @@ +.\" $NetBSD: blocklistd.8,v 1.8 2025/02/25 22:13:34 christos Exp $ +.\" +.\" Copyright (c) 2015 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Christos Zoulas. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd February 25, 2025 +.Dt BLACKLISTD 8 +.Os +.Sh NAME +.Nm blacklistd +.Nd block and release ports on demand to avoid DoS abuse +.Sh SYNOPSIS +.Nm +.Op Fl dfrv +.Op Fl C Ar controlprog +.Op Fl c Ar configfile +.Op Fl D Ar dbfile +.Op Fl P Ar sockpathsfile +.Op Fl R Ar rulename +.Op Fl s Ar sockpath +.Op Fl t Ar timeout +.Sh DESCRIPTION +.Nm +is a daemon similar to +.Xr syslogd 8 +that listens to sockets at paths specified in the +.Ar sockpathsfile +for notifications from other daemons about successful or failed connection +attempts. +If no such file is specified, then it only listens to the socket path +specified by +.Ar sockpath +or if that is not specified to +.Pa /var/run/blocklistd.sock . +Each notification contains an (action, port, protocol, address, owner) tuple +that identifies the remote connection and the action. +This tuple is consulted against entries from the +.Ar configfile , +with the syntax specified in +.Xr blacklistd.conf 5 . +If an entry is matched, a state entry is created for that tuple. +Each entry contains a number of tries limit and a duration. +.Pp +If +.Ar configfile +is a directory, or a directory exists with the same name as +.Ar configfile +with +.Qq .d +appended to it, each file in the directory will be read as configuration file. +If +.Ar configfile +exists as a file it will be processed before the contents of the +.Ar configfile Ns .d +directory if that also exists. +.Pp +The way +.Nm +does configuration entry matching is by having the client side pass the +file descriptor associated with the connection the client wants to blacklist +as well as passing socket credentials. +.Pp +The file descriptor is used to retrieve information (address and port) +about the remote side with +.Xr getpeername 2 +and the local side with +.Xr getsockname 2 . +.Pp +By examining the port of the local side, +.Nm +can determine if the client program +.Dq owns +the port. +By examining the optional address portion on the local side, it can match +interfaces. +By examining the remote address, it can match specific allow or deny rules. +.Pp +Finally +.Nm +can examine the socket credentials to match the user in the configuration file. +.Pp +While this works well for TCP sockets, it cannot be relied on for unbound +UDP sockets. +It is also less meaningful when it comes to connections using non-privileged +ports. +On the other hand, if we receive a request that has a local endpoint indicating +a UDP privileged port, we can presume that the client was privileged to be +able to acquire that port. +.Pp +Once an entry is matched +.Nm +can perform various actions. +If the action is +.Dq add +and the number of tries limit is reached, then a +control script +.Ar controlprog +is invoked with arguments: +.Bd -literal -offset indent +control add
+.Ed +.Pp +and should invoke a packet filter command to block the connection +specified by the arguments. +The +.Ar rulename +argument can be set from the command line (default +.Dv blacklistd ) . +The script could print a numerical id to stdout as a handle for +the rule that can be used later to remove that connection, but +that is not required as all information to remove the rule is +kept. +.Pp +If the action is +.Dq rem +Then the same control script is invoked as: +.Bd -literal -offset indent +control rem
+.Ed +.Pp +where +.Ar id +is the number returned from the +.Dq add +action. +.Pp +.Nm +maintains a database of known connections in +.Ar dbfile . +On startup it reads entries from that file, and updates its internal state. +.Pp +.Nm +checks the list of active entries every +.Ar timeout +seconds (default +.Dv 15 ) +and removes entries and block rules using the control program as necessary. +.Pp +The following options are available: +.Bl -tag -width indent +.It Fl C Ar controlprog +Use +.Ar controlprog +to communicate with the packet filter, instead of the default, which is +.Pa /usr/libexec/blacklistd-helper . +The following arguments are passed to the control program: +.Bl -tag -width protocol +.It action +The action to perform: +.Dv add , +.Dv rem , +or +.Dv flush ; +to add, remove or flush a firewall rule. +.It name +The rule name. +.It protocol +The optional protocol name (can be empty): +.Dv tcp , +.Dv tcp6 , +.Dv udp , +.Dv udp6 . +.It address +The IPv4 or IPv6 numeric address to be blocked or released. +.It mask +The numeric mask to be applied to the blocked or released address +.It port +The optional numeric port to be blocked (can be empty). +.It id +For packet filters that support removal of rules by rule identifier, the +identifier of the rule to be removed. +The add command is expected to return the rule identifier string to stdout. +.El +.It Fl c Ar configuration +The name of the configuration file to read. +The default when +.Fl c +is not given is +.Pa /etc/blacklistd.conf . +.It Fl D Ar dbfile +The Berkeley DB file where +.Nm +stores its state. +It defaults to +.Pa /var/db/blocklistd.db . +.It Fl d +Normally, +.Nm +disassociates itself from the terminal unless the +.Fl d +flag is specified, in which case it stays in the foreground. +.It Fl f +Truncate the state database and flush all the rules named +.Ar rulename +are deleted by invoking the control script as: +.Bd -literal -offset indent +control flush +.Ed +.It Fl P Ar sockpathsfile +A file containing a list of pathnames, one per line that +.Nm +will create sockets to listen to. +This is useful for chrooted environments. +.It Fl R Ar rulename +Specify the default rule name for the packet filter rules, usually +.Dv blacklistd . +.It Fl r +Re-read the firewall rules from the internal database, then +remove and re-add them. +This helps for packet filters that do not retain state across reboots. +.It Fl s Ar sockpath +Add +.Ar sockpath +to the list of Unix sockets +.Nm +listens to. +.It Fl t Ar timeout +The interval in seconds +.Nm +polls the state file to update the rules. +.It Fl v +Cause +.Nm +to print +diagnostic messages to +.Dv stdout +instead of +.Xr syslogd 8 . +.El +.Sh SIGNAL HANDLING +.Nm +deals with the following signals: +.Bl -tag -width "USR2" +.It Dv HUP +Receipt of this signal causes +.Nm +to re-read the configuration file. +.It Dv INT , Dv TERM & Dv QUIT +These signals tell +.Nm +to exit in an orderly fashion. +.It Dv USR1 +This signal tells +.Nm +to increase the internal debugging level by 1. +.It Dv USR2 +This signal tells +.Nm +to decrease the internal debugging level by 1. +.El +.Sh FILES +.Bl -tag -width /usr/libexec/blacklistd-helper -compact +.It Pa /usr/libexec/blacklistd-helper +Shell script invoked to interface with the packet filter. +.It Pa /etc/blacklistd.conf +Configuration file. +.It Pa /var/db/blocklistd.db +Database of current connection entries. +.It Pa /var/run/blocklistd.sock +Socket to receive connection notifications. +.El +.Sh SEE ALSO +.Xr blacklistd.conf 5 , +.Xr blacklistctl 8 , +.Xr ipf 8 , +.Xr ipfw 8 , +.Xr pfctl 8 , +.Xr syslogd 8 +.Sh NOTES +The +.Nm +daemon has been renamed to +.Xr blocklistd 8 . +.Sh HISTORY +.Nm +first appeared in +.Nx 7 . +.Fx +support for +.Nm +was implemented in +.Fx 11 . +.Sh AUTHORS +.An Christos Zoulas diff --git a/contrib/blocklist/bin/blacklistd.conf.5 b/contrib/blocklist/bin/blacklistd.conf.5 new file mode 100644 index 000000000000..e775d30e7e8e --- /dev/null +++ b/contrib/blocklist/bin/blacklistd.conf.5 @@ -0,0 +1,242 @@ +.\" $NetBSD: blocklistd.conf.5,v 1.7 2025/02/11 17:47:05 christos Exp $ +.\" +.\" Copyright (c) 2015, 2025 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Christos Zoulas. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd February 5, 2025 +.Dt BLACKLISTD.CONF 5 +.Os +.Sh NAME +.Nm blacklistd.conf +.Nd configuration file format for blacklistd +.Sh DESCRIPTION +The +.Nm +file contains configuration entries for +.Xr blacklistd 8 +in a fashion similar to +.Xr inetd.conf 5 . +Only one entry per line is permitted. +Every entry must have all fields populated. +Each field can be separated by a tab or a space. +Comments are denoted by a +.Dq # +at the beginning of a line. +.Pp +There are two kinds of configuration lines, +.Va [local] +and +.Va [remote] . +By default, configuration lines are +.Va [local] , +i.e. the address specified refers to the addresses on the local machine. +To switch to between +.Va [local] +and +.Va [remote] +configuration lines you can specify the stanzas: +.Dq [local] +and +.Dq [remote] . +.Pp +On +.Va [local] +and +.Va [remote] +lines +.Dq * +means use the default, or wildcard match. +In addition, for +.Va [remote] +lines +.Dq = +means use the values from the matched +.Va [local] +configuration line. +.Pp +The first four fields, +.Va location , +.Va type , +.Va proto , +and +.Va owner +are used to match the +.Va [local] +or +.Va [remote] +addresses, whereas the last 3 fields +.Va name , +.Va nfail , +and +.Va disable +are used to modify the filtering action. +.Pp +The first field denotes the +.Va location +as an address, mask, and port. +The syntax for the +.Va location +is: +.Bd -literal -offset indent + [
|][/][:] +.Ed +.Pp +The +.Dv address +can be an IPv4 address in numeric format, an IPv6 address +in numeric format and enclosed by square brackets, or an interface name. +Mask modifiers are not allowed on interfaces because interfaces +can have multiple addresses in different protocols where the mask has a +different size. +.Pp +The +.Dv mask +is always numeric, but the +.Dv port +can be either numeric or symbolic. +.Pp +The second field is the socket +.Va type : +.Dv stream , +.Dv dgram , +or numeric. +The third field is the +.Va protocol : +.Dv tcp , +.Dv udp , +.Dv tcp6 , +.Dv udp6 , +or numeric. +The fourth field is the effective user +.Va ( owner ) +of the daemon process reporting the event, +either as a username or a userid. +.Pp +The rest of the fields control the behavior of the filter. +.Pp +The +.Va name +field, is the name of the packet filter rule to be used. +If the +.Va name +starts with a hyphen +.Pq Dq - , +then the default rulename is prepended to the given name. +If the +.Dv name +contains a +.Dq / , +the remaining portion of the name is interpreted as the mask to be +applied to the address specified in the rule, causing a single rule violation to +block the entire subnet for the configured prefix. +.Pp +The +.Va nfail +field contains the number of failed attempts before access is blocked, +defaulting to +.Dq * +meaning never, and the last field +.Va duration +specifies the amount of time since the last access that the blocking +rule should be active, defaulting to +.Dq * +meaning forever. +The default unit for +.Va duration +is seconds, but one can specify suffixes for different units, such as +.Dq m +for minutes +.Dq h +for hours and +.Dq d +for days. +.Pp +Matching is done first by checking the +.Va [local] +rules individually, in the order of the most specific to the least specific. +If a match is found, then the matching +.Va [remote] +rules are applied. +The +.Va name , +.Va nfail , +and +.Va duration +fields can be altered by the +.Va [remote] +rule that matched. +.Pp +The +.Va [remote] +rules can be used for allowing specific addresses, changing the mask +size (via +.Va name ) , +the rule that the packet filter uses (also via +.Va name ) , +the number of failed attempts (via +.Va nfail ) , +or the duration to block (via +.Va duration ) . +.Sh FILES +.Bl -tag -width /etc/blacklistd.conf -compact +.It Pa /etc/blacklistd.conf +Configuration file. +.El +.Sh EXAMPLES +.Bd -literal -offset 8n +# Block ssh, after 3 attempts for 6 hours on the bnx0 interface +[local] +# location type proto owner name nfail duration +bnx0:ssh * * * * 3 6h +[remote] +# Never block 1.2.3.4 +1.2.3.4:ssh * * * * * * +# Never block the example IPv6 subnet either +[2001:db8::]/32:ssh * * * * * * +# For addresses coming from 8.8.0.0/16 block whole /24 networks instead +# individual hosts, but keep the rest of the blocking parameters the same. +8.8.0.0/16:ssh * * * /24 = = +.Ed +.Sh SEE ALSO +.Xr blacklistctl 8 , +.Xr blacklistd 8 +.Sh NOTES +The +.Nm +file has been renamed to +.Xr blocklistd.conf 8 . +.Sh HISTORY +.Nm +first appeared in +.Nx 7 . +.Fx +support for +.Nm +was implemented in +.Fx 11 . +.Sh AUTHORS +.An Christos Zoulas diff --git a/contrib/blocklist/lib/libblacklist.3 b/contrib/blocklist/lib/libblacklist.3 new file mode 100644 index 000000000000..5bc093c38f79 --- /dev/null +++ b/contrib/blocklist/lib/libblacklist.3 @@ -0,0 +1,188 @@ +.\" $NetBSD: libblocklist.3,v 1.7 2025/02/05 20:14:30 christos Exp $ +.\" +.\" Copyright (c) 2015 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Christos Zoulas. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd February 5, 2025 +.Dt LIBBLACKLIST 3 +.Os +.Sh NAME +.Nm blacklist_open , +.Nm blacklist_open2 , +.Nm blacklist_close , +.Nm blacklist_r , +.Nm blacklist , +.Nm blacklist_sa , +.Nm blacklist_sa_r +.Nd Blacklistd notification library +.Sh LIBRARY +.Lb libblacklist +.Sh SYNOPSIS +.In blacklist.h +.Ft struct blacklist * +.Fn blacklist_open "void" +.Ft struct blacklist * +.Fn blacklist_open2 "void (*logger)(int, struct syslog_data *, va_list)" +.Ft void +.Fn blacklist_close "struct blacklist *cookie" +.Ft int +.Fn blacklist "int action" "int fd" "const char *msg" +.Ft int +.Fn blacklist_r "struct blacklist *cookie" "int action" "int fd" "const char *msg" +.Ft int +.Fn blacklist_sa "int action" "int fd" "const struct sockaddr *sa" "socklen_t salen" "const char *msg" +.Ft int +.Fn blacklist_sa_r "struct blacklist *cookie" "int action" "int fd" "const struct sockaddr *sa" "socklen_t salen" "const char *msg" +.Sh DESCRIPTION +These functions can be used by daemons to notify +.Xr blacklistd 8 +about successful and failed remote connections so that blacklistd can +block or release port access to prevent Denial of Service attacks. +.Pp +The function +.Fn blacklist_open +creates the necessary state to communicate with +.Xr blacklistd 8 +and returns a pointer to it, or +.Dv NULL +on failure. +.Pp +The function +.Fn blacklist_open2 +is similar to +.Fn blacklist_open +but allows a +.Fa logger +to be specified. +If the +.Fa logger +is +.Dv NULL , +then no logging is performed. +.Pp +The +.Fn blacklist_close +function frees all memory and resources used. +.Pp +The +.Fn blacklist +function sends a message to +.Xr blacklistd 8 , +with an integer +.Ar action +argument specifying the type of notification, +a file descriptor +.Ar fd +specifying the accepted file descriptor connected to the client, +and an optional message in the +.Ar msg +argument. +.Pp +The +.Ar action +parameter can take these values: +.Bl -tag -width ".Dv BLACKLIST_ABUSIVE_BEHAVIOR" +.It Dv BLACKLIST_AUTH_FAIL +There was an unsuccessful authentication attempt. +.It Dv BLACKLIST_AUTH_OK +A user successfully authenticated. +.It Dv BLACKLIST_ABUSIVE_BEHAVIOR +The sending daemon has detected abusive behavior +from the remote system. +The remote address should +be blocked as soon as possible. +.It Dv BLACKLIST_BAD_USER +The sending daemon has determined the username +presented for authentication is invalid. +The +.Xr blacklistd 8 +daemon compares the username to a configured list of forbidden +usernames and +blocks the address immediately if a forbidden username matches. +(The +.Dv BLACKLIST_BAD_USER +support is not currently available.) +.El +.Pp +The +.Fn blacklist_r +function is more efficient because it keeps the blacklist state around. +.Pp +The +.Fn blacklist_sa +and +.Fn blacklist_sa_r +functions can be used with unconnected sockets, where +.Xr getpeername 2 +will not work, the server will pass the peer name in the message. +.Pp +In all cases the file descriptor passed in the +.Fa fd +argument must be pointing to a valid socket so that +.Xr blacklistd 8 +can establish ownership of the local endpoint +using +.Xr getsockname 2 . +.Pp +By default, +.Xr syslogd 8 +is used for message logging. +The internal +.Fn bl_create +function can be used to create the required internal +state and specify a custom logging function. +.Sh RETURN VALUES +The function +.Fn blacklist_open +returns a cookie on success and +.Dv NULL +on failure setting +.Dv errno +to an appropriate value. +.Pp +The functions +.Fn blacklist , +.Fn blacklist_sa , +and +.Fn blacklist_sa_r +return +.Dv 0 +on success and +.Dv \-1 +on failure setting +.Dv errno +to an appropriate value. +.Sh NOTES +The +.Lb libblacklist +has been renamed to +.Xr libblocklist 3 . +.Sh SEE ALSO +.Xr blacklistd.conf 5 , +.Xr blacklistd 8 +.Sh AUTHORS +.An Christos Zoulas diff --git a/lib/libblacklist/Makefile b/lib/libblacklist/Makefile index 07c770883eab..cac023d69bb7 100644 --- a/lib/libblacklist/Makefile +++ b/lib/libblacklist/Makefile @@ -18,14 +18,13 @@ CFLAGS+=-I${BLOCKLIST_DIR}/include -I${BLOCKLIST_DIR}/port \ SRCS= old_bl.c blacklist.c vsyslog_r.c INCS= blacklist.h -MAN= libblocklist.3 - -MLINKS+=libblocklist.3 libblacklist.3 \ - libblocklist.3 blacklist_open.3 \ - libblocklist.3 blacklist_close.3 \ - libblocklist.3 blacklist.3 \ - libblocklist.3 blacklist_r.3 \ - libblocklist.3 blacklist_sa.3 \ - libblocklist.3 blacklist_sa_r.3 +MAN= libblacklist.3 + +MLINKS= libblacklist.3 blacklist_open.3 \ + libblacklist.3 blacklist_close.3 \ + libblacklist.3 blacklist.3 \ + libblacklist.3 blacklist_r.3 \ + libblacklist.3 blacklist_sa.3 \ + libblacklist.3 blacklist_sa_r.3 .include diff --git a/usr.sbin/blacklistctl/Makefile b/usr.sbin/blacklistctl/Makefile index 8a01f52926a7..41c5f44b072b 100644 --- a/usr.sbin/blacklistctl/Makefile +++ b/usr.sbin/blacklistctl/Makefile @@ -6,8 +6,7 @@ PACKAGE= blocklist PROG= blacklistctl SRCS= blacklistctl.c conf.c state.c support.c old_internal.c \ sockaddr_snprintf.c pidfile.c strtoi.c popenve.c -MAN= blocklistctl.8 -MLINKS= blocklistctl.8 blacklistctl.8 +MAN= blacklistctl.8 LDFLAGS+=-L${LIBBLACKLISTDIR} LIBADD+= blocklist util diff --git a/usr.sbin/blacklistd/Makefile b/usr.sbin/blacklistd/Makefile index b4ba4ca2f9ad..490b12d46968 100644 --- a/usr.sbin/blacklistd/Makefile +++ b/usr.sbin/blacklistd/Makefile @@ -7,9 +7,7 @@ CONFS= blacklistd.conf PROG= blacklistd SRCS= blacklistd.c conf.c run.c state.c support.c old_internal.c \ sockaddr_snprintf.c pidfile.c strtoi.c popenve.c vsyslog_r.c -MAN= blocklistd.8 blocklistd.conf.5 *** 6 LINES SKIPPED *** From nobody Tue Oct 14 04:37:01 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cm1dn6P0rz6Bh5c; Tue, 14 Oct 2025 04:37:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cm1dn5Szgz3Q48; Tue, 14 Oct 2025 04:37:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760416621; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yZxOHH4WQR1iGARKexi9NcyWwfnH0UVilW6S+XO09+Q=; b=rGm5d4V7HLUG1ZXF7Wi+OzWe6YLSGs/wrecT8PVw3KDp3b8s9V96aU7IwjUElVIIJpEVk+ 7ET8Bkpm/6ZMT/r4dJEs5DIyXNJJERp3dgj9jKvkcTgmaZogtjVZawQt4cugC8kjbwHmaB knCNCCR/l0KTVOVQ8LbyceWv3dsL8OAM2XpaI39HAgNDjZd5A2y6du2aJK9OCTsFTT7i8/ JE2hO2KRiuDhsq8CRYa7RNeMW4/98yi5JUY8G6Et0CgJ/kpXj2y0XYRkwCl3i/C+ruUCyg iHa5EzRJkoOsvelTEh2yR0qKWU+fA9G9l9sdP/6BzGL48s5WZBmKwBOQCOjVkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760416621; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yZxOHH4WQR1iGARKexi9NcyWwfnH0UVilW6S+XO09+Q=; b=NsZc64ZRY2bUXsMQPFpBTLAeQci7nfq88tog8dY88oPvfUvESpI6qwqFTLKjEcnvTWqq6+ /fjOBpD8Y+U6zYITgMVRrf8jqw8htHToYgwLMu+gvx6MXngYo5ra7YgdD0I/Vw2lrxzNFj 80Q9ZDMEJN6OxInmKp0B5WDBA4Yoqmnpjt/2OAI3ISYqU5oeX0UgyYas2GacoVahUtA323 BZnjNNjUH6Z7nPaYkNB4Yk+bBlxn8R9XpcqxTS2U5rzAo7SIkULYQHRwgbccoT70/fxHyZ 53xdvdbzoNmeosiD4ueiWzPkJeqYWK7KwKJ6c1AdAnyhur3wNonJhTzU7OnEQw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760416621; a=rsa-sha256; cv=none; b=BIeN19Em6pjqStfAjXNotW/cQ7zWUpcx4LTy+0TkvgRTyNBnpicqSN8zE/N/SXFDvvkCqd bfjC1ZeTdFJ9DcszQEX/+9tr+CjWtOvbDf/H9eXoDjk0BEvcoRqfShqpZEZY5w2YfRRYKh KkMYl0bvzAuUDUohWvkK8eCH4ZZHrV7Gsd6AL9PA1rt3cFAlvAxxmrhYsPlLb/ELs9t+cb GGcbS3hMA5OwVArD1xuU6as3qhDkE3+TOgydAeTjpjBe7aS/CczwA8uWiGjGzy0hw4aB5s npzJMYhKZFBmi52B+mSfFI/LqjP0ibB7Oo7Z/62NITR84S0M9TZ8Z96cZUxF2A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cm1dn3gvrzdZN; Tue, 14 Oct 2025 04:37:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59E4b1l1038239; Tue, 14 Oct 2025 04:37:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59E4b1pQ038236; Tue, 14 Oct 2025 04:37:01 GMT (envelope-from git) Date: Tue, 14 Oct 2025 04:37:01 GMT Message-Id: <202510140437.59E4b1pQ038236@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: bf591ddc87aa - releng/15.0 - blocklist: Add an UPDATING entry List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: bf591ddc87aa0fdc0fff279fbef3d3570ea56666 Auto-Submitted: auto-generated The branch releng/15.0 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=bf591ddc87aa0fdc0fff279fbef3d3570ea56666 commit bf591ddc87aa0fdc0fff279fbef3d3570ea56666 Author: Jose Luis Duran AuthorDate: 2025-10-13 14:35:12 +0000 Commit: Colin Percival CommitDate: 2025-10-14 04:36:45 +0000 blocklist: Add an UPDATING entry Add an UPDATING entry about the renaming of blocklist. Approved by: re (cperciva) Approved by: emaste (mentor) Fixes: 7238317403b9 ("blocklist: Rename blacklist to blocklist") MFC after: 1 day (cherry picked from commit ffa8165009365ff93050626d880f2d1d6aacc31a) (cherry picked from commit f22ca25404e795aa08efc35d8cdbb5b44304650f) --- UPDATING | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/UPDATING b/UPDATING index 6e893f07df61..4b14159ceb4a 100644 --- a/UPDATING +++ b/UPDATING @@ -17,6 +17,12 @@ and/or ports. can install the ftp/freebsd-ftpd port. pkgbase users should remove the orphaned FreeBSD-ftpd package. +20251012: + Blacklist has been renamed upstream to Blocklist. If you have it + configured, rename all configuration files, firewall anchors or + sentinel files to reflect the new nomenclature. Old setups will + continue to work emitting a warning. + 20251002: Audio-related utilities including mixer(8) and virtual_oss(8) have moved to the new FreeBSD-sound package. If you have set-optional or