Date: Sun, 12 Oct 2025 17:18:38 GMT From: Jose Luis Duran <jlduran@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 48e64ca13d4f - main - MFV: Import blocklist 2025-04-28 (8aa81bf) Message-ID: <202510121718.59CHIcfT030739@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=48e64ca13d4f36795ac718911b805e3e9a726f1b commit 48e64ca13d4f36795ac718911b805e3e9a726f1b Merge: 039eba16f969 70f30afd4e9a Author: Jose Luis Duran <jlduran@FreeBSD.org> AuthorDate: 2025-10-12 17:01:03 +0000 Commit: Jose Luis Duran <jlduran@FreeBSD.org> CommitDate: 2025-10-12 17:01:03 +0000 MFV: Import blocklist 2025-04-28 (8aa81bf) Merge commit '70f30afd4e9af5a51ee324d97e4d8c5f2124ec15' Breaking changes: - Upstream commit 24932b6 ("blocklistd: log the conf file line number with bad protocol errors") breaks backward database compatibility. An error will be displayed: Key size mismatch 296 != 288 A new and compatible database, with the new name, will be created when the service starts (committed separately). - Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a "one-count" failure") introduced BLOCKLIST_BAD_USER with a one-count failure mechanism. BLOCKLIST_AUTH_FAIL was implemented with a two-count failure mechanism. Since we utilize BLOCKLIST_AUTH_FAIL, the number of failed attempts now doubles towards the maximum limit (nfails). This commit will be reverted separately. Changes: https://github.com/zoulasc/blocklist/compare/7093cd9...8aa81bf Approved by: emaste (mentor) MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D52869 contrib/blocklist/Makefile | 2 +- contrib/blocklist/Makefile.inc | 7 +- contrib/blocklist/README | 52 ++-- contrib/blocklist/TODO | 49 +++- contrib/blocklist/bin/Makefile | 12 +- .../bin/{blacklistctl.8 => blocklistctl.8} | 69 +++++- .../bin/{blacklistctl.c => blocklistctl.c} | 9 +- .../blocklist/bin/{blacklistd.8 => blocklistd.8} | 75 +++--- .../blocklist/bin/{blacklistd.c => blocklistd.c} | 48 ++-- .../bin/{blacklistd.conf.5 => blocklistd.conf.5} | 82 ++++--- contrib/blocklist/bin/conf.c | 200 ++++++++++++--- contrib/blocklist/bin/conf.h | 3 +- contrib/blocklist/bin/internal.c | 8 +- contrib/blocklist/bin/internal.h | 8 +- contrib/blocklist/bin/run.c | 9 +- contrib/blocklist/bin/run.h | 2 +- contrib/blocklist/bin/state.c | 6 +- contrib/blocklist/bin/state.h | 2 +- contrib/blocklist/bin/support.c | 11 +- contrib/blocklist/bin/support.h | 7 +- contrib/blocklist/diff/ftpd.diff | 12 +- contrib/blocklist/diff/named.diff | 12 +- contrib/blocklist/diff/postfix.diff | 98 ++++++++ contrib/blocklist/diff/proftpd.diff | 20 +- contrib/blocklist/diff/ssh.diff | 14 +- contrib/blocklist/etc/Makefile | 10 +- .../etc/{blacklistd.conf => blocklistd.conf} | 7 +- contrib/blocklist/etc/ipf.conf | 45 ++++ contrib/blocklist/etc/npf.conf | 4 +- contrib/blocklist/etc/rc.d/Makefile | 4 +- .../blocklist/etc/rc.d/{blacklistd => blocklistd} | 20 +- contrib/blocklist/include/Makefile | 4 +- contrib/blocklist/include/bl.h | 11 +- .../blocklist/include/{blacklist.h => blocklist.h} | 44 ++-- contrib/blocklist/lib/Makefile | 20 +- contrib/blocklist/lib/bl.c | 112 +++++---- contrib/blocklist/lib/{blacklist.c => blocklist.c} | 49 ++-- .../lib/{libblacklist.3 => libblocklist.3} | 124 +++++----- contrib/blocklist/lib/shlib_version | 2 +- contrib/blocklist/libexec/Makefile | 4 +- contrib/blocklist/libexec/blacklistd-helper | 134 ---------- contrib/blocklist/libexec/blocklistd-helper | 272 +++++++++++++++++++++ contrib/blocklist/port/Makefile.am | 42 ++-- contrib/blocklist/port/_strtoi.h | 2 +- contrib/blocklist/port/configure.ac | 12 +- contrib/blocklist/port/fgetln.c | 2 +- contrib/blocklist/port/fparseln.c | 6 +- contrib/blocklist/port/pidfile.c | 6 +- contrib/blocklist/port/popenve.c | 6 +- contrib/blocklist/port/port.h | 32 ++- contrib/blocklist/port/sockaddr_snprintf.c | 6 +- contrib/blocklist/port/strlcat.c | 7 +- contrib/blocklist/port/strlcpy.c | 7 +- contrib/blocklist/port/strtoi.c | 6 +- contrib/blocklist/port/vsyslog_r.c | 13 + contrib/blocklist/test/Makefile | 2 +- contrib/blocklist/test/cltest.c | 6 +- contrib/blocklist/test/srvtest.c | 42 +++- 58 files changed, 1293 insertions(+), 587 deletions(-) diff --cc contrib/blocklist/Makefile index da4411d0ca75,000000000000..899746d01431 mode 100644,000000..100644 --- a/contrib/blocklist/Makefile +++ b/contrib/blocklist/Makefile @@@ -1,5 -1,0 +1,5 @@@ - # $NetBSD: Makefile,v 1.2 2015/01/22 17:49:41 christos Exp $ ++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:52 christos Exp $ + +SUBDIR = lib .WAIT include bin etc libexec + +.include <bsd.subdir.mk> diff --cc contrib/blocklist/bin/Makefile index 280c72fd3af1,000000000000..1856e2524f3c mode 100644,000000..100644 --- a/contrib/blocklist/bin/Makefile +++ b/contrib/blocklist/bin/Makefile @@@ -1,15 -1,0 +1,15 @@@ - # $NetBSD: Makefile,v 1.11 2015/01/27 19:40:36 christos Exp $ ++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:52 christos Exp $ + +BINDIR=/sbin + - PROGS=blacklistd blacklistctl - MAN.blacklistd=blacklistd.8 blacklistd.conf.5 - MAN.blacklistctl=blacklistctl.8 - SRCS.blacklistd = blacklistd.c conf.c run.c state.c support.c internal.c - SRCS.blacklistctl = blacklistctl.c conf.c state.c support.c internal.c ++PROGS=blocklistd blocklistctl ++MAN.blocklistd=blocklistd.8 blocklistd.conf.5 ++MAN.blocklistctl=blocklistctl.8 ++SRCS.blocklistd = blocklistd.c conf.c run.c state.c support.c internal.c ++SRCS.blocklistctl = blocklistctl.c conf.c state.c support.c internal.c +DBG=-g + +LDADD+=-lutil +DPADD+=${LIBUTIL} + +.include <bsd.prog.mk> diff --cc contrib/blocklist/bin/blocklistd.8 index 82e1f15f61c9,38bf22175361..e0b9fb482cbd --- a/contrib/blocklist/bin/blocklistd.8 +++ b/contrib/blocklist/bin/blocklistd.8 @@@ -152,8 -165,8 +165,8 @@@ The following options are available .It Fl C Ar controlprog Use .Ar controlprog - to communicate with the packet filter, usually - .Pa /usr/libexec/blacklistd-helper . + to communicate with the packet filter, instead of the default, which is -.Pa /libexec/blocklistd-helper . ++.Pa /usr/libexec/blocklistd-helper . The following arguments are passed to the control program: .Bl -tag -width protocol .It action @@@ -256,20 -273,20 +273,22 @@@ This signal tell to decrease the internal debugging level by 1. .El .Sh FILES - .Bl -tag -width /usr/libexec/blacklistd-helper -compact - .It Pa /usr/libexec/blacklistd-helper -.Bl -tag -width /libexec/blocklistd-helper -compact -.It Pa /libexec/blocklistd-helper ++.Bl -tag -width /usr/libexec/blocklistd-helper -compact ++.It Pa /usr/libexec/blocklistd-helper Shell script invoked to interface with the packet filter. - .It Pa /etc/blacklistd.conf + .It Pa /etc/blocklistd.conf Configuration file. - .It Pa /var/db/blacklistd.db + .It Pa /var/db/blocklistd.db Database of current connection entries. - .It Pa /var/run/blacklistd.sock + .It Pa /var/run/blocklistd.sock Socket to receive connection notifications. .El .Sh SEE ALSO - .Xr blacklistd.conf 5 , - .Xr blacklistctl 8 , + .Xr blocklistd.conf 5 , + .Xr blocklistctl 8 , -.Xr npfctl 8 , ++.Xr ipf 8 , ++.Xr ipfw 8 , +.Xr pfctl 8 , .Xr syslogd 8 .Sh HISTORY .Nm diff --cc contrib/blocklist/bin/internal.h index 5a40e49fbbd5,b88e1330221a..553320e7afd5 --- a/contrib/blocklist/bin/internal.h +++ b/contrib/blocklist/bin/internal.h @@@ -32,13 -32,13 +32,13 @@@ #define _INTERNAL_H #ifndef _PATH_BLCONF - #define _PATH_BLCONF "/etc/blacklistd.conf" + #define _PATH_BLCONF "/etc/blocklistd.conf" #endif #ifndef _PATH_BLCONTROL - #define _PATH_BLCONTROL "/libexec/blacklistd-helper" -#define _PATH_BLCONTROL "/libexec/blocklistd-helper" ++#define _PATH_BLCONTROL "/usr/libexec/blocklistd-helper" #endif #ifndef _PATH_BLSTATE - #define _PATH_BLSTATE "/var/db/blacklistd.db" + #define _PATH_BLSTATE "/var/db/blocklistd.db" #endif extern struct confset rconf, lconf; diff --cc contrib/blocklist/diff/postfix.diff index 000000000000,6f14389515cf..6f14389515cf mode 000000,100644..100644 --- a/contrib/blocklist/diff/postfix.diff +++ b/contrib/blocklist/diff/postfix.diff diff --cc contrib/blocklist/etc/Makefile index 669528ddca89,000000000000..f4f2dc79f857 mode 100644,000000..100644 --- a/contrib/blocklist/etc/Makefile +++ b/contrib/blocklist/etc/Makefile @@@ -1,10 -1,0 +1,10 @@@ - # $NetBSD: Makefile,v 1.3 2015/01/26 00:18:40 christos Exp $ ++# $NetBSD: Makefile,v 1.2 2025/02/05 20:24:26 christos Exp $ + - SUBDIR=rc.d ++SUBDIR= rc.d + - FILESDIR= /usr/share/examples/blacklist - FILESMODE= 644 - FILES= blacklistd.conf npf.conf ++FILESDIR= /usr/share/examples/blocklist ++FILESMODE= 644 ++FILES= blocklistd.conf ipf.conf npf.conf + +.include <bsd.files.mk> +.include <bsd.subdir.mk> diff --cc contrib/blocklist/etc/ipf.conf index 000000000000,f6bec74238d6..f6bec74238d6 mode 000000,100644..100644 --- a/contrib/blocklist/etc/ipf.conf +++ b/contrib/blocklist/etc/ipf.conf diff --cc contrib/blocklist/include/Makefile index 6854907be25e,000000000000..b7ce1eca278c mode 100644,000000..100644 --- a/contrib/blocklist/include/Makefile +++ b/contrib/blocklist/include/Makefile @@@ -1,10 -1,0 +1,10 @@@ - # $NetBSD: Makefile,v 1.1 2015/01/21 16:16:00 christos Exp $ ++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $ + +# Doing a make includes builds /usr/include + +NOOBJ= # defined + - INCS= blacklist.h ++INCS= blocklist.h +INCSDIR= /usr/include + +.include <bsd.prog.mk> diff --cc contrib/blocklist/lib/Makefile index 4f1ab7717a99,000000000000..147f311c4782 mode 100644,000000..100644 --- a/contrib/blocklist/lib/Makefile +++ b/contrib/blocklist/lib/Makefile @@@ -1,19 -1,0 +1,19 @@@ - # $NetBSD: Makefile,v 1.7 2019/03/08 20:40:05 christos Exp $ ++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $ + +.include <bsd.own.mk> + +USE_SHLIBDIR= yes + +CPPFLAGS+=-D_REENTRANT +#LIBDPLIBS+=pthread ${NETBSDSRCDIR}/lib/libpthread - LIB=blacklist - SRCS=bl.c blacklist.c - MAN=libblacklist.3 - MLINKS+=libblacklist.3 blacklist_open.3 - MLINKS+=libblacklist.3 blacklist_close.3 - MLINKS+=libblacklist.3 blacklist.3 - MLINKS+=libblacklist.3 blacklist_r.3 - MLINKS+=libblacklist.3 blacklist_sa.3 - MLINKS+=libblacklist.3 blacklist_sa_r.3 ++LIB=blocklist ++SRCS=bl.c blocklist.c ++MAN=libblocklist.3 ++MLINKS+=libblocklist.3 blocklist_open.3 ++MLINKS+=libblocklist.3 blocklist_close.3 ++MLINKS+=libblocklist.3 blocklist.3 ++MLINKS+=libblocklist.3 blocklist_r.3 ++MLINKS+=libblocklist.3 blocklist_sa.3 ++MLINKS+=libblocklist.3 blocklist_sa_r.3 + +.include <bsd.lib.mk> diff --cc contrib/blocklist/libexec/Makefile index 6537080bf465,000000000000..619d962c23b2 mode 100644,000000..100644 --- a/contrib/blocklist/libexec/Makefile +++ b/contrib/blocklist/libexec/Makefile @@@ -1,6 -1,0 +1,6 @@@ - # $NetBSD: Makefile,v 1.1 2015/01/22 17:49:41 christos Exp $ ++# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $ + - SCRIPTS= blacklistd-helper ++SCRIPTS= blocklistd-helper +SCRIPTSDIR= /libexec + +.include <bsd.prog.mk> diff --cc contrib/blocklist/libexec/blocklistd-helper index 000000000000,f27cde4ed4ea..f27cde4ed4ea mode 000000,100755..100755 --- a/contrib/blocklist/libexec/blocklistd-helper +++ b/contrib/blocklist/libexec/blocklistd-helper diff --cc contrib/blocklist/port/vsyslog_r.c index 000000000000,848f31b04453..848f31b04453 mode 000000,100644..100644 --- a/contrib/blocklist/port/vsyslog_r.c +++ b/contrib/blocklist/port/vsyslog_r.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202510121718.59CHIcfT030739>