diff options
| -rw-r--r-- | bin/blocklistctl.8 | 5 | ||||
| -rw-r--r-- | bin/blocklistctl.c | 8 | ||||
| -rw-r--r-- | bin/blocklistd.c | 18 |
3 files changed, 14 insertions, 17 deletions
diff --git a/bin/blocklistctl.8 b/bin/blocklistctl.8 index a98c16374f19..7943c54159c1 100644 --- a/bin/blocklistctl.8 +++ b/bin/blocklistctl.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: blocklistctl.8,v 1.4 2025/02/07 01:35:38 kre Exp $ +.\" $NetBSD: blocklistctl.8,v 1.5 2025/10/25 16:56:27 christos Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -45,7 +45,6 @@ is a program used to display and change the state of the database. The following sub-commands are supported: .Ss dump -.Pp The following options are available for the .Cm dump sub-command: @@ -90,7 +89,7 @@ associated with the database entry. column will show the identifier for the packet filter rule associated with the database entry, though this may only be the word .Ql OK -for packet filters which do not creat a unique identifier for each rule. +for packet filters which do not create a unique identifier for each rule. .It Ql nfail The number of .Em failures diff --git a/bin/blocklistctl.c b/bin/blocklistctl.c index 8c75e0430c61..b43d8b8aaab3 100644 --- a/bin/blocklistctl.c +++ b/bin/blocklistctl.c @@ -1,4 +1,4 @@ -/* $NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $ */ +/* $NetBSD: blocklistctl.c,v 1.5 2025/10/25 16:56:10 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef HAVE_SYS_CDEFS_H #include <sys/cdefs.h> #endif -__RCSID("$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $"); +__RCSID("$NetBSD: blocklistctl.c,v 1.5 2025/10/25 16:56:10 christos Exp $"); #include <stdio.h> #include <time.h> @@ -135,7 +135,7 @@ main(int argc, char *argv[]) clock_gettime(CLOCK_REALTIME, &ts); wide = wide ? 8 * 4 + 7 : 4 * 3 + 3; if (!noheader) - printf("%*.*s/ma:port\tid\tnfail\t%s\n", wide, wide, + printf("rulename\t%*.*s/ma:port\tid\tnfail\t%s\n", wide, wide, "address", remain ? "remaining time" : "last access"); for (i = 1; state_iterate(db, &c, &dbi, i) != 0; i = 0) { char buf[BUFSIZ]; @@ -150,7 +150,7 @@ main(int argc, char *argv[]) } } sockaddr_snprintf(buf, sizeof(buf), "%a", (void *)&c.c_ss); - printf("%*.*s/%s:%s\t", wide, wide, buf, + printf("%s\t%*.*s/%s:%s\t", c.c_name, wide, wide, buf, star(mbuf, sizeof(mbuf), c.c_lmask), star(pbuf, sizeof(pbuf), c.c_port)); if (c.c_duration == -1) { diff --git a/bin/blocklistd.c b/bin/blocklistd.c index 4846b507c8d1..20bd29c7683c 100644 --- a/bin/blocklistd.c +++ b/bin/blocklistd.c @@ -1,4 +1,4 @@ -/* $NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $ */ +/* $NetBSD: blocklistd.c,v 1.11 2025/10/25 16:55:23 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef HAVE_SYS_CDEFS_H #include <sys/cdefs.h> #endif -__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $"); +__RCSID("$NetBSD: blocklistd.c,v 1.11 2025/10/25 16:55:23 christos Exp $"); #include <sys/types.h> #include <sys/socket.h> @@ -191,12 +191,12 @@ process(bl_t bl) } if (getremoteaddress(bi, &rss, &rsl) == -1) - goto out; + return; if (debug || bi->bi_msg[0]) { sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss); (*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG, - "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu", + "processing type=%d fd=%d remote=%s msg=\"%s\" uid=%lu gid=%lu", bi->bi_type, bi->bi_fd, rbuf, bi->bi_msg, (unsigned long)bi->bi_uid, (unsigned long)bi->bi_gid); @@ -204,12 +204,12 @@ process(bl_t bl) if (conf_find(bi->bi_fd, bi->bi_uid, &rss, &c) == NULL) { (*lfun)(LOG_DEBUG, "no rule matched"); - goto out; + return; } if (state_get(state, &c, &dbi) == -1) - goto out; + return; if (debug) { char b1[128], b2[128]; @@ -225,7 +225,7 @@ process(bl_t bl) * If the application has signaled abusive behavior, set the * number of fails to be two less than the configured limit. * Fall through to the normal BL_ADD and BL_BADUSER processing, - * which will increment the failure count to the threshhold, and + * which will increment the failure count to the threshold, and * block the abusive address. */ if (c.c_nfail != -1) @@ -269,8 +269,6 @@ process(bl_t bl) state_put(state, &c, &dbi); out: - close(bi->bi_fd); - if (debug) { char b1[128], b2[128]; (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d " @@ -565,7 +563,7 @@ main(int argc, char *argv[]) conf_parse(configfile); } ret = poll(pfd, (nfds_t)nfd, tout); - if (debug) + if (debug && ret != 0) (*lfun)(LOG_DEBUG, "received %d from poll()", ret); switch (ret) { case -1: |