diff options
| -rw-r--r-- | contrib/blocklist/bin/blacklistctl.8 | 3 | ||||
| -rw-r--r-- | contrib/blocklist/bin/blacklistd.c | 18 | ||||
| -rw-r--r-- | contrib/blocklist/bin/blocklistctl.8 | 6 |
3 files changed, 14 insertions, 13 deletions
diff --git a/contrib/blocklist/bin/blacklistctl.8 b/contrib/blocklist/bin/blacklistctl.8 index 4d557c0c979d..08f1d1b9e5af 100644 --- a/contrib/blocklist/bin/blacklistctl.8 +++ b/contrib/blocklist/bin/blacklistctl.8 @@ -45,7 +45,6 @@ is a program used to display and change the state of the database. The following sub-commands are supported: .Ss dump -.Pp The following options are available for the .Cm dump sub-command: @@ -90,7 +89,7 @@ associated with the database entry. column will show the identifier for the packet filter rule associated with the database entry, though this may only be the word .Ql OK -for packet filters which do not creat a unique identifier for each rule. +for packet filters which do not create a unique identifier for each rule. .It Ql nfail The number of .Em failures diff --git a/contrib/blocklist/bin/blacklistd.c b/contrib/blocklist/bin/blacklistd.c index ded3075ed707..b5f9358122ef 100644 --- a/contrib/blocklist/bin/blacklistd.c +++ b/contrib/blocklist/bin/blacklistd.c @@ -1,4 +1,4 @@ -/* $NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $ */ +/* $NetBSD: blocklistd.c,v 1.11 2025/10/25 16:55:23 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef HAVE_SYS_CDEFS_H #include <sys/cdefs.h> #endif -__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $"); +__RCSID("$NetBSD: blocklistd.c,v 1.11 2025/10/25 16:55:23 christos Exp $"); #include <sys/types.h> #include <sys/socket.h> @@ -191,12 +191,12 @@ process(bl_t bl) } if (getremoteaddress(bi, &rss, &rsl) == -1) - goto out; + return; if (debug || bi->bi_msg[0]) { sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss); (*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG, - "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu", + "processing type=%d fd=%d remote=%s msg=\"%s\" uid=%lu gid=%lu", bi->bi_type, bi->bi_fd, rbuf, bi->bi_msg, (unsigned long)bi->bi_uid, (unsigned long)bi->bi_gid); @@ -204,12 +204,12 @@ process(bl_t bl) if (conf_find(bi->bi_fd, bi->bi_uid, &rss, &c) == NULL) { (*lfun)(LOG_DEBUG, "no rule matched"); - goto out; + return; } if (state_get(state, &c, &dbi) == -1) - goto out; + return; if (debug) { char b1[128], b2[128]; @@ -226,7 +226,7 @@ process(bl_t bl) * set the number of fails to be one less than the * configured limit. Fallthrough to the normal BL_ADD * processing, which will increment the failure count - * to the threshhold, and block the abusive address. + * to the threshold, and block the abusive address. */ if (c.c_nfail != -1) dbi.count = c.c_nfail - 1; @@ -269,8 +269,6 @@ process(bl_t bl) state_put(state, &c, &dbi); out: - close(bi->bi_fd); - if (debug) { char b1[128], b2[128]; (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d " @@ -565,7 +563,7 @@ main(int argc, char *argv[]) conf_parse(configfile); } ret = poll(pfd, (nfds_t)nfd, tout); - if (debug) + if (debug && ret != 0) (*lfun)(LOG_DEBUG, "received %d from poll()", ret); switch (ret) { case -1: diff --git a/contrib/blocklist/bin/blocklistctl.8 b/contrib/blocklist/bin/blocklistctl.8 index 7943c54159c1..75228599a9de 100644 --- a/contrib/blocklist/bin/blocklistctl.8 +++ b/contrib/blocklist/bin/blocklistctl.8 @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd January 27, 2025 +.Dd October 25, 2025 .Dt BLOCKLISTCTL 8 .Os .Sh NAME @@ -82,6 +82,10 @@ sub-command consists of a header (unless was given) and one line for each record in the database, where each line has the following columns: .Bl -tag -width indent +.It Ql rulename +The packet filter rule name associated with the database entry, +usually +.Dv blocklistd . .It Ql address/ma:port The remote address, mask, and local port number of the client connection associated with the database entry. |