diff options
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/blocklist/bin/blacklistctl.8 | 3 | ||||
| -rw-r--r-- | contrib/blocklist/bin/blacklistd.c | 22 | ||||
| -rw-r--r-- | contrib/blocklist/bin/blocklistctl.8 | 11 | ||||
| -rw-r--r-- | contrib/blocklist/bin/blocklistctl.c | 8 | ||||
| -rw-r--r-- | contrib/blocklist/bin/blocklistd.c | 22 | ||||
| -rw-r--r-- | contrib/blocklist/bin/state.c | 6 | ||||
| -rwxr-xr-x | contrib/blocklist/libexec/blocklistd-helper | 2 | ||||
| -rw-r--r-- | contrib/pjdfstest/tests/ftruncate/12.t | 2 | ||||
| -rw-r--r-- | contrib/pjdfstest/tests/link/05.t | 11 | ||||
| -rw-r--r-- | contrib/pjdfstest/tests/link/15.t | 2 | ||||
| -rw-r--r-- | contrib/pjdfstest/tests/mkdir/11.t | 2 | ||||
| -rw-r--r-- | contrib/pjdfstest/tests/mkfifo/11.t | 2 | ||||
| -rw-r--r-- | contrib/pjdfstest/tests/open/19.t | 2 | ||||
| -rw-r--r-- | contrib/pjdfstest/tests/symlink/11.t | 2 | ||||
| -rw-r--r-- | contrib/pjdfstest/tests/truncate/12.t | 2 |
15 files changed, 49 insertions, 50 deletions
diff --git a/contrib/blocklist/bin/blacklistctl.8 b/contrib/blocklist/bin/blacklistctl.8 index 4d557c0c979d..08f1d1b9e5af 100644 --- a/contrib/blocklist/bin/blacklistctl.8 +++ b/contrib/blocklist/bin/blacklistctl.8 @@ -45,7 +45,6 @@ is a program used to display and change the state of the database. The following sub-commands are supported: .Ss dump -.Pp The following options are available for the .Cm dump sub-command: @@ -90,7 +89,7 @@ associated with the database entry. column will show the identifier for the packet filter rule associated with the database entry, though this may only be the word .Ql OK -for packet filters which do not creat a unique identifier for each rule. +for packet filters which do not create a unique identifier for each rule. .It Ql nfail The number of .Em failures diff --git a/contrib/blocklist/bin/blacklistd.c b/contrib/blocklist/bin/blacklistd.c index ded3075ed707..cb6ce6578d9c 100644 --- a/contrib/blocklist/bin/blacklistd.c +++ b/contrib/blocklist/bin/blacklistd.c @@ -1,4 +1,4 @@ -/* $NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $ */ +/* $NetBSD: blocklistd.c,v 1.12 2025/10/25 18:43:51 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef HAVE_SYS_CDEFS_H #include <sys/cdefs.h> #endif -__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $"); +__RCSID("$NetBSD: blocklistd.c,v 1.12 2025/10/25 18:43:51 christos Exp $"); #include <sys/types.h> #include <sys/socket.h> @@ -191,12 +191,12 @@ process(bl_t bl) } if (getremoteaddress(bi, &rss, &rsl) == -1) - goto out; + return; if (debug || bi->bi_msg[0]) { sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss); (*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG, - "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu", + "processing type=%d fd=%d remote=%s msg=\"%s\" uid=%lu gid=%lu", bi->bi_type, bi->bi_fd, rbuf, bi->bi_msg, (unsigned long)bi->bi_uid, (unsigned long)bi->bi_gid); @@ -204,12 +204,12 @@ process(bl_t bl) if (conf_find(bi->bi_fd, bi->bi_uid, &rss, &c) == NULL) { (*lfun)(LOG_DEBUG, "no rule matched"); - goto out; + return; } if (state_get(state, &c, &dbi) == -1) - goto out; + return; if (debug) { char b1[128], b2[128]; @@ -226,7 +226,7 @@ process(bl_t bl) * set the number of fails to be one less than the * configured limit. Fallthrough to the normal BL_ADD * processing, which will increment the failure count - * to the threshhold, and block the abusive address. + * to the threshold, and block the abusive address. */ if (c.c_nfail != -1) dbi.count = c.c_nfail - 1; @@ -269,8 +269,6 @@ process(bl_t bl) state_put(state, &c, &dbi); out: - close(bi->bi_fd); - if (debug) { char b1[128], b2[128]; (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d " @@ -331,8 +329,8 @@ again: (*lfun)(LOG_INFO, "released %s/%d:%d after %d seconds", buf, c.c_lmask, c.c_port, c.c_duration); } - state_del(state, &c); - goto again; + if (state_del(state, &c) == 0) + goto again; } } @@ -565,7 +563,7 @@ main(int argc, char *argv[]) conf_parse(configfile); } ret = poll(pfd, (nfds_t)nfd, tout); - if (debug) + if (debug && ret != 0) (*lfun)(LOG_DEBUG, "received %d from poll()", ret); switch (ret) { case -1: diff --git a/contrib/blocklist/bin/blocklistctl.8 b/contrib/blocklist/bin/blocklistctl.8 index a98c16374f19..d241f2844471 100644 --- a/contrib/blocklist/bin/blocklistctl.8 +++ b/contrib/blocklist/bin/blocklistctl.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: blocklistctl.8,v 1.4 2025/02/07 01:35:38 kre Exp $ +.\" $NetBSD: blocklistctl.8,v 1.6 2025/10/26 13:49:22 christos Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd January 27, 2025 +.Dd October 25, 2025 .Dt BLOCKLISTCTL 8 .Os .Sh NAME @@ -45,7 +45,6 @@ is a program used to display and change the state of the database. The following sub-commands are supported: .Ss dump -.Pp The following options are available for the .Cm dump sub-command: @@ -83,6 +82,10 @@ sub-command consists of a header (unless was given) and one line for each record in the database, where each line has the following columns: .Bl -tag -width indent +.It Ql rulename +The packet filter rule name associated with the database entry, +usually +.Dv blocklistd . .It Ql address/ma:port The remote address, mask, and local port number of the client connection associated with the database entry. @@ -90,7 +93,7 @@ associated with the database entry. column will show the identifier for the packet filter rule associated with the database entry, though this may only be the word .Ql OK -for packet filters which do not creat a unique identifier for each rule. +for packet filters which do not create a unique identifier for each rule. .It Ql nfail The number of .Em failures diff --git a/contrib/blocklist/bin/blocklistctl.c b/contrib/blocklist/bin/blocklistctl.c index 8c75e0430c61..b43d8b8aaab3 100644 --- a/contrib/blocklist/bin/blocklistctl.c +++ b/contrib/blocklist/bin/blocklistctl.c @@ -1,4 +1,4 @@ -/* $NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $ */ +/* $NetBSD: blocklistctl.c,v 1.5 2025/10/25 16:56:10 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef HAVE_SYS_CDEFS_H #include <sys/cdefs.h> #endif -__RCSID("$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $"); +__RCSID("$NetBSD: blocklistctl.c,v 1.5 2025/10/25 16:56:10 christos Exp $"); #include <stdio.h> #include <time.h> @@ -135,7 +135,7 @@ main(int argc, char *argv[]) clock_gettime(CLOCK_REALTIME, &ts); wide = wide ? 8 * 4 + 7 : 4 * 3 + 3; if (!noheader) - printf("%*.*s/ma:port\tid\tnfail\t%s\n", wide, wide, + printf("rulename\t%*.*s/ma:port\tid\tnfail\t%s\n", wide, wide, "address", remain ? "remaining time" : "last access"); for (i = 1; state_iterate(db, &c, &dbi, i) != 0; i = 0) { char buf[BUFSIZ]; @@ -150,7 +150,7 @@ main(int argc, char *argv[]) } } sockaddr_snprintf(buf, sizeof(buf), "%a", (void *)&c.c_ss); - printf("%*.*s/%s:%s\t", wide, wide, buf, + printf("%s\t%*.*s/%s:%s\t", c.c_name, wide, wide, buf, star(mbuf, sizeof(mbuf), c.c_lmask), star(pbuf, sizeof(pbuf), c.c_port)); if (c.c_duration == -1) { diff --git a/contrib/blocklist/bin/blocklistd.c b/contrib/blocklist/bin/blocklistd.c index 03a1dbbf056c..47c145c7aae1 100644 --- a/contrib/blocklist/bin/blocklistd.c +++ b/contrib/blocklist/bin/blocklistd.c @@ -1,4 +1,4 @@ -/* $NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $ */ +/* $NetBSD: blocklistd.c,v 1.12 2025/10/25 18:43:51 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef HAVE_SYS_CDEFS_H #include <sys/cdefs.h> #endif -__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $"); +__RCSID("$NetBSD: blocklistd.c,v 1.12 2025/10/25 18:43:51 christos Exp $"); #include <sys/types.h> #include <sys/socket.h> @@ -191,12 +191,12 @@ process(bl_t bl) } if (getremoteaddress(bi, &rss, &rsl) == -1) - goto out; + return; if (debug || bi->bi_msg[0]) { sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss); (*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG, - "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu", + "processing type=%d fd=%d remote=%s msg=\"%s\" uid=%lu gid=%lu", bi->bi_type, bi->bi_fd, rbuf, bi->bi_msg, (unsigned long)bi->bi_uid, (unsigned long)bi->bi_gid); @@ -204,12 +204,12 @@ process(bl_t bl) if (conf_find(bi->bi_fd, bi->bi_uid, &rss, &c) == NULL) { (*lfun)(LOG_DEBUG, "no rule matched"); - goto out; + return; } if (state_get(state, &c, &dbi) == -1) - goto out; + return; if (debug) { char b1[128], b2[128]; @@ -226,7 +226,7 @@ process(bl_t bl) * set the number of fails to be one less than the * configured limit. Fallthrough to the normal BL_ADD * processing, which will increment the failure count - * to the threshhold, and block the abusive address. + * to the threshold, and block the abusive address. */ if (c.c_nfail != -1) dbi.count = c.c_nfail - 1; @@ -269,8 +269,6 @@ process(bl_t bl) state_put(state, &c, &dbi); out: - close(bi->bi_fd); - if (debug) { char b1[128], b2[128]; (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d " @@ -331,8 +329,8 @@ again: (*lfun)(LOG_INFO, "released %s/%d:%d after %d seconds", buf, c.c_lmask, c.c_port, c.c_duration); } - state_del(state, &c); - goto again; + if (state_del(state, &c) == 0) + goto again; } } @@ -565,7 +563,7 @@ main(int argc, char *argv[]) conf_parse(configfile); } ret = poll(pfd, (nfds_t)nfd, tout); - if (debug) + if (debug && ret != 0) (*lfun)(LOG_DEBUG, "received %d from poll()", ret); switch (ret) { case -1: diff --git a/contrib/blocklist/bin/state.c b/contrib/blocklist/bin/state.c index 08e2622e223f..bb93904f3489 100644 --- a/contrib/blocklist/bin/state.c +++ b/contrib/blocklist/bin/state.c @@ -1,4 +1,4 @@ -/* $NetBSD: state.c,v 1.2 2025/02/11 17:48:30 christos Exp $ */ +/* $NetBSD: state.c,v 1.3 2025/10/25 18:43:51 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef HAVE_SYS_CDEFS_H #include <sys/cdefs.h> #endif -__RCSID("$NetBSD: state.c,v 1.2 2025/02/11 17:48:30 christos Exp $"); +__RCSID("$NetBSD: state.c,v 1.3 2025/10/25 18:43:51 christos Exp $"); #include <sys/types.h> #include <sys/socket.h> @@ -131,7 +131,7 @@ state_del(DB *db, const struct conf *c) (*lfun)(LOG_DEBUG, "%s: returns %d", __func__, rv); (*db->sync)(db, 0); } - return 0; + return rv; default: (*lfun)(LOG_ERR, "%s: failed (%m)", __func__); return -1; diff --git a/contrib/blocklist/libexec/blocklistd-helper b/contrib/blocklist/libexec/blocklistd-helper index 14a192ee35ce..f27cde4ed4ea 100755 --- a/contrib/blocklist/libexec/blocklistd-helper +++ b/contrib/blocklist/libexec/blocklistd-helper @@ -258,7 +258,7 @@ flush) pf) # dynamically determine which anchors exist for anchor in $(/sbin/pfctl -a "$2" -s Anchors 2> /dev/null); do - /sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush 2> /dev/null + /sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush /sbin/pfctl -a "$anchor" -F rules done echo OK diff --git a/contrib/pjdfstest/tests/ftruncate/12.t b/contrib/pjdfstest/tests/ftruncate/12.t index 98f3daeaf461..022f2cdae47a 100644 --- a/contrib/pjdfstest/tests/ftruncate/12.t +++ b/contrib/pjdfstest/tests/ftruncate/12.t @@ -22,7 +22,7 @@ EFBIG|EINVAL) ;; *) echo "not ok ${ntest}" - ntest=`expr ${ntest} + 1` + ntest=$((ntest + 1)) ;; esac expect 0 unlink ${n0} diff --git a/contrib/pjdfstest/tests/link/05.t b/contrib/pjdfstest/tests/link/05.t index 5a18c2103e1d..4641e3605efb 100644 --- a/contrib/pjdfstest/tests/link/05.t +++ b/contrib/pjdfstest/tests/link/05.t @@ -2,7 +2,7 @@ # vim: filetype=sh noexpandtab ts=8 sw=8 # $FreeBSD: head/tools/regression/pjdfstest/tests/link/05.t 211352 2010-08-15 21:24:17Z pjd $ -desc="link returns EMLINK if the link count of the file named by name1 would exceed 32767" +desc="link returns EMLINK if the link count of the file named by name1 would exceed {PC_LINK_MAX}" dir=`dirname $0` . ${dir}/../misc.sh @@ -16,19 +16,20 @@ n1=`namegen` n2=`namegen` expect 0 mkdir ${n0} 0755 -n=`mdconfig -a -n -t malloc -s 1m` || exit +n=`mdconfig -a -n -t malloc -s 2m` || exit newfs -i 1 /dev/md${n} >/dev/null || exit mount /dev/md${n} ${n0} || exit +link_max=`${fstest} pathconf ${n0} _PC_LINK_MAX` expect 0 create ${n0}/${n1} 0644 i=1 -while :; do +while [ ${i} -le ${link_max} ]; do link ${n0}/${n1} ${n0}/${i} >/dev/null 2>&1 if [ $? -ne 0 ]; then break fi - i=`expr $i + 1` + i=$((i + 1)) done -test_check $i -eq 32767 +test_check $i -eq ${link_max} expect EMLINK link ${n0}/${n1} ${n0}/${n2} diff --git a/contrib/pjdfstest/tests/link/15.t b/contrib/pjdfstest/tests/link/15.t index cb41ad503370..0dc7648df5cb 100644 --- a/contrib/pjdfstest/tests/link/15.t +++ b/contrib/pjdfstest/tests/link/15.t @@ -26,7 +26,7 @@ while :; do if [ $? -ne 0 ]; then break fi - i=`expr $i + 1` + i=$((i + 1)) done expect ENOSPC link ${n0}/${n1} ${n0}/${n2} umount /dev/md${n} diff --git a/contrib/pjdfstest/tests/mkdir/11.t b/contrib/pjdfstest/tests/mkdir/11.t index 118ca3af8896..f162f6d4eb86 100644 --- a/contrib/pjdfstest/tests/mkdir/11.t +++ b/contrib/pjdfstest/tests/mkdir/11.t @@ -24,7 +24,7 @@ while :; do if [ $? -ne 0 ]; then break fi - i=`expr $i + 1` + i=$((i + 1)) done expect ENOSPC mkdir ${n0}/${n1} 0755 umount /dev/md${n} diff --git a/contrib/pjdfstest/tests/mkfifo/11.t b/contrib/pjdfstest/tests/mkfifo/11.t index 39cfea4e40f7..73d4a5d09f30 100644 --- a/contrib/pjdfstest/tests/mkfifo/11.t +++ b/contrib/pjdfstest/tests/mkfifo/11.t @@ -24,7 +24,7 @@ while :; do if [ $? -ne 0 ]; then break fi - i=`expr $i + 1` + i=$((i + 1)) done expect ENOSPC mkfifo ${n0}/${n1} 0644 umount /dev/md${n} diff --git a/contrib/pjdfstest/tests/open/19.t b/contrib/pjdfstest/tests/open/19.t index 4bc2df2a4313..e3c5b35fd96b 100644 --- a/contrib/pjdfstest/tests/open/19.t +++ b/contrib/pjdfstest/tests/open/19.t @@ -24,7 +24,7 @@ while :; do if [ $? -ne 0 ]; then break fi - i=`expr $i + 1` + i=$((i + 1)) done expect ENOSPC open ${n0}/${i} O_RDONLY,O_CREAT 0644 umount /dev/md${n} diff --git a/contrib/pjdfstest/tests/symlink/11.t b/contrib/pjdfstest/tests/symlink/11.t index b1be674370ad..5d5e864674d6 100644 --- a/contrib/pjdfstest/tests/symlink/11.t +++ b/contrib/pjdfstest/tests/symlink/11.t @@ -24,7 +24,7 @@ while :; do if [ $? -ne 0 ]; then break fi - i=`expr $i + 1` + i=$((i + 1)) done expect ENOSPC symlink test ${n0}/${n1} umount /dev/md${n} diff --git a/contrib/pjdfstest/tests/truncate/12.t b/contrib/pjdfstest/tests/truncate/12.t index 98f3daeaf461..022f2cdae47a 100644 --- a/contrib/pjdfstest/tests/truncate/12.t +++ b/contrib/pjdfstest/tests/truncate/12.t @@ -22,7 +22,7 @@ EFBIG|EINVAL) ;; *) echo "not ok ${ntest}" - ntest=`expr ${ntest} + 1` + ntest=$((ntest + 1)) ;; esac expect 0 unlink ${n0} |