| History log of /src/external/bsd/blocklist/bin/blocklistd.c |
| Revision | | Date | Author | Comments |
| 1.15 |
| 07-Feb-2026 |
christos | From des at FreeBSD dot org
* use reallocarray instead of realloc
* use exit instead of return because some clang tool gets confused
|
| 1.14 |
| 15-Dec-2025 |
christos | Only restore state if it exists (Jose Luis Duran)
Add quotes around messges
|
| 1.13 |
| 15-Dec-2025 |
christos | Revert previous. See:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=29168
From Jose Luis Duran
|
| 1.12 |
| 25-Oct-2025 |
christos | PR/57193: ocb@l25.fi: Only restart the loop if a record was actually deleted
in order to avoid infinite loops.
|
| 1.11 |
| 25-Oct-2025 |
christos | improve logging and don't close fd in process (hrosenfeld)
|
| 1.10 |
| 26-Mar-2025 |
christos | branches: 1.10.2;
Also initialize conf (jlduran)
|
| 1.9 |
| 26-Mar-2025 |
christos | GitHub issue #1: jlduran: Initialize dbi so that the debug print does not
print junk.
|
| 1.8 |
| 11-Feb-2025 |
christos | sys/cdefs.h portability (Hans Rosenfeld)
|
| 1.7 |
| 05-Feb-2025 |
christos | PR/20: robohack:
BLOCKLIST_BAD_USER (BL_BADUSER internally) was actually unimplemented
and as such unusable, and despite being documented as such it still
gained some users and has lead to confusion.
This change proposes that it be implemented as a failure with a count of
one for "nfails".
To provide a meaningful distinction BLOCKLIST_AUTH_FAIL is also now
be implemented with a count of two for "nfails" -- which seems
appropriate as an "authentication failure" sounds, to my ear at least,
as something more important than a "bad user" failure.
This allows for "bad user" reports (which, say in the case of sshd,
could be caused by a legitimate user making a typo) to be recorded as
failures, but perhaps not to immediately cause them to be locked
out (depending on the current configuration of course).
I think "invalid" should probably have been used here instead of "bad",
but that would now be an API change, as opposed to a minor usage change
and improvement.
BTW, I think the hinted at concept of the blocklist daemon having a list
of disallowed users is not a viable way to go -- it violates the
possibility that several different client daemons might have differing
concepts and policies about whether attempts to use a given username is
really violating some rule. Also we shouldn't conflate the concept of
"username" here with local Unix user names, as they may not be related
at all.
|
| 1.6 |
| 05-Feb-2025 |
christos | PR/16: robohack: log any message from a client daemon
If a client daemon includes a message in its request, then log the
request at LOG_INFO level, else (as before), only log it at LOG_DEBUG
and if 'debug' logs are enabled.
|
| 1.5 |
| 02-Aug-2024 |
christos | Add blocklist_open2() that can pass a custom logger or NULL for no logging.
Switch internally to use syslog_r. Add compatibility for systems that don't
have syslog_r.
|
| 1.4 |
| 23-Dec-2023 |
christos | branches: 1.4.2;
PR/57767: Yoshitaka Tokugawa: When restoring, do so from a readonly copy
of the database and update the read-write copy with the new firewall ids.
Before we did not update the state file so it contained the old firewall ids.
|
| 1.3 |
| 12-Oct-2022 |
christos | branches: 1.3.2;
fix logging function which should have used function pointer (jlduran at github)
|
| 1.2 |
| 11-Jun-2022 |
christos | fix usage error (Jose Luis Duran)
|
| 1.1 |
| 15-Jun-2020 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 |
| 15-Jun-2020 |
christos | Import blocklist from https://github.com/zoulasc/blocklist.
This is the same code as blacklist from the HEAD of the NetBSD tree.
|
| 1.3.2.2 |
| 08-Oct-2024 |
martin | Pull up following revision(s) (requested by rin in ticket #930):
lib/libc/include/extern.h: revision 1.30
distrib/sets/lists/base/shl.mi: revision 1.987 (patch)
external/bsd/blocklist/bin/support.c: revision 1.2
external/bsd/blocklist/bin/blocklistd.c: revision 1.5
external/bsd/blocklist/bin/blocklistd.8: revision 1.3
sys/sys/syslog.h: revision 1.42
external/bsd/blocklist/bin/support.h: revision 1.2
external/bsd/blocklist/include/blocklist.h: revision 1.3
crypto/external/bsd/openssh/dist/pfilter.c: revision 1.9
external/bsd/blocklist/lib/shlib_version: revision 1.2
lib/libc/gen/syslog_ss.c: revision 1.4
lib/libc/gen/Makefile.inc: revision 1.218
external/bsd/blocklist/lib/bl.c: revision 1.3
external/bsd/blocklist/README: revision 1.3
external/bsd/blocklist/include/bl.h: revision 1.2
distrib/sets/lists/debug/shl.mi: revision 1.347 (patch)
distrib/sets/lists/comp/mi: revision 1.2462
lib/libc/gen/syslog.3: revision 1.34
lib/libc/gen/syslog.3: revision 1.35
external/bsd/blocklist/libexec/blocklistd-helper: revision 1.8
external/bsd/blocklist/lib/libblocklist.3: revision 1.4
external/bsd/blocklist/lib/libblocklist.3: revision 1.5
external/bsd/blocklist/lib/libblocklist.3: revision 1.6
external/bsd/blocklist/lib/blocklist.c: revision 1.3
Spelling fixes
PR/58391: Noriyuki Soda: re-adding syslog_ss() to syslog.h and syslog.3
syslog(3): Nix trailing whitespace in man page.
No functional change intended.
reference sockpath instead of sockspath
Add blocklist_open2() that can pass a custom logger or NULL for no logging.
Switch internally to use syslog_r. Add compatibility for systems that don't
have syslog_r.
Switch blocklist to use syslog_ss since we are being called from a
signal handler.
bump libblocklist
remove trailing space
Silence a bogus warning when starting up:
NetBSD pf:
No ALTQ support in kernel
ALTQ related functions disabled
FreeBSD pf:
Anchor 'blacklistd' not found.
The anchor is indeed found and working correctly. This patch just
discards stderr's output, like in other places.
(jlduran@github)
update markup (Ed Maste)
|
| 1.3.2.1 |
| 25-Dec-2023 |
martin | Pull up following revision(s) (requested by kim in ticket #519):
external/bsd/blocklist/bin/blocklistd.c: revision 1.4
PR/57767: Yoshitaka Tokugawa: When restoring, do so from a readonly copy
of the database and update the read-write copy with the new firewall ids.
Before we did not update the state file so it contained the old firewall ids.
|
| 1.4.2.1 |
| 02-Aug-2025 |
perseant | Sync with HEAD
|
| 1.10.2.1 |
| 26-Oct-2025 |
martin | Pull up following revision(s) (requested by christos in ticket #75):
external/bsd/blocklist/bin/blocklistd.c: revision 1.11
external/bsd/blocklist/bin/blocklistctl.c: revision 1.5
external/bsd/blocklist/bin/blocklistd.c: revision 1.12
external/bsd/blocklist/bin/blocklistctl.8: revision 1.5
external/bsd/blocklist/bin/blocklistctl.8: revision 1.6
external/bsd/blocklist/bin/state.c: revision 1.3
document rulename (jlduran)
PR/57193: ocb%l25.fi@localhost: Only restart the loop if a record was actually deleted
in order to avoid infinite loops.
fix typos (jlduran)
print the rule name (jlduran)
improve logging and don't close fd in process (hrosenfeld)
|
