Module Name: src Committed By: wiz Date: Mon Mar 30 08:45:09 UTC 2020
Modified Files: src/external/bsd/blacklist/bin: blacklistd.8 Log Message: Fix typos. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 src/external/bsd/blacklist/bin/blacklistd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/external/bsd/blacklist/bin/blacklistd.8 diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.21 src/external/bsd/blacklist/bin/blacklistd.8:1.22 --- src/external/bsd/blacklist/bin/blacklistd.8:1.21 Mon Mar 30 03:02:41 2020 +++ src/external/bsd/blacklist/bin/blacklistd.8 Mon Mar 30 08:45:09 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.8,v 1.21 2020/03/30 03:02:41 christos Exp $ +.\" $NetBSD: blacklistd.8,v 1.22 2020/03/30 08:45:09 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -68,7 +68,7 @@ Each entry contains a number of tries li The way .Nm does configuration entry matching is by having the client side pass the -file dscriptor associated with the connection the client wants to blacklist +file descriptor associated with the connection the client wants to blacklist as well as passing socket credentials. .Pp The file descriptor is used to retrieve information (address and port) @@ -85,17 +85,17 @@ the port. By examining the optional address portion on the local side, it can match interfaces. By examining the remote address, it can match specific allow or deny rules. -.Pp +.Pp Finally .Nm can examine the socket credentials to match the user in the configuration file. .Pp While this works well for TCP sockets, it cannot be relied on for unbound -UDP sockets. +UDP sockets. It is also less meaningful when it comes to connections using non-privileged ports. -On the other hand, if we receive a request that has a local endpoind indicating -UDP privileged port, we can presume that the client was privileged to be +On the other hand, if we receive a request that has a local endpoint indicating +a UDP privileged port, we can presume that the client was privileged to be able to acquire that port. .Pp Once an entry is matched