Module Name: src
Committed By: christos
Date: Sun Jan 25 20:59:39 UTC 2015
Modified Files:
src/external/bsd/blacklist/bin: blacklistd.8 blacklistd.c conf.c
internal.c internal.h
Log Message:
Handle interfaces in configuration files, requested by kardel@
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/external/bsd/blacklist/bin/blacklistd.8
cvs rdiff -u -r1.28 -r1.29 src/external/bsd/blacklist/bin/blacklistd.c
cvs rdiff -u -r1.13 -r1.14 src/external/bsd/blacklist/bin/conf.c
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/blacklist/bin/internal.c
cvs rdiff -u -r1.10 -r1.11 src/external/bsd/blacklist/bin/internal.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/bin/blacklistd.8
diff -u src/external/bsd/blacklist/bin/blacklistd.8:1.5 src/external/bsd/blacklist/bin/blacklistd.8:1.6
--- src/external/bsd/blacklist/bin/blacklistd.8:1.5 Sat Jan 24 13:34:05 2015
+++ src/external/bsd/blacklist/bin/blacklistd.8 Sun Jan 25 15:59:39 2015
@@ -1,4 +1,4 @@
-.\" $NetBSD: blacklistd.8,v 1.5 2015/01/24 18:34:05 christos Exp $
+.\" $NetBSD: blacklistd.8,v 1.6 2015/01/25 20:59:39 christos Exp $
.\"
.\" Copyright (c) 2015 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -130,7 +130,7 @@ and can be
for all fields.
The fields of the configuration file are as follows:
.Bd -literal -offset indent
-[address:]service
+[address|interface:]service
socket-type
protocol
user
Index: src/external/bsd/blacklist/bin/blacklistd.c
diff -u src/external/bsd/blacklist/bin/blacklistd.c:1.28 src/external/bsd/blacklist/bin/blacklistd.c:1.29
--- src/external/bsd/blacklist/bin/blacklistd.c:1.28 Sat Jan 24 02:46:20 2015
+++ src/external/bsd/blacklist/bin/blacklistd.c Sun Jan 25 15:59:39 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.28 2015/01/24 07:46:20 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.29 2015/01/25 20:59:39 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include "config.h"
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: blacklistd.c,v 1.28 2015/01/24 07:46:20 christos Exp $");
+__RCSID("$NetBSD: blacklistd.c,v 1.29 2015/01/25 20:59:39 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@@ -58,6 +58,7 @@ __RCSID("$NetBSD: blacklistd.c,v 1.28 20
#include <stdlib.h>
#include <unistd.h>
#include <time.h>
+#include <ifaddrs.h>
#include <netinet/in.h>
#include "bl.h"
@@ -101,7 +102,8 @@ sigdone(int n __unused)
static __dead void
usage(int c)
{
- warnx("Unknown option `%c'", (char)c);
+ if (c)
+ warnx("Unknown option `%c'", (char)c);
fprintf(stderr, "Usage: %s [-vdf] [-c <config>] [-r <rulename>] "
"[-P <sockpathsfile>] [-C <controlprog>] [-D <dbfile>] "
"[-t <timeout>]\n", getprogname());
@@ -249,6 +251,21 @@ out:
}
static void
+update_interfaces(void)
+{
+ struct ifaddrs *oifas, *nifas;
+
+ if (getifaddrs(&nifas) == -1)
+ return;
+
+ oifas = ifas;
+ ifas = nifas;
+
+ if (oifas)
+ freeifaddrs(oifas);
+}
+
+static void
update(void)
{
struct timespec ts;
@@ -359,6 +376,10 @@ main(int argc, char *argv[])
}
}
+ argc -= optind;
+ if (argc)
+ usage(0);
+
signal(SIGHUP, sighup);
signal(SIGINT, sigdone);
signal(SIGQUIT, sigdone);
@@ -377,6 +398,7 @@ main(int argc, char *argv[])
tout = 15000;
}
+ update_interfaces();
conf_parse(configfile);
if (reset) {
for (size_t i = 0; i < nconf; i++)
@@ -436,6 +458,8 @@ main(int argc, char *argv[])
}
if (t % 100 == 0)
state_sync(state);
+ if (t % 10000 == 0)
+ update_interfaces();
update();
}
state_close(state);
Index: src/external/bsd/blacklist/bin/conf.c
diff -u src/external/bsd/blacklist/bin/conf.c:1.13 src/external/bsd/blacklist/bin/conf.c:1.14
--- src/external/bsd/blacklist/bin/conf.c:1.13 Thu Jan 22 11:19:53 2015
+++ src/external/bsd/blacklist/bin/conf.c Sun Jan 25 15:59:39 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.13 2015/01/22 16:19:53 christos Exp $ */
+/* $NetBSD: conf.c,v 1.14 2015/01/25 20:59:39 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: conf.c,v 1.13 2015/01/22 16:19:53 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.14 2015/01/25 20:59:39 christos Exp $");
#include <stdio.h>
#include <string.h>
@@ -48,14 +48,29 @@ __RCSID("$NetBSD: conf.c,v 1.13 2015/01/
#endif
#include <stdlib.h>
#include <limits.h>
+#include <ifaddrs.h>
#include <arpa/inet.h>
#include <netinet/in.h>
+#include <net/if.h>
#include <sys/socket.h>
#include "bl.h"
#include "internal.h"
#include "conf.h"
+
+struct sockaddr_if {
+ uint8_t sif_len;
+ sa_family_t sif_family;
+ in_port_t sif_port;
+ char sif_name[16];
+};
+
+#define SIF_NAME(a) \
+ ((const struct sockaddr_if *)(const void *)(a))->sif_name
+
+static int conf_is_interface(const char *);
+
static void
advance(char **p)
{
@@ -164,34 +179,45 @@ gethostport(const char *f, size_t l, voi
struct conf *c = v;
if ((d = strstr(p, "]:")) != NULL) {
- struct sockaddr_in6 *s6 = (void *)&c->c_ss;
+ struct sockaddr_in6 *sin6 = (void *)&c->c_ss;
*d++ = '\0';
p++;
if (debug)
(*lfun)(LOG_DEBUG, "%s: host6 %s", __func__, p);
if (strcmp(p, "*") != 0) {
- if (inet_pton(AF_INET6, p, &s6->sin6_addr) == -1)
+ if (inet_pton(AF_INET6, p, &sin6->sin6_addr) == -1)
goto out;
- s6->sin6_family = AF_INET6;
+ sin6->sin6_family = AF_INET6;
#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
- s6->sin6_len = sizeof(*s6);
+ sin6->sin6_len = sizeof(*sin6);
#endif
- port = &s6->sin6_port;
+ port = &sin6->sin6_port;
}
p = ++d;
} else if ((d = strrchr(p, ':')) != NULL) {
- struct sockaddr_in *s = (void *)&c->c_ss;
+ struct sockaddr_in *sin = (void *)&c->c_ss;
+ struct sockaddr_if *sif = (void *)&c->c_ss;
*d++ = '\0';
if (debug)
(*lfun)(LOG_DEBUG, "%s: host4 %s", __func__, p);
if (strcmp(p, "*") != 0) {
- if (inet_pton(AF_INET, p, &s->sin_addr) == -1)
- goto out;
- s->sin_family = AF_INET;
+ if (conf_is_interface(p)) {
+ sif->sif_family = AF_MAX;
+ strlcpy(sif->sif_name, p,
+ sizeof(sif->sif_name));
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+ sif->sif_len = sizeof(*sif);
+#endif
+ port = &sif->sif_port;
+ } else if (inet_pton(AF_INET, p, &sin->sin_addr) != -1)
+ {
+ sin->sin_family = AF_INET;
#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
- s->sin_len = sizeof(*s);
+ sin->sin_len = sizeof(*sin);
#endif
- port = &s->sin_port;
+ port = &sif->sif_port;
+ } else
+ goto out;
}
p = d;
}
@@ -332,15 +358,85 @@ conf_sort(const void *v1, const void *v2
}
static int
-conf_eq(const struct conf *c1, const struct conf *c2)
+conf_is_interface(const char *name)
{
- if (c2->c_ss.ss_family != 0 &&
- memcmp(&c1->c_ss, &c2->c_ss, sizeof(c1->c_ss))) {
- if (debug > 1)
- (*lfun)(LOG_DEBUG, "%s: c_ss fail", __func__);
- return 0;
+ const struct ifaddrs *ifa;
+
+ for (ifa = ifas; ifas; ifa = ifa->ifa_next)
+ if (strcmp(ifa->ifa_name, name) == 0)
+ return 1;
+ return 0;
+}
+
+static int
+conf_addr_in_interface(const struct sockaddr_storage *s1,
+ const struct sockaddr_storage *s2)
+{
+ const char *name = SIF_NAME(s2);
+ const struct ifaddrs *ifa;
+ socklen_t slen;
+ const struct sockaddr_in *sin = (const void *)s1;
+ const struct sockaddr_in6 *sin6 = (const void *)s1;
+
+ for (ifa = ifas; ifa; ifa = ifa->ifa_next) {
+ if ((ifa->ifa_flags & IFF_UP) == 0)
+ continue;
+
+ if (strcmp(ifa->ifa_name, name) != 0)
+ continue;
+
+ if (s1->ss_family != ifa->ifa_addr->sa_family)
+ continue;
+
+ const void *v = ifa->ifa_addr;
+ const void *p1, *p2;
+ switch (s1->ss_family) {
+ case AF_INET:
+ p1 = &sin->sin_addr;
+ p2 = &((const struct sockaddr_in *)v)->sin_addr;
+ slen = sizeof(sin->sin_addr);
+ break;
+ case AF_INET6:
+ p1 = &sin6->sin6_addr;
+ p2 = &((const struct sockaddr_in6 *)v)->sin6_addr;
+ slen = sizeof(sin6->sin6_addr);
+ break;
+ default:
+ (*lfun)(LOG_ERR, "Bad family %u", s1->ss_family);
+ continue;
+ }
+ if (memcmp(p1, p2, slen) == 0)
+ return 1;
}
+ return 0;
+}
+
+static int
+conf_addr_eq(const struct sockaddr_storage *s1,
+ const struct sockaddr_storage *s2)
+{
+ switch (s2->ss_family) {
+ case 0:
+ return 1;
+ case AF_MAX:
+ return conf_addr_in_interface(s1, s2);
+ default:
+ if (memcmp(s1, s2, sizeof(*s2))) {
+ if (debug > 1)
+ (*lfun)(LOG_DEBUG, "%s: c_ss fail", __func__);
+ return 0;
+ }
+ return 1;
+ }
+}
+
+static int
+conf_eq(const struct conf *c1, const struct conf *c2)
+{
+ if (!conf_addr_eq(&c1->c_ss, &c2->c_ss))
+ return 0;
+
#define CMP(a, b, f) \
if ((a)->f != (b)->f && (b)->f != -1) { \
if (debug > 1) \
@@ -388,18 +484,28 @@ conf_print(char *buf, size_t len, const
#define N(n, v) conf_num(b[n], sizeof(b[n]), (v))
- if (c->c_ss.ss_family) {
+ switch (c->c_ss.ss_family) {
+ case 0:
+ if (c->c_port == -1)
+ snprintf(hb, sizeof(hb), "*");
+ else
+ snprintf(hb, sizeof(hb), "%d", c->c_port);
+ break;
+ case AF_MAX:
+ if (c->c_port == -1)
+ snprintf(hb, sizeof(hb), "%s:*", SIF_NAME(&c->c_ss));
+ else
+ snprintf(hb, sizeof(hb), "%s:%d", SIF_NAME(&c->c_ss),
+ c->c_port);
+ break;
+ default:
if (c->c_port == -1)
sockaddr_snprintf(hb, sizeof(hb), "%a:*",
(const void *)&c->c_ss);
else
sockaddr_snprintf(hb, sizeof(hb), "%a:%p",
(const void *)&c->c_ss);
- } else {
- if (c->c_port == -1)
- snprintf(hb, sizeof(hb), "*");
- else
- snprintf(hb, sizeof(hb), "%d", c->c_port);
+ break;
}
sp = *delim == '\t' ? 20 : -1;
Index: src/external/bsd/blacklist/bin/internal.c
diff -u src/external/bsd/blacklist/bin/internal.c:1.3 src/external/bsd/blacklist/bin/internal.c:1.4
--- src/external/bsd/blacklist/bin/internal.c:1.3 Wed Jan 21 22:10:49 2015
+++ src/external/bsd/blacklist/bin/internal.c Sun Jan 25 15:59:39 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: internal.c,v 1.3 2015/01/22 03:10:49 christos Exp $ */
+/* $NetBSD: internal.c,v 1.4 2015/01/25 20:59:39 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: internal.c,v 1.3 2015/01/22 03:10:49 christos Exp $");
+__RCSID("$NetBSD: internal.c,v 1.4 2015/01/25 20:59:39 christos Exp $");
#include <stdio.h>
#include <syslog.h>
@@ -43,5 +43,6 @@ int debug;
const char *rulename = "blacklistd";
const char *controlprog = _PATH_BLCONTROL;
struct conf *conf;
+struct ifaddrs *ifas;
size_t nconf;
void (*lfun)(int, const char *, ...) = syslog;
Index: src/external/bsd/blacklist/bin/internal.h
diff -u src/external/bsd/blacklist/bin/internal.h:1.10 src/external/bsd/blacklist/bin/internal.h:1.11
--- src/external/bsd/blacklist/bin/internal.h:1.10 Thu Jan 22 16:32:30 2015
+++ src/external/bsd/blacklist/bin/internal.h Sun Jan 25 15:59:39 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: internal.h,v 1.10 2015/01/22 21:32:30 christos Exp $ */
+/* $NetBSD: internal.h,v 1.11 2015/01/25 20:59:39 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -46,6 +46,7 @@ extern size_t nconf;
extern int debug;
extern const char *rulename;
extern const char *controlprog;
+extern struct ifaddrs *ifas;
void (*lfun)(int, const char *, ...);
