aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKurt Lidl <lidl@FreeBSD.org>2017-05-03 04:39:43 +0000
committerKurt Lidl <lidl@FreeBSD.org>2017-05-03 04:39:43 +0000
commit52253412b1a4ba5050d6d44baaf6f40f3a5dd25f (patch)
tree38d3f077a3aaa5d12a98fe9350bdd1ded436fed2
parentdf0cfa3b86180bc007aafedfac6685826e8de7ea (diff)
downloadsrc-52253412b1a4ba5050d6d44baaf6f40f3a5dd25f.tar.gz
src-52253412b1a4ba5050d6d44baaf6f40f3a5dd25f.zip
Vendor import of NetBSD's external/bsd/blacklist @ 20170503vendor/NetBSD/blacklist/20170503
Sponsored by: The FreeBSD Foundation
Notes
Notes: svn path=/vendor/NetBSD/blacklist/dist/; revision=317724 svn path=/vendor/NetBSD/blacklist/20170503/; revision=317725; tag=vendor/NetBSD/blacklist/20170503
-rw-r--r--README12
-rw-r--r--bin/blacklistctl.811
-rw-r--r--bin/blacklistctl.c6
-rw-r--r--bin/blacklistd.813
-rw-r--r--bin/blacklistd.c60
-rw-r--r--bin/blacklistd.conf.511
-rw-r--r--bin/state.c8
-rw-r--r--etc/rc.d/blacklistd4
-rw-r--r--lib/bl.c25
-rw-r--r--lib/libblacklist.327
-rw-r--r--libexec/blacklistd-helper73
-rw-r--r--port/Makefile.am4
-rw-r--r--port/config.h3
-rw-r--r--port/sockaddr_snprintf.c6
14 files changed, 186 insertions, 77 deletions
diff --git a/README b/README
index 44e1026ac4db..7da3317a77fe 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-# $NetBSD: README,v 1.7 2015/01/26 00:34:50 christos Exp $
+# $NetBSD: README,v 1.8 2017/04/13 17:59:34 christos Exp $
This package contains library that can be used by network daemons to
communicate with a packet filter via a daemon to enforce opening and
@@ -98,6 +98,16 @@ group "internal" on $int_if {
...
}
+You can use 'blacklistctl dump -a' to list all the current entries
+in the database; the ones that have nfail <c>/<t> where <c>urrent
+>= <t>otal, should have an id assosiated with them; this means that
+there is a packet filter rule added for that entry. For npf, you
+can examine the packet filter dynamic rule entries using 'npfctl
+rule <rulename> list'. The number of current entries can exceed
+the total. This happens because entering packet filter rules is
+asynchronous; there could be other connection before the rule
+becomes activated.
+
Enjoy,
christos
diff --git a/bin/blacklistctl.8 b/bin/blacklistctl.8
index d8ed1f09cde2..7c6521117745 100644
--- a/bin/blacklistctl.8
+++ b/bin/blacklistctl.8
@@ -1,4 +1,4 @@
-.\" $NetBSD: blacklistctl.8,v 1.7 2015/04/30 06:20:43 riz Exp $
+.\" $NetBSD: blacklistctl.8,v 1.9 2016/06/08 12:48:37 wiz Exp $
.\"
.\" Copyright (c) 2015 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd April 29, 2015
+.Dd June 7, 2016
.Dt BLACKLISTCTL 8
.Os
.Sh NAME
@@ -75,7 +75,12 @@ will first attempt to remove the existing rule, and then it will re-add
it to make sure that there is only one rule active.
.Sh HISTORY
.Nm
-appeared in
+first appeared in
.Nx 7 .
+.Fx
+support for
+.Nm
+was implemented in
+.Fx 11 .
.Sh AUTHORS
.An Christos Zoulas
diff --git a/bin/blacklistctl.c b/bin/blacklistctl.c
index d202fb159b89..8cef404d74bf 100644
--- a/bin/blacklistctl.c
+++ b/bin/blacklistctl.c
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistctl.c,v 1.20 2016/04/04 15:52:56 christos Exp $ */
+/* $NetBSD: blacklistctl.c,v 1.21 2016/11/02 03:15:07 jnemeth Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: blacklistctl.c,v 1.20 2016/04/04 15:52:56 christos Exp $");
+__RCSID("$NetBSD: blacklistctl.c,v 1.21 2016/11/02 03:15:07 jnemeth Exp $");
#include <stdio.h>
#include <time.h>
@@ -96,10 +96,10 @@ main(int argc, char *argv[])
break;
case 'b':
blocked = 1;
+ break;
case 'D':
dbname = optarg;
break;
- break;
case 'd':
debug++;
break;
diff --git a/bin/blacklistd.8 b/bin/blacklistd.8
index ae684770357f..5846047304dc 100644
--- a/bin/blacklistd.8
+++ b/bin/blacklistd.8
@@ -1,4 +1,4 @@
-.\" $NetBSD: blacklistd.8,v 1.15 2016/03/11 17:16:40 christos Exp $
+.\" $NetBSD: blacklistd.8,v 1.18 2016/07/30 06:09:29 dholland Exp $
.\"
.\" Copyright (c) 2015 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd June 4, 2015
+.Dd June 7, 2016
.Dt BLACKLISTD 8
.Os
.Sh NAME
@@ -47,7 +47,7 @@
.Nm
is a daemon similar to
.Xr syslogd 8
-that listens to a sockets at paths specified in the
+that listens to sockets at paths specified in the
.Ar sockpathsfile
for notifications from other daemons about successful or failed connection
attempts.
@@ -216,7 +216,12 @@ Socket to receive connection notifications.
.Xr syslogd 8
.Sh HISTORY
.Nm
-appeared in
+first appeared in
.Nx 7 .
+.Fx
+support for
+.Nm
+was implemented in
+.Fx 11 .
.Sh AUTHORS
.An Christos Zoulas
diff --git a/bin/blacklistd.c b/bin/blacklistd.c
index c16b18e193a5..f5c35eae1ad2 100644
--- a/bin/blacklistd.c
+++ b/bin/blacklistd.c
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.34 2016/04/04 15:52:56 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.37 2017/02/18 00:26:16 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include "config.h"
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: blacklistd.c,v 1.34 2016/04/04 15:52:56 christos Exp $");
+__RCSID("$NetBSD: blacklistd.c,v 1.37 2017/02/18 00:26:16 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@@ -207,7 +207,7 @@ process(bl_t bl)
if (debug) {
char b1[128], b2[128];
- (*lfun)(LOG_DEBUG, "%s: db state info for %s: count=%d/%d "
+ (*lfun)(LOG_DEBUG, "%s: initial db state for %s: count=%d/%d "
"last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail,
fmttime(b1, sizeof(b1), dbi.last),
fmttime(b2, sizeof(b2), ts.tv_sec));
@@ -246,15 +246,24 @@ process(bl_t bl)
case BL_DELETE:
if (dbi.last == 0)
goto out;
+ dbi.count = 0;
dbi.last = 0;
break;
default:
(*lfun)(LOG_ERR, "unknown message %d", bi->bi_type);
}
- if (state_put(state, &c, &dbi) == -1)
- goto out;
+ state_put(state, &c, &dbi);
+
out:
close(bi->bi_fd);
+
+ if (debug) {
+ char b1[128], b2[128];
+ (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d "
+ "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail,
+ fmttime(b1, sizeof(b1), dbi.last),
+ fmttime(b2, sizeof(b2), ts.tv_sec));
+ }
}
static void
@@ -393,13 +402,15 @@ rules_restore(void)
int
main(int argc, char *argv[])
{
- int c, tout, flags, flush, restore;
- const char *spath, *blsock;
+ int c, tout, flags, flush, restore, ret;
+ const char *spath, **blsock;
+ size_t nblsock, maxblsock;
setprogname(argv[0]);
spath = NULL;
- blsock = _PATH_BLSOCK;
+ blsock = NULL;
+ maxblsock = nblsock = 0;
flush = 0;
restore = 0;
tout = 0;
@@ -431,7 +442,17 @@ main(int argc, char *argv[])
restore++;
break;
case 's':
- blsock = optarg;
+ if (nblsock >= maxblsock) {
+ maxblsock += 10;
+ void *p = realloc(blsock,
+ sizeof(*blsock) * maxblsock);
+ if (p == NULL)
+ err(EXIT_FAILURE,
+ "Can't allocate memory for %zu sockets",
+ maxblsock);
+ blsock = p;
+ }
+ blsock[nblsock++] = optarg;
break;
case 't':
tout = atoi(optarg) * 1000;
@@ -473,17 +494,16 @@ main(int argc, char *argv[])
flags |= O_TRUNC;
}
- if (restore)
- rules_restore();
-
struct pollfd *pfd = NULL;
bl_t *bl = NULL;
size_t nfd = 0;
size_t maxfd = 0;
- if (spath == NULL)
- addfd(&pfd, &bl, &nfd, &maxfd, blsock);
- else {
+ for (size_t i = 0; i < nblsock; i++)
+ addfd(&pfd, &bl, &nfd, &maxfd, blsock[i]);
+ free(blsock);
+
+ if (spath) {
FILE *fp = fopen(spath, "r");
char *line;
if (fp == NULL)
@@ -493,6 +513,8 @@ main(int argc, char *argv[])
addfd(&pfd, &bl, &nfd, &maxfd, line);
fclose(fp);
}
+ if (nfd == 0)
+ addfd(&pfd, &bl, &nfd, &maxfd, _PATH_BLSOCK);
state = state_open(dbfile, flags, 0600);
if (state == NULL)
@@ -500,6 +522,9 @@ main(int argc, char *argv[])
if (state == NULL)
return EXIT_FAILURE;
+ if (restore)
+ rules_restore();
+
if (!debug) {
if (daemon(0, 0) == -1)
err(EXIT_FAILURE, "daemon failed");
@@ -512,7 +537,10 @@ main(int argc, char *argv[])
readconf = 0;
conf_parse(configfile);
}
- switch (poll(pfd, (nfds_t)nfd, tout)) {
+ ret = poll(pfd, (nfds_t)nfd, tout);
+ if (debug)
+ (*lfun)(LOG_DEBUG, "received %d from poll()", ret);
+ switch (ret) {
case -1:
if (errno == EINTR)
continue;
diff --git a/bin/blacklistd.conf.5 b/bin/blacklistd.conf.5
index 40d507b3c08a..9d44012c8a6f 100644
--- a/bin/blacklistd.conf.5
+++ b/bin/blacklistd.conf.5
@@ -1,4 +1,4 @@
-.\" $NetBSD: blacklistd.conf.5,v 1.3 2015/04/30 06:20:43 riz Exp $
+.\" $NetBSD: blacklistd.conf.5,v 1.5 2016/06/08 12:48:37 wiz Exp $
.\"
.\" Copyright (c) 2015 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd April 29, 2015
+.Dd June 7, 2016
.Dt BLACKLISTD.CONF 5
.Os
.Sh NAME
@@ -216,7 +216,12 @@ bnx0:ssh * * * * 3 6h
.Xr blacklistd 8
.Sh HISTORY
.Nm
-appeared in
+first appeared in
.Nx 7 .
+.Fx
+support for
+.Nm
+was implemented in
+.Fx 11 .
.Sh AUTHORS
.An Christos Zoulas
diff --git a/bin/state.c b/bin/state.c
index eb97e970fb1e..f2622c82c251 100644
--- a/bin/state.c
+++ b/bin/state.c
@@ -1,4 +1,4 @@
-/* $NetBSD: state.c,v 1.18 2016/04/04 15:52:56 christos Exp $ */
+/* $NetBSD: state.c,v 1.19 2016/09/26 19:43:43 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: state.c,v 1.18 2016/04/04 15:52:56 christos Exp $");
+__RCSID("$NetBSD: state.c,v 1.19 2016/09/26 19:43:43 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@@ -200,8 +200,10 @@ state_iterate(DB *db, struct conf *c, struct dbinfo *dbi, unsigned int first)
int rv;
DBT k, v;
- if (db == NULL)
+ if (db == NULL) {
+ (*lfun)(LOG_ERR, "%s: called with no database file", __func__);
return -1;
+ }
first = first ? R_FIRST : R_NEXT;
diff --git a/etc/rc.d/blacklistd b/etc/rc.d/blacklistd
index 2e46f518fc70..278a6742e63c 100644
--- a/etc/rc.d/blacklistd
+++ b/etc/rc.d/blacklistd
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: blacklistd,v 1.1 2015/01/22 17:49:41 christos Exp $
+# $NetBSD: blacklistd,v 1.2 2016/10/17 22:47:16 christos Exp $
#
# PROVIDE: blacklistd
@@ -18,7 +18,7 @@ start_precmd="${name}_precmd"
extra_commands="reload"
_sockfile="/var/run/${name}.sockets"
-_sockname="blsock"
+_sockname="blacklistd.sock"
blacklistd_precmd()
{
diff --git a/lib/bl.c b/lib/bl.c
index bca52cfbc8fe..9f93b91f4c8f 100644
--- a/lib/bl.c
+++ b/lib/bl.c
@@ -1,4 +1,4 @@
-/* $NetBSD: bl.c,v 1.27 2015/12/30 16:42:48 christos Exp $ */
+/* $NetBSD: bl.c,v 1.28 2016/07/29 17:13:09 christos Exp $ */
/*-
* Copyright (c) 2014 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: bl.c,v 1.27 2015/12/30 16:42:48 christos Exp $");
+__RCSID("$NetBSD: bl.c,v 1.28 2016/07/29 17:13:09 christos Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -152,8 +152,8 @@ bl_init(bl_t b, bool srv)
b->b_fd = socket(PF_LOCAL,
SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK|SOCK_NOSIGPIPE, 0);
if (b->b_fd == -1) {
- bl_log(b->b_fun, LOG_ERR, "%s: socket failed (%m)",
- __func__);
+ bl_log(b->b_fun, LOG_ERR, "%s: socket failed (%s)",
+ __func__, strerror(errno));
BL_UNLOCK(b);
return -1;
}
@@ -200,8 +200,8 @@ bl_init(bl_t b, bool srv)
*/
if (b->b_connected != 1) {
bl_log(b->b_fun, LOG_DEBUG,
- "%s: connect failed for `%s' (%m)",
- __func__, sun->sun_path);
+ "%s: connect failed for `%s' (%s)",
+ __func__, sun->sun_path, strerror(errno));
b->b_connected = 1;
}
BL_UNLOCK(b);
@@ -220,8 +220,8 @@ bl_init(bl_t b, bool srv)
errno = serrno;
if (rv == -1) {
bl_log(b->b_fun, LOG_ERR,
- "%s: bind failed for `%s' (%m)",
- __func__, sun->sun_path);
+ "%s: bind failed for `%s' (%s)",
+ __func__, sun->sun_path, strerror(errno));
goto out;
}
}
@@ -260,7 +260,8 @@ bl_init(bl_t b, bool srv)
if (setsockopt(b->b_fd, CRED_LEVEL, CRED_NAME,
&one, (socklen_t)sizeof(one)) == -1) {
bl_log(b->b_fun, LOG_ERR, "%s: setsockopt %s "
- "failed (%m)", __func__, __STRING(CRED_NAME));
+ "failed (%s)", __func__, __STRING(CRED_NAME),
+ strerror(errno));
goto out;
}
#endif
@@ -296,7 +297,8 @@ bl_create(bool srv, const char *path, void (*fun)(int, const char *, va_list))
return b;
out:
free(b);
- bl_log(fun, LOG_ERR, "%s: malloc failed (%m)", __func__);
+ bl_log(fun, LOG_ERR, "%s: malloc failed (%s)", __func__,
+ strerror(errno));
return NULL;
}
@@ -451,7 +453,8 @@ bl_recv(bl_t b)
rlen = recvmsg(b->b_fd, &msg, 0);
if (rlen == -1) {
- bl_log(b->b_fun, LOG_ERR, "%s: recvmsg failed (%m)", __func__);
+ bl_log(b->b_fun, LOG_ERR, "%s: recvmsg failed (%s)", __func__,
+ strerror(errno));
return NULL;
}
diff --git a/lib/libblacklist.3 b/lib/libblacklist.3
index e13682031b81..bab2ad1ffc2e 100644
--- a/lib/libblacklist.3
+++ b/lib/libblacklist.3
@@ -1,4 +1,4 @@
-.\" $NetBSD: libblacklist.3,v 1.3 2015/01/25 23:09:28 wiz Exp $
+.\" $NetBSD: libblacklist.3,v 1.7 2017/02/04 23:33:56 wiz Exp $
.\"
.\" Copyright (c) 2015 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -36,7 +36,7 @@
.Nm blacklist_r ,
.Nm blacklist ,
.Nm blacklist_sa
-.Nm blacklist_sa_r ,
+.Nm blacklist_sa_r
.Nd Blacklistd notification library
.Sh LIBRARY
.Lb libblacklist
@@ -62,7 +62,7 @@ block or release port access to prevent Denial of Service attacks.
.Pp
The function
.Fn blacklist_open
-creates a the necessary state to communicate with
+creates the necessary state to communicate with
.Xr blacklistd 8
and returns a pointer to it, or
.Dv NULL
@@ -106,18 +106,25 @@ All functions log errors to
.Xr syslogd 8 .
.Sh RETURN VALUES
The function
-.Fn bl_open
+.Fn blacklist_open
returns a cookie on success and
.Dv NULL
-on failure setting errno to an appropriate value.
+on failure setting
+.Dv errno
+to an appropriate value.
.Pp
-The
-.Fn bl_send
-function returns
+The functions
+.Fn blacklist ,
+.Fn blacklist_sa ,
+and
+.Fn blacklist_sa_r
+return
.Dv 0
on success and
-.Dv -1
-on failure setting errno to an appropriate value.
+.Dv \-1
+on failure setting
+.Dv errno
+to an appropriate value.
.Sh SEE ALSO
.Xr blacklistd.conf 5 ,
.Xr blacklistd 8
diff --git a/libexec/blacklistd-helper b/libexec/blacklistd-helper
index 743ccf5508b3..2d0a89e8fb0e 100644
--- a/libexec/blacklistd-helper
+++ b/libexec/blacklistd-helper
@@ -10,12 +10,20 @@
# $7 id
pf=
-for f in npf pf; do
- if [ -f "/etc/$f.conf" ]; then
- pf="$f"
- break
- fi
-done
+if [ -f "/etc/ipfw-blacklist.rc" ]; then
+ pf="ipfw"
+ . /etc/ipfw-blacklist.rc
+ ipfw_offset=${ipfw_offset:-2000}
+fi
+
+if [ -z "$pf" ]; then
+ for f in npf pf ipf; do
+ if [ -f "/etc/$f.conf" ]; then
+ pf="$f"
+ break
+ fi
+ done
+fi
if [ -z "$pf" ]; then
echo "$0: Unsupported packet filter" 1>&2
@@ -43,35 +51,74 @@ esac
case "$1" in
add)
case "$pf" in
+ ipf)
+ /sbin/ipfstat -io | /sbin/ipf -I -f - >/dev/null 2>&1
+ echo block in quick $proto from $addr/$mask to \
+ any port=$6 head port$6 | \
+ /sbin/ipf -I -f - -s >/dev/null 2>&1 && echo OK
+ ;;
+ ipfw)
+ # use $ipfw_offset+$port for rule number
+ rule=$(($ipfw_offset + $6))
+ tname="port$6"
+ /sbin/ipfw table $tname create type addr 2>/dev/null
+ /sbin/ipfw -q table $tname add "$addr/$mask"
+ # if rule number $rule does not already exist, create it
+ /sbin/ipfw show $rule >/dev/null 2>&1 || \
+ /sbin/ipfw add $rule drop $3 from \
+ table"("$tname")" to any dst-port $6 >/dev/null && \
+ echo OK
+ ;;
npf)
/sbin/npfctl rule "$2" add block in final $proto from \
"$addr/$mask" to any $port
;;
pf)
- # insert $ip/$mask into per-protocol anchored table
- /sbin/pfctl -a "$2" -t "port$6" -T add "$addr/$mask"
- echo "block in quick $proto from <port$6> to any $port" | \
- /sbin/pfctl -a "$2" -f -
+ # if the filtering rule does not exist, create it
+ /sbin/pfctl -a "$2/$6" -sr 2>/dev/null | \
+ grep -q "<port$6>" || \
+ echo "block in quick $proto from <port$6> to any $port" | \
+ /sbin/pfctl -a "$2/$6" -f -
+ # insert $ip/$mask into per-protocol/port anchored table
+ /sbin/pfctl -a "$2/$6" -t "port$6" -T add "$addr/$mask" && \
+ echo OK
;;
esac
;;
rem)
case "$pf" in
+ ipf)
+ /sbin/ipfstat -io | /sbin/ipf -I -f - >/dev/null 2>&1
+ echo block in quick $proto from $addr/$mask to \
+ any port=$6 head port$6 | \
+ /sbin/ipf -I -r -f - -s >/dev/null 2>&1 && echo OK
+ ;;
+ ipfw)
+ /sbin/ipfw table "port$6" delete "$addr/$mask" 2>/dev/null && \
+ echo OK
+ ;;
npf)
/sbin/npfctl rule "$2" rem-id "$7"
;;
pf)
- /sbin/pfctl -a "$2" -t "port$6" -T delete "$addr/$mask"
+ /sbin/pfctl -a "$2/$6" -t "port$6" -T delete "$addr/$mask" && \
+ echo OK
;;
esac
;;
flush)
- case "$pf" in
+ case "$pf" in
+ ipf)
+ /sbin/ipf -Z -I -Fi -s > /dev/null && echo OK
+ ;;
+ ipfw)
+ /sbin/ipfw table "port$6" flush 2>/dev/null && echo OK
+ ;;
npf)
/sbin/npfctl rule "$2" flush
;;
pf)
- /sbin/pfctl -a "$2" -t "port$6" -T flush
+ /sbin/pfctl -a "$2/$6" -t "port$6" -T flush && echo OK
;;
esac
;;
diff --git a/port/Makefile.am b/port/Makefile.am
index f1b36ca880a3..43bf6c94b420 100644
--- a/port/Makefile.am
+++ b/port/Makefile.am
@@ -1,11 +1,11 @@
#
ACLOCAL_AMFLAGS = -I m4
lib_LTLIBRARIES = libblacklist.la
-include_HEADERS = blacklist.h
+include_HEADERS = ../include/blacklist.h
bin_PROGRAMS = blacklistd blacklistctl srvtest cltest
-VPATH = ../bin:../lib:../test
+VPATH = ../bin:../lib:../test:../include
AM_CPPFLAGS = -I../include -DDOT="."
AM_CFLAGS = @WARNINGS@
diff --git a/port/config.h b/port/config.h
deleted file mode 100644
index 27f32636de01..000000000000
--- a/port/config.h
+++ /dev/null
@@ -1,3 +0,0 @@
-#if defined(__FreeBSD__)
-#include "port.h"
-#endif
diff --git a/port/sockaddr_snprintf.c b/port/sockaddr_snprintf.c
index 41e5e0c0ed20..558755b6294b 100644
--- a/port/sockaddr_snprintf.c
+++ b/port/sockaddr_snprintf.c
@@ -1,4 +1,4 @@
-/* $NetBSD: sockaddr_snprintf.c,v 1.10 2016/04/05 12:28:57 christos Exp $ */
+/* $NetBSD: sockaddr_snprintf.c,v 1.11 2016/06/01 22:57:51 christos Exp $ */
/*-
* Copyright (c) 2004 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
#include <sys/cdefs.h>
#if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: sockaddr_snprintf.c,v 1.10 2016/04/05 12:28:57 christos Exp $");
+__RCSID("$NetBSD: sockaddr_snprintf.c,v 1.11 2016/06/01 22:57:51 christos Exp $");
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
@@ -219,7 +219,7 @@ sockaddr_snprintf(char * const sbuf, const size_t len, const char * const fmt,
case AF_LINK:
sdl = ((const struct sockaddr_dl *)(const void *)sa);
(void)strlcpy(addr = abuf, link_ntoa(sdl), sizeof(abuf));
- if ((w = strchr(addr, ':')) != 0) {
+ if ((w = strchr(addr, ':')) != NULL) {
*w++ = '\0';
addr = w;
}