head 1.7; access; symbols perseant-exfatfs-base-20250801:1.7 perseant-exfatfs-base-20240630:1.7 perseant-exfatfs:1.7.0.6 perseant-exfatfs-base:1.7 netbsd-8-3-RELEASE:1.6 netbsd-9-4-RELEASE:1.6 netbsd-9-3-RELEASE:1.6 cjep_sun2x:1.7.0.4 cjep_sun2x-base:1.7 cjep_staticlib_x-base1:1.7 netbsd-9-2-RELEASE:1.6 cjep_staticlib_x:1.7.0.2 cjep_staticlib_x-base:1.7 netbsd-9-1-RELEASE:1.6 phil-wifi-20200421:1.6 phil-wifi-20200411:1.6 is-mlppp:1.6.0.22 is-mlppp-base:1.6 phil-wifi-20200406:1.6 netbsd-8-2-RELEASE:1.6 netbsd-9-0-RELEASE:1.6 netbsd-9-0-RC2:1.6 netbsd-9-0-RC1:1.6 phil-wifi-20191119:1.6 netbsd-9:1.6.0.20 netbsd-9-base:1.6 phil-wifi-20190609:1.6 netbsd-8-1-RELEASE:1.6 netbsd-8-1-RC1:1.6 pgoyette-compat-merge-20190127:1.6 pgoyette-compat-20190127:1.6 pgoyette-compat-20190118:1.6 pgoyette-compat-1226:1.6 pgoyette-compat-1126:1.6 pgoyette-compat-1020:1.6 pgoyette-compat-0930:1.6 pgoyette-compat-0906:1.6 netbsd-7-2-RELEASE:1.6.2.2 pgoyette-compat-0728:1.6 netbsd-8-0-RELEASE:1.6 phil-wifi:1.6.0.18 phil-wifi-base:1.6 pgoyette-compat-0625:1.6 netbsd-8-0-RC2:1.6 pgoyette-compat-0521:1.6 pgoyette-compat-0502:1.6 pgoyette-compat-0422:1.6 netbsd-8-0-RC1:1.6 pgoyette-compat-0415:1.6 pgoyette-compat-0407:1.6 pgoyette-compat-0330:1.6 pgoyette-compat-0322:1.6 pgoyette-compat-0315:1.6 netbsd-7-1-2-RELEASE:1.6.2.2 pgoyette-compat:1.6.0.16 pgoyette-compat-base:1.6 netbsd-7-1-1-RELEASE:1.6.2.2 matt-nb8-mediatek:1.6.0.14 matt-nb8-mediatek-base:1.6 perseant-stdc-iso10646:1.6.0.12 perseant-stdc-iso10646-base:1.6 netbsd-8:1.6.0.10 netbsd-8-base:1.6 prg-localcount2-base3:1.6 prg-localcount2-base2:1.6 prg-localcount2-base1:1.6 prg-localcount2:1.6.0.8 prg-localcount2-base:1.6 pgoyette-localcount-20170426:1.6 bouyer-socketcan-base1:1.6 pgoyette-localcount-20170320:1.6 netbsd-7-1:1.6.2.2.0.6 netbsd-7-1-RELEASE:1.6.2.2 netbsd-7-1-RC2:1.6.2.2 netbsd-7-nhusb-base-20170116:1.6.2.2 bouyer-socketcan:1.6.0.6 bouyer-socketcan-base:1.6 pgoyette-localcount-20170107:1.6 netbsd-7-1-RC1:1.6.2.2 pgoyette-localcount-20161104:1.6 netbsd-7-0-2-RELEASE:1.6.2.2 localcount-20160914:1.6 netbsd-7-nhusb:1.6.2.2.0.4 netbsd-7-nhusb-base:1.6.2.2 pgoyette-localcount-20160806:1.6 pgoyette-localcount-20160726:1.6 pgoyette-localcount:1.6.0.4 pgoyette-localcount-base:1.6 netbsd-7-0-1-RELEASE:1.6.2.2 netbsd-7-0:1.6.2.2.0.2 netbsd-7-0-RELEASE:1.6.2.2 netbsd-7-0-RC3:1.6.2.2 netbsd-7-0-RC2:1.6.2.2 netbsd-7-0-RC1:1.6.2.2 netbsd-7:1.6.0.2; locks; strict; comment @# @; 1.7 date 2020.06.15.01.57.32; author christos; state dead; branches; next 1.6; commitid 1zJ7owqywyzYigcC; 1.6 date 2015.01.23.21.38.09; author christos; state Exp; branches 1.6.2.1; next 1.5; commitid Wd8MF5VXxd23ac7y; 1.5 date 2015.01.23.21.10.44; author christos; state Exp; branches; next 1.4; commitid mPuPRVFsBvpI0c7y; 1.4 date 2015.01.22.23.26.42; author christos; state Exp; branches; next 1.3; commitid Pw4tmb7GPJ6pN47y; 1.3 date 2015.01.22.21.42.06; author christos; state Exp; branches; next 1.2; commitid WYIvCkXQsl5wd47y; 1.2 date 2015.01.22.17.59.31; author christos; state Exp; branches; next 1.1; commitid VttUnmgGw1NaZ27y; 1.1 date 2015.01.22.15.29.27; author christos; state Exp; branches; next ; commitid vB4nL7RH0mVC927y; 1.6.2.1 date 2015.01.23.21.38.09; author riz; state dead; branches; next 1.6.2.2; commitid HvseHc4xVzxnTzjy; 1.6.2.2 date 2015.04.30.06.07.33; author riz; state Exp; branches; next ; commitid HvseHc4xVzxnTzjy; desc @@ 1.7 log @Rename blacklist -> blocklist @ text @--- /dev/null 2015-01-22 01:48:00.000000000 -0500 +++ dist/bin/named/pfilter.c 2015-01-22 01:35:16.000000000 -0500 @@@@ -0,0 +1,42 @@@@ +#include + +#include +#include +#include +#include + +#include + +#include "pfilter.h" + +static struct blacklist *blstate; + +void +pfilter_open(void) +{ + if (blstate == NULL) + blstate = blacklist_open(); +} + +#define TCP_CLIENT(c) (((c)->attributes & NS_CLIENTATTR_TCP) != 0) + +void +pfilter_notify(isc_result_t res, ns_client_t *client, const char *msg) +{ + isc_socket_t *socket; + + pfilter_open(); + + if (TCP_CLIENT(client)) + socket = client->tcpsocket; + else { + socket = client->udpsocket; + if (!client->peeraddr_valid) + return; + } + if (socket == NULL) + return; + blacklist_sa_r(blstate, + res != ISC_R_SUCCESS, isc_socket_getfd(socket), + &client->peeraddr.type.sa, client->peeraddr.length, msg); +} --- /dev/null 2015-01-22 01:48:00.000000000 -0500 +++ dist/bin/named/pfilter.h 2015-01-22 01:16:56.000000000 -0500 @@@@ -0,0 +1,2 @@@@ +void pfilter_open(void); +void pfilter_notify(isc_result_t, ns_client_t *, const char *); Index: bin/named/Makefile =================================================================== RCS file: /cvsroot/src/external/bsd/bind/bin/named/Makefile,v retrieving revision 1.8 diff -u -u -r1.8 Makefile --- bin/named/Makefile 31 Dec 2013 20:23:12 -0000 1.8 +++ bin/named/Makefile 23 Jan 2015 21:37:09 -0000 @@@@ -33,7 +33,9 @@@@ lwaddr.c lwdclient.c lwderror.c \ lwdgabn.c lwdgnba.c lwdgrbn.c lwdnoop.c lwresd.c lwsearch.c \ main.c notify.c query.c server.c sortlist.c statschannel.c \ - tkeyconf.c tsigconf.c \ + pfilter.c tkeyconf.c tsigconf.c \ update.c xfrout.c zoneconf.c ${SRCS_UNIX} +LDADD+=-lblacklist +DPADD+=${LIBBLACKLIST} .include Index: dist/bin/named/client.c =================================================================== RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/client.c,v retrieving revision 1.11 diff -u -u -r1.11 client.c --- dist/bin/named/client.c 10 Dec 2014 04:37:51 -0000 1.11 +++ dist/bin/named/client.c 23 Jan 2015 21:37:09 -0000 @@@@ -65,6 +65,8 @@@@ #include #include +#include "pfilter.h" + /*** *** Client ***/ @@@@ -3101,6 +3103,7 @@@@ result = ns_client_checkaclsilent(client, sockaddr ? &netaddr : NULL, acl, default_allow); + pfilter_notify(result, client, opname); if (result == ISC_R_SUCCESS) ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), Index: dist/bin/named/main.c =================================================================== RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/main.c,v retrieving revision 1.15 diff -u -u -r1.15 main.c --- dist/bin/named/main.c 10 Dec 2014 04:37:51 -0000 1.15 +++ dist/bin/named/main.c 23 Jan 2015 21:37:09 -0000 @@@@ -83,6 +83,9 @@@@ #ifdef HAVE_LIBXML2 #include #endif + +#include "pfilter.h" + /* * Include header files for database drivers here. */ @@@@ -1206,6 +1209,8 @@@@ parse_command_line(argc, argv); + pfilter_open(); + /* * Warn about common configuration error. */ Index: dist/bin/named/query.c =================================================================== RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/query.c,v retrieving revision 1.17 diff -u -u -r1.17 query.c --- dist/bin/named/query.c 10 Dec 2014 04:37:52 -0000 1.17 +++ dist/bin/named/query.c 23 Jan 2015 21:37:09 -0000 @@@@ -65,6 +65,8 @@@@ #include #include +#include "pfilter.h" + #if 0 /* * It has been recommended that DNS64 be changed to return excluded @@@@ -762,6 +764,8 @@@@ } result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE); + if (result != ISC_R_SUCCESS) + pfilter_notify(result, client, "validatezonedb"); if ((options & DNS_GETDB_NOLOG) == 0) { char msg[NS_CLIENT_ACLMSGSIZE("query")]; if (result == ISC_R_SUCCESS) { @@@@ -1026,6 +1030,8 @@@@ result = ns_client_checkaclsilent(client, NULL, client->view->cacheacl, ISC_TRUE); + if (result == ISC_R_SUCCESS) + pfilter_notify(result, client, "cachedb"); if (result == ISC_R_SUCCESS) { /* * We were allowed by the "allow-query-cache" ACL. Index: dist/bin/named/update.c =================================================================== RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/update.c,v retrieving revision 1.9 diff -u -u -r1.9 update.c --- dist/bin/named/update.c 10 Dec 2014 04:37:52 -0000 1.9 +++ dist/bin/named/update.c 23 Jan 2015 21:37:09 -0000 @@@@ -59,6 +59,8 @@@@ #include #include +#include "pfilter.h" + /*! \file * \brief * This module implements dynamic update as in RFC2136. @@@@ -307,6 +309,7 @@@@ result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE); if (result != ISC_R_SUCCESS) { + pfilter_notify(result, client, "queryacl"); dns_name_format(zonename, namebuf, sizeof(namebuf)); dns_rdataclass_format(client->view->rdclass, classbuf, sizeof(classbuf)); @@@@ -324,6 +327,7 @@@@ sizeof(classbuf)); result = DNS_R_REFUSED; + pfilter_notify(result, client, "updateacl"); ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY, NS_LOGMODULE_UPDATE, ISC_LOG_INFO, "update '%s/%s' denied", namebuf, classbuf); @@@@ -362,6 +366,7 @@@@ msg = "disabled"; } else { result = ns_client_checkaclsilent(client, NULL, acl, ISC_FALSE); + pfilter_notify(result, client, "updateacl"); if (result == ISC_R_SUCCESS) { level = ISC_LOG_DEBUG(3); msg = "approved"; Index: dist/bin/named/xfrout.c =================================================================== RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/xfrout.c,v retrieving revision 1.7 diff -u -u -r1.7 xfrout.c --- dist/bin/named/xfrout.c 10 Dec 2014 04:37:52 -0000 1.7 +++ dist/bin/named/xfrout.c 23 Jan 2015 21:37:09 -0000 @@@@ -54,6 +54,8 @@@@ #include #include +#include "pfilter.h" + /*! \file * \brief * Outgoing AXFR and IXFR. @@@@ -822,6 +824,7 @@@@ &client->peeraddr, &db); + pfilter_notify(result, client, "zonexfr"); if (result == ISC_R_NOPERM) { char _buf1[DNS_NAME_FORMATSIZE]; char _buf2[DNS_RDATACLASS_FORMATSIZE]; @ 1.6 log @don't clear the db with positive cache queries; negative cache queries can be don't maliciously for cache pollution. @ text @@ 1.6.2.1 log @file named.diff was added on branch netbsd-7 on 2015-04-30 06:07:33 +0000 @ text @d1 216 @ 1.6.2.2 log @Pull up blacklistd(8), requested by christos in ticket #711: crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1 crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2 crypto/external/bsd/openssh/dist/kexc25519.c up to 1.3 crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3 crypto/external/bsd/openssh/dist/bitmap.c up to 1.2 plus patch crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1 crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.1 crypto/external/bsd/openssh/dist/blf.h up to 1.1 crypto/external/bsd/openssh/dist/blocks.c up to 1.3 crypto/external/bsd/openssh/dist/blowfish.c up to 1.2 crypto/external/bsd/openssh/dist/chacha.c up to 1.3 crypto/external/bsd/openssh/dist/chacha.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2 crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3 crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/crypto_api.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/digest-libc.c up to 1.3 crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3 crypto/external/bsd/openssh/dist/digest.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/ed25519.c up to 1.3 crypto/external/bsd/openssh/dist/fe25519.c up to 1.3 crypto/external/bsd/openssh/dist/fe25519.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/ge25519.c up to 1.3 crypto/external/bsd/openssh/dist/ge25519.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1 crypto/external/bsd/openssh/dist/hash.c up to 1.3 crypto/external/bsd/openssh/dist/hmac.c up to 1.3 crypto/external/bsd/openssh/dist/hmac.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/kexc25519c.c up to 1.3 crypto/external/bsd/openssh/dist/kexc25519s.c up to 1.3 crypto/external/bsd/openssh/dist/poly1305.c up to 1.3 crypto/external/bsd/openssh/dist/poly1305.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/rijndael.c up to 1.1.1.2 crypto/external/bsd/openssh/dist/rijndael.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/sc25519.c up to 1.3 crypto/external/bsd/openssh/dist/sc25519.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf.h up to 1.4 crypto/external/bsd/openssh/dist/ssherr.c up to 1.3 crypto/external/bsd/openssh/dist/ssherr.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/sshkey.c up to 1.3 crypto/external/bsd/openssh/dist/sshkey.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/verify.c up to 1.3 crypto/external/bsd/openssh/dist/opacket.c up to 1.2 crypto/external/bsd/openssh/dist/umac128.c up to 1.1 crypto/external/bsd/openssh/dist/pfilter.c up to 1.2 crypto/external/bsd/openssh/dist/pfilter.h up to 1.1 crypto/external/bsd/openssh/dist/bitmap.h up to 1.2 crypto/external/bsd/openssh/dist/opacket.h up to 1.2 crypto/external/bsd/openssh/dist/ssh_api.c up to 1.2 crypto/external/bsd/openssh/dist/ssh_api.h up to 1.2 crypto/external/bsd/openssh/dist/auth2-jpake.c delete crypto/external/bsd/openssh/dist/compress.c delete crypto/external/bsd/openssh/dist/compress.h delete crypto/external/bsd/openssh/dist/jpake.c delete crypto/external/bsd/openssh/dist/jpake.h delete crypto/external/bsd/openssh/dist/schnorr.c delete crypto/external/bsd/openssh/dist/schnorr.h delete crypto/external/bsd/openssh/dist/strtonum.c 1.1 crypto/external/bsd/openssh/Makefile.inc up to 1.8 crypto/external/bsd/openssh/bin/Makefile.inc up to 1.3 crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2 crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.12 crypto/external/bsd/openssh/dist/PROTOCOL up to 1.5 crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.2 crypto/external/bsd/openssh/dist/addrmatch.c up to 1.8 crypto/external/bsd/openssh/dist/atomicio.c up to 1.6 crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4 crypto/external/bsd/openssh/dist/auth-chall.c up to 1.6 crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.7 crypto/external/bsd/openssh/dist/auth-options.c up to 1.9 crypto/external/bsd/openssh/dist/auth-options.h up to 1.6 crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.4 crypto/external/bsd/openssh/dist/auth-rh-rsa.c up to 1.6 crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.5 crypto/external/bsd/openssh/dist/auth-rsa.c up to 1.10 crypto/external/bsd/openssh/dist/auth.c up to 1.12 crypto/external/bsd/openssh/dist/auth.h up to 1.10 crypto/external/bsd/openssh/dist/auth1.c up to 1.11 crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.7 crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.8 crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7 crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5 crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.4 crypto/external/bsd/openssh/dist/auth2-none.c up to 1.5 crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5 crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11 crypto/external/bsd/openssh/dist/auth2.c up to 1.11 crypto/external/bsd/openssh/dist/authfd.c up to 1.8 crypto/external/bsd/openssh/dist/authfd.h up to 1.5 crypto/external/bsd/openssh/dist/authfile.c up to 1.10 crypto/external/bsd/openssh/dist/authfile.h up to 1.6 crypto/external/bsd/openssh/dist/bufaux.c up to 1.7 crypto/external/bsd/openssh/dist/bufbn.c up to 1.5 crypto/external/bsd/openssh/dist/bufec.c up to 1.5 crypto/external/bsd/openssh/dist/buffer.c up to 1.6 crypto/external/bsd/openssh/dist/buffer.h up to 1.7 crypto/external/bsd/openssh/dist/canohost.c up to 1.8 crypto/external/bsd/openssh/dist/channels.c up to 1.13 crypto/external/bsd/openssh/dist/channels.h up to 1.10 crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7 crypto/external/bsd/openssh/dist/cipher-bf1.c up to 1.6 crypto/external/bsd/openssh/dist/cipher.c up to 1.7 crypto/external/bsd/openssh/dist/cipher.h up to 1.7 crypto/external/bsd/openssh/dist/clientloop.c up to 1.13 crypto/external/bsd/openssh/dist/compat.c up to 1.9 crypto/external/bsd/openssh/dist/compat.h up to 1.6 crypto/external/bsd/openssh/dist/deattack.c up to 1.4 crypto/external/bsd/openssh/dist/deattack.h up to 1.4 crypto/external/bsd/openssh/dist/dh.c up to 1.8 crypto/external/bsd/openssh/dist/dh.h up to 1.4 crypto/external/bsd/openssh/dist/dispatch.c up to 1.5 crypto/external/bsd/openssh/dist/dispatch.h up to 1.4 crypto/external/bsd/openssh/dist/dns.c up to 1.11 crypto/external/bsd/openssh/dist/dns.h up to 1.6 crypto/external/bsd/openssh/dist/groupaccess.c up to 1.5 crypto/external/bsd/openssh/dist/gss-genr.c up to 1.7 crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8 crypto/external/bsd/openssh/dist/gss-serv.c up to 1.7 crypto/external/bsd/openssh/dist/hostfile.c up to 1.7 crypto/external/bsd/openssh/dist/hostfile.h up to 1.7 crypto/external/bsd/openssh/dist/includes.h up to 1.4 crypto/external/bsd/openssh/dist/kex.c up to 1.10 crypto/external/bsd/openssh/dist/kex.h up to 1.9 crypto/external/bsd/openssh/dist/kexdh.c up to 1.4 crypto/external/bsd/openssh/dist/kexdhc.c up to 1.6 crypto/external/bsd/openssh/dist/kexdhs.c up to 1.8 crypto/external/bsd/openssh/dist/kexecdh.c up to 1.5 crypto/external/bsd/openssh/dist/kexecdhc.c up to 1.5 crypto/external/bsd/openssh/dist/kexecdhs.c up to 1.5 crypto/external/bsd/openssh/dist/kexgex.c up to 1.4 crypto/external/bsd/openssh/dist/kexgexc.c up to 1.6 crypto/external/bsd/openssh/dist/kexgexs.c up to 1.8 crypto/external/bsd/openssh/dist/key.c up to 1.16 crypto/external/bsd/openssh/dist/key.h up to 1.9 crypto/external/bsd/openssh/dist/krl.c up to 1.5 crypto/external/bsd/openssh/dist/krl.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/mac.c up to 1.11 crypto/external/bsd/openssh/dist/mac.h up to 1.5 crypto/external/bsd/openssh/dist/match.c up to 1.5 crypto/external/bsd/openssh/dist/misc.c up to 1.10 crypto/external/bsd/openssh/dist/misc.h up to 1.9 plus patch crypto/external/bsd/openssh/dist/moduli.c up to 1.8 crypto/external/bsd/openssh/dist/monitor.c up to 1.14 crypto/external/bsd/openssh/dist/monitor.h up to 1.7 crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5 crypto/external/bsd/openssh/dist/monitor_mm.c up to 1.6 crypto/external/bsd/openssh/dist/monitor_mm.h up to 1.4 crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11 crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8 crypto/external/bsd/openssh/dist/msg.c up to 1.4 crypto/external/bsd/openssh/dist/msg.h up to 1.4 crypto/external/bsd/openssh/dist/mux.c up to 1.11 crypto/external/bsd/openssh/dist/myproposal.h up to 1.10 crypto/external/bsd/openssh/dist/namespace.h up to 1.5 crypto/external/bsd/openssh/dist/packet.c up to 1.18 crypto/external/bsd/openssh/dist/packet.h up to 1.11 crypto/external/bsd/openssh/dist/pathnames.h up to 1.9 crypto/external/bsd/openssh/dist/pkcs11.h up to 1.4 crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7 crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4 crypto/external/bsd/openssh/dist/reallocarray.c new crypto/external/bsd/openssh/dist/readconf.c up to 1.13 crypto/external/bsd/openssh/dist/readconf.h up to 1.12 crypto/external/bsd/openssh/dist/readpass.c up to 1.6 crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7 crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9 crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4 crypto/external/bsd/openssh/dist/rsa.c up to 1.5 crypto/external/bsd/openssh/dist/rsa.h up to 1.4 crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5 crypto/external/bsd/openssh/dist/scp.1 up to 1.9 crypto/external/bsd/openssh/dist/scp.c up to 1.11 crypto/external/bsd/openssh/dist/servconf.c up to 1.17 crypto/external/bsd/openssh/dist/servconf.h up to 1.11 crypto/external/bsd/openssh/dist/serverloop.c up to 1.12 crypto/external/bsd/openssh/dist/session.c up to 1.14 crypto/external/bsd/openssh/dist/session.h up to 1.4 crypto/external/bsd/openssh/dist/sftp-client.c up to 1.13 crypto/external/bsd/openssh/dist/sftp-client.h up to 1.7 crypto/external/bsd/openssh/dist/sftp-common.c up to 1.7 crypto/external/bsd/openssh/dist/sftp-common.h up to 1.5 crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.8 crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.9 crypto/external/bsd/openssh/dist/sftp-server.c up to 1.11 crypto/external/bsd/openssh/dist/sftp.1 up to 1.11 crypto/external/bsd/openssh/dist/sftp.c up to 1.15 crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.9 crypto/external/bsd/openssh/dist/ssh-add.c up to 1.10 crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.8 crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.14 crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.7 crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.6 crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.5 crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.13 crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.16 crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.10 crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.13 crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.9 crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.8 crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6 crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8 crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.7 crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.4 crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.7 crypto/external/bsd/openssh/dist/ssh.1 up to 1.14 crypto/external/bsd/openssh/dist/ssh.c up to 1.16 crypto/external/bsd/openssh/dist/ssh2.h up to 1.6 crypto/external/bsd/openssh/dist/ssh_config up to 1.8 crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.13 crypto/external/bsd/openssh/dist/sshconnect.c up to 1.11 crypto/external/bsd/openssh/dist/sshconnect.h up to 1.6 crypto/external/bsd/openssh/dist/sshconnect1.c up to 1.6 crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.19 crypto/external/bsd/openssh/dist/sshd.8 up to 1.13 crypto/external/bsd/openssh/dist/sshd.c up to 1.18 crypto/external/bsd/openssh/dist/sshd_config up to 1.13 crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.17 crypto/external/bsd/openssh/dist/sshlogin.c up to 1.6 crypto/external/bsd/openssh/dist/sshpty.c up to 1.4 crypto/external/bsd/openssh/dist/uidswap.c up to 1.4 crypto/external/bsd/openssh/dist/umac.c up to 1.9 crypto/external/bsd/openssh/dist/version.h up to 1.14 crypto/external/bsd/openssh/dist/xmalloc.c up to 1.5 crypto/external/bsd/openssh/lib/Makefile up to 1.17 plus patch crypto/external/bsd/openssh/lib/shlib_version up to 1.13 distrib/sets/lists/base/ad.aarch64 patch distrib/sets/lists/base/ad.arm patch distrib/sets/lists/base/ad.mips patch distrib/sets/lists/base/ad.powerpc patch distrib/sets/lists/base/md.amd64 patch distrib/sets/lists/base/md.sparc64 patch distrib/sets/lists/base/mi patch distrib/sets/lists/base/shl.mi patch distrib/sets/lists/comp/ad.aarch64 patch distrib/sets/lists/comp/ad.arm patch distrib/sets/lists/comp/ad.mips patch distrib/sets/lists/comp/ad.powerpc patch distrib/sets/lists/comp/md.amd64 patch distrib/sets/lists/comp/md.sparc64 patch distrib/sets/lists/comp/mi patch distrib/sets/lists/comp/shl.mi patch distrib/sets/lists/debug/ad.aarch64 patch distrib/sets/lists/debug/ad.arm patch distrib/sets/lists/debug/ad.mips patch distrib/sets/lists/debug/ad.powerpc patch distrib/sets/lists/debug/md.amd64 patch distrib/sets/lists/debug/md.sparc64 patch distrib/sets/lists/debug/shl.mi patch distrib/sets/lists/etc/mi patch distrib/sets/lists/man/mi patch etc/defaults/rc.conf 1.130 etc/mtree/NetBSD.dist.base 1.142 external/bsd/Makefile up to 1.48 external/bsd/blacklist/bin/Makefile up to 1.11 plus patch external/bsd/blacklist/bin/blacklistctl.8 up to 1.6 external/bsd/blacklist/bin/blacklistctl.c up to 1.17 external/bsd/blacklist/bin/blacklistd.8 up to 1.10 external/bsd/blacklist/bin/blacklistd.c up to 1.32 external/bsd/blacklist/bin/blacklistd.conf.5 up to 1.2 external/bsd/blacklist/bin/conf.c up to 1.18 external/bsd/blacklist/bin/conf.h up to 1.6 external/bsd/blacklist/bin/internal.c up to 1.5 external/bsd/blacklist/bin/internal.h up to 1.12 external/bsd/blacklist/bin/run.c up to 1.12 external/bsd/blacklist/bin/run.h up to 1.5 external/bsd/blacklist/bin/state.c up to 1.15 external/bsd/blacklist/bin/state.h up to 1.5 external/bsd/blacklist/bin/support.c up to 1.6 external/bsd/blacklist/bin/support.h up to 1.5 external/bsd/blacklist/etc/rc.d/Makefile up to 1.1 external/bsd/blacklist/etc/rc.d/blacklistd up to 1.1 external/bsd/blacklist/etc/Makefile up to 1.3 external/bsd/blacklist/etc/blacklistd.conf up to 1.3 external/bsd/blacklist/etc/npf.conf up to 1.1 external/bsd/blacklist/Makefile up to 1.2 external/bsd/blacklist/Makefile.inc up to 1.3 external/bsd/blacklist/README up to 1.7 external/bsd/blacklist/TODO up to 1.7 external/bsd/blacklist/diff/ftpd.diff up to 1.1 external/bsd/blacklist/diff/named.diff up to 1.6 external/bsd/blacklist/diff/ssh.diff up to 1.6 external/bsd/blacklist/include/Makefile up to 1.1 external/bsd/blacklist/include/bl.h up to 1.12 external/bsd/blacklist/include/blacklist.h up to 1.3 external/bsd/blacklist/include/config.h new external/bsd/blacklist/lib/Makefile up to 1.3 external/bsd/blacklist/lib/bl.c up to 1.24 external/bsd/blacklist/lib/blacklist.c up to 1.5 external/bsd/blacklist/lib/libblacklist.3 up to 1.3 external/bsd/blacklist/lib/shlib_version up to 1.1 external/bsd/blacklist/libexec/Makefile up to 1.1 external/bsd/blacklist/libexec/blacklistd-helper up to 1.4 external/bsd/blacklist/port/m4/.cvsignore up to 1.1 external/bsd/blacklist/port/Makefile.am up to 1.4 external/bsd/blacklist/port/_strtoi.h up to 1.1 external/bsd/blacklist/port/clock_gettime.c up to 1.2 external/bsd/blacklist/port/configure.ac up to 1.7 external/bsd/blacklist/port/fgetln.c up to 1.1 external/bsd/blacklist/port/fparseln.c up to 1.1 external/bsd/blacklist/port/getprogname.c up to 1.4 external/bsd/blacklist/port/pidfile.c up to 1.1 external/bsd/blacklist/port/popenve.c up to 1.2 external/bsd/blacklist/port/port.h up to 1.6 external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9 external/bsd/blacklist/port/strlcat.c up to 1.2 external/bsd/blacklist/port/strlcpy.c up to 1.2 external/bsd/blacklist/port/strtoi.c up to 1.3 external/bsd/blacklist/test/Makefile up to 1.2 external/bsd/blacklist/test/cltest.c up to 1.6 external/bsd/blacklist/test/srvtest.c up to 1.9 lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.23 libexec/ftpd/pfilter.c up to 1.1 libexec/ftpd/pfilter.h up to 1.1 libexec/ftpd/Makefile up to 1.64 libexec/ftpd/ftpd.c up to 1.201 Add blacklistd(8), a daemon to block and release network ports on demand to mitigate abuse, and related changes to system daemons to support it. [christos, ticket #711] @ text @a0 216 --- /dev/null 2015-01-22 01:48:00.000000000 -0500 +++ dist/bin/named/pfilter.c 2015-01-22 01:35:16.000000000 -0500 @@@@ -0,0 +1,42 @@@@ +#include + +#include +#include +#include +#include + +#include + +#include "pfilter.h" + +static struct blacklist *blstate; + +void +pfilter_open(void) +{ + if (blstate == NULL) + blstate = blacklist_open(); +} + +#define TCP_CLIENT(c) (((c)->attributes & NS_CLIENTATTR_TCP) != 0) + +void +pfilter_notify(isc_result_t res, ns_client_t *client, const char *msg) +{ + isc_socket_t *socket; + + pfilter_open(); + + if (TCP_CLIENT(client)) + socket = client->tcpsocket; + else { + socket = client->udpsocket; + if (!client->peeraddr_valid) + return; + } + if (socket == NULL) + return; + blacklist_sa_r(blstate, + res != ISC_R_SUCCESS, isc_socket_getfd(socket), + &client->peeraddr.type.sa, client->peeraddr.length, msg); +} --- /dev/null 2015-01-22 01:48:00.000000000 -0500 +++ dist/bin/named/pfilter.h 2015-01-22 01:16:56.000000000 -0500 @@@@ -0,0 +1,2 @@@@ +void pfilter_open(void); +void pfilter_notify(isc_result_t, ns_client_t *, const char *); Index: bin/named/Makefile =================================================================== RCS file: /cvsroot/src/external/bsd/bind/bin/named/Makefile,v retrieving revision 1.8 diff -u -u -r1.8 Makefile --- bin/named/Makefile 31 Dec 2013 20:23:12 -0000 1.8 +++ bin/named/Makefile 23 Jan 2015 21:37:09 -0000 @@@@ -33,7 +33,9 @@@@ lwaddr.c lwdclient.c lwderror.c \ lwdgabn.c lwdgnba.c lwdgrbn.c lwdnoop.c lwresd.c lwsearch.c \ main.c notify.c query.c server.c sortlist.c statschannel.c \ - tkeyconf.c tsigconf.c \ + pfilter.c tkeyconf.c tsigconf.c \ update.c xfrout.c zoneconf.c ${SRCS_UNIX} +LDADD+=-lblacklist +DPADD+=${LIBBLACKLIST} .include Index: dist/bin/named/client.c =================================================================== RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/client.c,v retrieving revision 1.11 diff -u -u -r1.11 client.c --- dist/bin/named/client.c 10 Dec 2014 04:37:51 -0000 1.11 +++ dist/bin/named/client.c 23 Jan 2015 21:37:09 -0000 @@@@ -65,6 +65,8 @@@@ #include #include +#include "pfilter.h" + /*** *** Client ***/ @@@@ -3101,6 +3103,7 @@@@ result = ns_client_checkaclsilent(client, sockaddr ? &netaddr : NULL, acl, default_allow); + pfilter_notify(result, client, opname); if (result == ISC_R_SUCCESS) ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), Index: dist/bin/named/main.c =================================================================== RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/main.c,v retrieving revision 1.15 diff -u -u -r1.15 main.c --- dist/bin/named/main.c 10 Dec 2014 04:37:51 -0000 1.15 +++ dist/bin/named/main.c 23 Jan 2015 21:37:09 -0000 @@@@ -83,6 +83,9 @@@@ #ifdef HAVE_LIBXML2 #include #endif + +#include "pfilter.h" + /* * Include header files for database drivers here. */ @@@@ -1206,6 +1209,8 @@@@ parse_command_line(argc, argv); + pfilter_open(); + /* * Warn about common configuration error. */ Index: dist/bin/named/query.c =================================================================== RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/query.c,v retrieving revision 1.17 diff -u -u -r1.17 query.c --- dist/bin/named/query.c 10 Dec 2014 04:37:52 -0000 1.17 +++ dist/bin/named/query.c 23 Jan 2015 21:37:09 -0000 @@@@ -65,6 +65,8 @@@@ #include #include +#include "pfilter.h" + #if 0 /* * It has been recommended that DNS64 be changed to return excluded @@@@ -762,6 +764,8 @@@@ } result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE); + if (result != ISC_R_SUCCESS) + pfilter_notify(result, client, "validatezonedb"); if ((options & DNS_GETDB_NOLOG) == 0) { char msg[NS_CLIENT_ACLMSGSIZE("query")]; if (result == ISC_R_SUCCESS) { @@@@ -1026,6 +1030,8 @@@@ result = ns_client_checkaclsilent(client, NULL, client->view->cacheacl, ISC_TRUE); + if (result == ISC_R_SUCCESS) + pfilter_notify(result, client, "cachedb"); if (result == ISC_R_SUCCESS) { /* * We were allowed by the "allow-query-cache" ACL. Index: dist/bin/named/update.c =================================================================== RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/update.c,v retrieving revision 1.9 diff -u -u -r1.9 update.c --- dist/bin/named/update.c 10 Dec 2014 04:37:52 -0000 1.9 +++ dist/bin/named/update.c 23 Jan 2015 21:37:09 -0000 @@@@ -59,6 +59,8 @@@@ #include #include +#include "pfilter.h" + /*! \file * \brief * This module implements dynamic update as in RFC2136. @@@@ -307,6 +309,7 @@@@ result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE); if (result != ISC_R_SUCCESS) { + pfilter_notify(result, client, "queryacl"); dns_name_format(zonename, namebuf, sizeof(namebuf)); dns_rdataclass_format(client->view->rdclass, classbuf, sizeof(classbuf)); @@@@ -324,6 +327,7 @@@@ sizeof(classbuf)); result = DNS_R_REFUSED; + pfilter_notify(result, client, "updateacl"); ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY, NS_LOGMODULE_UPDATE, ISC_LOG_INFO, "update '%s/%s' denied", namebuf, classbuf); @@@@ -362,6 +366,7 @@@@ msg = "disabled"; } else { result = ns_client_checkaclsilent(client, NULL, acl, ISC_FALSE); + pfilter_notify(result, client, "updateacl"); if (result == ISC_R_SUCCESS) { level = ISC_LOG_DEBUG(3); msg = "approved"; Index: dist/bin/named/xfrout.c =================================================================== RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/xfrout.c,v retrieving revision 1.7 diff -u -u -r1.7 xfrout.c --- dist/bin/named/xfrout.c 10 Dec 2014 04:37:52 -0000 1.7 +++ dist/bin/named/xfrout.c 23 Jan 2015 21:37:09 -0000 @@@@ -54,6 +54,8 @@@@ #include #include +#include "pfilter.h" + /*! \file * \brief * Outgoing AXFR and IXFR. @@@@ -822,6 +824,7 @@@@ &client->peeraddr, &db); + pfilter_notify(result, client, "zonexfr"); if (result == ISC_R_NOPERM) { char _buf1[DNS_NAME_FORMATSIZE]; char _buf2[DNS_RDATACLASS_FORMATSIZE]; @ 1.5 log @don't let positive aclquery results clear the blacklist. @ text @d57 1 a57 1 +++ bin/named/Makefile 23 Jan 2015 21:09:41 -0000 d75 1 a75 1 +++ dist/bin/named/client.c 23 Jan 2015 21:09:42 -0000 d99 1 a99 1 +++ dist/bin/named/main.c 23 Jan 2015 21:09:42 -0000 d125 1 a125 1 +++ dist/bin/named/query.c 23 Jan 2015 21:09:42 -0000 d144 1 a144 1 @@@@ -1026,6 +1030,7 @@@@ d148 2 a149 1 + pfilter_notify(result, client, "cachedb"); d159 1 a159 1 +++ dist/bin/named/update.c 23 Jan 2015 21:09:42 -0000 d199 1 a199 1 +++ dist/bin/named/xfrout.c 23 Jan 2015 21:09:42 -0000 @ 1.4 log @one more case missed. @ text @d57 1 a57 1 +++ bin/named/Makefile 22 Jan 2015 23:26:04 -0000 d75 1 a75 1 +++ dist/bin/named/client.c 22 Jan 2015 23:26:04 -0000 d99 1 a99 1 +++ dist/bin/named/main.c 22 Jan 2015 23:26:04 -0000 d125 1 a125 1 +++ dist/bin/named/query.c 22 Jan 2015 23:26:04 -0000 d135 1 a135 1 @@@@ -762,6 +764,7 @@@@ d139 2 a140 1 + pfilter_notify(result, client, "validatezonedb"); d144 1 a144 1 @@@@ -1026,6 +1029,7 @@@@ d158 1 a158 1 +++ dist/bin/named/update.c 22 Jan 2015 23:26:04 -0000 d168 1 a168 2 @@@@ -306,6 +308,7 @@@@ isc_result_t result; a170 1 + pfilter_notify(result, client, "queryacl"); d172 1 d175 1 d198 1 a198 1 +++ dist/bin/named/xfrout.c 22 Jan 2015 23:26:05 -0000 @ 1.3 log @new diffs from the top @ text @d57 1 a57 1 +++ bin/named/Makefile 22 Jan 2015 21:40:38 -0000 d75 1 a75 1 +++ dist/bin/named/client.c 22 Jan 2015 21:40:38 -0000 d99 4 a102 3 +++ dist/bin/named/main.c 22 Jan 2015 21:40:38 -0000 @@@@ -95,6 +95,8 @@@@ #include d104 1 a104 1 d108 1 a108 1 * The maximum number of stack frames to dump on assertion failure. d110 1 a110 1 @@@@ -1206,6 +1208,7 @@@@ d115 1 d125 1 a125 1 +++ dist/bin/named/query.c 22 Jan 2015 21:40:39 -0000 d157 1 a157 1 +++ dist/bin/named/update.c 22 Jan 2015 21:40:39 -0000 d175 9 a183 1 @@@@ -362,6 +365,7 @@@@ d197 1 a197 1 +++ dist/bin/named/xfrout.c 22 Jan 2015 21:40:39 -0000 @ 1.2 log @make this nicer @ text @d1 69 a69 1 Index: client.c d74 2 a75 2 --- client.c 10 Dec 2014 04:37:51 -0000 1.11 +++ client.c 22 Jan 2015 17:54:19 -0000 d93 1 a93 1 Index: main.c d98 2 a99 2 --- main.c 10 Dec 2014 04:37:51 -0000 1.15 +++ main.c 22 Jan 2015 17:54:19 -0000 d117 1 a117 1 Index: query.c d122 2 a123 2 --- query.c 10 Dec 2014 04:37:52 -0000 1.17 +++ query.c 22 Jan 2015 17:54:19 -0000 d149 1 a149 1 Index: update.c d154 2 a155 2 --- update.c 10 Dec 2014 04:37:52 -0000 1.9 +++ update.c 22 Jan 2015 17:54:19 -0000 d181 1 a181 1 Index: xfrout.c d186 2 a187 2 --- xfrout.c 10 Dec 2014 04:37:52 -0000 1.7 +++ xfrout.c 22 Jan 2015 17:54:19 -0000 a204 50 --- /dev/null 2015-01-22 01:48:00.000000000 -0500 +++ pfilter.c 2015-01-22 01:35:16.000000000 -0500 @@@@ -0,0 +1,42 @@@@ +#include + +#include +#include +#include +#include + +#include + +#include "pfilter.h" + +static struct blacklist *blstate; + +void +pfilter_open(void) +{ + if (blstate == NULL) + blstate = blacklist_open(); +} + +#define TCP_CLIENT(c) (((c)->attributes & NS_CLIENTATTR_TCP) != 0) + +void +pfilter_notify(isc_result_t res, ns_client_t *client, const char *msg) +{ + isc_socket_t *socket; + + pfilter_open(); + + if (TCP_CLIENT(client)) + socket = client->tcpsocket; + else { + socket = client->udpsocket; + if (!client->peeraddr_valid) + return; + } + if (socket == NULL) + return; + blacklist_sa_r(blstate, + res != ISC_R_SUCCESS, isc_socket_getfd(socket), + &client->peeraddr.type.sa, client->peeraddr.length, msg); +} --- /dev/null 2015-01-22 01:48:00.000000000 -0500 +++ pfilter.h 2015-01-22 01:16:56.000000000 -0500 @@@@ -0,0 +1,2 @@@@ +void pfilter_open(void); +void pfilter_notify(isc_result_t, ns_client_t *, const char *); @ 1.1 log @- move diffs - always log through lfun @ text @a0 4 ? named.diff ? pfilter.c ? pfilter.h ? x d7 1 a7 1 +++ client.c 22 Jan 2015 06:47:45 -0000 d31 3 a33 4 +++ main.c 22 Jan 2015 06:47:45 -0000 @@@@ -83,6 +83,9 @@@@ #ifdef HAVE_LIBXML2 #include d35 1 a35 1 + d39 1 a39 1 * Include header files for database drivers here. d41 1 a41 1 @@@@ -1206,6 +1209,8 @@@@ a45 1 + d55 1 a55 1 +++ query.c 22 Jan 2015 06:47:45 -0000 d87 1 a87 1 +++ update.c 22 Jan 2015 06:47:45 -0000 d119 1 a119 1 +++ xfrout.c 22 Jan 2015 06:47:45 -0000 d129 1 a129 2 @@@@ -821,7 +823,7 @@@@ question_name, d132 1 a132 1 - @