diff options
| author | Kurt Lidl <lidl@FreeBSD.org> | 2017-05-03 04:39:43 +0000 |
|---|---|---|
| committer | Kurt Lidl <lidl@FreeBSD.org> | 2017-05-03 04:39:43 +0000 |
| commit | 52253412b1a4ba5050d6d44baaf6f40f3a5dd25f (patch) | |
| tree | 38d3f077a3aaa5d12a98fe9350bdd1ded436fed2 | |
| parent | df0cfa3b86180bc007aafedfac6685826e8de7ea (diff) | |
Vendor import of NetBSD's external/bsd/blacklist @ 20170503vendor/NetBSD/blacklist/20170503
Sponsored by: The FreeBSD Foundation
Notes
Notes:
svn path=/vendor/NetBSD/blacklist/dist/; revision=317724
svn path=/vendor/NetBSD/blacklist/20170503/; revision=317725; tag=vendor/NetBSD/blacklist/20170503
| -rw-r--r-- | README | 12 | ||||
| -rw-r--r-- | bin/blacklistctl.8 | 11 | ||||
| -rw-r--r-- | bin/blacklistctl.c | 6 | ||||
| -rw-r--r-- | bin/blacklistd.8 | 13 | ||||
| -rw-r--r-- | bin/blacklistd.c | 60 | ||||
| -rw-r--r-- | bin/blacklistd.conf.5 | 11 | ||||
| -rw-r--r-- | bin/state.c | 8 | ||||
| -rw-r--r-- | etc/rc.d/blacklistd | 4 | ||||
| -rw-r--r-- | lib/bl.c | 25 | ||||
| -rw-r--r-- | lib/libblacklist.3 | 27 | ||||
| -rw-r--r-- | libexec/blacklistd-helper | 73 | ||||
| -rw-r--r-- | port/Makefile.am | 4 | ||||
| -rw-r--r-- | port/config.h | 3 | ||||
| -rw-r--r-- | port/sockaddr_snprintf.c | 6 |
14 files changed, 186 insertions, 77 deletions
@@ -1,4 +1,4 @@ -# $NetBSD: README,v 1.7 2015/01/26 00:34:50 christos Exp $ +# $NetBSD: README,v 1.8 2017/04/13 17:59:34 christos Exp $ This package contains library that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and @@ -98,6 +98,16 @@ group "internal" on $int_if { ... } +You can use 'blacklistctl dump -a' to list all the current entries +in the database; the ones that have nfail <c>/<t> where <c>urrent +>= <t>otal, should have an id assosiated with them; this means that +there is a packet filter rule added for that entry. For npf, you +can examine the packet filter dynamic rule entries using 'npfctl +rule <rulename> list'. The number of current entries can exceed +the total. This happens because entering packet filter rules is +asynchronous; there could be other connection before the rule +becomes activated. + Enjoy, christos diff --git a/bin/blacklistctl.8 b/bin/blacklistctl.8 index d8ed1f09cde2..7c6521117745 100644 --- a/bin/blacklistctl.8 +++ b/bin/blacklistctl.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistctl.8,v 1.7 2015/04/30 06:20:43 riz Exp $ +.\" $NetBSD: blacklistctl.8,v 1.9 2016/06/08 12:48:37 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd April 29, 2015 +.Dd June 7, 2016 .Dt BLACKLISTCTL 8 .Os .Sh NAME @@ -75,7 +75,12 @@ will first attempt to remove the existing rule, and then it will re-add it to make sure that there is only one rule active. .Sh HISTORY .Nm -appeared in +first appeared in .Nx 7 . +.Fx +support for +.Nm +was implemented in +.Fx 11 . .Sh AUTHORS .An Christos Zoulas diff --git a/bin/blacklistctl.c b/bin/blacklistctl.c index d202fb159b89..8cef404d74bf 100644 --- a/bin/blacklistctl.c +++ b/bin/blacklistctl.c @@ -1,4 +1,4 @@ -/* $NetBSD: blacklistctl.c,v 1.20 2016/04/04 15:52:56 christos Exp $ */ +/* $NetBSD: blacklistctl.c,v 1.21 2016/11/02 03:15:07 jnemeth Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #endif #include <sys/cdefs.h> -__RCSID("$NetBSD: blacklistctl.c,v 1.20 2016/04/04 15:52:56 christos Exp $"); +__RCSID("$NetBSD: blacklistctl.c,v 1.21 2016/11/02 03:15:07 jnemeth Exp $"); #include <stdio.h> #include <time.h> @@ -96,10 +96,10 @@ main(int argc, char *argv[]) break; case 'b': blocked = 1; + break; case 'D': dbname = optarg; break; - break; case 'd': debug++; break; diff --git a/bin/blacklistd.8 b/bin/blacklistd.8 index ae684770357f..5846047304dc 100644 --- a/bin/blacklistd.8 +++ b/bin/blacklistd.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.8,v 1.15 2016/03/11 17:16:40 christos Exp $ +.\" $NetBSD: blacklistd.8,v 1.18 2016/07/30 06:09:29 dholland Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 4, 2015 +.Dd June 7, 2016 .Dt BLACKLISTD 8 .Os .Sh NAME @@ -47,7 +47,7 @@ .Nm is a daemon similar to .Xr syslogd 8 -that listens to a sockets at paths specified in the +that listens to sockets at paths specified in the .Ar sockpathsfile for notifications from other daemons about successful or failed connection attempts. @@ -216,7 +216,12 @@ Socket to receive connection notifications. .Xr syslogd 8 .Sh HISTORY .Nm -appeared in +first appeared in .Nx 7 . +.Fx +support for +.Nm +was implemented in +.Fx 11 . .Sh AUTHORS .An Christos Zoulas diff --git a/bin/blacklistd.c b/bin/blacklistd.c index c16b18e193a5..f5c35eae1ad2 100644 --- a/bin/blacklistd.c +++ b/bin/blacklistd.c @@ -1,4 +1,4 @@ -/* $NetBSD: blacklistd.c,v 1.34 2016/04/04 15:52:56 christos Exp $ */ +/* $NetBSD: blacklistd.c,v 1.37 2017/02/18 00:26:16 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -32,7 +32,7 @@ #include "config.h" #endif #include <sys/cdefs.h> -__RCSID("$NetBSD: blacklistd.c,v 1.34 2016/04/04 15:52:56 christos Exp $"); +__RCSID("$NetBSD: blacklistd.c,v 1.37 2017/02/18 00:26:16 christos Exp $"); #include <sys/types.h> #include <sys/socket.h> @@ -207,7 +207,7 @@ process(bl_t bl) if (debug) { char b1[128], b2[128]; - (*lfun)(LOG_DEBUG, "%s: db state info for %s: count=%d/%d " + (*lfun)(LOG_DEBUG, "%s: initial db state for %s: count=%d/%d " "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail, fmttime(b1, sizeof(b1), dbi.last), fmttime(b2, sizeof(b2), ts.tv_sec)); @@ -246,15 +246,24 @@ process(bl_t bl) case BL_DELETE: if (dbi.last == 0) goto out; + dbi.count = 0; dbi.last = 0; break; default: (*lfun)(LOG_ERR, "unknown message %d", bi->bi_type); } - if (state_put(state, &c, &dbi) == -1) - goto out; + state_put(state, &c, &dbi); + out: close(bi->bi_fd); + + if (debug) { + char b1[128], b2[128]; + (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d " + "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail, + fmttime(b1, sizeof(b1), dbi.last), + fmttime(b2, sizeof(b2), ts.tv_sec)); + } } static void @@ -393,13 +402,15 @@ rules_restore(void) int main(int argc, char *argv[]) { - int c, tout, flags, flush, restore; - const char *spath, *blsock; + int c, tout, flags, flush, restore, ret; + const char *spath, **blsock; + size_t nblsock, maxblsock; setprogname(argv[0]); spath = NULL; - blsock = _PATH_BLSOCK; + blsock = NULL; + maxblsock = nblsock = 0; flush = 0; restore = 0; tout = 0; @@ -431,7 +442,17 @@ main(int argc, char *argv[]) restore++; break; case 's': - blsock = optarg; + if (nblsock >= maxblsock) { + maxblsock += 10; + void *p = realloc(blsock, + sizeof(*blsock) * maxblsock); + if (p == NULL) + err(EXIT_FAILURE, + "Can't allocate memory for %zu sockets", + maxblsock); + blsock = p; + } + blsock[nblsock++] = optarg; break; case 't': tout = atoi(optarg) * 1000; @@ -473,17 +494,16 @@ main(int argc, char *argv[]) flags |= O_TRUNC; } - if (restore) - rules_restore(); - struct pollfd *pfd = NULL; bl_t *bl = NULL; size_t nfd = 0; size_t maxfd = 0; - if (spath == NULL) - addfd(&pfd, &bl, &nfd, &maxfd, blsock); - else { + for (size_t i = 0; i < nblsock; i++) + addfd(&pfd, &bl, &nfd, &maxfd, blsock[i]); + free(blsock); + + if (spath) { FILE *fp = fopen(spath, "r"); char *line; if (fp == NULL) @@ -493,6 +513,8 @@ main(int argc, char *argv[]) addfd(&pfd, &bl, &nfd, &maxfd, line); fclose(fp); } + if (nfd == 0) + addfd(&pfd, &bl, &nfd, &maxfd, _PATH_BLSOCK); state = state_open(dbfile, flags, 0600); if (state == NULL) @@ -500,6 +522,9 @@ main(int argc, char *argv[]) if (state == NULL) return EXIT_FAILURE; + if (restore) + rules_restore(); + if (!debug) { if (daemon(0, 0) == -1) err(EXIT_FAILURE, "daemon failed"); @@ -512,7 +537,10 @@ main(int argc, char *argv[]) readconf = 0; conf_parse(configfile); } - switch (poll(pfd, (nfds_t)nfd, tout)) { + ret = poll(pfd, (nfds_t)nfd, tout); + if (debug) + (*lfun)(LOG_DEBUG, "received %d from poll()", ret); + switch (ret) { case -1: if (errno == EINTR) continue; diff --git a/bin/blacklistd.conf.5 b/bin/blacklistd.conf.5 index 40d507b3c08a..9d44012c8a6f 100644 --- a/bin/blacklistd.conf.5 +++ b/bin/blacklistd.conf.5 @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.conf.5,v 1.3 2015/04/30 06:20:43 riz Exp $ +.\" $NetBSD: blacklistd.conf.5,v 1.5 2016/06/08 12:48:37 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd April 29, 2015 +.Dd June 7, 2016 .Dt BLACKLISTD.CONF 5 .Os .Sh NAME @@ -216,7 +216,12 @@ bnx0:ssh * * * * 3 6h .Xr blacklistd 8 .Sh HISTORY .Nm -appeared in +first appeared in .Nx 7 . +.Fx +support for +.Nm +was implemented in +.Fx 11 . .Sh AUTHORS .An Christos Zoulas diff --git a/bin/state.c b/bin/state.c index eb97e970fb1e..f2622c82c251 100644 --- a/bin/state.c +++ b/bin/state.c @@ -1,4 +1,4 @@ -/* $NetBSD: state.c,v 1.18 2016/04/04 15:52:56 christos Exp $ */ +/* $NetBSD: state.c,v 1.19 2016/09/26 19:43:43 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #endif #include <sys/cdefs.h> -__RCSID("$NetBSD: state.c,v 1.18 2016/04/04 15:52:56 christos Exp $"); +__RCSID("$NetBSD: state.c,v 1.19 2016/09/26 19:43:43 christos Exp $"); #include <sys/types.h> #include <sys/socket.h> @@ -200,8 +200,10 @@ state_iterate(DB *db, struct conf *c, struct dbinfo *dbi, unsigned int first) int rv; DBT k, v; - if (db == NULL) + if (db == NULL) { + (*lfun)(LOG_ERR, "%s: called with no database file", __func__); return -1; + } first = first ? R_FIRST : R_NEXT; diff --git a/etc/rc.d/blacklistd b/etc/rc.d/blacklistd index 2e46f518fc70..278a6742e63c 100644 --- a/etc/rc.d/blacklistd +++ b/etc/rc.d/blacklistd @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: blacklistd,v 1.1 2015/01/22 17:49:41 christos Exp $ +# $NetBSD: blacklistd,v 1.2 2016/10/17 22:47:16 christos Exp $ # # PROVIDE: blacklistd @@ -18,7 +18,7 @@ start_precmd="${name}_precmd" extra_commands="reload" _sockfile="/var/run/${name}.sockets" -_sockname="blsock" +_sockname="blacklistd.sock" blacklistd_precmd() { @@ -1,4 +1,4 @@ -/* $NetBSD: bl.c,v 1.27 2015/12/30 16:42:48 christos Exp $ */ +/* $NetBSD: bl.c,v 1.28 2016/07/29 17:13:09 christos Exp $ */ /*- * Copyright (c) 2014 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #endif #include <sys/cdefs.h> -__RCSID("$NetBSD: bl.c,v 1.27 2015/12/30 16:42:48 christos Exp $"); +__RCSID("$NetBSD: bl.c,v 1.28 2016/07/29 17:13:09 christos Exp $"); #include <sys/param.h> #include <sys/types.h> @@ -152,8 +152,8 @@ bl_init(bl_t b, bool srv) b->b_fd = socket(PF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK|SOCK_NOSIGPIPE, 0); if (b->b_fd == -1) { - bl_log(b->b_fun, LOG_ERR, "%s: socket failed (%m)", - __func__); + bl_log(b->b_fun, LOG_ERR, "%s: socket failed (%s)", + __func__, strerror(errno)); BL_UNLOCK(b); return -1; } @@ -200,8 +200,8 @@ bl_init(bl_t b, bool srv) */ if (b->b_connected != 1) { bl_log(b->b_fun, LOG_DEBUG, - "%s: connect failed for `%s' (%m)", - __func__, sun->sun_path); + "%s: connect failed for `%s' (%s)", + __func__, sun->sun_path, strerror(errno)); b->b_connected = 1; } BL_UNLOCK(b); @@ -220,8 +220,8 @@ bl_init(bl_t b, bool srv) errno = serrno; if (rv == -1) { bl_log(b->b_fun, LOG_ERR, - "%s: bind failed for `%s' (%m)", - __func__, sun->sun_path); + "%s: bind failed for `%s' (%s)", + __func__, sun->sun_path, strerror(errno)); goto out; } } @@ -260,7 +260,8 @@ bl_init(bl_t b, bool srv) if (setsockopt(b->b_fd, CRED_LEVEL, CRED_NAME, &one, (socklen_t)sizeof(one)) == -1) { bl_log(b->b_fun, LOG_ERR, "%s: setsockopt %s " - "failed (%m)", __func__, __STRING(CRED_NAME)); + "failed (%s)", __func__, __STRING(CRED_NAME), + strerror(errno)); goto out; } #endif @@ -296,7 +297,8 @@ bl_create(bool srv, const char *path, void (*fun)(int, const char *, va_list)) return b; out: free(b); - bl_log(fun, LOG_ERR, "%s: malloc failed (%m)", __func__); + bl_log(fun, LOG_ERR, "%s: malloc failed (%s)", __func__, + strerror(errno)); return NULL; } @@ -451,7 +453,8 @@ bl_recv(bl_t b) rlen = recvmsg(b->b_fd, &msg, 0); if (rlen == -1) { - bl_log(b->b_fun, LOG_ERR, "%s: recvmsg failed (%m)", __func__); + bl_log(b->b_fun, LOG_ERR, "%s: recvmsg failed (%s)", __func__, + strerror(errno)); return NULL; } diff --git a/lib/libblacklist.3 b/lib/libblacklist.3 index e13682031b81..bab2ad1ffc2e 100644 --- a/lib/libblacklist.3 +++ b/lib/libblacklist.3 @@ -1,4 +1,4 @@ -.\" $NetBSD: libblacklist.3,v 1.3 2015/01/25 23:09:28 wiz Exp $ +.\" $NetBSD: libblacklist.3,v 1.7 2017/02/04 23:33:56 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -36,7 +36,7 @@ .Nm blacklist_r , .Nm blacklist , .Nm blacklist_sa -.Nm blacklist_sa_r , +.Nm blacklist_sa_r .Nd Blacklistd notification library .Sh LIBRARY .Lb libblacklist @@ -62,7 +62,7 @@ block or release port access to prevent Denial of Service attacks. .Pp The function .Fn blacklist_open -creates a the necessary state to communicate with +creates the necessary state to communicate with .Xr blacklistd 8 and returns a pointer to it, or .Dv NULL @@ -106,18 +106,25 @@ All functions log errors to .Xr syslogd 8 . .Sh RETURN VALUES The function -.Fn bl_open +.Fn blacklist_open returns a cookie on success and .Dv NULL -on failure setting errno to an appropriate value. +on failure setting +.Dv errno +to an appropriate value. .Pp -The -.Fn bl_send -function returns +The functions +.Fn blacklist , +.Fn blacklist_sa , +and +.Fn blacklist_sa_r +return .Dv 0 on success and -.Dv -1 -on failure setting errno to an appropriate value. +.Dv \-1 +on failure setting +.Dv errno +to an appropriate value. .Sh SEE ALSO .Xr blacklistd.conf 5 , .Xr blacklistd 8 diff --git a/libexec/blacklistd-helper b/libexec/blacklistd-helper index 743ccf5508b3..2d0a89e8fb0e 100644 --- a/libexec/blacklistd-helper +++ b/libexec/blacklistd-helper @@ -10,12 +10,20 @@ # $7 id pf= -for f in npf pf; do - if [ -f "/etc/$f.conf" ]; then - pf="$f" - break - fi -done +if [ -f "/etc/ipfw-blacklist.rc" ]; then + pf="ipfw" + . /etc/ipfw-blacklist.rc + ipfw_offset=${ipfw_offset:-2000} +fi + +if [ -z "$pf" ]; then + for f in npf pf ipf; do + if [ -f "/etc/$f.conf" ]; then + pf="$f" + break + fi + done +fi if [ -z "$pf" ]; then echo "$0: Unsupported packet filter" 1>&2 @@ -43,35 +51,74 @@ esac case "$1" in add) case "$pf" in + ipf) + /sbin/ipfstat -io | /sbin/ipf -I -f - >/dev/null 2>&1 + echo block in quick $proto from $addr/$mask to \ + any port=$6 head port$6 | \ + /sbin/ipf -I -f - -s >/dev/null 2>&1 && echo OK + ;; + ipfw) + # use $ipfw_offset+$port for rule number + rule=$(($ipfw_offset + $6)) + tname="port$6" + /sbin/ipfw table $tname create type addr 2>/dev/null + /sbin/ipfw -q table $tname add "$addr/$mask" + # if rule number $rule does not already exist, create it + /sbin/ipfw show $rule >/dev/null 2>&1 || \ + /sbin/ipfw add $rule drop $3 from \ + table"("$tname")" to any dst-port $6 >/dev/null && \ + echo OK + ;; npf) /sbin/npfctl rule "$2" add block in final $proto from \ "$addr/$mask" to any $port ;; pf) - # insert $ip/$mask into per-protocol anchored table - /sbin/pfctl -a "$2" -t "port$6" -T add "$addr/$mask" - echo "block in quick $proto from <port$6> to any $port" | \ - /sbin/pfctl -a "$2" -f - + # if the filtering rule does not exist, create it + /sbin/pfctl -a "$2/$6" -sr 2>/dev/null | \ + grep -q "<port$6>" || \ + echo "block in quick $proto from <port$6> to any $port" | \ + /sbin/pfctl -a "$2/$6" -f - + # insert $ip/$mask into per-protocol/port anchored table + /sbin/pfctl -a "$2/$6" -t "port$6" -T add "$addr/$mask" && \ + echo OK ;; esac ;; rem) case "$pf" in + ipf) + /sbin/ipfstat -io | /sbin/ipf -I -f - >/dev/null 2>&1 + echo block in quick $proto from $addr/$mask to \ + any port=$6 head port$6 | \ + /sbin/ipf -I -r -f - -s >/dev/null 2>&1 && echo OK + ;; + ipfw) + /sbin/ipfw table "port$6" delete "$addr/$mask" 2>/dev/null && \ + echo OK + ;; npf) /sbin/npfctl rule "$2" rem-id "$7" ;; pf) - /sbin/pfctl -a "$2" -t "port$6" -T delete "$addr/$mask" + /sbin/pfctl -a "$2/$6" -t "port$6" -T delete "$addr/$mask" && \ + echo OK ;; esac ;; flush) - case "$pf" in + case "$pf" in + ipf) + /sbin/ipf -Z -I -Fi -s > /dev/null && echo OK + ;; + ipfw) + /sbin/ipfw table "port$6" flush 2>/dev/null && echo OK + ;; npf) /sbin/npfctl rule "$2" flush ;; pf) - /sbin/pfctl -a "$2" -t "port$6" -T flush + /sbin/pfctl -a "$2/$6" -t "port$6" -T flush && echo OK ;; esac ;; diff --git a/port/Makefile.am b/port/Makefile.am index f1b36ca880a3..43bf6c94b420 100644 --- a/port/Makefile.am +++ b/port/Makefile.am @@ -1,11 +1,11 @@ # ACLOCAL_AMFLAGS = -I m4 lib_LTLIBRARIES = libblacklist.la -include_HEADERS = blacklist.h +include_HEADERS = ../include/blacklist.h bin_PROGRAMS = blacklistd blacklistctl srvtest cltest -VPATH = ../bin:../lib:../test +VPATH = ../bin:../lib:../test:../include AM_CPPFLAGS = -I../include -DDOT="." AM_CFLAGS = @WARNINGS@ diff --git a/port/config.h b/port/config.h deleted file mode 100644 index 27f32636de01..000000000000 --- a/port/config.h +++ /dev/null @@ -1,3 +0,0 @@ -#if defined(__FreeBSD__) -#include "port.h" -#endif diff --git a/port/sockaddr_snprintf.c b/port/sockaddr_snprintf.c index 41e5e0c0ed20..558755b6294b 100644 --- a/port/sockaddr_snprintf.c +++ b/port/sockaddr_snprintf.c @@ -1,4 +1,4 @@ -/* $NetBSD: sockaddr_snprintf.c,v 1.10 2016/04/05 12:28:57 christos Exp $ */ +/* $NetBSD: sockaddr_snprintf.c,v 1.11 2016/06/01 22:57:51 christos Exp $ */ /*- * Copyright (c) 2004 The NetBSD Foundation, Inc. @@ -34,7 +34,7 @@ #include <sys/cdefs.h> #if defined(LIBC_SCCS) && !defined(lint) -__RCSID("$NetBSD: sockaddr_snprintf.c,v 1.10 2016/04/05 12:28:57 christos Exp $"); +__RCSID("$NetBSD: sockaddr_snprintf.c,v 1.11 2016/06/01 22:57:51 christos Exp $"); #endif /* LIBC_SCCS and not lint */ #include <sys/param.h> @@ -219,7 +219,7 @@ sockaddr_snprintf(char * const sbuf, const size_t len, const char * const fmt, case AF_LINK: sdl = ((const struct sockaddr_dl *)(const void *)sa); (void)strlcpy(addr = abuf, link_ntoa(sdl), sizeof(abuf)); - if ((w = strchr(addr, ':')) != 0) { + if ((w = strchr(addr, ':')) != NULL) { *w++ = '\0'; addr = w; } |