Use allowlist and denylist and adapt the documentation.
.Nm lldpd
will use all available physical interfaces. This option can use
wildcards. Several interfaces can be specified separated by commas.
-It is also possible to blacklist an interface by prefixing it with an
-exclamation mark. It is possible to whitelist an interface by
-prefixing it with two exclamation marks. A whitelisted interface beats
-a blacklisted interfaces which beats a simple matched interface. For
+It is also possible to remove an interface by prefixing it with an
+exclamation mark. It is possible to allow an interface by
+prefixing it with two exclamation marks. An allowed interface beats
+a forbidden interfaces which beats a simple matched interface. For
example, with
.Em eth*,!eth1,!eth2
.Nm lldpd
exact IP address is provided, it is used as a management address
without any check. If only negative patterns are provided, only one
IPv4 and one IPv6 addresses are chosen. Otherwise, many of them can be
-selected. If you want to blacklist IPv6 addresses, you can use
+selected. If you want to remove IPv6 addresses, you can use
.Em !*:* .
If an interface name is matched, the first IPv4 address and the first
IPv6 address associated to this interface will be chosen.
iface->type |= IFACE_PHYSICAL_T;
}
-/* Blacklist any dangerous interface. Currently, only p2p0 is blacklisted as it
+/* Remove any dangerous interface. Currently, only p2p0 is removed as it
* triggers some AirDrop functionality when we send something on it.
* See: https://github.com/vincentbernat/lldpd/issues/61
*/
static void
-ifbsd_blacklist(struct lldpd *cfg,
+ifbsd_denylist(struct lldpd *cfg,
struct interfaces_device_list *interfaces)
{
#ifdef HOST_OS_OSX
ifbsd_check_physical(cfg, interfaces, iface);
}
- ifbsd_blacklist(cfg, interfaces);
- interfaces_helper_whitelist(cfg, interfaces);
+ ifbsd_denylist(cfg, interfaces);
+ interfaces_helper_allowlist(cfg, interfaces);
interfaces_helper_physical(cfg, interfaces,
&bpf_ops, ifbpf_phys_init);
#ifdef ENABLE_DOT1
struct interfaces_device_list *interfaces)
{
struct interfaces_device *iface;
- /* Blacklist some drivers */
+ /* Deny some drivers */
const char * const *rif;
- const char * const blacklisted_drivers[] = {
+ const char * const denied_drivers[] = {
"cdc_mbim",
"vxlan",
NULL
continue;
}
- /* Check if the driver is not blacklisted */
+ /* Check if the driver is not denied */
if (iface->driver) {
int skip = 0;
- for (rif = blacklisted_drivers; *rif; rif++) {
+ for (rif = denied_drivers; *rif; rif++) {
if (strcmp(iface->driver, *rif) == 0) {
- log_debug("interfaces", "skip %s: blacklisted driver",
+ log_debug("interfaces", "skip %s: denied driver",
iface->name);
skip = 1;
break;
iflinux_add_vlan(cfg, interfaces);
iflinux_add_physical(cfg, interfaces);
- interfaces_helper_whitelist(cfg, interfaces);
+ interfaces_helper_allowlist(cfg, interfaces);
#ifdef ENABLE_OLDIES
iflinux_handle_bond(cfg, interfaces);
#endif
for (int n = 0; n < num; n++, lifrp++)
ifsolaris_extract(cfg, interfaces, addresses, lifrp);
- interfaces_helper_whitelist(cfg, interfaces);
+ interfaces_helper_allowlist(cfg, interfaces);
interfaces_helper_physical(cfg, interfaces,
&bpf_ops, ifbpf_phys_init);
interfaces_helper_mgmt(cfg, addresses, interfaces);
}
void
-interfaces_helper_whitelist(struct lldpd *cfg,
+interfaces_helper_allowlist(struct lldpd *cfg,
struct interfaces_device_list *interfaces)
{
struct interfaces_device *iface;
int m = pattern_match(iface->name, cfg->g_config.c_iface_pattern, 0);
switch (m) {
case 0:
- log_debug("interfaces", "blacklist %s", iface->name);
+ log_debug("interfaces", "deny %s", iface->name);
iface->ignore = 1;
continue;
case 2:
- log_debug("interfaces", "whitelist %s (consider it as a physical interface)",
+ log_debug("interfaces", "allow %s (consider it as a physical interface)",
iface->name);
iface->type |= IFACE_PHYSICAL_T;
continue;
/* Add management addresses for the given family. We only take one of each
address family, unless a pattern is provided and is not all negative. For
- example !*:*,!10.* will only blacklist addresses. We will pick the first IPv4
+ example !*:*,!10.* will only deny addresses. We will pick the first IPv4
address not matching 10.*.
*/
static int
exact IP address is provided, it is used as a management address
without any check. If only negative patterns are provided, only one
IPv4 and one IPv6 addresses are chosen. Otherwise, many of them can be
-selected. If you want to blacklist IPv6 addresses, you can use
+selected. If you want to remove IPv6 addresses, you can use
.Em !*:* .
If an interface name is matched, the first IPv4 address and the first
IPv6 address associated to this interface will be chosen.
.Nm
will use all available physical interfaces. This option can use
wildcards. Several interfaces can be specified separated by commas.
-It is also possible to blacklist an interface by prefixing it with an
-exclamation mark. It is possible to whitelist an interface by
-prefixing it with two exclamation marks. A whitelisted interface beats
-a blacklisted interface which beats a simple matched interface. For
+It is also possible to remove an interface by prefixing it with an
+exclamation mark. It is possible to allow an interface by
+prefixing it with two exclamation marks. An allowed interface beats
+a forbidden interface which beats a simple matched interface. For
example, with
.Em eth*,!eth1,!eth2
.Nm
.Fl I
flag: you can exclude interfaces with an exclamation mark and use
globbing to specify several interfaces. If all interfaces are
-blacklisted (with
+removed (with
.Em !* ) ,
the system name is used as a chassis ID instead.
.It Fl M Ar class
char *name; /* Name */
char *alias; /* Alias */
char *address; /* MAC address */
- char *driver; /* Driver (for whitelisting purpose) */
+ char *driver; /* Driver */
int flags; /* Flags (IFF_*) */
int mtu; /* MTU */
int type; /* Type (see IFACE_*_T) */
void interfaces_helper_promisc(struct lldpd *,
struct lldpd_hardware *);
-void interfaces_helper_whitelist(struct lldpd *,
+void interfaces_helper_allowlist(struct lldpd *,
struct interfaces_device_list *);
void interfaces_helper_chassis(struct lldpd *,
struct interfaces_device_list *);
* @param string String to match against the list of patterns
* @param patterns List of comma separated patterns. A pattern may
* begin by `!` to negate it. In this case, it is
- * blacklisted. A pattern may begin with `!!`. In this
- * case, it is whitelisted. Each pattern will then be
+ * denied. A pattern may begin with `!!`. In this
+ * case, it is allowed back. Each pattern will then be
* matched against `fnmatch()` function.
* @param found Value to return if the pattern isn't found. Should be either 0
* or 1.
*
- * If a pattern is found matching and blacklisted at the same time, it
- * will be blacklisted. If it is both whitelisted and blacklisted, it
- * will be whitelisted.
+ * If a pattern is found matching and denied at the same time, it
+ * will be denied. If it is both allowed and denied, it
+ * will be allowed.
*
- * @return 0 if the string matches a blacklisted pattern which is not
- * whitelisted or if the pattern wasn't found and `found` was set to
+ * @return 0 if the string matches a denied pattern which is not
+ * allowed or if the pattern wasn't found and `found` was set to
* 0. Otherwise, return 1 unless the interface match is exact, in this
* case return 2.
*/
pattern_match(char *string, char *patterns, int found)
{
char *pattern;
- int blacklisted = 0;
+ int denied = 0;
found = !!found;
if ((patterns = strdup(patterns)) == NULL) {
pattern = strtok(NULL, ",")) {
if ((pattern[0] == '!') && (pattern[1] == '!') &&
(fnmatch(pattern + 2, string, 0) == 0)) {
- /* Whitelisted. No need to search further. */
+ /* Allowed. No need to search further. */
found = (strcmp(pattern + 2, string))?1:2;
break;
}
if ((pattern[0] == '!') &&
(fnmatch(pattern + 1, string, 0) == 0)) {
- blacklisted = 1;
+ denied = 1;
found = 0;
- } else if (!blacklisted && fnmatch(pattern, string, 0) == 0) {
+ } else if (!denied && fnmatch(pattern, string, 0) == 0) {
if (!strcmp(pattern, string)) {
found = 2;
} else if (found < 2) {
}
END_TEST
-START_TEST(test_simple_blacklist) {
+START_TEST(test_simple_denylist) {
ck_assert_int_eq(pattern_match("eth0", "!eth0", 0), 0);
ck_assert_int_eq(pattern_match("eth0", "!eth0", 1), 0);
ck_assert_int_eq(pattern_match("eth1", "!eth0", 0), 0);
}
END_TEST
-START_TEST(test_match_and_blacklist) {
+START_TEST(test_match_and_denylist) {
ck_assert_int_eq(pattern_match("eth0", "eth0,!eth0", 0), 0);
ck_assert_int_eq(pattern_match("eth0", "eth0,!eth0", 1), 0);
ck_assert_int_eq(pattern_match("eth1", "eth0,!eth0", 0), 0);
}
END_TEST
-START_TEST(test_blacklist_wildcard) {
+START_TEST(test_denylist_wildcard) {
ck_assert_int_eq(pattern_match("eth0", "!eth*", 0), 0);
ck_assert_int_eq(pattern_match("eth0", "!eth*", 1), 0);
ck_assert_int_eq(pattern_match("eth1", "!eth*", 0), 0);
}
END_TEST
-START_TEST(test_whitelist) {
+START_TEST(test_allowlist) {
ck_assert_int_eq(pattern_match("eth0", "!!eth0", 0), 2);
ck_assert_int_eq(pattern_match("eth0", "!!eth0", 1), 2);
ck_assert_int_eq(pattern_match("eth1", "!!eth0", 1), 1);
tcase_add_test(tc_pattern, test_wildcard);
tcase_add_test(tc_pattern, test_match_list);
tcase_add_test(tc_pattern, test_match_list_with_wildcards);
- tcase_add_test(tc_pattern, test_simple_blacklist);
- tcase_add_test(tc_pattern, test_match_and_blacklist);
- tcase_add_test(tc_pattern, test_blacklist_wildcard);
- tcase_add_test(tc_pattern, test_whitelist);
+ tcase_add_test(tc_pattern, test_simple_denylist);
+ tcase_add_test(tc_pattern, test_match_and_denylist);
+ tcase_add_test(tc_pattern, test_denylist_wildcard);
+ tcase_add_test(tc_pattern, test_allowlist);
suite_add_tcase(s, tc_pattern);
return s;