From: Vincent Bernat Date: Sat, 27 Jun 2020 08:20:55 +0000 (+0200) Subject: code: remove use of blacklist/whitelist X-Git-Tag: 1.0.6~6^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=28fb48859cd2bd664f86da95f95a3585a7ade100;p=thirdparty%2Flldpd.git code: remove use of blacklist/whitelist Use allowlist and denylist and adapt the documentation. --- diff --git a/src/client/lldpcli.8.in b/src/client/lldpcli.8.in index f5aa5379..08b25d85 100644 --- a/src/client/lldpcli.8.in +++ b/src/client/lldpcli.8.in @@ -275,10 +275,10 @@ option, .Nm lldpd will use all available physical interfaces. This option can use wildcards. Several interfaces can be specified separated by commas. -It is also possible to blacklist an interface by prefixing it with an -exclamation mark. It is possible to whitelist an interface by -prefixing it with two exclamation marks. A whitelisted interface beats -a blacklisted interfaces which beats a simple matched interface. For +It is also possible to remove an interface by prefixing it with an +exclamation mark. It is possible to allow an interface by +prefixing it with two exclamation marks. An allowed interface beats +a forbidden interfaces which beats a simple matched interface. For example, with .Em eth*,!eth1,!eth2 .Nm lldpd @@ -389,7 +389,7 @@ Without this option, the first IPv4 and the first IPv6 are used. If an exact IP address is provided, it is used as a management address without any check. If only negative patterns are provided, only one IPv4 and one IPv6 addresses are chosen. Otherwise, many of them can be -selected. If you want to blacklist IPv6 addresses, you can use +selected. If you want to remove IPv6 addresses, you can use .Em !*:* . If an interface name is matched, the first IPv4 address and the first IPv6 address associated to this interface will be chosen. diff --git a/src/daemon/interfaces-bsd.c b/src/daemon/interfaces-bsd.c index ee35fc26..e8c93038 100644 --- a/src/daemon/interfaces-bsd.c +++ b/src/daemon/interfaces-bsd.c @@ -331,12 +331,12 @@ ifbsd_check_physical(struct lldpd *cfg, iface->type |= IFACE_PHYSICAL_T; } -/* Blacklist any dangerous interface. Currently, only p2p0 is blacklisted as it +/* Remove any dangerous interface. Currently, only p2p0 is removed as it * triggers some AirDrop functionality when we send something on it. * See: https://github.com/vincentbernat/lldpd/issues/61 */ static void -ifbsd_blacklist(struct lldpd *cfg, +ifbsd_denylist(struct lldpd *cfg, struct interfaces_device_list *interfaces) { #ifdef HOST_OS_OSX @@ -665,8 +665,8 @@ interfaces_update(struct lldpd *cfg) ifbsd_check_physical(cfg, interfaces, iface); } - ifbsd_blacklist(cfg, interfaces); - interfaces_helper_whitelist(cfg, interfaces); + ifbsd_denylist(cfg, interfaces); + interfaces_helper_allowlist(cfg, interfaces); interfaces_helper_physical(cfg, interfaces, &bpf_ops, ifbpf_phys_init); #ifdef ENABLE_DOT1 diff --git a/src/daemon/interfaces-linux.c b/src/daemon/interfaces-linux.c index c9e1647f..72863f9e 100644 --- a/src/daemon/interfaces-linux.c +++ b/src/daemon/interfaces-linux.c @@ -952,9 +952,9 @@ iflinux_add_physical(struct lldpd *cfg, struct interfaces_device_list *interfaces) { struct interfaces_device *iface; - /* Blacklist some drivers */ + /* Deny some drivers */ const char * const *rif; - const char * const blacklisted_drivers[] = { + const char * const denied_drivers[] = { "cdc_mbim", "vxlan", NULL @@ -975,12 +975,12 @@ iflinux_add_physical(struct lldpd *cfg, continue; } - /* Check if the driver is not blacklisted */ + /* Check if the driver is not denied */ if (iface->driver) { int skip = 0; - for (rif = blacklisted_drivers; *rif; rif++) { + for (rif = denied_drivers; *rif; rif++) { if (strcmp(iface->driver, *rif) == 0) { - log_debug("interfaces", "skip %s: blacklisted driver", + log_debug("interfaces", "skip %s: denied driver", iface->name); skip = 1; break; @@ -1029,7 +1029,7 @@ interfaces_update(struct lldpd *cfg) iflinux_add_vlan(cfg, interfaces); iflinux_add_physical(cfg, interfaces); - interfaces_helper_whitelist(cfg, interfaces); + interfaces_helper_allowlist(cfg, interfaces); #ifdef ENABLE_OLDIES iflinux_handle_bond(cfg, interfaces); #endif diff --git a/src/daemon/interfaces-solaris.c b/src/daemon/interfaces-solaris.c index f9d8bc52..fd61d388 100644 --- a/src/daemon/interfaces-solaris.c +++ b/src/daemon/interfaces-solaris.c @@ -161,7 +161,7 @@ interfaces_update(struct lldpd *cfg) { for (int n = 0; n < num; n++, lifrp++) ifsolaris_extract(cfg, interfaces, addresses, lifrp); - interfaces_helper_whitelist(cfg, interfaces); + interfaces_helper_allowlist(cfg, interfaces); interfaces_helper_physical(cfg, interfaces, &bpf_ops, ifbpf_phys_init); interfaces_helper_mgmt(cfg, addresses, interfaces); diff --git a/src/daemon/interfaces.c b/src/daemon/interfaces.c index b9521f6a..df7d55ba 100644 --- a/src/daemon/interfaces.c +++ b/src/daemon/interfaces.c @@ -177,7 +177,7 @@ interfaces_indextointerface(struct interfaces_device_list *interfaces, } void -interfaces_helper_whitelist(struct lldpd *cfg, +interfaces_helper_allowlist(struct lldpd *cfg, struct interfaces_device_list *interfaces) { struct interfaces_device *iface; @@ -189,11 +189,11 @@ interfaces_helper_whitelist(struct lldpd *cfg, int m = pattern_match(iface->name, cfg->g_config.c_iface_pattern, 0); switch (m) { case 0: - log_debug("interfaces", "blacklist %s", iface->name); + log_debug("interfaces", "deny %s", iface->name); iface->ignore = 1; continue; case 2: - log_debug("interfaces", "whitelist %s (consider it as a physical interface)", + log_debug("interfaces", "allow %s (consider it as a physical interface)", iface->name); iface->type |= IFACE_PHYSICAL_T; continue; @@ -411,7 +411,7 @@ interfaces_helper_chassis(struct lldpd *cfg, /* Add management addresses for the given family. We only take one of each address family, unless a pattern is provided and is not all negative. For - example !*:*,!10.* will only blacklist addresses. We will pick the first IPv4 + example !*:*,!10.* will only deny addresses. We will pick the first IPv4 address not matching 10.*. */ static int diff --git a/src/daemon/lldpd.8.in b/src/daemon/lldpd.8.in index 697514d2..a0f188e2 100644 --- a/src/daemon/lldpd.8.in +++ b/src/daemon/lldpd.8.in @@ -196,7 +196,7 @@ Without this option, the first IPv4 and the first IPv6 are used. If an exact IP address is provided, it is used as a management address without any check. If only negative patterns are provided, only one IPv4 and one IPv6 addresses are chosen. Otherwise, many of them can be -selected. If you want to blacklist IPv6 addresses, you can use +selected. If you want to remove IPv6 addresses, you can use .Em !*:* . If an interface name is matched, the first IPv4 address and the first IPv6 address associated to this interface will be chosen. @@ -209,10 +209,10 @@ option, .Nm will use all available physical interfaces. This option can use wildcards. Several interfaces can be specified separated by commas. -It is also possible to blacklist an interface by prefixing it with an -exclamation mark. It is possible to whitelist an interface by -prefixing it with two exclamation marks. A whitelisted interface beats -a blacklisted interface which beats a simple matched interface. For +It is also possible to remove an interface by prefixing it with an +exclamation mark. It is possible to allow an interface by +prefixing it with two exclamation marks. An allowed interface beats +a forbidden interface which beats a simple matched interface. For example, with .Em eth*,!eth1,!eth2 .Nm @@ -241,7 +241,7 @@ to compute the chassis ID. The logic of this option is the same as for .Fl I flag: you can exclude interfaces with an exclamation mark and use globbing to specify several interfaces. If all interfaces are -blacklisted (with +removed (with .Em !* ) , the system name is used as a chassis ID instead. .It Fl M Ar class diff --git a/src/daemon/lldpd.h b/src/daemon/lldpd.h index 3dad7dca..98977ed4 100644 --- a/src/daemon/lldpd.h +++ b/src/daemon/lldpd.h @@ -314,7 +314,7 @@ struct interfaces_device { char *name; /* Name */ char *alias; /* Alias */ char *address; /* MAC address */ - char *driver; /* Driver (for whitelisting purpose) */ + char *driver; /* Driver */ int flags; /* Flags (IFF_*) */ int mtu; /* MTU */ int type; /* Type (see IFACE_*_T) */ @@ -353,7 +353,7 @@ struct interfaces_device* interfaces_nametointerface( void interfaces_helper_promisc(struct lldpd *, struct lldpd_hardware *); -void interfaces_helper_whitelist(struct lldpd *, +void interfaces_helper_allowlist(struct lldpd *, struct interfaces_device_list *); void interfaces_helper_chassis(struct lldpd *, struct interfaces_device_list *); diff --git a/src/daemon/pattern.c b/src/daemon/pattern.c index 11e69a8c..a13817b8 100644 --- a/src/daemon/pattern.c +++ b/src/daemon/pattern.c @@ -26,18 +26,18 @@ * @param string String to match against the list of patterns * @param patterns List of comma separated patterns. A pattern may * begin by `!` to negate it. In this case, it is - * blacklisted. A pattern may begin with `!!`. In this - * case, it is whitelisted. Each pattern will then be + * denied. A pattern may begin with `!!`. In this + * case, it is allowed back. Each pattern will then be * matched against `fnmatch()` function. * @param found Value to return if the pattern isn't found. Should be either 0 * or 1. * - * If a pattern is found matching and blacklisted at the same time, it - * will be blacklisted. If it is both whitelisted and blacklisted, it - * will be whitelisted. + * If a pattern is found matching and denied at the same time, it + * will be denied. If it is both allowed and denied, it + * will be allowed. * - * @return 0 if the string matches a blacklisted pattern which is not - * whitelisted or if the pattern wasn't found and `found` was set to + * @return 0 if the string matches a denied pattern which is not + * allowed or if the pattern wasn't found and `found` was set to * 0. Otherwise, return 1 unless the interface match is exact, in this * case return 2. */ @@ -45,7 +45,7 @@ int pattern_match(char *string, char *patterns, int found) { char *pattern; - int blacklisted = 0; + int denied = 0; found = !!found; if ((patterns = strdup(patterns)) == NULL) { @@ -58,15 +58,15 @@ pattern_match(char *string, char *patterns, int found) pattern = strtok(NULL, ",")) { if ((pattern[0] == '!') && (pattern[1] == '!') && (fnmatch(pattern + 2, string, 0) == 0)) { - /* Whitelisted. No need to search further. */ + /* Allowed. No need to search further. */ found = (strcmp(pattern + 2, string))?1:2; break; } if ((pattern[0] == '!') && (fnmatch(pattern + 1, string, 0) == 0)) { - blacklisted = 1; + denied = 1; found = 0; - } else if (!blacklisted && fnmatch(pattern, string, 0) == 0) { + } else if (!denied && fnmatch(pattern, string, 0) == 0) { if (!strcmp(pattern, string)) { found = 2; } else if (found < 2) { diff --git a/tests/check_pattern.c b/tests/check_pattern.c index 197c228c..8d332deb 100644 --- a/tests/check_pattern.c +++ b/tests/check_pattern.c @@ -59,7 +59,7 @@ START_TEST(test_match_list_with_wildcards) { } END_TEST -START_TEST(test_simple_blacklist) { +START_TEST(test_simple_denylist) { ck_assert_int_eq(pattern_match("eth0", "!eth0", 0), 0); ck_assert_int_eq(pattern_match("eth0", "!eth0", 1), 0); ck_assert_int_eq(pattern_match("eth1", "!eth0", 0), 0); @@ -67,7 +67,7 @@ START_TEST(test_simple_blacklist) { } END_TEST -START_TEST(test_match_and_blacklist) { +START_TEST(test_match_and_denylist) { ck_assert_int_eq(pattern_match("eth0", "eth0,!eth0", 0), 0); ck_assert_int_eq(pattern_match("eth0", "eth0,!eth0", 1), 0); ck_assert_int_eq(pattern_match("eth1", "eth0,!eth0", 0), 0); @@ -75,7 +75,7 @@ START_TEST(test_match_and_blacklist) { } END_TEST -START_TEST(test_blacklist_wildcard) { +START_TEST(test_denylist_wildcard) { ck_assert_int_eq(pattern_match("eth0", "!eth*", 0), 0); ck_assert_int_eq(pattern_match("eth0", "!eth*", 1), 0); ck_assert_int_eq(pattern_match("eth1", "!eth*", 0), 0); @@ -87,7 +87,7 @@ START_TEST(test_blacklist_wildcard) { } END_TEST -START_TEST(test_whitelist) { +START_TEST(test_allowlist) { ck_assert_int_eq(pattern_match("eth0", "!!eth0", 0), 2); ck_assert_int_eq(pattern_match("eth0", "!!eth0", 1), 2); ck_assert_int_eq(pattern_match("eth1", "!!eth0", 1), 1); @@ -117,10 +117,10 @@ pattern_suite(void) tcase_add_test(tc_pattern, test_wildcard); tcase_add_test(tc_pattern, test_match_list); tcase_add_test(tc_pattern, test_match_list_with_wildcards); - tcase_add_test(tc_pattern, test_simple_blacklist); - tcase_add_test(tc_pattern, test_match_and_blacklist); - tcase_add_test(tc_pattern, test_blacklist_wildcard); - tcase_add_test(tc_pattern, test_whitelist); + tcase_add_test(tc_pattern, test_simple_denylist); + tcase_add_test(tc_pattern, test_match_and_denylist); + tcase_add_test(tc_pattern, test_denylist_wildcard); + tcase_add_test(tc_pattern, test_allowlist); suite_add_tcase(s, tc_pattern); return s;