Differential D52749

openssh: blocklist: Use NetBSD probes
ClosedPublic
Actions

Authored by jlduran on Sep 26 2025, 10:03 AM.

Tags

None

Referenced Files

	F139344869: D52749.diff
	Thu, Dec 11, 1:38 AM

	Unknown Object (File)
	Tue, Nov 11, 11:29 PM

	Unknown Object (File)
	Tue, Nov 11, 3:11 PM

	Unknown Object (File)
	Oct 31 2025, 6:43 AM

	Unknown Object (File)
	Oct 29 2025, 4:37 AM

	Unknown Object (File)
	Oct 29 2025, 1:47 AM

	Unknown Object (File)
	Oct 29 2025, 1:45 AM

	Unknown Object (File)
	Oct 28 2025, 5:06 PM

View All 30 Files

Subscribers

Details

Reviewers

Commits

rG53dc967db74f: openssh: blocklist: Use NetBSD probes
rGe02003bce726: openssh: blocklist: Use NetBSD probes

Summary

Use NetBSD probe locations for consistency. We have submitted all
improved or missing probes, keeping them synchronized with NetBSD (our
blocklist upstream) should simplify upgrades and maintenance, as the
locations of these probes are a moving target, depending on upstream
OpenSSH changes.

Additionally, use BLACKLIST_AUTH_FAIL exclusively for now. At the time
of this commit BLACKLIST_BAD_USER, is a no-op. However, it will change
in a future upgrade.

Also, enhance blacklist notification messages for better debugging by
making them more descriptive.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jlduran created this revision.Sep 26 2025, 10:03 AM

Herald added a subscriber: imp. · View Herald TranscriptSep 26 2025, 10:03 AM

jlduran requested review of this revision.Sep 26 2025, 10:03 AM

Harbormaster completed remote builds in B67346: Diff 162866.Sep 26 2025, 10:03 AM

jlduran added a parent revision: D52748: openssh: blocklist: Cleanup blocklist client.Sep 26 2025, 10:03 AM

emaste accepted this revision.Sep 26 2025, 10:14 AM

This revision is now accepted and ready to land.Sep 26 2025, 10:14 AM

Closed by commit rGe02003bce726: openssh: blocklist: Use NetBSD probes (authored by jlduran). · Explain WhySep 29 2025, 4:35 PM

This revision was automatically updated to reflect the committed changes.

jlduran added a commit: rGe02003bce726: openssh: blocklist: Use NetBSD probes.

jlduran added a commit: rG53dc967db74f: openssh: blocklist: Use NetBSD probes.Sep 30 2025, 11:22 PM

jlduran added inline comments.Oct 15 2025, 6:45 AM

crypto/openssh/sshd-session.c
221	I just realized the text above the signal handler function. This probe should be removed: D53109 Sorry for the inconvenience.

emaste mentioned this in D49503: blacklist: Adapt NetBSD's probes and changes to OpenSSH.Mon, Nov 17, 4:30 PM

Revision Contents
Changeset List

Path

Size

crypto/

openssh/

4 lines

6 lines

5 lines

14 lines

2 lines

15 lines

Diff 163026

crypto/openssh/auth-pam.c

Loading...

crypto/openssh/auth.c

Loading...

crypto/openssh/auth2.c

Loading...

crypto/openssh/monitor.c

Loading...

crypto/openssh/packet.c

Loading...

crypto/openssh/sshd-session.c

Loading...