bin/59588: blocklistctl does not list blocked IPv6 addresses

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/59588: blocklistctl does not list blocked IPv6 addresses
From: martin%NetBSD.org@localhost
Date: Mon, 11 Aug 2025 12:45:00 +0000 (UTC)

>Number:         59588
>Category:       bin
>Synopsis:       blocklistctl does not list blocked IPv6 addresses
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Aug 11 12:45:00 +0000 2025
>Originator:     Martin Husemann
>Release:        NetBSD 11.0_BETA
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD martins.duskware.de 11.0_BETA NetBSD 11.0_BETA (GENERIC64) #0: Fri Aug 1 17:05:55 UTC 2025 mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/evbarm/compile/GENERIC64 evbarm
Architecture: aarch64
Machine: evbarm
>Description:

I have a machine with the most simple NPF and blocklistd config possible,
basically both configs verbatim (modulo the network interface name) from
/usr/share/examples/blocklist/.

Since I can't look at the real NPF blocking rule (PR 59581) I used
"blocklistctl dump" and "blocklistctl dump -r" to view the blocked
addresses.

Curiously I never found a IPv6 address in the output, so I explicitly caused
another machine to be blocked via three times "ssh -6 nonexistant@....",
and the third attempt got correctly blocked.

But it still does not show up in output:

 # blocklistctl dump -r
        address/ma:port id      nfail   remaining time
   64.62.197.77/32:22           2/3     34m42s
129.212.178.122/32:22           2/3     1h37m40s
  120.26.50.109/32:22           2/3     3h51m45s
   80.94.95.116/32:22           2/3     5h52m6s
 101.126.140.51/32:22           2/3     2h45m11s
    189.7.17.61/32:22           2/3     3h37m7s
   1.92.107.203/32:22           2/3     1h34m55s
151.217.139.248/32:22           2/3     1h40m10s
 91.151.238.195/32:22           2/3     2h12m54s
151.217.139.249/32:22           2/3     1h59m5s
185.247.137.172/32:22           2/3     1h34m12s
 27.128.170.160/32:22           2/3     2h42m53s
  60.190.239.92/32:22           2/3     3h54m29s
   180.76.227.2/32:22           2/3     3h56m45s
  81.232.75.114/32:22           2/3     1h15m46s
129.212.185.168/32:22           2/3     1h41m22s
  85.105.144.88/32:22           2/3     1h50m59s
129.212.189.196/32:22           2/3     4h42m22s
220.172.206.210/32:22           2/3     52m30s
  106.13.81.181/32:22           2/3     27m51s
 14.103.165.147/32:22           2/3     3h51m52s
 147.182.205.88/32:22           2/3     1h10m39s
 196.251.114.29/32:22           2/3     2h57m19s
134.199.207.131/32:22           2/3     4h32m17s


>How-To-Repeat:
s/a

>Fix:
This either is a regression from -10 or something broken in my setup (others
have shown me output of blocklistctl dump that listed IPv6 adresses).

Prev by Date: bin/59587: ftp client bug
Next by Date: kern/59589: Linux emulation fails on y-cruncher
Previous by Thread: bin/59587: ftp client bug
Next by Thread: Re: bin/59588: blocklistctl does not list blocked IPv6 addresses
Indexes:

Home | Main Index | Thread Index | Old Index