Re: CVS commit: src/external/bsd/blacklist/bin

[Roy Marples <roy%marples.name@localhost>]

On 11/03/2020 15:12, Christos Zoulas wrote:
> In article <20200311023318.C6A7FFB28%cvs.NetBSD.org@localhost>,
> Roy Marples <source-changes-d%NetBSD.org@localhost> wrote:
> > -=-=-=-=-=-
> >
> > Module Name:	src
> > Committed By:	roy
> > Date:		Wed Mar 11 02:33:18 UTC 2020
> >
> > Modified Files:
> > 	src/external/bsd/blacklist/bin: blacklistd.c
> >
> > Log Message:
> > blacklist: Don't remove a ruleset if we have already added it
> >
> > The noted argument is wrong - if it's already been deleted then the id we
> > have for it is invalid.
> > Because we don't track deletions to the ruleset, working it out is
> > problematic at best.
> >
> > Instead, if we have already added the rule treat it as a non-op.
> >
> > This is a valid use case because we might receive a burst of messages
> > in the downstream application for the same address and process them
> > one by one. It's not the job of the downstream application to track
> > blacklistd state.
>
> The comment was correct. You need to consider the case where someone
> manually deleted the rule directly from the packet filter. The
> database will think it is there, but now you'll never add it again.

If we just re-add the rule, we should either get an error that it already exists 
which we should gracefully handle or it just overwrites the existing rule.
I don't see the point in deleting something which by your logic is already deleted.

Roy