Import NetBSD's blacklist source from vendor tree

This import includes The basic blacklist library and utility programs,
to add a system-wide packet filtering notification mechanism to
FreeBSD.

The rational behind the daemon was given by Christos Zoulas in a
presentation at vBSDcon 2015: https://youtu.be/fuuf8G28mjs

Reviewed by:	rpaulo
Approved by:	rpaulo
Obtained from:	NetBSD
Relnotes:	YES
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5912

3 files changed, 132 insertions, 0 deletions

diff --git a/contrib/blacklist/include/Makefile b/contrib/blacklist/include/Makefile
new file mode 100644
index 0000000..6854907
--- /dev/null
+++ b/contrib/blacklist/include/Makefile
@@ -0,0 +1,10 @@
+#	$NetBSD: Makefile,v 1.1 2015/01/21 16:16:00 christos Exp $
+
+# Doing a make includes builds /usr/include
+
+NOOBJ=		# defined
+
+INCS=	blacklist.h
+INCSDIR=	/usr/include
+
+.include <bsd.prog.mk>
diff --git a/contrib/blacklist/include/bl.h b/contrib/blacklist/include/bl.h
new file mode 100644
index 0000000..68249cd
--- /dev/null
+++ b/contrib/blacklist/include/bl.h
@@ -0,0 +1,76 @@
+/*	$NetBSD: bl.h,v 1.13 2016/03/11 17:16:40 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2014 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _BL_H
+#define _BL_H
+
+#include <stdbool.h>
+#include <stdarg.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include "blacklist.h"
+
+typedef enum {
+	BL_INVALID,
+	BL_ADD,
+	BL_DELETE
+} bl_type_t;
+
+typedef struct {
+	bl_type_t bi_type;
+	int bi_fd;
+	uid_t bi_uid;
+	gid_t bi_gid;
+	socklen_t bi_slen;
+	struct sockaddr_storage bi_ss;
+	char bi_msg[1024];
+} bl_info_t;
+
+#define bi_cred bi_u._bi_cred
+
+#ifndef _PATH_BLSOCK
+#define _PATH_BLSOCK "/var/run/blacklistd.sock"
+#endif
+
+__BEGIN_DECLS
+
+typedef struct blacklist *bl_t;
+
+bl_t bl_create(bool, const char *, void (*)(int, const char *, va_list));
+void bl_destroy(bl_t);
+int bl_send(bl_t, bl_type_t, int, const struct sockaddr *, socklen_t,
+    const char *);
+int bl_getfd(bl_t);
+bl_info_t *bl_recv(bl_t);
+bool bl_isconnected(bl_t);
+
+__END_DECLS
+
+#endif /* _BL_H */
diff --git a/contrib/blacklist/include/blacklist.h b/contrib/blacklist/include/blacklist.h
new file mode 100644
index 0000000..9ebe11b
--- /dev/null
+++ b/contrib/blacklist/include/blacklist.h
@@ -0,0 +1,46 @@
+/*	$NetBSD: blacklist.h,v 1.3 2015/01/23 18:48:56 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2014 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _BLACKLIST_H
+#define _BLACKLIST_H
+
+#include <sys/socket.h>
+
+__BEGIN_DECLS
+struct blacklist *blacklist_open(void);
+void blacklist_close(struct blacklist *);
+int blacklist(int, int, const char *);
+int blacklist_r(struct blacklist *, int, int, const char *);
+int blacklist_sa(int, int, const struct sockaddr *, socklen_t, const char *);
+int blacklist_sa_r(struct blacklist *, int, int,
+    const struct sockaddr *, socklen_t, const char *);
+__END_DECLS
+
+#endif /* _BLACKLIST_H */