Skip to content

Handle upgrade path for blacklist to blocklist#895

Merged
zakird merged 7 commits intomainfrom
phillip/894-upgrade-blacklist-to-blocklist
Sep 8, 2024
Merged

Handle upgrade path for blacklist to blocklist#895
zakird merged 7 commits intomainfrom
phillip/894-upgrade-blacklist-to-blocklist

Conversation

@phillip-stephens
Copy link
Contributor

@phillip-stephens phillip-stephens commented Sep 3, 2024
edited
Loading

Closes #894

Description

If someone had installed zmap prior to changing the blacklist -> blocklist, they may have an existing /etc/zmap/blacklist.conf file. If this file had been changed or had any modifications in it, it will not be respected after installing the latest ZMap. The fix is to rename the existing file (if it exists) to the expected etc/zmap/blocklist.conf,

Additionally, (and what I believe caused #894), the contents of zmap.conf would have been

blacklist-file "/etc/zmap/blacklist.conf"

If the zmap.conf file exists and contains that string, we'll replace it with:

blocklist-file "/etc/zmap/blocklist.conf"

Also fixed a typo.

Testing

main when there's a blacklist.conf file

Notice how there are both a blacklist.conf and a blocklist.conf

276f9edbd3c2# mkdir /etc/zmap
276f9edbd3c2# echo "hello" > /etc/zmap/blacklist.conf
276f9edbd3c2# cmake . && make -j4 && make install
...
...
f13c372b071b# ls /etc/zmap
blacklist.conf  blocklist.conf  zmap.conf
f13c372b071b# cat /etc/zmap/blacklist.conf 
hello
f13c372b071b# cat /etc/zmap/blocklist.conf
# From IANA IPv4 Special-Purpose Address Registry
# http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
# Updated 2013-05-22

0.0.0.0/8           # RFC1122: "This host on this network"
10.0.0.0/8          # RFC1918: Private-Use
100.64.0.0/10       # RFC6598: Shared Address Space
127.0.0.0/8         # RFC1122: Loopback
169.254.0.0/16      # RFC3927: Link Local
...

Phillip/894 when there's a pre-existing blacklist.conf file

276f9edbd3c2# mkdir /etc/zmap
276f9edbd3c2# echo "hello" > /etc/zmap/blacklist.conf
276f9edbd3c2# cmake . && make -j4 && make install
...
67fc06685b98# ls /etc/zmap
blacklist.conf  blocklist.conf  zmap.conf
67fc06685b98# cat /etc/zmap/blacklist.conf 
hello
67fc06685b98# cat /etc/zmap/blocklist.conf
hello

Phillip/894 with a fresh install

80a30c9ecba2# cmake . && make -j4 && make install
...
80a30c9ecba2# ls /etc/zmap
blocklist.conf  zmap.conf
80a30c9ecba2# cat /etc/zmap/blocklist.conf
# From IANA IPv4 Special-Purpose Address Registry
# http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
# Updated 2013-05-22

0.0.0.0/8           # RFC1122: "This host on this network"
10.0.0.0/8          # RFC1918: Private-Use
100.64.0.0/10       # RFC6598: Shared Address Space
127.0.0.0/8         # RFC1122: Loopback
169.254.0.0/16      # RFC3927: Link Local
172.16.0.0/12       # RFC1918: Private-Use
...

@zakird
Copy link
Member

zakird commented Sep 3, 2024

I'm a little bit hesitant to do this because it could unexpectedly break things for the user. What if we instead added a symlink?

@phillip-stephens
Copy link
Contributor Author

phillip-stephens commented Sep 3, 2024

That seems fine and perhaps less intrusive. We still have the issue with zmap.conf that I just realized and mention in the now updated description. Not sure if we should just leave that as an exercise to the user (could always just do a fresh install) but I added code that should handle it. Tested with a pre-existing zmap.conf and installed latest zmap.
cc: @zakird

@phillip-stephens phillip-stephens mentioned this pull request Sep 3, 2024
Closed
@zakird
Copy link
Member

zakird commented Sep 3, 2024

Is that an issue if the symlink is there?

@phillip-stephens
Copy link
Contributor Author

phillip-stephens commented Sep 3, 2024

Yeah, probably should have expanded a bit more in the PR description. The symlink solves the issue with having a blacklist.conf, we can just create a symlink to blocklist.conf -> blacklist.conf. BUT, there's a 2nd issue with the zmap.conf config file.

We have the "standard options" run with most zmap invocations stored in /etc/zmap/zmap.conf.

The current version looks like:

...
### Blocklist file to use. We encourage you to exclude
### RFC1918, IANA reserved, and multicast networks,
### in addition to those who have opted out of your
### network scans.
blocklist-file "/etc/zmap/blocklist.conf"

...

If the .../zmap.conf file already exists, it won't be re-created by default. See here.

So I believe that in #894, the user's zmap.conf file had the old line: blacklist-file "/etc/zmap/blacklist.conf". That would have caused the error they saw. I think the only fix would be to either always overwrite the old file if it exists, leave it to the user to fix, or replace that string if it exists.

@zakird zakird merged commit eed9790 into main Sep 8, 2024
@zakird zakird deleted the phillip/894-upgrade-blacklist-to-blocklist branch September 8, 2024 20:41
@BrewTestBot BrewTestBot mentioned this pull request Nov 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zakird zakird zakird approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Error: zmap: unrecognized option '--blacklist-file=/etc/zmap/blacklist.conf'

2 participants

@phillip-stephens @zakird