paul-chambers / blacklistd Goto Github PK

I recently wrote a new application which would have benefited for notifying/using blacklistd.

Unfortunately the application is not written in C, so accessing libblacklist or reimplementing the protocol in another language turns out to be a large barrier-to-entry.

This is because the message sent to blacklistd (bl_message_t) includes system-endian binary, a raw copy of the sockaddr_storage structure as well as fd-passing the client socket to blacklistd.

This is a tough ask in non-C languages such as python, php and go which abstract a lot of this low-level networking minutiae from the application.

My though is, what about a more friendly version=2 protocol that can be easily implemented in these higher-level languages? Some attributes of the protocol might be:

• Text oriented or well-defined endian order (such as network byte order)
• All resolution of peer addresses and local ports are determined client side - so no need to fd-pass

I'm not really suggesting something as simple as comma-delimited text, but as an example the client might send:

action,remoteIP,localIP:localPort,debug-text, e.g.:

OK,1.2.3.4,5.6.7.8:80,user=paul
FAIL,2404:6800:4006:812::200e,[2a03:2880:f119:8083:face:b00c:0:25de]:22,user=root

Apart from enabling higher-level program access, another benefit is that blacklistd could now run on a remote system, such as your firewall router as the message format survives cross-system transmissions.

A final benefit is that an application that cannot be patched to use blacklist directly might be amenable to a log watcher which sends blacklist requests on behalf of the application. This is not possible with the current message format.