openwrt/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2026-05-31 06:51:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

banip: update 1.8.8-5

Browse Source 
* bugfix: only load the configuration once per run: a new `ban_confload`
  guard short-circuits `f_conf()` on subsequent calls, avoiding
  repeated `config_load` invocations
* new: the per-set report now sorts elements by their packet counter in
  descending order before truncating to the top 50, so the report
  shows the most active elements instead of just the first 50 found

Signed-off-by: Dirk Brenken <dev@brenken.org>
This commit is contained in:
Dirk Brenken
2026-05-29 13:57:31 +02:00
parent 903d8a3d07
commit faeecaeb14
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/banip/Makefile
+1 -1
View File
@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=banip
PKG_VERSION:=1.8.8
PKG_RELEASE:=4
PKG_RELEASE:=5
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
net/banip/files/banip-functions.sh
+10 -3
View File
@@ -102,6 +102,7 @@ ban_packages=""
ban_trigger=""
ban_resolver=""
ban_enabled="0"
ban_confload="0"
ban_debug="0"
# gather system information
@@ -288,6 +289,8 @@ f_log() {
f_conf() {
local rir ccode region country
[ "${ban_confload}" = "1" ] && return 0
config_cb() {
option_cb() {
local option="${1}" value="${2//\"/\\\"}"
@@ -322,6 +325,7 @@ f_conf() {
}
}
config_load banip
ban_confload="1"
if [ -f "${ban_logreadfile}" ]; then
ban_logreadcmd="$(command -v tail)"
@@ -2055,8 +2059,11 @@ f_report() {
set_dport="${set_proto}: $(f_trim "${set_dport}")"
fi
if [ "${ban_nftcount}" = "1" ]; then
set_elements="$("${ban_jsoncmd}" -i "${set_jsn}" -l50 -qe '@.nftables[*].set.elem[*][@.counter.packets>0].val' |
"${ban_awkcmd}" -F '[ ,]' '{ORS=" ";if($2=="\"range\":"||$2=="\"concat\":")printf"%s, ",$4;else if($2=="\"prefix\":")printf"%s, ",$5;else printf"\"%s\", ",$1}')"
"${ban_jsoncmd}" -i "${set_jsn}" -qe '@.nftables[*].set.elem[*][@.counter.packets>0].counter.packets' >"${set_jsn}.cnt"
"${ban_jsoncmd}" -i "${set_jsn}" -qe '@.nftables[*].set.elem[*][@.counter.packets>0].val' >"${set_jsn}.val"
set_elements="$("${ban_awkcmd}" 'NR==FNR{p[FNR]=$0;next}{print p[FNR]"\t"$0}' "${set_jsn}.cnt" "${set_jsn}.val" |
"${ban_sortcmd}" -k1,1nr |
"${ban_awkcmd}" -F '\t' 'NR<=50{split($2,a,/[ ,]/);ORS=" ";if(a[2]=="\"range\":"||a[2]=="\"concat\":")printf"%s, ",a[4];else if(a[2]=="\"prefix\":")printf"%s, ",a[5];else printf"\"%s\", ",a[1]}')"
fi
if [ -n "${set_cntinbound}" ]; then
set_inbound="ON"
@@ -2078,7 +2085,7 @@ f_report() {
\"port\": \"${set_dport:-"-"}\", \
\"set_elements\": [ ${set_elements%%??} ] \
}" >"${report_jsn}.${item}"
"${ban_rmcmd}" -f "${set_jsn}"
"${ban_rmcmd}" -f "${set_jsn}"*
) &
[ "${cnt}" -gt "${ban_cores}" ] && wait -n
cnt="$((cnt + 1))"