From faeecaeb1457039fb9c1a48c90fb12fceee30fac Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Fri, 29 May 2026 13:57:31 +0200 Subject: [PATCH] banip: update 1.8.8-5 * bugfix: only load the configuration once per run: a new `ban_confload` guard short-circuits `f_conf()` on subsequent calls, avoiding repeated `config_load` invocations * new: the per-set report now sorts elements by their packet counter in descending order before truncating to the top 50, so the report shows the most active elements instead of just the first 50 found Signed-off-by: Dirk Brenken --- net/banip/Makefile | 2 +- net/banip/files/banip-functions.sh | 13 ++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/net/banip/Makefile b/net/banip/Makefile index 41af8f8938..7c522dad09 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip PKG_VERSION:=1.8.8 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index fe8ccf3a7b..45acd3500d 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -102,6 +102,7 @@ ban_packages="" ban_trigger="" ban_resolver="" ban_enabled="0" +ban_confload="0" ban_debug="0" # gather system information @@ -288,6 +289,8 @@ f_log() { f_conf() { local rir ccode region country + [ "${ban_confload}" = "1" ] && return 0 + config_cb() { option_cb() { local option="${1}" value="${2//\"/\\\"}" @@ -322,6 +325,7 @@ f_conf() { } } config_load banip + ban_confload="1" if [ -f "${ban_logreadfile}" ]; then ban_logreadcmd="$(command -v tail)" @@ -2055,8 +2059,11 @@ f_report() { set_dport="${set_proto}: $(f_trim "${set_dport}")" fi if [ "${ban_nftcount}" = "1" ]; then - set_elements="$("${ban_jsoncmd}" -i "${set_jsn}" -l50 -qe '@.nftables[*].set.elem[*][@.counter.packets>0].val' | - "${ban_awkcmd}" -F '[ ,]' '{ORS=" ";if($2=="\"range\":"||$2=="\"concat\":")printf"%s, ",$4;else if($2=="\"prefix\":")printf"%s, ",$5;else printf"\"%s\", ",$1}')" + "${ban_jsoncmd}" -i "${set_jsn}" -qe '@.nftables[*].set.elem[*][@.counter.packets>0].counter.packets' >"${set_jsn}.cnt" + "${ban_jsoncmd}" -i "${set_jsn}" -qe '@.nftables[*].set.elem[*][@.counter.packets>0].val' >"${set_jsn}.val" + set_elements="$("${ban_awkcmd}" 'NR==FNR{p[FNR]=$0;next}{print p[FNR]"\t"$0}' "${set_jsn}.cnt" "${set_jsn}.val" | + "${ban_sortcmd}" -k1,1nr | + "${ban_awkcmd}" -F '\t' 'NR<=50{split($2,a,/[ ,]/);ORS=" ";if(a[2]=="\"range\":"||a[2]=="\"concat\":")printf"%s, ",a[4];else if(a[2]=="\"prefix\":")printf"%s, ",a[5];else printf"\"%s\", ",a[1]}')" fi if [ -n "${set_cntinbound}" ]; then set_inbound="ON" @@ -2078,7 +2085,7 @@ f_report() { \"port\": \"${set_dport:-"-"}\", \ \"set_elements\": [ ${set_elements%%??} ] \ }" >"${report_jsn}.${item}" - "${ban_rmcmd}" -f "${set_jsn}" + "${ban_rmcmd}" -f "${set_jsn}"* ) & [ "${cnt}" -gt "${ban_cores}" ] && wait -n cnt="$((cnt + 1))"