openwrt/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2026-05-31 06:51:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

banip: update 1.8.8-5

Browse Source 
* bugfix: only load the configuration once per run: a new `ban_confload`
  guard short-circuits `f_conf()` on subsequent calls, avoiding
  repeated `config_load` invocations
* new: the per-set report now sorts elements by their packet counter in
  descending order before truncating to the top 50, so the report
  shows the most active elements instead of just the first 50 found

Signed-off-by: Dirk Brenken <dev@brenken.org>
This commit is contained in:
Dirk Brenken
2026-05-29 13:57:31 +02:00
parent 903d8a3d07
commit faeecaeb14
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/banip/Makefile
+1 -1
View File
@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=banip PKG_NAME:=banip
PKG_VERSION:=1.8.8 PKG_VERSION:=1.8.8
PKG_RELEASE:=4 PKG_RELEASE:=5
PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org> PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
net/banip/files/banip-functions.sh
+10 -3
View File
@@ -102,6 +102,7 @@ ban_packages=""
ban_trigger="" ban_trigger=""
ban_resolver="" ban_resolver=""
ban_enabled="0" ban_enabled="0"
ban_confload="0"
ban_debug="0" ban_debug="0"
# gather system information # gather system information
@@ -288,6 +289,8 @@ f_log() {
f_conf() { f_conf() {
local rir ccode region country local rir ccode region country
[ "${ban_confload}" = "1" ] && return 0
config_cb() { config_cb() {
option_cb() { option_cb() {
local option="${1}" value="${2//\"/\\\"}" local option="${1}" value="${2//\"/\\\"}"
@@ -322,6 +325,7 @@ f_conf() {
} }
} }
config_load banip config_load banip
ban_confload="1"
if [ -f "${ban_logreadfile}" ]; then if [ -f "${ban_logreadfile}" ]; then
ban_logreadcmd="$(command -v tail)" ban_logreadcmd="$(command -v tail)"
@@ -2055,8 +2059,11 @@ f_report() {
set_dport="${set_proto}: $(f_trim "${set_dport}")" set_dport="${set_proto}: $(f_trim "${set_dport}")"
fi fi
if [ "${ban_nftcount}" = "1" ]; then if [ "${ban_nftcount}" = "1" ]; then
set_elements="$("${ban_jsoncmd}" -i "${set_jsn}" -l50 -qe '@.nftables[*].set.elem[*][@.counter.packets>0].val' | "${ban_jsoncmd}" -i "${set_jsn}" -qe '@.nftables[*].set.elem[*][@.counter.packets>0].counter.packets' >"${set_jsn}.cnt"
"${ban_awkcmd}" -F '[ ,]' '{ORS=" ";if($2=="\"range\":"||$2=="\"concat\":")printf"%s, ",$4;else if($2=="\"prefix\":")printf"%s, ",$5;else printf"\"%s\", ",$1}')" "${ban_jsoncmd}" -i "${set_jsn}" -qe '@.nftables[*].set.elem[*][@.counter.packets>0].val' >"${set_jsn}.val"
set_elements="$("${ban_awkcmd}" 'NR==FNR{p[FNR]=$0;next}{print p[FNR]"\t"$0}' "${set_jsn}.cnt" "${set_jsn}.val" |
"${ban_sortcmd}" -k1,1nr |
"${ban_awkcmd}" -F '\t' 'NR<=50{split($2,a,/[ ,]/);ORS=" ";if(a[2]=="\"range\":"||a[2]=="\"concat\":")printf"%s, ",a[4];else if(a[2]=="\"prefix\":")printf"%s, ",a[5];else printf"\"%s\", ",a[1]}')"
fi fi
if [ -n "${set_cntinbound}" ]; then if [ -n "${set_cntinbound}" ]; then
set_inbound="ON" set_inbound="ON"
@@ -2078,7 +2085,7 @@ f_report() {
\"port\": \"${set_dport:-"-"}\", \ \"port\": \"${set_dport:-"-"}\", \
\"set_elements\": [ ${set_elements%%??} ] \ \"set_elements\": [ ${set_elements%%??} ] \
}" >"${report_jsn}.${item}" }" >"${report_jsn}.${item}"
"${ban_rmcmd}" -f "${set_jsn}" "${ban_rmcmd}" -f "${set_jsn}"*
) & ) &
[ "${cnt}" -gt "${ban_cores}" ] && wait -n [ "${cnt}" -gt "${ban_cores}" ] && wait -n
cnt="$((cnt + 1))" cnt="$((cnt + 1))"