optimize ip garbage collection
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
Paul 2024-12-21 06:59:08 +01:00
parent 8ac9c88ce6
commit 03d7cc1757
2 changed files with 19 additions and 17 deletions

View File

@ -3,8 +3,11 @@ use crate::{config::Context, ip::BlockIpData, ipblc::PKG_NAME};
use std::{ use std::{
io::Error, io::Error,
net::{IpAddr, Ipv4Addr, Ipv6Addr}, net::{IpAddr, Ipv4Addr, Ipv6Addr},
sync::Arc,
}; };
use tokio::sync::RwLock;
use rustables::{expr::*, *}; use rustables::{expr::*, *};
pub enum FwTableType { pub enum FwTableType {
@ -126,8 +129,8 @@ pub fn fwunblock<'a>(ip_del: &BlockIpData) -> std::result::Result<&String, error
Ok(&ip_del.ipdata.ip) Ok(&ip_del.ipdata.ip)
} }
pub fn get_current_rules( pub async fn get_current_rules(
ctx: &mut Context, ctx: &Arc<RwLock<Context>>,
ret: &mut Vec<String>, ret: &mut Vec<String>,
fwlen: &mut usize, fwlen: &mut usize,
) -> Result<(), Error> { ) -> Result<(), Error> {
@ -163,6 +166,9 @@ pub fn get_current_rules(
let table = get_table()?.expect("no table?"); let table = get_table()?.expect("no table?");
let chain = get_chain(&table)?.expect("no chain?"); let chain = get_chain(&table)?.expect("no chain?");
let mut ctx = { ctx.write().await };
let rules = list_rules_for_chain(&chain).unwrap().clone();
for (ip, c) in ctx.blocklist.iter_mut() { for (ip, c) in ctx.blocklist.iter_mut() {
let ip_parsed: IpAddr = ip.parse().unwrap(); let ip_parsed: IpAddr = ip.parse().unwrap();
@ -174,8 +180,7 @@ pub fn get_current_rules(
} }
} }
let rules = list_rules_for_chain(&chain).unwrap(); for rule in rules.iter() {
for rule in rules {
for expr in rule.get_expressions().unwrap().iter() { for expr in rule.get_expressions().unwrap().iter() {
if let Some(expr::ExpressionVariant::Cmp(_)) = expr.get_data() { if let Some(expr::ExpressionVariant::Cmp(_)) = expr.get_data() {
if gexpr == expr.clone() { if gexpr == expr.clone() {

View File

@ -132,23 +132,21 @@ pub async fn run() {
}; };
let ctxclone = Arc::clone(&ctxarc); let ctxclone = Arc::clone(&ctxarc);
let tounblock = { let ipstounblock = {
let mut ctx = ctxclone.write().await; let mut ctx = ctxclone.write().await;
ctx.gc_blocklist().await ctx.gc_blocklist().await
}; };
let toblock = { let ipstoblock = {
let ctx = ctxclone.read().await; let ctx = ctxclone.read().await;
ctx.get_blocklist_toblock(false).await ctx.get_blocklist_toblock(false).await
}; };
{ get_current_rules(&ctxarc, &mut ret, &mut fwlen)
let mut ctx = ctxclone.write().await; .await
get_current_rules(&mut ctx, &mut ret, &mut fwlen).unwrap(); .unwrap();
get_current_rules(&mut ctx, &mut ret, &mut fwlen).unwrap();
}
for b in toblock { for ip in ipstoblock {
match fwblock(&b) { match fwblock(&ip) {
Ok(ip) => { Ok(ip) => {
let mut ctx = ctxclone.write().await; let mut ctx = ctxclone.write().await;
if let Some(x) = ctx.blocklist.get_mut(ip) { if let Some(x) = ctx.blocklist.get_mut(ip) {
@ -161,10 +159,9 @@ pub async fn run() {
}; };
} }
for ub in tounblock { for ip in ipstounblock {
if ub.blocked { if ip.blocked {
let res = fwunblock(&ub); match fwunblock(&ip) {
match res {
Ok(_) => {} Ok(_) => {}
Err(e) => { Err(e) => {
println!("err: {e}, unable to push firewall rules, use super user") println!("err: {e}, unable to push firewall rules, use super user")