optimize ip garbage collection
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
8ac9c88ce6
commit
03d7cc1757
13
src/fw.rs
13
src/fw.rs
@ -3,8 +3,11 @@ use crate::{config::Context, ip::BlockIpData, ipblc::PKG_NAME};
|
|||||||
use std::{
|
use std::{
|
||||||
io::Error,
|
io::Error,
|
||||||
net::{IpAddr, Ipv4Addr, Ipv6Addr},
|
net::{IpAddr, Ipv4Addr, Ipv6Addr},
|
||||||
|
sync::Arc,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
use tokio::sync::RwLock;
|
||||||
|
|
||||||
use rustables::{expr::*, *};
|
use rustables::{expr::*, *};
|
||||||
|
|
||||||
pub enum FwTableType {
|
pub enum FwTableType {
|
||||||
@ -126,8 +129,8 @@ pub fn fwunblock<'a>(ip_del: &BlockIpData) -> std::result::Result<&String, error
|
|||||||
Ok(&ip_del.ipdata.ip)
|
Ok(&ip_del.ipdata.ip)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn get_current_rules(
|
pub async fn get_current_rules(
|
||||||
ctx: &mut Context,
|
ctx: &Arc<RwLock<Context>>,
|
||||||
ret: &mut Vec<String>,
|
ret: &mut Vec<String>,
|
||||||
fwlen: &mut usize,
|
fwlen: &mut usize,
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
@ -163,6 +166,9 @@ pub fn get_current_rules(
|
|||||||
let table = get_table()?.expect("no table?");
|
let table = get_table()?.expect("no table?");
|
||||||
let chain = get_chain(&table)?.expect("no chain?");
|
let chain = get_chain(&table)?.expect("no chain?");
|
||||||
|
|
||||||
|
let mut ctx = { ctx.write().await };
|
||||||
|
let rules = list_rules_for_chain(&chain).unwrap().clone();
|
||||||
|
|
||||||
for (ip, c) in ctx.blocklist.iter_mut() {
|
for (ip, c) in ctx.blocklist.iter_mut() {
|
||||||
let ip_parsed: IpAddr = ip.parse().unwrap();
|
let ip_parsed: IpAddr = ip.parse().unwrap();
|
||||||
|
|
||||||
@ -174,8 +180,7 @@ pub fn get_current_rules(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let rules = list_rules_for_chain(&chain).unwrap();
|
for rule in rules.iter() {
|
||||||
for rule in rules {
|
|
||||||
for expr in rule.get_expressions().unwrap().iter() {
|
for expr in rule.get_expressions().unwrap().iter() {
|
||||||
if let Some(expr::ExpressionVariant::Cmp(_)) = expr.get_data() {
|
if let Some(expr::ExpressionVariant::Cmp(_)) = expr.get_data() {
|
||||||
if gexpr == expr.clone() {
|
if gexpr == expr.clone() {
|
||||||
|
23
src/ipblc.rs
23
src/ipblc.rs
@ -132,23 +132,21 @@ pub async fn run() {
|
|||||||
};
|
};
|
||||||
|
|
||||||
let ctxclone = Arc::clone(&ctxarc);
|
let ctxclone = Arc::clone(&ctxarc);
|
||||||
let tounblock = {
|
let ipstounblock = {
|
||||||
let mut ctx = ctxclone.write().await;
|
let mut ctx = ctxclone.write().await;
|
||||||
ctx.gc_blocklist().await
|
ctx.gc_blocklist().await
|
||||||
};
|
};
|
||||||
let toblock = {
|
let ipstoblock = {
|
||||||
let ctx = ctxclone.read().await;
|
let ctx = ctxclone.read().await;
|
||||||
ctx.get_blocklist_toblock(false).await
|
ctx.get_blocklist_toblock(false).await
|
||||||
};
|
};
|
||||||
|
|
||||||
{
|
get_current_rules(&ctxarc, &mut ret, &mut fwlen)
|
||||||
let mut ctx = ctxclone.write().await;
|
.await
|
||||||
get_current_rules(&mut ctx, &mut ret, &mut fwlen).unwrap();
|
.unwrap();
|
||||||
get_current_rules(&mut ctx, &mut ret, &mut fwlen).unwrap();
|
|
||||||
}
|
|
||||||
|
|
||||||
for b in toblock {
|
for ip in ipstoblock {
|
||||||
match fwblock(&b) {
|
match fwblock(&ip) {
|
||||||
Ok(ip) => {
|
Ok(ip) => {
|
||||||
let mut ctx = ctxclone.write().await;
|
let mut ctx = ctxclone.write().await;
|
||||||
if let Some(x) = ctx.blocklist.get_mut(ip) {
|
if let Some(x) = ctx.blocklist.get_mut(ip) {
|
||||||
@ -161,10 +159,9 @@ pub async fn run() {
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
for ub in tounblock {
|
for ip in ipstounblock {
|
||||||
if ub.blocked {
|
if ip.blocked {
|
||||||
let res = fwunblock(&ub);
|
match fwunblock(&ip) {
|
||||||
match res {
|
|
||||||
Ok(_) => {}
|
Ok(_) => {}
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
println!("err: {e}, unable to push firewall rules, use super user")
|
println!("err: {e}, unable to push firewall rules, use super user")
|
||||||
|
Loading…
Reference in New Issue
Block a user