From: Dirk Brenken Date: Wed, 22 Mar 2023 18:15:01 +0000 (+0100) Subject: banip: update to 0.8.2-3 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=1f5bc3f0f143536892302da6a1436e235e860a54;p=feed%2Fpackages.git banip: update to 0.8.2-3 * raise max. timeouts from 10 to 30 seconds to stabilize the autodetection on slow hardware * made interface trigger action configurable, set 'ban_triggeraction' accordingly (default: 'start') * made E-Mail notifications configurable to receive status E-Mais with every banIP run, set 'ban_mailnotification' accordingly (default: disabled) * small fixes & optimizations * readme update Signed-off-by: Dirk Brenken --- diff --git a/net/banip/Makefile b/net/banip/Makefile index 7e1d5265a7..9983e08b06 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip PKG_VERSION:=0.8.2 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/README.md b/net/banip/files/README.md index 8e7afa35d5..f4502816bd 100644 --- a/net/banip/files/README.md +++ b/net/banip/files/README.md @@ -148,6 +148,7 @@ Available commands: | ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' | | ban_trigger | list | - | logical startup trigger interface(s), e.g. 'wan' | | ban_triggerdelay | option | 10 | trigger timeout before banIP processing begins | +| ban_triggeraction | option | start | trigger action on ifup events, e.g. start, restart or reload | | ban_deduplicate | option | 1 | deduplicate IP addresses across all active sets | | ban_splitsize | option | 0 | split ext. sets after every n lines/members (saves RAM) | | ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) | @@ -168,6 +169,7 @@ Available commands: | ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails | | ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails | | ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails | +| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run | | ban_reportelements | option | 1 | list set elements in the report, disable this to speed up the report significantly | | ban_resolver | option | - | external resolver used for DNS lookups | diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index 6e231a6524..692a9bd49e 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -34,6 +34,7 @@ ban_mailsender="no-reply@banIP" ban_mailreceiver="" ban_mailtopic="banIP notification" ban_mailprofile="ban_notify" +ban_mailnotifcation="0" ban_reportelements="1" ban_nftloglevel="warn" ban_nftpriority="-200" @@ -168,6 +169,7 @@ f_log() { fi if [ "${class}" = "err" ]; then f_genstatus "error" + [ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail f_rmdir "${ban_tmpdir}" rm -rf "${ban_lock}" exit 1 @@ -351,10 +353,10 @@ f_getif() { # get wan devices # f_getdev() { - local dev iface update="0" cnt="0" cnt_max="10" + local dev iface update="0" cnt="0" cnt_max="30" if [ "${ban_autodetect}" = "1" ]; then - while [ -z "${ban_dev}" ] && [ "${cnt}" -le "${cnt_max}" ]; do + while [ "${cnt}" -lt "${cnt_max}" ] && [ -z "${ban_dev}" ]; do network_flush_cache for iface in ${ban_ifv4} ${ban_ifv6}; do network_get_device dev "${iface}" @@ -1032,6 +1034,7 @@ f_report() { local detail set_details jsnval timestamp autoadd_allow autoadd_block sum_sets sum_setinput sum_setforwardwan sum_setforwardlan sum_setelements sum_cntinput sum_cntforwardwan sum_cntforwardlan [ -z "${ban_dev}" ] && f_conf + f_system f_mkdir "${ban_reportdir}" report_jsn="${ban_reportdir}/ban_report.jsn" report_txt="${ban_reportdir}/ban_report.txt" @@ -1182,9 +1185,10 @@ f_report() { [ -s "${report_jsn}" ] && cat "${report_jsn}" ;; "mail") - [ -x "${ban_mailcmd}" ] && f_mail + [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail ;; esac + rm -f "${report_txt}" } # set search @@ -1212,7 +1216,7 @@ f_search() { printf "%s\n%s\n%s\n" ":::" "::: banIP Search" ":::" printf "%s\n" " Looking for IP '${ip}' on $(date "+%Y-%m-%d %H:%M:%S")" printf "%s\n" " ---" - cnt=1 + cnt="1" for set in ${table_sets}; do ( if "${ban_nftcmd}" get element inet banIP "${set}" "{ ${ip} }" >/dev/null 2>&1; then @@ -1257,11 +1261,8 @@ f_mail() { # load mail template # - [ ! -r "${ban_mailtemplate}" ] && f_log "err" "the mail template is missing" - . "${ban_mailtemplate}" - - [ -z "${ban_mailreceiver}" ] && f_log "err" "the option 'ban_mailreceiver' is missing" - [ -z "${mail_text}" ] && f_log "err" "the 'mail_text' is empty" + [ -r "${ban_mailtemplate}" ] && . "${ban_mailtemplate}" || f_log "info" "the mail template is missing" + [ -z "${mail_text}" ] && f_log "info" "the 'mail_text' template variable is empty" [ "${ban_debug}" = "1" ] && msmtp_debug="--debug" # send mail @@ -1273,7 +1274,7 @@ f_mail() { f_log "info" "failed to send status mail (${?})" fi - f_log "debug" "f_mail ::: template: ${ban_mailtemplate}, profile: ${ban_mailprofile}, receiver: ${ban_mailreceiver}, rc: ${?}" + f_log "debug" "f_mail ::: notification: ${ban_mailnotification}, template: ${ban_mailtemplate}, profile: ${ban_mailprofile}, receiver: ${ban_mailreceiver}, rc: ${?}" } # check banIP availability and initial sourcing diff --git a/net/banip/files/banip-service.sh b/net/banip/files/banip-service.sh index 94c1d47edd..7e3cdb3bbe 100755 --- a/net/banip/files/banip-service.sh +++ b/net/banip/files/banip-service.sh @@ -29,12 +29,12 @@ f_mkfile "${ban_allowlist}" # if [ "${ban_action}" != "reload" ]; then if [ -x "${ban_fw4cmd}" ]; then - cnt=0 - while [ "${cnt}" -lt "10" ] && ! /etc/init.d/firewall status | grep -q "^active"; do + cnt="0" + while [ "${cnt}" -lt "30" ] && ! /etc/init.d/firewall status >/dev/null 2>&1; do cnt="$((cnt + 1))" sleep 1 done - if ! /etc/init.d/firewall status | grep -q "^active"; then + if ! /etc/init.d/firewall status >/dev/null 2>&1; then f_log "err" "nft based firewall/fw4 not functional" fi else @@ -125,7 +125,7 @@ for feed in allowlist ${ban_feed} blocklist; do done wait -# start domain lookup +# start background domain lookup # f_log "info" "start detached banIP domain lookup" (f_lookup "allowlist") & @@ -133,15 +133,16 @@ hold="$((cnt % ban_cores))" [ "${hold}" = "0" ] && wait (f_lookup "blocklist") & -# tidy up +# end processing # f_rmset f_rmdir "${ban_tmpdir}" f_genstatus "active" +[ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail f_log "info" "finished banIP download processes" rm -rf "${ban_lock}" -# start log service +# start detached log service # if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ]; then f_log "info" "start detached banIP log service" @@ -184,7 +185,7 @@ if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ]; then fi done -# start no-op service loop +# start detached no-op service loop # else f_log "info" "start detached no-op banIP service (logterms are missing)" diff --git a/net/banip/files/banip.init b/net/banip/files/banip.init index c56004279c..46df4d7fc1 100755 --- a/net/banip/files/banip.init +++ b/net/banip/files/banip.init @@ -94,14 +94,15 @@ survey() { } service_triggers() { - local iface trigger delay + local iface trigger trigger_action delay trigger="$(uci_get banip global ban_trigger)" + trigger_action="$(uci_get banip global ban_triggeraction "start")" delay="$(uci_get banip global ban_triggerdelay "10")" PROCD_RELOAD_DELAY=$((delay * 1000)) for iface in ${trigger}; do - procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "start" + procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "${trigger_action}" done procd_add_reload_trigger "banip" }