From: Dirk Brenken Date: Tue, 16 May 2023 10:27:13 +0000 (+0200) Subject: banip: update 0.8.6-2 X-Git-Url: http://git.openwrt.org/openwrt/feeds.git?a=commitdiff_plain;h=cf4ac0301d886b129cd25965bb4796edc2e0327b;p=feed%2Fpackages.git banip: update 0.8.6-2 * fix/rework no-op loop * small fixes & cosmetics * update readme Signed-off-by: Dirk Brenken --- diff --git a/net/banip/Makefile b/net/banip/Makefile index ce1d4a7dfd..a62540da60 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip PKG_VERSION:=0.8.6 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/README.md b/net/banip/files/README.md index ae5a4eedbe..3a104ea04f 100644 --- a/net/banip/files/README.md +++ b/net/banip/files/README.md @@ -82,8 +82,8 @@ IP address blocking is commonly used to protect against brute force attacks, pre * Supports external allowlist URLs to reference additional IPv4/IPv6 feeds ## Prerequisites -* **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 support -* A download utility with SSL support: 'wget', 'uclient-fetch' with one of the 'libustream-*' SSL libraries, 'aria2c' or 'curl' is required +* **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 and logd/logread support +* A download utility with SSL support: 'aria2c', 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries * A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default * For E-Mail notifications you need to install and setup the additional 'msmtp' package @@ -232,16 +232,16 @@ Available commands: ~# /etc/init.d/banip status ::: banIP runtime information + status : active (nft: ✔, monitor: ✔) - + version : 0.8.5-1 - + element_count : 281161 - + active_feeds : allowlistvMAC, allowlistv6, allowlistv4, adawayv4, adguardtrackersv4, adawayv6, adguardv6, adguardv4, adguardtrackersv6, antipopadsv6, antipopadsv4, cinsscorev4, deblv4, countryv6, countryv4, deblv6, dohv4, dohv6, iblockadsv4, firehol1v4, oisdbigv4, yoyov6, threatviewv4, yoyov4, oisdbigv6, blocklistvMAC, blocklistv4, blocklistv6 + + version : 0.8.6-2 + + element_count : 172309 + + active_feeds : allowlistvMAC, allowlistv6, allowlistv4, adawayv4, adguardtrackersv4, adawayv6, adguardv6, adguardv4, urlvirv4, adguardtrackersv6, oisdbigv6, oisdbigv4, blocklistvMAC, blocklistv4, blocklistv6 + active_devices : br-wan ::: wan, wan6 - + active_uplink : 91.64.169.252/24, 2a02:710c:0:60:958b:3bd0:9e14:abb/128 - + nft_info : priority: -200, policy: memory, loglevel: warn, expiry: - - + run_info : base: /mnt/data/banIP, backup: /mnt/data/banIP/backup, report: /mnt/data/banIP/report, feed: /etc/banip/banip.feeds + + active_uplink : 91.64.173.145, 2a12:610c:0:80:848b:3ad0:4e05:abb + + nft_info : priority: -200, policy: performance, loglevel: warn, expiry: - + + run_info : base: /mnt/data/banIP, backup: /mnt/data/banIP/backup, report: /mnt/data/banIP/report, custom feed: ✘ + run_flags : auto: ✔, proto (4/6): ✔/✔, log (wan-inp/wan-fwd/lan-fwd): ✔/✔/✔, dedup: ✔, split: ✘, allowed only: ✘ - + last_run : action: reload, duration: 1m 0s, date: 2023-04-06 12:34:10 - + system_info : cores: 4, memory: 1822, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r22498-75f7e2d10b + + last_run : action: restart, duration: 0m 22s, date: 2023-05-15 22:39:15 + + system_info : cores: 4, memory: 1798, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r22784-1645c34d56 ``` **banIP search information** diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index bca7ac3a5b..ac28523b9a 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -173,13 +173,13 @@ f_trim() { printf "%s" "${string}" } -# remove logservice +# remove log monitor # f_rmpid() { local ppid pid pids ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" - [ -n "${ppid}" ] && pids="$(pgrep -P "${ppid}" 2>/dev/null)" || return 0 + [ -n "${ppid}" ] && pids="$(pgrep -P "${ppid}" 2>/dev/null)" for pid in ${pids}; do kill -INT "${pid}" >/dev/null 2>&1 done @@ -278,7 +278,7 @@ f_actual() { else nft="$(f_char "0")" fi - if pgrep -f "logread" -P "$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" >/dev/null 2>&1; then + if pgrep -f "${ban_logreadcmd##*/}" -P "$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" >/dev/null 2>&1; then monitor="$(f_char "1")" else monitor="$(f_char "0")" @@ -949,7 +949,7 @@ f_rmset() { # generate status information # f_genstatus() { - local object duration item table_sets cnt_elements="0" custom="0" split="0" status="${1}" + local object duration item table_sets cnt_elements="0" custom_feed="0" split="0" status="${1}" [ -z "${ban_dev}" ] && f_conf if [ "${status}" = "active" ]; then @@ -965,8 +965,8 @@ f_genstatus() { fi runtime="action: ${ban_action:-"-"}, duration: ${duration:-"-"}, date: $(date "+%Y-%m-%d %H:%M:%S")" fi - [ -s ${ban_customfeedfile} ] && custom="1" - [ ${ban_splitsize:-"0"} -gt "0" ] && split="1" + [ -s "${ban_customfeedfile}" ] && custom_feed="1" + [ "${ban_splitsize:-"0"}" -gt "0" ] && split="1" : >"${ban_rtfile}" json_init @@ -1001,7 +1001,7 @@ f_genstatus() { done json_close_array json_add_string "nft_info" "priority: ${ban_nftpriority}, policy: ${ban_nftpolicy}, loglevel: ${ban_nftloglevel}, expiry: ${ban_nftexpiry:-"-"}" - json_add_string "run_info" "base: ${ban_basedir}, backup: ${ban_backupdir}, report: ${ban_reportdir}, feed/custom: ${ban_feedfile}/$(f_char ${custom})" + json_add_string "run_info" "base: ${ban_basedir}, backup: ${ban_backupdir}, report: ${ban_reportdir}, custom feed: $(f_char ${custom_feed})" json_add_string "run_flags" "auto: $(f_char ${ban_autodetect}), proto (4/6): $(f_char ${ban_protov4})/$(f_char ${ban_protov6}), log (wan-inp/wan-fwd/lan-fwd): $(f_char ${ban_loginput})/$(f_char ${ban_logforwardwan})/$(f_char ${ban_logforwardlan}), dedup: $(f_char ${ban_deduplicate}), split: $(f_char ${split}), allowed only: $(f_char ${ban_allowlistonly})" json_add_string "last_run" "${runtime:-"-"}" json_add_string "system_info" "cores: ${ban_cores}, memory: ${ban_memory}, device: ${ban_sysver}" @@ -1369,22 +1369,18 @@ f_monitor() { local nft_expiry line proto ip log_raw log_count if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then + f_log "info" "start detached banIP log service" [ -n "${ban_nftexpiry}" ] && nft_expiry="timeout $(printf "%s" "${ban_nftexpiry}" | "${ban_grepcmd}" -oE "([0-9]+[d|h|m|s])+$")" - # read log continuously with given logterms - # + "${ban_logreadcmd}" -fe "${ban_logterm%%??}" 2>/dev/null | while read -r line; do proto="" - # IPv4 log parsing - # ip="$(printf "%s" "${line}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{if(!seen[RT]++)printf "%s ",RT}')" ip="$(f_trim "${ip}")" ip="${ip##* }" [ -n "${ip}" ] && proto="v4" if [ -z "${proto}" ]; then - # IPv6 log parsing - # ip="$(printf "%s" "${line}" | "${ban_awkcmd}" 'BEGIN{RS="([A-Fa-f0-9]{1,4}::?){3,7}[A-Fa-f0-9]{1,4}"}{if(!seen[RT]++)printf "%s ",RT}')" ip="$(f_trim "${ip}")" ip="${ip##* }" @@ -1405,14 +1401,9 @@ f_monitor() { fi fi done - - # start detached no-op service loop - # else f_log "info" "start detached no-op banIP service" - while :; do - sleep 1 - done + sleep infinity fi }