github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

amend to RC-fix 9f1c6f1617 (gh-2660): 

resolves bottleneck by initial scanning of a lot of messages (or evildoers generating many messages) causes repeated ban, that will be ignored but could cause entering of "long" sleep in actions thread previously;
speedup recognition banning queue has entries to begin check-ban process in actions thread
pull/2689/head
sebres 2020-03-13 22:20:01 +01:00
parent bc2b81133c
commit b43dc147b5
3 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
fail2ban/server/actions.py
View File

@ -318,8 +318,10 @@ class Actions(JailThread, Mapping):
logSys.debug("Actions: leave idle mode") logSys.debug("Actions: leave idle mode")
continue continue
# wait for ban (stop if gets inactive): # wait for ban (stop if gets inactive):
bancnt = Utils.wait_for(lambda: not self.active or self.__checkBan(), self.sleeptime) bancnt = 0
cnt += bancnt if Utils.wait_for(lambda: not self.active or self._jail.hasFailTickets, self.sleeptime):
bancnt = self.__checkBan()
cnt += bancnt
# unban if nothing is banned not later than banned tickets >= banPrecedence # unban if nothing is banned not later than banned tickets >= banPrecedence
if not bancnt or cnt >= self.banPrecedence: if not bancnt or cnt >= self.banPrecedence:
if self.active: if self.active:
@ -495,8 +497,8 @@ class Actions(JailThread, Mapping):
cnt += self.__reBan(bTicket, actions=rebanacts) cnt += self.__reBan(bTicket, actions=rebanacts)
else: # pragma: no cover - unexpected: ticket is not banned for some reasons - reban using all actions: else: # pragma: no cover - unexpected: ticket is not banned for some reasons - reban using all actions:
cnt += self.__reBan(bTicket) cnt += self.__reBan(bTicket)
# add ban to database: # add ban to database (and ignore too old tickets, replace it with inOperation later):
if not bTicket.restored and self._jail.database is not None: if not bTicket.restored and self._jail.database is not None and bTicket.getTime() >= MyTime.time() - 60:
self._jail.database.addBan(self._jail, bTicket) self._jail.database.addBan(self._jail, bTicket)
if cnt: if cnt:
logSys.debug("Banned %s / %s, %s ticket(s) in %r", cnt, logSys.debug("Banned %s / %s, %s ticket(s) in %r", cnt,

6
fail2ban/server/jail.py
View File

@ -191,6 +191,12 @@ class Jail(object):
("Actions", self.actions.status(flavor=flavor)), ("Actions", self.actions.status(flavor=flavor)),
] ]
@property
def hasFailTickets(self):
"""Retrieve whether queue has tickets to ban.
"""
return not self.__queue.empty()
def putFailTicket(self, ticket): def putFailTicket(self, ticket):
"""Add a fail ticket to the jail. """Add a fail ticket to the jail.

4
fail2ban/tests/dummyjail.py
View File

@ -49,6 +49,10 @@ class DummyJail(Jail):
with self.lock: with self.lock:
return bool(self.queue) return bool(self.queue)
@property
def hasFailTickets(self):
return bool(self.queue)
def putFailTicket(self, ticket): def putFailTicket(self, ticket):
with self.lock: with self.lock:
self.queue.append(ticket) self.queue.append(ticket)