ban/unban: increase responsiveness of actions thread by (un)banning process, better waiting timeout considering pending tickets for unban (_nextUnbanTime)

pull/2635/head^2
sebres 4 years ago
parent 2817a8144c
commit c8059bf9b3

@ -327,24 +327,32 @@ class Actions(JailThread, Mapping):
self._jail.name, name, e, self._jail.name, name, e,
exc_info=logSys.getEffectiveLevel()<=logging.DEBUG) exc_info=logSys.getEffectiveLevel()<=logging.DEBUG)
while self.active: while self.active:
if self.idle: try:
logSys.debug("Actions: enter idle mode") if self.idle:
Utils.wait_for(lambda: not self.active or not self.idle, logSys.debug("Actions: enter idle mode")
lambda: False, self.sleeptime) Utils.wait_for(lambda: not self.active or not self.idle,
logSys.debug("Actions: leave idle mode") lambda: False, self.sleeptime)
continue logSys.debug("Actions: leave idle mode")
# wait for ban (stop if gets inactive): continue
bancnt = 0 # wait for ban (stop if gets inactive, pending ban or unban):
if Utils.wait_for(lambda: not self.active or self._jail.hasFailTickets, self.sleeptime): bancnt = 0
bancnt = self.__checkBan() wt = min(self.sleeptime, self.__banManager._nextUnbanTime - MyTime.time())
cnt += bancnt logSys.log(5, "Actions: wait for pending tickets %s (default %s)", wt, self.sleeptime)
# unban if nothing is banned not later than banned tickets >= banPrecedence if Utils.wait_for(lambda: not self.active or self._jail.hasFailTickets, wt):
if not bancnt or cnt >= self.banPrecedence: bancnt = self.__checkBan()
if self.active: cnt += bancnt
# let shrink the ban list faster # unban if nothing is banned not later than banned tickets >= banPrecedence
bancnt *= 2 if not bancnt or cnt >= self.banPrecedence:
self.__checkUnBan(bancnt if bancnt and bancnt < self.unbanMaxCount else self.unbanMaxCount) if self.active:
cnt = 0 # let shrink the ban list faster
bancnt *= 2
logSys.log(5, "Actions: check-unban %s, bancnt %s, max: %s", bancnt if bancnt and bancnt < self.unbanMaxCount else self.unbanMaxCount, bancnt, self.unbanMaxCount)
self.__checkUnBan(bancnt if bancnt and bancnt < self.unbanMaxCount else self.unbanMaxCount)
cnt = 0
except Exception as e: # pragma: no cover
logSys.error("[%s] unhandled error in actions thread: %s",
self._jail.name, e,
exc_info=logSys.getEffectiveLevel()<=logging.DEBUG)
self.__flushBan(stop=True) self.__flushBan(stop=True)
self.stopActions() self.stopActions()

@ -57,7 +57,7 @@ class BanManager:
## Total number of banned IP address ## Total number of banned IP address
self.__banTotal = 0 self.__banTotal = 0
## The time for next unban process (for performance and load reasons): ## The time for next unban process (for performance and load reasons):
self.__nextUnbanTime = BanTicket.MAX_TIME self._nextUnbanTime = BanTicket.MAX_TIME
## ##
# Set the ban time. # Set the ban time.
@ -290,8 +290,8 @@ class BanManager:
self.__banList[fid] = ticket self.__banList[fid] = ticket
self.__banTotal += 1 self.__banTotal += 1
# correct next unban time: # correct next unban time:
if self.__nextUnbanTime > eob: if self._nextUnbanTime > eob:
self.__nextUnbanTime = eob self._nextUnbanTime = eob
return True return True
## ##
@ -322,12 +322,8 @@ class BanManager:
def unBanList(self, time, maxCount=0x7fffffff): def unBanList(self, time, maxCount=0x7fffffff):
with self.__lock: with self.__lock:
# Permanent banning
if self.__banTime < 0:
return list()
# Check next unban time: # Check next unban time:
nextUnbanTime = self.__nextUnbanTime nextUnbanTime = self._nextUnbanTime
if nextUnbanTime > time: if nextUnbanTime > time:
return list() return list()
@ -340,12 +336,12 @@ class BanManager:
if time > eob: if time > eob:
unBanList[fid] = ticket unBanList[fid] = ticket
if len(unBanList) >= maxCount: # stop search cycle, so reset back the next check time if len(unBanList) >= maxCount: # stop search cycle, so reset back the next check time
nextUnbanTime = self.__nextUnbanTime nextUnbanTime = self._nextUnbanTime
break break
elif nextUnbanTime > eob: elif nextUnbanTime > eob:
nextUnbanTime = eob nextUnbanTime = eob
self.__nextUnbanTime = nextUnbanTime self._nextUnbanTime = nextUnbanTime
# Removes tickets. # Removes tickets.
if len(unBanList): if len(unBanList):
if len(unBanList) / 2.0 <= len(self.__banList) / 3.0: if len(unBanList) / 2.0 <= len(self.__banList) / 3.0:

Loading…
Cancel
Save