ban/unban: increase responsiveness of actions thread by (un)banning process, better waiting timeout considering pending tickets for unban (_nextUnbanTime)

fail2ban/server/actions.py

@@ -327,25 +327,33 @@ class Actions(JailThread, Mapping):
 					self._jail.name, name, e,
 					exc_info=logSys.getEffectiveLevel()<=logging.DEBUG)
 		while self.active:
-			if self.idle:
+			try:
-				logSys.debug("Actions: enter idle mode")
+				if self.idle:
-				Utils.wait_for(lambda: not self.active or not self.idle,
+					logSys.debug("Actions: enter idle mode")
-					lambda: False, self.sleeptime)
+					Utils.wait_for(lambda: not self.active or not self.idle,
-				logSys.debug("Actions: leave idle mode")
+						lambda: False, self.sleeptime)
-				continue
+					logSys.debug("Actions: leave idle mode")
-			# wait for ban (stop if gets inactive):
+					continue
-			bancnt = 0
+				# wait for ban (stop if gets inactive, pending ban or unban):
-			if Utils.wait_for(lambda: not self.active or self._jail.hasFailTickets, self.sleeptime):
+				bancnt = 0
-				bancnt = self.__checkBan()
+				wt = min(self.sleeptime, self.__banManager._nextUnbanTime - MyTime.time())
-				cnt += bancnt
+				logSys.log(5, "Actions: wait for pending tickets %s (default %s)", wt, self.sleeptime)
-			# unban if nothing is banned not later than banned tickets >= banPrecedence
+				if Utils.wait_for(lambda: not self.active or self._jail.hasFailTickets, wt):
-			if not bancnt or cnt >= self.banPrecedence:
+					bancnt = self.__checkBan()
-				if self.active:
+					cnt += bancnt
-					# let shrink the ban list faster
+				# unban if nothing is banned not later than banned tickets >= banPrecedence
-					bancnt *= 2
+				if not bancnt or cnt >= self.banPrecedence:
-					self.__checkUnBan(bancnt if bancnt and bancnt < self.unbanMaxCount else self.unbanMaxCount)
+					if self.active:
-				cnt = 0
+						# let shrink the ban list faster
-		
+						bancnt *= 2
+						logSys.log(5, "Actions: check-unban %s, bancnt %s, max: %s", bancnt if bancnt and bancnt < self.unbanMaxCount else self.unbanMaxCount, bancnt, self.unbanMaxCount)
+						self.__checkUnBan(bancnt if bancnt and bancnt < self.unbanMaxCount else self.unbanMaxCount)
+					cnt = 0
+			except Exception as e: # pragma: no cover
+				logSys.error("[%s] unhandled error in actions thread: %s",
+					self._jail.name, e,
+					exc_info=logSys.getEffectiveLevel()<=logging.DEBUG)
+
 		self.__flushBan(stop=True)
 		self.stopActions()
 		return True

fail2ban/server/banmanager.py

@@ -57,7 +57,7 @@ class BanManager:
 		## Total number of banned IP address
 		self.__banTotal = 0
 		## The time for next unban process (for performance and load reasons):
-		self.__nextUnbanTime = BanTicket.MAX_TIME
+		self._nextUnbanTime = BanTicket.MAX_TIME
 	
 	##
 	# Set the ban time.
@@ -290,8 +290,8 @@ class BanManager:
 			self.__banList[fid] = ticket
 			self.__banTotal += 1
 			# correct next unban time:
-			if self.__nextUnbanTime > eob:
+			if self._nextUnbanTime > eob:
-				self.__nextUnbanTime = eob
+				self._nextUnbanTime = eob
 			return True
 
 	##
@@ -322,12 +322,8 @@ class BanManager:
 	
 	def unBanList(self, time, maxCount=0x7fffffff):
 		with self.__lock:
-			# Permanent banning
-			if self.__banTime < 0:
-				return list()
-
 			# Check next unban time:
-			nextUnbanTime = self.__nextUnbanTime
+			nextUnbanTime = self._nextUnbanTime
 			if nextUnbanTime > time:
 				return list()
 
@@ -340,12 +336,12 @@ class BanManager:
 				if time > eob:
 					unBanList[fid] = ticket
 					if len(unBanList) >= maxCount: # stop search cycle, so reset back the next check time
-						nextUnbanTime = self.__nextUnbanTime
+						nextUnbanTime = self._nextUnbanTime
 						break
 				elif nextUnbanTime > eob:
 					nextUnbanTime = eob
 
-			self.__nextUnbanTime = nextUnbanTime
+			self._nextUnbanTime = nextUnbanTime
 			# Removes tickets.
 			if len(unBanList):
 				if len(unBanList) / 2.0 <= len(self.__banList) / 3.0: