Difuse/Mellaris
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: eliminate stale verdict poisoning, memory leaks, data races, and per-packet allocations in engine

Browse Source
This commit is contained in:
hayzam
2026-05-15 02:08:22 +00:00
parent bc25169f41
commit 301c252c43
15 changed files with 222 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ruleset/builtins/geo/geo_loader.go
+6
View File
@@ -4,6 +4,7 @@ import (
"io"
"net/http"
"os"
"sync"
"time"
"git.difuse.io/Difuse/Mellaris/ruleset/builtins/geo/v2geo"
@@ -31,6 +32,7 @@ type V2GeoLoader struct {
DownloadFunc func(filename, url string)
DownloadErrFunc func(err error)
mu sync.Mutex
geoipMap map[string]*v2geo.GeoIP
geositeMap map[string]*v2geo.GeoSite
}
@@ -80,6 +82,8 @@ func (l *V2GeoLoader) download(filename, url string) error {
}
func (l *V2GeoLoader) LoadGeoIP() (map[string]*v2geo.GeoIP, error) {
l.mu.Lock()
defer l.mu.Unlock()
if l.geoipMap != nil {
return l.geoipMap, nil
}
@@ -104,6 +108,8 @@ func (l *V2GeoLoader) LoadGeoIP() (map[string]*v2geo.GeoIP, error) {
}
func (l *V2GeoLoader) LoadGeoSite() (map[string]*v2geo.GeoSite, error) {
l.mu.Lock()
defer l.mu.Unlock()
if l.geositeMap != nil {
return l.geositeMap, nil
}
ruleset/expr.go
+30 -6
View File
@@ -519,7 +519,12 @@ func buildFunctionMap(config *BuiltinConfig, stats *statsCounters) (map[string]*
InitFunc: geoMatcher.LoadGeoIP,
PatchFunc: nil,
Func: func(params ...any) (any, error) {
return geoMatcher.MatchGeoIp(params[0].(string), params[1].(string)), nil
a, ok1 := params[0].(string)
b, ok2 := params[1].(string)
if !ok1 || !ok2 {
return false, nil
}
return geoMatcher.MatchGeoIp(a, b), nil
},
Types: []reflect.Type{reflect.TypeOf(geoMatcher.MatchGeoIp)},
},
@@ -527,7 +532,12 @@ func buildFunctionMap(config *BuiltinConfig, stats *statsCounters) (map[string]*
InitFunc: geoMatcher.LoadGeoSite,
PatchFunc: nil,
Func: func(params ...any) (any, error) {
return geoMatcher.MatchGeoSite(params[0].(string), params[1].(string)), nil
a, ok1 := params[0].(string)
b, ok2 := params[1].(string)
if !ok1 || !ok2 {
return false, nil
}
return geoMatcher.MatchGeoSite(a, b), nil
},
Types: []reflect.Type{reflect.TypeOf(geoMatcher.MatchGeoSite)},
},
@@ -535,7 +545,12 @@ func buildFunctionMap(config *BuiltinConfig, stats *statsCounters) (map[string]*
InitFunc: geoMatcher.LoadGeoSite,
PatchFunc: nil,
Func: func(params ...any) (any, error) {
return geoMatcher.MatchGeoSiteSet(params[0].(string), params[1].(*geo.SiteConditionSet)), nil
a, ok1 := params[0].(string)
b, ok2 := params[1].(*geo.SiteConditionSet)
if !ok1 || !ok2 {
return false, nil
}
return geoMatcher.MatchGeoSiteSet(a, b), nil
},
Types: []reflect.Type{
reflect.TypeOf((func(string, *geo.SiteConditionSet) bool)(nil)),
@@ -556,7 +571,12 @@ func buildFunctionMap(config *BuiltinConfig, stats *statsCounters) (map[string]*
return nil
},
Func: func(params ...any) (any, error) {
return builtins.MatchCIDR(params[0].(string), params[1].(*net.IPNet)), nil
a, ok1 := params[0].(string)
b, ok2 := params[1].(*net.IPNet)
if !ok1 || !ok2 {
return false, nil
}
return builtins.MatchCIDR(a, b), nil
},
Types: []reflect.Type{reflect.TypeOf(builtins.MatchCIDR)},
},
@@ -565,7 +585,6 @@ func buildFunctionMap(config *BuiltinConfig, stats *statsCounters) (map[string]*
PatchFunc: func(args *[]ast.Node) error {
var serverStr *ast.StringNode
if len(*args) > 1 {
// Has the optional server argument
var ok bool
serverStr, ok = (*args)[1].(*ast.StringNode)
if !ok {
@@ -595,9 +614,14 @@ func buildFunctionMap(config *BuiltinConfig, stats *statsCounters) (map[string]*
stats.LookupLatencyNanos.Add(uint64(time.Since(start).Nanoseconds()))
}()
}
a, ok1 := params[0].(string)
b, ok2 := params[1].(*net.Resolver)
if !ok1 || !ok2 {
return nil, nil
}
ctx, cancel := context.WithTimeout(context.Background(), 4*time.Second)
defer cancel()
out, err := params[1].(*net.Resolver).LookupHost(ctx, params[0].(string))
out, err := b.LookupHost(ctx, a)
if err != nil && stats != nil {
stats.LookupErrors.Add(1)
}