banip: update to 0.8.2-3

* raise max. timeouts from 10 to 30 seconds to stabilize the autodetection on slow hardware
* made interface trigger action configurable, set 'ban_triggeraction' accordingly (default: 'start')
* made E-Mail notifications configurable to receive status E-Mais with every banIP run,
  set 'ban_mailnotification' accordingly (default: disabled)
* small fixes & optimizations
* readme update

Signed-off-by: Dirk Brenken <dev@brenken.org>

net/banip/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=banip
 PKG_VERSION:=0.8.2
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
 

net/banip/files/README.md

@@ -148,6 +148,7 @@ Available commands:
 | ban_dev                 | list   | - / autodetect                | wan device(s), e.g. 'eth2'                                                            |
 | ban_trigger             | list   | -                             | logical startup trigger interface(s), e.g. 'wan'                                      |
 | ban_triggerdelay        | option | 10                            | trigger timeout before banIP processing begins                                        |
+| ban_triggeraction       | option | start                         | trigger action on ifup events, e.g. start, restart or reload                          |
 | ban_deduplicate         | option | 1                             | deduplicate IP addresses across all active sets                                       |
 | ban_splitsize           | option | 0                             | split ext. sets after every n lines/members (saves RAM)                               |
 | ban_cores               | option | - / autodetect                | limit the cpu cores used by banIP (saves RAM)                                         |
@@ -168,6 +169,7 @@ Available commands:
 | ban_mailsender          | option | no-reply@banIP                | sender address for banIP related notification E-Mails                                 |
 | ban_mailtopic           | option | banIP notification            | topic for banIP related notification E-Mails                                          |
 | ban_mailprofile         | option | ban_notify                    | mail profile used in 'msmtp' for banIP related notification E-Mails                   |
+| ban_mailnotification    | option | 0                             | receive E-Mail notifications with every banIP run                                     |
 | ban_reportelements      | option | 1                             | list set elements in the report, disable this to speed up the report significantly    |
 | ban_resolver            | option | -                             | external resolver used for DNS lookups                                                |
 

net/banip/files/banip-functions.sh

@@ -34,6 +34,7 @@ ban_mailsender="no-reply@banIP"
 ban_mailreceiver=""
 ban_mailtopic="banIP notification"
 ban_mailprofile="ban_notify"
+ban_mailnotifcation="0"
 ban_reportelements="1"
 ban_nftloglevel="warn"
 ban_nftpriority="-200"
@@ -168,6 +169,7 @@ f_log() {
 	fi
 	if [ "${class}" = "err" ]; then
 		f_genstatus "error"
+		[ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail
 		f_rmdir "${ban_tmpdir}"
 		rm -rf "${ban_lock}"
 		exit 1
@@ -351,10 +353,10 @@ f_getif() {
 # get wan devices
 #
 f_getdev() {
-	local dev iface update="0" cnt="0" cnt_max="10"
+	local dev iface update="0" cnt="0" cnt_max="30"
 
 	if [ "${ban_autodetect}" = "1" ]; then
-		while [ -z "${ban_dev}" ] && [ "${cnt}" -le "${cnt_max}" ]; do
+		while [ "${cnt}" -lt "${cnt_max}" ] && [ -z "${ban_dev}" ]; do
 			network_flush_cache
 			for iface in ${ban_ifv4} ${ban_ifv6}; do
 				network_get_device dev "${iface}"
@@ -1032,6 +1034,7 @@ f_report() {
 	local detail set_details jsnval timestamp autoadd_allow autoadd_block sum_sets sum_setinput sum_setforwardwan sum_setforwardlan sum_setelements sum_cntinput sum_cntforwardwan sum_cntforwardlan
 
 	[ -z "${ban_dev}" ] && f_conf
+	f_system
 	f_mkdir "${ban_reportdir}"
 	report_jsn="${ban_reportdir}/ban_report.jsn"
 	report_txt="${ban_reportdir}/ban_report.txt"
@@ -1182,9 +1185,10 @@ f_report() {
 			[ -s "${report_jsn}" ] && cat "${report_jsn}"
 			;;
 		"mail")
-			[ -x "${ban_mailcmd}" ] && f_mail
+			[ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail
 			;;
 	esac
+	rm -f "${report_txt}"
 }
 
 # set search
@@ -1212,7 +1216,7 @@ f_search() {
 	printf "%s\n%s\n%s\n" ":::" "::: banIP Search" ":::"
 	printf "%s\n" "    Looking for IP '${ip}' on $(date "+%Y-%m-%d %H:%M:%S")"
 	printf "%s\n" "    ---"
-	cnt=1
+	cnt="1"
 	for set in ${table_sets}; do
 		(
 			if "${ban_nftcmd}" get element inet banIP "${set}" "{ ${ip} }" >/dev/null 2>&1; then
@@ -1257,11 +1261,8 @@ f_mail() {
 
 	# load mail template
 	#
-	[ ! -r "${ban_mailtemplate}" ] && f_log "err" "the mail template is missing"
+	[ -r "${ban_mailtemplate}" ] && . "${ban_mailtemplate}" || f_log "info" "the mail template is missing"
-	. "${ban_mailtemplate}"
+	[ -z "${mail_text}" ] && f_log "info" "the 'mail_text' template variable is empty"
-
-	[ -z "${ban_mailreceiver}" ] && f_log "err" "the option 'ban_mailreceiver' is missing"
-	[ -z "${mail_text}" ] && f_log "err" "the 'mail_text' is empty"
 	[ "${ban_debug}" = "1" ] && msmtp_debug="--debug"
 
 	# send mail
@@ -1273,7 +1274,7 @@ f_mail() {
 		f_log "info" "failed to send status mail (${?})"
 	fi
 
-	f_log "debug" "f_mail    ::: template: ${ban_mailtemplate}, profile: ${ban_mailprofile}, receiver: ${ban_mailreceiver}, rc: ${?}"
+	f_log "debug" "f_mail    ::: notification: ${ban_mailnotification}, template: ${ban_mailtemplate}, profile: ${ban_mailprofile}, receiver: ${ban_mailreceiver}, rc: ${?}"
 }
 
 # check banIP availability and initial sourcing

net/banip/files/banip-service.sh

@@ -29,12 +29,12 @@ f_mkfile "${ban_allowlist}"
 #
 if [ "${ban_action}" != "reload" ]; then
 	if [ -x "${ban_fw4cmd}" ]; then
-		cnt=0
+		cnt="0"
-		while [ "${cnt}" -lt "10" ] && ! /etc/init.d/firewall status | grep -q "^active"; do
+		while [ "${cnt}" -lt "30" ] && ! /etc/init.d/firewall status >/dev/null 2>&1; do
 			cnt="$((cnt + 1))"
 			sleep 1
 		done
-		if ! /etc/init.d/firewall status | grep -q "^active"; then
+		if ! /etc/init.d/firewall status >/dev/null 2>&1; then
 			f_log "err" "nft based firewall/fw4 not functional"
 		fi
 	else
@@ -125,7 +125,7 @@ for feed in allowlist ${ban_feed} blocklist; do
 done
 wait
 
-# start domain lookup
+# start background domain lookup
 #
 f_log "info" "start detached banIP domain lookup"
 (f_lookup "allowlist") &
@@ -133,15 +133,16 @@ hold="$((cnt % ban_cores))"
 [ "${hold}" = "0" ] && wait
 (f_lookup "blocklist") &
 
-# tidy up
+# end processing
 #
 f_rmset
 f_rmdir "${ban_tmpdir}"
 f_genstatus "active"
+[ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail
 f_log "info" "finished banIP download processes"
 rm -rf "${ban_lock}"
 
-# start log service
+# start detached log service
 #
 if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ]; then
 	f_log "info" "start detached banIP log service"
@@ -184,7 +185,7 @@ if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ]; then
 			fi
 		done
 
-# start no-op service loop
+# start detached no-op service loop
 #
 else
 	f_log "info" "start detached no-op banIP service (logterms are missing)"

net/banip/files/banip.init

@@ -94,14 +94,15 @@ survey() {
 }
 
 service_triggers() {
-	local iface trigger delay
+	local iface trigger trigger_action delay
 
 	trigger="$(uci_get banip global ban_trigger)"
+	trigger_action="$(uci_get banip global ban_triggeraction "start")"
 	delay="$(uci_get banip global ban_triggerdelay "10")"
 	PROCD_RELOAD_DELAY=$((delay * 1000))
 
 	for iface in ${trigger}; do
-		procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "start"
+		procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "${trigger_action}"
 	done
 	procd_add_reload_trigger "banip"
 }