From 70950c8a8d3d905e2895bb7200e6ee5b6e9599ea Mon Sep 17 00:00:00 2001
From: Thuban <thuban@yeuxdelibad.net>
Date: Thu, 13 Dec 2018 18:17:10 +0000
Subject: [PATCH] better memory perf

---
 vilain.conf |    5 ++---
 vilain.py   |   12 +++++-------
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/vilain.conf b/vilain.conf
index 14ece6a..9828c21 100644
--- a/vilain.conf
+++ b/vilain.conf
@@ -1,7 +1,6 @@
 [DEFAULT]
-# 24h + 5min
-# Time to keep banned a bad ip
-watch_while = 86700
+# Duration (in sec) to keep banned a bad ip, reduce value if too much memory consumption
+watch_while = 3602
 # Max tries before being banned
 maxtries = 3
 # pf table to keep bad IP.
diff --git a/vilain.py b/vilain.py
index 44f8fdb..05a8b09 100644
--- a/vilain.py
+++ b/vilain.py
@@ -31,7 +31,7 @@
 import time
 
 CONFIGFILE = "/etc/vilain.conf"
-VERSION = "0.7"
+VERSION = "0.8"
 vilain_table = "vilain_bruteforce"
 LOGFILE = "/var/log/daemon"
 
@@ -183,6 +183,8 @@
             logger.info("{} detected, reason {}, count: {}, maxtries: {}".format(ip, reason, n_ip, maxtries))
             if n_ip >= maxtries:
                 ret = subprocess.call(["pfctl", "-t", self.vilain_table, "-T", "add", ip])
+                # now we can forget this ip
+                self.ip_seen_at.pop(ip)
                 logger.info("Blacklisting {}, reason {}, return code:{}".format(ip, reason, ret))
             #for debugging, this line allow us to see if the script run until here
             logger.debug('ban_ips end:{}'.format(self.ip_seen_at))
@@ -194,15 +196,11 @@
         logger.info('clean_ips started with sleeptime={}'.format(self.sleeptime))
         while True:
             await asyncio.sleep(self.watch_while)
-            to_remove = []
             for recorded_ip, data in self.ip_seen_at.items():
                 if time.time() - data['time'] >= self.watch_while:
-                    ret = subprocess.call(["pfctl", "-t", self.vilain_table, "-T", "delete", recorded_ip])
-                    logger.info("{} not blocked any more, return code:{}".format(recorded_ip, ret))
-                    to_remove.append(recorded_ip)
-            for ip in to_remove:
-                self.ip_seen_at.pop(ip)
+                    self.ip_seen_at.pop(recorded_ip)
             #for debugging, this line allow us to see if the script run until here
+            ret = subprocess.call(["pfctl", "-t", self.vilain_table, "-T", "expire", self.watch_while])
             logger.debug('clean_ips end:{}'.format(self.ip_seen_at))
 
 

--
Gitblit v1.9.3