banIP: update 1.5.3-3

* fix a race condition in the process scheduler
* sync the banIP country file with ipdeny feed
* refine etag handling with country/asn feeds
* refine logging with country/asn feeds
* refine the banIP status output (incl. LuCI changes)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 764a77acfd)

net/banip/Makefile

@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=banip
 PKG_VERSION:=1.5.3
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
 

net/banip/files/README.md

@@ -279,16 +279,16 @@ Available commands:
 ~# /etc/init.d/banip status
 ::: banIP runtime information
   + status            : active (nft: ✔, monitor: ✔)
-  + version           : 1.5.3-r1
-  + element_count     : 96 031 (chains: 7, sets: 18, rules: 46)
-  + active_feeds      : allowlist.v4MAC, allowlist.v6MAC, allowlist.v4, allowlist.v6, cinsscore.v4, country.v6, debl.v4, doh.v6, debl.v6, doh.v4, turris.v6, country.v4, threat.v4, turris.v4, blocklist.v4MAC, blocklist.v6MAC, blocklist.v4, blocklist.v6
+  + version           : 1.5.3-r3
+  + element_count     : 91 763 (chains: 7, sets: 18, rules: 46)
+  + active_feeds      : allowlist.v4MAC, allowlist.v6MAC, allowlist.v4, allowlist.v6, cinsscore.v4, debl.v4, debl.v6, doh.v6, doh.v4, threat.v4, turris.v4, country.v4, turris.v6, country.v6, blocklist.v4MAC, blocklist.v6MAC, blocklist.v4, blocklist.v6
   + active_devices    : wan: pppoe-wan / wan-if: wan, wan_6 / vlan-allow: - / vlan-block: -
   + active_uplink     : 91.61.217.158, 2001:fc:37ff:f64:b513:16dd:6903:7710
-  + nft_info          : ver: 1.1.1-r1, priority: -100, policy: performance, loglevel: warn, expiry: 2h, limit (icmp/syn/udp): 10/10/100
+  + nft_info          : ver: 1.1.1-r1, priority: -100, policy: performance, loglevel: warn, expiry: 2h, limit (icmp/syn/udp): 25/10/100
   + run_info          : base: /mnt/data/banIP, backup: /mnt/data/banIP/backup, report: /mnt/data/banIP/report, error: /mnt/data/banIP/error
   + run_flags         : auto: ✔, proto (4/6): ✔/✔, log (pre/in/out): ✘/✘/✘, count: ✔, dedup: ✔, split: ✘, custom feed: ✘, allowed only: ✘
-  + last_run          : mode: restart, duration: 0m 19s, memory: 1331.10 MB available, 1.75 MB max. used, cores: 4, log: logread, fetch: curl
-  + system_info       : 2025-02-28 13:29:29, Bananapi BPI-R3, mediatek/filogic, OpenWrt SNAPSHOT r28906-d6977ab33a 
+  + last_run          : 2025-03-07 13:08:56, duration: 1m 12s, mode: reload, memory: 1325.18 MB available, 1.88 MB max. used
+  + system_info       : cores: 4, log: logread, fetch: curl, Bananapi BPI-R3, mediatek/filogic, OpenWrt SNAPSHOT r28926-9a7192c08e 
 ```
 
 **banIP search information**  

net/banip/files/banip-functions.sh

@@ -828,33 +828,23 @@ f_down() {
 			etag_rc="0"
 			case "${feed%%.*}" in
 				"country")
-					if [ "${ban_countrysplit}" = "0" ]; then
-						for country in ${ban_country}; do
-							f_etag "${feed}" "${feed_url}${country}-aggregated.zone" ".${country}"
-							rc="${?}"
-							etag_rc="$((etag_rc + rc))"
-							[ "${rc}" = "4" ] && break
-						done
-					else
+					if [ "${ban_countrysplit}" = "1" ]; then
 						country="${feed%.*}"
 						country="${country#*.}"
 						f_etag "${feed}" "${feed_url}${country}-aggregated.zone" ".${country}"
 						etag_rc="${?}"
+					else
+						etag_rc="4"
 					fi
 					;;
 				"asn")
-					if [ "${ban_asnsplit}" = "0" ]; then
-						for asn in ${ban_asn}; do
-							f_etag "${feed}" "${feed_url}AS${asn}" ".${asn}"
-							rc="${?}"
-							etag_rc="$((etag_rc + rc))"
-							[ "${rc}" = "4" ] && break
-						done
-					else
+					if [ "${ban_asnsplit}" = "1" ]; then
 						asn="${feed%.*}"
 						asn="${asn#*.}"
 						f_etag "${feed}" "${feed_url}AS${asn}" ".${asn}"
 						etag_rc="${?}"
+					else
+						etag_rc="4"
 					fi
 					;;
 				*)
@@ -1007,7 +997,7 @@ f_down() {
 							feed_rc="${?}"
 						fi
 					else
-						f_log "info" "download for feed '${feed%%.*}/${country}' failed"
+						f_log "info" "download for feed '${feed}/${country}' failed"
 					fi
 				done
 				: >"${tmp_raw}"
@@ -1031,7 +1021,7 @@ f_down() {
 							feed_rc="${?}"
 						fi
 					else
-						f_log "info" "download for feed '${feed%%.*}/${asn}' failed"
+						f_log "info" "download for feed '${feed}/${asn}' failed"
 					fi
 				done
 				: >"${tmp_raw}"
@@ -1290,7 +1280,7 @@ f_genstatus() {
 			end_time="$(date "+%s")"
 			duration="$(((end_time - ban_starttime) / 60))m $(((end_time - ban_starttime) % 60))s"
 		fi
-		runtime="mode: ${ban_action:-"-"}, duration: ${duration:-"-"}, memory: ${mem_free} MB available, ${mem_max} MB max. used, cores: ${ban_cores}, log: ${ban_logreadcmd##*/}, fetch: ${ban_fetchcmd##*/}"
+		runtime="$(date "+%Y-%m-%d %H:%M:%S"), duration: ${duration:-"-"}, mode: ${ban_action:-"-"}, memory: ${mem_free} MB available, ${mem_max} MB max. used"
 	fi
 	[ -s "${ban_customfeedfile}" ] && custom_feed="1"
 	[ "${ban_splitsize:-"0"}" -gt "0" ] && split="1"
@@ -1335,7 +1325,7 @@ f_genstatus() {
 	json_add_string "run_info" "base: ${ban_basedir}, backup: ${ban_backupdir}, report: ${ban_reportdir}, error: ${ban_errordir}"
 	json_add_string "run_flags" "auto: $(f_char ${ban_autodetect}), proto (4/6): $(f_char ${ban_protov4})/$(f_char ${ban_protov6}), log (pre/in/out): $(f_char ${ban_logprerouting})/$(f_char ${ban_loginbound})/$(f_char ${ban_logoutbound}), count: $(f_char ${ban_nftcount}), dedup: $(f_char ${ban_deduplicate}), split: $(f_char ${split}), custom feed: $(f_char ${custom_feed}), allowed only: $(f_char ${ban_allowlistonly})"
 	json_add_string "last_run" "${runtime:-"-"}"
-	json_add_string "system_info" "$(date "+%Y-%m-%d %H:%M:%S"), ${ban_sysver}"
+	json_add_string "system_info" "cores: ${ban_cores}, log: ${ban_logreadcmd##*/}, fetch: ${ban_fetchcmd##*/}, ${ban_sysver}"
 	json_dump >"${ban_rtfile}"
 }
 

net/banip/files/banip-service.sh

@@ -94,15 +94,15 @@ for feed in allowlist ${ban_feed} blocklist; do
 				f_down "${feed}.${asn}" "4" "${feed_url_4}" "${feed_rule_4}" "${feed_chain:-"in"}" "${feed_flag}"
 			done
 		else
-			(f_down "${feed}" "4" "${feed_url_4}" "${feed_rule_4}" "${feed_chain:-"in"}" "${feed_flag}") &
-		fi
-		if [ "${feed_url_4}" = "${feed_url_6}" ]; then
-			feed_url_6="local"
-			wait -n
-		else
-			hold="$((cnt % ban_cores))"
-			[ "${hold}" = "0" ] && wait -n
-			cnt="$((cnt + 1))"
+			if [ "${feed_url_4}" = "${feed_url_6}" ]; then
+				feed_url_6="local"
+				f_down "${feed}" "4" "${feed_url_4}" "${feed_rule_4}" "${feed_chain:-"in"}" "${feed_flag}"
+			else
+				(f_down "${feed}" "4" "${feed_url_4}" "${feed_rule_4}" "${feed_chain:-"in"}" "${feed_flag}") &
+				hold="$((cnt % ban_cores))"
+				[ "${hold}" = "0" ] && wait -n
+				cnt="$((cnt + 1))"
+			fi
 		fi
 	fi
 	if [ "${ban_protov6}" = "1" ] && [ -n "${feed_url_6}" ] && [ -n "${feed_rule_6}" ]; then
@@ -116,10 +116,10 @@ for feed in allowlist ${ban_feed} blocklist; do
 			done
 		else
 			(f_down "${feed}" "6" "${feed_url_6}" "${feed_rule_6}" "${feed_chain:-"in"}" "${feed_flag}") &
+			cnt="$((cnt + 1))"
+			hold="$((cnt % ban_cores))"
+			[ "${hold}" = "0" ] && wait -n
 		fi
-		cnt="$((cnt + 1))"
-		hold="$((cnt % ban_cores))"
-		[ "${hold}" = "0" ] && wait -n
 	fi
 done
 f_rmset

net/banip/files/banip.countries

@@ -1,4 +1,5 @@
 af	APNIC	Afghanistan
+ap	AFRINIC	ARIPO
 ax	RIPE	Åland Islands
 al	RIPE	Albania
 dz	AFRINIC	Algeria
@@ -28,7 +29,6 @@ bo	LACNIC	Bolivia
 bq	LACNIC	Bonaire
 ba	RIPE	Bosnia & Herzegowina
 bw	AFRINIC	Botswana
-bv	ARIN	Bouvet Island
 br	LACNIC	Brazil
 io	APNIC	British Indian Ocean Territory
 bn	APNIC	Brunei
@@ -44,7 +44,6 @@ cf	AFRINIC	Central African Republic
 td	AFRINIC	Chad
 cl	LACNIC	Chile
 cn	APNIC	China
-cx	APNIC	Christmas Island
 cc	APNIC	Cocos Islands
 co	LACNIC	Colombia
 km	AFRINIC	Comoros
@@ -70,6 +69,7 @@ er	AFRINIC	Eritrea
 ee	RIPE	Estonia
 sz	AFRINIC	Eswatini
 et	AFRINIC	Ethiopia
+eu	RIPE	European Union
 fk	LACNIC	Falkland Islands
 fo	RIPE	Faroe Islands
 fj	APNIC	Fiji
@@ -77,7 +77,6 @@ fi	RIPE	Finland
 fr	RIPE	France
 gf	LACNIC	French Guiana
 pf	APNIC	French Polynesia
-tf	APNIC	French Southern Territories
 ga	AFRINIC	Gabon
 gm	AFRINIC	Gambia
 ge	RIPE	Georgia
@@ -95,7 +94,6 @@ gn	AFRINIC	Guinea
 gw	AFRINIC	Guinea-Bissau
 gy	LACNIC	Guyana
 ht	LACNIC	Haiti
-hm	ARIN	Heard & McDonald Islands
 hn	LACNIC	Honduras
 hk	APNIC	Hong Kong
 hu	RIPE	Hungary
@@ -172,7 +170,6 @@ pg	APNIC	Papua New Guinea
 py	LACNIC	Paraguay
 pe	LACNIC	Peru
 ph	APNIC	Philippines
-pn	APNIC	Pitcairn
 pl	RIPE	Poland
 pt	RIPE	Portugal
 pr	ARIN	Puerto Rico
@@ -181,7 +178,6 @@ re	AFRINIC	Reunion
 ro	RIPE	Romania
 ru	RIPE	Russian Federation
 rw	AFRINIC	Rwanda
-sh	ARIN	Saint Helena
 bl	ARIN	Saint Barthélemy
 kn	ARIN	Saint Kitts & Nevis
 lc	ARIN	Saint Lucia
@@ -203,14 +199,12 @@ si	RIPE	Slovenia
 sb	APNIC	Solomon Islands
 so	AFRINIC	Somalia
 za	AFRINIC	South Africa
-gs	LACNIC	South Georgia
 kr	APNIC	South Korea
 ss	AFRINIC	South Sudan
 es	RIPE	Spain
 lk	APNIC	Sri Lanka
 sd	AFRINIC	Sudan
 sr	LACNIC	Suriname
-sj	RIPE	Svalbard & Jan Mayen Islands
 se	RIPE	Sweden
 ch	RIPE	Switzerland
 sy	RIPE	Syrian
@@ -243,7 +237,6 @@ vn	APNIC	Vietnam
 vg	ARIN	Virgin Islands (British)
 vi	ARIN	Virgin Islands (U.S.)
 wf	APNIC	Wallis & Futuna Islands
-eh	AFRINIC	Western Sahara
 ye	RIPE	Yemen
 zm	AFRINIC	Zambia
 zw	AFRINIC	Zimbabwe

net/banip/files/banip.init

@@ -52,7 +52,7 @@ start_service() {
 		procd_set_param nice "$(uci_get banip global ban_nicelimit "0")"
 		procd_set_param limits nofile="$(uci_get banip global ban_filelimit "1024")"
 		procd_set_param stdout 0
-		procd_set_param stderr 0
+		procd_set_param stderr 1
 		procd_close_instance
 	else
 		f_log "err" "banIP service autostart is disabled"