iplibrary

package
v1.3.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2024 License: BSD-3-Clause Imports: 41 Imported by: 0

README

IPList

List Check Order:

Global List --> Node List--> Server List --> WAF List --> Bind List

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var GlobalBlackIPList = NewIPList()
View Source 
var GlobalWhiteIPList = NewIPList()
View Source 
var IPListUpdateNotify = make(chan bool, 1)
View Source 
var SharedActionManager = NewActionManager()
View Source 
var SharedIPListManager = NewIPListManager()
View Source 
var SharedServerListManager = NewServerListManager()

Functions

func AllowIP 

func AllowIP(ip string, serverId int64) (canGoNext bool, inAllowList bool, expiresAt int64)

AllowIP 检查IP是否被允许访问 如果一个IP不在任何名单中,则允许访问

func AllowIPStrings 

func AllowIPStrings(ipStrings []string, serverId int64) bool

AllowIPStrings 检查一组IP是否被允许访问

func IsFatalError 

func IsFatalError(err error) bool

func IsInWhiteList 

func IsInWhiteList(ip string) bool

IsInWhiteList 检查IP是否在白名单中

func IsZero added in v1.3.5 

func IsZero(ipBytes []byte) bool

func NewFataError 

func NewFataError(err string) error

func ToHex added in v1.3.5 

func ToHex(b []byte) string

Types

type ActionInterface 

type ActionInterface interface {
	// Init 初始化
	Init(config *firewallconfigs.FirewallActionConfig) error

	// AddItem 添加
	AddItem(listType IPListType, item *pb.IPItem) error

	// DeleteItem 删除
	DeleteItem(listType IPListType, item *pb.IPItem) error

	// Close 关闭
	Close() error

	// DoHTTP 处理HTTP请求
	DoHTTP(req *http.Request, resp http.ResponseWriter) (goNext bool, err error)
}

type ActionManager 

type ActionManager struct {
	// contains filtered or unexported fields
}

ActionManager 动作管理器定义

func NewActionManager 

func NewActionManager() *ActionManager

NewActionManager 获取动作管理对象

func (*ActionManager) AddItem 

func (this *ActionManager) AddItem(listType IPListType, item *pb.IPItem)

AddItem 执行添加IP动作

func (*ActionManager) DeleteItem 

func (this *ActionManager) DeleteItem(listType IPListType, item *pb.IPItem)

DeleteItem 执行删除IP动作

func (*ActionManager) FindEventActions 

func (this *ActionManager) FindEventActions(eventLevel string) []ActionInterface

FindEventActions 查找事件对应的动作

func (*ActionManager) UpdateActions 

func (this *ActionManager) UpdateActions(actions []*firewallconfigs.FirewallActionConfig)

UpdateActions 更新配置

type BaseAction 

type BaseAction struct {
}

func (*BaseAction) Close 

func (this *BaseAction) Close() error

func (*BaseAction) DoHTTP 

func (this *BaseAction) DoHTTP(req *http.Request, resp http.ResponseWriter) (goNext bool, err error)

DoHTTP 处理HTTP请求

type FataError 

type FataError struct {
	// contains filtered or unexported fields
}

FataError 是否是致命错误

func (*FataError) Error 

func (this *FataError) Error() string

type FirewalldAction 

type FirewalldAction struct {
	BaseAction
	// contains filtered or unexported fields
}

FirewalldAction Firewalld动作管理 常用命令:

  • 查询列表: firewall-cmd --list-all
  • 添加IP:firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.168.2.32' reject" --timeout=30s
  • 删除IP:firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.168.2.32' reject" --timeout=30s

func NewFirewalldAction 

func NewFirewalldAction() *FirewalldAction

func (*FirewalldAction) AddItem 

func (this *FirewalldAction) AddItem(listType IPListType, item *pb.IPItem) error

func (*FirewalldAction) DeleteItem 

func (this *FirewalldAction) DeleteItem(listType IPListType, item *pb.IPItem) error

func (*FirewalldAction) Init 

func (this *FirewalldAction) Init(config *firewallconfigs.FirewallActionConfig) error

type HTMLAction 

type HTMLAction struct {
	BaseAction
	// contains filtered or unexported fields
}

HTMLAction HTML动作

func NewHTMLAction 

func NewHTMLAction() *HTMLAction

NewHTMLAction 获取新对象

func (*HTMLAction) AddItem 

func (this *HTMLAction) AddItem(listType IPListType, item *pb.IPItem) error

AddItem 添加

func (*HTMLAction) Close 

func (this *HTMLAction) Close() error

Close 关闭

func (*HTMLAction) DeleteItem 

func (this *HTMLAction) DeleteItem(listType IPListType, item *pb.IPItem) error

DeleteItem 删除

func (*HTMLAction) DoHTTP 

func (this *HTMLAction) DoHTTP(req *http.Request, resp http.ResponseWriter) (goNext bool, err error)

DoHTTP 处理HTTP请求

func (*HTMLAction) Init 

func (this *HTMLAction) Init(config *firewallconfigs.FirewallActionConfig) error

Init 初始化

type HTTPAPIAction 

type HTTPAPIAction struct {
	BaseAction
	// contains filtered or unexported fields
}

func NewHTTPAPIAction 

func NewHTTPAPIAction() *HTTPAPIAction

func (*HTTPAPIAction) AddItem 

func (this *HTTPAPIAction) AddItem(listType IPListType, item *pb.IPItem) error

func (*HTTPAPIAction) DeleteItem 

func (this *HTTPAPIAction) DeleteItem(listType IPListType, item *pb.IPItem) error

func (*HTTPAPIAction) Init 

func (this *HTTPAPIAction) Init(config *firewallconfigs.FirewallActionConfig) error

type IPItem 

type IPItem struct {
	Type   string `json:"type"`
	Id     uint64 `json:"id"`
	IPFrom []byte `json:"ipFrom"`
	IPTo   []byte `json:"ipTo"`

	ExpiredAt  int64  `json:"expiredAt"`
	EventLevel string `json:"eventLevel"`
}

IPItem IP条目

func (*IPItem) Contains 

func (this *IPItem) Contains(ipBytes []byte) bool

Contains 检查是否包含某个IP

type IPItemEncoder added in v1.3.5 

type IPItemEncoder[T interface{ *pb.IPItem }] struct {
}

func NewIPItemEncoder added in v1.3.5 

func NewIPItemEncoder[T interface{ *pb.IPItem }]() *IPItemEncoder[T]

func (*IPItemEncoder[T]) Decode added in v1.3.5 

func (this *IPItemEncoder[T]) Decode(valueBytes []byte) (value T, err error)

func (*IPItemEncoder[T]) Encode added in v1.3.5 

func (this *IPItemEncoder[T]) Encode(value T) ([]byte, error)

func (*IPItemEncoder[T]) EncodeField added in v1.3.5 

func (this *IPItemEncoder[T]) EncodeField(value T, fieldName string) ([]byte, error)

func (*IPItemEncoder[T]) EncodeKey added in v1.3.5 

func (this *IPItemEncoder[T]) EncodeKey(item *pb.IPItem) string

EncodeKey generate key for ip item

type IPItemType 

type IPItemType = string
const (
	IPItemTypeIPv4 IPItemType = "ipv4" // IPv4
	IPItemTypeIPv6 IPItemType = "ipv6" // IPv6
	IPItemTypeAll  IPItemType = "all"  // 所有IP
)

type IPList 

type IPList struct {
	// contains filtered or unexported fields
}

IPList IP名单 TODO 对ipMap进行分区

func NewIPList 

func NewIPList() *IPList

func (*IPList) Add 

func (this *IPList) Add(item *IPItem)

func (*IPList) AddDelay 

func (this *IPList) AddDelay(item *IPItem)

func (*IPList) AllItemsMap added in v1.3.5 

func (this *IPList) AllItemsMap() map[uint64]*IPItem

func (*IPList) BufferItemsMap added in v1.3.5 

func (this *IPList) BufferItemsMap() map[uint64]*IPItem

func (*IPList) Contains 

func (this *IPList) Contains(ipBytes []byte) bool

Contains 判断是否包含某个IP

func (*IPList) ContainsExpires added in v1.0.0 

func (this *IPList) ContainsExpires(ipBytes []byte) (expiresAt int64, ok bool)

ContainsExpires 判断是否包含某个IP

func (*IPList) ContainsIPStrings 

func (this *IPList) ContainsIPStrings(ipStrings []string) (item *IPItem, found bool)

ContainsIPStrings 是否包含一组IP中的任意一个,并返回匹配的第一个Item

func (*IPList) Delete 

func (this *IPList) Delete(itemId uint64)

func (*IPList) IPMap added in v1.3.5 

func (this *IPList) IPMap() map[string]*IPItem

func (*IPList) ItemsMap added in v1.3.5 

func (this *IPList) ItemsMap() map[uint64]*IPItem

func (*IPList) SetDeleted added in v1.2.9 

func (this *IPList) SetDeleted()

func (*IPList) Sort 

func (this *IPList) Sort()

func (*IPList) SortedRangeItems added in v1.3.5 

func (this *IPList) SortedRangeItems() []*IPItem

type IPListDB 

type IPListDB interface {
	Name() string
	DeleteExpiredItems() error
	ReadMaxVersion() (int64, error)
	UpdateMaxVersion(version int64) error
	ReadItems(offset int64, size int64) (items []*pb.IPItem, goNext bool, err error)
	AddItem(item *pb.IPItem) error
}

type IPListManager 

type IPListManager struct {
	// contains filtered or unexported fields
}

IPListManager IP名单管理

func NewIPListManager 

func NewIPListManager() *IPListManager

func (*IPListManager) DeleteExpiredItems added in v0.5.3 

func (this *IPListManager) DeleteExpiredItems()

func (*IPListManager) FindList 

func (this *IPListManager) FindList(listId int64) *IPList

func (*IPListManager) Init added in v1.3.5 

func (this *IPListManager) Init()

func (*IPListManager) ListMap added in v1.3.5 

func (this *IPListManager) ListMap() map[int64]*IPList

func (*IPListManager) Loop added in v1.3.5 

func (this *IPListManager) Loop() error

func (*IPListManager) Start 

func (this *IPListManager) Start()

func (*IPListManager) Stop 

func (this *IPListManager) Stop()

type IPListType 

type IPListType = string
const (
	IPListTypeWhite IPListType = "white"
	IPListTypeBlack IPListType = "black"
)

type IPSetAction 

type IPSetAction struct {
	BaseAction
	// contains filtered or unexported fields
}

IPSetAction IPSet动作 相关命令:

  • 利用Firewalld管理set:
  • 添加:firewall-cmd --permanent --new-ipset=edge_ip_list --type=hash:ip --option="timeout=0"
  • 删除:firewall-cmd --permanent --delete-ipset=edge_ip_list
  • 重载:firewall-cmd --reload
  • firewalld+ipset: firewall-cmd --permanent --add-rich-rule="rule source ipset='edge_ip_list' reject"
  • 利用IPTables管理set:
  • 添加:iptables -A INPUT -m set --match-set edge_ip_list src -j REJECT
  • 添加Item:ipset add edge_ip_list 192.168.2.32 timeout 30
  • 删除Item: ipset del edge_ip_list 192.168.2.32
  • 创建set:ipset create edge_ip_list hash:ip timeout 0
  • 查看统计:ipset -t list edge_black_list
  • 删除set:ipset destroy edge_black_list

func NewIPSetAction 

func NewIPSetAction() *IPSetAction

func (*IPSetAction) AddItem 

func (this *IPSetAction) AddItem(listType IPListType, item *pb.IPItem) error

func (*IPSetAction) DeleteItem 

func (this *IPSetAction) DeleteItem(listType IPListType, item *pb.IPItem) error

func (*IPSetAction) Init 

func (this *IPSetAction) Init(config *firewallconfigs.FirewallActionConfig) error

func (*IPSetAction) SetConfig 

func (this *IPSetAction) SetConfig(config *firewallconfigs.FirewallActionIPSetConfig)

type IPTablesAction 

type IPTablesAction struct {
	BaseAction
	// contains filtered or unexported fields
}

IPTablesAction IPTables动作 相关命令: 

iptables -A INPUT -s "192.168.2.32" -j ACCEPT
iptables -A INPUT -s "192.168.2.32" -j REJECT
iptables -D INPUT ...
iptables -F INPUT

func NewIPTablesAction 

func NewIPTablesAction() *IPTablesAction

func (*IPTablesAction) AddItem 

func (this *IPTablesAction) AddItem(listType IPListType, item *pb.IPItem) error

func (*IPTablesAction) DeleteItem 

func (this *IPTablesAction) DeleteItem(listType IPListType, item *pb.IPItem) error

func (*IPTablesAction) Init 

func (this *IPTablesAction) Init(config *firewallconfigs.FirewallActionConfig) error

type KVIPList added in v1.3.5 

type KVIPList struct {
	// contains filtered or unexported fields
}

func NewKVIPList added in v1.3.5 

func NewKVIPList() (*KVIPList, error)

func (*KVIPList) AddItem added in v1.3.5 

func (this *KVIPList) AddItem(item *pb.IPItem) error

func (*KVIPList) Close added in v1.3.5 

func (this *KVIPList) Close() error

func (*KVIPList) DeleteExpiredItems added in v1.3.5 

func (this *KVIPList) DeleteExpiredItems() error

DeleteExpiredItems 删除过期的条目

func (*KVIPList) Flush added in v1.3.5 

func (this *KVIPList) Flush() error

Flush to disk

func (*KVIPList) Name added in v1.3.5 

func (this *KVIPList) Name() string

Name 数据库名称代号

func (*KVIPList) ReadItems added in v1.3.5 

func (this *KVIPList) ReadItems(offset int64, size int64) (items []*pb.IPItem, goNextLoop bool, err error)

func (*KVIPList) ReadMaxVersion added in v1.3.5 

func (this *KVIPList) ReadMaxVersion() (int64, error)

ReadMaxVersion 读取当前最大版本号

func (*KVIPList) TestInspect added in v1.3.5 

func (this *KVIPList) TestInspect(t *testing.T) error

func (*KVIPList) UpdateMaxVersion added in v1.3.5 

func (this *KVIPList) UpdateMaxVersion(version int64) error

UpdateMaxVersion 修改版本号

type Result 

type Result struct {
	CityId   int64
	Country  string
	Region   string
	Province string
	City     string
	ISP      string
}

type SQLiteIPList added in v1.3.5 

type SQLiteIPList struct {
	// contains filtered or unexported fields
}

func NewSQLiteIPList added in v1.3.5 

func NewSQLiteIPList() (*SQLiteIPList, error)

func (*SQLiteIPList) AddItem added in v1.3.5 

func (this *SQLiteIPList) AddItem(item *pb.IPItem) error

func (*SQLiteIPList) Close added in v1.3.5 

func (this *SQLiteIPList) Close() error

func (*SQLiteIPList) DeleteExpiredItems added in v1.3.5 

func (this *SQLiteIPList) DeleteExpiredItems() error

DeleteExpiredItems 删除过期的条目

func (*SQLiteIPList) Name added in v1.3.5 

func (this *SQLiteIPList) Name() string

Name 数据库名称代号

func (*SQLiteIPList) ReadItems added in v1.3.5 

func (this *SQLiteIPList) ReadItems(offset int64, size int64) (items []*pb.IPItem, goNext bool, err error)

func (*SQLiteIPList) ReadMaxVersion added in v1.3.5 

func (this *SQLiteIPList) ReadMaxVersion() (int64, error)

ReadMaxVersion 读取当前最大版本号

func (*SQLiteIPList) UpdateMaxVersion added in v1.3.5 

func (this *SQLiteIPList) UpdateMaxVersion(version int64) error

UpdateMaxVersion 修改版本号

type ScriptAction 

type ScriptAction struct {
	BaseAction
	// contains filtered or unexported fields
}

ScriptAction 脚本命令动作

func NewScriptAction 

func NewScriptAction() *ScriptAction

func (*ScriptAction) AddItem 

func (this *ScriptAction) AddItem(listType IPListType, item *pb.IPItem) error

func (*ScriptAction) DeleteItem 

func (this *ScriptAction) DeleteItem(listType IPListType, item *pb.IPItem) error

func (*ScriptAction) Init 

func (this *ScriptAction) Init(config *firewallconfigs.FirewallActionConfig) error

type ServerListManager 

type ServerListManager struct {
	// contains filtered or unexported fields
}

ServerListManager 服务相关名单

func NewServerListManager 

func NewServerListManager() *ServerListManager

func (*ServerListManager) BlackMap added in v1.3.5 

func (this *ServerListManager) BlackMap() map[int64]*IPList

func (*ServerListManager) FindBlackList 

func (this *ServerListManager) FindBlackList(serverId int64, autoCreate bool) *IPList

func (*ServerListManager) FindWhiteList 

func (this *ServerListManager) FindWhiteList(serverId int64, autoCreate bool) *IPList

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.