From 1840ff4ee46f4223593b2e53ee8ea49b4a51ae79 Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Tue, 11 Jan 2022 16:02:41 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/caches/list_file.go | 1 + internal/nodes/client_conn.go | 16 +++++----------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/internal/caches/list_file.go b/internal/caches/list_file.go index 936956e..45ae486 100644 --- a/internal/caches/list_file.go +++ b/internal/caches/list_file.go @@ -206,6 +206,7 @@ func (this *FileList) Add(hash string, item *Item) error { return err } + this.memoryCache.Write(hash, 1, item.ExpiredAt) atomic.AddInt64(&this.total, 1) if this.onAdd != nil { diff --git a/internal/nodes/client_conn.go b/internal/nodes/client_conn.go index 35f4881..2ce783b 100644 --- a/internal/nodes/client_conn.go +++ b/internal/nodes/client_conn.go @@ -66,9 +66,9 @@ func (this *ClientConn) Read(b []byte) (n int, err error) { if synFloodConfig != nil && synFloodConfig.IsOn { if err != nil && os.IsTimeout(err) { if !this.hasRead { - this.checkSYNFlood() + this.checkSYNFlood(synFloodConfig) } - } else { + } else if err == nil { this.resetSYNFlood() } } @@ -123,23 +123,17 @@ func (this *ClientConn) SetWriteDeadline(t time.Time) error { } func (this *ClientConn) resetSYNFlood() { - // 为了不影响性能,暂时不清除状态 //ttlcache.SharedCache.Delete("SYN_FLOOD:" + this.RawIP()) } -func (this *ClientConn) checkSYNFlood() { - var synFloodConfig = sharedNodeConfig.SYNFloodConfig() - if synFloodConfig == nil || !synFloodConfig.IsOn { - return - } - +func (this *ClientConn) checkSYNFlood(synFloodConfig *firewallconfigs.SYNFloodConfig) { var ip = this.RawIP() if len(ip) > 0 && !iplibrary.IsInWhiteList(ip) && (!synFloodConfig.IgnoreLocal || !utils.IsLocalIP(ip)) { var timestamp = utils.NextMinuteUnixTime() var result = ttlcache.SharedCache.IncreaseInt64("SYN_FLOOD:"+ip, 1, timestamp) var minAttempts = synFloodConfig.MinAttempts - if minAttempts < 3 { - minAttempts = 3 + if minAttempts < 5 { + minAttempts = 5 } if result >= int64(minAttempts) { var timeout = synFloodConfig.TimeoutSeconds