合并多个计数器，便于统一的内存控制

2026-01-07 08:15:49 +08:00 · 2023-10-05 09:45:46 +08:00
parent 4cebb4d876
commit b6c19168fd
7 changed files with 18 additions and 28 deletions
--- a/internal/nodes/client_conn.go
+++ b/internal/nodes/client_conn.go
@@ -24,8 +24,6 @@ import (
 	"time"
 )

-var synFloodCounter = counters.NewCounter().WithGC()
-
 // ClientConn 客户端连接
 type ClientConn struct {
 	BaseClientConn
@@ -292,13 +290,13 @@ func (this *ClientConn) LastErr() error {
 }

 func (this *ClientConn) resetSYNFlood() {
-	synFloodCounter.ResetKey("SYN_FLOOD:" + this.RawIP())
+	counters.SharedCounter.ResetKey("SYN_FLOOD:" + this.RawIP())
 }

 func (this *ClientConn) increaseSYNFlood(synFloodConfig *firewallconfigs.SYNFloodConfig) {
 	var ip = this.RawIP()
 	if len(ip) > 0 && !iplibrary.IsInWhiteList(ip) && (!synFloodConfig.IgnoreLocal || !utils.IsLocalIP(ip)) {
-		var result = synFloodCounter.IncreaseKey("SYN_FLOOD:"+ip, 60)
+		var result = counters.SharedCounter.IncreaseKey("SYN_FLOOD:"+ip, 60)
 		var minAttempts = synFloodConfig.MinAttempts
 		if minAttempts < 5 {
 			minAttempts = 5
--- a/internal/utils/counters/counter.go
+++ b/internal/utils/counters/counter.go
@@ -11,7 +11,9 @@ import (
 	"time"
 )

-const maxItemsPerGroup = 100_000
+const maxItemsPerGroup = 60_000
+
+var SharedCounter = NewCounter().WithGC()

 type Counter struct {
 	countMaps uint64
@@ -25,11 +27,9 @@ type Counter struct {

 // NewCounter create new counter
 func NewCounter() *Counter {
-	var count = utils.SystemMemoryGB() * 2
+	var count = utils.SystemMemoryGB() * 4
 	if count < 8 {
 		count = 8
-	} else if count > 128 {
-		count = 128
 	}

 	var itemMaps = []map[uint64]*Item{}
--- a/internal/waf/action_js_cookie.go
+++ b/internal/waf/action_js_cookie.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/TeaOSLab/EdgeNode/internal/utils/counters"
 	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
 	"github.com/iwind/TeaGo/types"
 	"net/http"
@@ -118,9 +119,9 @@ func (this *JSCookieAction) increaseFails(req requests.Request, policyId int64,
 		failBlockTimeout = 1800 // 默认1800s
 	}

-	var key = "JS_COOKIE:FAILS:" + req.WAFRemoteIP() + ":" + types.String(req.WAFServerId()) + ":" + req.WAFRaw().URL.String()
+	var key = "WAF:JS_COOKIE:FAILS:" + req.WAFRemoteIP() + ":" + types.String(req.WAFServerId()) + ":" + req.WAFRaw().URL.String()

-	var countFails = SharedCounter.IncreaseKey(key, 300)
+	var countFails = counters.SharedCounter.IncreaseKey(key, 300)
 	if int(countFails) >= maxFails {
 		SharedIPBlackList.RecordIP(IPTypeAll, firewallconfigs.FirewallScopeService, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(failBlockTimeout), policyId, true, groupId, setId, "JS_COOKIE验证连续失败超过"+types.String(maxFails)+"次")
 		return false
--- a/internal/waf/captcha_counter.go
+++ b/internal/waf/captcha_counter.go
@@ -5,6 +5,7 @@ package waf
 import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/TeaOSLab/EdgeNode/internal/utils"
+	"github.com/TeaOSLab/EdgeNode/internal/utils/counters"
 	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
 	"github.com/iwind/TeaGo/types"
 	"time"
@@ -26,7 +27,7 @@ func CaptchaIncreaseFails(req requests.Request, actionConfig *CaptchaAction, pol
 		if maxFails <= 3 {
 			maxFails = 3 // 不能小于3，防止意外刷新出现
 		}
-		var countFails = SharedCounter.IncreaseKey(CaptchaCacheKey(req, pageCode), 300)
+		var countFails = counters.SharedCounter.IncreaseKey(CaptchaCacheKey(req, pageCode), 300)
 		if int(countFails) >= maxFails {
 			SharedIPBlackList.RecordIP(IPTypeAll, firewallconfigs.FirewallScopeService, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(failBlockTimeout), policyId, true, groupId, setId, "CAPTCHA验证连续失败超过"+types.String(maxFails)+"次")
 			return false
@@ -37,9 +38,9 @@ func CaptchaIncreaseFails(req requests.Request, actionConfig *CaptchaAction, pol

 // CaptchaDeleteCacheKey 清除计数
 func CaptchaDeleteCacheKey(req requests.Request) {
-	SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeInit))
-	SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeShow))
-	SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeSubmit))
+	counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeInit))
+	counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeShow))
+	counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeSubmit))
 }

 // CaptchaCacheKey 获取Captcha缓存Key
@@ -53,5 +54,5 @@ func CaptchaCacheKey(req requests.Request, pageCode CaptchaPageCode) string {
 		}
 	}

-	return "CAPTCHA:FAILS:" + pageCode + ":" + req.WAFRemoteIP() + ":" + types.String(req.WAFServerId()) + ":" + requestPath
+	return "WAF:CAPTCHA:FAILS:" + pageCode + ":" + req.WAFRemoteIP() + ":" + types.String(req.WAFServerId()) + ":" + requestPath
 }
--- a/internal/waf/checkpoints/cc.go
+++ b/internal/waf/checkpoints/cc.go
@@ -8,7 +8,6 @@ import (
 	"regexp"
 )

-var ccCounter = counters.NewCounter().WithGC()

 // CCCheckpoint ${cc.arg}
 // TODO implement more traffic rules
@@ -98,7 +97,7 @@ func (this *CCCheckpoint) RequestValue(req requests.Request, param string, optio
 		if len(key) == 0 {
 			key = req.WAFRemoteIP()
 		}
-		value = ccCounter.IncreaseKey(types.String(ruleId)+"@"+key, types.Int(period))
+		value = counters.SharedCounter.IncreaseKey(types.String(ruleId)+"@WAF_CC@"+key, types.Int(period))
 	}

 	return
--- a/internal/waf/checkpoints/cc2.go
+++ b/internal/waf/checkpoints/cc2.go
@@ -13,8 +13,6 @@ import (
 	"strings"
 )

-var cc2Counter = counters.NewCounter().WithGC()
-
 var commonFileExtensionsMap = map[string]zero.Zero{
 	".ico":   zero.New(),
 	".jpg":   zero.New(),
@@ -77,7 +75,7 @@ func (this *CC2Checkpoint) RequestValue(req requests.Request, param string, opti
 	}

 	var ccKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(keyValues, "@")
-	value = cc2Counter.IncreaseKey(ccKey, period)
+	value = counters.SharedCounter.IncreaseKey(ccKey, period)

 	// 基于指纹统计
 	var enableFingerprint = true
@@ -96,7 +94,7 @@ func (this *CC2Checkpoint) RequestValue(req requests.Request, param string, opti
 				fpKeyValues = append(fpKeyValues, req.Format(types.String(key)))
 			}
 			var fpCCKey = "WAF-CC-" + types.String(ruleId) + "-" + strings.Join(fpKeyValues, "@")
-			var fpValue = cc2Counter.IncreaseKey(fpCCKey, period)
+			var fpValue = counters.SharedCounter.IncreaseKey(fpCCKey, period)
 			if fpValue > value.(uint64) {
 				value = fpValue
 			}
--- a/internal/waf/counter.go
+++ b/internal/waf/counter.go
@@ -1,7 +0,0 @@
-// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
-
-package waf
-
-import "github.com/TeaOSLab/EdgeNode/internal/utils/counters"
-
-var SharedCounter = counters.NewCounter().WithGC()