safety

package

v1.0.27 Latest Latest Go to latest Published: Jan 7, 2026 License: MPL-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/itcmsgr/nftban

Links

Open Source Insights

Documentation ¶

Index ¶

func FormatBytes(bytes int64) string
func InitCPU(lim Limits)
func InitMemory(lim Limits)
type Limits
- func FromEnv() Limits
type MemAvail
- func AvailableMem() MemAvail
type SystemIPs
- func DetectSystemIPs() (*SystemIPs, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func FormatBytes ¶

func FormatBytes(bytes int64) string

FormatBytes converts bytes to human-readable format

func InitCPU ¶

func InitCPU(lim Limits)

InitCPU sets GOMAXPROCS based on config This prevents the Go server from consuming all CPU cores

func InitMemory ¶

func InitMemory(lim Limits)

InitMemory sets memory limit based on config Uses runtime/debug SetMemoryLimit (Go 1.19+)

Types ¶

type Limits ¶

type Limits struct {
	// GOMAXPROCS limit (CPU cores)
	GoMaxProcs int // default: 2

	// Connection limits
	MaxConcurrentConns int // default: 100
	MaxConnsPerIP      int // default: 10

	// Request limits
	RequestTimeoutSec   int   // default: 30
	MaxRequestBodyMB    int   // default: 10
	MaxRequestBodyBytes int64 // computed from MB

	// Rate limiting
	RateLimitPerMin int // default: 60 requests per minute per IP

	// Memory limits
	MaxMemoryPercent int   // default: 20% of available
	MaxMemoryBytes   int64 // default: 512 MiB

	// Logging
	EnableMetrics bool // default: true
}

Limits holds all safety thresholds for the GUI server

func FromEnv ¶

func FromEnv() Limits

FromEnv returns sane defaults that can be overridden via environment variables This matches the pattern from go-feeds/internal/safety/config.go

type MemAvail ¶

type MemAvail struct {
	Total         int64
	Avail         int64
	CgroupLimit   int64
	CgroupCurrent int64
}

MemAvail holds available memory info (cgroup-aware) This matches the pattern from go-feeds/internal/safety/mem.go

func AvailableMem ¶

func AvailableMem() MemAvail

AvailableMem returns available memory (cgroup-aware for containers) This is critical for running in Docker/Kubernetes where cgroup limits apply

type SystemIPs ¶

type SystemIPs struct {
	ServerIPs     []net.IP    // All server interface IPs
	CurrentUserIP net.IP      // IP of current SSH connection
	GatewayIPs    []net.IP    // Default gateway
	DNSServers    []net.IP    // DNS servers from /etc/resolv.conf
	LoopbackCIDRs []net.IPNet // 127.0.0.0/8, ::1/128
}

SystemIPs holds all critical IPs that must NEVER be blocked

func DetectSystemIPs ¶

func DetectSystemIPs() (*SystemIPs, error)

DetectSystemIPs auto-detects all critical IPs that must be whitelisted

func (*SystemIPs) GetAllIPs ¶

func (s *SystemIPs) GetAllIPs() []net.IP

GetAllIPs returns all IPs as a flat list

func (*SystemIPs) GetAllIPsWithCIDRs ¶

func (s *SystemIPs) GetAllIPsWithCIDRs() ([]net.IP, []net.IPNet)

GetAllIPsWithCIDRs returns all IPs including loopback CIDRs

func (*SystemIPs) PrintSystemIPs ¶

func (s *SystemIPs) PrintSystemIPs()

PrintSystemIPs displays all detected IPs

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL