Documentation
¶
Index ¶
- func AddIP(configDir string, ipStr string, reason string) error
- func AddIPWithSource(configDir string, ipStr string, reason string, source string) error
- func GetBlacklistByCategory(configDir string, category string) ([]string, []string, error)
- func IsIPInBlacklistFile(ip string, entries map[string]BlacklistEntry) bool
- func LoadAllBlacklists(configDir string) (map[string]bool, map[string]bool, error)
- func LoadAllBlacklistsTyped(configDir string) (map[string]BlacklistEntry, map[string]BlacklistEntry, error)
- func RemoveIP(configDir string, ipStr string) error
- type BlacklistEntry
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddIP ¶
AddIP adds an IP to the appropriate blacklist file Creates blacklist.d/99-manual.conf for manual additions Deprecated: Use AddIPWithSource for source-specific files
func AddIPWithSource ¶
AddIPWithSource adds an IP to a source-specific blacklist file Source determines the target file:
- "login" -> login-auto.conf
- "portscan" -> portscan-auto.conf
- "ddos" -> ddos-auto.conf
- "manual" -> 99-manual.conf (default)
- others -> 99-manual.conf
func GetBlacklistByCategory ¶
GetBlacklistByCategory returns IPs from a specific category file
func IsIPInBlacklistFile ¶ added in v1.119.0
func IsIPInBlacklistFile(ip string, entries map[string]BlacklistEntry) bool
IsIPInBlacklistFile returns true if ip is present as an exact key OR is contained within any CIDR entry in the typed map. 1:1 replacement for the pre-V119 exact-key `entries[ip]` pattern at callsites needing CIDR-aware membership.
The ip argument must be a single IP literal (e.g. "1.2.3.45"), not a CIDR. To check whether an exact CIDR string is in the file (e.g. "1.2.3.0/27" as a literal), use direct map lookup `_, ok := entries[cidr]` instead.
V119 A1: closes D-MANUAL-CIDR-LOAD-GAP.
func LoadAllBlacklists ¶
LoadAllBlacklists loads IPs from all blacklist sources and returns two map[string]bool sets for backward compatibility with pre-V119 callers (notably cmd/nftban-core/profile_sync.go which iterates keys for pprof diff profiling and does not perform membership tests).
New consumers needing CIDR semantics should call LoadAllBlacklistsTyped + IsIPInBlacklistFile instead.
V119: thin wrapper around LoadAllBlacklistsTyped (single scanning/parsing path, two return shapes) per the dual-API pattern in V119_MANUAL_CIDR_PREFLIGHT_PROFILE_SYNC_AUDIT.md §5.
func LoadAllBlacklistsTyped ¶ added in v1.119.0
func LoadAllBlacklistsTyped(configDir string) (map[string]BlacklistEntry, map[string]BlacklistEntry, error)
LoadAllBlacklistsTyped loads IPs from all blacklist sources and returns map[string]BlacklistEntry preserving IsCIDR semantics. Use in tandem with IsIPInBlacklistFile for CIDR-aware membership checks.
V119 A1: closes D-MANUAL-CIDR-LOAD-GAP. Callers in V116 §4 allowlist (cmd_check.go, cmd_ban.go, cmd_unban.go, daemon_handlers_ban.go) use this typed loader; profile_sync.go remains on legacy LoadAllBlacklists.
Types ¶
type BlacklistEntry ¶ added in v1.119.0
type BlacklistEntry struct {
Value string // exact normalized form as written: "1.2.3.4" or "1.2.3.0/27"
IsCIDR bool // true if Value contains "/"
}
BlacklistEntry is the typed loader output preserving IsCIDR semantics so downstream callers can do CIDR-containment lookups instead of exact-key map[ip] match. The pre-V119 loader dropped IsCIDR on the entry.Value path, silently turning entries like "1.2.3.0/27" into opaque map keys that no longer matched "1.2.3.5" — closes D-MANUAL-CIDR-LOAD-GAP per V116_CAND3_MANUAL_CIDR_DESIGN_FIX_SCOPE.md §3.
Source Files