torrust-tracker icon indicating copy to clipboard operation
torrust-tracker copied to clipboard

Published 20 hours ago verified publisher icon torrust

Allow setting the IP bans reset interval via configuration and remove duplicate execution of cronjob to clean bans

Open josecelano opened this issue 7 months ago • 0 comments

Relates to: https://github.com/torrust/torrust-tracker/issues/1452

The tracker has a BanService to ban clients' IPs sending many requests with the wrong connection ID.

There are two tasks:

  • Set the interval in a config value
  • Remove duplicate execution of the cronjob to clean the bans

Context

The BanService is shared across all UDP tracker servers. If a client is banned on one UDP server, it will also be banned on other UDP tracker servers running on different ports.

Task1: Set config value

The problem with adding a congif option is there is no section in the current configuration for services that are shared between all UDP trackers.

The current (not complete) configuration with 2 UDP servers:

[metadata]
app = "torrust-tracker"
purpose = "configuration"
schema_version = "2.0.0"

[logging]
threshold = "info"

[core]
inactive_peer_cleanup_interval = 600
listed = false
private = false
tracker_usage_statistics = true

  [core.announce_policy]
  interval = 300
  interval_min = 300

  [core.database]
  driver = "sqlite3"
  path = "/var/lib/torrust/tracker/database/sqlite3.db"

  [core.net]
  external_ip = "0.0.0.0"
  on_reverse_proxy = true

  [core.tracker_policy]
  max_peer_timeout = 900
  persistent_torrent_completed_stat = true
  remove_peerless_torrents = true

[[udp_trackers]]
bind_address = "0.0.0.0:6868"
tracker_usage_statistics = false

  [udp_trackers.cookie_lifetime]
  secs = 3_600
  nanos = 0

[[udp_trackers]]
bind_address = "0.0.0.0:6969"
tracker_usage_statistics = false

  [udp_trackers.cookie_lifetime]
  secs = 120
  nanos = 0

[[http_trackers]]
bind_address = "0.0.0.0:7070"
tracker_usage_statistics = false

[http_api]
bind_address = "0.0.0.0:1212"

  [http_api.access_tokens]
  admin = "***"

[health_check_api]
bind_address = "127.0.0.1:1313"

I propose to add a new section, udp_tracker_server, with configuration for that package. The same way we have a [core] section for the core tracker.

The new section with the new option would be:

[udp_tracker_server]
ip_bans_reset_intervals_in_secs = 3600

The default value will be 3600 * 24.

Task2: Swpan only one task to clean the bans

Now, every time the tracker runs a new UDP server, it spawns a new task to reset the bans:

tokio::spawn(async move {
    let mut cleaner_interval = interval(Duration::from_secs(IP_BANS_RESET_INTERVAL_IN_SECS));

    cleaner_interval.tick().await;

    loop {
        cleaner_interval.tick().await;
        ban_cleaner.write().await.reset_bans();
    }
});

It works because we launch all the UDP servers simultaneously when the tacker starts, but this should be done only once at the main app bootstrapping when the tracker launches jobs.

I labeled it a bug because, in practice, the bans are being reset more often than once per hour. They are being reset as many times as the number of UDP servers.

Relates to: https://github.com/torrust/torrust-tracker/issues/1444

cc @da2ce7

josecelano avatar Apr 14 '25 15:04 josecelano