diff --git a/app/demo/dispatch/dispatch__security.go b/app/demo/dispatch/dispatch__security.go index 31fb7ca..0be33cf 100644 --- a/app/demo/dispatch/dispatch__security.go +++ b/app/demo/dispatch/dispatch__security.go @@ -16,65 +16,62 @@ import ( ) func securityMaxSubSessionPerIp(info base.UpdateInfo) { - if config.MaxSubSessionPerIp > 0 { - ip2SubSessions := make(map[string][]base.StatSub) - sessionId2StreamName := make(map[string]string) - for _, g := range info.Groups { - for _, sub := range g.StatSubs { - host, _, err := net.SplitHostPort(sub.RemoteAddr) - if err != nil { - nazalog.Warnf("split host port failed. remote addr=%s", sub.RemoteAddr) - continue - } - ip2SubSessions[host] = append(ip2SubSessions[host], sub) - sessionId2StreamName[sub.SessionId] = g.StreamName + if config.MaxSubSessionPerIp <= 0 { + return + } + + ip2SubSessions := make(map[string][]base.StatSub) + sessionId2StreamName := make(map[string]string) + for _, g := range info.Groups { + for _, sub := range g.StatSubs { + host, _, err := net.SplitHostPort(sub.RemoteAddr) + if err != nil { + nazalog.Warnf("split host port failed. remote addr=%s", sub.RemoteAddr) + continue } + ip2SubSessions[host] = append(ip2SubSessions[host], sub) + sessionId2StreamName[sub.SessionId] = g.StreamName } - for ip, subs := range ip2SubSessions { - if len(subs) > config.MaxSubSessionPerIp { - nazalog.Debugf("close session. ip=%s, session count=%d", ip, len(subs)) - for _, sub := range subs { - if sub.Protocol == base.SessionProtocolHlsStr { - host, _, err := net.SplitHostPort(sub.RemoteAddr) - if err != nil { - nazalog.Warnf("split host port failed. remote addr=%s", sub.RemoteAddr) - continue - } - addIpBlacklist(info.ServerId, host, 60) - } else { - kickSession(info.ServerId, sessionId2StreamName[sub.SessionId], sub.SessionId) - } - } - } + } + + for ip, subs := range ip2SubSessions { + if len(subs) <= config.MaxSubSessionPerIp { + continue + } + nazalog.Debugf("close session. ip=%s, session count=%d", ip, len(subs)) + for _, sub := range subs { + //if sub.Protocol == base.SessionProtocolHlsStr { + // host, _, err := net.SplitHostPort(sub.RemoteAddr) + // if err != nil { + // nazalog.Warnf("split host port failed. remote addr=%s", sub.RemoteAddr) + // continue + // } + // addIpBlacklist(info.ServerId, host, 60) + //} + kickSession(info.ServerId, sessionId2StreamName[sub.SessionId], sub.SessionId) } } } func securityMaxSubDurationSec(info base.UpdateInfo) { - if config.MaxSubDurationSec > 0 { - now := time.Now() - for _, g := range info.Groups { - for _, sub := range g.StatSubs { - st, err := base.ParseReadableTime(sub.StartTime) - if err != nil { - nazalog.Warnf("parse readable time failed. start time=%s, err=%+v", sub.StartTime, err) - continue - } - diff := int(now.Sub(st).Seconds()) - if diff > config.MaxSubDurationSec { - nazalog.Infof("close session. sub session start time=%s, diff=%d", sub.StartTime, diff) - if sub.Protocol == base.SessionProtocolHlsStr { - host, _, err := net.SplitHostPort(sub.RemoteAddr) - if err != nil { - nazalog.Warnf("split host port failed. remote addr=%s", sub.RemoteAddr) - continue - } - addIpBlacklist(info.ServerId, host, 60) - } else { - kickSession(info.ServerId, g.StreamName, sub.SessionId) - } - } + if config.MaxSubDurationSec <= 0 { + return + } + + now := time.Now() + for _, g := range info.Groups { + for _, sub := range g.StatSubs { + st, err := base.ParseReadableTime(sub.StartTime) + if err != nil { + nazalog.Warnf("parse readable time failed. start time=%s, err=%+v", sub.StartTime, err) + continue + } + diff := int(now.Sub(st).Seconds()) + if diff <= config.MaxSubDurationSec { + continue } + nazalog.Infof("close session. sub session start time=%s, diff=%d", sub.StartTime, diff) + kickSession(info.ServerId, g.StreamName, sub.SessionId) } } }