zishuo/nip
1
0
Fork 0
mirror of https://github.com/cunnie/sslip.io.git synced 2025-12-24 12:12:48 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
Files
ca19f02369a55596a877cf9071cbd23a8aec7d0d
nip/etc/blocklist-test.txt
Brian Cunnie ca19f02369 Performance-tune the blocklist 
Previously we blocked by CIDRs, not IPs, but that was flawed: of the 746
CIDRs, 744 of them were /32 — in other words, IP addresses. And matching
CIDRs is computationally expensive: consuming 4.8% of the CPU for each
query.

We switched to a string-indexed map instead to accelerate matching.

- Fivefold increase in blocklist lookup speed, dropping from consuming
  4.8% of the CPU to 0.96%
- Added a new member, `xip.BlocklistIPs`
- All blocked sites are IPv4. I have never gotten a takedown for an IPv6
  site
- I wanted to maintain backwards-compatiblity with my blocklist file; I
  didn't want to be forced to coordinate updating that simultaneously
  with a deploy of this code, hence the automated "/32" conversion from
  a CIDR to an IP address
- I cleaned up the test blocklist file (`blocklist-test.txt`); it's
  easier to read & understand
- I added profiling from before, `profile/cpu-cidr.prof`, and after,
  `profile/cpu-ip.prof`, the change.
2025-08-24 18:42:19 -07:00

10 lines
307 B
Plaintext
Raw Blame History

# TESTING ONLY: List of "Forbidden" (blocked) names & CIDRs
# This is a shortened variant meant to be used for testing (`ginkgo`) because
# the legitimate one has grown so long it clutters the test output
12.34.56.78/24 # IPv4 CIDR
1234::/64 # IPv6 CIDR
23.45.67.89 # IPv4
raiffeisen # string
Reference in New Issue View Git Blame Copy Permalink