The new R19 introduces "type=ip" keyval maps.
Posting IP addresses (e.g., 1.2.3.4) seems to work from both, the API 5 REST calls and from Javascript, except IPv6 addresses are not accepted.
Posting CIDR blocks (e.g., 1.2.3.0/24) works fine via the API 5 REST calls but not via Javascript. CIDR entries will not show up in the map at all.
I am trying to feed a banlist into a map which used to be a "geo" directive. This is done by a Javascript function because deleting the map and uploading it again would cause a time of the map being empty.
Consistently, all CIDR ranges fail.
My keyval map definition:
keyval_zone zone=banned:32m timeout=7d type=ip sync state=/var/run/nginx/state/banned.json;
keyval $custom_addr $map_bannedIP zone=banned;
As the placement of regular IP addresses also failed after a while, I tested the function with this Javascript test handler set up as js_content handler for a location:
function admin_mapBanned(r) {
var v = r.variables;
var here = "adminMapBanned";
var n = 0;
for (var a = 1; a < 240; a++) {
for (var b = 1; b < 255; b++) {
for (var c = 1; c < 255; c++) {
for (var d = 1; d < 255; d++) {
n++;
var addr = "" + a + "." + b + "." + c + "." + d;
v.custom_addr = addr;
v.map_bannedIP = "1";
r.log("bannedIP[" + n + "]: " + addr + " => " + v.map_bannedIP);
if (!v.map_bannedIP) {
r.return(200);
return;
}
}
}
}
}
}
The results with different keyval zone sizes:
- 1m => 2964 entries
- 2m => 6000 entries
- 4m => 12032 entries
- 8m => 24128 entries
- 16m => 48304 entries
- 32m => 96704 entries
In consequence, this means a keyval map uses almost 350 bytes to store an IP address and the value of "1". Wow! I would have expected this to be much lower in memory consumption. Anyway, knowing this, I can at least reliably feed IPv4 addresses now.
Please fix the Javascript issue with IPv6 and CIDR notations.
Thanks!
--j.