Cache for ignore-facilities (for ignoreip, ignoreself and ignorecommand)

[sebres]

• introduces new option ignorecache to improve performance of ignore failure check (using caching of results from ignoreip, ignoreself and ignorecommand);
  closes RFE Enhancements on the ignorecommand execution #1229, because if cache enabled it does not matter how often failure occurred (command is executed once by the first occurrence)
• extends ignorecommand to use actions-similar replacement (ticket-based now, so capable to interpolate all possible tags)

The cache can be used to speedup ignore verification (so fail2ban would not call ignorecommand or execute DNS lookup repeatedly for already verified IPs (o whatever else is specified as key in ignorecache) for defined time.

Syntax:

ignorecache = key=<subst-expr>, max-count=<number>, max-time=<time>

• key - expression for key of cached entry (that relates to stored result of ignore-facilities) specified as an action tag or substitution expression as string, interpolating combination of standard action tags like <ip> or <F-USER> from ticket generated by failure;
• max-count - maximal number of entries in cache (cache size);
• max-time - maximal time the entries in cache remain valid (cache time);

Set option ignorecache to empty value will disable the cache.

Example 1:

[jail_or_default]
ignorecache = key="<ip>", max-count=500, max-time=1h
ignorecommand = grep -qFx "<ip>" /path/my-ips.txt
ignoreip = my-host.example.com

This will cache the result of ignorecommand (file contains IP) and ignoreip (DNS lookup) for 1 hour for maximal 500 entries, using IP substituted like "192.0.2.1" as cache-keys.

Example 2:

[special_jail]
ignorecache = key="<F-USER>@<ip-host>", max-count=100, max-time=5m
ignorecommand = if [ "<F-USER>" = "technical" ] && [ "<ip-host>" = "my-host.example.com" ]; then exit 0; fi; exit 1

This will cache the result of ignorecommand for 5 minutes for maximal 100 entries, using values substituted like "user@host" as cache-keys.

[coveralls]

Coverage increased (+0.02%) to 97.584% when pulling f8f01d5 on sebres:ignore-cache into 11c1bf0 on fail2ban:0.10.

[codecov-io]

Codecov Report

Merging #2176 into 0.10 will increase coverage by 0.02%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##             0.10    #2176      +/-   ##
==========================================
+ Coverage   95.74%   95.76%   +0.02%     
==========================================
  Files          76       76              
  Lines       13167    13260      +93     
  Branches     2078     2094      +16     
==========================================
+ Hits        12607    12699      +92     
- Misses        292      293       +1     
  Partials      268      268

Impacted Files	Coverage Δ
fail2ban/protocol.py	97.91% <ø> (ø)	⬆️
fail2ban/client/jailreader.py	93.91% <ø> (ø)	⬆️
fail2ban/server/filter.py	95.95% <100%> (+0.2%)	⬆️
fail2ban/tests/servertestcase.py	96.22% <100%> (+0.01%)	⬆️
fail2ban/server/transmitter.py	97.82% <100%> (+0.03%)	⬆️
fail2ban/server/server.py	97.57% <100%> (+0.02%)	⬆️
fail2ban/tests/filtertestcase.py	99.11% <100%> (+0.03%)	⬆️
fail2ban/tests/utils.py	97.33% <100%> (ø)	⬆️
fail2ban/server/actions.py	90.71% <0%> (-0.43%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 11c1bf0...f8f01d5. Read the comment docs.