Fix broken whitelists

internal/cli/run_proxy.go

@@ -110,6 +110,8 @@ func makeIPBlocklist(conf config.ListConfig, logger mtglib.Logger, ntw mtglib.Ne
 		return nil, fmt.Errorf("incorrect parameters for firehol: %w", err)
 	}
 
+	go firehol.Run(conf.UpdateEach.Get(ipblocklist.DefaultFireholUpdateEach))
+
 	return firehol, nil
 }
 
@@ -162,7 +164,7 @@ func runProxy(conf *config.Config, version string) error { // nolint: funlen
 		return fmt.Errorf("cannot build network: %w", err)
 	}
 
-	blocklist, err := makeIPBlocklist(conf.Defense.Blocklist, logger, ntw)
+	blocklist, err := makeIPBlocklist(conf.Defense.Blocklist, logger.Named("blocklist"), ntw)
 	if err != nil {
 		return fmt.Errorf("cannot build ip blocklist: %w", err)
 	}
@@ -170,9 +172,9 @@ func runProxy(conf *config.Config, version string) error { // nolint: funlen
 	var whitelist mtglib.IPBlocklist
 
 	if conf.Defense.Allowlist.Enabled.Get(false) {
-		whlist, err := makeIPBlocklist(conf.Defense.Allowlist, logger, ntw)
+		whlist, err := makeIPBlocklist(conf.Defense.Allowlist, logger.Named("allowlist"), ntw)
 		if err != nil {
-			return fmt.Errorf("cannot build ip blocklist: %w", err)
+			return fmt.Errorf("cannot build ip allowlist: %w", err)
 		}
 
 		whitelist = whlist

ipblocklist/firehol.go

@@ -163,7 +163,7 @@ func (f *Firehol) update() {
 	f.treeV4 = v4tree
 	f.treeV6 = v6tree
 
-	f.logger.Info("blocklist was updated")
+	f.logger.Info("ip list was updated")
 }
 
 func (f *Firehol) updateFromFile(mutex sync.Locker,

ipblocklist/noop.go

@@ -2,13 +2,16 @@ package ipblocklist
 
 import (
 	"net"
+	"time"
 
 	"github.com/9seconds/mtg/v2/mtglib"
 )
 
 type noop struct{}
 
-func (n noop) Contains(ip net.IP) bool { return false }
+func (n noop) Contains(ip net.IP) bool      { return false }
+func (n noop) Run(updateEach time.Duration) {}
+func (n noop) Shutdown()                    {}
 
 // NewNoop returns a dummy ipblocklist which allows all incoming
 // connections.

ipblocklist/noop_test.go

@@ -17,6 +17,13 @@ func (suite *NoopTestSuite) TestOp() {
 	suite.False(ipblocklist.NewNoop().Contains(net.ParseIP("10.0.0.10")))
 }
 
+func (suite *NoopTestSuite) TestRun() {
+	blocklist := ipblocklist.NewNoop()
+
+	blocklist.Run(0)
+	blocklist.Shutdown()
+}
+
 func TestNoop(t *testing.T) {
 	t.Parallel()
 	suite.Run(t, &NoopTestSuite{})

mtglib/init.go

@@ -176,6 +176,12 @@ type IPBlocklist interface {
 	// Contains checks if given IP address belongs to this blocklist If.
 	// it is, a connection is terminated                               .
 	Contains(net.IP) bool
+
+	// Run starts a background update procedure for a blocklist
+	Run(time.Duration)
+
+	// Shutdown stops a blocklist. It is assumed that none will access it after.
+	Shutdown()
 }
 
 // Event is a data structure which is populated during mtg request

mtglib/proxy.go

@@ -144,6 +144,12 @@ func (p *Proxy) Shutdown() {
 	p.ctxCancel()
 	p.streamWaitGroup.Wait()
 	p.workerPool.Release()
+
+	if p.whitelist != nil {
+		p.whitelist.Shutdown()
+	}
+
+	p.blocklist.Shutdown()
 }
 
 func (p *Proxy) doFakeTLSHandshake(ctx *streamContext) bool {