From a8651bf2e03cf3859b2bfaea0c2fd41bab662170 Mon Sep 17 00:00:00 2001 From: ppom Date: Wed, 11 Feb 2026 12:00:00 +0100 Subject: [PATCH] Removal of nft46 and ip46tables --- .gitignore | 2 - Cargo.toml | 2 - Makefile | 2 - README.md | 21 +++------ build.rs | 50 +--------------------- helpers_c/README.md | 12 ------ helpers_c/ip46tables.c | 91 --------------------------------------- helpers_c/nft46.c | 97 ------------------------------------------ packaging/Makefile | 4 +- release.py | 2 - 10 files changed, 8 insertions(+), 275 deletions(-) delete mode 100644 helpers_c/README.md delete mode 100644 helpers_c/ip46tables.c delete mode 100644 helpers_c/nft46.c diff --git a/.gitignore b/.gitignore index f342516..55ecad6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,4 @@ /reaction -/ip46tables -/nft46 reaction*.db reaction*.db.old /data diff --git a/Cargo.toml b/Cargo.toml index 3e72f6b..5f626de 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -22,8 +22,6 @@ systemd-units = { enable = false } assets = [ # Executables [ "target/release/reaction", "/usr/bin/reaction", "755" ], - [ "target/release/ip46tables", "/usr/bin/ip46tables", "755" ], - [ "target/release/nft46", "/usr/bin/nft46", "755" ], # Man pages [ "target/release/reaction*.1", "/usr/share/man/man1/", "644" ], # Shell completions diff --git a/Makefile b/Makefile index 3efd558..9b31a54 100644 --- a/Makefile +++ b/Makefile @@ -14,8 +14,6 @@ reaction: install: reaction install -m755 target/release/reaction $(DESTDIR)$(BINDIR) - install -m755 target/release/ip46tables $(DESTDIR)$(BINDIR) - install -m755 target/release/nft46 $(DESTDIR)$(BINDIR) install_systemd: install install -m644 packaging/reaction.service $(SYSTEMDDIR)/system/reaction.service diff --git a/README.md b/README.md index 5aa33fb..7d33ab5 100644 --- a/README.md +++ b/README.md @@ -136,9 +136,9 @@ local banFor(time) = { -It is recommended to setup reaction with [`nftables`](https://reaction.ppom.me/actions/nftables.html) -or [`ipset` + `iptables`](https://reaction.ppom.me/actions/ipset.html), which are much more performant -solutions than `iptables` alone. +> It is recommended to setup reaction with [`nftables`](https://reaction.ppom.me/actions/nftables.html) +> or [`ipset` + `iptables`](https://reaction.ppom.me/actions/ipset.html), which are much more performant +> solutions than `iptables` alone. ### Database @@ -155,19 +155,10 @@ If you don't know where to start reaction, `/var/lib/reaction` should be a sane - `reaction test-config` shows loaded configuration - `reaction help` for full usage. -### `ip46tables` and `nft46` +### old binaries -> ⚠️Deprecated since v2.2.0: -> reaction now provides builtin support for executing different actions on ipv4 and ipv6. -> They will be removed in a future version. - -`ip46tables` and `nft46` are two minimal c programs present in the `helpers_c` directory with only standard posix dependencies. - -`ip46tables` permits to configure `iptables` and `ip6tables` at the same time. -It will execute `iptables` when detecting ipv4, `ip6tables` when detecting ipv6 and both if no ip address is present on the command line. - -`nft46` works slightly differently: it will replace the `X` in its argument by 4 or 6 depending on the ip address on the command line. -This permits to have 2 IP sets, one of type `ipv4_addr` and one of type `ipv6_addr`. +`ip46tables` and `nft46` binaries are no longer part of reaction. If you really need them, see +[the last commit that included them](https://framagit.org/ppom/reaction/-/tree/b7d997ca5e9a69c8572bb2ec9d27d0eb03b3cb9f/helpers_c). ## Wiki diff --git a/build.rs b/build.rs index 97c433e..ff070e0 100644 --- a/build.rs +++ b/build.rs @@ -1,8 +1,6 @@ use std::{ - env::{var, var_os}, + env::var_os, io::{self, ErrorKind}, - path::Path, - process, }; use clap_complete::shells; @@ -10,54 +8,10 @@ use clap_complete::shells; // SubCommand defined here include!("src/cli.rs"); -fn cc() -> String { - // TARGET looks like aarch64-unknown-linux-musl - let cc = match var("TARGET") { - Ok(target) => { - // We're looking for an environment variable looking like - // CC_aarch64_unknown_linux_musl - let target = target.replace("-", "_"); - var(format!("CC_{}", target.replace("-", "_"))).ok() - } - Err(_) => None, - }; - match cc { - Some(cc) => Some(cc), - // Else we're looking for CC environment variable - None => var("CC").ok(), - } - // Else we use `cc` - .unwrap_or("cc".into()) -} - -fn compile_helper(cc: &str, name: &str, out_dir: &Path) -> io::Result<()> { - let mut args = vec![ - format!("helpers_c/{name}.c"), - "-o".into(), - out_dir - .join(name) - .to_str() - .expect("could not join path") - .to_owned(), - ]; - // We can build static executables in cross environment - if cc.ends_with("-gcc") { - args.push("-static".into()); - } - process::Command::new(cc).args(args).spawn()?; - Ok(()) -} - fn main() -> io::Result<()> { if var_os("PROFILE").ok_or(ErrorKind::NotFound)? == "release" { let out_dir = PathBuf::from(var_os("OUT_DIR").ok_or(ErrorKind::NotFound)?).join("../../.."); - // Compile C helpers - let cc = cc(); - println!("CC is: {}", cc); - compile_helper(&cc, "ip46tables", &out_dir)?; - compile_helper(&cc, "nft46", &out_dir)?; - // Build CLI let cli = clap::Command::new("reaction"); let cli = SubCommand::augment_subcommands(cli); @@ -80,8 +34,6 @@ See usage examples, service configurations and good practices on the wiki: https println!("cargo::rerun-if-changed=build.rs"); println!("cargo::rerun-if-changed=src/cli.rs"); - println!("cargo::rerun-if-changed=helpers_c/ip46tables.c"); - println!("cargo::rerun-if-changed=helpers_c/nft46.c"); Ok(()) } diff --git a/helpers_c/README.md b/helpers_c/README.md deleted file mode 100644 index 2407f19..0000000 --- a/helpers_c/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# C helpers - -Those helpers permit to handle IPv4 & IPv6 at the same time, waiting for [#79](https://framagit.org/ppom/reaction/-/issues/79) to be addressed. - -Compilation: - -```bash -# Produces nft46 binary -gcc -o nft46 nft46.c -# Produces ip46tables binary -gcc -o ip46tables ip46tables.c -``` diff --git a/helpers_c/ip46tables.c b/helpers_c/ip46tables.c deleted file mode 100644 index 02ce85a..0000000 --- a/helpers_c/ip46tables.c +++ /dev/null @@ -1,91 +0,0 @@ -#include -#include -#include -#include -#include -#include - -// If this programs -// - receives an ipv4 address in its arguments: -// → it will executes iptables with the same arguments in place. -// -// - receives an ipv6 address in its arguments: -// → it will executes ip6tables with the same arguments in place. -// -// - doesn't receive an ipv4 or ipv6 address in its arguments: -// → it will executes both, with the same arguments in place. - -int isIPv4(char *tab) { - int i,len; - // IPv4 addresses are at least 7 chars long - len = strlen(tab); - if (len < 7 || !isdigit(tab[0]) || !isdigit(tab[len-1])) { - return 0; - } - // Each char must be a digit or a dot between 2 digits - for (i=1; i= 'a' && tab[i] <= 'f') && !(tab[i] >= 'A' && tab[i] <= 'F')) { - return 0; - } - } - return 1; -} - -int guess_type(int len, char *tab[]) { - int i; - for (i=0; i -#include -#include -#include -#include -#include - -// nft46 'add element inet reaction ipvXbans { 1.2.3.4 }' → nft 'add element inet reaction ipv4bans { 1.2.3.4 }' -// nft46 'add element inet reaction ipvXbans { a:b::c:d }' → nft 'add element inet reaction ipv6bans { a:b::c:d }' -// -// the character X is replaced by 4 or 6 depending on the address family of the specified IP -// -// Limitations: -// - nft46 must receive exactly one argument -// - only one IP must be given per command -// - the IP must be between { braces } - -int isIPv4(char *tab, int len) { - int i; - // IPv4 addresses are at least 7 chars long - if (len < 7 || !isdigit(tab[0]) || !isdigit(tab[len-1])) { - return 0; - } - // Each char must be a digit or a dot between 2 digits - for (i=1; i= 'a' && tab[i] <= 'f') && !(tab[i] >= 'A' && tab[i] <= 'F')) { - return 0; - } - } - return 1; -} - -int findchar(char *tab, char c, int i, int len) { - while (i < len && tab[i] != c) i++; - if (i == len) { - printf("nft46: one %c must be present", c); - exit(1); - } - return i; -} - -void adapt_args(char *tab) { - int i, len, X, startIP, endIP, startedIP; - X = startIP = endIP = -1; - startedIP = 0; - len = strlen(tab); - i = 0; - X = i = findchar(tab, 'X', i, len); - startIP = i = findchar(tab, '{', i, len); - while (startIP + 1 <= (i = findchar(tab, ' ', i, len))) startIP = i + 1; - i = startIP; - endIP = i = findchar(tab, ' ', i, len) - 1; - - if (isIPv4(tab+startIP, endIP-startIP+1)) { - tab[X] = '4'; - return; - } - - if (isIPv6(tab+startIP, endIP-startIP+1)) { - tab[X] = '6'; - return; - } - - printf("nft46: no IP address found\n"); - exit(1); -} - -void exec(char *str, char **argv) { - argv[0] = str; - execvp(str, argv); - // returns only if fails - printf("nft46: exec failed %d\n", errno); -} - -int main(int argc, char **argv) { - if (argc != 2) { - printf("nft46: Exactly one argument must be given\n"); - exit(1); - } - adapt_args(argv[1]); - exec("nft", argv); -} diff --git a/packaging/Makefile b/packaging/Makefile index 4727ac8..ead1735 100644 --- a/packaging/Makefile +++ b/packaging/Makefile @@ -4,7 +4,7 @@ MANDIR = $(PREFIX)/share/man/man1 SYSTEMDDIR ?= /etc/systemd install: - install -Dm755 reaction nft46 ip46tables $(DESTDIR)$(BINDIR) + install -Dm755 reaction $(DESTDIR)$(BINDIR) install -Dm644 reaction*.1 -t $(DESTDIR)$(MANDIR)/ install -Dm644 reaction.bash $(DESTDIR)$(PREFIX)/share/bash-completion/completions/reaction install -Dm644 reaction.fish $(DESTDIR)$(PREFIX)/share/fish/vendor_completions.d/reaction.fish @@ -13,8 +13,6 @@ install: remove: rm -f $(DESTDIR)$(BINDIR)/bin/reaction - rm -f $(DESTDIR)$(BINDIR)/bin/nft46 - rm -f $(DESTDIR)$(BINDIR)/bin/ip46tables rm -f $(DESTDIR)$(MANDIR)/reaction*.1 rm -f $(DESTDIR)$(PREFIX)/share/bash-completion/completions/reaction rm -f $(DESTDIR)$(PREFIX)/share/fish/vendor_completions.d/reaction.fish diff --git a/release.py b/release.py index 8567551..06c5977 100644 --- a/release.py +++ b/release.py @@ -162,8 +162,6 @@ $ sudo systemctl enable --now reaction@reaction.jsonnet.service files = [ # Binaries "reaction", - "nft46", - "ip46tables", # Shell completion "reaction.bash", "reaction.fish",