Removal of nft46 and ip46tables

.gitignore

@@ -1,6 +1,4 @@
 /reaction
-/ip46tables
-/nft46
 reaction*.db
 reaction*.db.old
 /data

Cargo.toml

@@ -22,8 +22,6 @@ systemd-units = { enable = false }
 assets = [
 	# Executables
 	[ "target/release/reaction", "/usr/bin/reaction", "755" ],
-	[ "target/release/ip46tables", "/usr/bin/ip46tables", "755" ],
-	[ "target/release/nft46", "/usr/bin/nft46", "755" ],
 	# Man pages
 	[ "target/release/reaction*.1", "/usr/share/man/man1/", "644" ],
 	# Shell completions

Makefile

@@ -14,8 +14,6 @@ reaction:
 
 install: reaction
 	install -m755 target/release/reaction $(DESTDIR)$(BINDIR)
-	install -m755 target/release/ip46tables $(DESTDIR)$(BINDIR)
-	install -m755 target/release/nft46 $(DESTDIR)$(BINDIR)
 
 install_systemd: install
 	install -m644 packaging/reaction.service $(SYSTEMDDIR)/system/reaction.service

README.md

@@ -136,9 +136,9 @@ local banFor(time) = {
 
 </details>
 
-It is recommended to setup reaction with [`nftables`](https://reaction.ppom.me/actions/nftables.html)
-or [`ipset` + `iptables`](https://reaction.ppom.me/actions/ipset.html), which are much more performant
-solutions than `iptables` alone.
+> It is recommended to setup reaction with [`nftables`](https://reaction.ppom.me/actions/nftables.html)
+> or [`ipset` + `iptables`](https://reaction.ppom.me/actions/ipset.html), which are much more performant
+> solutions than `iptables` alone.
 
 ### Database
 
@@ -155,19 +155,10 @@ If you don't know where to start reaction, `/var/lib/reaction` should be a sane
 - `reaction test-config` shows loaded configuration
 - `reaction help` for full usage.
 
-### `ip46tables` and `nft46`
+### old binaries
 
-> ⚠️Deprecated since v2.2.0:
-> reaction now provides builtin support for executing different actions on ipv4 and ipv6.
-> They will be removed in a future version.
-
-`ip46tables` and `nft46` are two minimal c programs present in the `helpers_c` directory with only standard posix dependencies.
-
-`ip46tables` permits to configure `iptables` and `ip6tables` at the same time.
-It will execute `iptables` when detecting ipv4, `ip6tables` when detecting ipv6 and both if no ip address is present on the command line.
-
-`nft46` works slightly differently: it will replace the `X` in its argument by 4 or 6 depending on the ip address on the command line.
-This permits to have 2 IP sets, one of type `ipv4_addr` and one of type `ipv6_addr`.
+`ip46tables` and `nft46` binaries are no longer part of reaction. If you really need them, see
+[the last commit that included them](https://framagit.org/ppom/reaction/-/tree/b7d997ca5e9a69c8572bb2ec9d27d0eb03b3cb9f/helpers_c).
 
 ## Wiki
 

build.rs

@@ -1,8 +1,6 @@
 use std::{
-    env::{var, var_os},
+    env::var_os,
     io::{self, ErrorKind},
-    path::Path,
-    process,
 };
 
 use clap_complete::shells;
@@ -10,54 +8,10 @@ use clap_complete::shells;
 // SubCommand defined here
 include!("src/cli.rs");
 
-fn cc() -> String {
-    // TARGET looks like aarch64-unknown-linux-musl
-    let cc = match var("TARGET") {
-        Ok(target) => {
-            // We're looking for an environment variable looking like
-            // CC_aarch64_unknown_linux_musl
-            let target = target.replace("-", "_");
-            var(format!("CC_{}", target.replace("-", "_"))).ok()
-        }
-        Err(_) => None,
-    };
-    match cc {
-        Some(cc) => Some(cc),
-        // Else we're looking for CC environment variable
-        None => var("CC").ok(),
-    }
-    // Else we use `cc`
-    .unwrap_or("cc".into())
-}
-
-fn compile_helper(cc: &str, name: &str, out_dir: &Path) -> io::Result<()> {
-    let mut args = vec![
-        format!("helpers_c/{name}.c"),
-        "-o".into(),
-        out_dir
-            .join(name)
-            .to_str()
-            .expect("could not join path")
-            .to_owned(),
-    ];
-    // We can build static executables in cross environment
-    if cc.ends_with("-gcc") {
-        args.push("-static".into());
-    }
-    process::Command::new(cc).args(args).spawn()?;
-    Ok(())
-}
-
 fn main() -> io::Result<()> {
     if var_os("PROFILE").ok_or(ErrorKind::NotFound)? == "release" {
         let out_dir = PathBuf::from(var_os("OUT_DIR").ok_or(ErrorKind::NotFound)?).join("../../..");
 
-        // Compile C helpers
-        let cc = cc();
-        println!("CC is: {}", cc);
-        compile_helper(&cc, "ip46tables", &out_dir)?;
-        compile_helper(&cc, "nft46", &out_dir)?;
-
         // Build CLI
         let cli = clap::Command::new("reaction");
         let cli = SubCommand::augment_subcommands(cli);
@@ -80,8 +34,6 @@ See usage examples, service configurations and good practices on the wiki: https
 
     println!("cargo::rerun-if-changed=build.rs");
     println!("cargo::rerun-if-changed=src/cli.rs");
-    println!("cargo::rerun-if-changed=helpers_c/ip46tables.c");
-    println!("cargo::rerun-if-changed=helpers_c/nft46.c");
 
     Ok(())
 }

helpers_c/README.md

@@ -1,12 +0,0 @@
-# C helpers
-
-Those helpers permit to handle IPv4 & IPv6 at the same time, waiting for [#79](https://framagit.org/ppom/reaction/-/issues/79) to be addressed.
-
-Compilation:
-
-```bash
-# Produces nft46 binary
-gcc -o nft46 nft46.c
-# Produces ip46tables binary
-gcc -o ip46tables ip46tables.c
-```

helpers_c/ip46tables.c

@@ -1,91 +0,0 @@
-#include<ctype.h>
-#include<errno.h>
-#include<stdio.h>
-#include<stdlib.h>
-#include<string.h>
-#include<unistd.h>
-
-// If this programs
-// - receives an ipv4 address in its arguments:
-//   → it will executes iptables  with the same arguments in place.
-//
-// - receives an ipv6 address in its arguments:
-//   → it will executes ip6tables with the same arguments in place.
-//
-// - doesn't receive an ipv4 or ipv6 address in its arguments:
-//   → it will executes both, with the same arguments in place.
-
-int isIPv4(char *tab) {
-	int i,len;
-	// IPv4 addresses are at least 7 chars long
-	len = strlen(tab);
-	if (len < 7 || !isdigit(tab[0]) || !isdigit(tab[len-1])) {
-			return 0;
-	}
-	// Each char must be a digit or a dot between 2 digits
-	for (i=1; i<len-1; i++) {
-		if (!isdigit(tab[i]) && !(tab[i] == '.' && isdigit(tab[i-1]) && isdigit(tab[i+1]))) {
-			return 0;
-		}
-	}
-	return 1;
-}
-
-int isIPv6(char *tab) {
-	int i,len, twodots = 0;
-	// IPv6 addresses are at least 3 chars long
-	len = strlen(tab);
-	if (len < 3) {
-			return 0;
-	}
-	// Each char must be a digit, :, a-f, or A-F
-	for (i=0; i<len; i++) {
-		if (!isdigit(tab[i]) && tab[i] != ':' && !(tab[i] >= 'a' && tab[i] <= 'f') && !(tab[i] >= 'A' && tab[i] <= 'F')) {
-			return 0;
-		}
-	}
-	return 1;
-}
-
-int guess_type(int len, char *tab[]) {
-	int i;
-	for (i=0; i<len; i++) {
-		if (isIPv4(tab[i])) {
-			return 4;
-		} else if (isIPv6(tab[i])) {
-			return 6;
-		}
-	}
-	return 0;
-}
-
-void exec(char *str, char **argv) {
-	argv[0] = str;
-	execvp(str, argv);
-	// returns only if fails
-	printf("ip46tables: exec failed %d\n", errno);
-}
-
-int main(int argc, char **argv) {
-	if (argc < 2) {
-		printf("ip46tables: At least one argument has to be given\n");
-		exit(1);
-	}
-	int type;
-	type = guess_type(argc, argv);
-	if (type == 4) {
-		exec("iptables", argv);
-	} else if (type == 6) {
-		exec("ip6tables", argv);
-	} else {
-		pid_t pid = fork();
-		if (pid == -1) {
-			printf("ip46tables: fork failed\n");
-			exit(1);
-		} else if (pid) {
-			exec("iptables", argv);
-		} else {
-			exec("ip6tables", argv);
-		}
-	}
-}

helpers_c/nft46.c

@@ -1,97 +0,0 @@
-#include<ctype.h>
-#include<errno.h>
-#include<stdio.h>
-#include<stdlib.h>
-#include<string.h>
-#include<unistd.h>
-
-// nft46 'add element inet reaction ipvXbans { 1.2.3.4 }' → nft 'add element inet reaction ipv4bans { 1.2.3.4 }'
-// nft46 'add element inet reaction ipvXbans { a:b::c:d }' → nft 'add element inet reaction ipv6bans { a:b::c:d }'
-//
-// the character X is replaced by 4 or 6 depending on the address family of the specified IP
-//
-// Limitations:
-// - nft46 must receive exactly one argument
-// - only one IP must be given per command
-// - the IP must be between { braces }
-
-int isIPv4(char *tab, int len) {
-	int i;
-	// IPv4 addresses are at least 7 chars long
-	if (len < 7 || !isdigit(tab[0]) || !isdigit(tab[len-1])) {
-			return 0;
-	}
-	// Each char must be a digit or a dot between 2 digits
-	for (i=1; i<len-1; i++) {
-		if (!isdigit(tab[i]) && !(tab[i] == '.' && isdigit(tab[i-1]) && isdigit(tab[i+1]))) {
-			return 0;
-		}
-	}
-	return 1;
-}
-
-int isIPv6(char *tab, int len) {
-	int i;
-	// IPv6 addresses are at least 3 chars long
-	if (len < 3) {
-		return 0;
-	}
-	// Each char must be a digit, :, a-f, or A-F
-	for (i=0; i<len; i++) {
-		if (!isdigit(tab[i]) && tab[i] != ':' && tab[i] != '.' && !(tab[i] >= 'a' && tab[i] <= 'f') && !(tab[i] >= 'A' && tab[i] <= 'F')) {
-			return 0;
-		}
-	}
-	return 1;
-}
-
-int findchar(char *tab, char c, int i, int len) {
-	while (i < len && tab[i] != c) i++;
-	if (i == len) {
-		printf("nft46: one %c must be present", c);
-		exit(1);
-	}
-	return i;
-}
-
-void adapt_args(char *tab) {
-	int i, len, X, startIP, endIP, startedIP;
-	X = startIP = endIP = -1;
-	startedIP = 0;
-	len = strlen(tab);
-	i = 0;
-	X = i = findchar(tab, 'X', i, len);
-	startIP = i = findchar(tab, '{', i, len);
-	while (startIP + 1 <= (i = findchar(tab, ' ', i, len))) startIP = i + 1;
-	i = startIP;
-	endIP = i = findchar(tab, ' ', i, len) - 1;
-
-	if (isIPv4(tab+startIP, endIP-startIP+1)) {
-		tab[X] = '4';
-		return;
-	}
-
-	if (isIPv6(tab+startIP, endIP-startIP+1)) {
-		tab[X] = '6';
-		return;
-	}
-
-	printf("nft46: no IP address found\n");
-	exit(1);
-}
-
-void exec(char *str, char **argv) {
-	argv[0] = str;
-	execvp(str, argv);
-	// returns only if fails
-	printf("nft46: exec failed %d\n", errno);
-}
-
-int main(int argc, char **argv) {
-	if (argc != 2) {
-		printf("nft46: Exactly one argument must be given\n");
-		exit(1);
-	}
-	adapt_args(argv[1]);
-	exec("nft", argv);
-}

packaging/Makefile

@@ -4,7 +4,7 @@ MANDIR = $(PREFIX)/share/man/man1
 SYSTEMDDIR ?= /etc/systemd
 
 install:
-	install -Dm755 reaction nft46 ip46tables $(DESTDIR)$(BINDIR)
+	install -Dm755 reaction $(DESTDIR)$(BINDIR)
 	install -Dm644 reaction*.1 -t $(DESTDIR)$(MANDIR)/
 	install -Dm644 reaction.bash  $(DESTDIR)$(PREFIX)/share/bash-completion/completions/reaction
 	install -Dm644 reaction.fish  $(DESTDIR)$(PREFIX)/share/fish/vendor_completions.d/reaction.fish
@@ -13,8 +13,6 @@ install:
 
 remove:
 	rm -f $(DESTDIR)$(BINDIR)/bin/reaction
-	rm -f $(DESTDIR)$(BINDIR)/bin/nft46
-	rm -f $(DESTDIR)$(BINDIR)/bin/ip46tables
 	rm -f $(DESTDIR)$(MANDIR)/reaction*.1
 	rm -f $(DESTDIR)$(PREFIX)/share/bash-completion/completions/reaction
 	rm -f $(DESTDIR)$(PREFIX)/share/fish/vendor_completions.d/reaction.fish

release.py

@@ -162,8 +162,6 @@ $ sudo systemctl enable --now reaction@reaction.jsonnet.service
         files = [
             # Binaries
             "reaction",
-            "nft46",
-            "ip46tables",
             # Shell completion
             "reaction.bash",
             "reaction.fish",