deblan-mirror/reaction
1
0
Fork 0
mirror of https://framagit.org/ppom/reaction synced 2026-03-14 12:45:47 +01:00
Code Issues Projects Releases Packages Wiki Activity
627 commits 6 branches 26 tags 1.6 MiB
Commit graph

627 commits

This branch
This branch
All branches
Author SHA1 Message Date
ppom
5a6c203c01
 		Add system-reaction.slice 2026-02-27 12:00:00 +01:00
ppom
f2b1accec0
 		Fix slice-inherit option 2026-02-26 12:00:00 +01:00
ppom
00725ed9e2
 		notif test: add a filter that shouldn't match 2026-02-26 12:00:00 +01:00
ppom
ea0e7177d9
 		nftables: Fix bad action advertised 2026-02-26 12:00:00 +01:00
ppom
c41c89101d
 		Fix #151: Move RegexSet creation from StreamManager to config Stream 
This move the potential error of a too big regex set to the config setup,
a place where it can be gracefully handled, instead of the place it was,
where this would make reaction mess up with start/stop, etc.
 2026-02-26 12:00:00 +01:00
ppom
3d7e647ef7
 		Adapt tests to nftables configuration 2026-02-25 12:00:00 +01:00
ppom
5b6cc35deb
 		nftables: Fix compilation errors and actually use libnftables 2026-02-25 12:00:00 +01:00
ppom
0cd765251a
 		run plugins in the same slice as reaction 
And reaction should be started in system-reaction.slice.
The plugins could then be grouped together with the daemon
 2026-02-20 12:00:00 +01:00
ppom
26cf3a96e7
 		First draft of an nftables plugin 
Not compiling yet but I'm getting there.
Must be careful on the unsafe, C-wrapping code!
 2026-02-20 12:00:00 +01:00
ppom
285954f7cd
 		Remove outdated FIXME 2026-02-18 12:00:00 +01:00
ppom
dc51d7d432
 		Add support for macOS 2026-02-17 12:00:00 +01:00
ppom
488dc6c66f
 		Update release instructions 2026-02-15 12:00:00 +01:00
ppom
88c99fff0f
 		Fix install instructions 2026-02-12 12:00:00 +01:00
ppom
645d72ac1e
 		.gitignore cleanup 2026-02-12 12:00:00 +01:00
ppom
a7e958f248
 		Update ARCHITECTURE.md 2026-02-12 12:00:00 +01:00
ppom
5577d4f46f
 		reaction-plugin: Add metadata v2.3.0 2026-02-12 12:00:00 +01:00
ppom
a8cd1af78d
 		Set CapabiltyBoundingSet again 2026-02-12 12:00:00 +01:00
ppom
2f57f73ac9
 		Fix systemd functionality 
- Non-absolute WorkingDirectory was refused by systemd
- Plugin specific-conf updated

Improvements:
- ReadOnlyPaths=/
- ProtectHome=true in release builds
- SystemCallFilter further restricted

Disabled:
- DynamicUser: breaks stdio communication, FIXME!
- RestrictAddressFamilies: seems impossible to override to default.
- CapabilityBoundingSet: too restrictive
 2026-02-12 12:00:00 +01:00
ppom
d629d57a7e
 		Change ipset version option from 4/6/46 to ipv4/ipv6/ip 2026-02-12 12:00:00 +01:00
ppom
3c20d8f008
 		Fix merging of systemd options 2026-02-12 12:00:00 +01:00
ppom
5a030ffb7e
 		Make systemd default options more accessible for users by moving them up 2026-02-12 12:00:00 +01:00
ppom
a4ea173c13
 		Do not permit options key when stream/action is not a plugin 2026-02-12 12:00:00 +01:00
ppom
3a61db9e6f
 		plugin: shutdown: add function that permit graceful shutdown by signal 
Handling SIGTERM (etc) signals permit graceful shutdown, cleaning of resources etc.

Added in ipset and cluster.
 2026-02-12 12:00:00 +01:00
ppom
b4313699df
 		systemd: Let reaction stop its subprocesses before killing them 
systemd by default send SIGTERM to all processes in the cgroup, which
doesn't let reaction handle the shutdown of its plugins.
This is fixed by adding KillMode=mixed.
 2026-02-12 12:00:00 +01:00
ppom
270c6cb969
 		systemd service: config file must live in /etc/reaction/ 
This is a breaking change, but it unifies config
for yaml, json, jsonnet and directory users.
 2026-02-12 12:00:00 +01:00
ppom
15f923ef64
 		Safeguard against users executing plugins themselves 
main_loop now first checks that it has been started with the `serve` argument.
If not, it prints an info message and quits.
 2026-02-11 12:00:00 +01:00
ppom
a37a5e5752
 		release v2.3.0 
- cross-rs project doesn't compile anymore: switching to debian12-amd64 only binary release
- package virtual plugin in reaction .deb
- package ipset plugin in separate .deb with its required libipset-dev dependency
 2026-02-11 12:00:00 +01:00
ppom
a8651bf2e0
 		Removal of nft46 and ip46tables 2026-02-11 12:00:00 +01:00
ppom
b07b5064e9
 		Improve reaction-plugin developer documentation 2026-02-11 12:00:00 +01:00
ppom
b7d997ca5e
 		Slight change on the "no audit" sentence 2026-02-09 12:00:00 +01:00
ppom
cce850fc71
 		Add recommandation on ipset or nftables rather than plain iptables 2026-02-09 12:00:00 +01:00
ppom
109fb6d869
 		Adapt reaction core to plugin interface change 2026-02-09 12:00:00 +01:00
ppom
ae28cfbb31
 		cluster: adapt to plugin interface change 2026-02-09 12:00:00 +01:00
ppom
b0dc3c56ad
 		ipset: adapt to plugin interface change 2026-02-09 12:00:00 +01:00
ppom
57d6da5377
 		virtual: adapt to plugin interface change 2026-02-09 12:00:00 +01:00
ppom
12fc90535a
 		Change plugin interface: oneshot load_config and start 
Instead of multiple stream_impl / action_impl and one finish_setup.
This made plugin implementations awkward: they often got some conf and
couldn't determine if it was valid or not.
Now they get all the conf in one function and don't have to keep partial
state from one call to another.

This has the other important benefit that configuration loading is
separated from startup. This will make plugin lifecycle management less
clunky.
 2026-02-09 12:00:00 +01:00
ppom
62933b55e4
 		Start plugins after start commands 
Because stop commands run after plugins' shutdown, so it seems better
that commands embrace ({ plugins }).

Fix outdated comment about aborting on startup.
 2026-02-09 12:00:00 +01:00
ppom
34e2a8f294
 		plugin: simpler crate version retrieval 2026-02-09 12:00:00 +01:00
ppom
41bc3525f8
 		Fix time-based test sometimes failing by increasing sleep 2026-02-09 12:00:00 +01:00
ppom
5ce773c8e5
 		cluster: ignore integration tests for now 2026-02-09 12:00:00 +01:00
ppom
6914f19fb8
 		fix assert_cmd::cargo_bin deprecation warning 2026-02-09 12:00:00 +01:00
ppom
7cd4a4305d
 		fix: merge plugins in configuration 2026-02-09 12:00:00 +01:00
ppom
c39fdecef3
 		ipset: add tests for configuration 2026-02-09 12:00:00 +01:00
ppom
885e6b7ef7
 		ipset: re-arrange spacing in logs 2026-02-09 12:00:00 +01:00
ppom
516e6956ab
 		fix double-printing of square brackets in plugin logs 2026-02-09 12:00:00 +01:00
ppom
79ec6d279f
 		ipset: Manuel e2e test does pass 2026-02-09 12:00:00 +01:00
ppom
a83c93ac9d
 		ipset: do not shutdown plugin when one action errors 2026-02-09 12:00:00 +01:00
ppom
47947d18db
 		ipset: Fix dumb bug due to future not awaited 
The edge case is so dumb, cargo is supposed to tell me about this ><

Just learnt that Python never warns about this btw:
https://trio.readthedocs.io/en/v0.9.0/tutorial.html#warning-don-t-forget-that-await
 2026-02-09 12:00:00 +01:00
ppom
915e308015
 		Better plugin process management 
following stderr: task doesn't use shutdown anymore. It will simply follow
stderr until the end of reaction, which at worst is a negligible
memory leak if reaction continues running.
I tried closing stderr on the plugin side with a raw syscall of the file
descriptor, but reaction side doesn't see that stderr is closed.
So I can't rely on that.
Quitting when shutdown.wait() returns is too early, because that's also
what makes reaction asking for the plugin to close(), and it can print
important logs during its shutdown.
The task ignoring all the shutdown part is dead simple and is most likely
correct everytime.

updated the wording of plugin-related errors.

also replaced futures::select! { future, sleep() } with more concise and
macro-less tokio::timeout.
 2026-02-09 12:00:00 +01:00
ppom
41b8a661d2
 		Print on stderr instead of stdout 
...stdout is already taken by remoc ;)
 2026-02-09 12:00:00 +01:00