Compare commits
5 Commits
multipatte
...
main
Author | SHA1 | Date | |
---|---|---|---|
ab9a615491 | |||
2c03ac4cf5 | |||
|
8e1c67cead | ||
|
3ee48fa08e | ||
|
86bd75b926 |
11
Makefile
11
Makefile
@ -3,10 +3,10 @@ PREFIX ?= /usr/local
|
|||||||
BINDIR = $(PREFIX)/bin
|
BINDIR = $(PREFIX)/bin
|
||||||
SYSTEMDDIR ?= /etc/systemd
|
SYSTEMDDIR ?= /etc/systemd
|
||||||
|
|
||||||
all: reaction ip46tables nft46
|
all: reaction.linux reaction.freebsd ip46tables nft46
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm -f reaction ip46tables nft46 reaction.deb deb reaction.minisig ip46tables.minisig reaction.deb.minisig nft46.minisig
|
rm -f reaction.linux reaction.freebsd ip46tables nft46 reaction.deb deb reaction.minisig ip46tables.minisig reaction.deb.minisig nft46.minisig
|
||||||
|
|
||||||
ip46tables: helpers_c/ip46tables.c
|
ip46tables: helpers_c/ip46tables.c
|
||||||
$(CC) -s -static helpers_c/ip46tables.c -o ip46tables
|
$(CC) -s -static helpers_c/ip46tables.c -o ip46tables
|
||||||
@ -14,8 +14,11 @@ ip46tables: helpers_c/ip46tables.c
|
|||||||
nft46: helpers_c/nft46.c
|
nft46: helpers_c/nft46.c
|
||||||
$(CC) -s -static helpers_c/nft46.c -o nft46
|
$(CC) -s -static helpers_c/nft46.c -o nft46
|
||||||
|
|
||||||
reaction: app/* reaction.go go.mod go.sum
|
reaction.linux: app/* reaction.go go.mod go.sum
|
||||||
CGO_ENABLED=0 go build -buildvcs=false -ldflags "-s -X main.version=`git tag --sort=v:refname | tail -n1` -X main.commit=`git rev-parse --short HEAD`"
|
GOOS=linux CGO_ENABLED=0 go build -buildvcs=false -ldflags "-s -X main.version=`git tag --sort=v:refname | tail -n1` -X main.commit=`git rev-parse --short HEAD`" -o reaction.linux
|
||||||
|
|
||||||
|
reaction.freebsd: app/* reaction.go go.mod go.sum
|
||||||
|
GOOS=freebsd CGO_ENABLED=0 go build -buildvcs=false -ldflags "-s -X main.version=`git tag --sort=v:refname | tail -n1` -X main.commit=`git rev-parse --short HEAD`" -o reaction.freebsd
|
||||||
|
|
||||||
reaction.deb: reaction ip46tables nft46
|
reaction.deb: reaction ip46tables nft46
|
||||||
chmod +x reaction ip46tables nft46
|
chmod +x reaction ip46tables nft46
|
||||||
|
@ -208,3 +208,10 @@ To install the systemd file as well
|
|||||||
```shell
|
```shell
|
||||||
make install_systemd
|
make install_systemd
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Development
|
||||||
|
|
||||||
|
Contributions are welcome. For any substantial feature, please file an issue first, to be assured that we agree on the feature, and to avoid unnecessary work.
|
||||||
|
|
||||||
|
This is a free time project, so I'm not working on schedule.
|
||||||
|
However, if you're willing to fund the project, I can priorise and plan paid work. This includes features, documentation and specific JSONnet configurations.
|
||||||
|
@ -8,7 +8,6 @@ import (
|
|||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strings"
|
|
||||||
|
|
||||||
"framagit.org/ppom/reaction/logger"
|
"framagit.org/ppom/reaction/logger"
|
||||||
"sigs.k8s.io/yaml"
|
"sigs.k8s.io/yaml"
|
||||||
@ -138,15 +137,9 @@ func ClientShow(format, stream, filter string, regex *regexp.Regexp) {
|
|||||||
if regex != nil {
|
if regex != nil {
|
||||||
for streamName := range response.ClientStatus {
|
for streamName := range response.ClientStatus {
|
||||||
for filterName := range response.ClientStatus[streamName] {
|
for filterName := range response.ClientStatus[streamName] {
|
||||||
for patterns := range response.ClientStatus[streamName][filterName] {
|
for patternName := range response.ClientStatus[streamName][filterName] {
|
||||||
pmatch := false
|
if !regex.MatchString(patternName) {
|
||||||
for _, p := range strings.Split(patterns, "\x00") {
|
delete(response.ClientStatus[streamName][filterName], patternName)
|
||||||
if regex.MatchString(p) {
|
|
||||||
pmatch = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if !pmatch {
|
|
||||||
delete(response.ClientStatus[streamName][filterName], patterns)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(response.ClientStatus[streamName][filterName]) == 0 {
|
if len(response.ClientStatus[streamName][filterName]) == 0 {
|
||||||
@ -169,22 +162,12 @@ func ClientShow(format, stream, filter string, regex *regexp.Regexp) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Fatalln("Failed to convert daemon binary response to text format:", err)
|
logger.Fatalln("Failed to convert daemon binary response to text format:", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Replace \0 joined string with space joined string ("1.2.3.4\0root" -> "1.2.3.4 root")
|
|
||||||
for streamName := range response.ClientStatus {
|
|
||||||
for filterName := range response.ClientStatus[streamName] {
|
|
||||||
for patterns := range response.ClientStatus[streamName][filterName] {
|
|
||||||
text = []byte(strings.ReplaceAll(string(text), strings.Join(strings.Split(patterns, "\x00"), "\\0"), strings.Join(strings.Split(patterns, "\x00"), " ")))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
fmt.Println(string(text))
|
fmt.Println(string(text))
|
||||||
|
|
||||||
os.Exit(0)
|
os.Exit(0)
|
||||||
}
|
}
|
||||||
|
|
||||||
func ClientFlush(patterns []string, streamfilter, format string) {
|
func ClientFlush(pattern, streamfilter, format string) {
|
||||||
response := SendAndRetrieve(Request{Flush, strings.Join(patterns, "\x00")})
|
response := SendAndRetrieve(Request{Flush, pattern})
|
||||||
if response.Err != nil {
|
if response.Err != nil {
|
||||||
logger.Fatalln("Received error from daemon:", response.Err)
|
logger.Fatalln("Received error from daemon:", response.Err)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
|
@ -78,38 +78,25 @@ func (p *Pattern) notAnIgnore(match *string) bool {
|
|||||||
|
|
||||||
// Whether one of the filter's regexes is matched on a line
|
// Whether one of the filter's regexes is matched on a line
|
||||||
func (f *Filter) match(line *string) string {
|
func (f *Filter) match(line *string) string {
|
||||||
var result string
|
|
||||||
for _, regex := range f.compiledRegex {
|
for _, regex := range f.compiledRegex {
|
||||||
|
|
||||||
if matches := regex.FindStringSubmatch(*line); matches != nil {
|
if matches := regex.FindStringSubmatch(*line); matches != nil {
|
||||||
var pnames []string
|
|
||||||
for _, p := range f.pattern {
|
|
||||||
pnames = append(pnames, p.name)
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, p := range f.pattern {
|
if f.pattern != nil {
|
||||||
match := matches[regex.SubexpIndex(p.name)]
|
match := matches[regex.SubexpIndex(f.pattern.name)]
|
||||||
if p.notAnIgnore(&match) {
|
|
||||||
|
if f.pattern.notAnIgnore(&match) {
|
||||||
logger.Printf(logger.INFO, "%s.%s: match [%v]\n", f.stream.name, f.name, match)
|
logger.Printf(logger.INFO, "%s.%s: match [%v]\n", f.stream.name, f.name, match)
|
||||||
if len(result) == 0 {
|
return match
|
||||||
result = match
|
}
|
||||||
} else {
|
} else {
|
||||||
result = strings.Join([]string{result, match}, "\x00")
|
logger.Printf(logger.INFO, "%s.%s: match [.]\n", f.stream.name, f.name)
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if f.pattern == nil {
|
|
||||||
// No pattern, so this match will never actually be used
|
// No pattern, so this match will never actually be used
|
||||||
|
return "."
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
return ""
|
return ""
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if len(strings.Split(result, "\x00")) == len(f.pattern) {
|
|
||||||
return result
|
|
||||||
} else {
|
|
||||||
// Incomplete match = no match
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (f *Filter) sendActions(match string, at time.Time) {
|
func (f *Filter) sendActions(match string, at time.Time) {
|
||||||
@ -125,13 +112,9 @@ func (a *Action) exec(match string) {
|
|||||||
|
|
||||||
if a.filter.pattern != nil {
|
if a.filter.pattern != nil {
|
||||||
computedCommand = make([]string, 0, len(a.Cmd))
|
computedCommand = make([]string, 0, len(a.Cmd))
|
||||||
matches := strings.Split(match, "\x00")
|
|
||||||
|
|
||||||
for _, item := range a.Cmd {
|
for _, item := range a.Cmd {
|
||||||
for i, p := range a.filter.pattern {
|
computedCommand = append(computedCommand, strings.ReplaceAll(item, a.filter.pattern.nameWithBraces, match))
|
||||||
item = strings.ReplaceAll(item, p.nameWithBraces, matches[i])
|
|
||||||
}
|
|
||||||
computedCommand = append(computedCommand, item)
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
computedCommand = a.Cmd
|
computedCommand = a.Cmd
|
||||||
@ -261,7 +244,7 @@ func MatchesManager() {
|
|||||||
matchesManagerHandleFlush(fo)
|
matchesManagerHandleFlush(fo)
|
||||||
case pft = <-matchesC:
|
case pft = <-matchesC:
|
||||||
|
|
||||||
entry := LogEntry{pft.t, 0, strings.Join(strings.Split(pft.p, "\x00"), " / "), pft.f.stream.name, pft.f.name, 0, false}
|
entry := LogEntry{pft.t, 0, pft.p, pft.f.stream.name, pft.f.name, 0, false}
|
||||||
|
|
||||||
entry.Exec = matchesManagerHandleMatch(pft)
|
entry.Exec = matchesManagerHandleMatch(pft)
|
||||||
|
|
||||||
@ -291,7 +274,7 @@ func matchesManagerHandleMatch(pft PFT) bool {
|
|||||||
matchesLock.Lock()
|
matchesLock.Lock()
|
||||||
defer matchesLock.Unlock()
|
defer matchesLock.Unlock()
|
||||||
|
|
||||||
filter, patterns, then := pft.f, pft.p, pft.t
|
filter, pattern, then := pft.f, pft.p, pft.t
|
||||||
pf := PF{pft.p, pft.f}
|
pf := PF{pft.p, pft.f}
|
||||||
|
|
||||||
if filter.Retry > 1 {
|
if filter.Retry > 1 {
|
||||||
@ -316,7 +299,7 @@ func matchesManagerHandleMatch(pft PFT) bool {
|
|||||||
|
|
||||||
if filter.Retry <= 1 || len(matches[pf]) >= filter.Retry {
|
if filter.Retry <= 1 || len(matches[pf]) >= filter.Retry {
|
||||||
delete(matches, pf)
|
delete(matches, pf)
|
||||||
filter.sendActions(patterns, then)
|
filter.sendActions(pattern, then)
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
@ -335,7 +318,7 @@ func StreamManager(s *Stream, endedSignal chan *Stream) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
for _, filter := range s.Filters {
|
for _, filter := range s.Filters {
|
||||||
if match := filter.match(line); len(match) > 0 {
|
if match := filter.match(line); match != "" {
|
||||||
matchesC <- PFT{match, filter, time.Now()}
|
matchesC <- PFT{match, filter, time.Now()}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,4 +1,11 @@
|
|||||||
---
|
---
|
||||||
|
# This example configuration file is a good starting point, but you're
|
||||||
|
# strongly encouraged to take a look at the full documentation: https://reaction.ppom.me
|
||||||
|
#
|
||||||
|
# This file is using the well-established YAML configuration language.
|
||||||
|
# Note that the more powerful JSONnet configuration language is also supported
|
||||||
|
# and that the documentation uses JSONnet
|
||||||
|
|
||||||
# definitions are just a place to put chunks of conf you want to reuse in another place
|
# definitions are just a place to put chunks of conf you want to reuse in another place
|
||||||
# using YAML anchors `&name` and pointers `*name`
|
# using YAML anchors `&name` and pointers `*name`
|
||||||
# definitions are not readed by reaction
|
# definitions are not readed by reaction
|
||||||
@ -31,10 +38,12 @@ patterns:
|
|||||||
start:
|
start:
|
||||||
- [ 'ip46tables', '-w', '-N', 'reaction' ]
|
- [ 'ip46tables', '-w', '-N', 'reaction' ]
|
||||||
- [ 'ip46tables', '-w', '-I', 'INPUT', '-p', 'all', '-j', 'reaction' ]
|
- [ 'ip46tables', '-w', '-I', 'INPUT', '-p', 'all', '-j', 'reaction' ]
|
||||||
|
- [ 'ip46tables', '-w', '-I', 'FORWARD', '-p', 'all', '-j', 'reaction' ]
|
||||||
|
|
||||||
# Those commands will be executed in order at stop, after everything else
|
# Those commands will be executed in order at stop, after everything else
|
||||||
stop:
|
stop:
|
||||||
- [ 'ip46tables', '-w,', '-D', 'INPUT', '-p', 'all', '-j', 'reaction' ]
|
- [ 'ip46tables', '-w,', '-D', 'INPUT', '-p', 'all', '-j', 'reaction' ]
|
||||||
|
- [ 'ip46tables', '-w,', '-D', 'FORWARD', '-p', 'all', '-j', 'reaction' ]
|
||||||
- [ 'ip46tables', '-w', '-F', 'reaction' ]
|
- [ 'ip46tables', '-w', '-F', 'reaction' ]
|
||||||
- [ 'ip46tables', '-w', '-X', 'reaction' ]
|
- [ 'ip46tables', '-w', '-X', 'reaction' ]
|
||||||
|
|
||||||
|
@ -60,8 +60,7 @@ func subCommandParse(f *flag.FlagSet, maxRemainingArgs int) {
|
|||||||
basicUsage()
|
basicUsage()
|
||||||
os.Exit(0)
|
os.Exit(0)
|
||||||
}
|
}
|
||||||
// -1 = no limit to remaining args
|
if len(f.Args()) > maxRemainingArgs {
|
||||||
if maxRemainingArgs > -1 && len(f.Args()) > maxRemainingArgs {
|
|
||||||
fmt.Printf("ERROR unrecognized argument(s): %v\n", f.Args()[maxRemainingArgs:])
|
fmt.Printf("ERROR unrecognized argument(s): %v\n", f.Args()[maxRemainingArgs:])
|
||||||
basicUsage()
|
basicUsage()
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
@ -103,7 +102,7 @@ func basicUsage() {
|
|||||||
` + bold + `reaction flush` + reset + ` TARGET
|
` + bold + `reaction flush` + reset + ` TARGET
|
||||||
# remove currently active matches and run currently pending actions for the specified TARGET
|
# remove currently active matches and run currently pending actions for the specified TARGET
|
||||||
# (then show flushed matches and actions)
|
# (then show flushed matches and actions)
|
||||||
# e.g. reaction flush 192.168.1.1 root
|
# e.g. reaction flush 192.168.1.1
|
||||||
|
|
||||||
# options:
|
# options:
|
||||||
-s/--socket SOCKET # path to the client-daemon communication socket
|
-s/--socket SOCKET # path to the client-daemon communication socket
|
||||||
@ -195,7 +194,7 @@ func Main(version, commit string) {
|
|||||||
SocketPath = addSocketFlag(f)
|
SocketPath = addSocketFlag(f)
|
||||||
queryFormat := addFormatFlag(f)
|
queryFormat := addFormatFlag(f)
|
||||||
limit := addLimitFlag(f)
|
limit := addLimitFlag(f)
|
||||||
subCommandParse(f, -1)
|
subCommandParse(f, 1)
|
||||||
if *queryFormat != "yaml" && *queryFormat != "json" {
|
if *queryFormat != "yaml" && *queryFormat != "json" {
|
||||||
logger.Fatalln("only yaml and json formats are supported")
|
logger.Fatalln("only yaml and json formats are supported")
|
||||||
f.PrintDefaults()
|
f.PrintDefaults()
|
||||||
@ -210,7 +209,7 @@ func Main(version, commit string) {
|
|||||||
logger.Fatalln("for now, -l/--limit is not supported")
|
logger.Fatalln("for now, -l/--limit is not supported")
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
ClientFlush(f.Args(), *limit, *queryFormat)
|
ClientFlush(f.Arg(0), *limit, *queryFormat)
|
||||||
|
|
||||||
case "test-regex":
|
case "test-regex":
|
||||||
// socket not needed, no interaction with the daemon
|
// socket not needed, no interaction with the daemon
|
||||||
|
@ -134,7 +134,7 @@ func rotateDB(c *Conf, logDec *gob.Decoder, flushDec *gob.Decoder, logEnc *gob.E
|
|||||||
}()
|
}()
|
||||||
|
|
||||||
// pattern, stream, fitler → last flush
|
// pattern, stream, fitler → last flush
|
||||||
flushes := make(map[*PSF]time.Time)
|
flushes := make(map[PSF]time.Time)
|
||||||
for {
|
for {
|
||||||
var entry LogEntry
|
var entry LogEntry
|
||||||
var filter *Filter
|
var filter *Filter
|
||||||
@ -160,7 +160,7 @@ func rotateDB(c *Conf, logDec *gob.Decoder, flushDec *gob.Decoder, logEnc *gob.E
|
|||||||
}
|
}
|
||||||
|
|
||||||
// store
|
// store
|
||||||
flushes[&PSF{entry.Pattern, entry.Stream, entry.Filter}] = entry.T
|
flushes[PSF{entry.Pattern, entry.Stream, entry.Filter}] = entry.T
|
||||||
}
|
}
|
||||||
|
|
||||||
lastTimeCpt := int64(0)
|
lastTimeCpt := int64(0)
|
||||||
@ -201,8 +201,8 @@ func rotateDB(c *Conf, logDec *gob.Decoder, flushDec *gob.Decoder, logEnc *gob.E
|
|||||||
}
|
}
|
||||||
|
|
||||||
// check if it hasn't been flushed
|
// check if it hasn't been flushed
|
||||||
lastGlobalFlush := flushes[&PSF{entry.Pattern, "", ""}].Unix()
|
lastGlobalFlush := flushes[PSF{entry.Pattern, "", ""}].Unix()
|
||||||
lastLocalFlush := flushes[&PSF{entry.Pattern, entry.Stream, entry.Filter}].Unix()
|
lastLocalFlush := flushes[PSF{entry.Pattern, entry.Stream, entry.Filter}].Unix()
|
||||||
entryTime := entry.T.Unix()
|
entryTime := entry.T.Unix()
|
||||||
if lastLocalFlush > entryTime || lastGlobalFlush > entryTime {
|
if lastLocalFlush > entryTime || lastGlobalFlush > entryTime {
|
||||||
continue
|
continue
|
||||||
|
12
app/pipe.go
12
app/pipe.go
@ -17,14 +17,14 @@ func genClientStatus(local_actions ActionsMap, local_matches MatchesMap, local_a
|
|||||||
|
|
||||||
// Painful data manipulation
|
// Painful data manipulation
|
||||||
for pf, times := range local_matches {
|
for pf, times := range local_matches {
|
||||||
patterns, filter := pf.p, pf.f
|
pattern, filter := pf.p, pf.f
|
||||||
if cs[filter.stream.name] == nil {
|
if cs[filter.stream.name] == nil {
|
||||||
cs[filter.stream.name] = make(map[string]MapPatternStatus)
|
cs[filter.stream.name] = make(map[string]MapPatternStatus)
|
||||||
}
|
}
|
||||||
if cs[filter.stream.name][filter.name] == nil {
|
if cs[filter.stream.name][filter.name] == nil {
|
||||||
cs[filter.stream.name][filter.name] = make(MapPatternStatus)
|
cs[filter.stream.name][filter.name] = make(MapPatternStatus)
|
||||||
}
|
}
|
||||||
cs[filter.stream.name][filter.name][patterns] = &PatternStatus{len(times), nil}
|
cs[filter.stream.name][filter.name][pattern] = &PatternStatus{len(times), nil}
|
||||||
}
|
}
|
||||||
|
|
||||||
local_matchesLock.Unlock()
|
local_matchesLock.Unlock()
|
||||||
@ -32,17 +32,17 @@ func genClientStatus(local_actions ActionsMap, local_matches MatchesMap, local_a
|
|||||||
|
|
||||||
// Painful data manipulation
|
// Painful data manipulation
|
||||||
for pa, times := range local_actions {
|
for pa, times := range local_actions {
|
||||||
patterns, action := pa.p, pa.a
|
pattern, action := pa.p, pa.a
|
||||||
if cs[action.filter.stream.name] == nil {
|
if cs[action.filter.stream.name] == nil {
|
||||||
cs[action.filter.stream.name] = make(map[string]MapPatternStatus)
|
cs[action.filter.stream.name] = make(map[string]MapPatternStatus)
|
||||||
}
|
}
|
||||||
if cs[action.filter.stream.name][action.filter.name] == nil {
|
if cs[action.filter.stream.name][action.filter.name] == nil {
|
||||||
cs[action.filter.stream.name][action.filter.name] = make(MapPatternStatus)
|
cs[action.filter.stream.name][action.filter.name] = make(MapPatternStatus)
|
||||||
}
|
}
|
||||||
if cs[action.filter.stream.name][action.filter.name][patterns] == nil {
|
if cs[action.filter.stream.name][action.filter.name][pattern] == nil {
|
||||||
cs[action.filter.stream.name][action.filter.name][patterns] = new(PatternStatus)
|
cs[action.filter.stream.name][action.filter.name][pattern] = new(PatternStatus)
|
||||||
}
|
}
|
||||||
ps := cs[action.filter.stream.name][action.filter.name][patterns]
|
ps := cs[action.filter.stream.name][action.filter.name][pattern]
|
||||||
if ps.Actions == nil {
|
if ps.Actions == nil {
|
||||||
ps.Actions = make(map[string][]string)
|
ps.Actions = make(map[string][]string)
|
||||||
}
|
}
|
||||||
|
@ -13,7 +13,6 @@ import (
|
|||||||
"framagit.org/ppom/reaction/logger"
|
"framagit.org/ppom/reaction/logger"
|
||||||
|
|
||||||
"github.com/google/go-jsonnet"
|
"github.com/google/go-jsonnet"
|
||||||
"golang.org/x/exp/slices"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func (c *Conf) setup() {
|
func (c *Conf) setup() {
|
||||||
@ -96,17 +95,27 @@ func (c *Conf) setup() {
|
|||||||
// Compute Regexes
|
// Compute Regexes
|
||||||
// Look for Patterns inside Regexes
|
// Look for Patterns inside Regexes
|
||||||
for _, regex := range filter.Regex {
|
for _, regex := range filter.Regex {
|
||||||
for _, pattern := range c.Patterns {
|
for patternName, pattern := range c.Patterns {
|
||||||
if strings.Contains(regex, pattern.nameWithBraces) {
|
if strings.Contains(regex, pattern.nameWithBraces) {
|
||||||
if !slices.Contains(filter.pattern, pattern) {
|
|
||||||
filter.pattern = append(filter.pattern, pattern)
|
if filter.pattern == nil {
|
||||||
|
filter.pattern = pattern
|
||||||
|
} else if filter.pattern == pattern {
|
||||||
|
// no op
|
||||||
|
} else {
|
||||||
|
logger.Fatalf(
|
||||||
|
"Bad configuration: Can't mix different patterns (%s, %s) in same filter (%s.%s)\n",
|
||||||
|
filter.pattern.name, patternName, streamName, filterName,
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// FIXME should go in the `if filter.pattern == nil`?
|
||||||
regex = strings.Replace(regex, pattern.nameWithBraces, pattern.Regex, 1)
|
regex = strings.Replace(regex, pattern.nameWithBraces, pattern.Regex, 1)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
compiledRegex, err := regexp.Compile(regex)
|
compiledRegex, err := regexp.Compile(regex)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal("Bad configuration: regex of filter %s.%s: %v", stream.name, filter.name, err)
|
log.Fatalf("%vBad configuration: regex of filter %s.%s: %v", logger.FATAL, stream.name, filter.name, err)
|
||||||
}
|
}
|
||||||
filter.compiledRegex = append(filter.compiledRegex, *compiledRegex)
|
filter.compiledRegex = append(filter.compiledRegex, *compiledRegex)
|
||||||
}
|
}
|
||||||
|
10
app/types.go
10
app/types.go
@ -42,7 +42,7 @@ type Filter struct {
|
|||||||
|
|
||||||
Regex []string `json:"regex"`
|
Regex []string `json:"regex"`
|
||||||
compiledRegex []regexp.Regexp `json:"-"`
|
compiledRegex []regexp.Regexp `json:"-"`
|
||||||
pattern []*Pattern `json:"-"`
|
pattern *Pattern `json:"-"`
|
||||||
|
|
||||||
Retry int `json:"retry"`
|
Retry int `json:"retry"`
|
||||||
RetryPeriod string `json:"retryperiod"`
|
RetryPeriod string `json:"retryperiod"`
|
||||||
@ -87,14 +87,8 @@ type MatchesMap map[PF]map[time.Time]struct{}
|
|||||||
type ActionsMap map[PA]map[time.Time]struct{}
|
type ActionsMap map[PA]map[time.Time]struct{}
|
||||||
|
|
||||||
// Helper structs made to carry information
|
// Helper structs made to carry information
|
||||||
// Stream, Filter
|
|
||||||
type SF struct{ s, f string }
|
type SF struct{ s, f string }
|
||||||
// Pattern, Stream, Filter
|
type PSF struct{ p, s, f string }
|
||||||
type PSF struct{
|
|
||||||
p string
|
|
||||||
s string
|
|
||||||
f string
|
|
||||||
}
|
|
||||||
type PF struct {
|
type PF struct {
|
||||||
p string
|
p string
|
||||||
f *Filter
|
f *Filter
|
||||||
|
@ -1,11 +1,15 @@
|
|||||||
// This file is using JSONNET, a complete configuration language based on JSON
|
// This file is using JSONnet, a complete configuration language based on JSON
|
||||||
// See https://jsonnet.org
|
// See https://jsonnet.org
|
||||||
// JSONNET is a superset of JSON, so one can write plain JSON files if wanted.
|
// JSONnet is a superset of JSON, so one can write plain JSON files if wanted.
|
||||||
// Note that YAML is also supported, see ./example.yml
|
// Note that YAML is also supported, see ./example.yml
|
||||||
|
|
||||||
// JSONNET functions
|
// This example configuration file is a good starting point, but you're
|
||||||
|
// strongly encouraged to take a look at the full documentation: https://reaction.ppom.me
|
||||||
|
|
||||||
|
// JSONnet functions
|
||||||
local iptables(args) = ['ip46tables', '-w'] + args;
|
local iptables(args) = ['ip46tables', '-w'] + args;
|
||||||
// ip46tables is a minimal C program (only POSIX dependencies) present in a subdirectory of this repo.
|
// ip46tables is a minimal C program (only POSIX dependencies) present in a
|
||||||
|
// subdirectory of this repo.
|
||||||
// it permits to handle both ipv4/iptables and ipv6/ip6tables commands
|
// it permits to handle both ipv4/iptables and ipv6/ip6tables commands
|
||||||
|
|
||||||
// See meaning and usage of this function around L106
|
// See meaning and usage of this function around L106
|
||||||
@ -43,14 +47,16 @@ local banFor(time) = {
|
|||||||
start: [
|
start: [
|
||||||
// Create an iptables chain for reaction
|
// Create an iptables chain for reaction
|
||||||
iptables(['-N', 'reaction']),
|
iptables(['-N', 'reaction']),
|
||||||
// Insert this chain as the first item of the INPUT chain (for incoming connections)
|
// Insert this chain as the first item of the INPUT & FORWARD chains (for incoming connections)
|
||||||
iptables(['-I', 'INPUT', '-p', 'all', '-j', 'reaction']),
|
iptables(['-I', 'INPUT', '-p', 'all', '-j', 'reaction']),
|
||||||
|
iptables(['-I', 'FORWARD', '-p', 'all', '-j', 'reaction']),
|
||||||
],
|
],
|
||||||
|
|
||||||
// Those commands will be executed in order at stop, after everything else
|
// Those commands will be executed in order at stop, after everything else
|
||||||
stop: [
|
stop: [
|
||||||
// Remove the chain from the INPUT chain
|
// Remove the chain from the INPUT & FORWARD chains
|
||||||
iptables(['-D', 'INPUT', '-p', 'all', '-j', 'reaction']),
|
iptables(['-D', 'INPUT', '-p', 'all', '-j', 'reaction']),
|
||||||
|
iptables(['-D', 'FORWARD', '-p', 'all', '-j', 'reaction']),
|
||||||
// Empty the chain
|
// Empty the chain
|
||||||
iptables(['-F', 'reaction']),
|
iptables(['-F', 'reaction']),
|
||||||
// Delete the chain
|
// Delete the chain
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=A daemon that scans program outputs for repeated patterns, and takes action.
|
Description=A daemon that scans program outputs for repeated patterns, and takes action.
|
||||||
Documentation=https://framagit.org/ppom/reaction-wiki
|
Documentation=https://framagit.org/ppom/reaction-wiki
|
||||||
|
# Ensure reaction will insert its chain after docker has inserted theirs. Only useful when iptables & docker are used
|
||||||
|
# After=docker.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/usr/bin/reaction start -c /etc/reaction.jsonnet
|
ExecStart=/usr/bin/reaction start -c /etc/reaction.jsonnet
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
# vim: ft=systemd
|
# vim: ft=systemd
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
# Ensure reaction will insert its chain after docker has inserted theirs. Only useful when iptables & docker are used
|
||||||
|
# After=docker.service
|
||||||
|
|
||||||
# See `man systemd.exec` and `man systemd.service` for most options below
|
# See `man systemd.exec` and `man systemd.service` for most options below
|
||||||
[Service]
|
[Service]
|
||||||
|
1
go.mod
1
go.mod
@ -4,7 +4,6 @@ go 1.20
|
|||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/google/go-jsonnet v0.20.0
|
github.com/google/go-jsonnet v0.20.0
|
||||||
golang.org/x/exp v0.0.0-20240213143201-ec583247a57a
|
|
||||||
sigs.k8s.io/yaml v1.1.0
|
sigs.k8s.io/yaml v1.1.0
|
||||||
)
|
)
|
||||||
|
|
||||||
|
2
go.sum
2
go.sum
@ -1,8 +1,6 @@
|
|||||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
github.com/google/go-jsonnet v0.20.0 h1:WG4TTSARuV7bSm4PMB4ohjxe33IHT5WVTrJSU33uT4g=
|
github.com/google/go-jsonnet v0.20.0 h1:WG4TTSARuV7bSm4PMB4ohjxe33IHT5WVTrJSU33uT4g=
|
||||||
github.com/google/go-jsonnet v0.20.0/go.mod h1:VbgWF9JX7ztlv770x/TolZNGGFfiHEVx9G6ca2eUmeA=
|
github.com/google/go-jsonnet v0.20.0/go.mod h1:VbgWF9JX7ztlv770x/TolZNGGFfiHEVx9G6ca2eUmeA=
|
||||||
golang.org/x/exp v0.0.0-20240213143201-ec583247a57a h1:HinSgX1tJRX3KsL//Gxynpw5CTOAIPhgL4W8PNiIpVE=
|
|
||||||
golang.org/x/exp v0.0.0-20240213143201-ec583247a57a/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
|
|
||||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||||
gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo=
|
gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo=
|
||||||
gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||||
|
@ -38,7 +38,7 @@ int isIPv6(char *tab, int len) {
|
|||||||
}
|
}
|
||||||
// Each char must be a digit, :, a-f, or A-F
|
// Each char must be a digit, :, a-f, or A-F
|
||||||
for (i=0; i<len; i++) {
|
for (i=0; i<len; i++) {
|
||||||
if (!isdigit(tab[i]) && tab[i] != ':' && !(tab[i] >= 'a' && tab[i] <= 'f') && !(tab[i] >= 'A' && tab[i] <= 'F')) {
|
if (!isdigit(tab[i]) && tab[i] != ':' && tab[i] != '.' && !(tab[i] >= 'a' && tab[i] <= 'f') && !(tab[i] >= 'A' && tab[i] <= 'F')) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user