Add freebsd binary build

https://framagit.org/ppom/reaction/-/issues/84

Makefile

@@ -3,10 +3,10 @@ PREFIX ?= /usr/local
 BINDIR = $(PREFIX)/bin
 SYSTEMDDIR ?= /etc/systemd
 
-all: reaction ip46tables nft46
+all: reaction reaction.freebsd ip46tables nft46
 
 clean:
-	rm -f reaction ip46tables nft46 reaction.deb deb reaction.minisig ip46tables.minisig reaction.deb.minisig nft46.minisig
+	rm -f reaction reaction.freebsd ip46tables nft46 reaction.deb deb reaction.minisig ip46tables.minisig reaction.deb.minisig nft46.minisig
 
 ip46tables: helpers_c/ip46tables.c
 	$(CC) -s -static helpers_c/ip46tables.c -o ip46tables
@@ -17,6 +17,9 @@ nft46: helpers_c/nft46.c
 reaction: app/* reaction.go go.mod go.sum
 	CGO_ENABLED=0 go build -buildvcs=false -ldflags "-s -X main.version=`git tag --sort=v:refname | tail -n1` -X main.commit=`git rev-parse --short HEAD`"
 
+reaction.freebsd: app/* reaction.go go.mod go.sum
+	GOOS=freebsd CGO_ENABLED=0 go build -buildvcs=false -ldflags "-s -X main.version=`git tag --sort=v:refname | tail -n1` -X main.commit=`git rev-parse --short HEAD`" -o reaction.freebsd
+
 reaction.deb: reaction ip46tables nft46
 	chmod +x reaction ip46tables nft46
 	mkdir -p deb/reaction/usr/bin/ deb/reaction/usr/sbin/ deb/reaction/lib/systemd/system/

README.md

@@ -208,3 +208,10 @@ To install the systemd file as well
 ```shell
 make install_systemd
 ```
+
+## Development
+
+Contributions are welcome. For any substantial feature, please file an issue first, to be assured that we agree on the feature, and to avoid unnecessary work.
+
+This is a free time project, so I'm not working on schedule.
+However, if you're willing to fund the project, I can priorise and plan paid work. This includes features, documentation and specific JSONnet configurations.

app/example.yml

@@ -1,4 +1,11 @@
 ---
+# This example configuration file is a good starting point, but you're
+# strongly encouraged to take a look at the full documentation: https://reaction.ppom.me
+#
+# This file is using the well-established YAML configuration language.
+# Note that the more powerful JSONnet configuration language is also supported
+# and that the documentation uses JSONnet
+
 # definitions are just a place to put chunks of conf you want to reuse in another place
 # using YAML anchors `&name` and pointers `*name`
 # definitions are not readed by reaction
@@ -31,10 +38,12 @@ patterns:
 start:
   - [ 'ip46tables', '-w', '-N', 'reaction' ]
   - [ 'ip46tables', '-w', '-I', 'INPUT', '-p', 'all', '-j', 'reaction' ]
+  - [ 'ip46tables', '-w', '-I', 'FORWARD', '-p', 'all', '-j', 'reaction' ]
 
 # Those commands will be executed in order at stop, after everything else
 stop:
   - [ 'ip46tables', '-w,', '-D', 'INPUT', '-p', 'all', '-j', 'reaction' ]
+  - [ 'ip46tables', '-w,', '-D', 'FORWARD', '-p', 'all', '-j', 'reaction' ]
   - [ 'ip46tables', '-w', '-F', 'reaction' ]
   - [ 'ip46tables', '-w', '-X', 'reaction' ]
 

config/example.jsonnet

@@ -1,11 +1,15 @@
-// This file is using JSONNET, a complete configuration language based on JSON
+// This file is using JSONnet, a complete configuration language based on JSON
 // See https://jsonnet.org
-// JSONNET is a superset of JSON, so one can write plain JSON files if wanted.
+// JSONnet is a superset of JSON, so one can write plain JSON files if wanted.
 // Note that YAML is also supported, see ./example.yml
 
-// JSONNET functions
+// This example configuration file is a good starting point, but you're
+// strongly encouraged to take a look at the full documentation: https://reaction.ppom.me
+
+// JSONnet functions
 local iptables(args) = ['ip46tables', '-w'] + args;
-// ip46tables is a minimal C program (only POSIX dependencies) present in a subdirectory of this repo.
+// ip46tables is a minimal C program (only POSIX dependencies) present in a
+// subdirectory of this repo.
 // it permits to handle both ipv4/iptables and ipv6/ip6tables commands
 
 // See meaning and usage of this function around L106
@@ -43,14 +47,16 @@ local banFor(time) = {
   start: [
     // Create an iptables chain for reaction
     iptables(['-N', 'reaction']),
-    // Insert this chain as the first item of the INPUT chain (for incoming connections)
+    // Insert this chain as the first item of the INPUT & FORWARD chains (for incoming connections)
     iptables(['-I', 'INPUT', '-p', 'all', '-j', 'reaction']),
+    iptables(['-I', 'FORWARD', '-p', 'all', '-j', 'reaction']),
   ],
 
   // Those commands will be executed in order at stop, after everything else
   stop: [
-    // Remove the chain from the INPUT chain
+    // Remove the chain from the INPUT & FORWARD chains
     iptables(['-D', 'INPUT', '-p', 'all', '-j', 'reaction']),
+    iptables(['-D', 'FORWARD', '-p', 'all', '-j', 'reaction']),
     // Empty the chain
     iptables(['-F', 'reaction']),
     // Delete the chain

config/reaction.debian.service

@@ -1,6 +1,8 @@
 [Unit]
 Description=A daemon that scans program outputs for repeated patterns, and takes action.
 Documentation=https://framagit.org/ppom/reaction-wiki
+# Ensure reaction will insert its chain after docker has inserted theirs. Only useful when iptables & docker are used
+# After=docker.service
 
 [Service]
 ExecStart=/usr/bin/reaction start -c /etc/reaction.jsonnet

config/reaction.example.service

@@ -1,6 +1,8 @@
 # vim: ft=systemd
 [Install]
 WantedBy=multi-user.target
+# Ensure reaction will insert its chain after docker has inserted theirs. Only useful when iptables & docker are used
+# After=docker.service
 
 # See `man systemd.exec` and `man systemd.service` for most options below
 [Service]

helpers_c/nft46.c

@@ -38,7 +38,7 @@ int isIPv6(char *tab, int len) {
 	}
 	// Each char must be a digit, :, a-f, or A-F
 	for (i=0; i<len; i++) {
-		if (!isdigit(tab[i]) && tab[i] != ':' && !(tab[i] >= 'a' && tab[i] <= 'f') && !(tab[i] >= 'A' && tab[i] <= 'F')) {
+		if (!isdigit(tab[i]) && tab[i] != ':' && tab[i] != '.' && !(tab[i] >= 'a' && tab[i] <= 'f') && !(tab[i] >= 'A' && tab[i] <= 'F')) {
 			return 0;
 		}
 	}