about summary refs log tree commit diff
Commit message (Collapse)AuthorAge
* Add back pounce EXAMPLES sectionJune McEnroe2021-10-15
|
* Prefix example commands with $ promptJune McEnroe2021-10-15
|
* Note TLS certificate requirement early in manualJune McEnroe2021-10-15
|
* Remove certbot from calico(1) exampleJune McEnroe2021-10-07
|
* Don't call pounce a daemonJune McEnroe2021-10-07
|
* Refer to long option names rather than flagsJune McEnroe2021-10-07
| | | | Except of course when flags only exist as flags.
* Separate options into three sectionsJune McEnroe2021-10-07
|
* Remove mention of capsicum from READMEJune McEnroe2021-10-07
|
* OpenBSD: Simplify unveil(2) callsJune McEnroe2021-10-07
|
* Refactor XDG base directory iterator APIJune McEnroe2021-10-05
| | | | Finally something more reasonable for call sites.
* Load and reload local certificates like normalJune McEnroe2021-10-05
|
* Delete local-path socket like normalJune McEnroe2021-10-05
|
* FreeBSD: Remove capsicum supportJune McEnroe2021-10-05
| | | | | capsicum is too impractical and removing it will allow much more straightforward code.
* Remove certbot default pathsJune McEnroe2021-10-05
|
* Remove TCP keepalive settingsJune McEnroe2021-10-03
| | | | | | | | | | | | | | | TCP keepalives were originally enabled to solve the problem of client connections staying idle for long periods of time, due to pounce not relaying PINGs from the server. Long-idle TCP connections are likely to be dropped by NAT routers, causing timeouts. Unfortunately, the TCP_KEEPIDLE socket option is not available on OpenBSD, so this was useless for pounce running there. The default timeout before sending keepalives is 2 hours, which is far longer than the timeout used by NAT routers, which seems to be 30 minutes. Now that pounce sends its own PINGs to idle clients approximately every 15 minutes, these TCP keepalive settings are unnecessary.
* Intercept client PONGJune McEnroe2021-10-03
| | | | | | | Since pounce responds to server PINGs itself and doesn't relay them to clients, the only PING a client could be responding to is one of pounce's, in which case it doesn't make sense to relay the PONG to the server.
* Send PING to idle clients after 15 minutesJune McEnroe2021-10-03
| | | | | | | | | | | This is to keep TCP connections to clients from being idle for more than 15 minutes, since regular PINGs from the server are answered by pounce and not relayed to clients. Note that there is still no timeout on poll(2) unless there are need clients. We assume that we are receiving (and swallowing) regular PINGs from the server at an interval shorter than 15 minutes, so a poll(2) timeout would be pointless.
* Track client idle timeJune McEnroe2021-10-03
| | | | Bumped on both send and receive.
* Log IRC to standard output with -vJune McEnroe2021-10-02
| | | | | So that it can actually be logged to a file separate from any errors or status messages. Also make sure only LF is used when logging.
* Explain what pounce does and some of how it works in README 2.5June McEnroe2021-09-06
| | | | That opening paragraph was severely lacking for a README.
* Document DIAGNOSTICSJune McEnroe2021-09-05
|
* Avoid logging that a new consumer dropped messagesJune McEnroe2021-09-05
| | | | | A new consumer is obviously expected to have dropped a huge number of messages.
* Use EX_USAGE for all local configuration errorsJune McEnroe2021-09-05
|
* Expand on -s size optionJune McEnroe2021-09-05
|
* Clarify parts of the manualJune McEnroe2021-09-05
| | | | | Most importantly, call out both times that it's IRC usernames pounce cares about, not nicknames.
* OpenBSD: Drop inet pledge when using unix socketJune McEnroe2021-09-03
| | | | | calico is passing us sockets it already accepted, so we don't need inet anymore.
* OpenBSD: Drop no longer needed unveils and pledge promisesJune McEnroe2021-09-03
|
* Reorder file loading in mainJune McEnroe2021-09-03
|
* Be nice and call tls_close(3) on the serverJune McEnroe2021-09-02
|
* Separate client QUIT and ERROR messagesJune McEnroe2021-09-02
| | | | So each can be logged properly with its prefix.
* Remove redundant clientDiff functionJune McEnroe2021-09-02
|
* OpenBSD: pledge(2) the genCert code pathJune McEnroe2021-09-02
|
* OpenBSD: pledge(2) the hashPass code pathJune McEnroe2021-09-02
|
* OpenBSD: pledge(2) printCert code path separatelyJune McEnroe2021-09-02
| | | | Ported from catgirl.
* Call serverConfig() with NULLs for -oJune McEnroe2021-09-02
| | | | | Always use insecure, and trust, clientCert, clientPriv are irrelevant for printing the remote certificate.
* Read from /dev/urandom instead of using getentropy(3)June McEnroe2021-09-02
| | | | | | | | | getentropy(3) is kind of an awkward function. May as well be generic as possible and read some random bytes from /dev/urandom, since for -x we don't really need to worry about being in some execution environment where that's unavailable. I'm also happy to remove that special-case include for macOS since its crypt(3) isn't even usable anyway.
* Separate stateSync intro messagesJune McEnroe2021-08-31
| | | | | So each message can be logged with its prefix. All other calls to clientFormat and serverFormat write one message at a time.
* Correct handling of colons in SASL PLAINJune McEnroe2021-08-30
| | | | Only the first colon should be replaced with a null byte.
* Declare producer staticJune McEnroe2021-08-28
|
* Use CapBits as length of FiltersJune McEnroe2021-08-28
| | | | | This should hopefully prevent accidentally using CapSomething rather than CapSomethingBit as an index in the future.
* Don't create new tls_server(3), just reconfigureJune McEnroe2021-08-21
|
* Zero local-key memory before freeing itJune McEnroe2021-08-21
|
* Avoid overwriting manual AWAY messagesJune McEnroe2021-08-21
| | | | | | Setting an AWAY message then disconnecting will no longer replace the AWAY message with the default one. Reconnecting continues to always clear AWAY.
* Replace verbose colors with two types of arrowsJune McEnroe2021-08-20
| | | | | | While the colors were easy to identify in blocks, the meaning of arrows is easier to remember, and survive logs being pasted for debugging.
* Explicitly clear TLS secrets after handshakeJune McEnroe2021-08-20
| | | | Ported from catgirl ae64d277b8204c156a30d2e8b6a958e5a31f2a7f.
* Handle TLS_WANT_POLL{IN,OUT} from tls_handshake(3) with serverJune McEnroe2021-08-20
|
* Use "secure" libtls ciphersJune McEnroe2021-08-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ported from catgirl: commit 585039fb6e5097cfd16bc083c6d1c9356b237882 Author: Klemens Nanni <klemens@posteo.de> Date: Sun Jun 20 14:42:10 2021 +0000 Use "secure" libtls ciphers d3e90b6 'Use libtls "compat" ciphers' from 2018 fell back to "compat" ciphers to support irc.mozilla.org which now yields NXDOMAIN. All modern networks (should) support secure ciphers, so drop the hopefully unneeded list of less secure ciphers by avoiding tls_config_set_ciphers(3) and therefore sticking to the "secure" aka. "default" set of ciphers in libtls. A quick check shows that almost all of the big/known IRC networks support TLS1.3 already; those who do not at least comply with SSL_CTX_set_cipher_list(3)'s "HIGH" set as can be tested like this: echo \ irc.hackint.org \ irc.tilde.chat \ irc.libera.chat \ irc.efnet.nl \ irc.oftc.net | xargs -tn1 \ openssl s_client -quiet -cipher HIGH -no_ign_eof -port 6697 -host
* Use seprintf to build final 005June McEnroe2021-07-08
| | | | Rather than causing a tls_write(3) for each remaining token.
* Fix LDADD.crypt on DarwinJune McEnroe2021-06-19
|
* Add -m mode option to set user modesJune McEnroe2021-06-18
|