about summary refs log tree commit diff
path: root/configure (unfollow)
Commit message (Collapse)Author
2021-10-15Prefix other example commands with $ promptJune McEnroe
2021-10-15Add back pounce EXAMPLES sectionJune McEnroe
2021-10-15Prefix example commands with $ promptJune McEnroe
2021-10-15Note TLS certificate requirement early in manualJune McEnroe
2021-10-07Remove certbot from calico(1) exampleJune McEnroe
2021-10-07Don't call pounce a daemonJune McEnroe
2021-10-07Refer to long option names rather than flagsJune McEnroe
Except of course when flags only exist as flags.
2021-10-07Separate options into three sectionsJune McEnroe
2021-10-07Remove mention of capsicum from READMEJune McEnroe
2021-10-07OpenBSD: Simplify unveil(2) callsJune McEnroe
2021-10-05Refactor XDG base directory iterator APIJune McEnroe
Finally something more reasonable for call sites.
2021-10-05Load and reload local certificates like normalJune McEnroe
2021-10-05Delete local-path socket like normalJune McEnroe
2021-10-05FreeBSD: Remove capsicum supportJune McEnroe
capsicum is too impractical and removing it will allow much more straightforward code.
2021-10-05Remove certbot default pathsJune McEnroe
2021-10-03Remove TCP keepalive settingsJune McEnroe
TCP keepalives were originally enabled to solve the problem of client connections staying idle for long periods of time, due to pounce not relaying PINGs from the server. Long-idle TCP connections are likely to be dropped by NAT routers, causing timeouts. Unfortunately, the TCP_KEEPIDLE socket option is not available on OpenBSD, so this was useless for pounce running there. The default timeout before sending keepalives is 2 hours, which is far longer than the timeout used by NAT routers, which seems to be 30 minutes. Now that pounce sends its own PINGs to idle clients approximately every 15 minutes, these TCP keepalive settings are unnecessary.
2021-10-03Intercept client PONGJune McEnroe
Since pounce responds to server PINGs itself and doesn't relay them to clients, the only PING a client could be responding to is one of pounce's, in which case it doesn't make sense to relay the PONG to the server.
2021-10-03Send PING to idle clients after 15 minutesJune McEnroe
This is to keep TCP connections to clients from being idle for more than 15 minutes, since regular PINGs from the server are answered by pounce and not relayed to clients. Note that there is still no timeout on poll(2) unless there are need clients. We assume that we are receiving (and swallowing) regular PINGs from the server at an interval shorter than 15 minutes, so a poll(2) timeout would be pointless.
2021-10-03Track client idle timeJune McEnroe
Bumped on both send and receive.
2021-10-02Log IRC to standard output with -vJune McEnroe
So that it can actually be logged to a file separate from any errors or status messages. Also make sure only LF is used when logging.
2021-09-06Explain what pounce does and some of how it works in README 2.5June McEnroe
That opening paragraph was severely lacking for a README.
2021-09-05Document DIAGNOSTICSJune McEnroe
2021-09-05Avoid logging that a new consumer dropped messagesJune McEnroe
A new consumer is obviously expected to have dropped a huge number of messages.
2021-09-05Use EX_USAGE for all local configuration errorsJune McEnroe
2021-09-05Expand on -s size optionJune McEnroe
2021-09-05Clarify parts of the manualJune McEnroe
Most importantly, call out both times that it's IRC usernames pounce cares about, not nicknames.
2021-09-03OpenBSD: Drop inet pledge when using unix socketJune McEnroe
calico is passing us sockets it already accepted, so we don't need inet anymore.
2021-09-03OpenBSD: Drop no longer needed unveils and pledge promisesJune McEnroe
2021-09-03Reorder file loading in mainJune McEnroe
2021-09-02Be nice and call tls_close(3) on the serverJune McEnroe
2021-09-02Separate client QUIT and ERROR messagesJune McEnroe
So each can be logged properly with its prefix.
2021-09-02Remove redundant clientDiff functionJune McEnroe
2021-09-02OpenBSD: pledge(2) the genCert code pathJune McEnroe
2021-09-02OpenBSD: pledge(2) the hashPass code pathJune McEnroe
2021-09-02OpenBSD: pledge(2) printCert code path separatelyJune McEnroe
Ported from catgirl.
2021-09-02Call serverConfig() with NULLs for -oJune McEnroe
Always use insecure, and trust, clientCert, clientPriv are irrelevant for printing the remote certificate.
2021-09-02Read from /dev/urandom instead of using getentropy(3)June McEnroe
getentropy(3) is kind of an awkward function. May as well be generic as possible and read some random bytes from /dev/urandom, since for -x we don't really need to worry about being in some execution environment where that's unavailable. I'm also happy to remove that special-case include for macOS since its crypt(3) isn't even usable anyway.
2021-08-31Separate stateSync intro messagesJune McEnroe
So each message can be logged with its prefix. All other calls to clientFormat and serverFormat write one message at a time.
2021-08-30Correct handling of colons in SASL PLAINJune McEnroe
Only the first colon should be replaced with a null byte.
2021-08-28Declare producer staticJune McEnroe
2021-08-28Use CapBits as length of FiltersJune McEnroe
This should hopefully prevent accidentally using CapSomething rather than CapSomethingBit as an index in the future.
2021-08-21Don't create new tls_server(3), just reconfigureJune McEnroe
2021-08-21Zero local-key memory before freeing itJune McEnroe
2021-08-21Avoid overwriting manual AWAY messagesJune McEnroe
Setting an AWAY message then disconnecting will no longer replace the AWAY message with the default one. Reconnecting continues to always clear AWAY.
2021-08-20Replace verbose colors with two types of arrowsJune McEnroe
While the colors were easy to identify in blocks, the meaning of arrows is easier to remember, and survive logs being pasted for debugging.
2021-08-20Explicitly clear TLS secrets after handshakeJune McEnroe
Ported from catgirl ae64d277b8204c156a30d2e8b6a958e5a31f2a7f.
2021-08-20Handle TLS_WANT_POLL{IN,OUT} from tls_handshake(3) with serverJune McEnroe
2021-08-20Use "secure" libtls ciphersJune McEnroe
Ported from catgirl: commit 585039fb6e5097cfd16bc083c6d1c9356b237882 Author: Klemens Nanni <klemens@posteo.de> Date: Sun Jun 20 14:42:10 2021 +0000 Use "secure" libtls ciphers d3e90b6 'Use libtls "compat" ciphers' from 2018 fell back to "compat" ciphers to support irc.mozilla.org which now yields NXDOMAIN. All modern networks (should) support secure ciphers, so drop the hopefully unneeded list of less secure ciphers by avoiding tls_config_set_ciphers(3) and therefore sticking to the "secure" aka. "default" set of ciphers in libtls. A quick check shows that almost all of the big/known IRC networks support TLS1.3 already; those who do not at least comply with SSL_CTX_set_cipher_list(3)'s "HIGH" set as can be tested like this: echo \ irc.hackint.org \ irc.tilde.chat \ irc.libera.chat \ irc.efnet.nl \ irc.oftc.net | xargs -tn1 \ openssl s_client -quiet -cipher HIGH -no_ign_eof -port 6697 -host
2021-07-08Use seprintf to build final 005June McEnroe
Rather than causing a tls_write(3) for each remaining token.
2021-06-19Fix LDADD.crypt on DarwinJune McEnroe