| Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Except of course when flags only exist as flags.
|
|
|
|
|
|
|
|
Finally something more reasonable for call sites.
|
|
|
|
|
|
capsicum is too impractical and removing it will allow much more
straightforward code.
|
|
|
|
TCP keepalives were originally enabled to solve the problem of
client connections staying idle for long periods of time, due to
pounce not relaying PINGs from the server. Long-idle TCP connections
are likely to be dropped by NAT routers, causing timeouts.
Unfortunately, the TCP_KEEPIDLE socket option is not available on
OpenBSD, so this was useless for pounce running there. The default
timeout before sending keepalives is 2 hours, which is far longer
than the timeout used by NAT routers, which seems to be 30 minutes.
Now that pounce sends its own PINGs to idle clients approximately
every 15 minutes, these TCP keepalive settings are unnecessary.
|
|
Since pounce responds to server PINGs itself and doesn't relay them
to clients, the only PING a client could be responding to is one
of pounce's, in which case it doesn't make sense to relay the PONG
to the server.
|
|
This is to keep TCP connections to clients from being idle for more
than 15 minutes, since regular PINGs from the server are answered
by pounce and not relayed to clients.
Note that there is still no timeout on poll(2) unless there are
need clients. We assume that we are receiving (and swallowing)
regular PINGs from the server at an interval shorter than 15 minutes,
so a poll(2) timeout would be pointless.
|
|
Bumped on both send and receive.
|
|
So that it can actually be logged to a file separate from any errors
or status messages. Also make sure only LF is used when logging.
|
|
That opening paragraph was severely lacking for a README.
|
|
|
|
A new consumer is obviously expected to have dropped a huge number
of messages.
|
|
|
|
|
|
Most importantly, call out both times that it's IRC usernames pounce
cares about, not nicknames.
|
|
calico is passing us sockets it already accepted, so we don't need
inet anymore.
|
|
|
|
|
|
|
|
So each can be logged properly with its prefix.
|
|
|
|
|
|
|
|
Ported from catgirl.
|
|
Always use insecure, and trust, clientCert, clientPriv are irrelevant
for printing the remote certificate.
|
|
getentropy(3) is kind of an awkward function. May as well be generic
as possible and read some random bytes from /dev/urandom, since for
-x we don't really need to worry about being in some execution
environment where that's unavailable. I'm also happy to remove that
special-case include for macOS since its crypt(3) isn't even usable
anyway.
|
|
So each message can be logged with its prefix. All other calls to
clientFormat and serverFormat write one message at a time.
|
|
Only the first colon should be replaced with a null byte.
|
|
|
|
This should hopefully prevent accidentally using CapSomething rather
than CapSomethingBit as an index in the future.
|
|
|
|
|
|
Setting an AWAY message then disconnecting will no longer replace
the AWAY message with the default one. Reconnecting continues to
always clear AWAY.
|
|
While the colors were easy to identify in blocks, the meaning of
arrows is easier to remember, and survive logs being pasted for
debugging.
|
|
Ported from catgirl ae64d277b8204c156a30d2e8b6a958e5a31f2a7f.
|
|
|
|
Ported from catgirl:
commit 585039fb6e5097cfd16bc083c6d1c9356b237882
Author: Klemens Nanni <klemens@posteo.de>
Date: Sun Jun 20 14:42:10 2021 +0000
Use "secure" libtls ciphers
d3e90b6 'Use libtls "compat" ciphers' from 2018 fell back to "compat"
ciphers to support irc.mozilla.org which now yields NXDOMAIN.
All modern networks (should) support secure ciphers, so drop the
hopefully unneeded list of less secure ciphers by avoiding
tls_config_set_ciphers(3) and therefore sticking to the "secure" aka.
"default" set of ciphers in libtls.
A quick check shows that almost all of the big/known IRC networks
support TLS1.3 already; those who do not at least comply with
SSL_CTX_set_cipher_list(3)'s "HIGH" set as can be tested like this:
echo \
irc.hackint.org \
irc.tilde.chat \
irc.libera.chat \
irc.efnet.nl \
irc.oftc.net |
xargs -tn1 \
openssl s_client -quiet -cipher HIGH -no_ign_eof -port 6697 -host
|
|
Rather than causing a tls_write(3) for each remaining token.
|