about summary refs log tree commit diff
path: root/calico.1
blob: 4d52a10ebaa8c76acf4be7bdbc289fd1f649b7ce (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

.Dd November 6, 2019
.Dt CALICO 1
.Os
.
.Sh NAME
.Nm calico
.Nd dispatches cat
.
.Sh SYNOPSIS
.Nm
.Op Fl H Ar host
.Op Fl P Ar port
.Op Fl t Ar timeout
.Ar directory
.
.Sh DESCRIPTION
The
.Nm
daemon
dispatches incoming TLS connections
to instances of
.Xr pounce 1
by Server Name Indication (SNI).
Instances of
.Xr pounce 1
should be configured with
.Fl U
to bind to UNIX-domain sockets
named by the host they wish to accept connections for
in the directory passed to
.Nm .
.
.Pp
The arguments are as follows:
.Bl -tag -width Ds
.It Fl H Ar host
Bind to
.Ar host .
The default host is localhost.
.It Fl P Ar port
Bind to
.Ar port .
The default port is 6697.
.It Fl t Ar timeout
Set the timeout in milliseconds
after which a connection will be closed
if it has not sent the ClientHello message.
The default timeout is 1000 milliseconds.
.It Ar directory
The path to the directory containing
.Xr pounce 1
UNIX-domain sockets.
.El
.
.Ss Service Configuration
Add the following to
.Pa /etc/rc.conf
to enable the
.Nm
daemon:
.Bd -literal -offset indent
calico_enable="YES"
.Ed
.
.Pp
The default socket directory is
.Pa /var/run/calico .
It can be changed by setting
.Va calico_path .
The
.Xr pounce 1
service can be configured
to listen in this directory
with the following:
.Bd -literal -offset indent
pounce_flags="-U /var/run/calico"
.Ed
.
.Pp
The
.Nm
and
.Xr pounce 1
services can be started and stopped
completely independently of each other.
.
.Sh EXAMPLES
.Bd -literal -offset indent
pounce -U sockets/foo.example.org foo.conf
pounce -U sockets/bar.example.org bar.conf
calico -H example.org sockets/
.Ed
.
.Sh SEE ALSO
.Xr pounce 1
.
.Sh STANDARDS
The
.Nm
daemon implements the following:
.
.Bl -item
.It
.Rs
.%A E. Rescorla
.%Q Mozilla
.%T The Transport Layer Security (TLS) Protocol Version 1.3
.%I IETF
.%N RFC 8446
.%D August 2018
.%U https://tools.ietf.org/html/rfc8446
.Re
.
.It
.Rs
.%A D. Eastlake 3rd
.%Q Huawei
.%T Transport Layer Security (TLS) Extensions: Extension Definitions
.%I IETF
.%N RFC 6066
.%D January 2011
.%U https://tools.ietf.org/html/rfc6066
.Re
.El
.
.Sh AUTHORS
.An June Bug Aq Mt june@causal.agency
.
.Sh BUGS
Send mail to
.Aq Mt june@causal.agency
or join
.Li #ascii.town
on
.Li chat.freenode.net .
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-26 08:31:38 +0000
t the no-match case correctly. In particular, we need to test for GLOB_NOMAGIC | GLOB_NOCHECK instead of GLOB_MAGCHAR. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-02expand: Fix buffer overflow in expandmetaHerbert Xu The native version of expandmeta allocates a buffer that may be overrun for two reasons. First of all the size is 1 byte too small but this is normally hidden because the minimum size is rounded up to 2048 bytes. Secondly, if the directory level is deep enough, any buffer can be overrun. This patch fixes both problems by calling realloc when necessary. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-02builtin: Move echo space/nl handling into print_escape_strHerbert Xu Currently echocmd uses print_escape_str to do everything apart from printing the spaces/newlines separating its arguments. This patch moves the actual printing into print_escape_str as well using the format parameter. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-02builtin: Fix echo performance regressionHerbert Xu The commit d6c0e1e2ffbf7913ab69d51cc794d48d41c8fcb1 ("[BUILTIN] Handle embedded NULs correctly in printf") caused a performance regression in the echo built-in because every echo call now goes through the printf %b slow path where the string is always printed twice to ensure the space padding is correct in the presence of NUL characters. In fact this regression applies to printf %b as well. This is easily fixed by making printf %b take the fast path when no precision/field width modifiers are present. This patch also changes the second strchurnul call to strspn which generates slightly better code. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-02expand: Fix ghost fields with unquoted $@/$*Herbert Xu Harald van Dijk <harald@gigawatt.nl> wrote: > On 22/03/2018 22:38, Martijn Dekker wrote: >> Op 22-03-18 om 20:28 schreef Harald van Dijk: >>> On 22/03/2018 03:40, Martijn Dekker wrote: >>>> This patch fixes the bug that, given no positional parameters, unquoted >>>> $@ and $* incorrectly generate one empty field (they should generate no >>>> fields). Apparently that was a side effect of the above. >>> >>> This seems weird though. If you want to remove the recording of empty >>> regions because they are pointless, then how does removing them fix a >>> bug? Doesn't this show that empty regions do have an effect? Perhaps >>> they're not supposed to have any effect, perhaps it's a specific >>> combination of empty regions and something else that triggers some bug, >>> and perhaps that combination can no longer occur with your patch. >> >> The latter is my guess, but I haven't had time to investigate it. > > Looking into it again: > > When IFS is set to an empty string, sepc is set to '\0' in varvalue(). > This then causes *quotedp to be set to true, meaning evalvar()'s quoted > variable is turned on. quoted is then passed to recordregion() as the > nulonly parameter. > > ifsp->nulonly has a bigger effect than merely selecting whether to use > $IFS or whether to only split on null bytes: in ifsbreakup(), nulonly > also causes string termination to be suppressed. That's correct: that > special treatment is required to preserve empty fields in "$@" > expansion. But it should *only* be used when $@ is quoted: ifsbreakup() > takes nulonly from the last IFS region, even if it's empty, so having an > additional zero-length region with nulonly enabled causes confusion. > > Passing quoted by value to varvalue() and not attempting to modify it > should therefore, and in my quick testing does, also work to fix the > original $@ bug. You're right. The proper fix to this is to ensure that nulonly is not set in varvalue for $*. It should only be set for $@ when it's inside double quotes. In fact there is another bug while we're playing with $@/$*. When IFS is set to a non-whitespace character such as :, $* outside quotes won't remove empty fields as it should. This patch fixes both problems. Reported-by: Martijn Dekker <martijn@inlv.org> Suggested-by: Harald van Dijk <harald@gigawatt.nl> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-02parser: Allow newlines within parameter substitutionHerbert Xu On Fri, Mar 16, 2018 at 11:27:22AM +0800, Herbert Xu wrote: > On Thu, Mar 15, 2018 at 10:49:15PM +0100, Harald van Dijk wrote: > > > > Okay, it can be trivially modified to something that does work in other > > shells (even if it were actually executed), but gets rejected at parse time > > by dash: > > > > if false; then > > : ${$+ > > } > > fi > > That's just a bug in dash's parser with ${} in general, because > it bombs out without the if clause too: > > : ${$+ > } This patch fixes the parsing of newlines with parameter substitution. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-02expand: Fix bugs with words connected to the right of $@Herbert Xu On Sun, Mar 04, 2018 at 12:44:59PM +0100, Harald van Dijk wrote: > > command: set -- a ""; space=" "; printf "<%s>" "$@"$space > bash: <a><> > dash 0.5.8: <a>< > > dash 0.5.9.1: <a>< > > dash patched: <a><> This is actually composed of two bugs. First of all our tracking of quotemark is wrong so anything after "$@" becomes quoted. Once we fix that then the problem is that the first space character after "$@" is not recognised as an IFS. This patch fixes both. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-03-25Revert "[BUILTIN] Remove unnecessary restoration of format string in printf"Herbert Xu This reverts commit 7bb413255368e94395237d789f522891093c5774. The commit breaks printf with more than argument. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-03-22parser: Fix backquote support in here-document EOF markHerbert Xu