summaryrefslogtreecommitdiff
path: root/pounce.1 (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-10-07OpenBSD: Simplify unveil(2) callsC. McEnroe1-34/+11
2021-10-05Refactor XDG base directory iterator APIC. McEnroe5-73/+65
Finally something more reasonable for call sites.
2021-10-05Load and reload local certificates like normalC. McEnroe6-193/+31
2021-10-05Delete local-path socket like normalC. McEnroe2-24/+1
2021-10-05FreeBSD: Remove capsicum supportC. McEnroe3-84/+1
capsicum is too impractical and removing it will allow much more straightforward code.
2021-10-05Remove certbot default pathsC. McEnroe4-61/+11
2021-10-03Remove TCP keepalive settingsC. McEnroe1-16/+1
TCP keepalives were originally enabled to solve the problem of client connections staying idle for long periods of time, due to pounce not relaying PINGs from the server. Long-idle TCP connections are likely to be dropped by NAT routers, causing timeouts. Unfortunately, the TCP_KEEPIDLE socket option is not available on OpenBSD, so this was useless for pounce running there. The default timeout before sending keepalives is 2 hours, which is far longer than the timeout used by NAT routers, which seems to be 30 minutes. Now that pounce sends its own PINGs to idle clients approximately every 15 minutes, these TCP keepalive settings are unnecessary.
2021-10-03Intercept client PONGC. McEnroe1-0/+6
Since pounce responds to server PINGs itself and doesn't relay them to clients, the only PING a client could be responding to is one of pounce's, in which case it doesn't make sense to relay the PONG to the server.
2021-10-03Send PING to idle clients after 15 minutesC. McEnroe1-6/+16
This is to keep TCP connections to clients from being idle for more than 15 minutes, since regular PINGs from the server are answered by pounce and not relayed to clients. Note that there is still no timeout on poll(2) unless there are need clients. We assume that we are receiving (and swallowing) regular PINGs from the server at an interval shorter than 15 minutes, so a poll(2) timeout would be pointless.
2021-10-03Track client idle timeC. McEnroe2-0/+4
Bumped on both send and receive.
2021-10-02Log IRC to standard output with -vC. McEnroe5-7/+14
So that it can actually be logged to a file separate from any errors or status messages. Also make sure only LF is used when logging.
2021-09-06Explain what pounce does and some of how it works in READMEC. McEnroe1-6/+26
That opening paragraph was severely lacking for a README.
2021-09-05Document DIAGNOSTICSC. McEnroe1-0/+33
2021-09-05Avoid logging that a new consumer dropped messagesC. McEnroe1-4/+6
A new consumer is obviously expected to have dropped a huge number of messages.
2021-09-05Use EX_USAGE for all local configuration errorsC. McEnroe3-5/+5
2021-09-05Expand on -s size optionC. McEnroe1-0/+4
2021-09-05Clarify parts of the manualC. McEnroe1-22/+39
Most importantly, call out both times that it's IRC usernames pounce cares about, not nicknames.
2021-09-03OpenBSD: Drop inet pledge when using unix socketC. McEnroe1-1/+1
calico is passing us sockets it already accepted, so we don't need inet anymore.
2021-09-03OpenBSD: Drop no longer needed unveils and pledge promisesC. McEnroe1-20/+10
2021-09-03Reorder file loading in mainC. McEnroe1-11/+10
2021-09-02Be nice and call tls_close(3) on the serverC. McEnroe3-0/+8
2021-09-02Separate client QUIT and ERROR messagesC. McEnroe1-4/+2
So each can be logged properly with its prefix.
2021-09-02Remove redundant clientDiff functionC. McEnroe3-8/+3
2021-09-02OpenBSD: pledge(2) the genCert code pathC. McEnroe1-1/+7
2021-09-02OpenBSD: pledge(2) the hashPass code pathC. McEnroe1-1/+3
2021-09-02OpenBSD: pledge(2) printCert code path separatelyC. McEnroe1-7/+11
Ported from catgirl.
2021-09-02Call serverConfig() with NULLs for -oC. McEnroe1-2/+2
Always use insecure, and trust, clientCert, clientPriv are irrelevant for printing the remote certificate.
2021-09-02Read from /dev/urandom instead of using getentropy(3)C. McEnroe1-9/+5
getentropy(3) is kind of an awkward function. May as well be generic as possible and read some random bytes from /dev/urandom, since for -x we don't really need to worry about being in some execution environment where that's unavailable. I'm also happy to remove that special-case include for macOS since its crypt(3) isn't even usable anyway.
2021-08-31Separate stateSync intro messagesC. McEnroe1-8/+13
So each message can be logged with its prefix. All other calls to clientFormat and serverFormat write one message at a time.
2021-08-30Correct handling of colons in SASL PLAINC. McEnroe1-12/+11
Only the first colon should be replaced with a null byte.
2021-08-28Declare producer staticC. McEnroe1-1/+1
2021-08-28Use CapBits as length of FiltersC. McEnroe1-1/+1
This should hopefully prevent accidentally using CapSomething rather than CapSomethingBit as an index in the future.
2021-08-21Don't create new tls_server(3), just reconfigureC. McEnroe1-2/+1
2021-08-21Zero local-key memory before freeing itC. McEnroe1-0/+1
2021-08-21Avoid overwriting manual AWAY messagesC. McEnroe3-1/+15
Setting an AWAY message then disconnecting will no longer replace the AWAY message with the default one. Reconnecting continues to always clear AWAY.
2021-08-20Replace verbose colors with two types of arrowsC. McEnroe3-14/+11
While the colors were easy to identify in blocks, the meaning of arrows is easier to remember, and survive logs being pasted for debugging.
2021-08-20Explicitly clear TLS secrets after handshakeC. McEnroe1-2/+3
Ported from catgirl ae64d277b8204c156a30d2e8b6a958e5a31f2a7f.
2021-08-20Handle TLS_WANT_POLL{IN,OUT} from tls_handshake(3) with serverC. McEnroe1-1/+3
2021-08-20Use "secure" libtls ciphersC. McEnroe1-5/+1
Ported from catgirl: commit 585039fb6e5097cfd16bc083c6d1c9356b237882 Author: Klemens Nanni <klemens@posteo.de> Date: Sun Jun 20 14:42:10 2021 +0000 Use "secure" libtls ciphers d3e90b6 'Use libtls "compat" ciphers' from 2018 fell back to "compat" ciphers to support irc.mozilla.org which now yields NXDOMAIN. All modern networks (should) support secure ciphers, so drop the hopefully unneeded list of less secure ciphers by avoiding tls_config_set_ciphers(3) and therefore sticking to the "secure" aka. "default" set of ciphers in libtls. A quick check shows that almost all of the big/known IRC networks support TLS1.3 already; those who do not at least comply with SSL_CTX_set_cipher_list(3)'s "HIGH" set as can be tested like this: echo \ irc.hackint.org \ irc.tilde.chat \ irc.libera.chat \ irc.efnet.nl \ irc.oftc.net | xargs -tn1 \ openssl s_client -quiet -cipher HIGH -no_ign_eof -port 6697 -host
2021-07-08Use seprintf to build final 005C. McEnroe1-3/+5
Rather than causing a tls_write(3) for each remaining token.
2021-06-19Fix LDADD.crypt on DarwinC. McEnroe1-0/+1
2021-06-18Add -m mode option to set user modesC. McEnroe2-1/+10
2021-06-18Document channel keys in join optionC. McEnroe1-2/+4
2021-06-18Use | to separate flags from config optionsC. McEnroe1-30/+30
This lets mandoc generate tags for the option names as well, so you can ":t away" in less(1), for example, and anchor links in HTML output. The added No's prevent the equals signs from being part of the anchor links.
2021-06-18Stop referring to server-time as IRCv3.2C. McEnroe2-4/+4
IRCv3 has moved away from grouping specs together into versions like this. SASL is still referred to as IRCv3.2 because there are two different versions of that spec.
2021-06-17Add mailing list archive to READMEC. McEnroe1-0/+2
2021-06-10Stop accumulating ISUPPORT tokens once MOTD startsC. McEnroe1-0/+9
This avoids duplicating tokens when a client sends VERSION and the server responds with its 005s again.
2021-06-09Use seprintf for snip, removing strlcpynC. McEnroe1-21/+9
2021-06-09Use seprintf for reserializeC. McEnroe1-12/+7
2021-06-09Use seprintf for capListC. McEnroe1-8/+6
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-05 07:22:35 +0000