New upstream features:
- New ignore rule option, which prevents conversion to Unix socket.
- A way to increase the verbosity via the -v command line argument.
- Reams of log messages in addition to the FATAL errors we had so far.
- Use Syslog format for logging if stderr is a socket.
- Set FD_CLOEXEC on systemd socket file descriptors as soon as they're
associated.
Upstream fixes:
- Use right endian conversion functions in port matching.
- Pass is_unix to child socket on accept to prevent accidentally
replacing an already converted Unix socket by a new Unix socket. The
latter would be a socket that's not accepted, which would eventually
lead to an error.
- Correctly handle setsockopts used with other levels than SOL_SOCKET.
Upstream changes:
- Improve wording and add more descriptions in README and manpage.
- The implementation for fetching systemd sockets now no longer uses
libsystemd, thus the build-time dependency is no longer required.
- New serialiser for passing rules to the preloaded library in a more
compact form instead of using YAML, so it's less likely that we'll
hit the maximum stack size.
- Systemd sockets are now associated during rule initialisation and
thus behave more predictable in complex setups.
On our side, the dependency on systemd is only needed for running the
tests, as it uses the systemd-socket-activate helper. Socket association
is now done by ip2unix directly and doesn't rely on libsystemd anymore.
Built and tested on i686-linux and x86_64-linux.
Signed-off-by: aszlig <aszlig@nix.build>
Upstream changes:
- Fixed: Don't fail when building the manual with AsciiDoc and xmllint.
- Fixed: Some long options (--rule, --rules-file and --rules-data) were
ignored.
- Fixed: Manpage formatting is now more consistent.
- Added: A new --version command line argument for showing version
information.
With the new upstream release recommending to use AsciiDoc to generate
the manpage, I also switched to AsciiDoc instead of Asciidoctor. The
resulting manpage looks better in some ways (for example when definition
lists are used).
I also added an installCheckPhase to ensure that the manpage exists in
the resulting store path.
Signed-off-by: aszlig <aszlig@nix.build>
This tool was initially built specifically for nixcloud to prevent a few
annoying programs from binding to IP sockets.
While initially only accepting a JSON file as input, the tool now has a
proper command line interface and it's also generally usable to turn IP
sockets of any program into Unix sockets.
Another thing that might be even useful for NixOS modules is the
possibility to bend programs into using systemd socket activation.
Signed-off-by: aszlig <aszlig@nix.build>