vlmcsd-svn977-2016-07-13-Hotbird64

GNUmakefile

@@ -34,7 +34,7 @@ ifneq (,$(findstring darwin,$(TARGETPLATFORM)))
   UNIX := 1
 endif
 
-ifneq (,$(findstring androideabi,$(TARGETPLATFORM)))
+ifneq (,$(findstring android,$(TARGETPLATFORM)))
   ANDROID := 1
   UNIX := 1
   ELF := 1
@@ -139,6 +139,12 @@ ifeq ($(NOLIBS),1)
   NOLPTHREAD=1
 endif
 
+ifneq ($(NOLIBS),1)
+  ifeq ($(MINGW),1)
+    BASELDFLAGS += -lws2_32 -liphlpapi
+  endif
+endif 
+
 ifneq ($(NO_DNS),1)
   ifneq ($(ANDROID),1)
   ifneq ($(NOLRESOLV),1)
@@ -198,7 +204,7 @@ else
   STRIPFLAGS += -s
 endif
 
-LIBRARY_CFLAGS = -DSIMPLE_SOCKETS -DNO_TIMEOUT -DNO_SIGHUP -DNO_CL_PIDS -DNO_EXTENDED_PRODUCT_LIST -DNO_BASIC_PRODUCT_LIST -DNO_LOG -DNO_RANDOM_EPID -DNO_INI_FILE -DNO_INI_FILE -DNO_HELP -DNO_CUSTOM_INTERVALS -DNO_PID_FILE -DNO_USER_SWITCH -DNO_VERBOSE_LOG -DNO_LIMIT -DNO_VERSION_INFORMATION
+LIBRARY_CFLAGS = -DSIMPLE_SOCKETS -DNO_TIMEOUT -DNO_SIGHUP -DNO_CL_PIDS -DNO_EXTENDED_PRODUCT_LIST -DNO_BASIC_PRODUCT_LIST -DNO_LOG -DNO_RANDOM_EPID -DNO_INI_FILE -DNO_INI_FILE -DNO_HELP -DNO_CUSTOM_INTERVALS -DNO_PID_FILE -DNO_USER_SWITCH -DNO_VERBOSE_LOG -DNO_LIMIT -DNO_VERSION_INFORMATION -DNO_PRIVATE_IP_DETECT
 
 ifeq ($(FEATURES), embedded)
   BASECFLAGS += -DNO_HELP -DNO_USER_SWITCH -DNO_BASIC_PRODUCT_LIST -DNO_CUSTOM_INTERVALS -DNO_PID_FILE -DNO_VERBOSE_LOG -DNO_VERSION_INFORMATION
@@ -218,6 +224,10 @@ ifdef INI
   BASECFLAGS += -DINI_FILE=\"$(INI)\"
 endif
 
+ifeq ($(NO_GETIFADDRS), 1)
+  BASECFLAGS += -DNO_GETIFADDRS
+endif
+
 ifeq ($(THREADS), 1)
   BASECFLAGS += -DUSE_THREADS
 endif
@@ -340,6 +350,26 @@ else
   SRCS += network.c rpc.c  
 endif
 
+ifeq ($(GETIFADDRS),musl)
+ifneq ($(NO_GETIFADDRS),1)
+  BASECFLAGS += -DGETIFADDRS_MUSL
+  VLMCSD_SRCS += getifaddrs-musl.c
+  MULTI_SRCS += getifaddrs-musl.c
+  VLMCS_SRCS += getifaddrs-musl.c
+  DLL_SRCS += getifaddrs-musl.c
+  MULTI_OBJS += getifaddrs-musl.o
+endif
+endif
+
+ifeq ($(ANDROID),1)
+ifneq ($(NO_GETIFADDRS),1)
+  VLMCSD_SRCS += ifaddrs-android.c
+  MULTI_SRCS += ifaddrs-android.c
+  DLL_SRCS += ifaddrs-android.c
+  MULTI_OBJS += ifaddrs-android.o
+endif
+endif
+
 ifeq "$(WIN)" "1"
 	VLMCSD_SRCS += ntservice.c
 	MULTI_SRCS += ntservice.c
@@ -614,7 +644,7 @@ help:
 	@echo "    -DNO_LIMIT                   Don't support limiting concurrent clients in $(PROGRAM_NAME)."
 	@echo "    -DNO_SIGHUP                  Don't support SIGHUP handling in $(PROGRAM_NAME)."
 	@echo "    -DNO_VERSION_INFORMATION     Don't support displaying version information in $(PROGRAM_NAME) and $(CLIENT_NAME). Removes -V option."
-	@echo "    -DENABLE_DEPRECATED_OPTIONS  Enable command line options that provide compatibility with previous versions of $(PROGRAM_NAME)."
+	@echo "    -DNO_PRIVATE_IP_DETECT       Don't support protection against clients with public IP addresses in $(PROGRAM_NAME)"	
 	@echo ""
 	@echo "Troubleshooting options"
 	@echo "    CAT=1                        Combine all sources in a single in-memory file and compile directly to target."
@@ -627,6 +657,8 @@ help:
 	@echo "    NO_TIMEOUT=1                 Do not set timeouts for sockets (for systems that don't support it)."
 	@echo "    CHILD_HANDLER=1              Install a handler for SIGCHLD (for systems that don't support SA_NOCLDWAIT)."
 	@echo "    NO_DNS=1                     Compile $(CLIENT_NAME) without support for detecting KMS servers via DNS."
+	@echo "    NO_GETIFADDRS=1              Compile $(PROGRAM_NAME) without using getifaddrs()."
+	@echo "    GETIFADDRS=musl              Compile $(PROGRAM_NAME) with its own implementation of getifaddrs() based on musl."
 	@echo "    DNS_PARSER=internal          Use $(CLIENT_NAME) internal DNS parsing routines. No effect on MingW (native Windows)."
 	@echo ""
 	@echo "Other useful CFLAGS"

config.h

@@ -82,26 +82,6 @@
 
 
 
-/*
- * -------------------------------
- * Backward compatibility
- * -------------------------------
- */
-
-
-#if !defined(ENABLE_DEPRECATED_OPTIONS)
-/*
- * comment out the following line if you want vlmcsd no to support command line options
- * that have been present in previous versions of vlmcsd and are now obsolete
- */
-
-//#define ENABLE_DEPRECATED_OPTIONS
-
-#endif // ENABLE_DEPRECATED_OPTIONS
-
-
-
-
 /*
  * ----------------------------------------------------------------------------------------
  * Troubleshooting options. Please note that disabling features may also help troubleshooting.
@@ -556,6 +536,19 @@
 
 
 
+#ifndef NO_PRIVATE_IP_DETECT
+/*
+ * Disables the ability to protect vlmcsd against KMS requests from public IP addresses.
+ * Removes -o from the command line.
+ */
+
+//#define NO_PRIVATE_IP_DETECT
+
+#endif // NO_PRIVATE_IP_DETECT
+
+
+
+
 #ifndef NO_SOCKETS
 /*
  * Disables standalone startup of vlmcsd. If you use this config directive, you must start vlmcsd from an internet
@@ -634,7 +627,6 @@
 
 
 
-
 /* Don't change anything BELOW this line */
 
 

floppy/.config-busybox

@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Busybox version: 1.25.0.git
-# Thu Jun 16 21:09:56 2016
+# Sat Jun 18 02:37:59 2016
 #
 CONFIG_HAVE_DOT_CONFIG=y
 
@@ -614,8 +614,8 @@ CONFIG_FEATURE_DMESG_PRETTY=y
 # CONFIG_HWCLOCK is not set
 # CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS is not set
 # CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS is not set
-CONFIG_IPCRM=y
-CONFIG_IPCS=y
+# CONFIG_IPCRM is not set
+# CONFIG_IPCS is not set
 # CONFIG_LOSETUP is not set
 # CONFIG_LSPCI is not set
 # CONFIG_LSUSB is not set
@@ -778,12 +778,12 @@ CONFIG_PING=y
 CONFIG_PING6=y
 CONFIG_FEATURE_FANCY_PING=y
 CONFIG_WGET=y
-CONFIG_FEATURE_WGET_STATUSBAR=y
+# CONFIG_FEATURE_WGET_STATUSBAR is not set
 CONFIG_FEATURE_WGET_AUTHENTICATION=y
 CONFIG_FEATURE_WGET_LONG_OPTIONS=y
 CONFIG_FEATURE_WGET_TIMEOUT=y
-CONFIG_FEATURE_WGET_OPENSSL=y
-CONFIG_FEATURE_WGET_SSL_HELPER=y
+# CONFIG_FEATURE_WGET_OPENSSL is not set
+# CONFIG_FEATURE_WGET_SSL_HELPER is not set
 # CONFIG_WHOIS is not set
 CONFIG_FEATURE_IPV6=y
 # CONFIG_FEATURE_UNIX_LOCAL is not set

getifaddrs-musl.c

@@ -0,0 +1,263 @@
+#define _GNU_SOURCE
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include "ifaddrs-musl.h"
+//#include <syscall.h>
+#include <net/if.h>
+#include <netinet/in.h>
+#include "netlink-musl.h"
+
+#define IFADDRS_HASH_SIZE 64
+
+/* getifaddrs() reports hardware addresses with PF_PACKET that implies
+ * struct sockaddr_ll.  But e.g. Infiniband socket address length is
+ * longer than sockaddr_ll.ssl_addr[8] can hold. Use this hack struct
+ * to extend ssl_addr - callers should be able to still use it. */
+struct sockaddr_ll_hack {
+	unsigned short sll_family, sll_protocol;
+	int sll_ifindex;
+	unsigned short sll_hatype;
+	unsigned char sll_pkttype, sll_halen;
+	unsigned char sll_addr[24];
+};
+
+union sockany {
+	struct sockaddr sa;
+	struct sockaddr_ll_hack ll;
+	struct sockaddr_in v4;
+	struct sockaddr_in6 v6;
+};
+
+struct ifaddrs_storage {
+	struct ifaddrs ifa;
+	struct ifaddrs_storage *hash_next;
+	union sockany addr, netmask, ifu;
+	unsigned int index;
+	char name[IFNAMSIZ+1];
+};
+
+struct ifaddrs_ctx {
+	struct ifaddrs_storage *first;
+	struct ifaddrs_storage *last;
+	struct ifaddrs_storage *hash[IFADDRS_HASH_SIZE];
+};
+
+void freeifaddrs(struct ifaddrs *ifp)
+{
+	struct ifaddrs *n;
+	while (ifp) {
+		n = ifp->ifa_next;
+		free(ifp);
+		ifp = n;
+	}
+}
+
+static int __netlink_enumerate(int fd, unsigned int seq, int type, int af,
+	int (*cb)(void *ctx, struct nlmsghdr *h), void *ctx)
+{
+	struct nlmsghdr *h;
+	union {
+		uint8_t buf[8192];
+		struct {
+			struct nlmsghdr nlh;
+			struct rtgenmsg g;
+		} req;
+		struct nlmsghdr reply;
+	} u;
+	int r, ret;
+
+	memset(&u.req, 0, sizeof(u.req));
+	u.req.nlh.nlmsg_len = sizeof(u.req);
+	u.req.nlh.nlmsg_type = type;
+	u.req.nlh.nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST;
+	u.req.nlh.nlmsg_seq = seq;
+	u.req.g.rtgen_family = af;
+	r = send(fd, &u.req, sizeof(u.req), 0);
+	if (r < 0) return r;
+
+	while (1) {
+		r = recv(fd, u.buf, sizeof(u.buf), MSG_DONTWAIT);
+		if (r <= 0) return -1;
+		for (h = &u.reply; NLMSG_OK(h, (void*)&u.buf[r]); h = NLMSG_NEXT(h)) {
+			if (h->nlmsg_type == NLMSG_DONE) return 0;
+			if (h->nlmsg_type == NLMSG_ERROR) return -1;
+			ret = cb(ctx, h);
+			if (ret) return ret;
+		}
+	}
+}
+
+int __rtnetlink_enumerate(int link_af, int addr_af, int (*cb)(void *ctx, struct nlmsghdr *h), void *ctx)
+{
+	int fd, r;
+
+	fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+	if (fd < 0) return -1;
+	r = __netlink_enumerate(fd, 1, RTM_GETLINK, link_af, cb, ctx);
+	if (!r) r = __netlink_enumerate(fd, 2, RTM_GETADDR, addr_af, cb, ctx);
+	close(fd);
+	return r;
+}
+
+static void copy_addr(struct sockaddr **r, int af, union sockany *sa, void *addr, size_t addrlen, int ifindex)
+{
+	uint8_t *dst;
+	int len;
+
+	switch (af) {
+	case AF_INET:
+		dst = (uint8_t*) &sa->v4.sin_addr;
+		len = 4;
+		break;
+	case AF_INET6:
+		dst = (uint8_t*) &sa->v6.sin6_addr;
+		len = 16;
+		if (IN6_IS_ADDR_LINKLOCAL(addr) || IN6_IS_ADDR_MC_LINKLOCAL(addr))
+			sa->v6.sin6_scope_id = ifindex;
+		break;
+	default:
+		return;
+	}
+	if (addrlen < len) return;
+	sa->sa.sa_family = af;
+	memcpy(dst, addr, len);
+	*r = &sa->sa;
+}
+
+static void gen_netmask(struct sockaddr **r, int af, union sockany *sa, int prefixlen)
+{
+	uint8_t addr[16] = {0};
+	int i;
+
+	if (prefixlen > 8*sizeof(addr)) prefixlen = 8*sizeof(addr);
+	i = prefixlen / 8;
+	memset(addr, 0xff, i);
+	if (i < sizeof(addr)) addr[i++] = 0xff << (8 - (prefixlen % 8));
+	copy_addr(r, af, sa, addr, sizeof(addr), 0);
+}
+
+static void copy_lladdr(struct sockaddr **r, union sockany *sa, void *addr, size_t addrlen, int ifindex, unsigned short hatype)
+{
+	if (addrlen > sizeof(sa->ll.sll_addr)) return;
+	sa->ll.sll_family = AF_PACKET;
+	sa->ll.sll_ifindex = ifindex;
+	sa->ll.sll_hatype = hatype;
+	sa->ll.sll_halen = addrlen;
+	memcpy(sa->ll.sll_addr, addr, addrlen);
+	*r = &sa->sa;
+}
+
+static int netlink_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
+{
+	struct ifaddrs_ctx *ctx = pctx;
+	struct ifaddrs_storage *ifs, *ifs0;
+	struct ifinfomsg *ifi = NLMSG_DATA(h);
+	struct ifaddrmsg *ifa = NLMSG_DATA(h);
+	struct rtattr *rta;
+	int stats_len = 0;
+
+	if (h->nlmsg_type == RTM_NEWLINK) {
+		for (rta = NLMSG_RTA(h, sizeof(*ifi)); NLMSG_RTAOK(rta, h); rta = RTA_NEXT(rta)) {
+			if (rta->rta_type != IFLA_STATS) continue;
+			stats_len = RTA_DATALEN(rta);
+			break;
+		}
+	} else {
+		for (ifs0 = ctx->hash[ifa->ifa_index % IFADDRS_HASH_SIZE]; ifs0; ifs0 = ifs0->hash_next)
+			if (ifs0->index == ifa->ifa_index)
+				break;
+		if (!ifs0) return 0;
+	}
+
+	ifs = calloc(1, sizeof(struct ifaddrs_storage) + stats_len);
+	if (ifs == 0) return -1;
+
+	if (h->nlmsg_type == RTM_NEWLINK) {
+		ifs->index = ifi->ifi_index;
+		ifs->ifa.ifa_flags = ifi->ifi_flags;
+
+		for (rta = NLMSG_RTA(h, sizeof(*ifi)); NLMSG_RTAOK(rta, h); rta = RTA_NEXT(rta)) {
+			switch (rta->rta_type) {
+			case IFLA_IFNAME:
+				if (RTA_DATALEN(rta) < sizeof(ifs->name)) {
+					memcpy(ifs->name, RTA_DATA(rta), RTA_DATALEN(rta));
+					ifs->ifa.ifa_name = ifs->name;
+				}
+				break;
+			case IFLA_ADDRESS:
+				copy_lladdr(&ifs->ifa.ifa_addr, &ifs->addr, RTA_DATA(rta), RTA_DATALEN(rta), ifi->ifi_index, ifi->ifi_type);
+				break;
+			case IFLA_BROADCAST:
+				copy_lladdr(&ifs->ifa.ifa_broadaddr, &ifs->ifu, RTA_DATA(rta), RTA_DATALEN(rta), ifi->ifi_index, ifi->ifi_type);
+				break;
+			case IFLA_STATS:
+				ifs->ifa.ifa_data = (void*)(ifs+1);
+				memcpy(ifs->ifa.ifa_data, RTA_DATA(rta), RTA_DATALEN(rta));
+				break;
+			}
+		}
+		if (ifs->ifa.ifa_name) {
+			unsigned int bucket = ifs->index % IFADDRS_HASH_SIZE;
+			ifs->hash_next = ctx->hash[bucket];
+			ctx->hash[bucket] = ifs;
+		}
+	} else {
+		ifs->ifa.ifa_name = ifs0->ifa.ifa_name;
+		ifs->ifa.ifa_flags = ifs0->ifa.ifa_flags;
+		for (rta = NLMSG_RTA(h, sizeof(*ifa)); NLMSG_RTAOK(rta, h); rta = RTA_NEXT(rta)) {
+			switch (rta->rta_type) {
+			case IFA_ADDRESS:
+				/* If ifa_addr is already set we, received an IFA_LOCAL before
+				 * so treat this as destination address */
+				if (ifs->ifa.ifa_addr)
+					copy_addr(&ifs->ifa.ifa_dstaddr, ifa->ifa_family, &ifs->ifu, RTA_DATA(rta), RTA_DATALEN(rta), ifa->ifa_index);
+				else
+					copy_addr(&ifs->ifa.ifa_addr, ifa->ifa_family, &ifs->addr, RTA_DATA(rta), RTA_DATALEN(rta), ifa->ifa_index);
+				break;
+			case IFA_BROADCAST:
+				copy_addr(&ifs->ifa.ifa_broadaddr, ifa->ifa_family, &ifs->ifu, RTA_DATA(rta), RTA_DATALEN(rta), ifa->ifa_index);
+				break;
+			case IFA_LOCAL:
+				/* If ifa_addr is set and we get IFA_LOCAL, assume we have
+				 * a point-to-point network. Move address to correct field. */
+				if (ifs->ifa.ifa_addr) {
+					ifs->ifu = ifs->addr;
+					ifs->ifa.ifa_dstaddr = &ifs->ifu.sa;
+					memset(&ifs->addr, 0, sizeof(ifs->addr));
+				}
+				copy_addr(&ifs->ifa.ifa_addr, ifa->ifa_family, &ifs->addr, RTA_DATA(rta), RTA_DATALEN(rta), ifa->ifa_index);
+				break;
+			case IFA_LABEL:
+				if (RTA_DATALEN(rta) < sizeof(ifs->name)) {
+					memcpy(ifs->name, RTA_DATA(rta), RTA_DATALEN(rta));
+					ifs->ifa.ifa_name = ifs->name;
+				}
+				break;
+			}
+		}
+		if (ifs->ifa.ifa_addr)
+			gen_netmask(&ifs->ifa.ifa_netmask, ifa->ifa_family, &ifs->netmask, ifa->ifa_prefixlen);
+	}
+
+	if (ifs->ifa.ifa_name) {
+		if (!ctx->first) ctx->first = ifs;
+		if (ctx->last) ctx->last->ifa.ifa_next = &ifs->ifa;
+		ctx->last = ifs;
+	} else {
+		free(ifs);
+	}
+	return 0;
+}
+
+int getifaddrs(struct ifaddrs **ifap)
+{
+	struct ifaddrs_ctx _ctx, *ctx = &_ctx;
+	int r;
+	memset(ctx, 0, sizeof *ctx);
+	r = __rtnetlink_enumerate(AF_UNSPEC, AF_UNSPEC, netlink_msg_to_ifaddr, ctx);
+	if (r == 0) *ifap = &ctx->first->ifa;
+	else freeifaddrs(&ctx->first->ifa);
+	return r;
+}

ifaddrs-android.c

@@ -0,0 +1,600 @@
+/*
+Copyright (c) 2013, Kenneth MacKay
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include "ifaddrs-android.h"
+
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <net/if_arp.h>
+#include <netinet/in.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+
+typedef struct NetlinkList
+{
+    struct NetlinkList *m_next;
+    struct nlmsghdr *m_data;
+    unsigned int m_size;
+} NetlinkList;
+
+static int netlink_socket(void)
+{
+    int l_socket = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+    if(l_socket < 0)
+    {
+        return -1;
+    }
+    
+    struct sockaddr_nl l_addr;
+    memset(&l_addr, 0, sizeof(l_addr));
+    l_addr.nl_family = AF_NETLINK;
+    if(bind(l_socket, (struct sockaddr *)&l_addr, sizeof(l_addr)) < 0)
+    {
+        close(l_socket);
+        return -1;
+    }
+    
+    return l_socket;
+}
+
+static int netlink_send(int p_socket, int p_request)
+{
+    char l_buffer[NLMSG_ALIGN(sizeof(struct nlmsghdr)) + NLMSG_ALIGN(sizeof(struct rtgenmsg))];
+    memset(l_buffer, 0, sizeof(l_buffer));
+    struct nlmsghdr *l_hdr = (struct nlmsghdr *)l_buffer;
+    struct rtgenmsg *l_msg = (struct rtgenmsg *)NLMSG_DATA(l_hdr);
+    
+    l_hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*l_msg));
+    l_hdr->nlmsg_type = p_request;
+    l_hdr->nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST;
+    l_hdr->nlmsg_pid = 0;
+    l_hdr->nlmsg_seq = p_socket;
+    l_msg->rtgen_family = AF_UNSPEC;
+    
+    struct sockaddr_nl l_addr;
+    memset(&l_addr, 0, sizeof(l_addr));
+    l_addr.nl_family = AF_NETLINK;
+    return (sendto(p_socket, l_hdr, l_hdr->nlmsg_len, 0, (struct sockaddr *)&l_addr, sizeof(l_addr)));
+}
+
+static int netlink_recv(int p_socket, void *p_buffer, size_t p_len)
+{
+    struct msghdr l_msg;
+    struct iovec l_iov = { p_buffer, p_len };
+    struct sockaddr_nl l_addr;
+    //int l_result;
+
+    for(;;)
+    {
+        l_msg.msg_name = (void *)&l_addr;
+        l_msg.msg_namelen = sizeof(l_addr);
+        l_msg.msg_iov = &l_iov;
+        l_msg.msg_iovlen = 1;
+        l_msg.msg_control = NULL;
+        l_msg.msg_controllen = 0;
+        l_msg.msg_flags = 0;
+        int l_result = recvmsg(p_socket, &l_msg, 0);
+        
+        if(l_result < 0)
+        {
+            if(errno == EINTR)
+            {
+                continue;
+            }
+            return -2;
+        }
+        
+        if(l_msg.msg_flags & MSG_TRUNC)
+        { // buffer was too small
+            return -1;
+        }
+        return l_result;
+    }
+}
+
+static struct nlmsghdr *getNetlinkResponse(int p_socket, int *p_size, int *p_done)
+{
+    size_t l_size = 4096;
+    void *l_buffer = NULL;
+    
+    for(;;)
+    {
+        free(l_buffer);
+        l_buffer = malloc(l_size);
+        
+        int l_read = netlink_recv(p_socket, l_buffer, l_size);
+        *p_size = l_read;
+        if(l_read == -2)
+        {
+            free(l_buffer);
+            return NULL;
+        }
+        if(l_read >= 0)
+        {
+            pid_t l_pid = getpid();
+            struct nlmsghdr *l_hdr;
+            for(l_hdr = (struct nlmsghdr *)l_buffer; NLMSG_OK(l_hdr, (unsigned int)l_read); l_hdr = (struct nlmsghdr *)NLMSG_NEXT(l_hdr, l_read))
+            {
+                if((pid_t)l_hdr->nlmsg_pid != l_pid || (int)l_hdr->nlmsg_seq != p_socket)
+                {
+                    continue;
+                }
+                
+                if(l_hdr->nlmsg_type == NLMSG_DONE)
+                {
+                    *p_done = 1;
+                    break;
+                }
+                
+                if(l_hdr->nlmsg_type == NLMSG_ERROR)
+                {
+                    free(l_buffer);
+                    return NULL;
+                }
+            }
+            return l_buffer;
+        }
+        
+        l_size *= 2;
+    }
+}
+
+static NetlinkList *newListItem(struct nlmsghdr *p_data, unsigned int p_size)
+{
+    NetlinkList *l_item = malloc(sizeof(NetlinkList));
+    l_item->m_next = NULL;
+    l_item->m_data = p_data;
+    l_item->m_size = p_size;
+    return l_item;
+}
+
+static void freeResultList(NetlinkList *p_list)
+{
+    NetlinkList *l_cur;
+    while(p_list)
+    {
+        l_cur = p_list;
+        p_list = p_list->m_next;
+        free(l_cur->m_data);
+        free(l_cur);
+    }
+}
+
+static NetlinkList *getResultList(int p_socket, int p_request)
+{
+    if(netlink_send(p_socket, p_request) < 0)
+    {
+        return NULL;
+    }
+
+    NetlinkList *l_list = NULL;
+    NetlinkList *l_end = NULL;
+    int l_size;
+    int l_done = 0;
+    while(!l_done)
+    {
+        struct nlmsghdr *l_hdr = getNetlinkResponse(p_socket, &l_size, &l_done);
+        if(!l_hdr)
+        { // error
+            freeResultList(l_list);
+            return NULL;
+        }
+        
+        NetlinkList *l_item = newListItem(l_hdr, l_size);
+        if(!l_list)
+        {
+            l_list = l_item;
+        }
+        else
+        {
+            l_end->m_next = l_item;
+        }
+        l_end = l_item;
+    }
+    return l_list;
+}
+
+static size_t maxSize(size_t a, size_t b)
+{
+    return (a > b ? a : b);
+}
+
+static size_t calcAddrLen(sa_family_t p_family, int p_dataSize)
+{
+    switch(p_family)
+    {
+        case AF_INET:
+            return sizeof(struct sockaddr_in);
+        case AF_INET6:
+            return sizeof(struct sockaddr_in6);
+        case AF_PACKET:
+            return maxSize(sizeof(struct sockaddr_ll), offsetof(struct sockaddr_ll, sll_addr) + p_dataSize);
+        default:
+            return maxSize(sizeof(struct sockaddr), offsetof(struct sockaddr, sa_data) + p_dataSize);
+    }
+}
+
+static void makeSockaddr(sa_family_t p_family, struct sockaddr *p_dest, void *p_data, size_t p_size)
+{
+    switch(p_family)
+    {
+        case AF_INET:
+            memcpy(&((struct sockaddr_in*)p_dest)->sin_addr, p_data, p_size);
+            break;
+        case AF_INET6:
+            memcpy(&((struct sockaddr_in6*)p_dest)->sin6_addr, p_data, p_size);
+            break;
+        case AF_PACKET:
+            memcpy(((struct sockaddr_ll*)p_dest)->sll_addr, p_data, p_size);
+            ((struct sockaddr_ll*)p_dest)->sll_halen = p_size;
+            break;
+        default:
+            memcpy(p_dest->sa_data, p_data, p_size);
+            break;
+    }
+    p_dest->sa_family = p_family;
+}
+
+static void addToEnd(struct ifaddrs **p_resultList, struct ifaddrs *p_entry)
+{
+    if(!*p_resultList)
+    {
+        *p_resultList = p_entry;
+    }
+    else
+    {
+        struct ifaddrs *l_cur = *p_resultList;
+        while(l_cur->ifa_next)
+        {
+            l_cur = l_cur->ifa_next;
+        }
+        l_cur->ifa_next = p_entry;
+    }
+}
+
+static void interpretLink(struct nlmsghdr *p_hdr, struct ifaddrs **p_links, struct ifaddrs **p_resultList)
+{
+    struct ifinfomsg *l_info = (struct ifinfomsg *)NLMSG_DATA(p_hdr);
+
+    size_t l_nameSize = 0;
+    size_t l_addrSize = 0;
+    size_t l_dataSize = 0;
+    
+    size_t l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifinfomsg));
+    struct rtattr *l_rta;
+    for(l_rta = (struct rtattr *)(((char *)l_info) + NLMSG_ALIGN(sizeof(struct ifinfomsg))); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize))
+    {
+        //void *l_rtaData = RTA_DATA(l_rta);
+        size_t l_rtaDataSize = RTA_PAYLOAD(l_rta);
+        switch(l_rta->rta_type)
+        {
+            case IFLA_ADDRESS:
+            case IFLA_BROADCAST:
+                l_addrSize += NLMSG_ALIGN(calcAddrLen(AF_PACKET, l_rtaDataSize));
+                break;
+            case IFLA_IFNAME:
+                l_nameSize += NLMSG_ALIGN(l_rtaSize + 1);
+                break;
+            case IFLA_STATS:
+                l_dataSize += NLMSG_ALIGN(l_rtaSize);
+                break;
+            default:
+                break;
+        }
+    }
+    
+    struct ifaddrs *l_entry = malloc(sizeof(struct ifaddrs) + l_nameSize + l_addrSize + l_dataSize);
+    memset(l_entry, 0, sizeof(struct ifaddrs));
+    l_entry->ifa_name = "";
+    
+    char *l_name = ((char *)l_entry) + sizeof(struct ifaddrs);
+    char *l_addr = l_name + l_nameSize;
+    char *l_data = l_addr + l_addrSize;
+    
+    l_entry->ifa_flags = l_info->ifi_flags;
+    
+    l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifinfomsg));
+    for(l_rta = (struct rtattr *)(((char *)l_info) + NLMSG_ALIGN(sizeof(struct ifinfomsg))); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize))
+    {
+        void *l_rtaData = RTA_DATA(l_rta);
+        size_t l_rtaDataSize = RTA_PAYLOAD(l_rta);
+        switch(l_rta->rta_type)
+        {
+            case IFLA_ADDRESS:
+            case IFLA_BROADCAST:
+            {
+                size_t l_addrLen = calcAddrLen(AF_PACKET, l_rtaDataSize);
+                makeSockaddr(AF_PACKET, (struct sockaddr *)l_addr, l_rtaData, l_rtaDataSize);
+                ((struct sockaddr_ll *)l_addr)->sll_ifindex = l_info->ifi_index;
+                ((struct sockaddr_ll *)l_addr)->sll_hatype = l_info->ifi_type;
+                if(l_rta->rta_type == IFLA_ADDRESS)
+                {
+                    l_entry->ifa_addr = (struct sockaddr *)l_addr;
+                }
+                else
+                {
+                    l_entry->ifa_broadaddr = (struct sockaddr *)l_addr;
+                }
+                l_addr += NLMSG_ALIGN(l_addrLen);
+                break;
+            }
+            case IFLA_IFNAME:
+                strncpy(l_name, l_rtaData, l_rtaDataSize);
+                l_name[l_rtaDataSize] = '\0';
+                l_entry->ifa_name = l_name;
+                break;
+            case IFLA_STATS:
+                memcpy(l_data, l_rtaData, l_rtaDataSize);
+                l_entry->ifa_data = l_data;
+                break;
+            default:
+                break;
+        }
+    }
+    
+    addToEnd(p_resultList, l_entry);
+    p_links[l_info->ifi_index - 1] = l_entry;
+}
+
+static void interpretAddr(struct nlmsghdr *p_hdr, struct ifaddrs **p_links, struct ifaddrs **p_resultList)
+{
+    struct ifaddrmsg *l_info = (struct ifaddrmsg *)NLMSG_DATA(p_hdr);
+
+    size_t l_nameSize = 0;
+    size_t l_addrSize = 0;
+    
+    int l_addedNetmask = 0;
+    
+    size_t l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifaddrmsg));
+    struct rtattr *l_rta;
+    for(l_rta = (struct rtattr *)(((char *)l_info) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize))
+    {
+        //void *l_rtaData = RTA_DATA(l_rta);
+        size_t l_rtaDataSize = RTA_PAYLOAD(l_rta);
+        if(l_info->ifa_family == AF_PACKET)
+        {
+            continue;
+        }
+        
+        switch(l_rta->rta_type)
+        {
+            case IFA_ADDRESS:
+            case IFA_LOCAL:
+                if((l_info->ifa_family == AF_INET || l_info->ifa_family == AF_INET6) && !l_addedNetmask)
+                { // make room for netmask
+                    l_addrSize += NLMSG_ALIGN(calcAddrLen(l_info->ifa_family, l_rtaDataSize));
+                    l_addedNetmask = 1;
+                }
+            case IFA_BROADCAST:
+                l_addrSize += NLMSG_ALIGN(calcAddrLen(l_info->ifa_family, l_rtaDataSize));
+                break;
+            case IFA_LABEL:
+                l_nameSize += NLMSG_ALIGN(l_rtaSize + 1);
+                break;
+            default:
+                break;
+        }
+    }
+    
+    struct ifaddrs *l_entry = malloc(sizeof(struct ifaddrs) + l_nameSize + l_addrSize);
+    memset(l_entry, 0, sizeof(struct ifaddrs));
+    l_entry->ifa_name = p_links[l_info->ifa_index - 1]->ifa_name;
+    
+    char *l_name = ((char *)l_entry) + sizeof(struct ifaddrs);
+    char *l_addr = l_name + l_nameSize;
+    
+    l_entry->ifa_flags = l_info->ifa_flags | p_links[l_info->ifa_index - 1]->ifa_flags;
+    
+    l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifaddrmsg));
+    for(l_rta = (struct rtattr *)(((char *)l_info) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize))
+    {
+        void *l_rtaData = RTA_DATA(l_rta);
+        size_t l_rtaDataSize = RTA_PAYLOAD(l_rta);
+        switch(l_rta->rta_type)
+        {
+            case IFA_ADDRESS:
+            case IFA_BROADCAST:
+            case IFA_LOCAL:
+            {
+                size_t l_addrLen = calcAddrLen(l_info->ifa_family, l_rtaDataSize);
+                makeSockaddr(l_info->ifa_family, (struct sockaddr *)l_addr, l_rtaData, l_rtaDataSize);
+                if(l_info->ifa_family == AF_INET6)
+                {
+                    if(IN6_IS_ADDR_LINKLOCAL((struct in6_addr *)l_rtaData) || IN6_IS_ADDR_MC_LINKLOCAL((struct in6_addr *)l_rtaData))
+                    {
+                        ((struct sockaddr_in6 *)l_addr)->sin6_scope_id = l_info->ifa_index;
+                    }
+                }
+                
+                if(l_rta->rta_type == IFA_ADDRESS)
+                { // apparently in a point-to-point network IFA_ADDRESS contains the dest address and IFA_LOCAL contains the local address
+                    if(l_entry->ifa_addr)
+                    {
+                        l_entry->ifa_dstaddr = (struct sockaddr *)l_addr;
+                    }
+                    else
+                    {
+                        l_entry->ifa_addr = (struct sockaddr *)l_addr;
+                    }
+                }
+                else if(l_rta->rta_type == IFA_LOCAL)
+                {
+                    if(l_entry->ifa_addr)
+                    {
+                        l_entry->ifa_dstaddr = l_entry->ifa_addr;
+                    }
+                    l_entry->ifa_addr = (struct sockaddr *)l_addr;
+                }
+                else
+                {
+                    l_entry->ifa_broadaddr = (struct sockaddr *)l_addr;
+                }
+                l_addr += NLMSG_ALIGN(l_addrLen);
+                break;
+            }
+            case IFA_LABEL:
+                strncpy(l_name, l_rtaData, l_rtaDataSize);
+                l_name[l_rtaDataSize] = '\0';
+                l_entry->ifa_name = l_name;
+                break;
+            default:
+                break;
+        }
+    }
+    
+    if(l_entry->ifa_addr && (l_entry->ifa_addr->sa_family == AF_INET || l_entry->ifa_addr->sa_family == AF_INET6))
+    {
+        unsigned l_maxPrefix = (l_entry->ifa_addr->sa_family == AF_INET ? 32 : 128);
+        unsigned l_prefix = (l_info->ifa_prefixlen > l_maxPrefix ? l_maxPrefix : l_info->ifa_prefixlen);
+        char l_mask[16] = {0};
+        unsigned i;
+        for(i=0; i<(l_prefix/8); ++i)
+        {
+            l_mask[i] = 0xff;
+        }
+        l_mask[i] = 0xff << (8 - (l_prefix % 8));
+        
+        makeSockaddr(l_entry->ifa_addr->sa_family, (struct sockaddr *)l_addr, l_mask, l_maxPrefix / 8);
+        l_entry->ifa_netmask = (struct sockaddr *)l_addr;
+    }
+    
+    addToEnd(p_resultList, l_entry);
+}
+
+static void interpret(int p_socket, NetlinkList *p_netlinkList, struct ifaddrs **p_links, struct ifaddrs **p_resultList)
+{
+    pid_t l_pid = getpid();
+    for(; p_netlinkList; p_netlinkList = p_netlinkList->m_next)
+    {
+        unsigned int l_nlsize = p_netlinkList->m_size;
+        struct nlmsghdr *l_hdr;
+        for(l_hdr = p_netlinkList->m_data; NLMSG_OK(l_hdr, l_nlsize); l_hdr = NLMSG_NEXT(l_hdr, l_nlsize))
+        {
+            if((pid_t)l_hdr->nlmsg_pid != l_pid || (int)l_hdr->nlmsg_seq != p_socket)
+            {
+                continue;
+            }
+            
+            if(l_hdr->nlmsg_type == NLMSG_DONE)
+            {
+                break;
+            }
+            
+            if(l_hdr->nlmsg_type == RTM_NEWLINK)
+            {
+                interpretLink(l_hdr, p_links, p_resultList);
+            }
+            else if(l_hdr->nlmsg_type == RTM_NEWADDR)
+            {
+                interpretAddr(l_hdr, p_links, p_resultList);
+            }
+        }
+    }
+}
+
+static unsigned countLinks(int p_socket, NetlinkList *p_netlinkList)
+{
+    unsigned l_links = 0;
+    pid_t l_pid = getpid();
+    for(; p_netlinkList; p_netlinkList = p_netlinkList->m_next)
+    {
+        unsigned int l_nlsize = p_netlinkList->m_size;
+        struct nlmsghdr *l_hdr;
+        for(l_hdr = p_netlinkList->m_data; NLMSG_OK(l_hdr, l_nlsize); l_hdr = NLMSG_NEXT(l_hdr, l_nlsize))
+        {
+            if((pid_t)l_hdr->nlmsg_pid != l_pid || (int)l_hdr->nlmsg_seq != p_socket)
+            {
+                continue;
+            }
+            
+            if(l_hdr->nlmsg_type == NLMSG_DONE)
+            {
+                break;
+            }
+            
+            if(l_hdr->nlmsg_type == RTM_NEWLINK)
+            {
+                ++l_links;
+            }
+        }
+    }
+    
+    return l_links;
+}
+
+int getifaddrs(struct ifaddrs **ifap)
+{
+    if(!ifap)
+    {
+        return -1;
+    }
+    *ifap = NULL;
+    
+    int l_socket = netlink_socket();
+    if(l_socket < 0)
+    {
+        return -1;
+    }
+    
+    NetlinkList *l_linkResults = getResultList(l_socket, RTM_GETLINK);
+    if(!l_linkResults)
+    {
+        close(l_socket);
+        return -1;
+    }
+    
+    NetlinkList *l_addrResults = getResultList(l_socket, RTM_GETADDR);
+    if(!l_addrResults)
+    {
+        close(l_socket);
+        freeResultList(l_linkResults);
+        return -1;
+    }
+    
+    unsigned l_numLinks = countLinks(l_socket, l_linkResults) + countLinks(l_socket, l_addrResults);
+    struct ifaddrs *l_links[l_numLinks];
+    memset(l_links, 0, l_numLinks * sizeof(struct ifaddrs *));
+    
+    interpret(l_socket, l_linkResults, l_links, ifap);
+    interpret(l_socket, l_addrResults, l_links, ifap);
+
+    freeResultList(l_linkResults);
+    freeResultList(l_addrResults);
+    close(l_socket);
+    return 0;
+}
+
+void freeifaddrs(struct ifaddrs *ifa)
+{
+    struct ifaddrs *l_cur;
+    while(ifa)
+    {
+        l_cur = ifa;
+        ifa = ifa->ifa_next;
+        free(l_cur);
+    }
+}

ifaddrs-android.h

@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1995, 1999
+ *	Berkeley Software Design, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Berkeley Software Design, Inc. ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL Berkeley Software Design, Inc. BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	BSDI ifaddrs.h,v 2.5 2000/02/23 14:51:59 dab Exp
+ */
+
+#if !__ANDROID__
+#error ifaddrs-android only works with Android
+#endif
+
+#ifndef	_IFADDRS_H_
+#define	_IFADDRS_H_
+
+struct ifaddrs {
+	struct ifaddrs  *ifa_next;
+	char		*ifa_name;
+	unsigned int	 ifa_flags;
+	struct sockaddr	*ifa_addr;
+	struct sockaddr	*ifa_netmask;
+	struct sockaddr	*ifa_dstaddr;
+	void		*ifa_data;
+};
+
+/*
+ * This may have been defined in <net/if.h>.  Note that if <net/if.h> is
+ * to be included it must be included before this header file.
+ */
+#ifndef	ifa_broadaddr
+#define	ifa_broadaddr	ifa_dstaddr	/* broadcast address interface */
+#endif
+
+#include <sys/cdefs.h>
+
+__BEGIN_DECLS
+extern int getifaddrs(struct ifaddrs **ifap);
+extern void freeifaddrs(struct ifaddrs *ifa);
+__END_DECLS
+
+#endif

ifaddrs-musl.h

@@ -0,0 +1,43 @@
+#ifndef _IFADDRS_H
+#define _IFADDRS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if !__linux__
+#error ifaddrs-musl.h only works with a Linux kernel
+#endif
+
+#if __ANDROID__
+#error ifaddrs-musl.h does not work with Android
+#endif
+
+#include <features.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+
+struct ifaddrs {
+	struct ifaddrs *ifa_next;
+	char *ifa_name;
+	unsigned ifa_flags;
+	struct sockaddr *ifa_addr;
+	struct sockaddr *ifa_netmask;
+	union {
+		struct sockaddr *ifu_broadaddr;
+		struct sockaddr *ifu_dstaddr;
+	} ifa_ifu;
+	void *ifa_data;
+};
+#define ifa_broadaddr ifa_ifu.ifu_broadaddr
+#define ifa_dstaddr ifa_ifu.ifu_dstaddr
+
+void freeifaddrs(struct ifaddrs *ifp);
+int getifaddrs(struct ifaddrs **ifap);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+

make_freebsd

@@ -30,8 +30,8 @@ rm *.o
 strip -s --strip-unneeded --remove-section=.eh_frame_hdr --remove-section=.eh_frame --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag vlmcs-* vlmcsd-* vlmcsdmulti-*
 sstrip -z vlmcs-* vlmcsd-* vlmcsdmulti-*
 
-sudo cp -af vlmcsd-FreeBSD-10.3-x86-gcc /usr/local/sbin/vlmcsd
-sudo cp -af vlmcs-FreeBSD-10.3-x86-gcc /usr/local/bin/vlmcs
+sudo cp -af vlmcsd-FreeBSD-10.3-x64-gcc /usr/local/sbin/vlmcsd
+sudo cp -af vlmcs-FreeBSD-10.3-x64-gcc /usr/local/bin/vlmcs
 
 # Copy everything to distribution server
 scp -p vlmcsdmulti-* vlmcsd-Free* vlmcs-* root@ubuntu64:x/binaries/FreeBSD/intel/

make_kfreebsd

@@ -18,6 +18,9 @@ export MULTI_NAME=vlmcsdmulti-FreeBSD-10.1-x64-glibc
 
 make $MAKEFLAGS CFLAGS="$CF -m64" LDFLAGS="$LF" CAT=2 allmulti
 
+cp -af $PROGRAM_NAME /usr/local/sbin/vlmcsd
+cp -af $CLIENT_NAME /usr/local/bin/vlmcs
+
 export PROGRAM_NAME=vlmcsd-FreeBSD-10.1-x86-glibc
 export CLIENT_NAME=vlmcs-FreeBSD-10.1-x86-glibc
 export MULTI_NAME=vlmcsdmulti-FreeBSD-10.1-x86-glibc
@@ -26,9 +29,6 @@ make $MAKEFLAGS CFLAGS="$CF -m32" LDFLAGS="$LF" CAT=2 allmulti
 
 sstrip -z vlmcs-* vlmcsd-* vlmcsdmulti-*
 
-cp -af $PROGRAM_NAME /usr/local/sbin/vlmcsd
-cp -af $CLIENT_NAME /usr/local/bin/vlmcs
-
 # Copy man pages
 mkdir -p /usr/local/man/man1 2>/dev/null
 mkdir -p /usr/local/man/man5 2>/dev/null

make_linux

@@ -78,7 +78,7 @@ export THREADS=1
 export CFLAGS="$SMALLCC"
 export CC=i686-w64-mingw32-gcc
 export PLATFORMFLAGS="-march=i686 -mtune=generic -fwhole-program -pipe"
-export LDFLAGS="-lws2_32 -Wl,--gc-sections,--force-exe-suffix,--large-address-aware,--nxcompat,--dynamicbase,--tsaware,--no-seh,--disable-long-section-names"
+export LDFLAGS="-Wl,--gc-sections,--force-exe-suffix,--large-address-aware,--nxcompat,--dynamicbase,--tsaware,--no-seh,--disable-long-section-names"
 export FEATURES=full
 
 make $MAKEFLAGS CRYPTO=windows CAT=2 all $MULTI_NAME
@@ -139,7 +139,7 @@ export THREADS=1
 export CFLAGS="$SMALLCC"
 export CC=x86_64-w64-mingw32-gcc
 export PLATFORMFLAGS="-march=nocona -mtune=generic -fwhole-program -pipe"
-export LDFLAGS="-lws2_32 -Wl,--gc-sections,--force-exe-suffix,--nxcompat,--dynamicbase,--tsaware,--no-seh,--high-entropy-va,--disable-long-section-names"
+export LDFLAGS="-Wl,--gc-sections,--force-exe-suffix,--nxcompat,--dynamicbase,--tsaware,--no-seh,--high-entropy-va,--disable-long-section-names"
 
 make $MAKEFLAGS CAT=2 CRYPTO=windows all $MULTI_NAME
 
@@ -202,7 +202,7 @@ export LDFLAGS="-fwhole-program -Wl,-z,norelro"
 export THREADS=0
 #export TERMINAL_WIDTH=80
 
-make $MAKEFLAGS NO_DNS=1 SAFE_MODE=1 allmulti
+make $MAKEFLAGS GETIFADDRS=musl NO_DNS=1 SAFE_MODE=1 allmulti
 
 if [ $? != 0 ]; then
   echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@@ -214,7 +214,7 @@ export PROGRAM_NAME=binaries/Linux/mips/little-endian/static/vlmcsd-mips1el-toma
 export MULTI_NAME=binaries/Linux/mips/little-endian/static/vlmcsdmulti-mips1el-tomato-uclibc-static
 export LDFLAGS="$LDFLAGS -static"
 
-make NO_DNS=1 SAFE_MODE=1 $REUSEOBJFLAGS allmulti
+make NO_DNS=1 SAFE_MODE=1 GETIFADDRS=musl $REUSEOBJFLAGS allmulti
 
 if [ $? != 0 ]; then
   echo Error creating $MULTI_NAME
@@ -1727,7 +1727,7 @@ export LDFLAGS="-Wl,-z,norelro -fwhole-program"
 export THREADS=0
 export NOPROCFS=1
 
-make $MAKEFLAGS SAFE_MODE=1 allmulti
+make $MAKEFLAGS GETIFADDRS=musl SAFE_MODE=1 allmulti
 
 if [ $? != 0 ]; then
   echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@@ -1740,7 +1740,7 @@ export CLIENT_NAME=${INSTALLDIR}static/vlmcs${SUFFIX}-static
 export MULTI_NAME=${INSTALLDIR}static/vlmcsdmulti${SUFFIX}-static
 export LDFLAGS="-Wl,-z,norelro -fwhole-program -static"
 
-make $REUSEOBJFLAGS SAFE_MODE=1 allmulti
+make $REUSEOBJFLAGS GETIFADDRS=musl SAFE_MODE=1 allmulti
 
 if [ $? != 0 ]; then
   echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@@ -1817,7 +1817,7 @@ export THREADS=0
 export CRYPTO=internal
 export NOPROCFS=1
 
-make $MAKEFLAGS SAFE_MODE=1 allmulti
+make $MAKEFLAGS GETIFADDRS=musl SAFE_MODE=1 allmulti
 
 if [ $? != 0 ]; then
   echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@@ -1830,7 +1830,7 @@ export CLIENT_NAME=${INSTALLDIR}static/vlmcs${SUFFIX}-static
 export MULTI_NAME=${INSTALLDIR}static/vlmcsdmulti${SUFFIX}-static
 export LDFLAGS="-Wl,-z,norelro -fwhole-program -static"
 
-make $REUSEOBJFLAGS SAFE_MODE=1 allmulti
+make $REUSEOBJFLAGS GETIFADDRS=musl SAFE_MODE=1 allmulti
 
 if [ $? != 0 ]; then
   echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@@ -1906,7 +1906,7 @@ export LDFLAGS="$SMALLLD"
 export THREADS=0
 export CRYPTO=internal
 
-make $MAKEFLAGS allmulti
+make $MAKEFLAGS GETIFADDRS=musl allmulti
 
 if [ $? != 0 ]; then
   echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@@ -1918,7 +1918,7 @@ export CLIENT_NAME=${INSTALLDIR}static/vlmcs${SUFFIX}-static
 export MULTI_NAME=${INSTALLDIR}static/vlmcsdmulti${SUFFIX}-static
 export LDFLAGS="$SMALLLD -static"
 
-make $REUSEOBJFLAGS allmulti
+make $REUSEOBJFLAGS GETIFADDRS=musl allmulti
 
 if [ $? != 0 ]; then
   echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@@ -1942,7 +1942,7 @@ export LDFLAGS="$SMALLLD"
 export THREADS=0
 export CRYPTO=internal
 
-make NOLRESOLV=1 $MAKEFLAGS allmulti
+make NOLRESOLV=1 GETIFADDRS=musl $MAKEFLAGS allmulti
 
 if [ $? != 0 ]; then
   echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@@ -1954,7 +1954,7 @@ export CLIENT_NAME=${INSTALLDIR}static/vlmcs${SUFFIX}-static
 export MULTI_NAME=${INSTALLDIR}static/vlmcsdmulti${SUFFIX}-static
 export LDFLAGS="$SMALLLD -static"
 
-make NOLRESOLV=1 $REUSEOBJFLAGS allmulti
+make NOLRESOLV=1 GETIFADDRS=musl $REUSEOBJFLAGS allmulti
 
 if [ $? != 0 ]; then
   echo Error creating $CLIENT_NAME and/or $PROGRAM_NAME
@@ -2665,7 +2665,7 @@ export LDFLAGS="-fwhole-program"
 export THREADS=0
 export CRYPTO=internal
 
-make $MAKEFLAGS CAT=2 SAFE_MODE=1 $PROGRAM_NAME $MULTI_NAME $CLIENT_NAME
+make $MAKEFLAGS GETIFADDRS=musl CAT=2 SAFE_MODE=1 $PROGRAM_NAME $MULTI_NAME $CLIENT_NAME
 
 if [ $? != 0 ]; then
   echo Error creating $PROGRAM_NAME, $MULTI_NAME and/or $CLIENT_NAME
@@ -2677,7 +2677,7 @@ export CLIENT_NAME=${INSTALLDIR}static/vlmcs${SUFFIX}-static
 export MULTI_NAME=${INSTALLDIR}static/vlmcsdmulti${SUFFIX}-static
 export LDFLAGS="-fwhole-program -static"
 
-make $REUSEOBJFLAGS CAT=2 SAFE_MODE=1 $PROGRAM_NAME $MULTI_NAME $CLIENT_NAME
+make $REUSEOBJFLAGS GETIFADDRS=musl CAT=2 SAFE_MODE=1 $PROGRAM_NAME $MULTI_NAME $CLIENT_NAME
 
 if [ $? != 0 ]; then
   echo Error creating $PROGRAM_NAME, $MULTI_NAME and/or $CLIENT_NAME
@@ -2765,7 +2765,7 @@ export CFLAGS="$SMALLCC"
 export LDFLAGS="-Wl,-z,norelo"
 export THREADS=0
 
-make $MAKEFLAGS SAFE_MODE=1 CAT=2 $CLIENT_NAME $PROGRAM_NAME $MULTI_NAME
+make $MAKEFLAGS GETIFADDRS=musl SAFE_MODE=1 CAT=2 $CLIENT_NAME $PROGRAM_NAME $MULTI_NAME
 
 if [ $? != 0 ]; then
   echo Error creating $CLIENT_NAME, $MULTI_NAME and/or $PROGRAM_NAME
@@ -2777,7 +2777,7 @@ export CLIENT_NAME=${INSTALLDIR}static/vlmcs${SUFFIX}-static
 export MULTI_NAME=${INSTALLDIR}static/vlmcsdmulti${SUFFIX}-static
 export LDFLAGS="-Wl,-z,norelo -static"
 
-make $REUSEOBJFLAGS SAFE_MODE=1 CAT=2 $CLIENT_NAME $PROGRAM_NAME $MULTI_NAME
+make $REUSEOBJFLAGS GETIFADDRS=musl SAFE_MODE=1 CAT=2 $CLIENT_NAME $PROGRAM_NAME $MULTI_NAME
 
 if [ $? != 0 ]; then
   echo Error creating $CLIENT_NAME, $MULTI_NAME and/or $PROGRAM_NAME

make_windows

@@ -11,17 +11,17 @@ CFMSRPC="-Wno-missing-braces -Wno-unused-variable $CF" # -fno-common -fno-stack-
 PF32=""
 PF64="-mpreferred-stack-boundary=4 -march=nocona -mtune=generic"
 LFCYG32="-fwhole-program -Wl,--nxcompat,--dynamicbase,--tsaware,--large-address-aware,--disable-long-section-names"
-LFWIN32="-fwhole-program -lws2_32 -Wl,--nxcompat,--dynamicbase,--tsaware,--large-address-aware,--disable-long-section-names"
+LFWIN32="-fwhole-program -Wl,--nxcompat,--dynamicbase,--tsaware,--large-address-aware,--disable-long-section-names"
 LFCYG64="-fwhole-program -Wl,--nxcompat,--dynamicbase,--tsaware,--disable-long-section-names,--high-entropy-va"
-LFWIN64="-fwhole-program -lws2_32 -Wl,--nxcompat,--dynamicbase,--tsaware,--disable-long-section-names,--high-entropy-va"
+LFWIN64="-fwhole-program -Wl,--nxcompat,--dynamicbase,--tsaware,--disable-long-section-names,--high-entropy-va"
 
 MAKEFLAGS="-j$NUMCPU -B"
 REUSEFLAGS="-j$NUMCPU"
 
 make $MAKEFLAGS cygkms32.dll FEATURES=minimum THREADS=1 DLL_NAME=cygkms32.dll DNS_PARSER=internal CC=i686-pc-cygwin-gcc.exe CFLAGS="$CF -flto=jobserver -fvisibility=hidden" PLATFORMFLAGS="$PF32" LDFLAGS="$LFCYG32 -Wl,--no-seh"
 make $MAKEFLAGS cygkms64.dll FEATURES=minimum THREADS=1 DLL_NAME=cygkms64.dll DNS_PARSER=internal CC=x86_64-pc-cygwin-gcc.exe CFLAGS="$CF -flto=jobserver -fvisibility=hidden" PLATFORMFLAGS="$PF64" LDFLAGS="$LFCYG64 -Wl,--no-seh"
-make $MAKEFLAGS all vlmcsdmulti-cygwin-x86 THREADS=1 DNS_PARSER=internal CLIENT_NAME=vlmcs-cygwin-x86 PROGRAM_NAME=vlmcsd-cygwin-x86 MULTI_NAME=vlmcsdmulti-cygwin-x86 CC=i686-pc-cygwin-gcc.exe CFLAGS="$CF" PLATFORMFLAGS="$PF32" LDFLAGS="$LFCYG32 -Wl,--no-seh"
-make $MAKEFLAGS all vlmcsdmulti-cygwin-x64 THREADS=1 DNS_PARSER=internal CLIENT_NAME=vlmcs-cygwin-x64 PROGRAM_NAME=vlmcsd-cygwin-x64 MULTI_NAME=vlmcsdmulti-cygwin-x64 CC=x86_64-pc-cygwin-gcc.exe CFLAGS="$CF" PLATFORMFLAGS="$PF64" LDFLAGS="$LFCYG64 -Wl,--no-seh"
+make $MAKEFLAGS allmulti THREADS=1 DNS_PARSER=internal CLIENT_NAME=vlmcs-cygwin-x86 PROGRAM_NAME=vlmcsd-cygwin-x86 MULTI_NAME=vlmcsdmulti-cygwin-x86 CC=i686-pc-cygwin-gcc.exe CFLAGS="$CF" PLATFORMFLAGS="$PF32" LDFLAGS="$LFCYG32 -Wl,--no-seh"
+make $MAKEFLAGS allmulti THREADS=1 DNS_PARSER=internal CLIENT_NAME=vlmcs-cygwin-x64 PROGRAM_NAME=vlmcsd-cygwin-x64 MULTI_NAME=vlmcsdmulti-cygwin-x64 CC=x86_64-pc-cygwin-gcc.exe CFLAGS="$CF" PLATFORMFLAGS="$PF64" LDFLAGS="$LFCYG64 -Wl,--no-seh"
 make $MAKEFLAGS MSRPC=1 THREADS=1 DNS_PARSER=internal CLIENT_NAME=vlmcs-cygwin-msrpc-x86 PROGRAM_NAME=vlmcsd-cygwin-msrpc-x86 MULTI_NAME=vlmcsdmulti-cygwin-msrpc-x86 CC=i686-pc-cygwin-gcc.exe CFLAGS="$CF -fasynchronous-unwind-tables" PLATFORMFLAGS="$PF32" LDFLAGS="$LFCYG32"
 make $MAKEFLAGS MSRPC=1 THREADS=1 DNS_PARSER=internal CLIENT_NAME=vlmcs-cygwin-msrpc-x64 PROGRAM_NAME=vlmcsd-cygwin-msrpc-x64 MULTI_NAME=vlmcsdmulti-cygwin-msrpc-x64 CC=x86_64-pc-cygwin-gcc.exe CFLAGS="$CFMSRPC" PLATFORMFLAGS="$PF64" LDFLAGS="$LFCYG64"
 unset CAT
@@ -50,7 +50,7 @@ rm -f *_all.* *.o 2> /dev/null &
 echo ""
 echo "Copying MingW binaries from distribution server"
 
-scp -p root@ubuntu64:x/binaries/Windows/intel/* .
+scp -p root@ubuntu64:x/binaries/Windows/intel/*Windows* root@ubuntu64:x/binaries/Windows/intel/libkms* .
 
 echo ""
 echo "Installing binaries"

msrpc-server.c

@@ -9,6 +9,10 @@
 #error MSRPC is only available with native Windows or Cygwin
 #endif
 
+#if _WIN32 && !defined(NO_PRIVATE_IP_DETECT)
+#include <winsock2.h>
+#endif
+
 #include "msrpc-server.h"
 #include "output.h"
 #include "kms.h"
@@ -157,6 +161,56 @@ RPC_STATUS getClientIp(const RPC_BINDING_HANDLE clientBinding, RPC_CSTR *ipAddre
 #endif // NO_LOG
 
 
+#ifndef NO_PRIVATE_IP_DETECT
+static int_fast8_t IsPrivateIPAddress(char* ipAddress)
+{
+	int family = strchr(ipAddress,'.') ? AF_INET : AF_INET6;
+
+	switch(family)
+	{
+		case AF_INET:
+		{
+			int i;
+			char* current;
+			char* next;
+			uint32_t ip;
+
+			for (ip = 0, i = 0, current = ipAddress; i < 4; i++, current = next + 1)
+			{
+				ip = (ip << 8) | strtoul(current, &next, 10);
+				if (*next != '.') break;
+			}
+
+			if
+			(
+				(ip & 0xff000000) == 0x7f000000 || // 127.x.x.x localhost
+				(ip & 0xffff0000) == 0xc0a80000 || // 192.168.x.x private routeable
+				(ip & 0xffff0000) == 0xa9fe0000 || // 169.254.x.x link local
+				(ip & 0xff000000) == 0x0a000000 || // 10.x.x.x private routeable
+				(ip & 0xfff00000) == 0xac100000    // 172.16-31.x.x private routeable
+			)
+			{
+				return TRUE;
+			}
+
+			break;
+		}
+
+		case AF_INET6:
+		{
+			if (!strcmp(ipAddress, "::1")) return TRUE;
+			if (strchr(ipAddress, ':') - ipAddress != 4) break;
+
+			int16_t firstWord;
+			hex2bin((BYTE*)&firstWord, ipAddress, 2);
+			if ((BE16(firstWord) & 0xe000) != 0x2000) return TRUE;
+		}
+
+	}
+
+	return FALSE;
+}
+#endif // NO_PRIVATE_IP_DETECT
 
 /*
  * This is the callback function for the RPC request as defined in KMSServer.idl
@@ -177,6 +231,27 @@ int ProcessActivationRequest(handle_t IDL_handle, int requestSize, unsigned char
 
 #	endif // NO_LOG
 
+#	ifndef NO_PRIVATE_IP_DETECT
+	if (result && (PublicIPProtectionLevel & 2))
+	{
+#		ifndef NO_LOG
+		logger ("Cannot verify that client has a private IP address\n");
+#		endif
+
+		return RPC_S_ACCESS_DENIED;
+	}
+
+	if (!result && (PublicIPProtectionLevel & 2) && !IsPrivateIPAddress((char*)clientIpAddress))
+	{
+#		ifndef NO_LOG
+		logger("Client with public IP address rejected\n");
+#		endif
+
+		RpcStringFreeA(&clientIpAddress);
+		return RPC_S_ACCESS_DENIED;
+	}
+#	endif // NO_PRIVATE_IP_DETECT
+
 	// Discard any packet smaller than a v4 request
 	if (requestSize < (int)sizeof(REQUEST_V4))
 	{

netlink-musl.h

@@ -0,0 +1,107 @@
+#ifndef NETLINK_MUSL_H
+#define NETLINK_MUSL_H
+
+#if !__linux__
+#error netlink-musl.h only works with a linux kernel
+#endif
+
+#if __ANDROID__
+#error netlink-musl.h does not work with Android
+#endif
+
+#include <stdint.h>
+
+/* linux/netlink.h */
+
+#define NETLINK_ROUTE 0
+
+struct nlmsghdr {
+	uint32_t	nlmsg_len;
+	uint16_t	nlmsg_type;
+	uint16_t	nlmsg_flags;
+	uint32_t	nlmsg_seq;
+	uint32_t	nlmsg_pid;
+};
+
+#define NLM_F_REQUEST	1
+#define NLM_F_MULTI	2
+#define NLM_F_ACK	4
+
+#define NLM_F_ROOT	0x100
+#define NLM_F_MATCH	0x200
+#define NLM_F_ATOMIC	0x400
+#define NLM_F_DUMP	(NLM_F_ROOT|NLM_F_MATCH)
+
+#define NLMSG_NOOP	0x1
+#define NLMSG_ERROR	0x2
+#define NLMSG_DONE	0x3
+#define NLMSG_OVERRUN	0x4
+
+/* linux/rtnetlink.h */
+
+#define RTM_NEWLINK	16
+#define RTM_GETLINK	18
+#define RTM_NEWADDR	20
+#define RTM_GETADDR	22
+
+struct rtattr {
+	unsigned short	rta_len;
+	unsigned short	rta_type;
+};
+
+struct rtgenmsg {
+	unsigned char	rtgen_family;
+};
+
+struct ifinfomsg {
+	unsigned char	ifi_family;
+	unsigned char	__ifi_pad;
+	unsigned short	ifi_type;
+	int		ifi_index;
+	unsigned	ifi_flags;
+	unsigned	ifi_change;
+};
+
+/* linux/if_link.h */
+
+#define IFLA_ADDRESS	1
+#define IFLA_BROADCAST	2
+#define IFLA_IFNAME	3
+#define IFLA_STATS	7
+
+/* linux/if_addr.h */
+
+struct ifaddrmsg {
+	uint8_t		ifa_family;
+	uint8_t		ifa_prefixlen;
+	uint8_t		ifa_flags;
+	uint8_t		ifa_scope;
+	uint32_t	ifa_index;
+};
+
+#define IFA_ADDRESS	1
+#define IFA_LOCAL	2
+#define IFA_LABEL	3
+#define IFA_BROADCAST	4
+
+/* musl */
+
+#define NETLINK_ALIGN(len)	(((len)+3) & ~3)
+#define NLMSG_DATA(nlh)		((void*)((char*)(nlh)+sizeof(struct nlmsghdr)))
+#define NLMSG_DATALEN(nlh)	((nlh)->nlmsg_len-sizeof(struct nlmsghdr))
+#define NLMSG_DATAEND(nlh)	((char*)(nlh)+(nlh)->nlmsg_len)
+#define NLMSG_NEXT(nlh)		(struct nlmsghdr*)((char*)(nlh)+NETLINK_ALIGN((nlh)->nlmsg_len))
+#define NLMSG_OK(nlh,end)	((char*)(end)-(char*)(nlh) >= sizeof(struct nlmsghdr))
+
+#define RTA_DATA(rta)		((void*)((char*)(rta)+sizeof(struct rtattr)))
+#define RTA_DATALEN(rta)	((rta)->rta_len-sizeof(struct rtattr))
+#define RTA_DATAEND(rta)	((char*)(rta)+(rta)->rta_len)
+#define RTA_NEXT(rta)		(struct rtattr*)((char*)(rta)+NETLINK_ALIGN((rta)->rta_len))
+#define RTA_OK(nlh,end)		((char*)(end)-(char*)(rta) >= sizeof(struct rtattr))
+
+#define NLMSG_RTA(nlh,len)	((void*)((char*)(nlh)+sizeof(struct nlmsghdr)+NETLINK_ALIGN(len)))
+#define NLMSG_RTAOK(rta,nlh)	RTA_OK(rta,NLMSG_DATAEND(nlh))
+
+int __rtnetlink_enumerate(int link_af, int addr_af, int (*cb)(void *ctx, struct nlmsghdr *h), void *ctx);
+
+#endif // NETLINK_MUSL_H

network.c

@@ -9,14 +9,34 @@
 #define _GNU_SOURCE
 #endif
 
+#include "types.h"
+
+#if HAVE_GETIFADDR && _WIN32
+#include <iphlpapi.h>
+#endif
+
 #include <string.h>
+
 #ifndef _WIN32
 #include <signal.h>
 #include <unistd.h>
 #include <fcntl.h>
 #include <errno.h>
 #include <netinet/in.h>
-#endif // WIN32
+#include <sys/types.h>
+
+#if HAVE_GETIFADDR
+
+#if __ANDROID__
+#include "ifaddrs-android.h"
+#elif defined(GETIFADDRS_MUSL)
+#include "ifaddrs-musl.h"
+#else // getifaddrs from OS
+#include <ifaddrs.h>
+#endif // getifaddrs from OS
+
+#endif // HAVE_GETIFADDR
+#endif // !WIN32
 
 #include "network.h"
 #include "endian.h"
@@ -147,6 +167,69 @@ int_fast8_t isDisconnected(const SOCKET s)
 }
 
 
+#if !defined(NO_PRIVATE_IP_DETECT)
+// Check, if a sockaddr is a private IPv4 or IPv6 address
+static int_fast8_t isPrivateIPAddress(struct sockaddr* addr, socklen_t* length)
+{
+	union v6addr
+	{
+		uint8_t bytes[16];
+		uint16_t words[8];
+		uint32_t dwords[4];
+		uint64_t qwords[2];
+	};
+
+	if (addr == NULL) return FALSE;
+
+	switch (addr->sa_family)
+	{
+		case AF_INET6:
+		{
+			union v6addr* ipv6addr = (union v6addr*)&((struct sockaddr_in6*)addr)->sin6_addr;
+
+			if
+			(
+					(ipv6addr->qwords[0] != 0 || BE64(ipv6addr->qwords[1]) != 1) && // ::1 IPv6 localhost
+					(BE16(ipv6addr->words[0]) & 0xe000) == 0x2000 // !2000::/3
+			)
+			{
+				return FALSE;
+			}
+
+
+			if (length) *length = sizeof(struct sockaddr_in6);
+			break;
+		}
+
+		case AF_INET:
+		{
+			uint32_t ipv4addr = BE32(((struct sockaddr_in*)addr)->sin_addr.s_addr);
+
+			if
+			(
+				(ipv4addr & 0xff000000) != 0x7f000000 && // 127.x.x.x localhost
+				(ipv4addr & 0xffff0000) != 0xc0a80000 && // 192.168.x.x private routeable
+				(ipv4addr & 0xffff0000) != 0xa9fe0000 && // 169.254.x.x link local
+				(ipv4addr & 0xff000000) != 0x0a000000 && // 10.x.x.x private routeable
+				(ipv4addr & 0xfff00000) != 0xac100000    // 172.16-31.x.x private routeable
+			)
+			{
+				return FALSE;
+			}
+
+			if (length) *length = sizeof(struct sockaddr_in);
+			break;
+		}
+
+		default:
+			return FALSE;
+	}
+
+	return TRUE;
+}
+#endif // !defined(NO_PRIVATE_IP_DETECT)
+
+
 // Connect to TCP address addr (e.g. "kms.example.com:1688") and return an
 // open socket for the connection if successful or INVALID_SOCKET otherwise
 SOCKET connectToAddress(const char *const addr, const int AddressFamily, int_fast8_t showHostName)
@@ -290,6 +373,147 @@ int listenOnAllAddresses()
 #else // !SIMPLE_SOCKETS
 
 
+#if HAVE_GETIFADDR && !defined(NO_PRIVATE_IP_DETECT)
+// Get list of private IP addresses.
+// Returns 0 on success or an errno error code on failure
+void getPrivateIPAddresses(int* numAddresses, char*** ipAddresses)
+{
+#	if _WIN32
+
+	PIP_ADAPTER_ADDRESSES firstAdapter, currentAdapter;
+
+    DWORD dwRetVal = NO_ERROR;
+    ULONG outBufLen = 16384;
+    ULONG flags = GAA_FLAG_SKIP_MULTICAST | GAA_FLAG_SKIP_ANYCAST | GAA_FLAG_SKIP_DNS_SERVER | GAA_FLAG_SKIP_FRIENDLY_NAME;
+
+    firstAdapter = (PIP_ADAPTER_ADDRESSES)vlmcsd_malloc(outBufLen);
+
+    if ((dwRetVal = GetAdaptersAddresses(AF_UNSPEC, flags, NULL, firstAdapter, &outBufLen)) == ERROR_BUFFER_OVERFLOW)
+    {
+    	free(firstAdapter);
+    	firstAdapter = (PIP_ADAPTER_ADDRESSES)vlmcsd_malloc(outBufLen);
+    	dwRetVal = GetAdaptersAddresses(AF_UNSPEC, flags, NULL, firstAdapter, &outBufLen);
+    }
+
+	if (dwRetVal != NO_ERROR)
+	{
+		printerrorf("FATAL: Could not get network address list: %s\n", vlmcsd_strerror(dwRetVal));
+		exit(dwRetVal);
+	}
+
+	for (currentAdapter = firstAdapter, *numAddresses = 0; currentAdapter != NULL; currentAdapter = currentAdapter->Next)
+	{
+		PIP_ADAPTER_UNICAST_ADDRESS_XP currentAddress;
+		int length;
+
+		if (currentAdapter->OperStatus != IfOperStatusUp) continue;
+
+		for (currentAddress = currentAdapter->FirstUnicastAddress; currentAddress != NULL; currentAddress = currentAddress->Next)
+		{
+			if (isPrivateIPAddress(currentAddress->Address.lpSockaddr, &length)) (*numAddresses)++;
+		}
+	}
+
+	*ipAddresses = (char**)vlmcsd_malloc(*numAddresses * sizeof(char*));
+
+	for (currentAdapter = firstAdapter, *numAddresses = 0; currentAdapter != NULL; currentAdapter = currentAdapter->Next)
+	{
+		PIP_ADAPTER_UNICAST_ADDRESS_XP currentAddress;
+		int length;
+
+		if (currentAdapter->OperStatus != IfOperStatusUp) continue;
+
+		for (currentAddress = currentAdapter->FirstUnicastAddress; currentAddress != NULL; currentAddress = currentAddress->Next)
+		{
+			if (!isPrivateIPAddress(currentAddress->Address.lpSockaddr, &length)) continue;
+
+			char *ipAddress = (char*)vlmcsd_malloc(64);
+			int error = getnameinfo(currentAddress->Address.lpSockaddr, currentAddress->Address.iSockaddrLength, ipAddress, 64, NULL, 0, NI_NUMERICHOST);
+
+			if (error)
+			{
+				printerrorf("WARNING: Could not get IP address from interface list: %s\n", gai_strerror(error));
+				*ipAddress = 0;
+			}
+
+			(*ipAddresses)[(*numAddresses)++] = ipAddress;
+		}
+	}
+
+	free(firstAdapter);
+
+#	else // !_WIN32
+
+	struct ifaddrs *addrs, *addr;
+
+	if (getifaddrs(&addrs))
+	{
+		printerrorf("FATAL: Could not get network address list: %s\n", vlmcsd_strerror(errno));
+		exit(errno);
+	}
+
+	socklen_t length;
+
+	for (addr = addrs, *numAddresses = 0; addr != NULL; addr = addr->ifa_next)
+	{
+		if (!isPrivateIPAddress(addr->ifa_addr, &length)) continue;
+		(*numAddresses)++;
+	}
+
+	*ipAddresses = (char**)vlmcsd_malloc(*numAddresses * sizeof(char*));
+
+	for (addr = addrs, *numAddresses = 0; addr != NULL; addr = addr->ifa_next)
+	{
+		if (!isPrivateIPAddress(addr->ifa_addr, &length)) continue;
+
+		char *ipAddress = (char*)vlmcsd_malloc(64);
+		int error = getnameinfo(addr->ifa_addr, length, ipAddress, 64, NULL, 0, NI_NUMERICHOST);
+
+		if (error)
+		{
+			printerrorf("WARNING: Could not get IP address from interface list: %s\n", gai_strerror(error));
+			*ipAddress = 0;
+		}
+
+#		if __UCLIBC__ || __gnu_hurd__
+
+		size_t adrlen = strlen(ipAddress);
+
+		if
+		(
+			addr->ifa_addr->sa_family == AF_INET6 &&
+			adrlen > 5 &&
+			!strchr(ipAddress, '%') &&
+			(BE16(*(uint16_t*)&((struct sockaddr_in6*)addr->ifa_addr)->sin6_addr) & 0xffc0) == 0xfe80
+		)
+		{
+			size_t ifnamelen = strlen(addr->ifa_name);
+			char* workaroundIpAddress = (char*)vlmcsd_malloc(adrlen + ifnamelen + 2);
+			strcpy(workaroundIpAddress, ipAddress);
+			strcat(workaroundIpAddress, "%");
+			strcat(workaroundIpAddress, addr->ifa_name);
+			(*ipAddresses)[(*numAddresses)++] = workaroundIpAddress;
+			free(ipAddress);
+		}
+		else
+		{
+			(*ipAddresses)[(*numAddresses)++] = ipAddress;
+		}
+#		else // !__UCLIBC__
+
+		(*ipAddresses)[(*numAddresses)++] = ipAddress;
+
+#		endif // !__UCLIBC__
+	}
+
+	freeifaddrs(addrs);
+
+#	endif // !_WIN32
+}
+#endif // HAVE_GETIFADDR && !defined(NO_PRIVATE_IP_DETECT)
+
+
+
 // Create a Listening socket for addrinfo sa and return socket s
 // szHost and szPort are for logging only
 static int listenOnAddress(const struct addrinfo *const ai, SOCKET *s)
@@ -576,8 +800,25 @@ static void serveClient(const SOCKET s_client, const DWORD RpcAssocGroup)
 	logger(fIP, connection_type, cAccepted, ipstr);
 	#endif // NO_LOG
 
+#	if !defined(NO_PRIVATE_IP_DETECT)
+
+	if (!(PublicIPProtectionLevel & 2) || isPrivateIPAddress((struct sockaddr*)&addr, NULL))
+	{
+		rpcServer(s_client, RpcAssocGroup, ipstr);
+	}
+#	ifndef NO_LOG
+	else
+	{
+		logger("Client with public IP address rejected\n");
+	}
+#	endif // NO_LOG
+
+#   else // defined(NO_PRIVATE_IP_DETECT)
+
 	rpcServer(s_client, RpcAssocGroup, ipstr);
 
+#	endif // defined(NO_PRIVATE_IP_DETECT)
+
 #	ifndef NO_LOG
 	logger(fIP, connection_type, cClosed, ipstr);
 #	endif // NO_LOG

network.h

@@ -28,6 +28,10 @@ int listenOnAllAddresses();
 BOOL addListeningSocket(const char *const addr);
 __pure int_fast8_t checkProtocolStack(const int addressfamily);
 
+#if HAVE_GETIFADDR
+void getPrivateIPAddresses(int* numAddresses, char*** ipAddresses);
+#endif // HAVE_GETIFADDR
+
 #endif // NO_SOCKETS
 
 int runServer();

output.c

@@ -51,11 +51,14 @@ static void vlogger(const char *message, va_list args)
 	char mbstr[24];
 	#endif
 
-	strftime(mbstr, sizeof(mbstr), "%Y-%m-%d %X", localtime(&now));
+	if (LogDateAndTime)
+		strftime(mbstr, sizeof(mbstr), "%Y-%m-%d %X: ", localtime(&now));
+	else
+		*mbstr = 0;
 
 	#ifndef USE_THREADS
 
-	fprintf(log, "%s: ", mbstr);
+	fprintf(log, "%s", mbstr);
 	vfprintf(log, message, args);
 	fflush(log);
 
@@ -63,12 +66,11 @@ static void vlogger(const char *message, va_list args)
 
 	// We write everything to a string before we really log inside the critical section
 	// so formatting the output can be concurrent
-	strcat(mbstr, ": ");
 	int len = strlen(mbstr);
 	vsnprintf(mbstr + len, sizeof(mbstr) - len, message, args);
 
 	lock_mutex(&logmutex);
-	fputs(mbstr, log);
+	fprintf(log, "%s", mbstr);
 	fflush(log);
 	unlock_mutex(&logmutex);
 
@@ -616,6 +618,17 @@ void printServerFlags()
 		" NO_FREEBIND"
 #		endif //!HAVE_FREEBIND
 
+#		if !HAVE_GETIFADDR
+		" !HAVE_GETIFADDR"
+#		endif // !HAVE_GETIFADDR
+
+#		if HAVE_GETIFADDR && defined(GETIFADDRS_MUSL)
+		" GETIFADDRS=musl"
+#		endif // HAVE_GETIFADDR && defined(GETIFADDRS_MUSL)
+
+#		if defined(NO_PRIVATE_IP_DETECT)
+		" NO_PRIVATE_IP_DETECT"
+#		endif // defined(NO_PRIVATE_IP_DETECT)
 	);
 }
 #endif // NO_VERSION_INFORMATION

shared_globals.c

@@ -24,6 +24,10 @@ int_fast8_t UseRpcBTFN = TRUE;
 const char *defaultport = "1688";
 #endif // NO_SOCKETS
 
+#if !defined(NO_PRIVATE_IP_DETECT)
+uint32_t PublicIPProtectionLevel = 0;
+#endif
+
 KmsResponseParam_t KmsResponseParameters[MAX_KMSAPPS];
 
 #if !defined(NO_SOCKETS) && !defined(NO_SIGHUP) && !defined(_WIN32)
@@ -43,6 +47,7 @@ uint32_t MaxTasks = SEM_VALUE_MAX;
 #endif // !defined(NO_LIMIT) && !defined (NO_SOCKETS) && !__minix__
 
 #ifndef NO_LOG
+int_fast8_t LogDateAndTime = TRUE;
 char *fn_log = NULL;
 int_fast8_t logstdout = 0;
 #ifndef NO_VERBOSE_LOG

shared_globals.h

@@ -102,6 +102,10 @@ extern int_fast8_t UseRpcBTFN;
 extern const char *defaultport;
 #endif // NO_SOCKETS
 
+#if !defined(NO_PRIVATE_IP_DETECT)
+extern uint32_t PublicIPProtectionLevel;
+#endif
+
 #if !defined(NO_SOCKETS) && !defined(NO_SIGHUP) && !defined(_WIN32)
 extern int_fast8_t IsRestarted;
 #endif // !defined(NO_SOCKETS) && !defined(NO_SIGHUP) && !defined(_WIN32)
@@ -115,6 +119,7 @@ extern uint32_t MaxTasks;
 #endif // !defined(NO_LIMIT) && !defined (NO_SOCKETS) && !__minix__
 
 #ifndef NO_LOG
+extern int_fast8_t LogDateAndTime;
 extern char *fn_log;
 extern int_fast8_t logstdout;
 #ifndef NO_VERBOSE_LOG

types.h

@@ -47,6 +47,10 @@
 #define HAVE_FREEBIND 1
 #endif
 
+#if !defined(NO_GETIFADDRS) && !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS) && !defined(NO_SOCKETS) && !defined(NO_PRIVATE_IP_DETECT) 
+#define HAVE_GETIFADDR 1
+#endif 
+
 #ifndef alloca
 #ifdef __GNUC__
 #define alloca(x) __builtin_alloca(x)

vlmcs.1.html

@@ -1,5 +1,5 @@
 <!-- Creator     : groff version 1.22.3 -->
-<!-- CreationDate: Fri Jun 17 14:16:33 2016 -->
+<!-- CreationDate: Wed Jul 13 12:34:01 2016 -->
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">
 <html>

vlmcsd-floppy.7.html

@@ -1,5 +1,5 @@
 <!-- Creator     : groff version 1.22.3 -->
-<!-- CreationDate: Fri Jun 17 16:39:15 2016 -->
+<!-- CreationDate: Wed Jul 13 12:34:02 2016 -->
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">
 <html>

vlmcsd.7.html

@@ -1,5 +1,5 @@
 <!-- Creator     : groff version 1.22.3 -->
-<!-- CreationDate: Fri Jun 17 14:16:33 2016 -->
+<!-- CreationDate: Wed Jul 13 12:34:01 2016 -->
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">
 <html>

vlmcsd.8

@@ -1,5 +1,5 @@
 .mso www.tmac
-.TH VLMCSD 8 "June 2016" "Hotbird64" "KMS Activation Manual"
+.TH VLMCSD 8 "July 2016" "Hotbird64" "KMS Activation Manual"
 .LO 8
 
 .SH NAME
@@ -39,6 +39,31 @@ If no port is specified, vlmcsd uses the default port according to a preceding \
 .IP
 If you specify a link local IPv6 address (fe80::/10, usually starting with fe80::), it must be followed by a percent sign (%) and a scope id (=network interface name or number) on most unixoid OSses including Linux, Android, MacOS X and iOS, e.g. fe80::1234:56ff:fe78:9abc\fB%eth0\fR or [fe80::1234:56ff:fe78:9abc\fB%2\fR]:1688. Windows (including cygwin) does not require a scope id unless the same link local address is used on more than one network interface. Windows does not accept a name and the scope id must be a number.
 
+.IP "\fB-o \fIlevel\fR"
+Sets the \fIlevel\fR of protection against activations from public IP addresses. The default is \fB-o0\fR for no protection.
+
+\fB-o1\fR causes vlmcsd not to listen on all IP addresses but on private IP addresses only. IPv4 addresses in the 100.64.0.0/10 range (see RFC6598) are not treated as private since they can be reached from other users of your ISP. Private IPv4 addresses are 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 and 127.0.0.0/8. vlmcsd treats all IPv6 addresses not within 2000::/3 as private addresses.
+
+If \fB-o1\fR is combined with \fB-L\fR, it will listen on all private IP addresses plus the ones specified by one or more \fB-L\fR statements. If \fB-o1\fR is combined with \fB-P\fR, only the last \fB-P\fR statement will be used.
+
+Using \fB-o1\fR does not protect you if you enable NAT port forwarding on your router to your vlmcsd machine. It is identical to using multiple -L statements with all of your private IP addresses. What \fB-o1\fR does for you, is automatically enumerating your private IP addresses.
+
+\fB-o2\fR does not affect the interfaces, vlmcsd is listening on. When a clients connects, vlmcsd immediately drops the connection if the client has a public IP address. Unlike \fB-o1\fR clients will be able to establish a TCP connection but it will be closed without a single byte sent over the connection. This protects against clients with public IP addresses even if NAT port forwarding is used. While \fB-o2\fR offers a higher level of protection than \fB-o1\fR, the client sees that the KMS TCP port (1688 by default) is actually accepting connections.
+
+\fB-o3\fR combines \fB-o1\fR and \fB-o2\fR. vlmcsd listens on private interfaces only and if a public client manages to connect anyway due to NAT port forwarding, it will be immediately dropped.
+
+If you use any form of TCP level port forwarding (e.g. \fBnc\fR(1), \fBnetcat\fR(1), \fBssh\fR(1) port forwarding or similar) to redirect KMS requests to vlmcsd, there will be no protection even if you use \fB-o2\fR or \fB-o3\fR. This is due to the simple fact that vlmcsd sees the IP address of the redirector and not the IP address of the client.
+
+\fB-o1\fR (and thus \fB-o3\fR) is not (yet) available in some scenarios:
+
+.RS 12
+FreeBSD: There is a longtime unfixed
+.URL https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881 bug ""
+in the 32-bit ABI of the 64-bit kernel. If you have a 64-bit FreeBSD kernel, you must run the 64-bit version of vlmcsd if you use \fB-o1\fR or \fB-o3\fR. The 32-bit version causes undefined behavior up to crashing vlmcsd. Other BSDs (NetBSD, OpenBSD, Dragonfly and Mac OS X) work correctly.
+
+If vlmcsd was started by an internet superserver or was compiled to use Microsoft RPC (Windows only) or simple sockets, \fB-o1\fR and \fB-o3\fR are not available by design.
+.RE
+
 .IP "\fB-P\fR \fIport"
 Use TCP \fIport\fR for all subsequent \fB-L\fR statements that do not include an optional port. If you use \fB-P\fR and \fB-L\fR, \fB-P\fR must be specified before \fB-L\fR.
 
@@ -70,6 +95,9 @@ type tail -f \fIfile\fR.
 .IP
 If you use the special \fIfilename\fR "syslog", vlmcsd uses \fBsyslog\fR(3) for logging. If your system has no syslog service (/dev/log) installed, logging output will go to /dev/console. Syslog logging is not available in the native Windows version. The Cygwin version does support syslog logging.
 
+.IP "\fB-T0\fR and \fB-T1\fR"
+Disable (\fB-T0\fR) or enable (\fB-T1\fR) the inclusion of date and time in each line of the log. The default is \fB-T1\fR. \fB-T0\fR is useful if you log to \fBstdout\fR(3) which is redirected to another logging mechanism that already includes date and time in its output, for instance \fBsystemd-journald\fR(8). If you log to \fBsyslog\fR(3), \fB-T1\fR is ignored and date and time will never be included in the output sent to \fBsyslog\fR(3).
+
 .IP "\fB-D\fR"
 Normally vlmcsd daemonizes and runs in background (except the native Windows version). If \fB-D\fR is specified, vlmcsd does not daemonize and runs in foreground. This is useful for testing and allows you to simply press <Ctrl-C> to exit vlmcsd.
 .PP
@@ -225,7 +253,7 @@ Office, Project and Visio must be volume license versions.
 .IP "\fBvlmcsd.ini\fR(5)"
 
 .SH EXAMPLES
-.IP "\fBvlmcsd -f\fR"
+.IP "\fBvlmcsd -De\fR"
 Starts \fBvlmcsd\fR in foreground. Useful if you use it for the first time and want to see what's happening when a client requests activation.
 
 .IP "\fBvlmcsd -l /var/log/vlmcsd.log\fR"

vlmcsd.8.dos.txt

@@ -84,55 +84,114 @@ OPTIONS
               accept a name and the scope id must be a number.
 
 
+       -o level
+              Sets the level of protection against activations from public  IP
+              addresses. The default is -o0 for no protection.
+
+              -o1  causes vlmcsd not to listen on all IP addresses but on pri‐
+              vate IP addresses only.  IPv4  addresses  in  the  100.64.0.0/10
+              range (see RFC6598) are not treated as private since they can be
+              reached from other users of your ISP. Private IPv4 addresses are
+              10.0.0.0/8,  172.16.0.0/12,  192.168.0.0/16,  169.254.0.0/16 and
+              127.0.0.0/8.  vlmcsd  treats  all  IPv6  addresses  not   within
+              2000::/3 as private addresses.
+
+              If  -o1  is  combined  with -L, it will listen on all private IP
+              addresses plus the ones specified by one or more -L  statements.
+              If  -o1  is combined with -P, only the last -P statement will be
+              used.
+
+              Using -o1 does not protect you if you enable NAT port forwarding
+              on  your router to your vlmcsd machine. It is identical to using
+              multiple -L statements with all of your  private  IP  addresses.
+              What -o1 does for you, is automatically enumerating your private
+              IP addresses.
+
+              -o2 does not affect the interfaces, vlmcsd is listening on. When
+              a  clients  connects, vlmcsd immediately drops the connection if
+              the client has a public IP address. Unlike -o1 clients  will  be
+              able to establish a TCP connection but it will be closed without
+              a single byte sent over the connection.  This  protects  against
+              clients  with public IP addresses even if NAT port forwarding is
+              used. While -o2 offers a higher level of  protection  than  -o1,
+              the client sees that the KMS TCP port (1688 by default) is actu‐
+              ally accepting connections.
+
+              -o3 combines -o1 and -o2. vlmcsd listens on  private  interfaces
+              only and if a public client manages to connect anyway due to NAT
+              port forwarding, it will be immediately dropped.
+
+              If you use any form of TCP level port  forwarding  (e.g.  nc(1),
+              netcat(1),  ssh(1)  port  forwarding or similar) to redirect KMS
+              requests to vlmcsd, there will be no protection even if you  use
+              -o2  or -o3. This is due to the simple fact that vlmcsd sees the
+              IP address of the redirector and  not  the  IP  address  of  the
+              client.
+
+              -o1 (and thus -o3) is not (yet) available in some scenarios:
+
+                   FreeBSD: There is a longtime unfixed bug ⟨https://
+                   bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881⟩  in   the
+                   32-bit ABI of the 64-bit kernel. If you have a 64-bit Free‐
+                   BSD kernel, you must run the 64-bit version  of  vlmcsd  if
+                   you  use  -o1  or  -o3. The 32-bit version causes undefined
+                   behavior up to crashing vlmcsd. Other BSDs  (NetBSD,  Open‐
+                   BSD, Dragonfly and Mac OS X) work correctly.
+
+                   If  vlmcsd  was  started  by an internet superserver or was
+                   compiled to use Microsoft  RPC  (Windows  only)  or  simple
+                   sockets, -o1 and -o3 are not available by design.
+
+
        -P port
-              Use TCP port for  all  subsequent  -L  statements  that  do  not
+              Use  TCP  port  for  all  subsequent  -L  statements that do not
               include an optional port. If you use -P and -L, -P must be spec‐
               ified before -L.
 
 
        -F0 and -F1
-              Allow (-F1) or disallow (-F0) binding to IP addresses  that  are
+              Allow  (-F1)  or disallow (-F0) binding to IP addresses that are
               currently not configured on your system. The default is -F0. -F1
               allows you to bind to an IP address that may be configured after
-              you  started  vlmcsd. vlmcsd will listen on that address as soon
-              as it becomes available. This feature is  only  available  under
-              Linux  (IPv4  and  IPv6) and FreeBSD (IPv4 only). FreeBSD allows
-              this feature only for the root user (more  correctly:  processes
-              that  have  the  PRIV_NETINET_BINDANY privilege). Linux does not
+              you started vlmcsd. vlmcsd will listen on that address  as  soon
+              as  it  becomes  available. This feature is only available under
+              Linux (IPv4 and IPv6) and FreeBSD (IPv4  only).  FreeBSD  allows
+              this  feature  only for the root user (more correctly: processes
+              that have the PRIV_NETINET_BINDANY privilege).  Linux  does  not
               require a capability for this.
 
 
        -t seconds
-              Timeout the TCP connection with the client  after  seconds  sec‐
-              onds.  After  sending  an  activation request. RPC keeps the TCP
+              Timeout  the  TCP  connection with the client after seconds sec‐
+              onds. After sending an activation request.  RPC  keeps  the  TCP
               connection for a while. The default is 30 seconds. You may spec‐
-              ify  a  shorter period to free ressources on your device faster.
-              This is useful for devices with limited main memory  or  if  you
+              ify a shorter period to free ressources on your  device  faster.
+              This  is  useful  for devices with limited main memory or if you
               used -m to limit the concurrent clients that may request activa‐
-              tion. Microsoft RPC  clients  disconnect  after  30  seconds  by
-              default.  Setting  seconds to a greater value does not make much
+              tion.  Microsoft  RPC  clients  disconnect  after  30 seconds by
+              default. Setting seconds to a greater value does not  make  much
               sense.
 
 
        -m concurrent-clients
-              Limit the number of clients that will be  handled  concurrently.
+              Limit  the  number of clients that will be handled concurrently.
               This is useful for devices with limited ressources or if you are
-              experiencing DoS attacks that  spawn  thousands  of  threads  or
-              forked  processes. If additional clients connect to vlmcsd, they
-              need to wait until another client disconnects. If you  set  con‐
+              experiencing  DoS  attacks  that  spawn  thousands of threads or
+              forked processes. If additional clients connect to vlmcsd,  they
+              need  to  wait until another client disconnects. If you set con‐
               current-clients to a small value ( <10 ), you should also select
-              a reasonable timeout of 2 or 3 seconds with -t. The  default  is
+              a  reasonable  timeout of 2 or 3 seconds with -t. The default is
               no limit.
 
 
-       -d     Disconnect  each client after processing one activation request.
-              This is a direct violation of  DCE  RPC  but  may  help  if  you
-              receive  malicous  fake  RPC requests that block your threads or
-              forked processes. Some other KMS emulators (e.g. py-kms)  behave
+       -d     Disconnect each client after processing one activation  request.
+              This  is  a  direct  violation  of  DCE  RPC but may help if you
+              receive malicous fake RPC requests that block  your  threads  or
+              forked  processes. Some other KMS emulators (e.g. py-kms) behave
               this way.
 
 
-       -k     Do   not  disconnect  clients  after  processing  an  activation
+       -k     Do  not  disconnect  clients  after  processing  an   activation
               request. This selects the default behavior. -k is useful only if
               you used an ini file (see vlmcsd.ini(5) and -i). If the ini file
               contains the line "DisconnectClientsImmediately = true", you can
@@ -140,103 +199,113 @@ OPTIONS
 
 
        -N0 and -N1
-              Disables  (-N0)  or  enables (-N1) the use of the NDR64 transfer
-              syntax in the RPC protocol.  Unlike  Microsoft  vlmcsd  supports
+              Disables (-N0) or enables (-N1) the use of  the  NDR64  transfer
+              syntax  in  the  RPC  protocol. Unlike Microsoft vlmcsd supports
               NDR64 on 32-bit operating systems. Microsoft introduced NDR64 in
-              Windows Vista but their KMS servers started using it  with  Win‐
-              dows  8.  Thus  if  you  choose random ePIDs, vlmcsd will select
-              ePIDs with build numbers 9200 and 9600 if you enable  NDR64  and
+              Windows  Vista  but their KMS servers started using it with Win‐
+              dows 8. Thus if you choose  random  ePIDs,  vlmcsd  will  select
+              ePIDs  with  build numbers 9200 and 9600 if you enable NDR64 and
               build numbers 6002 and 7601 if you disable NDR64. The default is
               to enable NDR64.
 
 
        -B0 and -B1
-              Disables (-B0) or enables (-B1) bind  time  feature  negotiation
+              Disables  (-B0)  or  enables (-B1) bind time feature negotiation
               (BTFN) in the RPC protocol. All Windows operating systems start‐
-              ing with Vista support BTFN and try to negotiate it when  initi‐
+              ing  with Vista support BTFN and try to negotiate it when initi‐
               ating an RPC connection. Thus consider turning it off as a debug
               / troubleshooting feature only. Some older firewalls that selec‐
-              tively  block or redirect RPC traffic may get confused when they
+              tively block or redirect RPC traffic may get confused when  they
               detect NDR64 or BTFN.
 
 
        -l filename
               Use filename as a log file. The log file records all activations
-              with  IP  address,  Windows  workstation  name  (no  reverse DNS
-              lookup), activated product, KMS protocol, time and date. If  you
+              with IP  address,  Windows  workstation  name  (no  reverse  DNS
+              lookup),  activated product, KMS protocol, time and date. If you
               do not specify a log file, no log is created. For a live view of
               the log file type tail -f file.
 
-              If you use the special filename "syslog", vlmcsd uses  syslog(3)
-              for  logging.  If  your  system has no syslog service (/dev/log)
-              installed, logging output will go to /dev/console.  Syslog  log‐
-              ging  is not available in the native Windows version. The Cygwin
+              If  you use the special filename "syslog", vlmcsd uses syslog(3)
+              for logging. If your system has  no  syslog  service  (/dev/log)
+              installed,  logging  output will go to /dev/console. Syslog log‐
+              ging is not available in the native Windows version. The  Cygwin
               version does support syslog logging.
 
 
-       -D     Normally vlmcsd daemonizes and runs in  background  (except  the
-              native  Windows  version).  If  -D is specified, vlmcsd does not
+       -T0 and -T1
+              Disable  (-T0) or enable (-T1) the inclusion of date and time in
+              each line of the log. The default is -T1. -T0 is useful  if  you
+              log  to  stdout(3) which is redirected to another logging mecha‐
+              nism that already includes date and  time  in  its  output,  for
+              instance  systemd-journald(8).  If  you log to syslog(3), -T1 is
+              ignored and date and time will never be included in  the  output
+              sent to syslog(3).
+
+
+       -D     Normally  vlmcsd  daemonizes  and runs in background (except the
+              native Windows version). If -D is  specified,  vlmcsd  does  not
               daemonize and runs in foreground. This is useful for testing and
               allows you to simply press <Ctrl-C> to exit vlmcsd.
 
-              The  native  Windows version never daemonizes and always behaves
+              The native Windows version never daemonizes and  always  behaves
               as if -D had been specified. You may want to install vlmcsd as a
               service instead. See -s.
 
 
        -e     If specified, vlmcsd ignores -l and writes all logging output to
-              stdout(3). This is mainly useful for testing and  debugging  and
+              stdout(3).  This  is mainly useful for testing and debugging and
               often combined with -D.
 
 
-       -v     Use  verbose  logging.  Logs every parameter of the base request
-              and the base response. It also logs the HWID of the  KMS  server
-              if  KMS  protocol  version  6 is used. This option is mainly for
-              debugging purposes. It only has an effect if some form  of  log‐
-              ging  is  used. Thus -v does not make sense if not used with -l,
+       -v     Use verbose logging. Logs every parameter of  the  base  request
+              and  the  base response. It also logs the HWID of the KMS server
+              if KMS protocol version 6 is used. This  option  is  mainly  for
+              debugging  purposes.  It only has an effect if some form of log‐
+              ging is used. Thus -v does not make sense if not used  with  -l,
               -e or -f.
 
 
-       -q     Do not use verbose logging. This is actually the default  behav‐
+       -q     Do  not use verbose logging. This is actually the default behav‐
               ior. It only makes sense if you use vlmcsd with an ini file (see
-              -i and  vlmcsd.ini(5)).  If  the  ini  file  contains  the  line
+              -i  and  vlmcsd.ini(5)).  If  the  ini  file  contains  the line
               "LogVerbose = true" you can use -q to restore the default behav‐
               ior.
 
 
        -p filename
               Create pid file filename. This has nothing to do with KMS ePIDs.
-              A  pid  file  is  a file where vlmcsd writes its own process id.
-              This is used  by  standard  init  scripts  (typically  found  in
+              A pid file is a file where vlmcsd writes  its  own  process  id.
+              This  is  used  by  standard  init  scripts  (typically found in
               /etc/init.d). The default is not to write a pid file.
 
 
        -u user and -g group
-              Causes  vlmcsd  to  run in the specified user and group security
-              context. The main purpose for this is to  drop  root  privileges
-              after  it  has  been  started from the root account. To use this
-              feature from cygwin you must run cyglsa-config and  the  account
-              from  which  vlmcsd is started must have the rights "Act as part
-              of the operating system" and "Replace a  process  level  token".
+              Causes vlmcsd to run in the specified user  and  group  security
+              context.  The  main  purpose for this is to drop root privileges
+              after it has been started from the root  account.  To  use  this
+              feature  from  cygwin you must run cyglsa-config and the account
+              from which vlmcsd is started must have the rights "Act  as  part
+              of  the  operating  system" and "Replace a process level token".
               The native Windows version does not support these options.
 
-              The  actual  security  context switch is performed after the TCP
-              sockets have been created. This allows  you  to  use  privileged
+              The actual security context switch is performed  after  the  TCP
+              sockets  have  been  created.  This allows you to use privileged
               ports (< 1024) when you start vlmcsd from the root account.
 
               However if you use an ini, pid or log file, you must ensure that
-              the unprivileged user has access to these files. You can  always
-              log  to syslog(3) from an unprivileged account on most platforms
+              the  unprivileged user has access to these files. You can always
+              log to syslog(3) from an unprivileged account on most  platforms
               (see -l).
 
 
        -w ePID
-              Use ePID as Windows ePID. If specified, -r  is  disregarded  for
+              Use  ePID  as  Windows ePID. If specified, -r is disregarded for
               Windows.
 
 
        -0 ePID
-              Use  ePID  as Office 2010 ePID (including Project and Visio). If
+              Use ePID as Office 2010 ePID (including Project and  Visio).  If
               specified, -r is disregarded for Office 2010.
 
 
@@ -246,14 +315,14 @@ OPTIONS
 
 
        -H HwId
-              Use  HwId  for  all products. All HWIDs in the ini file (see -i)
+              Use HwId for all products. All HWIDs in the ini  file  (see  -i)
               will not be used. In an ini file you can specify a seperate HWID
-              for  each application-guid. This is not possible when entering a
+              for each application-guid. This is not possible when entering  a
               HWID from the command line.
 
-              HwId must be specified as 16 hex digits that are interpreted  as
-              a  series  of  8 bytes (big endian). Any character that is not a
-              hex digit will be ignored. This is for better  readability.  The
+              HwId  must be specified as 16 hex digits that are interpreted as
+              a series of 8 bytes (big endian). Any character that  is  not  a
+              hex  digit  will be ignored. This is for better readability. The
               following commands are identical:
 
               vlmcsd -H 0123456789ABCDEF
@@ -262,14 +331,14 @@ OPTIONS
 
 
        -i filename
-              Use  configuration file (aka ini file) filename. Most configura‐
+              Use configuration file (aka ini file) filename. Most  configura‐
               tion parameters can be set either via the command line or an ini
-              file.  The command line always has precedence over configuration
-              items in the ini file. See vlmcsd.ini(5) for the format  of  the
+              file. The command line always has precedence over  configuration
+              items  in  the ini file. See vlmcsd.ini(5) for the format of the
               configuration file.
 
-              If  vlmcsd has been compiled to use a default configuration file
-              (often /etc/vlmcsd.ini), you may use -i- to ignore  the  default
+              If vlmcsd has been compiled to use a default configuration  file
+              (often  /etc/vlmcsd.ini),  you may use -i- to ignore the default
               configuration file.
 
 
@@ -282,118 +351,118 @@ OPTIONS
               - the file specified by -i does not contain the application-guid
               for the KMS request
 
-              -r0 means there  are  no  random  ePIDs.  vlmcsd  simply  issues
-              default  ePIDs  that  are built into the binary at compile time.
-              Pro: behaves like real KMS server that also  always  issues  the
-              same  ePID.  Con: Microsoft may start blacklisting again and the
+              -r0  means  there  are  no  random  ePIDs.  vlmcsd simply issues
+              default ePIDs that are built into the binary  at  compile  time.
+              Pro:  behaves  like  real KMS server that also always issues the
+              same ePID. Con: Microsoft may start blacklisting again  and  the
               default ePID may not work any longer.
 
-              -r1 instructs vlmcsd to generate random ePIDs when  the  program
+              -r1  instructs  vlmcsd to generate random ePIDs when the program
               starts or receives a SIGHUP signal and uses these ePIDs until it
-              is stopped or receives another SIGHUP. Most other KMS  emulators
-              generate  a  new  ePID  on  every  KMS  request.  This is easily
+              is  stopped or receives another SIGHUP. Most other KMS emulators
+              generate a new  ePID  on  every  KMS  request.  This  is  easily
               detectable. Microsoft could just modify sppsvc.exe in a way that
-              it  always  sends two identical KMS requests in two RPC requests
-              but over the same TCP connection. If both KMS responses  contain
-              the  different  ePIDs, the KMS server is not genuine. -r1 is the
-              default mode. -r1 also ensures that all  three  ePIDs  (Windows,
-              Office  2010  and  Office 2013) use the same OS build number and
+              it always sends two identical KMS requests in two  RPC  requests
+              but  over the same TCP connection. If both KMS responses contain
+              the different ePIDs, the KMS server is not genuine. -r1  is  the
+              default  mode.  -r1  also ensures that all three ePIDs (Windows,
+              Office 2010 and Office 2013) use the same OS  build  number  and
               LCID (language id).
 
               If vlmcsd has been started by an internet superserver, -r1 works
-              identically  to  -r2. This is simply due to the fact that vlmcsd
+              identically to -r2. This is simply due to the fact  that  vlmcsd
               is started upon a connection request and does not stay in memory
               after servicing a KMS request.
 
-              -r2  behaves  like  most  other KMS server emulators with random
-              support and generates a new random ePID on  every  request.  Use
-              this  mode  with  "care". However since Microsoft currently does
+              -r2 behaves like most other KMS  server  emulators  with  random
+              support  and  generates  a new random ePID on every request. Use
+              this mode with "care". However since  Microsoft  currently  does
               not seem to do any verification of the ePID, you currently don't
               need to pay attention to ePIDs at all.
 
 
        -C LCID
-              Do  not  randomize  the  locale id part of the ePID and use LCID
-              instead. The LCID must be specified as a  decimal  number,  e.g.
-              1049  for  "Russian  - Russia". This option has no effect if the
-              ePID is not randomized at all, e.g. if it is selected  from  the
+              Do not randomize the locale id part of the  ePID  and  use  LCID
+              instead.  The  LCID  must be specified as a decimal number, e.g.
+              1049 for "Russian - Russia". This option has no  effect  if  the
+              ePID  is  not randomized at all, e.g. if it is selected from the
               command line or an ini file.
 
               By default vlmcsd generates a valid locale id that is recognized
-              by .NET Framework 4.0. This may lead to a  locale  id  which  is
+              by  .NET  Framework  4.0.  This may lead to a locale id which is
               unlikely to occur in your country, for instance 2155 for "Quecha
               - Ecuador". You may want to select the locale id of your country
               instead. See MSDN ⟨http://msdn.microsoft.com/en-us/goglobal/
-              bb964664.aspx⟩ for a list of valid LCIDs. Please note that  some
+              bb964664.aspx⟩  for a list of valid LCIDs. Please note that some
               of them are not recognized by .NET Framework 4.0.
 
-              Most  other  KMS  emulators  use a fixed LCID of 1033 (English -
+              Most other KMS emulators use a fixed LCID  of  1033  (English  -
               US). To achive the same behavior in vlmcsd use -C 1033.
 
 
        -R renewal-interval
-              Instructs clients to renew  activation  every  renewal-interval.
+              Instructs  clients  to  renew activation every renewal-interval.
               The renewal-interval is a number optionally immediately followed
-              by a letter indicating the unit. Valid unit letters are s  (sec‐
+              by  a letter indicating the unit. Valid unit letters are s (sec‐
               onds), m (minutes), h (hours), d (days) and w (weeks). If you do
               not specify a letter, minutes is assumed.
 
-              -R3d for instance instructs clients to renew activation every  3
+              -R3d  for instance instructs clients to renew activation every 3
               days. The default renewal-interval is 10080 (identical to 7d and
               1w).
 
               Due to poor implementation of Microsofts KMS Client it cannot be
               guaranteed that activation is renewed on time as specfied by the
-              -R option. Don't care  about  that.  Renewal  will  happen  well
+              -R  option.  Don't  care  about  that.  Renewal will happen well
               before your activation expires (usually 180 days).
 
-              Even  though  you  can  specify seconds, the granularity of this
-              option is 1 minute. Seconds are rounded down to the next  multi‐
+              Even though you can specify seconds,  the  granularity  of  this
+              option  is 1 minute. Seconds are rounded down to the next multi‐
               ple of 60.
 
 
        -A activation-interval
-              Instructs  clients to retry activation every activation-interval
-              if it was unsuccessful, e.g. because  it  could  not  reach  the
-              server.  The default is 120 (identical to 2h). activation-inter‐
-              val follows the  same  syntax  as  renewal-interval  in  the  -R
+              Instructs clients to retry activation every  activation-interval
+              if  it  was  unsuccessful,  e.g.  because it could not reach the
+              server. The default is 120 (identical to 2h).  activation-inter‐
+              val  follows  the  same  syntax  as  renewal-interval  in the -R
               option.
 
 
-       -s     Installs  vlmcsd  as  a  Windows service. This option only works
-              with the native Windows version  and  Cygwin.  Combine  -s  with
-              other  command  line  options.  These will be in effect when you
-              start the service. The service  automatically  starts  when  you
-              reboot  your machine. To start it manually, type "net start vlm‐
+       -s     Installs vlmcsd as a Windows service.  This  option  only  works
+              with  the  native  Windows  version  and Cygwin. Combine -s with
+              other command line options. These will be  in  effect  when  you
+              start  the  service.  The  service automatically starts when you
+              reboot your machine. To start it manually, type "net start  vlm‐
               csd".
 
-              If you use Cygwin, you  must  include  your  Cygwin  system  DLL
-              directory  (usually  C:\Cygwin\bin  or C:\Cygwin64\bin) into the
+              If  you  use  Cygwin,  you  must  include your Cygwin system DLL
+              directory (usually C:\Cygwin\bin or  C:\Cygwin64\bin)  into  the
               PATH environment variable or the service will not start.
 
-              You can reinstall the service anytime  using  vlmcsd  -s  again,
-              e.g.  with  a different command line. If the service is running,
+              You  can  reinstall  the  service anytime using vlmcsd -s again,
+              e.g. with a different command line. If the service  is  running,
               it will be restarted with the new command line.
 
-              When using -s the command  line  is  checked  for  basic  syntax
+              When  using  -s  the  command  line  is checked for basic syntax
               errors only. For example "vlmcsd -s -L 1.2.3.4" reports no error
-              but the service will not start if 1.2.3.4 is not an  IP  address
+              but  the  service will not start if 1.2.3.4 is not an IP address
               on your system.
 
 
-       -S     Uninstalls  the  vlmcsd service. Works only with the native Win‐
-              dows version and Cygwin. All other options will  be  ignored  if
+       -S     Uninstalls the vlmcsd service. Works only with the  native  Win‐
+              dows  version  and  Cygwin. All other options will be ignored if
               you include -S in the command line.
 
 
        -U [domain\]username
-              Can  only be used together with -s. Starts the service as a dif‐
-              ferent user than the local SYSTEM account. This is used  to  run
-              the  service  under  an account with low privileges. If you omit
+              Can only be used together with -s. Starts the service as a  dif‐
+              ferent  user  than the local SYSTEM account. This is used to run
+              the service under an account with low privileges.  If  you  omit
               the domain, an account from the local computer will be used.
 
               You may use "NT AUTHORITY\NetworkService". This is a pseudo user
-              with  low  privileges.  You may also use "NT AUTHORITY\LocalSer‐
+              with low privileges. You may also  use  "NT  AUTHORITY\LocalSer‐
               vice" which has more privileges but these are of no use for run‐
               ning vlmcsd.
 
@@ -401,20 +470,20 @@ OPTIONS
               sion for your executable. "NT AUTHORITY\NetworkService" normally
               has no permission to run binaries from your home directory.
 
-              For  your convenience you can use the special username "/l" as a
+              For your convenience you can use the special username "/l" as  a
               shortcut  for  "NT  AUTHORITY\LocalService"  and  "/n"  for  "NT
-              AUTHORITY\NetworkService".  "vlmcsd -s -U /n"  installs the ser‐
+              AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs  the  ser‐
               vice to run as "NT AUTHORITY\NetworkService".
 
 
        -W password
-              Can only be used together with -s. Specifies a password for  the
-              corresponding  username  you  use  with  -U. SYSTEM, "NT AUTHOR‐
-              ITY\NetworkService", "NT AUTHORITY\LocalService" do not  require
+              Can  only be used together with -s. Specifies a password for the
+              corresponding username you use  with  -U.  SYSTEM,  "NT  AUTHOR‐
+              ITY\NetworkService",  "NT AUTHORITY\LocalService" do not require
               a password.
 
-              If  you  specify  a  user  with  even  lower privileges than "NT
-              AUTHORITY\NetworkService", you must specify  its  password.  You
+              If you specify a  user  with  even  lower  privileges  than  "NT
+              AUTHORITY\NetworkService",  you  must  specify its password. You
               also have to grant the "Log on as a service" right to that user.
 
 
@@ -423,50 +492,50 @@ SIGNALS
 
 
        SIGTERM, SIGINT
-              These  signals cause vlmcsd to exit gracefully. All global sema‐
-              phores and shared memory pages will be released,  the  pid  file
-              will  be  unlinked  (deleted)  and  a  shutdown  message will be
+              These signals cause vlmcsd to exit gracefully. All global  sema‐
+              phores  and  shared  memory pages will be released, the pid file
+              will be unlinked  (deleted)  and  a  shutdown  message  will  be
               logged.
 
 
-       SIGHUP Causes vlmcsd to be restarted completely. This is useful if  you
-              started  vlmcsd  with  an  ini file. You can modify the ini file
-              while vlmcsd is running and then sending SIGHUP, e.g. by  typing
-              "killall  -SIGHUP  vlmcsd"  or  "kill -SIGHUP `cat /var/run/vlm‐
+       SIGHUP Causes  vlmcsd to be restarted completely. This is useful if you
+              started vlmcsd with an ini file. You can  modify  the  ini  file
+              while  vlmcsd is running and then sending SIGHUP, e.g. by typing
+              "killall -SIGHUP vlmcsd" or  "kill  -SIGHUP  `cat  /var/run/vlm‐
               csd.pid`".
 
               The SIGHUP handler has been implemented relatively simple. It is
-              virtually  the  same  as  stopping  vlmcsd and starting it again
+              virtually the same as stopping  vlmcsd  and  starting  it  again
               immediately with the following exceptions:
 
 
               —  The new process does not get a new process id.
 
-              —  If you used a pid file,  it  is  not  deleted  and  recreated
+              —  If  you  used  a  pid  file,  it is not deleted and recreated
                  because the process id stays the same.
 
-              —  If  you  used  the  'user' and/or 'group' directive in an ini
-                 file these are ignored. This is because once you switched  to
+              —  If you used the 'user' and/or 'group'  directive  in  an  ini
+                 file  these are ignored. This is because once you switched to
                  lower privileged users and groups, there is no way back. Any‐
                  thing else would be a severe security flaw in the OS.
 
-       Signaling is not available in the native Windows  version  and  in  the
+       Signaling  is  not  available  in the native Windows version and in the
        Cygwin version when it runs as Windows service.
 
 
 SUPPORTED OPERATING SYSTEMS
-       vlmcsd  compiles  and  runs  on  Linux, Windows (no Cygwin required but
-       explicitly supported), Mac OS X, FreeBSD,  NetBSD,  OpenBSD,  Dragonfly
-       BSD,  Minix,  Solaris,  OpenIndiana,  Android  and  iOS. Other POSIX or
-       unixoid OSses may work with unmodified sources  or  may  require  minor
+       vlmcsd compiles and runs on Linux,  Windows  (no  Cygwin  required  but
+       explicitly  supported),  Mac  OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
+       BSD, Minix, Solaris, OpenIndiana,  Android  and  iOS.  Other  POSIX  or
+       unixoid  OSses  may  work  with unmodified sources or may require minor
        porting efforts.
 
 
 SUPPORTED PRODUCTS
-       vlmcsd  can answer activation requests for the following products: Win‐
-       dows Vista, Windows 7, Windows 8,  Windows  8.1,  Windows  10,  Windows
-       Server  2008,  Windows  Server  2008  R2,  Windows Server 2012, Windows
-       Server 2012 R2, Office 2010, Project 2010,  Visio  2010,  Office  2013,
+       vlmcsd can answer activation requests for the following products:  Win‐
+       dows  Vista,  Windows  7,  Windows  8, Windows 8.1, Windows 10, Windows
+       Server 2008, Windows Server  2008  R2,  Windows  Server  2012,  Windows
+       Server  2012  R2,  Office  2010, Project 2010, Visio 2010, Office 2013,
        Project 2013, Visio 2013, Office 2016, Project 2016, Visio 2016.
 
        Office, Project and Visio must be volume license versions.
@@ -477,25 +546,25 @@ FILES
 
 
 EXAMPLES
-       vlmcsd -f
-              Starts  vlmcsd in foreground. Useful if you use it for the first
-              time and want to see what's happening  when  a  client  requests
+       vlmcsd -De
+              Starts vlmcsd in foreground. Useful if you use it for the  first
+              time  and  want  to  see what's happening when a client requests
               activation.
 
 
        vlmcsd -l /var/log/vlmcsd.log
-              Starts  vlmcsd  as a daemon and logs everything to /var/log/vlm‐
+              Starts vlmcsd as a daemon and logs everything  to  /var/log/vlm‐
               csd.log.
 
 
        vlmcsd -L 192.168.1.17
               Starts vlmcsd as a daemon and listens on IP address 192.168.1.17
-              only.  This  is useful for routers that have a public and a pri‐
+              only. This is useful for routers that have a public and  a  pri‐
               vate IP address to prevent your KMS server from becoming public.
 
 
        vlmcsd -s -U /n -l C:\logs\vlmcsd.log
-              Installs vlmcsd as a Windows service  with  low  privileges  and
+              Installs  vlmcsd  as  a  Windows service with low privileges and
               logs  everything  to  C:\logs\vlmcsd.log  when  the  service  is
               started with "net start vlmcsd".
 
@@ -503,18 +572,18 @@ EXAMPLES
 BUGS
        An ePID specified in an ini file must not contain spaces.
 
-       The maximum number of -L options in the command line or  listen  state‐
+       The  maximum  number of -L options in the command line or listen state‐
        ments in the inifile is the platform default for FD_SETSIZE. This is 64
        on Windows and 1024 on most Unixes.
 
 
 AUTHOR
-       Written by crony12, Hotbird64 and vityan666.  With  contributions  from
+       Written  by  crony12, Hotbird64 and vityan666.  With contributions from
        DougQaid.
 
 
 CREDITS
-       Thanks  to  CODYQX4,  deagles,  eIcn, mikmik38, nosferati87, qad, Rati‐
+       Thanks to CODYQX4, deagles, eIcn,  mikmik38,  nosferati87,  qad,  Rati‐
        borus, ...
 
 
@@ -523,4 +592,4 @@ SEE ALSO
 
 
 
-Hotbird64                          June 2016                         VLMCSD(8)
+Hotbird64                          July 2016                         VLMCSD(8)

vlmcsd.8.html

@@ -1,5 +1,5 @@
 <!-- Creator     : groff version 1.22.3 -->
-<!-- CreationDate: Fri Jun 17 14:16:33 2016 -->
+<!-- CreationDate: Wed Jul 13 12:34:01 2016 -->
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">
 <html>
@@ -163,6 +163,80 @@ same link local address is used on more than one network
 interface. Windows does not accept a name and the scope id
 must be a number.</p>
 
+<p style="margin-left:11%;"><b>-o</b> <i>level</i></p>
+
+<p style="margin-left:22%;">Sets the <i>level</i> of
+protection against activations from public IP addresses. The
+default is <b>-o0</b> for no protection.</p>
+
+<p style="margin-left:22%; margin-top: 1em"><b>-o1</b>
+causes vlmcsd not to listen on all IP addresses but on
+private IP addresses only. IPv4 addresses in the
+100.64.0.0/10 range (see RFC6598) are not treated as private
+since they can be reached from other users of your ISP.
+Private IPv4 addresses are 10.0.0.0/8, 172.16.0.0/12,
+192.168.0.0/16, 169.254.0.0/16 and 127.0.0.0/8. vlmcsd
+treats all IPv6 addresses not within 2000::/3 as private
+addresses.</p>
+
+<p style="margin-left:22%; margin-top: 1em">If <b>-o1</b>
+is combined with <b>-L</b>, it will listen on all private IP
+addresses plus the ones specified by one or more <b>-L</b>
+statements. If <b>-o1</b> is combined with <b>-P</b>, only
+the last <b>-P</b> statement will be used.</p>
+
+<p style="margin-left:22%; margin-top: 1em">Using
+<b>-o1</b> does not protect you if you enable NAT port
+forwarding on your router to your vlmcsd machine. It is
+identical to using multiple -L statements with all of your
+private IP addresses. What <b>-o1</b> does for you, is
+automatically enumerating your private IP addresses.</p>
+
+<p style="margin-left:22%; margin-top: 1em"><b>-o2</b> does
+not affect the interfaces, vlmcsd is listening on. When a
+clients connects, vlmcsd immediately drops the connection if
+the client has a public IP address. Unlike <b>-o1</b>
+clients will be able to establish a TCP connection but it
+will be closed without a single byte sent over the
+connection. This protects against clients with public IP
+addresses even if NAT port forwarding is used. While
+<b>-o2</b> offers a higher level of protection than
+<b>-o1</b>, the client sees that the KMS TCP port (1688 by
+default) is actually accepting connections.</p>
+
+<p style="margin-left:22%; margin-top: 1em"><b>-o3</b>
+combines <b>-o1</b> and <b>-o2</b>. vlmcsd listens on
+private interfaces only and if a public client manages to
+connect anyway due to NAT port forwarding, it will be
+immediately dropped.</p>
+
+<p style="margin-left:22%; margin-top: 1em">If you use any
+form of TCP level port forwarding (e.g. <b>nc</b>(1),
+<b>netcat</b>(1), <b>ssh</b>(1) port forwarding or similar)
+to redirect KMS requests to vlmcsd, there will be no
+protection even if you use <b>-o2</b> or <b>-o3</b>. This is
+due to the simple fact that vlmcsd sees the IP address of
+the redirector and not the IP address of the client.</p>
+
+<p style="margin-left:22%; margin-top: 1em"><b>-o1</b> (and
+thus <b>-o3</b>) is not (yet) available in some
+scenarios:</p>
+
+<p style="margin-left:29%; margin-top: 1em">FreeBSD: There
+is a longtime unfixed
+<a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881">bug</a>
+in the 32-bit ABI of the 64-bit kernel. If you have a 64-bit
+FreeBSD kernel, you must run the 64-bit version of vlmcsd if
+you use <b>-o1</b> or <b>-o3</b>. The 32-bit version causes
+undefined behavior up to crashing vlmcsd. Other BSDs
+(NetBSD, OpenBSD, Dragonfly and Mac OS X) work
+correctly.</p>
+
+<p style="margin-left:29%; margin-top: 1em">If vlmcsd was
+started by an internet superserver or was compiled to use
+Microsoft RPC (Windows only) or simple sockets, <b>-o1</b>
+and <b>-o3</b> are not available by design.</p>
+
 <p style="margin-left:11%;"><b>-P</b> <i>port</i></p>
 
 <p style="margin-left:22%;">Use TCP <i>port</i> for all
@@ -286,6 +360,18 @@ service (/dev/log) installed, logging output will go to
 Windows version. The Cygwin version does support syslog
 logging.</p>
 
+<p style="margin-left:11%;"><b>-T0</b> and <b>-T1</b></p>
+
+<p style="margin-left:22%;">Disable (<b>-T0</b>) or enable
+(<b>-T1</b>) the inclusion of date and time in each line of
+the log. The default is <b>-T1</b>. <b>-T0</b> is useful if
+you log to <b>stdout</b>(3) which is redirected to another
+logging mechanism that already includes date and time in its
+output, for instance <b>systemd-journald</b>(8). If you log
+to <b>syslog</b>(3), <b>-T1</b> is ignored and date and time
+will never be included in the output sent to
+<b>syslog</b>(3).</p>
+
 <table width="100%" border="0" rules="none" frame="void"
        cellspacing="0" cellpadding="0">
 <tr valign="top" align="left">
@@ -777,7 +863,7 @@ and Visio must be volume license versions.</p>
 
 
 <p style="margin-left:11%; margin-top: 1em"><b>vlmcsd
--f</b></p>
+-De</b></p>
 
 <p style="margin-left:22%;">Starts <b>vlmcsd</b> in
 foreground. Useful if you use it for the first time and want

vlmcsd.8.unix.txt

@@ -84,55 +84,114 @@ OPTIONS
               accept a name and the scope id must be a number.
 
 
+       -o level
+              Sets the level of protection against activations from public  IP
+              addresses. The default is -o0 for no protection.
+
+              -o1  causes vlmcsd not to listen on all IP addresses but on pri‐
+              vate IP addresses only.  IPv4  addresses  in  the  100.64.0.0/10
+              range (see RFC6598) are not treated as private since they can be
+              reached from other users of your ISP. Private IPv4 addresses are
+              10.0.0.0/8,  172.16.0.0/12,  192.168.0.0/16,  169.254.0.0/16 and
+              127.0.0.0/8.  vlmcsd  treats  all  IPv6  addresses  not   within
+              2000::/3 as private addresses.
+
+              If  -o1  is  combined  with -L, it will listen on all private IP
+              addresses plus the ones specified by one or more -L  statements.
+              If  -o1  is combined with -P, only the last -P statement will be
+              used.
+
+              Using -o1 does not protect you if you enable NAT port forwarding
+              on  your router to your vlmcsd machine. It is identical to using
+              multiple -L statements with all of your  private  IP  addresses.
+              What -o1 does for you, is automatically enumerating your private
+              IP addresses.
+
+              -o2 does not affect the interfaces, vlmcsd is listening on. When
+              a  clients  connects, vlmcsd immediately drops the connection if
+              the client has a public IP address. Unlike -o1 clients  will  be
+              able to establish a TCP connection but it will be closed without
+              a single byte sent over the connection.  This  protects  against
+              clients  with public IP addresses even if NAT port forwarding is
+              used. While -o2 offers a higher level of  protection  than  -o1,
+              the client sees that the KMS TCP port (1688 by default) is actu‐
+              ally accepting connections.
+
+              -o3 combines -o1 and -o2. vlmcsd listens on  private  interfaces
+              only and if a public client manages to connect anyway due to NAT
+              port forwarding, it will be immediately dropped.
+
+              If you use any form of TCP level port  forwarding  (e.g.  nc(1),
+              netcat(1),  ssh(1)  port  forwarding or similar) to redirect KMS
+              requests to vlmcsd, there will be no protection even if you  use
+              -o2  or -o3. This is due to the simple fact that vlmcsd sees the
+              IP address of the redirector and  not  the  IP  address  of  the
+              client.
+
+              -o1 (and thus -o3) is not (yet) available in some scenarios:
+
+                   FreeBSD: There is a longtime unfixed bug ⟨https://
+                   bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881⟩  in   the
+                   32-bit ABI of the 64-bit kernel. If you have a 64-bit Free‐
+                   BSD kernel, you must run the 64-bit version  of  vlmcsd  if
+                   you  use  -o1  or  -o3. The 32-bit version causes undefined
+                   behavior up to crashing vlmcsd. Other BSDs  (NetBSD,  Open‐
+                   BSD, Dragonfly and Mac OS X) work correctly.
+
+                   If  vlmcsd  was  started  by an internet superserver or was
+                   compiled to use Microsoft  RPC  (Windows  only)  or  simple
+                   sockets, -o1 and -o3 are not available by design.
+
+
        -P port
-              Use TCP port for  all  subsequent  -L  statements  that  do  not
+              Use  TCP  port  for  all  subsequent  -L  statements that do not
               include an optional port. If you use -P and -L, -P must be spec‐
               ified before -L.
 
 
        -F0 and -F1
-              Allow (-F1) or disallow (-F0) binding to IP addresses  that  are
+              Allow  (-F1)  or disallow (-F0) binding to IP addresses that are
               currently not configured on your system. The default is -F0. -F1
               allows you to bind to an IP address that may be configured after
-              you  started  vlmcsd. vlmcsd will listen on that address as soon
-              as it becomes available. This feature is  only  available  under
-              Linux  (IPv4  and  IPv6) and FreeBSD (IPv4 only). FreeBSD allows
-              this feature only for the root user (more  correctly:  processes
-              that  have  the  PRIV_NETINET_BINDANY privilege). Linux does not
+              you started vlmcsd. vlmcsd will listen on that address  as  soon
+              as  it  becomes  available. This feature is only available under
+              Linux (IPv4 and IPv6) and FreeBSD (IPv4  only).  FreeBSD  allows
+              this  feature  only for the root user (more correctly: processes
+              that have the PRIV_NETINET_BINDANY privilege).  Linux  does  not
               require a capability for this.
 
 
        -t seconds
-              Timeout the TCP connection with the client  after  seconds  sec‐
-              onds.  After  sending  an  activation request. RPC keeps the TCP
+              Timeout  the  TCP  connection with the client after seconds sec‐
+              onds. After sending an activation request.  RPC  keeps  the  TCP
               connection for a while. The default is 30 seconds. You may spec‐
-              ify  a  shorter period to free ressources on your device faster.
-              This is useful for devices with limited main memory  or  if  you
+              ify a shorter period to free ressources on your  device  faster.
+              This  is  useful  for devices with limited main memory or if you
               used -m to limit the concurrent clients that may request activa‐
-              tion. Microsoft RPC  clients  disconnect  after  30  seconds  by
-              default.  Setting  seconds to a greater value does not make much
+              tion.  Microsoft  RPC  clients  disconnect  after  30 seconds by
+              default. Setting seconds to a greater value does not  make  much
               sense.
 
 
        -m concurrent-clients
-              Limit the number of clients that will be  handled  concurrently.
+              Limit  the  number of clients that will be handled concurrently.
               This is useful for devices with limited ressources or if you are
-              experiencing DoS attacks that  spawn  thousands  of  threads  or
-              forked  processes. If additional clients connect to vlmcsd, they
-              need to wait until another client disconnects. If you  set  con‐
+              experiencing  DoS  attacks  that  spawn  thousands of threads or
+              forked processes. If additional clients connect to vlmcsd,  they
+              need  to  wait until another client disconnects. If you set con‐
               current-clients to a small value ( <10 ), you should also select
-              a reasonable timeout of 2 or 3 seconds with -t. The  default  is
+              a  reasonable  timeout of 2 or 3 seconds with -t. The default is
               no limit.
 
 
-       -d     Disconnect  each client after processing one activation request.
-              This is a direct violation of  DCE  RPC  but  may  help  if  you
-              receive  malicous  fake  RPC requests that block your threads or
-              forked processes. Some other KMS emulators (e.g. py-kms)  behave
+       -d     Disconnect each client after processing one activation  request.
+              This  is  a  direct  violation  of  DCE  RPC but may help if you
+              receive malicous fake RPC requests that block  your  threads  or
+              forked  processes. Some other KMS emulators (e.g. py-kms) behave
               this way.
 
 
-       -k     Do   not  disconnect  clients  after  processing  an  activation
+       -k     Do  not  disconnect  clients  after  processing  an   activation
               request. This selects the default behavior. -k is useful only if
               you used an ini file (see vlmcsd.ini(5) and -i). If the ini file
               contains the line "DisconnectClientsImmediately = true", you can
@@ -140,103 +199,113 @@ OPTIONS
 
 
        -N0 and -N1
-              Disables  (-N0)  or  enables (-N1) the use of the NDR64 transfer
-              syntax in the RPC protocol.  Unlike  Microsoft  vlmcsd  supports
+              Disables (-N0) or enables (-N1) the use of  the  NDR64  transfer
+              syntax  in  the  RPC  protocol. Unlike Microsoft vlmcsd supports
               NDR64 on 32-bit operating systems. Microsoft introduced NDR64 in
-              Windows Vista but their KMS servers started using it  with  Win‐
-              dows  8.  Thus  if  you  choose random ePIDs, vlmcsd will select
-              ePIDs with build numbers 9200 and 9600 if you enable  NDR64  and
+              Windows  Vista  but their KMS servers started using it with Win‐
+              dows 8. Thus if you choose  random  ePIDs,  vlmcsd  will  select
+              ePIDs  with  build numbers 9200 and 9600 if you enable NDR64 and
               build numbers 6002 and 7601 if you disable NDR64. The default is
               to enable NDR64.
 
 
        -B0 and -B1
-              Disables (-B0) or enables (-B1) bind  time  feature  negotiation
+              Disables  (-B0)  or  enables (-B1) bind time feature negotiation
               (BTFN) in the RPC protocol. All Windows operating systems start‐
-              ing with Vista support BTFN and try to negotiate it when  initi‐
+              ing  with Vista support BTFN and try to negotiate it when initi‐
               ating an RPC connection. Thus consider turning it off as a debug
               / troubleshooting feature only. Some older firewalls that selec‐
-              tively  block or redirect RPC traffic may get confused when they
+              tively block or redirect RPC traffic may get confused when  they
               detect NDR64 or BTFN.
 
 
        -l filename
               Use filename as a log file. The log file records all activations
-              with  IP  address,  Windows  workstation  name  (no  reverse DNS
-              lookup), activated product, KMS protocol, time and date. If  you
+              with IP  address,  Windows  workstation  name  (no  reverse  DNS
+              lookup),  activated product, KMS protocol, time and date. If you
               do not specify a log file, no log is created. For a live view of
               the log file type tail -f file.
 
-              If you use the special filename "syslog", vlmcsd uses  syslog(3)
-              for  logging.  If  your  system has no syslog service (/dev/log)
-              installed, logging output will go to /dev/console.  Syslog  log‐
-              ging  is not available in the native Windows version. The Cygwin
+              If  you use the special filename "syslog", vlmcsd uses syslog(3)
+              for logging. If your system has  no  syslog  service  (/dev/log)
+              installed,  logging  output will go to /dev/console. Syslog log‐
+              ging is not available in the native Windows version. The  Cygwin
               version does support syslog logging.
 
 
-       -D     Normally vlmcsd daemonizes and runs in  background  (except  the
-              native  Windows  version).  If  -D is specified, vlmcsd does not
+       -T0 and -T1
+              Disable  (-T0) or enable (-T1) the inclusion of date and time in
+              each line of the log. The default is -T1. -T0 is useful  if  you
+              log  to  stdout(3) which is redirected to another logging mecha‐
+              nism that already includes date and  time  in  its  output,  for
+              instance  systemd-journald(8).  If  you log to syslog(3), -T1 is
+              ignored and date and time will never be included in  the  output
+              sent to syslog(3).
+
+
+       -D     Normally  vlmcsd  daemonizes  and runs in background (except the
+              native Windows version). If -D is  specified,  vlmcsd  does  not
               daemonize and runs in foreground. This is useful for testing and
               allows you to simply press <Ctrl-C> to exit vlmcsd.
 
-              The  native  Windows version never daemonizes and always behaves
+              The native Windows version never daemonizes and  always  behaves
               as if -D had been specified. You may want to install vlmcsd as a
               service instead. See -s.
 
 
        -e     If specified, vlmcsd ignores -l and writes all logging output to
-              stdout(3). This is mainly useful for testing and  debugging  and
+              stdout(3).  This  is mainly useful for testing and debugging and
               often combined with -D.
 
 
-       -v     Use  verbose  logging.  Logs every parameter of the base request
-              and the base response. It also logs the HWID of the  KMS  server
-              if  KMS  protocol  version  6 is used. This option is mainly for
-              debugging purposes. It only has an effect if some form  of  log‐
-              ging  is  used. Thus -v does not make sense if not used with -l,
+       -v     Use verbose logging. Logs every parameter of  the  base  request
+              and  the  base response. It also logs the HWID of the KMS server
+              if KMS protocol version 6 is used. This  option  is  mainly  for
+              debugging  purposes.  It only has an effect if some form of log‐
+              ging is used. Thus -v does not make sense if not used  with  -l,
               -e or -f.
 
 
-       -q     Do not use verbose logging. This is actually the default  behav‐
+       -q     Do  not use verbose logging. This is actually the default behav‐
               ior. It only makes sense if you use vlmcsd with an ini file (see
-              -i and  vlmcsd.ini(5)).  If  the  ini  file  contains  the  line
+              -i  and  vlmcsd.ini(5)).  If  the  ini  file  contains  the line
               "LogVerbose = true" you can use -q to restore the default behav‐
               ior.
 
 
        -p filename
               Create pid file filename. This has nothing to do with KMS ePIDs.
-              A  pid  file  is  a file where vlmcsd writes its own process id.
-              This is used  by  standard  init  scripts  (typically  found  in
+              A pid file is a file where vlmcsd writes  its  own  process  id.
+              This  is  used  by  standard  init  scripts  (typically found in
               /etc/init.d). The default is not to write a pid file.
 
 
        -u user and -g group
-              Causes  vlmcsd  to  run in the specified user and group security
-              context. The main purpose for this is to  drop  root  privileges
-              after  it  has  been  started from the root account. To use this
-              feature from cygwin you must run cyglsa-config and  the  account
-              from  which  vlmcsd is started must have the rights "Act as part
-              of the operating system" and "Replace a  process  level  token".
+              Causes vlmcsd to run in the specified user  and  group  security
+              context.  The  main  purpose for this is to drop root privileges
+              after it has been started from the root  account.  To  use  this
+              feature  from  cygwin you must run cyglsa-config and the account
+              from which vlmcsd is started must have the rights "Act  as  part
+              of  the  operating  system" and "Replace a process level token".
               The native Windows version does not support these options.
 
-              The  actual  security  context switch is performed after the TCP
-              sockets have been created. This allows  you  to  use  privileged
+              The actual security context switch is performed  after  the  TCP
+              sockets  have  been  created.  This allows you to use privileged
               ports (< 1024) when you start vlmcsd from the root account.
 
               However if you use an ini, pid or log file, you must ensure that
-              the unprivileged user has access to these files. You can  always
-              log  to syslog(3) from an unprivileged account on most platforms
+              the  unprivileged user has access to these files. You can always
+              log to syslog(3) from an unprivileged account on most  platforms
               (see -l).
 
 
        -w ePID
-              Use ePID as Windows ePID. If specified, -r  is  disregarded  for
+              Use  ePID  as  Windows ePID. If specified, -r is disregarded for
               Windows.
 
 
        -0 ePID
-              Use  ePID  as Office 2010 ePID (including Project and Visio). If
+              Use ePID as Office 2010 ePID (including Project and  Visio).  If
               specified, -r is disregarded for Office 2010.
 
 
@@ -246,14 +315,14 @@ OPTIONS
 
 
        -H HwId
-              Use  HwId  for  all products. All HWIDs in the ini file (see -i)
+              Use HwId for all products. All HWIDs in the ini  file  (see  -i)
               will not be used. In an ini file you can specify a seperate HWID
-              for  each application-guid. This is not possible when entering a
+              for each application-guid. This is not possible when entering  a
               HWID from the command line.
 
-              HwId must be specified as 16 hex digits that are interpreted  as
-              a  series  of  8 bytes (big endian). Any character that is not a
-              hex digit will be ignored. This is for better  readability.  The
+              HwId  must be specified as 16 hex digits that are interpreted as
+              a series of 8 bytes (big endian). Any character that  is  not  a
+              hex  digit  will be ignored. This is for better readability. The
               following commands are identical:
 
               vlmcsd -H 0123456789ABCDEF
@@ -262,14 +331,14 @@ OPTIONS
 
 
        -i filename
-              Use  configuration file (aka ini file) filename. Most configura‐
+              Use configuration file (aka ini file) filename. Most  configura‐
               tion parameters can be set either via the command line or an ini
-              file.  The command line always has precedence over configuration
-              items in the ini file. See vlmcsd.ini(5) for the format  of  the
+              file. The command line always has precedence over  configuration
+              items  in  the ini file. See vlmcsd.ini(5) for the format of the
               configuration file.
 
-              If  vlmcsd has been compiled to use a default configuration file
-              (often /etc/vlmcsd.ini), you may use -i- to ignore  the  default
+              If vlmcsd has been compiled to use a default configuration  file
+              (often  /etc/vlmcsd.ini),  you may use -i- to ignore the default
               configuration file.
 
 
@@ -282,118 +351,118 @@ OPTIONS
               - the file specified by -i does not contain the application-guid
               for the KMS request
 
-              -r0 means there  are  no  random  ePIDs.  vlmcsd  simply  issues
-              default  ePIDs  that  are built into the binary at compile time.
-              Pro: behaves like real KMS server that also  always  issues  the
-              same  ePID.  Con: Microsoft may start blacklisting again and the
+              -r0  means  there  are  no  random  ePIDs.  vlmcsd simply issues
+              default ePIDs that are built into the binary  at  compile  time.
+              Pro:  behaves  like  real KMS server that also always issues the
+              same ePID. Con: Microsoft may start blacklisting again  and  the
               default ePID may not work any longer.
 
-              -r1 instructs vlmcsd to generate random ePIDs when  the  program
+              -r1  instructs  vlmcsd to generate random ePIDs when the program
               starts or receives a SIGHUP signal and uses these ePIDs until it
-              is stopped or receives another SIGHUP. Most other KMS  emulators
-              generate  a  new  ePID  on  every  KMS  request.  This is easily
+              is  stopped or receives another SIGHUP. Most other KMS emulators
+              generate a new  ePID  on  every  KMS  request.  This  is  easily
               detectable. Microsoft could just modify sppsvc.exe in a way that
-              it  always  sends two identical KMS requests in two RPC requests
-              but over the same TCP connection. If both KMS responses  contain
-              the  different  ePIDs, the KMS server is not genuine. -r1 is the
-              default mode. -r1 also ensures that all  three  ePIDs  (Windows,
-              Office  2010  and  Office 2013) use the same OS build number and
+              it always sends two identical KMS requests in two  RPC  requests
+              but  over the same TCP connection. If both KMS responses contain
+              the different ePIDs, the KMS server is not genuine. -r1  is  the
+              default  mode.  -r1  also ensures that all three ePIDs (Windows,
+              Office 2010 and Office 2013) use the same OS  build  number  and
               LCID (language id).
 
               If vlmcsd has been started by an internet superserver, -r1 works
-              identically  to  -r2. This is simply due to the fact that vlmcsd
+              identically to -r2. This is simply due to the fact  that  vlmcsd
               is started upon a connection request and does not stay in memory
               after servicing a KMS request.
 
-              -r2  behaves  like  most  other KMS server emulators with random
-              support and generates a new random ePID on  every  request.  Use
-              this  mode  with  "care". However since Microsoft currently does
+              -r2 behaves like most other KMS  server  emulators  with  random
+              support  and  generates  a new random ePID on every request. Use
+              this mode with "care". However since  Microsoft  currently  does
               not seem to do any verification of the ePID, you currently don't
               need to pay attention to ePIDs at all.
 
 
        -C LCID
-              Do  not  randomize  the  locale id part of the ePID and use LCID
-              instead. The LCID must be specified as a  decimal  number,  e.g.
-              1049  for  "Russian  - Russia". This option has no effect if the
-              ePID is not randomized at all, e.g. if it is selected  from  the
+              Do not randomize the locale id part of the  ePID  and  use  LCID
+              instead.  The  LCID  must be specified as a decimal number, e.g.
+              1049 for "Russian - Russia". This option has no  effect  if  the
+              ePID  is  not randomized at all, e.g. if it is selected from the
               command line or an ini file.
 
               By default vlmcsd generates a valid locale id that is recognized
-              by .NET Framework 4.0. This may lead to a  locale  id  which  is
+              by  .NET  Framework  4.0.  This may lead to a locale id which is
               unlikely to occur in your country, for instance 2155 for "Quecha
               - Ecuador". You may want to select the locale id of your country
               instead. See MSDN ⟨http://msdn.microsoft.com/en-us/goglobal/
-              bb964664.aspx⟩ for a list of valid LCIDs. Please note that  some
+              bb964664.aspx⟩  for a list of valid LCIDs. Please note that some
               of them are not recognized by .NET Framework 4.0.
 
-              Most  other  KMS  emulators  use a fixed LCID of 1033 (English -
+              Most other KMS emulators use a fixed LCID  of  1033  (English  -
               US). To achive the same behavior in vlmcsd use -C 1033.
 
 
        -R renewal-interval
-              Instructs clients to renew  activation  every  renewal-interval.
+              Instructs  clients  to  renew activation every renewal-interval.
               The renewal-interval is a number optionally immediately followed
-              by a letter indicating the unit. Valid unit letters are s  (sec‐
+              by  a letter indicating the unit. Valid unit letters are s (sec‐
               onds), m (minutes), h (hours), d (days) and w (weeks). If you do
               not specify a letter, minutes is assumed.
 
-              -R3d for instance instructs clients to renew activation every  3
+              -R3d  for instance instructs clients to renew activation every 3
               days. The default renewal-interval is 10080 (identical to 7d and
               1w).
 
               Due to poor implementation of Microsofts KMS Client it cannot be
               guaranteed that activation is renewed on time as specfied by the
-              -R option. Don't care  about  that.  Renewal  will  happen  well
+              -R  option.  Don't  care  about  that.  Renewal will happen well
               before your activation expires (usually 180 days).
 
-              Even  though  you  can  specify seconds, the granularity of this
-              option is 1 minute. Seconds are rounded down to the next  multi‐
+              Even though you can specify seconds,  the  granularity  of  this
+              option  is 1 minute. Seconds are rounded down to the next multi‐
               ple of 60.
 
 
        -A activation-interval
-              Instructs  clients to retry activation every activation-interval
-              if it was unsuccessful, e.g. because  it  could  not  reach  the
-              server.  The default is 120 (identical to 2h). activation-inter‐
-              val follows the  same  syntax  as  renewal-interval  in  the  -R
+              Instructs clients to retry activation every  activation-interval
+              if  it  was  unsuccessful,  e.g.  because it could not reach the
+              server. The default is 120 (identical to 2h).  activation-inter‐
+              val  follows  the  same  syntax  as  renewal-interval  in the -R
               option.
 
 
-       -s     Installs  vlmcsd  as  a  Windows service. This option only works
-              with the native Windows version  and  Cygwin.  Combine  -s  with
-              other  command  line  options.  These will be in effect when you
-              start the service. The service  automatically  starts  when  you
-              reboot  your machine. To start it manually, type "net start vlm‐
+       -s     Installs vlmcsd as a Windows service.  This  option  only  works
+              with  the  native  Windows  version  and Cygwin. Combine -s with
+              other command line options. These will be  in  effect  when  you
+              start  the  service.  The  service automatically starts when you
+              reboot your machine. To start it manually, type "net start  vlm‐
               csd".
 
-              If you use Cygwin, you  must  include  your  Cygwin  system  DLL
-              directory  (usually  C:\Cygwin\bin  or C:\Cygwin64\bin) into the
+              If  you  use  Cygwin,  you  must  include your Cygwin system DLL
+              directory (usually C:\Cygwin\bin or  C:\Cygwin64\bin)  into  the
               PATH environment variable or the service will not start.
 
-              You can reinstall the service anytime  using  vlmcsd  -s  again,
-              e.g.  with  a different command line. If the service is running,
+              You  can  reinstall  the  service anytime using vlmcsd -s again,
+              e.g. with a different command line. If the service  is  running,
               it will be restarted with the new command line.
 
-              When using -s the command  line  is  checked  for  basic  syntax
+              When  using  -s  the  command  line  is checked for basic syntax
               errors only. For example "vlmcsd -s -L 1.2.3.4" reports no error
-              but the service will not start if 1.2.3.4 is not an  IP  address
+              but  the  service will not start if 1.2.3.4 is not an IP address
               on your system.
 
 
-       -S     Uninstalls  the  vlmcsd service. Works only with the native Win‐
-              dows version and Cygwin. All other options will  be  ignored  if
+       -S     Uninstalls the vlmcsd service. Works only with the  native  Win‐
+              dows  version  and  Cygwin. All other options will be ignored if
               you include -S in the command line.
 
 
        -U [domain\]username
-              Can  only be used together with -s. Starts the service as a dif‐
-              ferent user than the local SYSTEM account. This is used  to  run
-              the  service  under  an account with low privileges. If you omit
+              Can only be used together with -s. Starts the service as a  dif‐
+              ferent  user  than the local SYSTEM account. This is used to run
+              the service under an account with low privileges.  If  you  omit
               the domain, an account from the local computer will be used.
 
               You may use "NT AUTHORITY\NetworkService". This is a pseudo user
-              with  low  privileges.  You may also use "NT AUTHORITY\LocalSer‐
+              with low privileges. You may also  use  "NT  AUTHORITY\LocalSer‐
               vice" which has more privileges but these are of no use for run‐
               ning vlmcsd.
 
@@ -401,20 +470,20 @@ OPTIONS
               sion for your executable. "NT AUTHORITY\NetworkService" normally
               has no permission to run binaries from your home directory.
 
-              For  your convenience you can use the special username "/l" as a
+              For your convenience you can use the special username "/l" as  a
               shortcut  for  "NT  AUTHORITY\LocalService"  and  "/n"  for  "NT
-              AUTHORITY\NetworkService".  "vlmcsd -s -U /n"  installs the ser‐
+              AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs  the  ser‐
               vice to run as "NT AUTHORITY\NetworkService".
 
 
        -W password
-              Can only be used together with -s. Specifies a password for  the
-              corresponding  username  you  use  with  -U. SYSTEM, "NT AUTHOR‐
-              ITY\NetworkService", "NT AUTHORITY\LocalService" do not  require
+              Can  only be used together with -s. Specifies a password for the
+              corresponding username you use  with  -U.  SYSTEM,  "NT  AUTHOR‐
+              ITY\NetworkService",  "NT AUTHORITY\LocalService" do not require
               a password.
 
-              If  you  specify  a  user  with  even  lower privileges than "NT
-              AUTHORITY\NetworkService", you must specify  its  password.  You
+              If you specify a  user  with  even  lower  privileges  than  "NT
+              AUTHORITY\NetworkService",  you  must  specify its password. You
               also have to grant the "Log on as a service" right to that user.
 
 
@@ -423,50 +492,50 @@ SIGNALS
 
 
        SIGTERM, SIGINT
-              These  signals cause vlmcsd to exit gracefully. All global sema‐
-              phores and shared memory pages will be released,  the  pid  file
-              will  be  unlinked  (deleted)  and  a  shutdown  message will be
+              These signals cause vlmcsd to exit gracefully. All global  sema‐
+              phores  and  shared  memory pages will be released, the pid file
+              will be unlinked  (deleted)  and  a  shutdown  message  will  be
               logged.
 
 
-       SIGHUP Causes vlmcsd to be restarted completely. This is useful if  you
-              started  vlmcsd  with  an  ini file. You can modify the ini file
-              while vlmcsd is running and then sending SIGHUP, e.g. by  typing
-              "killall  -SIGHUP  vlmcsd"  or  "kill -SIGHUP `cat /var/run/vlm‐
+       SIGHUP Causes  vlmcsd to be restarted completely. This is useful if you
+              started vlmcsd with an ini file. You can  modify  the  ini  file
+              while  vlmcsd is running and then sending SIGHUP, e.g. by typing
+              "killall -SIGHUP vlmcsd" or  "kill  -SIGHUP  `cat  /var/run/vlm‐
               csd.pid`".
 
               The SIGHUP handler has been implemented relatively simple. It is
-              virtually  the  same  as  stopping  vlmcsd and starting it again
+              virtually the same as stopping  vlmcsd  and  starting  it  again
               immediately with the following exceptions:
 
 
               —  The new process does not get a new process id.
 
-              —  If you used a pid file,  it  is  not  deleted  and  recreated
+              —  If  you  used  a  pid  file,  it is not deleted and recreated
                  because the process id stays the same.
 
-              —  If  you  used  the  'user' and/or 'group' directive in an ini
-                 file these are ignored. This is because once you switched  to
+              —  If you used the 'user' and/or 'group'  directive  in  an  ini
+                 file  these are ignored. This is because once you switched to
                  lower privileged users and groups, there is no way back. Any‐
                  thing else would be a severe security flaw in the OS.
 
-       Signaling is not available in the native Windows  version  and  in  the
+       Signaling  is  not  available  in the native Windows version and in the
        Cygwin version when it runs as Windows service.
 
 
 SUPPORTED OPERATING SYSTEMS
-       vlmcsd  compiles  and  runs  on  Linux, Windows (no Cygwin required but
-       explicitly supported), Mac OS X, FreeBSD,  NetBSD,  OpenBSD,  Dragonfly
-       BSD,  Minix,  Solaris,  OpenIndiana,  Android  and  iOS. Other POSIX or
-       unixoid OSses may work with unmodified sources  or  may  require  minor
+       vlmcsd compiles and runs on Linux,  Windows  (no  Cygwin  required  but
+       explicitly  supported),  Mac  OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
+       BSD, Minix, Solaris, OpenIndiana,  Android  and  iOS.  Other  POSIX  or
+       unixoid  OSses  may  work  with unmodified sources or may require minor
        porting efforts.
 
 
 SUPPORTED PRODUCTS
-       vlmcsd  can answer activation requests for the following products: Win‐
-       dows Vista, Windows 7, Windows 8,  Windows  8.1,  Windows  10,  Windows
-       Server  2008,  Windows  Server  2008  R2,  Windows Server 2012, Windows
-       Server 2012 R2, Office 2010, Project 2010,  Visio  2010,  Office  2013,
+       vlmcsd can answer activation requests for the following products:  Win‐
+       dows  Vista,  Windows  7,  Windows  8, Windows 8.1, Windows 10, Windows
+       Server 2008, Windows Server  2008  R2,  Windows  Server  2012,  Windows
+       Server  2012  R2,  Office  2010, Project 2010, Visio 2010, Office 2013,
        Project 2013, Visio 2013, Office 2016, Project 2016, Visio 2016.
 
        Office, Project and Visio must be volume license versions.
@@ -477,25 +546,25 @@ FILES
 
 
 EXAMPLES
-       vlmcsd -f
-              Starts  vlmcsd in foreground. Useful if you use it for the first
-              time and want to see what's happening  when  a  client  requests
+       vlmcsd -De
+              Starts vlmcsd in foreground. Useful if you use it for the  first
+              time  and  want  to  see what's happening when a client requests
               activation.
 
 
        vlmcsd -l /var/log/vlmcsd.log
-              Starts  vlmcsd  as a daemon and logs everything to /var/log/vlm‐
+              Starts vlmcsd as a daemon and logs everything  to  /var/log/vlm‐
               csd.log.
 
 
        vlmcsd -L 192.168.1.17
               Starts vlmcsd as a daemon and listens on IP address 192.168.1.17
-              only.  This  is useful for routers that have a public and a pri‐
+              only. This is useful for routers that have a public and  a  pri‐
               vate IP address to prevent your KMS server from becoming public.
 
 
        vlmcsd -s -U /n -l C:\logs\vlmcsd.log
-              Installs vlmcsd as a Windows service  with  low  privileges  and
+              Installs  vlmcsd  as  a  Windows service with low privileges and
               logs  everything  to  C:\logs\vlmcsd.log  when  the  service  is
               started with "net start vlmcsd".
 
@@ -503,18 +572,18 @@ EXAMPLES
 BUGS
        An ePID specified in an ini file must not contain spaces.
 
-       The maximum number of -L options in the command line or  listen  state‐
+       The  maximum  number of -L options in the command line or listen state‐
        ments in the inifile is the platform default for FD_SETSIZE. This is 64
        on Windows and 1024 on most Unixes.
 
 
 AUTHOR
-       Written by crony12, Hotbird64 and vityan666.  With  contributions  from
+       Written  by  crony12, Hotbird64 and vityan666.  With contributions from
        DougQaid.
 
 
 CREDITS
-       Thanks  to  CODYQX4,  deagles,  eIcn, mikmik38, nosferati87, qad, Rati‐
+       Thanks to CODYQX4, deagles, eIcn,  mikmik38,  nosferati87,  qad,  Rati‐
        borus, ...
 
 
@@ -523,4 +592,4 @@ SEE ALSO
 
 
 
-Hotbird64                          June 2016                         VLMCSD(8)
+Hotbird64                          July 2016                         VLMCSD(8)

vlmcsd.c

@@ -72,19 +72,11 @@
 #include "ntservice.h"
 #include "helpers.h"
 
-#ifdef ENABLE_DEPRECATED_OPTIONS
-static const char* const optstring = "N:B:m:t:w:0:3:H:A:R:u:g:L:p:i:P:l:r:U:W:C:F:SsfeDd46VvIqkZ";
-#else // !ENABLE_DEPRECATED_OPTIONS
-static const char* const optstring = "N:B:m:t:w:0:3:H:A:R:u:g:L:p:i:P:l:r:U:W:C:F:SseDdVvqkZ";
-#endif // !ENABLE_DEPRECATED_OPTIONS
+static const char* const optstring = "N:B:m:t:w:0:3:H:A:R:u:g:L:p:i:P:l:r:U:W:C:F:o:T:SseDdVvqkZ";
 
 #if !defined(NO_SOCKETS) && !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
 static uint_fast8_t maxsockets = 0;
 
-#ifdef ENABLE_DEPRECATED_OPTIONS
-static int_fast8_t v6required = 0;
-static int_fast8_t v4required = 0;
-#endif // ENABLE_DEPRECATED_OPTIONS
 #endif // !defined(NO_SOCKETS) && !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
 
 #ifdef _NTSERVICE
@@ -115,7 +107,7 @@ static IniFileParameter_t IniFileParameterList[] =
 		{ "RandomizationLevel", INI_PARAM_RANDOMIZATION_LEVEL },
 		{ "LCID", INI_PARAM_LCID },
 #	endif // NO_RANDOM_EPID
-#	if !defined(NO_SOCKETS) && (defined(USE_MSRPC) || defined(SIMPLE_SOCKETS))
+#	if !defined(NO_SOCKETS) && (defined(USE_MSRPC) || defined(SIMPLE_SOCKETS) || defined(HAVE_GETIFADDR))
 		{ "Port", INI_PARAM_PORT },
 #	endif // defined(USE_MSRPC) || defined(SIMPLE_SOCKETS)
 #	if !defined(NO_SOCKETS) && !defined(USE_MSRPC)
@@ -141,6 +133,7 @@ static IniFileParameter_t IniFileParameterList[] =
 		{ "PIDFile", INI_PARAM_PID_FILE },
 #	endif // NO_PID_FILE
 #	ifndef NO_LOG
+		{ "LogDateAndTime", INI_PARAM_LOG_DATE_AND_TIME },
 		{ "LogFile", INI_PARAM_LOG_FILE },
 #	ifndef NO_VERBOSE_LOG
 		{ "LogVerbose", INI_PARAM_LOG_VERBOSE },
@@ -154,6 +147,9 @@ static IniFileParameter_t IniFileParameterList[] =
 		{ "user", INI_PARAM_UID },
 		{ "group", INI_PARAM_GID},
 #	endif // !defined(NO_USER_SWITCH) && !defined(_WIN32)
+#	if !defined(NO_PRIVATE_IP_DETECT)
+		{"PublicIPProtectionLevel", INI_PARAM_PUBLIC_IP_PROTECTION_LEVEL },
+#	endif
 };
 
 #endif // NO_INI_FILE
@@ -279,6 +275,13 @@ static __noreturn void usage()
 			"  -r 0|1|2\t\tset ePID randomization level (default 1)\n"
 			"  -C <LCID>\t\tuse fixed <LCID> in random ePIDs\n"
 			#endif // NO_RANDOM_EPID
+			#if !defined(NO_PRIVATE_IP_DETECT)
+			#if HAVE_GETIFADDR
+			"  -o 0|1|2|3\t\tset protection level against clients with public IP addresses (default 0)\n"
+			#else // !HAVE_GETIFADDR
+			"  -o 0|2\t\tset protection level against clients with public IP addresses (default 0)\n"
+			#endif // !HAVE_GETIFADDR
+			#endif // !defined(NO_PRIVATE_IP_DETECT)
 			#ifndef NO_SOCKETS
 			#if !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
 			"  -L <address>[:<port>]\tlisten on IP address <address> with optional <port>\n"
@@ -335,6 +338,7 @@ static __noreturn void usage()
 			"  -l syslog		log to syslog\n"
 			#endif // _WIN32
 			"  -l <file>		log to <file>\n"
+			"  -T0, -T1\t\tdisable/enable logging with time and date (default -T1)\n"
 			#ifndef NO_VERBOSE_LOG
 			"  -v\t\t\tlog verbose\n"
 			"  -q\t\t\tdon't log verbose (default)\n"
@@ -520,13 +524,13 @@ static BOOL setIniFileParameter(uint_fast8_t id, const char *const iniarg)
 
 #	endif // NO_RANDOM_EPID
 
-#	if (defined(USE_MSRPC) || defined(SIMPLE_SOCKETS)) && !defined(NO_SOCKETS)
+#	if (defined(USE_MSRPC) || defined(SIMPLE_SOCKETS) || defined(HAVE_GETIFADDR)) && !defined(NO_SOCKETS)
 
 		case INI_PARAM_PORT:
 			defaultport = allocateStringArgument(iniarg);
 			break;
 
-#	endif // (defined(USE_MSRPC) || defined(SIMPLE_SOCKETS)) && !defined(NO_SOCKETS
+#	endif // (defined(USE_MSRPC) || defined(SIMPLE_SOCKETS) || defined(HAVE_GETIFADDR)) && !defined(NO_SOCKETS)
 
 #	if !defined(NO_SOCKETS) && !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
 
@@ -561,6 +565,10 @@ static BOOL setIniFileParameter(uint_fast8_t id, const char *const iniarg)
 			fn_log = allocateStringArgument(iniarg);
 			break;
 
+		case INI_PARAM_LOG_DATE_AND_TIME:
+			success = getIniFileArgumentBool(&LogDateAndTime, iniarg);
+			break;
+
 #	ifndef NO_VERBOSE_LOG
 		case INI_PARAM_LOG_VERBOSE:
 			success = getIniFileArgumentBool(&logverbose, iniarg);
@@ -614,6 +622,23 @@ static BOOL setIniFileParameter(uint_fast8_t id, const char *const iniarg)
 
 #	endif // HAVE_FREEBIND
 
+#	if !defined(NO_PRIVATE_IP_DETECT)
+
+		case INI_PARAM_PUBLIC_IP_PROTECTION_LEVEL:
+			success = getIniFileArgumentInt(&PublicIPProtectionLevel, iniarg, 0, 3);
+
+#			if !HAVE_GETIFADDR
+			if (PublicIPProtectionLevel & 1)
+			{
+				IniFileErrorMessage = "Must be 0 or 2";
+				success = FALSE;
+			}
+#			endif // !HAVE_GETIFADDR
+
+			break;
+
+#	endif // !defined(NO_PRIVATE_IP_DETECT)
+
 		default:
 			return FALSE;
 	}
@@ -1085,29 +1110,14 @@ static void parseGeneralArguments() {
 
 		#ifndef NO_SOCKETS
 
-		#ifndef USE_MSRPC
-		#ifdef ENABLE_DEPRECATED_OPTIONS
-		#ifndef SIMPLE_SOCKETS
-		case '4':
-		case '6':
-			printerrorf("Warning: Option -%c is deprecated. Use -L instead.\n", o);
-			/* no break */
-		#endif // SIMPLE_SOCKETS
-		#endif // ENABLE_DEPRECATED_OPTIONS
 		case 'P':
-			if (o == 'P') defaultport = optarg;
-			#ifdef SIMPLE_SOCKETS
 			ignoreIniFileParameter(INI_PARAM_PORT);
-			#else // !SIMPLE_SOCKETS
+			#if !defined(SIMPLE_SOCKETS) && !defined(USE_MSRPC)
 			ignoreIniFileParameter(INI_PARAM_LISTEN);
-			#endif // !SIMPLE_SOCKETS
-			break;
-		#else // USE_MSRPC
-		case 'P':
+			#else
 			defaultport = optarg;
-			ignoreIniFileParameter(INI_PARAM_PORT);
+			#endif // !SIMPLE_SOCKETS
 			break;
-		#endif // USE_MSRPC
 
 		#if !defined(NO_LIMIT) && !__minix__
 
@@ -1145,6 +1155,12 @@ static void parseGeneralArguments() {
 		#endif
 
 		#ifndef NO_LOG
+
+		case 'T':
+			if (!getArgumentBool(&LogDateAndTime, optarg)) usage();
+			ignoreIniFileParameter(INI_PARAM_LOG_DATE_AND_TIME);
+			break;
+
 		case 'l':
 			fn_log = getCommandLineArg(optarg);
 			ignoreIniFileParameter(INI_PARAM_LOG_FILE);
@@ -1160,6 +1176,18 @@ static void parseGeneralArguments() {
 		#endif // NO_VERBOSE_LOG
 		#endif // NO_LOG
 
+		#if !defined(NO_PRIVATE_IP_DETECT)
+		case 'o':
+			ignoreIniFileParameter(INI_PARAM_PUBLIC_IP_PROTECTION_LEVEL);
+			PublicIPProtectionLevel = getOptionArgumentInt(o, 0, 3);
+
+			#if !HAVE_GETIFADDR
+			if (PublicIPProtectionLevel & 1) usage();
+			#endif // !HAVE_GETIFADDR
+
+			break;
+		#endif // !defined(NO_PRIVATE_IP_DETECT)
+
 		#ifndef NO_SOCKETS
 		#if !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
 		case 'L':
@@ -1174,32 +1202,6 @@ static void parseGeneralArguments() {
 		#endif // HAVE_FREEBIND
 		#endif // !defined(USE_MSRPC) && !defined(SIMPLE_SOCKETS)
 
-		#if defined(ENABLE_DEPRECATED_OPTIONS)
-		case 'f':
-			#if !defined(_WIN32) || !defined(NO_LOG)
-			printerrorf
-			(
-				"Warning: Option -f is deprecated. Use -"
-			#ifdef _WIN32
-				"e"
-			#else // !_WIN32
-				"de"
-			#endif // !_WIN32
-				" instead.\n"
-			);
-			#ifndef _WIN32
-			nodaemon = 1;
-			#endif // _WIN32
-			#ifndef NO_LOG
-			logstdout = 1;
-			#endif
-			#if defined(_PEDANTIC) && defined(_WIN32) && defined(NO_LOG)
-			printerrorf("Warning: Option -f has no effect in a Windows version of vlmcsd that has been compiled with logging disabled.\n");
-			#endif // defined(_PEDANTIC) && defined(_WIN32) && defined(NO_LOG)
-			#endif // !defined(_WIN32) || !defined(NO_LOG)
-			break;
-		#endif // ENABLE_DEPRECATED_OPTIONS
-
 		#ifdef _NTSERVICE
 		case 'U':
 			ServiceUser = optarg;
@@ -1232,17 +1234,14 @@ static void parseGeneralArguments() {
 			break;
 
 		#ifndef NO_LOG
+
 		case 'e':
 			logstdout = 1;
 			break;
+
 		#endif // NO_LOG
 		#endif // NO_SOCKETS
 
-		#if !defined(_WIN32) && defined(ENABLE_DEPRECATED_OPTIONS)
-		case 'I': // Backward compatibility with svn681 and earlier
-			break;
-		#endif // !defined(_WIN32) && defined(ENABLE_DEPRECATED_OPTIONS)
-
 		#ifndef NO_RANDOM_EPID
 		case 'r':
 			RandomizationLevel = (int_fast8_t)getOptionArgumentInt(o, 0, 2);
@@ -1505,7 +1504,14 @@ static void allocateSemaphore(void)
 int setupListeningSockets()
 {
 	int o;
+#	if HAVE_GETIFADDR
+	char** privateIPList;
+	int numPrivateIPs = 0;
+	if (PublicIPProtectionLevel & 1) getPrivateIPAddresses(&numPrivateIPs, &privateIPList);
+	uint_fast8_t allocsockets = maxsockets ? (maxsockets + numPrivateIPs) : ((PublicIPProtectionLevel & 1) ? numPrivateIPs : 2);
+#	else // !HAVE_GETIFADDR
 	uint_fast8_t allocsockets = maxsockets ? maxsockets : 2;
+#	endif // !HAVE_GETIFADDR
 
 	SocketList = (SOCKET*)vlmcsd_malloc((size_t)allocsockets * sizeof(SOCKET));
 
@@ -1517,42 +1523,16 @@ int setupListeningSockets()
 
 	for (opterr = 0; ( o = getopt(global_argc, (char* const*)global_argv, optstring) ) > 0; ) switch (o)
 	{
-#	ifdef ENABLE_DEPRECATED_OPTIONS
-
-	case '4':
-
-		if (!haveIPv4Stack)
-		{
-			printerrorf("Fatal: Your system does not support %s.\n", cIPv4);
-			return !0;
-		}
-		v4required = 1;
-		break;
-
-	case '6':
-
-		if (!haveIPv6Stack)
-		{
-			printerrorf("Fatal: Your system does not support %s.\n", cIPv6);
-			return !0;
-		}
-		v6required = 1;
-		break;
-
-#	endif // ENABLE_DEPRECATED_OPTIONS
-
-	case 'P':
-
-		defaultport = optarg;
-		break;
-
-	case 'L':
+		case 'P':
+			defaultport = optarg;
+			break;
 
-		addListeningSocket(optarg);
-		break;
+		case 'L':
+			addListeningSocket(optarg);
+			break;
 
-	default:
-		break;
+		default:
+			break;
 	}
 
 
@@ -1569,17 +1549,31 @@ int setupListeningSockets()
 	}
 #	endif
 
+#	if HAVE_GETIFADDR
+	if (PublicIPProtectionLevel & 1)
+	{
+		int i;
+		for (i = 0; i < numPrivateIPs; i++)
+		{
+			addListeningSocket(privateIPList[i]);
+			free(privateIPList[i]);
+		}
+
+		free(privateIPList);
+	}
+#	endif // HAVE_GETIFADDR
+
 	// if -L hasn't been specified on the command line, use default sockets (all IP addresses)
 	// maxsocket results from first pass parsing the arguments
 	if (!maxsockets)
 	{
-#		ifdef ENABLE_DEPRECATED_OPTIONS
-		if (haveIPv6Stack && (v6required || !v4required)) addListeningSocket("::");
-		if (haveIPv4Stack && (v4required || !v6required)) addListeningSocket("0.0.0.0");
-#		else // !ENABLE_DEPRECATED_OPTIONS
+#		if HAVE_GETIFADDR
+		if (!(PublicIPProtectionLevel & 1) && haveIPv6Stack) addListeningSocket("::");
+		if (!(PublicIPProtectionLevel & 1) && haveIPv4Stack) addListeningSocket("0.0.0.0");
+#		else // !HAVE_GETIFADDR
 		if (haveIPv6Stack) addListeningSocket("::");
 		if (haveIPv4Stack) addListeningSocket("0.0.0.0");
-#		endif // !ENABLE_DEPRECATED_OPTIONS
+#		endif // !HAVE_GETIFADDR
 	}
 
 	if (!numsockets)

vlmcsd.h

@@ -48,6 +48,8 @@ int server_main(int argc, CARGV argv);
 #define INI_PARAM_RPC_NDR64 15
 #define INI_PARAM_RPC_BTFN 16
 #define INI_PARAM_FREEBIND 17
+#define INI_PARAM_PUBLIC_IP_PROTECTION_LEVEL 18
+#define INI_PARAM_LOG_DATE_AND_TIME 19
 
 #define INI_FILE_PASS_1 1
 #define INI_FILE_PASS_2 2

vlmcsd.ini

@@ -35,6 +35,10 @@
 # Command line: -L
 ;Listen = [::]:1688
 
+# Listen on all private IP addresses and reject incoming requests from public IP addresses
+# Command line: -o
+# PublicIPProtectionLevel = 3
+
 # Allow binding to foreign IP addresses
 # Command line: -F0 and -F1
 ;FreeBind = true
@@ -67,6 +71,10 @@
 # Command line: -l (-e and -f also override this directive)
 ;LogFile = /var/log/vlmcsd.log
 
+# Don't include date and time in logs (default is true)
+# Command line: -T0 and -T1
+;LogDateAndTime = false
+
 # Create a verbose log
 # Command line: -v and -q
 ;LogVerbose = true

vlmcsd.ini.5

@@ -1,4 +1,4 @@
-.TH VLMCSD.INI 5 "June 2016" "Hotbird64" "KMS Activation Manual"
+.TH VLMCSD.INI 5 "July 2016" "Hotbird64" "KMS Activation Manual"
 .LO 8
 
 .SH NAME
@@ -53,6 +53,19 @@ Can only be used if vlmcsd has been compiled to use simple sockets or on Windows
 .IP "\fBFreeBind\fR"
 Can be TRUE or FALSE. If TRUE, you can use the \fBListen\fR keyword with IP addresses that are currently not defined on your system. \fBvlmcsd\fR(8) will start listening on these IP addresses as soon as they become available. This keyword is only available under Linux and FreeBSD because no other OS currently supports that feature. FreeBSD supports this only for IPv4 and requires the PRIV_NETINET_BINDANY privilege which is normally assigned to proccesses of the root user.
 
+.IP "\fBPublicIPProtectionLevel\fR"
+Set the level of protection against KMS activations from public IP addresses.
+
+0 = No protection (default)
+.br
+1\ =\ Listen on private IP addresses only (plus those specified by one or more \fBListen\fR statements)
+.br
+2\ =\ Disconnect clients with public IP addresses without activating
+.br
+3\ =\ Combines 1 and 2
+
+For details on public IP protection levels see \fBvlmcsd\fR(8) command line option \fB-o\fR.
+
 .IP "\fBUseNDR64\fR"
 Can be TRUE or FALSE. Specifies whether you want to use the NDR64 transfer syntax. See options \fB-n0\fR and \fB-n1\fR in \fBvlmcsd\fR(8). The default is TRUE.
 
@@ -80,6 +93,9 @@ Write a pid file. The \fIargument\fR is the full pathname of a pid file. The pid
 .IP "\fBLogFile\fR"
 Write a log file. The \fIargument\fR is the full pathname of a log file. On a unixoid OS and with Cygwin you can use the special filename 'syslog' to log to the syslog facility. This is the same as specifying \fB-l\fR on the command line.
 
+.IP "\fBLogDateAndTime\fR"
+Can be TRUE or FALSE. The default is TRUE. If set to FALSE, logging output does not include date and time. This is useful if you log to \fBstdout\fR(3) which is redirected to another logging mechanism that already includes date and time in its output, for instance \fBsystemd-journald\fR(8). If you log to \fBsyslog\fR(3), \fBLogDateAndTime\fR is ignored and date and time will never be included in the output sent to \fBsyslog\fR(3). Using the command line you control this setting with options \fB-T0\fR and \fB-T1\fR.
+
 .IP "\fBLogVerbose\fR"
 Set this to either TRUE or FALSE. The default is FALSE. If set to TRUE, more details of each activation will be logged. You use \fB-v\fR and \fB-q\fR in the command line to control this setting. \fBLogVerbose\fR has an effect only if you specify a log file or redirect logging to \fBstdout\fR(3).
 
@@ -87,7 +103,7 @@ Set this to either TRUE or FALSE. The default is FALSE. If set to TRUE, more det
 This is the same as specifying \fB-A\fR on the command line. See \fBvlmcsd\fR(8) for details. The default is 2 hours. Example: ActivationInterval = 1h
 
 .IP "\fBRenewalInterval\fR"
-This is the same as specifying \fB-R\fR on the command line. See \fBvlmcsd\fR(8) for details. The default is 7 days. Example: ActivationInterval = 3h. Please note that the KMS client decides itself when to renew activation. Even though vlmcsd sends the renewal interval you specify, it is no more than some kind of recommendation to the client. Older KMS clients did follow the recommendation from a KMS server or emulator. Newer clients do not.
+This is the same as specifying \fB-R\fR on the command line. See \fBvlmcsd\fR(8) for details. The default is 7 days. Example: RenewalInterval = 3d. Please note that the KMS client decides itself when to renew activation. Even though vlmcsd sends the renewal interval you specify, it is no more than some kind of recommendation to the client. Older KMS clients did follow the recommendation from a KMS server or emulator. Newer clients do not.
 
 .IP "\fBUser\fR"
 Run vlmcsd as another, preferrably less privileged, user. The \fIargument\fR can be a user name or a numeric user id. You must have the required privileges (capabilities on Linux) to change the security context of a process without providing any credentials (a password in most cases). On most unixoid OSses 'root' is the only user who has these privileges in the default configuration. This setting is not available in the native Windows version of vlmcsd. See \fB-u\fR in \fBvlmcsd\fR(8). This setting cannot be changed on the fly by sending SIGHUP to vlmcsd.

vlmcsd.ini.5.dos.txt

@@ -108,6 +108,21 @@ KEYWORDS
               proccesses of the root user.
 
 
+       PublicIPProtectionLevel
+              Set  the level of protection against KMS activations from public
+              IP addresses.
+
+              0 = No protection (default)
+              1 = Listen on private IP addresses only (plus those specified by
+              one or more Listen statements)
+              2 = Disconnect clients with public IP addresses without activat‐
+              ing
+              3 = Combines 1 and 2
+
+              For details on public IP protection levels see vlmcsd(8) command
+              line option -o.
+
+
        UseNDR64
               Can  be  TRUE  or  FALSE.  Specifies whether you want to use the
               NDR64 transfer syntax. See options -n0 and -n1 in vlmcsd(8). The
@@ -173,56 +188,67 @@ KEYWORDS
               same as specifying -l on the command line.
 
 
+       LogDateAndTime
+              Can be TRUE or FALSE. The default is TRUE. If set to FALSE, log‐
+              ging output does not include date and time. This  is  useful  if
+              you  log  to  stdout(3)  which  is redirected to another logging
+              mechanism that already includes date and time in its output, for
+              instance  systemd-journald(8). If you log to syslog(3), LogDate‐
+              AndTime is ignored and date and time will never be  included  in
+              the output sent to syslog(3). Using the command line you control
+              this setting with options -T0 and -T1.
+
+
        LogVerbose
-              Set  this  to either TRUE or FALSE. The default is FALSE. If set
+              Set this to either TRUE or FALSE. The default is FALSE.  If  set
               to TRUE, more details of each activation will be logged. You use
-              -v  and  -q in the command line to control this setting. LogVer‐
-              bose has an effect only if you specify a log  file  or  redirect
+              -v and -q in the command line to control this  setting.  LogVer‐
+              bose  has  an  effect only if you specify a log file or redirect
               logging to stdout(3).
 
 
        ActivationInterval
-              This  is the same as specifying -A on the command line. See vlm‐
+              This is the same as specifying -A on the command line. See  vlm‐
               csd(8) for details. The default is 2 hours. Example: Activation‐
               Interval = 1h
 
 
        RenewalInterval
-              This  is the same as specifying -R on the command line. See vlm‐
-              csd(8) for details. The default is 7 days. Example:  Activation‐
-              Interval  =  3h.  Please note that the KMS client decides itself
-              when to renew activation. Even though vlmcsd sends  the  renewal
-              interval  you specify, it is no more than some kind of recommen‐
-              dation to the client. Older KMS clients did follow the recommen‐
-              dation from a KMS server or emulator. Newer clients do not.
-
-
-       User   Run  vlmcsd  as  another, preferrably less privileged, user. The
-              argument can be a user name or a numeric user id. You must  have
-              the  required  privileges  (capabilities on Linux) to change the
-              security context of a process without providing any  credentials
-              (a  password in most cases). On most unixoid OSses 'root' is the
+              This is the same as specifying -R on the command line. See  vlm‐
+              csd(8)  for  details. The default is 7 days. Example: RenewalIn‐
+              terval = 3d. Please note that the KMS client decides itself when
+              to renew activation. Even though vlmcsd sends the renewal inter‐
+              val you specify, it is no more than some kind of  recommendation
+              to  the  client. Older KMS clients did follow the recommendation
+              from a KMS server or emulator. Newer clients do not.
+
+
+       User   Run vlmcsd as another, preferrably less  privileged,  user.  The
+              argument  can be a user name or a numeric user id. You must have
+              the required privileges (capabilities on Linux)  to  change  the
+              security  context of a process without providing any credentials
+              (a password in most cases). On most unixoid OSses 'root' is  the
               only user who has these privileges in the default configuration.
-              This  setting  is not available in the native Windows version of
-              vlmcsd. See -u in vlmcsd(8). This setting cannot be  changed  on
+              This setting is not available in the native Windows  version  of
+              vlmcsd.  See  -u in vlmcsd(8). This setting cannot be changed on
               the fly by sending SIGHUP to vlmcsd.
 
 
-       Group  Run  vlmcsd  as another, preferrably less privileged, group. The
-              argument can be a group name or a numeric  group  id.  You  must
-              have  the  required privileges (capabilities on Linux) to change
-              the security context of a process without providing any  creden‐
-              tials  (a  password in most cases). On most unixoid OSses 'root'
+       Group  Run vlmcsd as another, preferrably less privileged,  group.  The
+              argument  can  be  a  group name or a numeric group id. You must
+              have the required privileges (capabilities on Linux)  to  change
+              the  security context of a process without providing any creden‐
+              tials (a password in most cases). On most unixoid  OSses  'root'
               is the only user who has these privileges in the default config‐
-              uration.  This  setting  is  not available in the native Windows
-              version of vlmcsd. See -g in vlmcsd(8). This setting  cannot  be
+              uration. This setting is not available  in  the  native  Windows
+              version  of  vlmcsd. See -g in vlmcsd(8). This setting cannot be
               changed on the fly by sending SIGHUP to vlmcsd.
 
 
 SPECIAL KEYWORDS
-       Any  valid  GUID is being treated as a special keyword in the ini file.
-       It is used to select a specfic ePID and HwId for an  application  GUID.
-       The  argument  has the form ePID [ / HwId ]. KMS currently knows only 3
+       Any valid GUID is being treated as a special keyword in the  ini  file.
+       It  is  used to select a specfic ePID and HwId for an application GUID.
+       The argument has the form ePID [ / HwId ]. KMS currently knows  only  3
        application GUIDs:
 
        55c92734-d682-4d71-983e-d6ec3f16059f (Windows)
@@ -236,25 +262,25 @@ SPECIAL KEYWORDS
        59a52881-a989-479d-af46-f275c6370663 = 55041-00096-216-598637-03-17418-6002.0000-3312013
        0ff1ce15-a989-479d-af46-f275c6370663 = 55041-00206-234-742099-03-9217-6002.0000-2942013
 
-       The ePID is currently a comment only. You can specify any string up  to
-       63  bytes.  In  Windows  7 Microsoft has blacklisted few ( < 10 ) ePIDs
-       that were used in KMSv5 versions of the  "ratiborus  virtual  machine".
-       Microsoft  has  given up on blacklisting when KMS emulators appeared in
+       The  ePID is currently a comment only. You can specify any string up to
+       63 bytes. In Windows 7 Microsoft has blacklisted few (  <  10  )  ePIDs
+       that  were  used  in KMSv5 versions of the "ratiborus virtual machine".
+       Microsoft has given up on blacklisting when KMS emulators  appeared  in
        the wild.
 
        Even if you can use "Activated by cool hacker guys" as an ePID, you may
        wish to use ePIDs that cannot be detected as non-MS ePIDs. If you don't
-       know how these "valid" ePIDs look like exactly, do  not  use  GUIDS  in
-       vlmcsd.ini.  vlmcsd  provides  internal  mechanisms  to  generate valid
+       know  how  these  "valid"  ePIDs look like exactly, do not use GUIDS in
+       vlmcsd.ini. vlmcsd  provides  internal  mechanisms  to  generate  valid
        ePIDs.
 
        If you use non-ASCII characters in your ePID (you shouldn't do anyway),
-       these  must  be  in UTF-8 format. This is especially important when you
+       these must be in UTF-8 format. This is especially  important  when  you
        run vlmcsd on Windows or cygwin because UTF-8 is not the default encod‐
        ing for most editors.
 
        If you are specifying an optional HWID it follows the same syntax as in
-       the -H option in vlmcsd(8) ecxept that you must not enclose a  HWID  in
+       the  -H  option in vlmcsd(8) ecxept that you must not enclose a HWID in
        quotes even if it contains spaces.
 
 
@@ -268,7 +294,7 @@ AUTHOR
 
 
 CREDITS
-       Thanks to CODYQX4, deagles, eIcn,  mikmik38,  nosferati87,  qad,  Rati‐
+       Thanks  to  CODYQX4,  deagles,  eIcn, mikmik38, nosferati87, qad, Rati‐
        borus, ...
 
 
@@ -277,4 +303,4 @@ SEE ALSO
 
 
 
-Hotbird64                          June 2016                     VLMCSD.INI(5)
+Hotbird64                          July 2016                     VLMCSD.INI(5)

vlmcsd.ini.5.html

@@ -1,5 +1,5 @@
 <!-- Creator     : groff version 1.22.3 -->
-<!-- CreationDate: Fri Jun 17 14:16:33 2016 -->
+<!-- CreationDate: Wed Jul 13 12:34:02 2016 -->
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">
 <html>
@@ -208,6 +208,25 @@ feature. FreeBSD supports this only for IPv4 and requires
 the PRIV_NETINET_BINDANY privilege which is normally
 assigned to proccesses of the root user.</p>
 
+
+<p style="margin-left:11%;"><b>PublicIPProtectionLevel</b></p>
+
+<p style="margin-left:22%;">Set the level of protection
+against KMS activations from public IP addresses.</p>
+
+<p style="margin-left:22%; margin-top: 1em">0 = No
+protection (default) <br>
+1&nbsp;=&nbsp;Listen on private IP addresses only (plus
+those specified by one or more <b>Listen</b> statements)
+<br>
+2&nbsp;=&nbsp;Disconnect clients with public IP addresses
+without activating <br>
+3&nbsp;=&nbsp;Combines 1 and 2</p>
+
+<p style="margin-left:22%; margin-top: 1em">For details on
+public IP protection levels see <b>vlmcsd</b>(8) command
+line option <b>-o</b>.</p>
+
 <p style="margin-left:11%;"><b>UseNDR64</b></p>
 
 <p style="margin-left:22%;">Can be TRUE or FALSE. Specifies
@@ -296,6 +315,19 @@ unixoid OS and with Cygwin you can use the special filename
 &rsquo;syslog&rsquo; to log to the syslog facility. This is
 the same as specifying <b>-l</b> on the command line.</p>
 
+<p style="margin-left:11%;"><b>LogDateAndTime</b></p>
+
+<p style="margin-left:22%;">Can be TRUE or FALSE. The
+default is TRUE. If set to FALSE, logging output does not
+include date and time. This is useful if you log to
+<b>stdout</b>(3) which is redirected to another logging
+mechanism that already includes date and time in its output,
+for instance <b>systemd-journald</b>(8). If you log to
+<b>syslog</b>(3), <b>LogDateAndTime</b> is ignored and date
+and time will never be included in the output sent to
+<b>syslog</b>(3). Using the command line you control this
+setting with options <b>-T0</b> and <b>-T1</b>.</p>
+
 <p style="margin-left:11%;"><b>LogVerbose</b></p>
 
 <p style="margin-left:22%;">Set this to either TRUE or
@@ -316,8 +348,8 @@ details. The default is 2 hours. Example: ActivationInterval
 
 <p style="margin-left:22%;">This is the same as specifying
 <b>-R</b> on the command line. See <b>vlmcsd</b>(8) for
-details. The default is 7 days. Example: ActivationInterval
-= 3h. Please note that the KMS client decides itself when to
+details. The default is 7 days. Example: RenewalInterval =
+3d. Please note that the KMS client decides itself when to
 renew activation. Even though vlmcsd sends the renewal
 interval you specify, it is no more than some kind of
 recommendation to the client. Older KMS clients did follow

vlmcsd.ini.5.unix.txt

@@ -108,6 +108,21 @@ KEYWORDS
               proccesses of the root user.
 
 
+       PublicIPProtectionLevel
+              Set  the level of protection against KMS activations from public
+              IP addresses.
+
+              0 = No protection (default)
+              1 = Listen on private IP addresses only (plus those specified by
+              one or more Listen statements)
+              2 = Disconnect clients with public IP addresses without activat‐
+              ing
+              3 = Combines 1 and 2
+
+              For details on public IP protection levels see vlmcsd(8) command
+              line option -o.
+
+
        UseNDR64
               Can  be  TRUE  or  FALSE.  Specifies whether you want to use the
               NDR64 transfer syntax. See options -n0 and -n1 in vlmcsd(8). The
@@ -173,56 +188,67 @@ KEYWORDS
               same as specifying -l on the command line.
 
 
+       LogDateAndTime
+              Can be TRUE or FALSE. The default is TRUE. If set to FALSE, log‐
+              ging output does not include date and time. This  is  useful  if
+              you  log  to  stdout(3)  which  is redirected to another logging
+              mechanism that already includes date and time in its output, for
+              instance  systemd-journald(8). If you log to syslog(3), LogDate‐
+              AndTime is ignored and date and time will never be  included  in
+              the output sent to syslog(3). Using the command line you control
+              this setting with options -T0 and -T1.
+
+
        LogVerbose
-              Set  this  to either TRUE or FALSE. The default is FALSE. If set
+              Set this to either TRUE or FALSE. The default is FALSE.  If  set
               to TRUE, more details of each activation will be logged. You use
-              -v  and  -q in the command line to control this setting. LogVer‐
-              bose has an effect only if you specify a log  file  or  redirect
+              -v and -q in the command line to control this  setting.  LogVer‐
+              bose  has  an  effect only if you specify a log file or redirect
               logging to stdout(3).
 
 
        ActivationInterval
-              This  is the same as specifying -A on the command line. See vlm‐
+              This is the same as specifying -A on the command line. See  vlm‐
               csd(8) for details. The default is 2 hours. Example: Activation‐
               Interval = 1h
 
 
        RenewalInterval
-              This  is the same as specifying -R on the command line. See vlm‐
-              csd(8) for details. The default is 7 days. Example:  Activation‐
-              Interval  =  3h.  Please note that the KMS client decides itself
-              when to renew activation. Even though vlmcsd sends  the  renewal
-              interval  you specify, it is no more than some kind of recommen‐
-              dation to the client. Older KMS clients did follow the recommen‐
-              dation from a KMS server or emulator. Newer clients do not.
-
-
-       User   Run  vlmcsd  as  another, preferrably less privileged, user. The
-              argument can be a user name or a numeric user id. You must  have
-              the  required  privileges  (capabilities on Linux) to change the
-              security context of a process without providing any  credentials
-              (a  password in most cases). On most unixoid OSses 'root' is the
+              This is the same as specifying -R on the command line. See  vlm‐
+              csd(8)  for  details. The default is 7 days. Example: RenewalIn‐
+              terval = 3d. Please note that the KMS client decides itself when
+              to renew activation. Even though vlmcsd sends the renewal inter‐
+              val you specify, it is no more than some kind of  recommendation
+              to  the  client. Older KMS clients did follow the recommendation
+              from a KMS server or emulator. Newer clients do not.
+
+
+       User   Run vlmcsd as another, preferrably less  privileged,  user.  The
+              argument  can be a user name or a numeric user id. You must have
+              the required privileges (capabilities on Linux)  to  change  the
+              security  context of a process without providing any credentials
+              (a password in most cases). On most unixoid OSses 'root' is  the
               only user who has these privileges in the default configuration.
-              This  setting  is not available in the native Windows version of
-              vlmcsd. See -u in vlmcsd(8). This setting cannot be  changed  on
+              This setting is not available in the native Windows  version  of
+              vlmcsd.  See  -u in vlmcsd(8). This setting cannot be changed on
               the fly by sending SIGHUP to vlmcsd.
 
 
-       Group  Run  vlmcsd  as another, preferrably less privileged, group. The
-              argument can be a group name or a numeric  group  id.  You  must
-              have  the  required privileges (capabilities on Linux) to change
-              the security context of a process without providing any  creden‐
-              tials  (a  password in most cases). On most unixoid OSses 'root'
+       Group  Run vlmcsd as another, preferrably less privileged,  group.  The
+              argument  can  be  a  group name or a numeric group id. You must
+              have the required privileges (capabilities on Linux)  to  change
+              the  security context of a process without providing any creden‐
+              tials (a password in most cases). On most unixoid  OSses  'root'
               is the only user who has these privileges in the default config‐
-              uration.  This  setting  is  not available in the native Windows
-              version of vlmcsd. See -g in vlmcsd(8). This setting  cannot  be
+              uration. This setting is not available  in  the  native  Windows
+              version  of  vlmcsd. See -g in vlmcsd(8). This setting cannot be
               changed on the fly by sending SIGHUP to vlmcsd.
 
 
 SPECIAL KEYWORDS
-       Any  valid  GUID is being treated as a special keyword in the ini file.
-       It is used to select a specfic ePID and HwId for an  application  GUID.
-       The  argument  has the form ePID [ / HwId ]. KMS currently knows only 3
+       Any valid GUID is being treated as a special keyword in the  ini  file.
+       It  is  used to select a specfic ePID and HwId for an application GUID.
+       The argument has the form ePID [ / HwId ]. KMS currently knows  only  3
        application GUIDs:
 
        55c92734-d682-4d71-983e-d6ec3f16059f (Windows)
@@ -236,25 +262,25 @@ SPECIAL KEYWORDS
        59a52881-a989-479d-af46-f275c6370663 = 55041-00096-216-598637-03-17418-6002.0000-3312013
        0ff1ce15-a989-479d-af46-f275c6370663 = 55041-00206-234-742099-03-9217-6002.0000-2942013
 
-       The ePID is currently a comment only. You can specify any string up  to
-       63  bytes.  In  Windows  7 Microsoft has blacklisted few ( < 10 ) ePIDs
-       that were used in KMSv5 versions of the  "ratiborus  virtual  machine".
-       Microsoft  has  given up on blacklisting when KMS emulators appeared in
+       The  ePID is currently a comment only. You can specify any string up to
+       63 bytes. In Windows 7 Microsoft has blacklisted few (  <  10  )  ePIDs
+       that  were  used  in KMSv5 versions of the "ratiborus virtual machine".
+       Microsoft has given up on blacklisting when KMS emulators  appeared  in
        the wild.
 
        Even if you can use "Activated by cool hacker guys" as an ePID, you may
        wish to use ePIDs that cannot be detected as non-MS ePIDs. If you don't
-       know how these "valid" ePIDs look like exactly, do  not  use  GUIDS  in
-       vlmcsd.ini.  vlmcsd  provides  internal  mechanisms  to  generate valid
+       know  how  these  "valid"  ePIDs look like exactly, do not use GUIDS in
+       vlmcsd.ini. vlmcsd  provides  internal  mechanisms  to  generate  valid
        ePIDs.
 
        If you use non-ASCII characters in your ePID (you shouldn't do anyway),
-       these  must  be  in UTF-8 format. This is especially important when you
+       these must be in UTF-8 format. This is especially  important  when  you
        run vlmcsd on Windows or cygwin because UTF-8 is not the default encod‐
        ing for most editors.
 
        If you are specifying an optional HWID it follows the same syntax as in
-       the -H option in vlmcsd(8) ecxept that you must not enclose a  HWID  in
+       the  -H  option in vlmcsd(8) ecxept that you must not enclose a HWID in
        quotes even if it contains spaces.
 
 
@@ -268,7 +294,7 @@ AUTHOR
 
 
 CREDITS
-       Thanks to CODYQX4, deagles, eIcn,  mikmik38,  nosferati87,  qad,  Rati‐
+       Thanks  to  CODYQX4,  deagles,  eIcn, mikmik38, nosferati87, qad, Rati‐
        borus, ...
 
 
@@ -277,4 +303,4 @@ SEE ALSO
 
 
 
-Hotbird64                          June 2016                     VLMCSD.INI(5)
+Hotbird64                          July 2016                     VLMCSD.INI(5)

vlmcsdmulti.1.html

@@ -1,5 +1,5 @@
 <!-- Creator     : groff version 1.22.3 -->
-<!-- CreationDate: Fri Jun 17 14:16:33 2016 -->
+<!-- CreationDate: Wed Jul 13 12:34:02 2016 -->
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">
 <html>