look also for listen(2) failures

bind after setsockopt, otherwise it's pointless

don't listen everywhere by default; restrict to localhost if -b was given without a explicit host, it defaulted to listen on any address. it's not a good idea given this would allow anyone on the same network to (ab)use the ssh forwarding.

implement socket splicing on OpenBSD socket splicing allows to do zero-copy data transfers between sockets. This adds a specific implementation for OpenBSD using the setsockopt SO_SPLICE and a default implementation with libevent (that is the old code doing the copy in userland.) It's possible to do the same on linux with splice(2), not implementd though.

delete needless compat #ifdef

allow to customize the path to ssh(1) via configure script

switch to (customized) kristaps' oconfigure

unveil only ssh(1)

fix parse_sshaddr error reporting errno doesn't contain anything useful in this case

move accounting after the connection was accepted otherwise we may end up in a weird state where we're counting connections that we don't have or have cleared a timeout without a reason.

don't die if accept fails

plug memory leak in try_to_connect it should call conn_free to cleanup the connection struct now.

allow span_ssh to fail

log before quitting

rename parse_tflag -> parse_sshaddr for clarity