18.03.2009 ! Commiting as 0.6 06.03.2009 ! Fixed: filters were applied in reverse order 25.02.2009 ! Fixed: beginning of HTTP data may be not passed to filter 22.02.2009 ! handle Content-Length as unsigned long to allow files > 2GB. 10.02.2009 ! Ldapauth plugin corrected according to changes on 02.02.2009 02.02.2009 + countout / nocountout commands added ! Added workaround for Mac OS X / iPhone OS poll() (mis)behaviour. 30.01.2009 ! Flush buffer in case of POLLxxx - probably required for Mac OS X / iPhone OS 24.01.2009 ! Changed WindowsAuthentication to convert username to lowercase 10.12.2008 ! Fixed: login may hang in ftppr in case of large server banner 30.10.2008 ! WindowsAuthentication plugin may sometimes fail with 100122 error on startup because of uninitialized variable. 30.09.2008 ! -lXXX moved to $LIBS in Makefiles for linkers compatibility + 3proxy for Dummies v.1.2 by Kurmaeff Halit added (in Russian) 26.08.2008 ! Fixed: end of chunked-encoded page may be incorrectly detected 24.07.2008 ! Fixed: buffering problem on multiple chunks 21.07.2008 ! Previous fix was incomplete 13.07.2008 Thanks to Hostile Fork: ! Fixed directory listing building for some rare FTP servers (e.g. HP) ! Fixed (probably) chunked encoding should now work. REQUIRES TESTING. please report, if you have problems with chunked. 11.05.2008 + minor plugin interface additions 03.05.2008 + pcre_options implemented 24.04.2008 ! Fixed: bandlimsout may not work if both bandlimsin and bandlimsout are configured. 01.04.2008 ! Fixed: chunked was actually converted to non-chunked 25.03.2008 + HTTP chunked support (hopefully) added, not tested yet 13.02.2008 ! Do not shutdown listening socket ! FTPPR was broken on 10.02 fix ! ':' may be encoded in ftp:// URI's in proxy 12.02.2008 ! LOGIN and PLAIN authentication were swapped in smtpp. 10.02.2008 ! FTPPR: potential race condition on socket close fixed 07.02.2008 ! MSN: message channels were not captured 05.02.2008 ! Use CDATA for XML data in webadmin module 03.02.2008 + MSN / Live messenger proxy (msnpr) addded 02.02.2008 ! Fixed: counters may be flushed on configureation reload 01.02.2008 ! Work with counters with more safe way on configuration reload 28.01.2008 ! Do not compile empty PCRE 17.01.2008 + APPE support added to ftppr ! Fixed problem with counters dumping on reload 16.01.2008 + reqip/reqport added to XML data export 15.01.2008 ! cache auth: set default cache type to user/password with 600 sec timeout 14.01.2008 ! Fixed EAGAIN handling in sockmap ! Fixed: plugins: some data may be sent to the filter functions more than once on incomplete send. ! int * offset_p changed to int offset in plugins interface 13.01.2008 ! icqpr: fixed new services request hijacking 12.01.2008 + icqpr: added support for ICQ 6.0 greeting + icqpr: added support for insecure authentication + icqpr: added support for server migration 11.01.2008 + Support for new service requests hijacking added to icqpr ! Fixed: icqpr: sequence number can be > 0x8000 in current protocol verion 10.01.2008 ! Fixed few rare cases where small amount of data may pass in/out statistics (e.g parent proxy request/response). 09.01.2008 + Initial version of icqpr (ICQ proxy). Use it as portmapper to ICQ server: You can also control access by UIN (use 'auth useronly'): auth useronly allow 1369139,1234567 icqpr 5190 login.icq.com 5190 ! Corrected seconds fractions calculation in poll() emulation code (probably did not affected any functionality) ! PCRE library updated to 7.4 07.01.2008 !! Error code is now 5-digit 27.12.2007 + StringsPlugin now supports strings substitution for 'admin' service (Kirill Lopuchov) + PamAuth plugin added (Kirill Lopuchov) + LdapPlugin added (Kirill Lopuchov) 19.12.2007 Copyright text fixed in source files 18.12.2007 + Export added for weadmin strings to use/replace in plugins 17.12.2007 + Proxy-support: Session-Based-Authentication added for compatibility with NTLM/Negotiate authentication in IE7. 03.12.2007 ! StringPlugin fixed 23.11.2007 + Developer's documentation added 19.11.2007 ! StringPlugin fixes (by Kirill Lopuchov) 09.11.2007 ! Fixed: SOCKS5 authentication was broken some time ago 28.10.2007 ! Fixed: do flush() if logged to file given with -l 25.10.2007 ! Improper extparam structure initialization fixed (caused invalid behavior smtpp/pop3p/ftppr if no 'delimchar' configured after 11.10.2007) 19.10.2007 ! StringsPlugin cleanup 11.10.2007 + delimchar command added 10.10.2007 ! Fixed: filters are lost on configuration reload + Added chkconfig support to rc.d script 09.10.2007 ! Fixed double addition of authentication function on WindowsAuthentication plugin 25.09.2007 ! Outgoing AUTH LOGIN fixed for smtpp ! Fixed multiline banners in smtpp + smtpp: default server (-h) may be used without authentication 11.09.2007 ! Documentation corrections, thanx to Vladimir Fesko 30.08.2007 ! Fixed PCRE filter behaviour on configuration reload 29.08.2007 ! Support added for in-line auth plain SMTP authentication. Default parent authentication is changed to LOGIN. 25.08.2007 ! Fixed -h feature (double memory free after second connect) + smtpp (SMTP proxy added). Supports both PLAIN and LOGIN for both client and server, supports default SMTP server. 23.08.2007 + %e format specificator added for exaternal IP logging. 22.08.2007 ! dighost corrected to do not change file, if no replay from the server received. 20.08.2007 + authcache password added ! authcache user and user,ip corrected and crash fixed 17.08.2007 + Documentation added for authentication cache 16.08.2007 + Authentication cache created! New command: authcache authtype time e.g. authcache ip 600 and new authentication type: cache, e.g. auth iponly cache strong Doesn't work with NTLM, Requires proxy -n! 07.08.2007 ! define _MAX__TIME64_T, because Microsoft only mentions it in configuration and never actually defines it. Prevents crash on malformed/older counter file. 03.08.2007 + 'nolog' command added to extend allow/deny rules (prevent logging for requests mathing allow/deny rules). nolog only affects last allow or deny command. + 'weight' command added to extend allow/deny rules. E.g. 'weight 100'. weight only affects last allow/deny rule. 31.07.2007 ! Error code changed to 100 on failed SOCKSv5 name resolution + FAQ and documentation updates + New command 'logdump' added, to create intermediate log records then given amount of data is archieved through connection + New command 'filtermaxsize' to prevent filtering if expected Content-Length is greater than given value. 21.07.2007 ! rm changed to del in Windows makefiles 07.07.2007 + HTTP proxy code fixed to pre-buffer traffic and fix Content-Length in case of short files. For longer files Content-Length is not sent to client. It's safe now to change HTTP content within plugin. Result: pcre_rewrite works perfectly. 05.07.2007 + Documentation improved. 28.06.2007 + FTP server authentication fixed 26.06.2007 + Request authentication for FTP server in HTTP proxy if anonymous logon fails 18.06.2007 ! Documentation fixes 11.06.2007 ! Fixed: \r in *nix installation scripts 31.05.2007 ! PCRE: Fixed: replace on the string of different size ! PCRE: Fixed: replace only replaces first match ? PCRE: known problem: in HTTP if size changes after replacement it doesn't match Content-Length any more. Any workaround suggestions? Remove Content-Length on HTTP requests? 07.05.2007 ! PCRE plugin only used first rule 21.04.2007 ! Avoid usage of large stack buffer in proxy + PCREPlugin is now somehow usefull 20.04.2007 ! Minor code cleanup 18.04.2007 ! Fixed: TraffCorrect plugin doesn't NULLify pointer after free() 13.04.2007 !! Potential buffer overflow fixed on transparent request handling thanks to big_gad_(at)_mail.ru 12.04.2007 ! missed authentication type check in Windows Authentication plugin ! fixed minor memory leak in tcppm 11.04.2007 ! Compilation issue for structures.h introduced on 09.04 fixed 09.04.2007 ! Minor code cleanup, documentation fixes, rus-win1251.3ps grammatics fixed. ! *nix plugins compilation issue fixed 08.04.2007 ! Bug fixed on socket mapping (introduced 06.04) ! Some internal code review without functional changes ! "parent type IP 0" is now used to specify external IP (like -eIP, but only for connections matching "allow") 06.04.2007 + PCREPlugin added. Still in development, not all functionality is implemented. 05.04.2007 + StringsPlugin by Kirill Lopuchov is imported 21.03.07 ! Fixed: FTP listing is not shown on long FTP server greeting in HTTP proxy ! Fixed: FTP listing may noy be shown on specific server timing in HTTP proxy 19.03.07 ! TraffCorrect plugin NULL pointer fixed 16.03.07 + It's now possible to use hostnames and patterns in destination ACL. Hostname is checked against requested hostname. Hostnames and networks may be mixed. Example: deny * * *sex*,*porn*,localhost,192.168.0.0/16 '*' can not be uses in the middle of the hostname. www*com is invalid pattern. ! BINDIR changed to BUILDDIR in Makefiles to avoid collision with install on Linux. 15.03.07 ! Documentation update 13.03.07 + It's possible to use hostnames in ACL, but it should not be dynamic or multihomed host because hotname is translated to IP immediately. 01.03.07 ! fixed: unnecessary mutex_unlock on trafcounter mutex ! Cosmetic changes 28.02.07 + FTP put support added for HTTP proxy ! Code cleanups (few warnings fixed) ! Makefile.Linux changed (by request of Jari Aalto) 22.02.07 ! fixed: ftppr may delay on file uploading 20.02.07 + Minor improvements in schedule-handling code 14.02.07 ! Previous FTP (24.12.06) fix was ineffective (operation after break) 01.02.07 ! Documentation typo with portnumber in fordummies.html fixed 25.01.07 ! Typo fixed in gethostbyname_r 23.01.07 ! Plugins are added to main code tree 20.01.07 ! Use gethostbyname_r on Linux and Solaris 18.01.07 ! Set reload flag on Web interface reload, but do not call reload() function. to process reloads in uniform way. 08.01.07 ! Rotate counters with '0' number + Scheduling interface added 29.12.06 ! udppm code cleanup 24.12.06 ! Point ident for openlog to saved copy of string to prevent garbage in syslog ! Fixed: FTP though parent proxy ! Fixed: problem fixed for final FTP server response received before data (slow connection). 22.12.06 ! socks4 parent redirection fixed ! Makefile.Solaris and Makefile.Solaris-gcc are corrected against -o problem in Solaris. 21.12.06 + FAQ additions 19.12.06 ! Fixed: POST request problem with NTLM authentication + Access to reload / exit status and proxy stringtable from plugin API 05.12.06 ! Fixed: imcomlete pages through HTTP proxy (Internet Explorer hangs) ! Minor changes in trafcount/bandlimit for better plugin compatibility 30.12.06 ! Fixed: two 3xx replies on USER command in ftppr. 27.11.06 ! Changed to SAFESQL because actually only Microsoft and Oracle seems to follow ODBC standards. 19.11.06 + SITE command support in addition to OPEN for ftppr 18.11.06 + -I added to standalone services to be executed from inetd. 14.11.06 ! Fixed behaviour on failed ODBC log attempt + Filtering HTTP request API now works 10.11.06 + Try to fallback to stdlog if odbclog fails 07.11.06 + Filtering API is partially implemented 01.11.06 + -h option added to use as default hostname:port for ftppr/pop3pr. 15.10.06 ! WindowsAuthentication.dll version updated to match current internal structures and changes in plugins API. 13.10.06 ! Exit service on non-recoverable service error 11.10.06 ! Fixed: hostname:xx causes name resolution problem (introduced on 09.10). ! Fixed: wrong target ports for tcppm/udppm (introduced on 09.10). 09.10.06 ! %Q and %q added to track requested IP/port. Hopefully also problems with ACL checks on redirected applications are finally fixed. 06.10.06 ! WindowsAuthentication.dll replaced with static version in distro 04.10.06 ! Some compilation warnings cleaned ! Back to static linking ! Errors introduced with filters corrected 03.10.06 ! Add .manifest files to distribution 28.09.06 ! Compile 3proxy with msvcr80.dll + include msvcr80.dll into distribution 27.09.06 + FAQ updated. + Filtering functionality added (incomplete yet). ! SOCKS BIND/UDPASSOC problems fixed (based on Artem Rebrov's patch) 25.09.06 ! Traffic report name is now generated based on 'last traffic in report' date/time and is not overwritten on service startup. Today traffic report will only be seen tomorrow, but counters may be checked with 'countersutil' or web interface. 13.09.06 + Examples of compatible log formats added to 3proxy.cfg.sample 11.09.06 ! Name hash length changed from 64 to 128 bits. 06.09.06 ! Documentation regarding to Unix compilation corrected 05.09.06 ! Fixed: buffered input may double some data on empty reads + FTP diagnostics improved for FTP login problems + Add ".." to directory listing 25.08.06 ! Fixed: endless loop on configuration parsing if ACL weekdays are given as a comma delimited list (reported Andrey S. Alexeenko). 23.08.06 ! Fixed: compilation under Solaris + Solaris/gcc Makefile added 17.08.06 ! Fixed: NTLM authentication doesn't work for NT-encoded passwords ! Fixed: offer NTLM authentication before basic 15.08.06 ! Reset client address after hostname parsing ! Warn on counterfile time_t incompatibility 10.08.06 ! Fixed: \r's in few Makefiles 09.08.06 ! Documentation corrections. 04.08.06 ! Documentation corrections. 28.07.06 ! Fixed: invalid traffic prediction for large downloads on traffic limits over 4GB. 26.07.06 ! nbname auth rejects, if no NetBIOS name determined. Use auth nbname,iponly to emulate old behaviour ! It's now possible to use "-" in ACLs to match empty username. ! No need to specify L/G for filename template in "log" (local time is always used). 25.07.06 + "log" command now supports same format specifications for filename template as "logformat" (if filename contains '%' sign it's believed to be template). As with "logformat" filename must begin with "L" or "G". 08.07.06 ! nreads/nwrites/nconnects fields added to internal client paramters structure for plugin developments 07.07.06 ! FTP_DATA operation added for FTP data connection ACLs. 04.07.06 ! Scripts/Makefiles corrections 03.07.06 ! Fixed: dnspr 822 error on Windows (seems like a bug with multithreading on latest Visual C compiler, ioctlsocket() resets parameters of setsockopt(). ! Fixed: wrong limit and traffic on counters on the web 30.06.06 ! Fixed: wrong traffic displayed on web for traffic > 4GB 28.06.06 ! Fixed path to binary in scripts/rc.d/proxy.sh 27.06.06 ! Fixed: limitations for traffic over 1GB work incorrectly + Start/stop script example added to distribution 22.06.06 + -u parameter added to services to avoid username authentication request/usage 16.06.06 + Windows authentication plugin added to binary Windows distribution 14.06.06 ! Added workaround for broken HTTP client (e.g. SUM - SUN update manager) with incomplete URI in HTTP request. 11.06.06 ! bind FTP data connection socket to external interface + FTPPR fully supports parent proxy (SOCKS 4/5, HTTPS/CONNECT) + FTPPR supports FTP_GET/FTP_PUT/FTP_LIST ACL actions limitations 09.06.06 + 'auth' can be used with few authentication types now. It makes it possible to request password only on demand with auth ipony strong 08.06.06 ! 'admin' redirect type added for redirection to local web administration service (works like admin -s). 31.05.06 ! Log '-' instead of username if username exists but is empty 29.05.06 !!!! Warning: counters file format changed on Windows since 0.5.2 because of different sizeof(time_t) on Visual C++ 2005 compiler. + countersutil utility added to manage counters. To convert 3proxy.exe 0.5.2 counter file to 3proxy.exe current run countersutil oldexport counterfile tmpfile countersutil import counterfile tmpfile 25.05.2006 ! Fixed: dnspr command lost from command list 17.05.2006 ! Fixed: nobandlimin actually works like nobandlimout 16.05.2006 !! Fixed: crash if more than one "users" command in configuration ! Fixed: timezone display for FreeBSD and Windows + added %o format specification for 3-character mOnth abbriviation ! Fixed: check EINTR on poll() (avoids "Interrupted system call" in logs and broken connection on USR1 signal. 12.05.2006 ! Fixed: log rotation was broken after client code rewrite 11.05.2006 ! Cleaned: "mypoll" error if compiled with GCC withoout WITH_POLL 10.05.2006 ! Use SO_REUSEPORT if defined 06.05.06 ! Minor HTTP proxy redirections code cleanup 03.05.06 + socks error codes improved 02.05.2006 ! Fixed: compilation for Unix (plugins) 01.05.2006 ! Fixed: names for authentication types turned back for compatibility ! Fixed: no warning given for unknown authentication type ! Fixed: bandlimout doesn't work if bandlimin presents for same connection 30.04.2006 ! Fixed: nobandlimin/nobandlimout commands missed ++ plugin command added to load dynamic library 25.04.06 ! Internal structures moved to diffent header file 20.04.06 ! Fixed: few problems with logging after latest modification (out of memory reference on hostname). SQL injections now are filtered even if \' is not in filtered characters. 17.04.06 ! Few bugs introduced on 13.04 (especially 'nocountin' crash) fixed ! Significant changes to internal structures ! Compilation problems under Linux/Unix fixed 13.04.2006 ! 3proxy.c configuration reading major code rewrite ! Fixed: memory leaks on configuration reload ! Changed from CreateThread to _beginthreadex according to MS reccomendations ! Changed: FTP start data transfer code from 101 to 125 in FTPPR + NLST support added to ftppr 05.04.2006 + Minor documentation and help screen updates 30.03.2006 !! Windows distribution compiler changed to MSVC 8.0 ++ bin64 (Windows XP/2003 64 bit edition x64) added 29.03.2006 ! Socket leak fixed on FTP data connection failure under Windows ! minor 64 bit compatibility code cleanup + x64/amd64 Windows XP/2003 64 bit edition makefile added 24.03.2006 ! Minor FAQ dummy compatibility updates 18.03.2006 + Parameters descriptions and XML stylesheet added to webadmin services view ! Potential problem (wrong type dereference) fixed in webadmin services 12.03.2006 ! Restore sasize after receivefrom 10.03.2006 ! Fixed: CONNECT with http parent + bandlimout / nobandlimout implemented ! Copyrights and banners fixed 08.03.2006 ! Minor poll() code cleanup 06.03.2006 ! Socks 4a name resolution fixed ! Name resolution function was not cleared after configuration reload 03.03.06 ! Print comments in traffic report 26.02.06 ! Check POLLERR / POLLHUP for revents 21.02.06 + "monitor" command added to reload 3proxy if monitored file changes 13.02.06 ! Some files are renamed for autotools compatibility 07.02.06 ! Fixed: insufficient timeout on buffers flushing, leads to loss of data if connection to client is worse than connection to server. 06.02.06 + -b (bufsize) parameter added to every service ! flushing improved to prevent data loss at the end of output 03.02.06 ! Documentation corrected 10.01.06 + Documentation updated ! Buffered UDP data loss on exit is fixed for sockmap 30.12.05 ! Minor interface fixes 27.12.05 + English FAQ added 20.12.05 ! Fixed: crash on counters in webadmin if "NONE" counter rotation type is used. 09.12.05 ! Use bind port from BIND request for SOCKSv5 server 30.11.05 ! Do not buffer UDP packets 30.11.05 ! Do not drop connection on unknown command 29.11.05 ! Do not drop connection on POP3 CAPA. 28.11.05 ! Fixed: recv() may be called with small buffer on UDPPM 23.11.05 ! Fixed: programming bug in $ file inclusing ! Fixed: webadmin conter type uses stack for return value 17.11.05 + Makefile.Solaris added, thanks to 'pqr'. ! Cleaned pointer conversion warnings 15.11.05 ! define PTHREAD_STACK_MIN if not defined to compile under Solaris ! S_NONE renamed to S_NOSERVICE to compile under Solaris 14.11.05 ! Linger period is set to STRING_L (60 sec default) 10.10.05 ! Add some grace period to shutdown services before exit 03.10.05 ! Linger added to FTP socket to avoid data loss on socket close 29.09.05 + Added H (hour) and C (minute) routation support to countin 22.08.05 ! Fixed: UDP resolver (nserver) fails to resolve name if reply contains no additional records (for example dnscache from djbdns). 06.08.05 !!Workaround added for Windows XP SP2 / Windows 2003 SP1 problem with 2 selects on single datagram socket. udppm -s and dnspr hang on random time while sending packets to client, sometimes causing client timeouts. 05.08.05 ! Fixed problem with UDP mappings ! Workaround for strange Windows XP bug with sendto() delay for 2 secs if no select() was performed on socket 30.07.05 ! Error handling on SOCKSv5 parent improved 28.07.05 + Support for parent SOCKS4b/SOCKS5b (broken implementation with shortened server reply) added. I never saw such server by they say there are. socks4b, socks5b options for parent proxy. 22.07.05 + Name resolution for parent CONNECT, SOCKSv5 and SOCKSv4a proxy server added, should work with "fakeresolve" option (connect+, socks4+ socks5+ options for parent proxy). 13.07.05 ! Fixed: reading behind allocated memory in myrand() entropy gathering function (leads to occasional craches) intrdoduced on June, 20. 12.07.05 ! Use client port only for portmappers ! Code reviewed for possible double close() 10.07.05 ! Improved quote handling in config files. No any string can be quoted (for example Thi"s is a test" is same as "This is a test", fixed a problem with using quotes with $ macro. 01.07.05 + Added RSA copyright text to 'mycrypt' to allow binary redistribution for this tool only. 22.06.05 + try to use same (unprivileged) port as client for outgoing connections for portmappers ! admin -s now only shows counters related to user ! Fixed: impossible to set traffic limit to even number of GB 20.06.05 ! -a option corrected again (had inverted action) + -a1 option added to report random information about client IP + -s option added to 'admin' to allow safe-only commands (user mode) 26.05.2005 ! -a option corrected 25.05.2005 + 'Y' (annually) option added to counters, logfile rotations, etc + -a (anonymous) option added to proxy server 21.05.2005 ! socks: only allow UDP mapping from same IP with control connection ! socks: always log network parameters for control connection ! check timeout to be below 2000000 20.05.2005 ! invalid sendto() argument fixed (may affect UDP mapping and sometimes TCP under very rare configurations) ! set sasize before sendto ! socks checks requested address to be non-zero ! socks checks requested port to be non-zero ! socks: do not change UDP client parameters before UDP packet received 19.05.2005 + 'include' command added to 3proxy (include one config file from another config file) ! handle EAGAIN on send()/recv() 18.05.2005 ! More detailed problem code in mapping code 17.05.2005 ! Fixed typo with dnspr logging 16.05.2005 + dnspr can now resolve records different from hostname (request is proxied to first DNS server in the list, reply is not cached). 14.05.2005 ! Fixed: mishandled socket error in dnspr code 13.05.2005 ! Few minor fixes in HTTP proxy code (timeout in initial handshake lefts some garbage in request buffer). ! Fixed short timeout in FTP proxy code ! Mapping code is changed to leave unsent data on buffer 06.05.2005 ! Prevent race conditions with 100% CPU usage in socksmap (introduced 30.04) 03.05.2005 ! Fixed: double free() in authentication (probably introduced on 04.04) ! Changed to POLLIN/POLLOUT/POLLPRI for more compatibility 30.04.2005 ! Fixed: double free() in FTP over HTTP (probably introduced on 04.04) ! Fixed: in very rare situation may loose some data at the and of connection 27.04.2005 ! stack size increased (reported problems under some OSs) ! Fixed: -l option for service executable leads to NULL-pointer reference !!! Moved from select() to poll() on *nix. Please upgrade your Makefiles. 25.04.2005 ! set thread stack size explicitly to prevent problems with some Linux 2.6 kernels. 22.04.2005 ! Never fallback to gethostbyname() if nameservers are configured to prevent locking on *nix platforms !!Fixed: name resolution is called while mutex is locked in HTTP proxy leading to long lasting blocking. 21.04.2005 ! Fixed: dnspr returns A record of invalid class (fails with some resolvers) !! Socket I/O is now non-blocking 19.04.2005 ! bandlimits changed to avoid floating point operations 11.04.2005 + Log if new connections delayed because of too many accepted connections 04.04.2005 ! Fixed few minor rare memory leaks 03.04.2005 ! Fixed: HTTP proxy should ignore Content-Length for 304 response 14.03.2005 ! MD5 password hashin within mycrypt utility fixed ! dnspr logging now shows DNS server IP instead of resolved IP, resolver IP is shown in additional info 11.02.2005 ! Configuration reload removed from signal handler 31.01.2005 ! Limit for maximum log string size increased to ~4K ! large FD_SETSIZE and FD_SETSIZE check is not required under Windows 28.01.2005 ! Fixed: -s options for udppm 17.01.2005 ! Fixed: invalid IP may appear in logs and bandlimits on redirection 13.01.2005 + fakeresolve option added 21.12.2004 ! Fixed: traffic limits are set improperly for traffic over 1Gb 11.12.2004 ! 0.6 development started 11.12.2004 Commited as 0.5b 11/12/2004 3[APA3A]tiny proxy 0.5b New features marked with !. Features: 1. General + HTTP/1.1 Proxy with keep-alive client and server support, transparent proxy support. + FTP over HTTP support. + DNS caching with built-in resolver + HTTPS (CONNECT) proxy + SOCKSv4/4.5 Proxy + SOCKSv5 Proxy ! UDP and bind support for SOCKSv5 (fully compatible with SocksCAP/FreeCAP for UDP) + Transparent SOCKS->HTTP redirection ! Transparent SOCKS->FTP redirection ! Transparent SOCKS->POP3 redirection + POP3 Proxy ! FTP proxy ! DNS proxy + TCP port mapper + UDP port mapper + Threaded application (no child process). ! Web administration and statistics 2. Proxy chaining + Parent proxy support for any type of incoming connection + Username/password authentication for parent proxy(s). + HTTPS/SOCKS4/SOCKS5 and redirection parent support + Random parent selection + Chain building (multihop proxing) 3. Logging + turnable log format compatible with any log parser + stdout logging + file logging + syslog logging (Unix) + ODBC logging (Windows and Unix) + log file rotation (hourly, daily, weekly, monthly) + automatic log file comperssion with external archiver (for files) + automatic removal of older log files ! Character filtering for log files ! different log files for different servces are supported 4. Access control + ACL-driven (user/source/destination/protocol/weekday/daytime or combined) bandwith limitation + ACL-driven (user/source/destination/protocol/weekday/daytime or combined) traffic limitation per day, week or month + User authorization by NetBIOS messanger name + Access control by username, source IP, destination IP, destination port and destination action (POST, PUT, GET, etc), weekday and daytime. + Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP + Cleartext or encrypted (crypt/MD5 or NT) passwords. + Connection redirection + Access control by requested action (CONNECT/BIND, HTTP GET/POST/PUT/HEAD/OTHER). ! NTLM authentication for HTTP proxy access ! All access controle entries now support weekday and daytime limitations. 5. Configuration + support for configuration files + support for includes in configuration files + interface binding + running as daemon process + utility for automated networks list building Unix + support for chroot + support for setgid + support for setuid ! support for signals Windows NT/2K/XP/2K3 + support --install as service + support --remove as service + support for service START, STOP, PAUSE and CONTINUE commands (on PAUSE no new connection accepted, but active connections still in progress, on CONTINUE configuration is reloaded) Windows 95/98/ME ! support --install as service ! support --remove as service 6. Compilation + MSVC (msvcrt.dll) + Intel Windows Compiler (msvcrt.dll) + Windows/gcc (msvcrt.dll) + Cygwin/gcc (cygwin.dll) + Unix/gcc + Unix/ccc Known bugs: report to 3proxy@security.nnov.ru Planned for future (0.6) release: - External modules API - Addon URL, antiviral, HTTP cache filters modules, authentication modules for different protocols (RADIUS, PAM, integrated system, etc). $Id: Changelog,v 1.154 2006/03/08 18:44:00 vlad Exp $ 11.12.2004 + man page for 3proxy.cfg added 09.12.2004 ! restarting SQL on reloading configuration 08.12.2004 ! Typo fixed in sockmap preventing portmappers from functioning 06.12.2004 + Network input is now buffered, decreasing CPU usage - Debugging printf() removed from ftppr 30.11.2004 !! Fixed: memory content may be leaked on FTP error in HTTP proxy ! Few race conditions with double socket closing fixed in FTP proxy + Content-Length is checked to do not allow traffic overdraft via HTTP proxy + Connection now can be aborted due to traffic limit (code 90) 24.11.2004 ! 333 error removed - no longer required 23.11.2004 ! Deadlock in checkACL() (introduced 18.11) fixed 20.11.2004 ! All mutex operation are now atomic to prvent deadlocks ! Race conditions with bamdlimits on reload fixed 18.11.2004 ! Mutex logic overwritten, should clear reload races completely ! Fixed socket leak on some failed FTP operations ! FD_SETSIZE increased, check for FD_SETSIZE added 04.11.2004 ! Fixed: Maxconn limitation doesn't work, may lead to resource exhaustion attacks ! Fixed: reference to unallocated memory if fails to create new thread (may lead to crash together with previous bug). 03.11.2004 ! Fixed: Wrong type for "ace.users" in datatypes.c ! Partially fixed: race conditions on reload in alwaysauth() 02.11.2004 ! race condition in sql_init on reload fixed ! minor code cleanup ! typo with SQL deadlock introduced on last fix fixed ! checked few memory allocation calls missed with debug library (myalloc) 30.10.2004 ! Fixed: minor memory leak on SQL error 28.10.2004 + HTTP parent redirection for FTP requests 23.10.2004 ! Fixed: access to free()'d memory in ODBC functions after few configuration reloads ! Configuration reload is more (but not yet completely) thread safe now. 17.10.2004 ! Fixed: Content-Type: missed in web interface 16.10.2004 ! Fixed: log may show invalid IP/port for parent proxy connection 12.10.2004 - Debug printing to stdout in webadmin removed 11.10.2004 ! Race conditions fixed, could cause 3proxy to crash on configuration reload 28.09.2004 ! Limitation for maximum string length in config file removed (for included files) 26.09.2004 ! Typo corrected preventing compilation under *nix 18.09.2004 ! URL decoding corrected (affect HTTP over FTP clients) + "writable" command added to allow config modification via Web interface + Config file can be edited via web interface 14.09.2004 ! Crash on HTTP redirections introduced on 08.09 fixed. 11.09.2004 + Weekday based access control is now possible + Time based access control added ! Speed improved in ACL checks 08.09.2004 + * can be used as external username with a meaning of username should be requested from user. + %n1-n2T is now available in logformat to log only few field of service specific text + -t (silent start) option added 20.08.2004 ! Yesterday fix was broken, corrected. 19.08.2004 ! Fixed: target address is logged instead of proxy address in a case of redirection 09.08.2004 ! Fixed: under *nix if service fails to bind() port for few hours it falls into endless loop with logging and high CPU usage. 03.08.2004 ! Fixed: select() changes tv value on some Linux kernels (100% CPU usage) 02.08.2004 ! Fixed: wrong initialization for counter descriptor (causes some stdout noise). ! Fixed: no HTTP proxy diagnostic message if host name doesn't resolve ! Fixed: NULL pointer crash if no format specified 30.07.2004 ! Few bugs with counters and bandlimits introduced yesterday fixed 29.07.2004 ! Fixed few memory leaks on restart ! Some code cleanup for configuration information storing + Statistics extended + Added "Zombie" threads support (service thread waiting for child shutdown to exit). + Every service can now have different log format and character filtering + It's now possible to set logformat for service from command line 28.07.2004 ! Fixed: ACLs are not cleared on reload ! Fixed: bind() warnings on reload under *nix !! Fixed potential race conditions DoS on some Unix systems with thread exit on aborted connection (accept(): Software caused connection abort) 24.07.2004 + Web interface shows information about all currently running services and clients (plain format just for debugging, will be rewrtitten later) 23.07.2004 ! Fixed: wrong external ip/port in logs sometimes on internal redirection + HowTo and FAQ (Russian) added to documentation, documentation corrected 22.07.2004 + Added logging options for request duration and average send/recieve speed per request 20.07.2004 ! Changed default password for anonymous FTP ! Improved diagnostic messages for FTP over HTTP errors 19.07.2004 ! Changed FTP behaviour for some RFC ignorant sites 17.07.2004 + services and clients are now registered for future extensions ! counters show wrong result problem introduced yesterday fixed ! fixed descriptor leak on configuration reload ! fixed theoretical problem with client number limitations ! few theoretical mutex leaks fixed 16.07.2004 + 3proxy can now read configuration from stdin under *nix, 3proxy.cfg can be executable + 'config' command added to allow 3proxy reload configuration in chroot'ed environment or if configured from stdin. + 'end' command added + Man pages in HTML added 14.07.2004 ! Minor casting issues, Unix compilation issues fixed + counters sample added 13.07.2004 + Configuration improved and repacked 08.07.2004 ! Problem introduced yesteday (after rotation logs do not print to logfile) fixed. 07.07.2004 ! Fixed FTP behaviour on RFC ignoring FTP sites (ftp.drweb.ru). ! Config file example updated with FTP proxy service configuration + Logging changed to allow personal log files for every service (without rotation) and to work on older FreeBSD systems. 05.07.2004 ! Fixed call to free'ed memory (could cause crash on reloading 3proxy configuration in 0.5b-devel after 28.06.2004) 30.06.2004 ! Fixed redirection crash if parent username/password is not specified ! Fixed documentation buf (%h instead of %n for hostname in logformat) 28.06.2004 ! Minor changes in error messages generation 25.06.2004 ! distributive repacked, some Russian documentation by Kirill Lopuchov added 24.06.2004 ! realm sometimes is not shown in proxy-authentication 23.06.2004 ! fixed maxconn parameter was not set to default value on proxy reload. ! fixed typo in pop3p causing it to fail 22.06.2004 ! ftppr.c typo corrected, preventing compilation under unix. 19.06.2004 + FTP proxy (compatible with both USER and OPEN mode). Redirection to FTP proxy from SOCKS 18.06.2004 + Local redirection to POP3 proxy is now awailable. ! Fixed race conditions with double socket closing in POP3 proxy 17.06.2004 !! Threading problem causing minor memory leak and preventing 3proxy from functioning under few OS versions (including Linux) after some number of requests fixed. 16.06.2004 ! Authentication problem introduced on 05.06 fixed 15.06.2004 ! FTP over HTTP proxy supports spaces, quotes and 0x255 in filenames. !! Potential security risk fixed: FTP password may appear in log if URL ftp://user:password@server is used. 09.06.2004 ! NTLM is enabled by default. Use proxy -n to disable NTLM for proxy service (for example, if crypt passwords are used). 05.06.2004 !! Potential security leak fixed: POP3 proxy password can appear in log if proxy username is configured as proxyuser:proxypassword:pop3user@pop3server in POP3 client program ! Child invocation code rewritten to avoid code dupclication. 27.05.2004 ! Reloading is now fast (new thread starts before old one dies) ! Milliseconds are printed as .3 (not .4) in logs 22.05.2004 + Reload command added to Web interface and SIGUSR1 handling ! Problem fixed: no mode is given to open() with O_CREAT for counter files, counter file can be created as read only under Windows or with invalid mask under Unix. ! Do not fail if bind() fails ! Setsockopt for integer options corrected ! REUSEADDR added to avoid "Address already in use" problem if restarted under Unix 18.05.2004 + Installation/removal as a service under Windows 95/98/ME now supported. 17.05.2004 ! Fixed: 3proxy hangs on socket error during config reading 14.05.2004 ! For HTTP proxy NTLM authentication both ntlm and basic are now advertized to client for compatibility ! Optimization parameters are changed and stack protection is turned on for MSVC (Windows default) compilation. ! Fixed: exiting thread shows last client IP in log 27.04.2004 ! Fixed: Microsoft domain authentication to web server may fail via transparent HTTP proxy with some IE versions. ! HTTP HEAD now recognized 23.04.2004 ! Fixed compilation issues under Unix 22.04.2004 + Configuration now can be dynamically reloaded with net pause 3proxy / net continue 3proxy or by sending SIGPAUSE twice without breaking connections ! 3proxy is now distributed compiled with Microsoft Visual C++, thanx to MS for releasing "Microsoft Visual C++ Toolkit 2003" for free. ! Few bugs introduced in latest versions (username/password for parent proxy, dnspr and single packet UDP are fixed) 13.04.2004 + NTLM authentication for proxy server (yes, it works under *nix). It will not work with crypt password, only CL or NT. Use proxy -n to allow NTLM. ! potential DoS (NULL pointer) condition fixed in configuration with crypted passwords 08.04.2004 + %n (hostname) added to logformat 05.04.04 ! compilation problem under Unix fixed 01.04.04 ! problem with portmappers fixed (introduced on last modification) 20.03.04 + FTP messages are shown now ! FTP problem with links with absolute paths fixed ! No more authentication requested for user if ACL denies access to resource in HTTP proxy. ! ACLs are now stored in predefined container. It's required for future improvement (Cisco-like ACL configuration and configuration reload without restarting proxy). As a backside, number of ACLs is now limited to 256. ! Function for configuration reading implemented for future improvements. 12.03.2004 ! error text generation changed for pthread_create (use return code instead of errno). Memory leak on failed pthread_create fixed. 02.03.2004 ! Transparent proxy fixed to work with ports different from 80. ! Workarond for Internet Explorer invalid Host: header bug 28.02.2004 + -+ options added to logformat for character filtering ! ' character now filtered only if logged via ODBC ! few bugs fixed in ODBC logging reliability code. Now 3proxy should better handle broken database connections. 26.02.2004 ! user32 added to library list for MSVC 24.02.2004 ! Ask installation confirmation before installation 23.02.2004 ! ttl now is real for DNS proxy proxy reply 21.02.2004 + dnspr - DNS caching proxy added to 3proxy module. Listens on UDP/53 and answers hostname requests. Requires nserver/nscache to be configured. ! 3proxy wanrs user if installed as Windows service ! 3proxy child threads are now started faster 22.01.2004 ! mutex deadlock fixed if gethostbyname() is used under Unix 19.01.2004 ! compilation issue fixed for MSVC (definition inside code) 15.01.2004 ! bug fixed in configuration reading getip() called befor WSAStartup (thanks to Kerd) ! bug fixed with parent CONNECT proxy (thanks to Kerd) 11.01.2003 + Few man pages added 06.01.2003 + now it's possible to use "" inside quotation for double quote sign (for example "say ""hello world""" 04.01.2004 + maxconn configuration option added 19.12.2003 + New "safe" memory allocation library implemented. It may slow down performance but is thread safe and never cause memory fragmentation. ! Memory leak in redirection SOCKS->HTTP fixed 11.12.2003 ! Memory leak in UDPPM fixed 29.11.2003 + Copyrights added to banners !! Few signed/unsigned mismatches fixed (including potentially dangerous) 27.11.2003 ! 'redirect' now can be used with hostname instead of ip address 21.11.2003 ! POP3 proxy bug fixed 04.11.2003 ! '@' situation in username for POP3 proxy corrected (pop3name@pop3realm@pop3server) 03.11.2003 ! One more bug with 'archiver' causing 3proxy to crash on log archieving fixed 29.10.2003 ! Some threading safety is added for logging (inet_ntoa and ODBC re-initialisation) 28.10.2003 ! Bug causing daily log filename to work as weekly fixed ! 'daemon' example moved to beginning of configuration file 16.10.2003 + pidfile configuration option added + processing for SIGCONT (pause/resume) and SIGTERM (termination) added under Unix 01.10.2003 ! Weekly log filename now is generated by the date of last Sunday. ! Do not strip executable for Unix (must be stripped during installation). 21.09.2003 ! Bug fixed in "log" command processing (wrong buffer was used for filename generation) 16.09.2003 ! socksmapping algorythm changed to handle incomlete send() (for *BSD). 15.09.2003 ! mutex added to gethostbyname() to avoid thread unsafety. It slows down proxy if no nserver configured (it MUST be for *nix!) but prevents crashing on active usage. ! signal() handling is added for SIGPIPE. It seems to be some race conditions on FreeBSD between send() and gethostbyname() somewhere causing SIGPIPE on gethostbyname(). 13.09.2003 ! NULL reference corrected if rotate is given without archiver 11.09.2003 ! Few additional checks added for open()/fopen() to do not crash on invalid files in config ! Buffer moved from stack to heap in socks.c to eliminate crash on FreeBSD 10.09.2003 ! Bug in SOCKSv5 UDP mapping corrected. Now it works fine (checked with Unreal Tournament) with both SocksCAP and FreeCAP. 06.08.2003 ! Algorithm for SOCKS5 bind/udp assoc port selection is now intellegent enough to allow server applications to use same port number on socks server if available and not denied by access list ! SOCKS5 bind/udp assoc now matches incoming connections/packet with IP address from request in accordance to RFC 1928 to improve security 04.08.2003 !!! Bug fixed sometimes causing 3proxy to crash if parent proxy is used !!! UDP associate finaly completed and is fully functional (tested with SocksCAP on Unreal Tournament). !!! TCP bind code re-checked, and is probably working (doesn't work on SocksCAP because of SocksCAP bug !!! Socket leak on nbname auth fixed 21.07.03 + Web administration module created + Dynamic enable/disable for counters now available via web interface 19/07/2003 3[APA3A]tiny proxy 0.4 New features marked with !. Features: 1. General + HTTP/1.1 Proxy with keep-alive client and server support, transparent proxy support. ! FTP over HTTP support. ! DNS caching + HTTPS (CONNECT) proxy + SOCKSv4 Proxy + SOCKSv5 Proxy (TCP only) + Transparent SOCKS->HTTP redirection + POP3 Proxy + TCP port mapper + UDP port mapper + Threaded application (no child process). 2. Proxy chaining + Parent proxy support for any type of incoming connection + Username/password authentication for parent proxy(s). + HTTPS/SOCKS4/SOCKS5 and redirection parent support + Random parent selecttion + Chain building (multihop proxing) 3. Logging + turnable log format + stdout logging + file logging + syslog logging (Unix) + ODBC logging (Windows and Unix) + log file rotation (hourly, daily, weekly, monthly) + automatic log file comperssion with external archiver (for files) + automatic removal of older log files 4. Access control ! ACL-driven (user/source/destination/protocol or combined) bandwith limitation ! ACL-driven (user/source/destination/protocol or combined) traffic limitation per day, week or month + User authorization by NetBIOS messanger name + Access control by username, source IP, destination IP, destination port and destination action (POST, PUT, GET, etc). + Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP + Cleartext or encrypted (crypt/MD5 or NT) passwords. + Connection redirection + Access control by requested action (CONNECT/BIND, HTTP GET/POST/PUT/HEAD/OTHER). 5. Configuration + support for configuration files + support for includes in configuration files + interface binding + running as daemon process + utility for automated networks list building Unix + support for chroot + support for setgid + support for setuid NT + support --install as service + support --remove as service + support for service START, STOP, PAUSE and CONTINUE commands (on PAUSE no new connection accepted, but active connections still in progress) 6. Compilation + MSVC (msvcrt.dll) + Intel Windows Compiler (msvcrt.dll) + Windows/gcc (msvcrt.dll) + Cygwin/gcc (cygwin.dll) + Unix/gcc + Unix/ccc Known bugs: - udppm doesn't work if compiled with cygwin. Cygwin doesn't support recvfrom()/sendto() on connected socket, so recv/send is used instead... Not a big deal anyway. Planned for future release: - Web interface for configuration - Signal handling on Unix (for stop/pause/resume/configuration change) - External filter API - Addon URL, antiviral, HTTP cache filters 17.07.03 + ODBC changed to re-establish broken connection 11.06.03 ! #ifndef NOSQL changed to NOODBC 22.05.03 + strong auth now supported for POP3 proxy. Now, username can be in format proxy_username:proxy_password:POP3_username@pop3server 30.04.03 ! redirect function now do not change code of traffic limit error 24.04.2003 ! -M changed to -D for *nix makefiles 18.04.2003 ! HTTPS behaviour breaked by latest patches restored 15.04.2003 ! fixed handling of special characters and non-existing files in FTP over HTTP proxy. 12.04.2003 ! fixed behaviour of HTTP proxy on RFC-incompatible web servers (banners exchanges, price.ru, etc) - they terminate string with \n instead of \r\n. 10.04.2003 + nsrecord and dialer commands added ! Name resolution now occures right before authorization to prevent unauthenticated users from performing NS lookups and demand dial. 05.04.2003 + N (Never) option value added for counters refreshing 29.03.2003 + !!! FTP support for HTTP proxy added. 25.03.2003 ! Socks 4 bug fixed (was visible in Netscape) + Socks 4.5 support added (not tested) ! !! UDP portmapper code fixed 24.03.2003 ! Timeout, close on closed socket and FD bugs fixed in UDPPM 21.03.2003 + Proxy-Authorization now works for CONNECT (HTTPS proxy). 07.03.2003 ! counter command extended to allow traffic reports 02.03.2003 ! Bandwidth/Traffic limiting problems fixed ! gethostbyname() argument limited to 256 characters. It may be significant for Windows 27.02.2003 + !!! Traffic limitting feature added (counter/countin/nocountin) 26.02.2003 ! nobandlim processing changed ! bandlim/nobamdlim commands renamed to bandlimin/nobandlimin 22.02.2003 + !!! Bandwidth limiting features added (bandlim and nobandlim commands) 18.02.2003 + Mutext support added for inter-thread data access. Should improve stability. - debugging printf() removed from proxy, typo fixed in auth.c 10.02.2003 ! Changed to use WSASocket()/WSAAccept() instead of socket()/accept() under Windows 30.01.2003 ! Version of gcc changed (3.2). + nscache option added to 3proxy configuration for DNS cache. For a while caching is primitive (with no expiration). 27.01.2003 - \n removed from perror() calls 27/01/2003 3[APA3A]tiny proxy 0.3b. New features are marked with !. Features: 1. General + HTTP/1.1 Proxy with keep-alive client and server support, transparent proxy support. ! HTTPS (CONNECT) proxy + SOCKSv4 Proxy + SOCKSv5 Proxy (TCP only) ! Transparent SOCKS->HTTP redirection + POP3 Proxy + TCP port mapper + UDP port mapper + Threaded application (no child process). 2. Proxy chaining ! Parent proxy support for any type of incoming connection ! Username/password authentication for parent proxy(s). ! HTTPS/SOCKS4/SOCKS5 and redirection parent support ! Random parent select ! Chain building (multihop proxing) 3. Logging ! turnable log format + stdout logging + file logging + syslog logging (Unix) ! ODBC logging (Windows) + log file rotation (hourly, daily, weekly, monthly) + automatic log file comperssion with external archiver (for files) + automatic removal of older log files 4. Access control + User authorization by NetBIOS messanger name + Access control by username, source IP, destination IP and destination port + Access control by username/password for SOCKSv5 and HTTP + Cleartext or encrypted (crypt/MD5 or NT) passwords. + Connection redirection ! Access control by requested action (CONNECT/BIND, HTTP GET/POST/PUT/HEAD/OTHER). 5. Configuration + support for configuration files + support for includes in configuration files + interface binding + running as daemon process ! utility for networks list building Unix + support for chroot + support for setgid + support for setuid NT + support --install as service + support --remove as service + support for service START, STOP, PAUSE and CONTINUE commands (on PAUSE no new connection accepted, but active connections still in progress) 6. Compilation + MSVC (msvcrt.dll) ! Intel Windows Compiler (msvcrt.dll) + Windows/gcc (msvcrt.dll) + Cygwin/gcc (cygwin.dll) + Unix/gcc ! Unix/ccc Known bugs: - udppm doesn't work if compiled with cygwin. Cygwin doesn't support recvfrom()/sendto() on connected socket, so recv/send is used instead... Not a big deal anyway. Planned for future release: - FTP proxy support - Web interface for configuration - Signal handling on Unix (for stop/pause/resume/configuration change) - External filter API - Addon trafficshape, URL, antiviral, HTTP cache filters 27.01.2003 !!!!!!!!!!!!!!!!!!! ! Tagging as 0.3b ! !!!!!!!!!!!!!!!!!!! 24.01.2003 - Fixed to use INVALID_SOCKET instead of -1 (for Windows compatibility) - Fixed problem with threading support under gcc. Now ODBC logging seems to work always. ! strncasecmp removed. Changed to use strnicmp for Windows. 21.01.2003 ! 0.3 development frozen to only bugfixes - bug fixed causing 3proxy to crash with NULL pointer reference on transparent web redirection - SQL support removed from default (gcc) compilation 20.01.2003 + ODBC logging (yeah!). For a while it works stable only if compiled with MSVC or Intel compiler. 17.01.2003 - bug introduced yesterday into CONNECT code cleaned 16.01.2003 + timeouts command added 13.01.2003 - daemonizing code changed to work correctly on buggy libc (FreeBSD) (pthread_* doesn't work after daemon()) - logging code changed to work correctly on buggy libc (FreeBSD 4.4) (freopen "a" mode doesn't work as expected on stdout) 12.01.2003 ! License is changed to prohibit modification and commercial use 11.01.2003 ! All makefiles are made uniform + Makefiles for Compaq C complier (Makefile.ccc) and Intel C Compiler for Windows (Makefile.intl) added + Makefile.msvc added for Microsoft Visual C Compiler ! proxy.dsp removed 10.01.2003 + Now checked to compile with Compaq C Compiler under linux on alpha platform + logformat configuration command added for custom log entry format ! Unix version changed to use gettimeofday instead of ftime to avoid -lcompat issue. 09.01.2003 ! Randomizer changed for proxy chaining ! Code cleaned: Makefile, signed/unsigned conversions, etc. ! Typo fixed preventing from compilation under *nix 08.01.2003 + dateformat command added ! Log format changed!!! + Control for different operations (CONNECT,BIND,HTTP_*, etc) added to ACL, see 3proxy.cfg.sample 25.12.2002 + Proxy chaining now is fully operational!!!!! + SOCKSv4 and SOCKSv5 client code added for chaining + HTTP connect authentication added for chaining + Parent authentication for HTTP proxy added - Problem with "Connection: close" resolved (if HTTP server time outs or closes connection). 24.12.2002 + Proxy chaining works!!! (for a while only HTTP CONNECT proxies are supported and no parent authentication). Logging is updated to include number of redirections (parent proxies) in square brackets. See config.sample for example of "parent" command. 23.12.2002 ! Transparent proxy operations improved, logging corrected + Added base code for proxy chaining ! Redirection code rewritten 23.12.2002 + UDP ASSOCIATE added (but not tested) to SOCKS. ! Additional logging added to socks proxy + Local HTTP proxy redirection added (for SOCKS). 01.12.2002 ! closesock() problem _finally_ patched... 30.11.2002 ! Makefile.unix corrected ! Do not process $ in included files for 3proxy.cfg ! Common error codes are unified 29.11.2002 + nserver example added to 3proxy.cfg.sample 28.11.2002 - fixed closesock() instead of close() call on 3proxy.cfg included files for native Windows. 27.11.2002 ! Minor changes in docummentation + dighosts utility added 22.11.2002 - Few problems corrected in logfiles rotation 20.11.2002 - SOCKSv5 bind() reply corrected. 19.11.2002 + internal resolver added to avoid usage of thread unsafe gethostbyname(). nserver configuration option added to config file. ! HTTP proxy behaviour slightly changed to be more compatible. 06/11/2002 3[APA3A]tiny proxy 0.2b Initial release. Features: 1. General + HTTP/1.1 Proxy with keep-alive client and server support, transparent proxy support. + SOCKSv4 Proxy + SOCKSv5 Proxy (TCP only) + POP3 Proxy + TCP port mapper + UDP port mapper + Threaded application (no child process). 2. Logging + stdout logging + file logging + syslog logging (Unix) + log file rotation (hourly, daily, weekly, monthly) + automatic log file comperssion with external archiver (for files) + automatic removal of older log files 3. Access control + User authorization by NetBIOS messanger name + Access control by username, source IP, destination IP and destination port + Access control by username/password for SOCKSv5 and HTTP + Cleartext or encrypted (crypt/MD5 or NT) passwords. 4. Configuration + support for configuration files + support for includes in configuration files + interface binding + running as daemon process Unix + support for chroot + support for setgid + support for setuid NT + support --install as service + support --remove as service + support for service START, STOP, PAUSE and CONTINUE commands (on PAUSE no new connection accepted, but active connections still in progress) 5. Compilation + Microsoft VC++ (msvcrt.dll) + Windows/gcc (msvcrt.dll) + Cygwin/gcc (cygwin.dll) + Unix/gcc Known bugs: - udppm doesn't work if compiled with cygwin. Cygwin doesn't support recvfrom()/sendto() on connected socket, so recv/send is used instead... Not a big deal anyway. - socks5 doesn't work with UDP Not implemented yet Planned for future release: - UDP implementation in SOCKSv5 - Signal handling on Unix (for pause/resume) - External filter API - Addon trafficshape, URL, antiviral, HTTP cache filters 06.11.2002 !!MARK IT 0.2beta ! Using UPX to compress 3proxy.exe 02.11.2002 + HTTP proxy now supports kepp-alive connections to HTTP server or proxy. It dramatically decreases number of outgoing connections and amount of DNS traffic. 01.11.2002 + Now proxy can catch Web server style requests. It means proxy may be used as a transparent proxy. Yes. It means you can redirect SOCKS requests with target 80 to HTTP proxy. ! Port check in ACL fixed ! Now proxy catches redirection by changed destination IP or port. If you redirect request to web server make sure it supports proxy style requests (IIS and Apache do). + HTTP proxy supports keep-alive. Now number of threads required significantly reduced. + HTTP CONNECT fully supported (both direct and redirected to another proxy). Now you can use our proxy for HTTPs. Or for spam :) Don't forget to set ACL for outgoing ports, cause now ports are not limited. 26.10.2002 + mycrypt utility added for making crypted passwords in NT and crypt/MD5 ! ACL check for strong auth corrected + HTTP proxy support for authentication (basic). Now you can use strong username/password authentication with proxy module. + Error messages added for HTTP proxy 25.10.2002 + NT passwords are now supported in 3proxy.cfg ! Public License Agreement changed to be more clear 24.10.2002 ! Fixed handle leak because of missed CloseHandle for threads in Windows 23.10.2002 ! Fixed POP3 proxy bug ! Strong auth changed to allow rules with * for username + MD5 crypt format passwords is now supported... Do we ever need DES? I will not implement blowfish - it's huge and rarely used. + More comments added to 3proxy.cfg.sample 21.10.2002 ! Fixed strongauth problem - ACL was not checked for authenticated SOCKSv5 users 16.10.2002 + Added support for SOCKSv5 cleartext password authentication + "strong" authentication is now OK (use it only for SOCKS) + added "users" config file command to specify username and password. Only cleartext for a while. 20.09.2002 ! Minor improvements in socket operations 17.09.2002 ! HTTP proxy changed to do not strip hostname from URI if target port is not 80. It allows to redirect requests to another proxy as well as redirect to different Web server via ACL. It will work for most servers (IIS, Apache) if target redirected to non-standard port of Web server, but may fail in some rare cases. Redirection to proxy should always work OK except if proxy is on TCP/80. + Added "redirect" ACL command. You can redirect request to another destination if ACL entry matches (that is by target or source IP, target port, username). ! Fixed documentation bug in 3proxy.cfg.sample ("authtype" instead of "auth") ! Fixed bug causing server to exit in native Win32 mode if "service" configuration option is not configured ! Outgoing SOCKS connections are handled in common way now. 07.09.2002 + added binding to external interface for outgoing connections ! Fixed bug causing username check in ACL always fail + Added ACL check for UDP map + Added "Single packet" services to UDP portmap (-s switch). Allows unlimited number of clients to be handled by portmapper for single-packet services (like DNS). 06.09.2002 3[APA3A]tiny proxy 0.1b initial release Features: 1. General + HTTP/1.0 Proxy + SOCKSv4 Proxy + SOCKSv5 Proxy (TCP only) + POP3 Proxy + TCP port mapper + UDP port mapper + Threaded application (no child process). 2. Logging + stdout logging + file logging + syslog logging (Unix) + log file rotation (hourly, daily, weekly, monthly) + automatic log file comperssion with external archiver (for files) + automatic removal of older log files 3. Access control + User authorization by NetBIOS messanger name + Access control by username, source IP, destination IP and destination port 4. Configuration + support for configuration files + support for includes in configuration files + interface binding + running as daemon process Unix + support for chroot + support for setgid + support for setuid NT + support --install as service + support --remove as service + support for service START, STOP, PAUSE and CONTINUE commands (on PAUSE no new connection accepted, but active connections still in progress) 5. Compilation + Microsoft VC++ (msvcrt.dll) + Windows/gcc (msvcrt.dll) + Cygwin/gcc (cygwin.dll) + Unix/gcc Known bugs: - udppm doesn't work if compiled with cygwin. Cygwin doesn't support recvfrom()/sendto() on connected socket, so recv/send is used instead... Not a big deal anyway. - udppm works without authentication Will be patched later. - socks5 doesn't work with UDP Not implemented yet Planned for future release: - Improvements to UDP portmapping - UDP implementation in SOCKSv5 - Ident authorization - SOCKSv5 password authentication - Signal handling on Unix (for pause/resume) - External filter API - Addon trafficshape, URL, antiviral, HTTP cache filters - HTTP/1.1 support $Id: Changelog,v 1.154 2006/03/08 18:44:00 vlad Exp $