19/12/2003 3[APA3A]tiny proxy 0.4.3b Memory leaks fixed in UDPPM and SOCKS->HTTP redirection 19/07/2003 3[APA3A]tiny proxy 0.4.2b Bug fixes backported to 0.4 from 0.5 tree 29.11.2003 + Copyrights added to banners !! Few signed/unsigned mismatches fixed (including potentially dangerous) 27.11.2003 ! 'redirect' now can be used with hostname instead of ip address 21.11.2003 ! POP3 proxy bug fixed 04.11.2003 ! '@' situation in username for POP3 proxy corrected (pop3name@pop3realm@pop3server) 03.11.2003 ! One more bug with 'archiver' causing 3proxy to crash on log archieving fixed 29.10.2003 ! Some threading safety is added for logging (inet_ntoa and ODBC re-initialisation) 28.10.2003 ! Bug causing daily log filename to work as weekly fixed ! 'daemon' example moved to beginning of configuration file 16.10.2003 + pidfile configuration option added + processing for SIGCONT (pause/resume) and SIGTERM (termination) added under Unix 01.10.2003 ! Weekly log filename now is generated by the date of last Sunday. ! Do not strip executable for Unix (must be stripped during installation). 21.09.2003 ! Bug fixed in "log" command processing (wrong buffer was used for filename generation) 16.09.2003 ! socksmapping algorythm changed to handle incomlete send() (for *BSD). 15.09.2003 ! mutex added to gethostbyname() to avoid thread unsafety. It slows down proxy if no nserver configured (it MUST be for *nix!) but prevents crashing on active usage. ! signal() handling is added for SIGPIPE. It seems to be some race conditions on FreeBSD between send() and gethostbyname() somewhere causing SIGPIPE on gethostbyname(). 13.09.2003 ! NULL reference corrected if rotate is given without archiver 11.09.2003 ! Few additional checks added for open()/fopen() to do not crash on invalid files in config ! Buffer moved from stack to heap in socks.c to eliminate crash on FreeBSD 10.09.2003 ! Bug in SOCKSv5 UDP mapping corrected. Now it works fine (checked with Unreal Tournament) with both SocksCAP and FreeCAP. 06.08.2003 ! Algorithm for SOCKS5 bind/udp assoc port selection is now intellegent enough to allow server applications to use same port number on socks server if available and not denied by access list ! SOCKS5 bind/udp assoc now matches incoming connections/packet with IP address from request in accordance to RFC 1928 to improve security 04.08.2003 !!! Bug fixed sometimes causing 3proxy to crash if parent proxy is used !!! UDP associate finaly completed and is fully functional (tested with SocksCAP on Unreal Tournament). !!! TCP bind code re-checked, and is probably working (doesn't work on SocksCAP because of SocksCAP bug !!! Socket leak on nbname auth fixed 21.07.03 + Web administration module created + Dynamic enable/disable for counters now available via web interface 19/07/2003 3[APA3A]tiny proxy 0.4 New features marked with !. Features: 1. General + HTTP/1.1 Proxy with keep-alive client and server support, transparent proxy support. ! FTP over HTTP support. ! DNS caching + HTTPS (CONNECT) proxy + SOCKSv4 Proxy + SOCKSv5 Proxy (TCP only) + Transparent SOCKS->HTTP redirection + POP3 Proxy + TCP port mapper + UDP port mapper + Threaded application (no child process). 2. Proxy chaining + Parent proxy support for any type of incoming connection + Username/password authentication for parent proxy(s). + HTTPS/SOCKS4/SOCKS5 and redirection parent support + Random parent selecttion + Chain building (multihop proxing) 3. Logging + turnable log format + stdout logging + file logging + syslog logging (Unix) + ODBC logging (Windows and Unix) + log file rotation (hourly, daily, weekly, monthly) + automatic log file comperssion with external archiver (for files) + automatic removal of older log files 4. Access control ! ACL-driven (user/source/destination/protocol or combined) bandwith limitation ! ACL-driven (user/source/destination/protocol or combined) traffic limitation per day, week or month + User authorization by NetBIOS messanger name + Access control by username, source IP, destination IP, destination port and destination action (POST, PUT, GET, etc). + Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP + Cleartext or encrypted (crypt/MD5 or NT) passwords. + Connection redirection + Access control by requested action (CONNECT/BIND, HTTP GET/POST/PUT/HEAD/OTHER). 5. Configuration + support for configuration files + support for includes in configuration files + interface binding + running as daemon process + utility for automated networks list building Unix + support for chroot + support for setgid + support for setuid NT + support --install as service + support --remove as service + support for service START, STOP, PAUSE and CONTINUE commands (on PAUSE no new connection accepted, but active connections still in progress) 6. Compilation + MSVC (msvcrt.dll) + Intel Windows Compiler (msvcrt.dll) + Windows/gcc (msvcrt.dll) + Cygwin/gcc (cygwin.dll) + Unix/gcc + Unix/ccc Known bugs: - udppm doesn't work if compiled with cygwin. Cygwin doesn't support recvfrom()/sendto() on connected socket, so recv/send is used instead... Not a big deal anyway. Planned for future release: - Web interface for configuration - Signal handling on Unix (for stop/pause/resume/configuration change) - External filter API - Addon URL, antiviral, HTTP cache filters 17.07.03 + ODBC changed to re-establish broken connection 11.06.03 ! #ifndef NOSQL changed to NOODBC 22.05.03 + strong auth now supported for POP3 proxy. Now, username can be in format proxy_username:proxy_password:POP3_username@pop3server 30.04.03 ! redirect function now do not change code of traffic limit error 24.04.2003 ! -M changed to -D for *nix makefiles 18.04.2003 ! HTTPS behaviour breaked by latest patches restored 15.04.2003 ! fixed handling of special characters and non-existing files in FTP over HTTP proxy. 12.04.2003 ! fixed behaviour of HTTP proxy on RFC-incompatible web servers (banners exchanges, price.ru, etc) - they terminate string with \n instead of \r\n. 10.04.2003 + nsrecord and dialer commands added ! Name resolution now occures right before authorization to prevent unauthenticated users from performing NS lookups and demand dial. 05.04.2003 + N (Never) option value added for counters refreshing 29.03.2003 + !!! FTP support for HTTP proxy added. 25.03.2003 ! Socks 4 bug fixed (was visible in Netscape) + Socks 4.5 support added (not tested) ! !! UDP portmapper code fixed 24.03.2003 ! Timeout, close on closed socket and FD bugs fixed in UDPPM 21.03.2003 + Proxy-Authorization now works for CONNECT (HTTPS proxy). 07.03.2003 ! counter command extended to allow traffic reports 02.03.2003 ! Bandwidth/Traffic limiting problems fixed ! gethostbyname() argument limited to 256 characters. It may be significant for Windows 27.02.2003 + !!! Traffic limitting feature added (counter/countin/nocountin) 26.02.2003 ! nobandlim processing changed ! bandlim/nobamdlim commands renamed to bandlimin/nobandlimin 22.02.2003 + !!! Bandwidth limiting features added (bandlim and nobandlim commands) 18.02.2003 + Mutext support added for inter-thread data access. Should improve stability. - debugging printf() removed from proxy, typo fixed in auth.c 10.02.2003 ! Changed to use WSASocket()/WSAAccept() instead of socket()/accept() under Windows 30.01.2003 ! Version of gcc changed (3.2). + nscache option added to 3proxy configuration for DNS cache. For a while caching is primitive (with no expiration). 27.01.2003 - \n removed from perror() calls 27/01/2003 3[APA3A]tiny proxy 0.3b. New features are marked with !. Features: 1. General + HTTP/1.1 Proxy with keep-alive client and server support, transparent proxy support. ! HTTPS (CONNECT) proxy + SOCKSv4 Proxy + SOCKSv5 Proxy (TCP only) ! Transparent SOCKS->HTTP redirection + POP3 Proxy + TCP port mapper + UDP port mapper + Threaded application (no child process). 2. Proxy chaining ! Parent proxy support for any type of incoming connection ! Username/password authentication for parent proxy(s). ! HTTPS/SOCKS4/SOCKS5 and redirection parent support ! Random parent select ! Chain building (multihop proxing) 3. Logging ! turnable log format + stdout logging + file logging + syslog logging (Unix) ! ODBC logging (Windows) + log file rotation (hourly, daily, weekly, monthly) + automatic log file comperssion with external archiver (for files) + automatic removal of older log files 4. Access control + User authorization by NetBIOS messanger name + Access control by username, source IP, destination IP and destination port + Access control by username/password for SOCKSv5 and HTTP + Cleartext or encrypted (crypt/MD5 or NT) passwords. + Connection redirection ! Access control by requested action (CONNECT/BIND, HTTP GET/POST/PUT/HEAD/OTHER). 5. Configuration + support for configuration files + support for includes in configuration files + interface binding + running as daemon process ! utility for networks list building Unix + support for chroot + support for setgid + support for setuid NT + support --install as service + support --remove as service + support for service START, STOP, PAUSE and CONTINUE commands (on PAUSE no new connection accepted, but active connections still in progress) 6. Compilation + MSVC (msvcrt.dll) ! Intel Windows Compiler (msvcrt.dll) + Windows/gcc (msvcrt.dll) + Cygwin/gcc (cygwin.dll) + Unix/gcc ! Unix/ccc Known bugs: - udppm doesn't work if compiled with cygwin. Cygwin doesn't support recvfrom()/sendto() on connected socket, so recv/send is used instead... Not a big deal anyway. Planned for future release: - FTP proxy support - Web interface for configuration - Signal handling on Unix (for stop/pause/resume/configuration change) - External filter API - Addon trafficshape, URL, antiviral, HTTP cache filters 27.01.2003 !!!!!!!!!!!!!!!!!!! ! Tagging as 0.3b ! !!!!!!!!!!!!!!!!!!! 24.01.2003 - Fixed to use INVALID_SOCKET instead of -1 (for Windows compatibility) - Fixed problem with threading support under gcc. Now ODBC logging seems to work always. ! strncasecmp removed. Changed to use strnicmp for Windows. 21.01.2003 ! 0.3 development frozen to only bugfixes - bug fixed causing 3proxy to crash with NULL pointer reference on transparent web redirection - SQL support removed from default (gcc) compilation 20.01.2003 + ODBC logging (yeah!). For a while it works stable only if compiled with MSVC or Intel compiler. 17.01.2003 - bug introduced yesterday into CONNECT code cleaned 16.01.2003 + timeouts command added 13.01.2003 - daemonizing code changed to work correctly on buggy libc (FreeBSD) (pthread_* doesn't work after daemon()) - logging code changed to work correctly on buggy libc (FreeBSD 4.4) (freopen "a" mode doesn't work as expected on stdout) 12.01.2003 ! License is changed to prohibit modification and commercial use 11.01.2003 ! All makefiles are made uniform + Makefiles for Compaq C complier (Makefile.ccc) and Intel C Compiler for Windows (Makefile.intl) added + Makefile.msvc added for Microsoft Visual C Compiler ! proxy.dsp removed 10.01.2003 + Now checked to compile with Compaq C Compiler under linux on alpha platform + logformat configuration command added for custom log entry format ! Unix version changed to use gettimeofday instead of ftime to avoid -lcompat issue. 09.01.2003 ! Randomizer changed for proxy chaining ! Code cleaned: Makefile, signed/unsigned conversions, etc. ! Typo fixed preventing from compilation under *nix 08.01.2003 + dateformat command added ! Log format changed!!! + Control for different operations (CONNECT,BIND,HTTP_*, etc) added to ACL, see 3proxy.cfg.sample 25.12.2002 + Proxy chaining now is fully operational!!!!! + SOCKSv4 and SOCKSv5 client code added for chaining + HTTP connect authentication added for chaining + Parent authentication for HTTP proxy added - Problem with "Connection: close" resolved (if HTTP server time outs or closes connection). 24.12.2002 + Proxy chaining works!!! (for a while only HTTP CONNECT proxies are supported and no parent authentication). Logging is updated to include number of redirections (parent proxies) in square brackets. See config.sample for example of "parent" command. 23.12.2002 ! Transparent proxy operations improved, logging corrected + Added base code for proxy chaining ! Redirection code rewritten 23.12.2002 + UDP ASSOCIATE added (but not tested) to SOCKS. ! Additional logging added to socks proxy + Local HTTP proxy redirection added (for SOCKS). 01.12.2002 ! closesock() problem _finally_ patched... 30.11.2002 ! Makefile.unix corrected ! Do not process $ in included files for 3proxy.cfg ! Common error codes are unified 29.11.2002 + nserver example added to 3proxy.cfg.sample 28.11.2002 - fixed closesock() instead of close() call on 3proxy.cfg included files for native Windows. 27.11.2002 ! Minor changes in docummentation + dighosts utility added 22.11.2002 - Few problems corrected in logfiles rotation 20.11.2002 - SOCKSv5 bind() reply corrected. 19.11.2002 + internal resolver added to avoid usage of thread unsafe gethostbyname(). nserver configuration option added to config file. ! HTTP proxy behaviour slightly changed to be more compatible. 06/11/2002 3[APA3A]tiny proxy 0.2b Initial release. Features: 1. General + HTTP/1.1 Proxy with keep-alive client and server support, transparent proxy support. + SOCKSv4 Proxy + SOCKSv5 Proxy (TCP only) + POP3 Proxy + TCP port mapper + UDP port mapper + Threaded application (no child process). 2. Logging + stdout logging + file logging + syslog logging (Unix) + log file rotation (hourly, daily, weekly, monthly) + automatic log file comperssion with external archiver (for files) + automatic removal of older log files 3. Access control + User authorization by NetBIOS messanger name + Access control by username, source IP, destination IP and destination port + Access control by username/password for SOCKSv5 and HTTP + Cleartext or encrypted (crypt/MD5 or NT) passwords. 4. Configuration + support for configuration files + support for includes in configuration files + interface binding + running as daemon process Unix + support for chroot + support for setgid + support for setuid NT + support --install as service + support --remove as service + support for service START, STOP, PAUSE and CONTINUE commands (on PAUSE no new connection accepted, but active connections still in progress) 5. Compilation + Microsoft VC++ (msvcrt.dll) + Windows/gcc (msvcrt.dll) + Cygwin/gcc (cygwin.dll) + Unix/gcc Known bugs: - udppm doesn't work if compiled with cygwin. Cygwin doesn't support recvfrom()/sendto() on connected socket, so recv/send is used instead... Not a big deal anyway. - socks5 doesn't work with UDP Not implemented yet Planned for future release: - UDP implementation in SOCKSv5 - Signal handling on Unix (for pause/resume) - External filter API - Addon trafficshape, URL, antiviral, HTTP cache filters 06.11.2002 !!MARK IT 0.2beta ! Using UPX to compress 3proxy.exe 02.11.2002 + HTTP proxy now supports kepp-alive connections to HTTP server or proxy. It dramatically decreases number of outgoing connections and amount of DNS traffic. 01.11.2002 + Now proxy can catch Web server style requests. It means proxy may be used as a transparent proxy. Yes. It means you can redirect SOCKS requests with target 80 to HTTP proxy. ! Port check in ACL fixed ! Now proxy catches redirection by changed destination IP or port. If you redirect request to web server make sure it supports proxy style requests (IIS and Apache do). + HTTP proxy supports keep-alive. Now number of threads required significantly reduced. + HTTP CONNECT fully supported (both direct and redirected to another proxy). Now you can use our proxy for HTTPs. Or for spam :) Don't forget to set ACL for outgoing ports, cause now ports are not limited. 26.10.2002 + mycrypt utility added for making crypted passwords in NT and crypt/MD5 ! ACL check for strong auth corrected + HTTP proxy support for authentication (basic). Now you can use strong username/password authentication with proxy module. + Error messages added for HTTP proxy 25.10.2002 + NT passwords are now supported in 3proxy.cfg ! Public License Agreement changed to be more clear 24.10.2002 ! Fixed handle leak because of missed CloseHandle for threads in Windows 23.10.2002 ! Fixed POP3 proxy bug ! Strong auth changed to allow rules with * for username + MD5 crypt format passwords is now supported... Do we ever need DES? I will not implement blowfish - it's huge and rarely used. + More comments added to 3proxy.cfg.sample 21.10.2002 ! Fixed strongauth problem - ACL was not checked for authenticated SOCKSv5 users 16.10.2002 + Added support for SOCKSv5 cleartext password authentication + "strong" authentication is now OK (use it only for SOCKS) + added "users" config file command to specify username and password. Only cleartext for a while. 20.09.2002 ! Minor improvements in socket operations 17.09.2002 ! HTTP proxy changed to do not strip hostname from URI if target port is not 80. It allows to redirect requests to another proxy as well as redirect to different Web server via ACL. It will work for most servers (IIS, Apache) if target redirected to non-standard port of Web server, but may fail in some rare cases. Redirection to proxy should always work OK except if proxy is on TCP/80. + Added "redirect" ACL command. You can redirect request to another destination if ACL entry matches (that is by target or source IP, target port, username). ! Fixed documentation bug in 3proxy.cfg.sample ("authtype" instead of "auth") ! Fixed bug causing server to exit in native Win32 mode if "service" configuration option is not configured ! Outgoing SOCKS connections are handled in common way now. 07.09.2002 + added binding to external interface for outgoing connections ! Fixed bug causing username check in ACL always fail + Added ACL check for UDP map + Added "Single packet" services to UDP portmap (-s switch). Allows unlimited number of clients to be handled by portmapper for single-packet services (like DNS). 06.09.2002 3[APA3A]tiny proxy 0.1b initial release Features: 1. General + HTTP/1.0 Proxy + SOCKSv4 Proxy + SOCKSv5 Proxy (TCP only) + POP3 Proxy + TCP port mapper + UDP port mapper + Threaded application (no child process). 2. Logging + stdout logging + file logging + syslog logging (Unix) + log file rotation (hourly, daily, weekly, monthly) + automatic log file comperssion with external archiver (for files) + automatic removal of older log files 3. Access control + User authorization by NetBIOS messanger name + Access control by username, source IP, destination IP and destination port 4. Configuration + support for configuration files + support for includes in configuration files + interface binding + running as daemon process Unix + support for chroot + support for setgid + support for setuid NT + support --install as service + support --remove as service + support for service START, STOP, PAUSE and CONTINUE commands (on PAUSE no new connection accepted, but active connections still in progress) 5. Compilation + Microsoft VC++ (msvcrt.dll) + Windows/gcc (msvcrt.dll) + Cygwin/gcc (cygwin.dll) + Unix/gcc Known bugs: - udppm doesn't work if compiled with cygwin. Cygwin doesn't support recvfrom()/sendto() on connected socket, so recv/send is used instead... Not a big deal anyway. - udppm works without authentication Will be patched later. - socks5 doesn't work with UDP Not implemented yet Planned for future release: - Improvements to UDP portmapping - UDP implementation in SOCKSv5 - Ident authorization - SOCKSv5 password authentication - Signal handling on Unix (for pause/resume) - External filter API - Addon trafficshape, URL, antiviral, HTTP cache filters - HTTP/1.1 support $Id: Changelog,v 1.22 2003/11/29 10:58:28 vlad Exp $