smithproxy (0.9.32-5) bookworm; urgency=medium Smithproxy-0.9.32 - 240f592 build - add channel to directly specify distribution type - 32aa94c build - remove deprecated custom socle version arguments - 02199f3 build - fix git version trimming, more logging - 6d15e7b build - fix git version trimming - c2119db adapt build script to be tolerant to tags prepended with no... - 0c72c21 well, fix another patch zero release issues - 6bc4913 remove devel flag - 83abccf version 0.9.32 - apply socle - 187e1db apply socle - 3f4d31a policy.addr - yikes, remove debug message - 3d874c0 policy.addr: use unique_ptr with custom deleter - 561fb02 snap: fix license string - a879c50 Update build-ubuntu-22.04.yml - 1368861 Update build-ubuntu-22.04.yml - 81ce98b Update build-ubuntu-22.04.yml - 4de7a85 Update build-ubuntu-22.04.yml - 7b3c05e snap - fix long-lasting issue with snap builds - c1fb3f5 shmauth - use internal standard function to split a string - 2fa42cd apply socle - 58e3947 apply socle - don't include execinfo.h on Alpine/MUSL plat... - 4b8d42c access-filter: add feature allowing sending webhook early - 31834df cfg - add tpool and webhook debugs config controls - 9ebe333 tpool and webhook debugs set to default false - ebe531f cli - add a little change to display running task log with ... - d08e719 http async - rework logging options - dc8c312 thread pool - reflect API change in sx::http::AsyncRequest ... - 1d5d9e3 thread pool - add pool task diagnostic info collection - 99f4800 worker pools - refactor tasks from lambdas to classes - 0fb5eb3 cli - log if config change was made - 3465f7d cfg - add controls to alert logging into event list - fbb3eb5 apply socle: - 0fee7a0 apply socle - add option to suppress TLS errors in event l... - e45a506 cli - more diag info about thread pool - 4dcd590 wrap task call in exception handler - ee95307 apply socle - f077eb1 webhooks - support stale connection detection - 5d1e3f4 thread pool - make robustness improvements - 5b21815 Merge remote-tracking branch 'origin/master' - ed46561 apply socle - 615ec21 apply socle - 8352b89 add simple neighbor stats CLI command - b086e6d increase max neighbor entries to 8k - 4e5987b apply socle fix - ed1e8b7 async http: make copy of url and payload for thread safety - b05a1f0 enhance a bit diag proxy list - e773ab4 apply socle fixing signature match - a8bc316 add neighbor periodic update feature - 0008b8d cli: request neighbor update using a new address list param - 0c25b42 neighbor API improvements - 7294297 max size removal and some more logging - b38914f fix issue with multiple HTTP commands per controller - af3d3d8 allow GRE socket to bind to specific interface - 530ba6d allow binding to interface/IP also for webhook traffic - b9c0a88 nbr: fix introduced issue when new neighbor webhook is sent... - e313336 add diag cli to trigger a neighbor ping/bulk update webhook - ef2b9e3 add diag commands + reorganize webhooks a bit - e86f25e nbr: rename API param to more fitting 'hostname_tags' - dbf5514 add for_each() to NbrHood - 9eb976e webhook fix: call on_reply() in default_callback implementa... - 1c3bdad allow neighbor updates in reply to new neighbor webhook - 7d0eef4 decouple API parts from webserver dispatched functions - 4e17ebb add CLI and API endpoint to manipulate neighbor tags - ab6e099 add tags update function - ea21173 add a "tag" string - 032cca7 add safety try/catch block when dumping json to a string - 0cfe1aa apply socle - 0d8c958 apply socle - c565a22 add mutex to update() call - 7d9cebc add http api binding and access restrictions - 631b01a update new neighbor on its creation too - 69128e0 increase default neighbor cache size to 4k entries - 1ef9690 install simple portal-cert display tool, too - 3ff0ec0 neighbor: added facility to save labels into neighbor data ... - 64cffd5 save state on exit - 90bfe47 neighbor: add some more accounting information - 692c201 nbr: make daily stats actually a dict - b423805 nbr API - update() makes better sense now - e2afa85 change default portal cert validity to 1y - 69a82f3 add authenticated API endpoint to reload custom certificates - ca38879 neighbors: load state on startup from json file - eba2c1c serialize out neighbor info to capture directory - 2826187 neighbors: add restore part of serializing from json - b20edc7 neighbor: add serialize out, add raw parameter to neighbor API - 206c871 make neighbors to_json filterable, expose `max_days` API pa... - 3fa0495 add authenticated API /api/diag/proxy/neighbor/list endpoint - d10efe8 add also Neighbor singleton's to_json - 47ea9f0 LRUCache tweak - make mutex mutable, allowing const functions - 955be2a add to_json to Neighbor - 6804fbb refactor neighbor monitoring and display functions - 76b4923 http1: Host IP is actually a peer()'s IP - d106603 http1: fix yet another place where Host: is not populated - b516c4b http1: fix request with ? but empty params - 8dca753 webhook - add detected signatures into webhook data details - 1b8c274 http1 - use IP address if Host header is not found in request - 6e48c38 apparmor rules update - 4f02137 refine webhook enablement conditions - efd8b2d add error tracking to webhook stats - f604fe6 add webhook stats tracking and http session cleanup - 025bcc9 fix response access and webhook override logic - a7e0e66 fix shameful copy-paste typos :) - 25a22cb implement dynamic webhook registration using API - 984e000 Add enhanced proxy session listing - 78c4ba9 Merge remote-tracking branch 'origin/master' - 580f67b override `run_timers` in MitmProxy - e578bbf set SO_KEEPALIVE if content_webhook is called - 2274cca little tweak in content replacement logging - b3838ed - add content profile functionality to allow inline change ... - 2256b68 expected_reply type is now available in whole sx::http name... - 5348497 log final version of captured data if content replacement i... - 51bbb6f adapt new changes in socle (support custom client certifica... - b6c510c fix rare crash on TLS diag command - 2757dfa add possibility to bypass tproxy for specific connection si... - 543c49d access-filter should trigger also when first data arrive fr... - fcf68ae fix curl resource leak, add retry mechanism and curl debugg... - c001b05 don't pass the string directly to printf-like stuff - 533a5bb add socle fix - cccfc8a support new socle TLS features - b5689b8 add better control over proxy spraying behaviour - b18a9b2 adapt changs in socle and lmhpp - 3b438dc fix buffer boundaries check - bc4b9e5 join API and other threads only if joinable - 3e34ad6 don't wait for API server start() to finish, it runs forever - 07021fb Merge PR #42 from DimitriPapadopoulos/codespell - c8cd8d4 don't update neighbors with internal connections - 13bd565 protect staticcontent with a lock and clear previous proper... - 30fc735 nltemplate - allow access to properties - 38c2a8f debian11 - add apparmor to suggests too - 8ce0cb4 packaging maintenance - 968f1a6 remove potential deadlock condition - 8c32715 Add global instance OID to webhook ping - 8966b11 Report all live proxy OIDs on ping - 3f2c55e decouple object API from HTTP API - bc3e0e2 fix FLTO to run in parallel - 075fcad add targets to repoman - 971b460 fix size_t formatting - a518b21 infra: add wip repoman - repository file generator - 8376eac infra: drop latest files, script unused code and test exist... - 04ed8b8 Merge remote-tracking branch 'origin/master' - cfb55ed fix again changelog, add synopsis - fd6b647 fix again changelog, add synopsis - e317cf9 let's revert and use - instead of * - e6b47e7 less spacing in debian changelog - d02864f fix trailing / in path, don't write into changelog on error - b1820a8 fix changelog generator names - fba1894 changelog changes (wip) - unfortunately nothing will be tes... - c98d7ed introduce new changelog generator (wip) - 6edee68 debian building script will now upload packages to `ARCH` s... - 76e1432 Update ReleaseNotes.md and introduce a new QuickHowto-Webho... - 67cdff8 don't use cmake fetchcontent - 2384ed8 add PYTHONPATH to snapcraft.yaml - 3e544f9 add a possibility to load fullchain.pem for custom certific... - 944f679 QuickInstall-Mitm.md typos and wording - 1be1c7d add QuickInstall-Mitm.md to document bootstrapping mitm cap... - 5c743be add localtime to debug and release crashlog - ba130b4 mitm - stop filtering if set dead by a filter - d2bb116 mitm - don't proxy if marked dead - 8f11390 access filter - mark connection dead if rejected - e650006 add response to `to_json`, later added to `connection-info`... - 0904207 upgrade schema - b96fc7a remove unused parameter - 1d6a372 add synchronous webhook emit versions - a204eaf improve 'connection-close' webhook - add interface Applicat... - fedb545 introduce L7 history - d389b5a engine improvements - 27b754a Fix misspellings found by codespell - f09855a remove unused parameter - 66965b3 move event "id" to root of the json sent with webhook - 6926983 make webhook detail a static string key - 52cf7ff add support for toggling packet checksum calculation on tra... - 651aa78 fix issue with saving upgraded schema into config file - 617fbda webhook improvements - 553f47c add boot_time random number - c65da5f utilize ClassChar from baseHostCX and don't do expensive dy... - 310a236 don't send empty connection-info webhooks - c8df8d4 fix a bug where policy features are applied only if auth-pr... - 4632ac2 change neighbor action from too generic "new" to "neighbor" - de42484 save disabled status only if it's configured (not if policy... - b6dee62 create a mechanism to warn if parts of the configuration we... - c7ca357 fix policy feature save problem - 011ab98 enable "statistics" filter and make it available in config - 208f438 webhooks - create generic webhook send_action; args: action... - 7fc8ad3 improve proxy filters, add to_json functions - 758bf87 FlowAnalysis::aggregate: aggregate ratios to (default) 1000... - 82c016f add StatsFilter, which computes entropy, skew and similar m... - d6d3c60 mitmproxy: add qol 'to_connection_label' function - 8ca3127 make mechanism to proxy filters update states - eb3b66c apply socle fixes - 93f4ba8 use lazy_ptr and move values to a struct for a better organ... - ae1b6e1 add utility Singleton and lazy_ptr classes - lazy_ptr creat... - 30420f6 sync in socle and lmhpp - a0784a4 re-do connection closing logging to further implement webho... - 4d358ed use portal certificate for API service (instead of default ... - a5217d2 make webhooks a little bit nicer, create "ping" webhook - dcf5a37 change KB limit defaults, allow infinite KB logging - 60a5598 add first practical webhook action when new neighbor is det... - 1c75190 add webhook infrastructure + CLI testing command - a18fe0d Update build-ubuntu-22.04.yml - 3275141 Delete flawfinder-analysis.yml - 0529fea Delete codeql-analysis.yml - 6a6913e Create build-ubuntu-22.04.yml - beaa2a7 debhelper: set compatibility level to 12 - 7b4ba51 add procps package to debian build dependencies - a197e82 add docker builders for debian:12 - b61140a add debian 12 support for creating deb packages - 23bfba1 createdeb - fix multitude of security and reliability issues - 10bdab2 add --branch to sx-builder tool to override config file set... - d2ae1d6 fix few shell issues in createdeb tool - a6f3320 add a curl-based, light HTTP Request class - de68f06 add utility thread pool - to handle short-lived, synchronou... - 2600044 improve debian from sources build - 19865f5 add neighborhood lru database - 003a6dd apply lmhttp: timeout wating on empty POST request - b8b56e7 apply socle: don't access event details without a lock! - e7db3e8 update deb compat and control - 52965ad apply socle + adapt CLI commands - c794a40 socle - fix uninitialized certificate chain array - 087a028 apply socle changes and fix broken starttls - 2bd3a3c add socle changes + adapt CLI - a6b6259 apply socle - fix custom certificates - 1c92ea3 fix sx-network exceptions for local addresses - 54df293 apply UDP fixes in socle - 24d9cef fix annoying replacement HTML formatting issue - 90f0fd3 apply socle - ba7778f fix datagram - don't allocate negative sizes - 50900fc fix incorrect logging - aee1d11 Merge pull request #39 from astibal/load_db_filter - 362509f update readme and release notes - d9227d5 add `features` tag list into policy - 84a0302 filter objects should be easy to create and tweak - 672ee4e fix index out of bounds read when arguments are filtered out - e23b423 they say `using` better - 0e21187 rework proxy filters - 7c127db unify proxy logging category - 94c482a remove ugly locked_ code, use standard lock_guards - 965172b add another custom certificate mechanism - target IP address - 438e21e apply socle + change cli `diag ssl` to `diag tls` - cad79c0 implement custom server certificates (based on SNI from cli... - d5af518 apply socle changes - 4fcdbb8 fix snapcraft.yaml version - b488160 set snapcraft.yaml branch to release-0.9.31 - e43dc08 update Release Notes - 4014cb9 update Release Notes - bc7f302 don't generate crashlogs on program exit for Release builds - 2e8fe35 consider status as terminated when proxies are down - e04e323 don't join threads from CLI thread - 16f71a1 slash matters! - 2dd1abc enable KTLS for kernel-assisted crypto in OpenSSL 3.x - cdfa705 introduce CA single-file bundle support - 1cd9ba1 improve sx-builder.py to use ssh-keys and different ssh user - 68fd625 re-add nlohmann::json as a fetched project from cmake - db0c916 add modern cmake to ubuntu 18.04 build - 9757c67 UB ASAN should not be enabled by default - a8d4876 add UB ASAN build support - c456a63 add UB ASAN build support - 58d1f5d apply UB fixes in socle - 0b320f7 fix UB - use of moved object - fe62c3e remove remnants of --tenant-index options (deprecated already) - 512c9ff build support improvement - 5266c08 add script running docker images - 2fcf772 add docker images based on compiled .deb packages - 04bd488 if enabled, make ASAN to display leaks each 30s - 3192932 remove -i option and add mandatory argument for -t - c1d2fa7 add clang support - 7ba1339 fix clang reported warnings (errors with -Werror) - 8d6794a fix incorrect processing of -o and -c arguments (issue #32) - 8f195cb ok - remove timestamp from build - e373053 disable string truncation warning - a287545 refactor init_syslog - use AddressInfo - 29f9681 C++20 requirements - 51499ac print foreground statistics - 0f7114e adapt socle changes - loglevel level and topic atomicity - aba028f fix compile errors on armhf platforms - 6b62315 apply socle changes - 7f64791 kb initialization fix - asan reported issues - 1b3b930 apply socle changes - ebd6b05 better SIGINT handling - bf6b185 well, let's not forget TCP/UDP are L4 protocols :) - 0c37340 FqdnAddress - don't lock DNS cache - e6b4687 don't call sock5_handoff for UDP in proxy message handler - b33bfb9 Add 'Coverity' cmake build type - 0a1c344 proxymaker - use smart pointers - a03e27b code improvements and modernization - fcabd29 apply socle changes - 0d57cae const-fu in CLI code + apply socle changes - 2a5ee33 Service::abort_sleep() now uses thread_safe nanosleep() ins... - 9b9283e rework and improve DNS refresh/expiry thread - 77cbe1b adding forgotten patches for DNS server list - 3274c9b when receiving DNS response, don't create epoll context whe... - fc63343 fix crash when no DNS response is received, or destination ... - 6c9ca19 DNS nameserver lookups improvements - 624fed4 DNS - use buffer::set_at - 4646fff fix sock5 premature proxying - 7b675e4 socks5 - add is_ssl flag for future use - a81c559 add routing setup - destination is now changed if routing p... - a98641b add missing includes - 07a3a3f cli/cfg - if new entry is added, add also 'name' and 'routi... - 187dc9d Socks5 - replace SockInfo with AddrInfo - 47d1288 apply socle changes (decouple SockInfo src and dst structures) - 42fa84d current session counter - 3608127 socks5 - improvements - 96a00d2 apply socle changes - 40aa840 apply socle changes - 25eabd7 evolve and modernize lockable class - bbda0e2 mitmproxy - don't continue with proxy() if from buffer is e... - 66d7b9c to_read returns now lockbuffer now - 26f8ab3 keep core18 and core20 snapcraft files for reference - a1695aa snapcraft - use core22 - f11bf65 drop request when: - 853f965 configurable option to compiler to unroll short loops - f4175a6 add UDP optional data for session tracking - 13c6213 socks5 code rearrangements - 29676b4 apply socle changes - 0a16526 extend poll timeout even further - 5498e36 use new generic response mechanism and respond with a strin... - 6f07ab1 add more generics into http server processing - ce39531 apply socle changes - 2863589 fix GET responses - baefd9f add some generalization to http responder - 8ed671d use compatible variable time_t types + const-fu - d4cd405 first UDP SOCKS5 feature implementation - incomplete - dc948f1 apply all good changes in socle - c91cb8f add socks5 udp receiver stats into 'diag worker list' - b3ff203 set -Werror and -Wno-unused-variable - 0b04a50 apply socle changes - 8c50d5b remove MitmHostCX "final" restriction - 8371957 fix SOCKS5 UDP thread startup - 657a696 fix malformed connect response - 83218af handle UDP associate socks5 request - c9f2d70 tidy a bit socks code - d8047eb infrastructure for udp socks5 support - 088f999 better protocol visibility; set protocol from inspectors an... - bc8603f apply socle changes - 834c2a7 apply socle changes - 2e82a9a apply socle - f07a284 supposedly innocent conversion fixes - 6a699e8 build only Debug tests - d7ec109 add cli 'end' command to return up, to parent section - 4de1b9a fix compile errors when USE_PAM is disabled (it's enabled b... - c7b5a9b config syntax change - address_object 'type' attribute set ... - 6301f6f improve a bit policy list in CLI - bd53c7a HTTPS API improvements - 4e51390 enable CLI user login - 6c5cf0c move enable password from CliState to CfgFactory - 83a5323 add libpam (and its distro name variations into build depen... - 082bdb5 add admin group mechanism - 7288aa2 add test for group membership if PAM is used - f8fadfe enable system level authentication using PAM (WIP, don't use) - acdd62e refactor duplicate code into separate functions - 1adeb22 small api fix - 58d8874 API server changes II - 7f05433 API server changes - b276d68 move all http handlers out from httpd code to separate module - b66ae3e code beautification :) - b40310e add 'ips' into optional 'diag proxy session list' command - 99d351f few code improvements - 46d396d apply socle changes - 7239776 const-fu - 7870c33 apply socle changes - 5e13263 apply socle changes - 67bb313 rename/refactor SNI access functions - 478c2c9 eliminate expensive dynamic_cast in starttls - c65688b eliminate expensive dynamic_cast - 230e2fd apply socle SSLCom makeup - 9a97e3e apply logging redux in socle - 2aed73c apply socle fix UDP bind->connect data race - e4bd038 remove google default dns servers - complain if config is m... - c39cbb8 http api - add /api/config/uni/get controller retrieving co... - 1b74e55 add libconfig::Setting -> nlohnman::json conversion functio... - 76f7552 httpd api - add example query parameters - d759ed6 implement API for 'set' operations - ede13ae refactor some cli-cfg code to be generic to be usable with API - 51eaeed cli - additional fix for config change by current update su... - 3706443 updateboard - add mechanism to recognize current client cha... - e158108 refactor and generalize cli-to-config code to be reusable b... - b5e095d reload CLI when config changes, sync with socle - bca3688 CfgFactory::save_config - return bool, not int - bb51f2c cli - mark config change on UpdateBoard when element is rem... - a524bf6 cfgapi - add more robust change/save detection - 900f60d cli - add warning if config is changed on the background (i... - ab07a9e api: add universal config element controller - 7186d50 fix cfg_status_response - 65b8890 add configurable option whether API should listen on all ad... - 93f0027 move convenience params and response to jsonize.hpp - 33d3bea pass HTTP request body data to controller handlers - e977f61 make TimedOptional::expired_at const (and return by value) - 3d8e0cc add simple CLI command to display http API database - 0989686 decouple CLI from config changes for ADD operations - 401cf56 move config change from CliState (now removed) to CFGFactory - b8f89c6 cli add refactor - working wip - 1b6761c wip - httpd - oops, default timout should be 3600s - 7ba0040 wip - httpd - token timeout mechanism added - d7e1cad wip - httpd - log message wording - 934bef3 wip - httpd: add http access keys support to smithproxy - 28d0962 wip - httpd: log access and request violations - 4fc97d3 wip - don't allow in empty tokens if db is empty - 27dcb16 wip - tokens are now taken from CRNG via openssl - 923c5ff wip - webserver refactor names ... to be shorter/nicer - 89128aa wip - add access-level controller decorators - 1b0a3a8 wip - httpd updates - c7b5b61 wip - make http server data infrastructure - 3f031de adart to lmhttpd changes - 80a0552 use socle and refactored virtual SSLCom::ssl_error_details() - 452aade implement logging event details data and its CLI support - e670469 mitmproxy - refactor id policy apply code - 42311dd small code cleanups - 968d33d adapt to socle commit: modernize SSLFactory class - 30dc095 smaller code cleanups - cb027db adapt socle changes in TYPENAME_ macros II - ef39271 adapt socle changes in TYPENAME_ macros - be971fc apply socle - 8329774 remove old FIXME comments, prevent lgtm to complain - 2be39fb smarter kb/node quota management - f701496 less demanding http/1 engine signature - 4f619c9 make mitmhostcx final + code cleanups - f0ecf35 add to auth thread also timeout checks - 7ef3e1c socksproxy code cleanup - 9b98bb5 fix http/2 frame parser boundary checks - 5736ae3 smarter kb/node quota management - a2cedd0 make KB and Node infrastructure to clean older entries + co... - 2193d36 add basic CLI KB tools into exec tree - 6d03895 watch your back and nullptr - 6570e70 rename some kb files to node_* - 4869d4e rename some kb files to node_* - 10b14c4 add kb tree infrastructure + tests - c2e3145 add config variables for engine and kb control - 320ecd4 fix incorrect formatting literal - 64d60df add events on smithproxy start and config save/upgrade - 538b2bc add more events + socle sync - d4e1c7e add some CLI commands to see/clear event list - d1faba3 apply socle changes - efc0fe9 apply socle changes - 20a7369 set devel flag - 76a0615 update release notes with 0.9.30 info (!) - c06d00f removed OpenSSL 3.0.0 stuff 2 - 7e86fcc removed OpenSSL 3.0.0 stuff - 2eb2377 more changes needed for ubuntu 22.04 - ea7aaf6 fix silly typo - d8b9d28 build script - dependency for ubuntu22.04 - 3be1015 WIP merge release and debug build scripts + add ubuntu22.04... - 89353ba update readme - 2477289 version bump - 65685d4 code cleanups - ca7c9f7 code cleanups - 828e6f1 fix http2 frame parser crash (uncaught exception) - 2589ea2 fix http2 headers parser crash (uncaught exception) - 8714f06 hostcx - code cleanups + socle sync - 62ee116 logrotate.d fix - 4c60a2a deamon - fix harmless leak on exit + append crashlog - d4e511e empty buffer processing guards + socle sync - e4d8bf8 set dev flag - 7866a3b set dev flag - 13d6de5 make http/2+DoH use of a new AppHostCX::MODE_CONTINUOUS - 84ac61a http/2 + DoH work (wip) - 446d054 ApplicationData abstraction now holds generic key-value pro... - 911686e dns proto - const-fu in various places - 57f50d6 don't link with libz - fix debian10 build - 3ee5441 few fixes in snap and config reload - d0514e6 update release notes - ... and snapcraft.yaml - 6bd3191 bump version - bbd1ade introduce http2 engine in release code - d076539 apply socle - 4603faf rename flow member element from flow_ to data_ - original ... - 0d6065b add some more http/2 code (inactive atm) - d1d6349 don't enable http/2 yet - 17b5a3c Merge remote-tracking branch 'origin/master' - 29730fd refactor http v1 engine to use buffers and string_views - 22397e1 apply socle cleanups and add CT warning - c572340 code cleanup - ce6a95b remove a redundant shutdown call - d033ff2 standing behind Ukraine - 8c7ec0f accomodate socle changes - 93e2099 ehm. no redis and use pool in cmake - f63112e cmakelists - enable asan based on cmake variable - ee9fd13 hpack - fix mem leak - d650cbd sync with socle - 5818de8 more hpack rewriting + tests - 1a81e2f http/2 engine improvements - 01c21d3 hpack - adapt to new header storage - f9438cd hpack - change test suite to use header multi-value - dc5c734 headers can have multiple values (ie cookie), use header st... - 5791318 hpack - fix testing suite data - e377a02 fix use after free bug - bccb898 beautify and rework tables (tables freshly copied from RFC) - 8853c5d fix table size typo (+ tidy) - 06afb18 logging capture tweak to compile with gcc 7.5 - 90e5895 ... of course disable http2 engine atm - 5650144 more appropriate debug messages order - 14b6917 hpack fix huffman table, tests - 897f364 refactor HTTP1 code add add wip-grade HTTP2 engine (off in ... - e679c8b socle sync - b0d6302 add hpack - WIP - note it requires lot of work - 606aacd refactor http1 engine into new sub-namespace and directory - 627b9af replace logging level not dependant on host cx - fdaf8a5 sync with socle - d173163 add crlf when hex_dump debug info - 79e8776 add boilerplate code for redis support - a04663a Socks5 IPv6 features - 57ee468 fix CLI payload dump, print limited-size chunks until 20k cap - 6d155e0 add mitmproxy 'com.proxy.payload' logan - 2ec65d9 add logging context filtering feature - d660851 apply socle logan_attached wipe - 227544c optimize and call authentication handler only on session start - 7995321 fix total bytes counter broken by previous buffer fastlane ... - 98bc5ce sync with socle - c0d3a23 socle - optimize buffer handling: after certain volume move... - 0959e34 reflect recent socle changes - 80606d2 socle sync - 6830c43 apply important socle fixes + some logging discrepancies - c11986c fix forgotten unique_ptr proxies occurrence - 6092bbd apply socle fix - 378c4cf apply socle UDP TLC and add diag to see UDP connection cache - 6c9c04c clear acceptor proxies when stopping smithproxy instance - 022d789 netservice: fix missing unique_ptr return types from prepar... - 3ec5599 asyncdns uses smart pointers - 6da5a38 minor cleanups - d7313f3 fix dns inspector to loop unnecessarily - 81be765 refactor bootstrapping code to use smart pointers - 407131d add forgotten MEMPOOL_DISABLE - fffbc0f rename ptr caches to suit cli debug parameter setting - 38abe82 add a new development option to workaround mempool allocation - eb2a8fb add extra debug option to cmake - 6cdbbaa mitmproxy cleanups - 0df8d15 mitmproxy - use identity_ unique_ptr - 3d00a6a sync with socle - 0528d3e sync with socle - bcd45b4 sync with socle - 2a763ff don't inspect ipv4 broadcast and ipv6 local multicast - b3302e4 socle: rename mempool_bad_alloc to mempool_error - 59d077d toggle mempool exceptions support via MEMPOOL_NOEXCEPT define - 6f44545 fix few coverity issues - 5eb1b12 apply socle data race fixes - 5b5464b adapt socle logan changes - 8357f53 we cannot copy unique_ptr - c986732 apply socle changes in logan - 14b0edf apply socle changes in masterproxy - 094ab46 apply libcli and socle - ab38989 shutdown: join all child workers - 458e5ff join correctly all CLI children threads on exit - d84ee50 return created callback entry reference - e7c790d socle changes - 28f3149 MasterProxy: apply changes due to persistent thread sprayin... - 7c82b17 add settings/tuning section - 7741157 socle: for compatibility reasons remove arguments for nodis... - cb0e1ab apply socle changes - f6fac2e improve some diag commands - 3f2a19d make 'diag proxy session list' print SNI if it's available - 632790c apply socle changes - 6b50705 make DatagramCom database created on demand on heap, not in... - b1065bc add experimental framework - 8722e97 add helper facility to install git hooks on cmake run - 2025111 flag should be in double-quotes - 06e3c03 add support for experimental code which won't appear in off... - 2b4bd67 more fixes regarding /var/smithproxy - 8e052a1 fix also apparmor - 4e9374d set also captures/local/dir to new default capture destinat... - e030b4a prepare a ground for privilege separation - 49cd76b set default capture directory to /var/smithproxy - 2d7aefc modify smithproxy to log into /var/log/smithproxy/ directory - 071bc6f cmake: add helper to create directory, create /var/log/smit... - abc7cf0 disable python by default, it's not doing anything useful atm - b065ecb improve significantly CMakeLists.txt - USE_ flags are now e... - 7af41b3 improve 'show status' CLI command - 1802cde fix linking problem with SmithProxy::create_api_thread if U... - 773e47c fix null pointer dereference - 26562fb improve cfgapi apply code to not contain raw pointers - 8a1fb52 fix python script profile which won't compile in - 937d373 set dev flag - 02dc8da remove last uses of NULL - 340b7bd code cleanups in diag_cmds - e49d29e sync with socle changes - 4dce1fb add CURL_UPLOAD_OPTS support also into createdeb-debug - 0ec67a8 update Release Notes - d4a43bd hotfix release 0.9.28 - 540dd25 add CURL_UPLOAD_OPTS ARG to Dockerfiles - 11892be honor CURL_UPLOAD_OPTS config to support custom curl upload... - 60455c8 set dev flag - 34fe584 update readme - b76bcb9 bump versions to 0.9.27 - 9bd6a6b fix previous rushed patch - d7d21b0 perform schema upgrade from versions with no schema support - b0efd9e snap support improvements - f964948 gre export: refactor and install exporter also to pcap_sing... - 94b71b4 pcaplog: fix IPv6 file captures - 8aeb6bc apply socle fixes - 073dd70 apply socle fixes - 2b9b7f5 pcapapi: change ip hook API and use classic interface-like ... - 0a2b4b3 apply socle changes - 5f9bd81 add support for "remote" capture only - e34d6dc default config: add captures section - b9ad738 deb postinst: another shell script-fu - ba4cd9d deb postinst: don't use bash double sq brackets - 773e7dd deb postinst: create default capture directory - 1f41b50 make default capture.local.file_suffix empty - d53cdfa cfgapi: remove "tun_src" which is now no-op (it can be adde... - b4a134b add an option to capture to remote GRE - 2a010e6 fix missing character in variable name - 970342c sync with socle updates - 5e16177 improve file prefix/suffix logic - filename extension is ... - d0322c0 capture profiles - add helper to retreive file sufix - 88a4908 separate routing setup - 978157e update schema version - c5a2dbc add captures.remote attributes - f0c7e06 allow ":" in existing object values - d7afe45 upgrade schema to move local capture options in a new confi... - 9fcb72b fix cligen - don't mask all variables if exact match is found - 7e97e47 add 'captures' section in the CLI - II - 94d414a add 'captures' section in the CLI - a6648bb apply socle changes - 3cd901b code cleanups in proxymaker - 5b98f6a fix debug section was actually not loading - 4303f5c move capture variables into separate structs and save new c... - 6217b6a apply pcap TTL sanity socle fix - afe4634 decouple config schema upgrade from version string - 5685479 add socle changes into smithproxy - 7863723 add socle dev flag - 2271702 apply socle - af72c47 deb: make postinst detect if systemctl is not present - f0512e2 use https to download from github - 2251bc7 fix copy-paste typo in createdeb II :-D - f00c429 fix copy-paste typo in createdeb - 7d3abef add source tarball upload - dec8d71 install system units and enable them on .deb install - 7102e6c fix smaller tenancy issue in network startup script - 26c54e2 don't install init script on debian and derivatives - 47d4c3e set devel flag - b8cae59 add systemd units - c6bad62 sync with socle - 9c8e56b cfgapi code cleanups - 0f7cc27 move statement 'using namespace libconfig' from headers - 5c82c46 update Readme and Release Notes - 516bb5a make a new release - 2637d64 add more mempool tests - babf1c5 add mempool test + fix data race - aa56628 add mempool test + fix data race - e43c155 add dnat routing l3 and l4 scheme - 60f8b64 add routing profile ability ... route - 13a34d9 some cleanups - dc01bac cli prompt shows tenant name if non-default - 9578156 add new function to expand addresses based on list of addre... - 9419a36 make a little trick and let CIDR_PROTO match AF_FAMILY values - 0f37ac8 write pidfile also if running in foreground - c7a45c5 tenant index is unsigned - ab0f7c8 check pointer, thread joinable state before actually callin... - dab9628 fix tenant cli - operates on base + index port - d5ea6c7 clean return instead of exit() - b9c9834 support loading smithproxy.tenants.cfg - f3f7c87 add facility to read smithproxy.tenants.cfg - 2100452 dns - refactor and cleanups - 5dd8121 DNS inspection - erase cached response if received - 722563d refactor address object handling code - less free form allo... - f944622 add forgotten policy rule constant - fae5442 refactor CfgFactory - b8c2f3a refactor PolicyRule - 991148c add convenience RAII 'allocated' wrapper with deleter calli... - f3d85c0 add policy tests in CMakeLists.txt - 8023840 add some policy unit tests - b09fa94 use raw::allocated for strings from cidr:: legacy code, avo... - 2c96aa3 const ref - fu - 4b015b0 sx-builder: add --cleanup option to purge host system docker - 4791d9c sync with socle - b853e04 don't copy logans - 2d08dc3 mark dev - 60d4d69 add a new building tool sx-builder.py - 8e1ce83 update snap - 90c12a3 update 0.9.25 release notes - b618d00 bump version - 1a4cee7 hotfix: fix 0.9.24 startup issue - ca500b1 update 0.9.24 release notes - 67918bb bump version - 17b207a udpcom: fix heap use after free - 064ac2b apply socle changes and set dev flag - 49fa9a6 improve TLS profile application + support wildcard domain n... - 6ff2226 update socle - 9f7728e don't create logans on each profile apply function - 5f366b2 add SNI bypass FQDN address object - e25dc63 fix missing error message if routing fails - 3ad7903 introduce routing feature - 6c76b19 fix CLI crash on edit policy if non-number is entered - b903078 add facility to easily t-proxy all UDP traffic (disabled by... - 2179ba0 use proxymaker on transparent UDP proxy - 474f98a make proxymaker more generic - c8771b6 - fix minor leak if TlsProfile is not loaded with success, ... - ae7b102 - fix 'add' command on empty section side effect: 'edit' ... - 6341114 add routing profile, and config section - d8acf11 apply socle fixes - 9c9c8d2 update README - c1ffbbb remove dev flag - f302cd5 update Release Notes - f9f7d33 pcap filesize quota set to megabytes (instead of bytes) - 4c694b6 fix logfile permissions to 600 - d2257fd add logrotate script - ad3fca9 refactor proxy setup procedure I - 0d9f466 to get session list, don't walk sobject db - 24e4a4f add debian 11 docker builds - 39d5706 add few more items to rest ping response - a5549b0 open wide CORS policy - 33f4612 fix new pcap file permissions - a9cac05 update Release Notes - 787af70 add proxy oid to json response + allow to find session by oid - 3b07de5 apply socle - 20eb7fd move json producing code into specific jsonize namespace + ... - e915802 small tidy-up - 7f01075 use new socle changes - 7f38d6a move cli thread components under service/ dir where it make... - 73f17d9 json diag ssl cert print - d3f4eb7 create generic json responder - 36a1666 bump version - ebc2fb3 json ping response - c1747da add possibility to set response parameters and option to li... - d83d04b add license and include guard - f471ed8 create dummy http server - 1221aa3 add optional terminate check handler - 323f987 build dev snaps now on again - 10958b0 allow snapcraft to build 0.9.21 from master tree - 87c31cb update Release Notes - a930009 update Release Notes - b3c4c6f make Dockerfiles support custom branch build - 4176ebf Create codeql-analysis.yml - 7201646 add libmicrohttpd dependency - 101c251 some more buffer len control in external libcidr - 7230c58 add jlohmann json header - 534ed7d use strncpy in external libcidr - 6213c2f Create flawfinder-analysis.yml - c78961b update info files - 63ec5d9 apply socle - 86c964c bump versions - 23b9f7e this single line makes config not load with misleading warn... - 1633d87 make pcap_single default writer output - 5cb7813 pcap: close the file before rolling over - fdf5d94 apply socle - 886ba40 simplify and remove redundant code - b37e9bf make host and proxy label a bit nicer - 633631e add more writer comments - ae88771 actually write cached response - b36fd9e add API to dump cached responses (affects both smcap and pc... - c6fca27 apply socle improvements - 859363c implement support for PCAP_SINGLE file automatic rollover - 6681a67 make more robust capture options structure (don't keep it i... - 7883a02 cli: rework value filter to support very large integers - 10483f3 allow pcap_single file rollover using CLI command - 06335f9 introduce httpd service which is not yet even compiled in -... - f37e435 introduce httpd service which is not yet even compiled in -... - 45919ce add lmhpp module (not used) - 1fcf3ce add socle changes - 3842422 remove unreachable code - c896d2b be more expressive - 24e97b1 apply socle fixes - f37d2e2 update snapcraft.yaml - d186016 fix signature save issue - 4eee996 apply socle fix - 0a7b4c9 socle changes - 9405859 apply socle changes - e162c8a update Release Notes - 74789c0 apply socle - 2b49ebd bump versions - 43494ce add CLI support for content write format - 359d4ff apply socle - 9bc69ce WIP - make pcap_single work too - fedd2a9 content profile - fix typo - 2e64744 apply socle changes - 1da8869 add option to hex_dump to add CR before LF - 37ebc9f apply socle fix - d053010 WIP - pcapng files are now created, but content dump is not... - cf1754a apply socle - cb72e88 refactor and rename traflog to SmcapLog - 42d4f14 apply socle changes - 61449fa dramatically simplify and a bit improve threaded file writer - 2f464eb socle updates - 41ef1f7 save write_format into the config file - 0eae6bb add needed mechanism for config file versioning - 8b38aea prepare mitmproxy to switch traffic dumper based on format ... - 6717307 hold unique ptr of base class - 4e412a9 socle::raw RAII guards - 54f3850 socle update - 93af1b0 traflog refactor - 6e4728f mitmproxy - code cleanups - 4d39331 apply socle changes - 6a9b893 add pcapng writer support (including comment options) - 6549d1c apply socle - d02fe52 apply socle - df74919 add pcap writer initial test coverage - 89df149 apply change in traflog header in socle - f733054 cmake - use backward compatible 'add_definitions' - f55772a make project compile with GCC 11 - c0ca984 apply fresh socle - a2750f2 ignore SIGPIPE - 02583a8 apply socle changes - af531bf epoll minor refactor - e2ed5f9 logger improvements - 16b4952 apply socle - 4166d21 refactor rename 'logger' to 'LogMux' and LogOutput to 'Log' - d053bcd fix type conversion: writecrash - size_t is never negative - 3be231f remove -Og which broke my debug sessions - 9d9ce1d socle bump - 4999110 more type conversion and return type improvements (breaks API) - 670a72a socle sync - bb5c067 add peering tests into cmake - 75a9895 no peering.hpp yet - b8619ce no dohinspector yet please - e833322 handle better epoll_wait errored sockets - 98780e4 fix diag sig list - should display all signatures, not only... - 9e45b8d better diag info about engine and signature match - 03f6fa0 wip - refactor mitmhost to support engines in process_in() ... - 63b3718 apply socle - f41e457 bump version due to API change - c42d1e9 socle API changes - 00d84c9 refactor http1 engine start function - 0f97bd6 add some (compatible) optimizations into debug builds - 84af228 fix incorrectly saving signatures (introduced with signatur... - 1df27d0 refactor on_www_detected to more generic engine approach - 437df96 add 'engine' signature attribute to trigger custom code (en... - 0f783f8 add basic http/2 start signature (prior knowledge) - c5e4ee5 add configuration variable into TLS profile to control ALPN... - 5f5af86 apply socle - 37083f7 apply socle - bc3ad8d display alpn in 'diag proxy session tls-info' - 9a27131 add TLS parsing test suite - 110a06b DNS fixes and improvements - 73baf6f DNS fixes and improvements - 868ad12 platform independent size string formatters (fix compiler w... - 21a2aec cli 'test dns' : don't use 'select()' in 2021 - 49de5f2 add DNS tests + fix string tests which were broken before - c27ab14 dns: changes code cleanups II - dcd59c5 dns: add convenience to-string functions - 6cdd104 code cleanups - e97ace7 socle and version bump - 3b6ff97 socle and version bump - b8e4825 CfgFactory change II - fix previously related patch leftovers - 5f8dd8a create DaemonFactory instance on healp instead in static st... - 73e7f07 CfgFactory now uses init() to initialize - API change - 2fdbf9e logger internal change + API change - now it initilizes wit... - 197ea1d close ony valid crashlog fd - eb13bcc socle bump - 1a3b132 code cleanups in inet namespace - af7ac86 signatures - fix logic error in returning signature group - 93adad0 add 'diag proxy session active' command to display only act... - b262a34 apply current socle - ecadf0b detect starttls only on first 10 client/server data exchanges - 971551b signatures - add mechanism to enabling custom groups - a088f15 wip - signatures are now separated based on their group - 0d58807 signature tree overhaul - phase 1 - 8d76b75 update socle and add "group" and "enables" signature attrib... - ead6c0d update readme with API change - 7282361 bump and apply socle changes - 2408543 apply socle changes - b1b4bba add strong stack protector to Release builds - 3c57711 add Release build docker host script - 88d055b release notes update (about skipped version) - bf05f50 apply socle changes - fd27daa class logging name refactor - API change - 6781e79 optimize-out some debug outputs using _if_deb - 5ffc0b6 remove unnecessary inheritance - 1aaf674 remove raw pointers from mitmhostcx - c7c5aef apply small API changes in AppHostCX - ac8e3a7 remove empty interface methods and their calls - 0f512d8 add DoH signature - a4d816f dns code cleanups - 5dff223 use unique_ptr for com_ in hostCX - ac6a8e2 apply socle changes - 1965ae4 add dev todo file - 49756af remove unreachable code - c95cb25 move global loglevels into their own namespace socle::log::... - f2cb10c apply socle changes - 531e216 huge -Wextra and -Wpedantic readiness code cleanup - d44af65 code cleanup in appdata - 7f37a5a apply socle changes - df24d6d apply socle changes - e446dcd make staticcontent clean its pointers on dtor - 4f60124 smithdc tool code cleanup and fix most of the issues - 4358355 apply sigslot removal changes in socle - 5c15b03 remove sigslot library (used only in smithdc) and use C++17... - e831026 apply socle version - db77334 bump version due to API changes - b7f0bd8 fix incorrect copy assignment operator - 5539184 remove default argument from virtual to_string(int=iINF) fr... - 55253bc Release_Notes update - 8d640c8 apply socle changes - 4574931 remove deprecated logging macros + code cleanup - 7c3f4f9 apply socle changes - f35e238 move socle::meters to baseProxy - 6c7761a introduce cli 'toggle' command - c0c3e0d refactor and add more generic CliCallback interface - c96d355 refactor return value (not needed) - fbe2e45 update release notes (to work around -0 version) - 270703d update release information - 710d7bb use new socle version - 7d1d055 log changes in Release_Notes.md - 30b3f75 apply socle changes - 0f86b27 fix - dns inspection: add NS as allowed type in response au... - a339333 fix few coverity issues - 7782c94 bump and snap - 428401b simplify snapcraft.yaml - f5b1b2b snapcraft: build a 'release' release - f2ada48 release notes and snapcraft changes - 3f212f1 code cleanup - refactored libcidr into its own namespace - 6c72fbc add diag command to clear tls session cache - 17acd62 apply socle and bump snap - 09bfca0 improve some stats and list commands related to ssl - ba9ad0e update release notes - c3e6c7a print session info only for ticket and sessionid - 0080bfe fix coverity issues - 4c811f2 Merge pull request #24 from astibal/cache_up - 093f54d switch to libcli/main and apply socle changes - 05aff81 refactor ptr_cache DataBlock stored as a unique_ptr instead... - 0e99821 instantiate pool as a first thing in main() - c62a015 use lru-mode ptr_cache as certificate store - seems to work... - d0d85ed initial, counter-only lru implementation into ptr_cache - a878fed refactor socle ptr_cache + some coverage tests - 7bf4864 bump and snap - 2c90a74 Merge pull request #23 from astibal/portal-split - d04f764 add back pyparsing to pip3 deps (pylibconfig2 requires it) - 1c3c723 note in README.md that since >0.9.12 is smithproxy_auth opt... - 4eb72b6 remove m2crypto and swig from alpine part of linux-deps.sh - 9a84b02 compile clihelp.cpp also on alpine (include libgen) - 92af056 compile cfgapi.cpp with newer libconfig - 539b63f fix linux-deps for debian10 - 7e1e6a7 fix control files II. - 11b05e7 fix control files - b9dd50f remove unnecessary -dev package dependencies and invalid co... - 46facd1 remove some unneeded deps or move pip deps to apt deps - 5985032 fix createdeb to download desired branch and not always master - a712373 use local askbot - 878389c move askbot functions to core python scripts - bb15829 remove unnecessary pip packages from postinst - 381f8e3 remove python posix_ipc dependency in core package - 01b9446 remove python lxml dependency in core package - 055d9ff remove spyne - c2d9088 remove zeep dep - f484ff6 remove python-ldap dependency - e1d2c2d remove docker/_attic - d1d1899 remove pyparsing and fix debian/control - 512f3ea remove old deb building scripts - 9eaf4fb fix some typos - 068b220 docs/ directory desperately outdated - atm remove old stuff... - b20c843 remove portal from smithproxy - 092db0d revert back build script - cf33153 count releases from 1 because of debian rules - a6bfee4 0.9.12 release - a6cf78b release candidate 2 - 56b6ec2 release candidate 2 - 275935e fix missing 'add' and 'remove' capabilities for most of pro... - 04475b6 fix cli issue when 'set' command appears in sections with d... - 49433dc add more CLI string convenience functions - 9a570fb correctly propagate policy allow_* exceptions also for conf... - a2afe8e correctly propagate policy allow_* exceptions also for conf... - 57e6d25 correctly propagate policy allow_* exceptions also for conf... - bab0c3e fix #22: honor tls_profile allow_* options - b9e3795 fix override redirects - redirected always to /, which is n... - 55131aa strings version upgrade (keeping 0.9.11 git tag until final... - 175f786 apply socle: fix cpu spikes when right connection waits for... - fd42bf1 fix copy-paste mistake - 8323fb1 bump and snap - a6de054 add suggestion generators for set commands - a1a0453 add convenience cli string functions - 5f115b7 generate set commands for editable templated entries - 533a94e bump and snap - 9420413 add rest of settings + proto_objects, port_objects and some... - 87d9f68 construct CidrAddress out from string directly - 37522e6 fix regression: replacement of course can be an empty string - 9bfcb92 add some test coverage to addrobj.hpp - 6a43880 bump and snap - bfd3c24 when smithproxy starts in the foreground, print out listene... - 86de5e6 avoid std::cout use in library code unless necessary - ef8c7fc pid file handling and smaller tidy-ups - cfa7b45 cmake - run gtest only if present - 5d6c844 add coverage for sx::str namespace - 7f6947a fix sx::str::string_replace_all busy loop - 958573e fix stupid typo - a6f1dff separate debug and release .dpkg builds - 9ccb67c bump and snap - e9cb095 update release notes - 6f6315d improve cli value filters: now filters can be chained and m... - bd685d2 rename cli/ directory to cmd/ - 4533233 mark bailing on smithproxy normal exit to not deadlock mempool - 5a3c3f0 don't use libunwind for release builds - ddfa7ce solve ugly crashdumps - now they are beautiful - b65b040 let's not use copies of DaemonFactory singleton, please. - efd84b4 add cli 'execute shutdown' to terminate running smithproxy ... - 65048c7 make openssl allocation calls via mempool if MEMPOOL_ALL is... - efbc897 move crypto mem check from release builds - 48ced10 SSLFactory - pass pointers as values, store with smart dele... - a05ab9d bump and snap - 4f7ac8b add facility MEMPOOL_ALL to replace global new/delete to me... - 863f197 IMPORTANT FIX: memory leak in sobjectdb - 7fbfd97 tidy args - c0e8689 use malloc_allocator for MEMPOOL_DEBUG map - 71216b0 for modes without MEMPOOL_ALL return to crash-less terminate - f81f946 canary.hpp missing include guardians - a37c836 add MEMPOOL_ALL experimental option - d2df45b apply socle - 2520e9e add various compile-time options tags to 'show status' - 04d5d01 rename _private namespace to deleters + add ::free deleter ... - 5c90174 bump and snap - 8af81d6 Merge remote-tracking branch 'origin/master' - a6eabc3 use utils/ + generate chain of all options for cli 'set lis... - 036f654 use utils/ + generate chain of all options for cli 'set lis... - 339c397 add whole lot of utils - 83af416 bump and snap - 677e2c8 fix policy removal - 2f01e6e on element removal, remove also 'remove' command - b2095d8 when adding a new element, also save cli_command - 9433092 migrate CliState to thread_local storage (all cli_* are inv... - d237e01 generate commands: add also callbacks when adding section c... - d009b65 apply libcli - 4065c8e report running config change only only once - 6157c7a apply socle changes - 8b4b536 CLI improvements - 4cb658d new download server links - 9ad48e8 update ctlog download script with the new server link - 0031747 dockerfiles should initialize build args - 69badeb build dockerfiles - add proxy into apt config if 'http_prox... - da749df bump and snap - 8d37e18 add better facility to check values before they are set in ... - 773838c time being, remove possibility to delete or add signatures ... - 8dc0282 add to codebase function searching for cli callback for tem... - 21831b5 snapcraft.yaml version update - d370000 cli - make new policies editable and others removable - 58d196e cfgapi loads now policy correctly when profiles names have ... - d453048 move commands use separate function - d282fb8 add hacky code to allow moving newly created policies - 9374309 allow empty string values and return true - 9a79901 fix small issue in generating checksum for latest dpkg - 4014f30 various smaller improvements - 81b4adc add CLI 'policy move X' commands up, down, top, bottom - 053e099 snap version - 7700e64 fix: cli editing works only in first cli session - f8d4cd0 snapcraft bump - a2bd484 cli improvements - 92206e3 Release Notes update - 3380f9a make move cli command really move policy - bce58e6 refactor and some some cfg operations from cli to CfgFactory - 53ba647 add policy 'move' command - 6dd4efd version fix in snapcraft.yaml - 9daf339 fix header git version checker - 1b20704 new policy now can be added via CLI - 9e97d49 don't allow trying remove nonexisting elements - ff344ea add 'disabled' and 'name' attributes into the policy - 342572a fix logging protocol reference - 7233bee add --shm-size to startup script to avoid sigbus crashes - 1736dbd build script - ubuntu: more apt less pip3 - aa4f5d5 build script - alpine: use more apk in favor of pip3 - b5cd572 rewrite parts of CLI, mainly add/remove/edit - fa002be add 'remove' support for policy section - 46b8e03 add policy map also to the list - this is change needed to ... - d76fb21 update deps script and Release Notes - 8ef81d2 update Release Notes - cdfaa13 code cleanup - 6428430 add cli 'remove' command check for element usage - used ele... - 61a67f0 make all dynamic configuration groups generic CfgElement maps - 950c04e make proto and dport CfgElements + make usage weak refs on ... - c22db48 rename dependencies -> usages which better fit the idea - de5bc4f add more infra to dependency checks + move around some code - fa9bd3e mention 'remove' in Release Notes - 100db64 use CfgElement for all config items in the policy - 5e5e581 make AddressObject child of CfgElement - 3d5410d reject reserved names starting with __ in 'add' cli command - 7046940 ignore reserved names starting with __ - 08f4621 refactor profiles and inherit from new CfgElement parent class - e4c6b3f refactor and move policy profiles to its own header - 42372bd 'remove' cli command works without reference check - c7fe8c5 add dummy tls_ca cleanup in cfgfactory - dfd5fc2 generate add even if section is empty - 171d23c add 'remove' command hooks - 0edfb52 cfgapi add dummy tls_ca handlers - c53587c refactor and move CliState to its own header - e78b6a2 add 'add' CLI command to Release Notes - bdb00e2 improve policy match and add fix l4 protocol match - 3d84ccc add into policy match in cfgfactory also policyrule context... - d96e7a2 code readability improvements - c66c38d improve 'add' cli command handling - 1e094f0 addset default ... to default :) - 7646e59 add the add command into CLI - new objects can be created w... - c36eeb2 add methods creating default instances of most CfgFactory o... - a82e6f0 remove unused cxxopts.hpp - c5a528b remove unused argparse - c945f77 be more strict on pidfile removal - it must contain value o... - da2d463 don't remove unowned pid file - fixes various issues with s... - c1f796a daemonize: move exit() from master after fork to main() so ... - 78ce4ab improve smithproxy startup - 5a43302 change project read me - technical information will move to... - e72c480 fix underscore issue in snapcraft.yaml - 2401864 add CT support into snap release - bf92586 add CT support reference into Release Notes - 930cebd add CT support reference into Release Notes - ce41489 add save/load/apply support for tls profile CT support - c8d82af add SCT debug info to 'diag proxy session tls-info 8' - 235fd42 apply socle - add some more CT logic - 4a390fe add some more CT logic - 5564b8c use BioMemory in CT debugs - a1acece add certificate transparency feature from socle - 124e4c2 remove no longer existing testing docker tag - 21892e1 Release_Notes.md updates - 9e71429 actually we always want to overwrite Release_Notes.md - 2576fe4 add Release Notes and sha256sum package upload - 46276a7 cmake split - ed944a3 handle 'cannot bind' situation correctly - 9e4674f testing tag no longer exists - ecb62f3 add debian build Dockerfile - 1d684c1 docker hub dance - 63ba9de reorganize structure according to working examples on the net - f280b99 docker hub build override 2 - 64bec86 change hook variable - 2f233c5 fixing github build hook 1 - 99689ac add forgotten shebang to the docker build hook - 3996da9 add forgotten shebang to the docker build hook - 373a18f add hook/build to support hub.docker.com build variables ha... - c77ad56 add Ubuntu 18.04 into automatized builds - 262362c remove remnants of old building system and add ubuntu20.04 ... - 96b918e better package building script - 9d644e4 apply socle changes - c48684e bump version due to important fixes in socle - 4ba4bea move regex compiled strings to static storage and fix alpin... - cf7e596 bump versions after io2 merge - df9cc07 Merge branch 'io2' - 3f9af66 Merge branch 'master' into 'io2' to resolve conflicts (use ... - 66b501d fix crash on smithproxy exit due to destructing un-joined t... - be95141 make "show status" cli aware of new acceptor x workers mech... - 9622c09 improve startup scripts + make them follow new accept_* dir... - 884140c introduce new switch to enable incoming acceptors - d8344eb bump socle - 9cb8d0b move generic worker initialization to (another) parent class - 6baf147 fix wrong workercount argument passing plain setting to tls - b317089 socle updates - a75e415 socle updates - 4555dfb Merge branch 'io2' of ssh://github.com/astibal/smithproxy i... - 58c5b7b socle bump - fix some theoretical deadlocks (never reproduc... - f9ad8a2 bump version due to important fixes - 86b9c3f fix socket handling in SOCKS proxy code + ARM fixes - 2799d8e fix socket handling in SOCKS proxy code + ARM fixes - 36f326c improve cli 'diag worker list' and don't lock across cli_pr... - 7558bc7 add cli 'diag worker list' which will traverse acceptors, w... - 9638653 fix: add worker threads to list as intended - 0ee8745 refactor and adapt proxy_type enum class into regular type ... - c8e4e9c fix and improve incorrect "diag ssl verify list" output - 83bd280 apply socle fixes - 39b5155 add canary check, enabled if MEMPOOL_DEBUG is defined - b9379f3 create canary class to better handle with canary checks - 7c49114 reserve vector sizes to avoid many reallocations - 9681a55 adapt CLI to mempool 2.0 - 29ed6ee UDPCom::shutdown add extra check and remove virtual sockets... - e6fd8ea udp - log when writing to pool without real socket (io2 bra... - 8ba4eae DNS inspector - if response is not cached, reset previous c... - 3373fb7 UDPCom::shutdown add extra check and remove virtual sockets... - ee3ab99 fix memory pool resource leak in receiver (udp) worker thread - 787cfc9 apply socle - 6012549 apply socle - 18cfdf7 tiny tidy - f4d6481 adapt to changes in mempool - 6e0926f bump snapcraft version - 6831452 apply memory pool exhaustion fix from io2 branch - 5c68daf udp changes - 2cb2229 baseProxy com() operations on virtual socket also applied o... - 5d5aad1 better logic to udpcom::in_readset - 2dba09c add udp entries stats to CLI - 1839e5a make redirected udp work - ff38deb remove libcli dependencies (we use own libcli fork) - d0b0dad get rid of all unneeded libcli tooling - 52e6682 wip - don't use - don't idle out bind_sockets (they wait fo... - a0fd337 wip - don't use - revert back testing redir script - 4a2f449 use epoll() on linux instead of clunky select() - fbf6ea2 wip - don't use - add idle check to baseProxy::run_timers() - 8de2f50 make udp work - eff4ff1 refactor sockaddr_storage helpers and merge them with packe... - 0e99bcf wip - don't use - move embryonic state from datagram entry ... - f598afa wip - don't use - removing some unused code and template args - 7fcec3d move CLI thread start at the very beginning - c790206 fix old on_left_new_raw version - 296e4dd we have to max out opened file descriptors (proxy can have ... - f40bf96 wip (don't use) - whole a lot of changes to make work N:M a... - c6d7c9c wip (don't use) - likely contains data races - sync with so... - 8e3c189 wip (don't use) - likely contains data races - sync with so... - bb212ad wip (don't use) - likely contains data races - UDP doesn't ... - 3d220fb wip (don't use) - likely contains data races - sync with so... - c230eea wip (don't use) - likely contains data races - sync with so... - 134198b wip (don't use) - likely contains data races - mutex-protec... - 93fecd0 wip (don't use) - likely contains data races - fdqueue wrap... - b302d55 wip (don't use) - likely contains data races - shared socke... - 28b3223 wip (don't use) - contains data race for udp (and possibly ... - c9a15a0 wip (don't use) - fix immediate crash on dangling reference - c0a3b88 wip (don't use) - make acceptor thread a vector of threads - dbfb0bd some rearrangements in socle - 39e0273 create custom mutex container - 11931c5 baseProxy - adding listen() call, creating cx for already e... - 7dbce9e moving files and moving to ubuntu20.04 as devel platform - 92c7e32 moved, unchanged docker launchers - b62fce7 add debugsx.sh to docker extras - b3b908d better way to build and run local src debug docker - c88e921 ubuntu18.04 flat debug build - 1b2328a ubuntu20.04 flat dockerfile - e2585c2 ubuntu18.04 flat dockerfile - ce56f15 fedora flat dockerfile - 0ad6410 debian flat dockerfile - e69ca98 openssl package was missing in alpine - 9f79312 alpine flat dockerfile - f92311b bump socle submodule - 6241ab3 fix SNI bypass - 083f48b replace sref with shared_ptr to hold sni bypass filter - 56c1be5 don't create DNS_Inspector with each session + policy apply... - 686e28e don't send data if marked dead (possibly due proxy is dropp... - ab1da9d fix broken dockerfile deps - one-step build - 5f89081 DNS inspection - use smart pointers - b6cb4e7 protect socket set with mutex - 8a09961 deploy new snap version - bb6d38f use fixed 0.9.6 candidate - 0ea3b3f fix a typo - 0496851 0.9.6 - fixing various issues with capture saves and ipv6 - 651dea4 add ipv6 into policies to follow same defaults like ipv4 - 19f2b58 include ipv6 into redirected traffic - 7c9c4b0 add post-refresh hook to update certificates - 90e54b3 bump version to 0.9.5 - 06f1b63 sync with socle - 15d0e11 add more sanitizers (commented out) - 761313a use new baseHostCX::io_write() and break possible recursion... - 3125eae snapcraft mask out some unneeded snap commands - c565f71 fix crashing crash handler, please! :/ - 952c90b use correct std::string constructor (and fix heap overflow) - bbb5dd7 bump version due changes in config file variable and its de... - b57875a make .deb generator great again and fix build/postinst - eb7fdef beware: important cfg entry name and default value changed - 79adf9c improve snap description - bc3d7ef bump versions to 0.9.3 - 13406e6 craft the snapcraft.yaml I. - e67485b another snapcraft to add lxml to python deps - 9cbf68e snapcraft - try to install dev libs for other platforms - 9f334ac fix root ID detection - 33df1f5 working snap with few cludges and missing features - 3b6045e fix double free in dns code - 5cefe45 fix *many* data races - bd3ede1 add commented-out lines for thread-sanitizer - 475978c fix a typo ... - cdda678 adapt to even stricter rules when 'id -u root' is not retur... - 2915561 add more python deps - 3af4a8f call user id with number, not with name (some versions don'... - c587f1d add libffi-dev to support arm platforms - b30ef1f push socle submodule hash - d71fc43 ocspinvoker demo (commented out - wip) - 1cb6c28 cfgapi run cleanup in d-tor - 2e9960f unlink pidfile in destructor - 60b5a26 make cli server gracefully finish on smithproxy.terminate_flag - 4ee4571 fix cli mempool trace output (if enabled) - 54309b7 prevent rare mem leak in DNS inspector - 98bd322 cleanup SSLFactory code - d841dc4 improve snapcraft.yaml (still wip) - 3ba5341 fix cmakelists: add debug flags properly and don't overwrit... - e527b05 fix typo with wrong redirect port for dns redirect - f37cbeb snapcraft changes - d42b78b this compiles, but paths are wrong - c6d2566 some more work on snap - cb8e47a improve startup scripts and tools - ed73d27 some cosmetic changes - fa206c0 fix CMakeLists.txt - 9362531 snapcraft requirements - 3cfba69 working (surprisingly) snapcraft.yaml - 6e27395 add snapcraft.yaml - 6b6a99a remove redundant code block - b4777f3 after setting 'other' value to ttl, we have to save it to s... - 1549d09 commit socle submodule - 3ec9930 improve sxyca and cert generator - 9d6e988 add simple sx_certinfo util to display CA cert - 0045389 add 35k and 50k pages to mempool (remove "big" pool, which ... - e0e6da4 set default nat type on policy to auto (interface mode) - ee33578 fix error flags according to changes in baseProxy - 63b295c apply socle changes - cd85b3d add ocsp invoker to CMakeLists.txt - 4ab6b46 add factory class AsyncOcspInvoker which should make use of... - 8844844 asynocsp - fix typo and yield string of yield, not fsm state - a8a703d add some logging + don't iterate behind end of map - 2f28400 small rearrangements - f352e98 adapt linux-deps.sh script improvements into separate distr... - 07f5276 bump version - cb6c4bc re-add back debian binary package scripts - 4c13970 building from sources notes - 0e6d84d automatic expired dns cache entries removal (interval betwe... - fe8cd91 clean-up in certstore - 57fbc8e rework/refactor ptr_cache as a container of std::shared_ptrs - 4f9bc6d travis: well, it's gonna work, someday - 81daf42 travis: not using sudo -i - ffb037a rework dockerfiles; supported OSes: debian, ubuntu, alpine,... - 259d9e3 use generic linux-deps.sh script - d484dfe add libunwind and improve description a bit - 3cf4d7f using --recursive clone - 5a0a9b0 install pip3 instead of pip2 - bc9aa18 add symlink sx_cli for smithproxy_cli - a8414d6 add kali detection - b9f44f8 add fedora support to linux-deps.sh + NOTES.md - f0e4c89 work around some compiler issues with UxCom virtual destructor - 6057df6 code beatification - f9b79bb sudo II - 5a10306 travis - enable sudo - 0738f98 making it work in stupid /bin/sh - e4597b3 remove too smart bash features to make all work on travis :( - b10159a travis ... - 86ca549 back to basics - travis - f713231 upgrade pip once it's installed - 81597b5 wrong variable ... - ee3c8b8 /bin/sh is just fine (not all distros have bash by default) - f0a7325 link or not to link, that's the question! - fbbb531 add Alpine Linux support (edge) - 78466fa reflect libconfig++ API change in versions >= 1.7.0 - 180de0e add select include to compile in alpine - e9d7a7a some innocent formatting and const-ify - 7b0000f some innocent formatting - 5a0d580 boolean default value in config was string ... was failing ... - 223ac8b reflect previous changes in CLI in config - 88571b8 use all cores :) - bfda61e typo in arch64 machine detection on debian - a051ea2 make smithproxy run on arm I - work around libconfig issue - e9fd1ca make smithproxy deps script install correctly python3 lxml ... - 555d082 make smithproxy link correctly on ARM platforms (add atomic... - c7033d3 include string into clihelp.hpp - 9c96926 make dependency script work for debians - e1876eb make dependency script to detect distro IIb - 21323fc make dependency script to detect distro IIa - cbbaf00 make dependency script to detect distro II - 809a6de make dependency script to detect distro - 1eb5f20 make dependency script ubuntu version aware - d5f1424 improve a bit ubuntu20 dep script - 930cf50 create build script (to be used in install, travis and dock... - f8034d7 changes in dir structure - 2fed80e travis for amd64, arm64 for precise and xenial - acc8201 add ubuntu 20.04 docker file - 09a254d update dependencies script for ubuntu20.04 (spyne vs. pytho... - ab0f086 update dependencies script for ubuntu20.04 - 03b428d add dependencies script for ubuntu20.04 - 0ec6478 add dependencies script for ubuntu20.04 - f635ab5 use relative path for submodules which should make to work ... - 5f44aae initial (not working) travis support - 4ad6cbb minor fixes based on sonar - d3d611e libsmcap - still for python2 ... stage1 with moving to p3 (... - a5daab9 mempool - make some counters atomic and remove them from cr... - 3ac5287 get rid of (some) unused variables - 5e669a2 avoid using global namespace: extensions to spoof by certstore - e6246c6 refactor logging facility and get rid of global variables (... - aca2dd6 fix various minor issues - 8d7aeae ad project name to CMakeLists.txt - cdd64d6 fix proxy com dependency tree on starttls - fef712e enhance 'diag proxy session tls-info' with verify informati... - ff84e65 async cleanup (commented out example code in MitmProxy::han... - c5112c7 reflect new 60s average in meters - 1a869df mitmproxy meters change - session meter is 10s average, tot... - a44438b code cleanups - 7201974 introducing new CLI command 'diag proxy session tls-info' - 1095054 add GNU/GPL v3 license - 4a5ce04 forbid SHA1 issuer signatures - 7d38981 forgotten type fix - c404c81 splitting cmdserver.cpp - got a bit too big (to be continue... - 48f8608 code cleanups - e5ffd23 logging on steroids now - ab3e5f1 fix - don't pass non-trivial object to variadic template fu... - 3340718 code bautification - 03b9e4b improve asynchronous OCSP state machine - 53ebed0 wait only 3s, instead of 10s to let smithproxy start up in ... - a224ef6 big certificate verify overhaul - 70fe58f AsyncOCSP inherits from sobject - e5dc7cd fix variable type potential mismatch - 67752cf untap on finish - patch fix - b6d6e59 add convenience function translating state values to strings - e2ebbc2 untap when finished - 88c560a create simple WithID class providing incrementing object at... - 64b94e1 logging wording change - 2d5e446 change some logging levels - 8cfb245 rework resolve_identity logging - 8541033 split tap() into two functions - f7010b8 change half-open timeout to 5s (was 30s) - 79412bc fix ioctl accepting int (not unsigned int) - 2278d26 fix async dns update logic - wait for real answer, don't re... - 47cac94 move Service class to its header and source files - 664af25 move terminate_flag to Service class - ce73ee2 some refactoring touches + making smithd start (smithd is n... - 30e606e some code clean-ups - 43bb3e0 remove legacy cfgtable global variable - 51edbfb feature: smithproxy will generate fresh portal certificate ... - 6b9caa4 python code cleanups - d3cc4d7 code cleanups - 880502b fixes to compile flawlessly on armhf platform - 7f7fe03 fix semaphore segv in racy environments - 5d0ce5f fix armhf platform glibc behavior on fstat (segv with nullp... - e9afc39 fix dockerfile and compiler version symlinks - d4d2269 well, this should have been a number anyway - 2edb786 add total sessions statistics - 5f3a8ef tiny code cleanups - 6057dda add valgrind to debug docker image - 43546f2 add support for high number threads to valgrind service - 7516e35 fix - don't reset uptime on config reload + add total bytes... - 7f73882 wip - CLI improvements III - 2111ed1 wip - CLI improvements II - c0d9d07 add new default certificates to make traffic work with newe... - a5e3acf python certificate generator scripts improvements - 58e6564 wip - create set command argument validation - 9dfbc39 wip - CLI improvements - add hook to check variable value - a1ac5b8 wip - add signatures to CLI - d54eec3 wip - CLI improvements - policy support - cdb0c28 wip - CLI improvements/code generalization III - aa82df3 wip - CLI improvements/code generalization II - ce0120a wip - CLI improvements/code generalization - d738c4c wip - CLI improvements/code generalization - 1b3d38f wip - generalize callback setup functions II (not working, ... - e619ac7 cli refactors and rearrangements - VII. - 866e727 wip - cli refactors and rearrangements VI. - 9dabdb7 wip - cli refactors and rearrangements V. - e99b13d wip - cli refactors and rearrangements IV. - 2c9d8fb wip - cli refactors and rearrangements III. - d4fbca9 wip - cli refactors and rearrangements II. - e6f0d13 wip - cli refactors and rearrangements - 5afb54a wip - generalize callback setup functions I. - 515606a cli code cleanups - 1752f10 cli improvements (and cli related fixups) - a8be642 add array as a compound value directly editable by 'set' (f... - f1f5019 wip - add array as a compound value directly editable by 's... - a669467 config file - fix overusing of lists in favor to arrays - a90bbc6 docker: run smithproxy in isolated container (ie. when traf... - 06a9860 small to-const refactor - b188b3b fixes ocsp sigabort, epoll fd leak - 58b80cb use cache for debug-localsrc if possible (argument for dock... - 830d2b3 fix AppHostCX::to_string - 47d0e10 use argparse module - a41d0a7 change argparse module - original one was not really workin... - c3ac444 make own value variables in AppHostCX::to_string - for bett... - e05d73c increase initial read buffer, truncating longer UDP packets! - c725d12 make debug build optimized - d71f8ef fix typo in mktemp - b908713 add and improve some docker utility scripts - a62568d add script redirecting non-root host-originated traffic to ... - 34e34db Merge branch 'master' of ssh://github.com/astibal/smithproxy - 2024502 wip - debian dockerfiles - 90c471d add some more mode docker support (wip) - 5c778ab typo in docker CMD - 8b61d2b Merge pull request #10 from astibal/redirworkers - af8f046 receiver redirect map - prefill it with nameservers - c3064ac set default udp/redirect listen port to 51053 - to suggest ... - 6795835 wip - ThreadedReceiver - if REDIRECTed, use google dns (to ... - 743ea47 prepare redirect workers for udp - 785fc5c make redirect n output work for tcp/ssl - 8c467d4 adding infrastructure to recognize proxyy type (tproxy, red... - 37c3ff5 verbosier error - d6bf614 small update in VerifyStatus - a2d68c3 fix: cache also failed ocsp attempts, which were erroneousl... - 372eb06 startup script interface auto-detection - 993dd05 shared_ptr in subprofiles - 17a7c46 more rules to apparmor profile - c787178 shared pointers for address object db - 742e581 Merge pull request #9 from astibal/apparmor - b5555ad apparmor profile - works in enforce mode with default insta... - ee0482f wip - use shared pointers in policy code IV - 284fabb wip - use shared pointers in policy code II - 9f02b06 wip - use shared pointers in policy code II - 85ee2af wip - use shared pointers in policy code - 6024ba4 refactor signatures as std::vector of shared pointers II - c805acc refactor signatures as std::vector of shared pointers - 36b9db6 search for string start to match apply_setting - 1ab74a3 better error log if OCSP fails to connect - b479598 new docker image tags - cfe3b14 ubuntu 18.04, ubuntu 19.10 and debian 10 build-system dockers - 36e2f91 wip - smithproxy 0.9 new build system V - 32512d9 wip - smithproxy 0.9 new build system IV - 6f12a3f wip - smithproxy 0.9 new build system III - 0b1aa28 wip - new 0.9 build system II - fa89058 wip - dockerfile fixes + new 0.9 build system - 9e37146 dockerfile fixes - e941780 build scripts for all versions are now maintained in master... - 77935d4 add back dockerfiles for 0.8 - 5ddc028 move infra to src/ - 622959a man page rewamp I - b55019e docker files structure changes for 0.9 and later - 650fc55 fix smithproxy_version.h generator file paths - b5ff188 Merge pull request #8 from astibal/move2src - 6d7d79d wip moving files V - fix/remove testing async OCSP code - 68d4da2 wip moving files IV - fix unwanted daemon->service changes ... - c175adc wip moving files III - 73b6a11 wip moving files II - 31daf79 wip moving files into src/ directory and cleaning a bit sou... - 6da47ca refactor/generalize ocsp_result cache into verify result cache - 62c8606 implement, improve and fix asynchronous OCSP querier - 748fe74 cli - allow to set all debug variables at once in 'debug se... - a8a66c6 remove lock in place where it's not necessary - 0bd4388 fix code consecutively locking 2 mutexes (without releasing... - 602c33a fix crash when processing incomplete ClientHello - a2d1fb0 async socket implementation - b75bc4f async socket processing preparation - f4442a9 wip - CLI config/save II - 64d64ab wip - CLI config/save - 2ec0a47 add SigFactory - 080c048 fix signal handlers - 4206cca refactor/generalize ocsp_result cache into verify result cache - d979f83 cached OCSP verify responses now reflect TTL from response - 7003275 refactor SSL certificate validation status names - 0ef2512 add merge strategy to submodule update - bae4d85 cli improvements: - c68c185 Merge pull request #2 from astibal/submod - 33eeb1d make socle a git submodule compatible - 69a0461 add initial preparation for python scripting - bbe996c 0.9.1 version + dev flag - d25a651 use socketpair instead of pipe (should be faster), experime... - b4463c3 use LTO gcc optimizer (should produce a bit faster code) - e21ed95 Create another exception, prepare catch block in MasterProxy - 2b015de multiple coverity fixes - 646e4fc lockable improvements - 963e422 Update FUNDING.yml - 30bafa3 Create FUNDING.yml - d09502f Delete ccpp.yml - 6c33853 Update ccpp.yml - e95bdb7 Update ccpp.yml - 0a4c72c Create ccpp.yml - 2f1ac46 Merge pull request #1 from astibal/cpp17 - b4bd204 Merge branch 'master' into cpp17 - f1a44cd some coverity fixes - 413c4c9 create generic socle::com_error exception - 4b32498 delete signature when it failed to load and in flowmatch dtor - 4e95a44 fix coverity 1407967 - scom not tested against nullptr - e1aad94 fix coverity - improper dealloc function - 12b55c5 fix coverity 1408021 - policy shall match also source port - 3658cf3 fix coverity 1407957 - use correct free function - 7d7e20a fix coverity 1407954 - check return value of connect() call - 06ab6e3 fix coverity 1407952 - missing break in the switch - 14adeb5 fix coverity major issues - 6f06638 Merge branch 'cpp17' of ssh://bitbucket.org/astibal/smithpr... - ebf5936 make proxies vector ... - e2f085a make acceptors use mp:: containers - c0ff26f fix (stupid) mutex deadlock in CLI! - 08c4e3a move away from explicit iterators (pre-cpp17) - cfadb2b smithd facility got logans - 33a93e6 use object-level mutexes instead of single static (global l... - 84b7392 disable DUM and EXT logging in release builds - e4f810d fix code-based deadlock - const-inness madness took its price - 90e9bfd fix local variable mutexes - 6b81896 smithdcx code review + logans - 9a9ea06 logans for dns updater - 66fef57 missed logans - a76aba8 smithproxy main.c cleanup - nicer code - d31659f whole lot of logans - d6b6665 to_string() const-iness and other small obsessions - 72f909a factory and logan to DNS - b97c421 make compiler and my eyes happy and get rid of all return v... - 56a5345 DaemonFactory inherits from LoganMate - 1d21a3f cmake now sets explicitly compiler flags for Debug and Rele... - e7b74b3 Make C daemon facility a nice C++ DaemonFactory - fff99a3 logan logging for CfgFactory class - b73d067 logan logging for AuthFactory class - a5d6690 logan logging for socksServerCX class - 7e883ab logan logging for ServiceFactory class - 7b5840d logan logging for staticcontent class - 3bc5d6b policy matching understands logan II - 5ba2c3f policy matching understands logan - "policy.rule" and "poli... - 3bb4bc2 take into account CLIENT_CERT_RQ is valid verify status - e9ca1ac reorganize SSL certificate problem replacement, log better - 805465d lot of OCSP fixes - 22646fd SSLFactory logs via logan_lite - migrated from LOGGING - fecac4d inet namespace logging improvements - 258a10d add a bit nicer icon to security warning page - 1f7bd66 baseProxy: log attr is now protected, making it available f... - c95ff71 remove implicit 'blocking' connect() API method argument - 36b5c7a add quick howto script running docker image - ec84ed3 docs update - fe89ee6 docs update - 0932827 add markdown documentation folder - 19130bc newer and cleaner Dockerfiles - fbd0efe fix: compile from specified branches (it was defaulting to ... - 70c55db distro-guessing script now ignores debian minor version - 6648df7 cosmetic cli output change in 'diag identity user list' - 19cb3e4 make authentication portal work with python3 - 52e5c07 adapt Dockerfile for testing-cpp17 image: use python3 and n... - ea43527 let regencerts.py load config file from correct path - 439a98f wip - whole lot of changes to migrate to python3 - 1201be6 some cleanups - f93d9f9 Merge remote-tracking branch 'refs/remotes/origin/cpp17' in... - 6dfc9b1 tidying - ddc30fc code cleanup - 841e600 add cookie detection signatures - 91b7c1c code cleanup - 6c3d48a cli: diag command for file writer stats - 3226dc6 use enum classes instead of classic C enums - 611af16 don't catch exceptions by value, use const & instead - cda6257 tidying - 6c4a4f8 add logan to proxies - 138d264 add logan into apphostcx - 7dbd8a9 add logan logging to dns inspectors code - aca5eef add logan logging to dns code - 6763e52 fix compiler warnings - 8557e03 fix forgotten incorrect topic - now it makes all sense. - 8090080 wip - much better and faster logan-based logging! - 099b862 DNS replies with multiple IPs will trigger pseudo-random ch... - 16034e7 enable again adaptive host read buffer - 08a89c2 remove static name and fix object display issue - bdeab2c just commit this - 9129693 adapt to API changes in ptr_cache - 0ace7d3 cli - fix socks proxy session list - 2e037e6 baseProxy API change + cleanup - 1ff40a9 remove forgotten example/test logan core from socksproxy an... - 8141406 migrate sslcom loging to logan_attached - 60ad6bb use logan for logging - ddf9741 rename baseHostCX::log() to comlog() - 52f5600 make socksproxy ___ logging aware - fda366b cli: introduce logan lite topics and mechanics to set them - 525e3d8 brand new logging facility - LOGAN - f2e41fc compact log messages - 438335f improve MitmHostCX and signature logging - 0dd0cc4 refactor authentication code - use authfactory.hpp now - 7b4ebd3 cleanup in logger + debug options - aa7d2ef make AuthFactory out of cfgapi_auth files - 8b4a4fc bump version - use devel numbers - 62f0644 make DNS code nicer - ec866a0 use C++11 random generator - 9111fcb implement SSLFactory::print_cert and use it :-D - 07d8e73 move some typedefs to SSLFactory - bf87381 more rigid SSLFactory lock/mutex control - 2246200 add all build* directories into .gitignore - e9ba588 add cxxopts and move all external libs to ext/ directory - 5bdfe71 SSLFactory: deprecate lock() unlock() locking mechanism - 00ecfd6 large main file refactoring - 597b38b cfgapi: refactor names - 62dd28d make static content renderer singleton - 18cba78 cfgapi: big code cleanup I - f0a7878 cfgapi: code cleanup - db75c14 removing unused and ugly macros - 2cf4acc bitbucket-pipelines.yml edited online with Bitbucket - f65374a Initial Bitbucket Pipelines configuration - b4c5cdf CfgFactory improvements - 8ce3cc1 make sobject_db a singleton - 71e3103 math is hard - 35ff351 refactor and use memPool as singleton - 3687b2f define and use git version info macros - 2253fe8 fix potential formatting flaw - 987beb5 string_format uses const char* - avoid 2x data copying - c195b80 small assorted cleanup - 6e551f3 cfgapi: WIP - move config code into CfgFactory (formerly in... - bf57638 addrobj: code cleanup - da922d6 adapt code to ptr_cache and SSLFactory changes - 2c54479 switch to C++ 2017 standard mode - a031da7 use getters instead of direct variables - ef4a192 remove fqdn_cache completely - d554c29 don't use deprecated RAND_pseudo_bytes - b519120 new cpp17 branch testing dockerfiles - 641085b adapt to openssl 1.1 API - 7dc9cae prepend newline to app_data in object listing loglevel 10 - 8fbd19e prepend newline to app_data in object listing loglevel 10 - 24f047a socksserver - let socket_state to handle async dns socket (... - d96a9f8 fix locking for virtual socket list copy process - cdc656c more of gitignore - e3c9f44 gitignore changes - b1f438b add support for ssl whitelist timeout type - c47fa77 fix default ssl whitelist values - 5972575 CLI: add ttl to ssl whitelist list - a6a9c92 attemt to prevent semaphore vs. mutex deadlock - c2e6a36 make config settings applied into live variables once set i... - 52e195f remove tenant routine names ambiguity in smithd - 7df2e95 CLI: add 'diag proxy io ' commands for better IO troub... - 5ed2c90 add proxy spaghetti call as the junction for more session l... - 77d594a undefine MEMPOOL_DEBUG - f9699d3 add CLI help texts II - 3b3274b add CLI help texts - ff5158c generalize callbacks - c447f1c refactor/create cfg_load_settings out if smithproxy.cpp - 8fdc4a5 move load_config() declaration to header file - aa9279b wip - improving CLI and config features - d16f47a WIP - add some more callbacks to CLI config parts - 0f348fd fix saving auth_profile - 3b82c80 create synchronous logger if -o is set - c8e2f10 fix smithproxy_cli to detect cli port using saved config - 5cfdc63 fix issues to load config exported by CLI - 24beae4 WIP - add basic config write CLI features - b01a2cf check for profile name in routines handling libconfig - b81b562 add libconfig Setting cloning facility - 2baa0ee fix copy/paste variable name - 611129b create pipe filter to show config work in telnet - d9babe7 rearranges for CLI save config feature III - 4af5e7c rearranges for CLI save config feature II - aa4fd4f rearranges for CLI save config feature - 38804dc fix typo in config loading routine - 2694cfc move smithproxy startup variables to cfgapi - ee020f8 remove unused counter and fix memory pool stats diags - ff5bdfd make lockbuffer to use pools, instead of directly malloc - 9fdb9c8 use ask_bot in makecerts - b7e8f3a add ask_bot function (ask question with suggested answers) - 70f8db3 identity refresh thread - wait 20s before start - 1d1e3a4 add identity refresh thread - 1da343d bend - fix clearing shm on each reload - ad47023 add simple local users password change tool - 40f826d rearrange indent in shmbuffer setup() - 56f9e6e bend: rearrange loading data into specific function init_data - 3b0b8ed CLI 'diag identity user clear' - clear also shared mem, not... - 948b36a add CLI command to clear user identity tables - a132b1e add sx_passwd tool (wip - it just loads user db) - c1641c5 CLI: rearrange mempool stats - 3995b1c use mempool for openssl allocations - d653e0d CLI: diag mem buffers stats - add memory pool statistics - c018781 rewrite bend - backend daemon - d7766bd add authentication handlers into SOCKS5 - 27101d9 adjust (decrease) amount of debug verbosity in auth code - ba38c17 bend.py - python3-compatible exception syntax - 6137898 separate testing and testing_base to speed up building process - ade8b8a timers tweak - 540afe4 bump version - c5471d3 socksserver - don't log packet dumps on inappropriate level... - 12bf7f6 don't run filter by default (testing code) - 02cc848 socksServerCX::process_socks_request - place state change i... - 12e4fed fixes related to async dns - 21769ad makecerts.py adds (unfortunately) more dependencies - 0f09698 fixes in python environment - 0da0d05 older versions compatibility + key usages - 88ff6d2 cmake installs makecerts.py with /usr/bin/sx_regencerts alias - 6ecf427 support SOCKS sync/async DNS config setting - 630805b socks: asynchronous DNS requests - close dns socket out of ... - 408eb24 socks server - asynchronous DNS requests II. - 7c1e262 socks server code cleanup - prepared for async DNS - a8d0f78 nicer returns :) - 2bcef39 make sockServerCX event handler - f980963 rearrange code to allow async DNS requests - 8a21df7 fix typo - d828bf4 smaller adjustments in sxyca code - 6f2061f tidy up makecerts.py - do better work on directories - 9f1960b add generator script checking certificate status - 0d76a4a clean-up and tidy genca.py - f89681c add key indentifiers for issued certificates - 5a38a91 add testing docker Dockerfile (based on ubuntu 18.04-build) - 6c5c907 initial commit for python CA and certificates generator - 3ecf085 fix typos - aa42ebb add license and fix typos - b28aa88 fix minor issue in cli diag ssl crl list - 80d45bd adding OpenSSL linking exception to license text - 2fced2e show ttls in cli diag ssl crl list - f2a8072 add more contacts into readme - 280330f fix readme copy-paste mistake - 21a7a58 readme improvements II. - 91d8960 readme improvements I. - 678e6ff readme improvements - 5b982c8 fix ubuntu 18.04 dockerfile for building platform - 6100a5a fix ubuntu 18.04 dockerfile for building platform - 3ddd86d fix 5000B problem - 7e6ff81 build scripts for Debian and Ubuntu systems. - d506849 rewamp ubuntu:18.04 build script - 64b5677 builds: debian/control - add python explicit dependency - 0242d25 rewamp of .deb building scripts - 2221b05 remove unfinished enum value in mitmhost.hpp - 54e2450 build scripts improvements - ec86f9a fix sockproxy for conns. with first data from server - 40b4fc7 detect alpine linux and #define LIBC_MUSL - 93c6f26 signal handler reports signal number + cleanup - ffb62b6 use standard fileno() instead of accessing glibc-specific a... - f1a81fb remove unused backtrace and backtrace_symbols from libexecinfo - d60e495 display ca cert on boot - bc75427 remove few packages and save 500MB on image ;) - 60e816e start smithproxy automatically - 3d4df4e upgrade docker latest to 0.8.4 - 826e64d bump version to 0.8.4 - 7fbcad5 wrap mtrace() with MEM_DEBUG test macro - 5de6ec0 don't include mcheck - 50c5953 add iproute2 and telnet dependencies - 40b5e2e prepare support for docker images flavors - def0800 dockerfile: remove .deb copy from current dir - 4179778 update build scripts and improve Dockerfile - 589329a move build scripts to more reasonable location - ce19555 add initial Dockerfile - 4c148b7 cmake packager - bump smithproxy version tag - 950b4af forgotten commit - proxies are now set, not list - 8c2ac27 make FilterProxy compile without cross-referencing headers - 476acd7 reflect tenant-name in socket name instead of index - 0172edf add support for tenancy in smithd - a007e91 simplify duplicate logging code with lambda - 57ff400 CLI: add OS (Recv|Send)-Q and buffer Q to session list - e3ae548 bump version due to fixing session leak bug - 19a3772 improve info on connection closed: log - 31a52ae do more robust check on half-closed sessions - 081481b wrong logging prefix in socksServerCX::setup_target - d19ae66 fix crash when profiles are not used in the policy - c13fee9 make smithproxy speak SOCKS4 - 4c40a98 socks5 - add a check if FQDN isn't by a chance the IP address - 7878377 add replacement for SNI hostname mismatch - 7130ff8 add HostPool class for loadbalancing and server tracking - 193b0b8 implement periodic refresh of all FQDN address objects - e83e7f9 remove testing dependency on 8.8.8.8 nameserver - 3eeb901 implement synch. DNS client and FQDN SOCKS5 support - dd6716c fix minor bug in logging: FqdnAddress cache status is wrong - 1fb49d8 add ocsp and crl ttl configuration option - 4181837 traflog has been moved to socle namespace - adapt - 793ed3f move extern declaration to .hpp - 00af35f another improvement of Policy::to_string - 7c7116c improve policy to_string - 028ac2d display profile names in "diag proxy policy list" - 4a94632 fix socks memory leak on connection handoff - ac91c12 socks related bugfixes - 3a4b6c0 implement facility for sslkeylog - eae8022 bump version - 5b53e33 huge logging refactor - use struct instead int for loglevel - cad7159 add object-level-logging flags in proxy session list - 906200f add ssl stats diags - b1ca833 show less info in diag ssl ticket by default, more when ver... - 857a9d7 add cli commands to troubleshoot ssl - 74150da implement very basic conditional capture + deb fixes - d859660 CLI: improve session list - b70d713 add meter to each proxy - 81623dc add syslog support + improve log target handling - b282096 WIP, experimental - add syslog target, commented out - c6f6f5e make backtrace libunwind cursor linked with thread local st... - 1764e2b improve .deb building scripts - 0c0f2db remove unused tenant control variable - 3a173b1 cfg file default values change - 99eff05 replace old C counters with new socle C++ counters - 64c9d85 adopt C metering API changes in socle - b1b3ff3 add command 'diag proxy policy list' - ade1629 unify 'Page Blocked' appearance - 4dc3ab8 new feature: implement CLI object search based on content - 2467c94 CLI output improvements - 1f683d6 add redirect_warning_ports in sample configuration - 34a7180 remove trailing CRLF from server response renderer - d777dd8 new feature: list of dst ports on which to display warnings - 90597a1 smithproxy - add openssl memory leak tracker - 87c3973 smithproxy init script reload command hijacked by systemd - 0dffe76 wip: add more of Filters - 97403bd deb build: make sync more flexible - 300596d add FilterProxy files - 5f5c072 clean-up mitmproxy - 93ad08c bump version set devel flag - 5e33514 bump version and mark smithproxy 0.7.10 stable - ea3d563 make TLS warning page more eye-pleasant + fix wording - 86982d9 auth: improve login screen with detachable status window - 4e40aa1 auth: fix status logon page - 7964686 DNS inspector: adapt socle change and set recursive mutex lock - a8dc20f Merge branch 'master' of bitbucket.org:astibal/smithproxy - 47ec9cc DNS fixes - a879c83 Merge branch 'master' of bitbucket.org:astibal/smithproxy - 4ddd4fd small testing_readme webfsd example fix - 5c91ada smithdc - add test_url2 - different approach with sigslot u... - 8ed9099 smithdc - tidying it up - b8e434f add missing CMakeLists.txt file - 4338a96 fix smithd memory leak - 0a439a9 continuous work on smithd protocol - cfd367f smithdc - remove testing sleep - 37160e1 revert back to INF logging - f8229b6 fixes in smithd - bea7bd0 implement LTVEntry-based protocol for smithd - 3ef6cf8 more renaming stuff - 6868189 do wording corrections - 78f0659 reorganize merged daemon - 011f4ea move signal handlers to daemon.cpp - b0acd40 add missing RSA KEY training line in default portal cert - d0eabdf display ttl in 'diag dns cache list' CLI command - 6f68fb3 refactor DNS response variables and getters - e109fda generate and add FQDN matching certs (portal.demo.smithprox... - 21da727 add CLI command to list CRLs - f6ba90d rename webproxy to something more generic - 5efa732 queuelogger: add lock on write_disk - 297105b bump version to 0.7.9 - a9df79b DNS: fix authority info parsing - 7c2cf35 DNS: fix loop condition in DNS query parser - 4e7a27d unify to_string behaviour to socle - 131b661 CLI: add command: diag dns domain clear - b72ab9b CLI: add command: debug dns - 3b61d95 logging: make logging overrides working again - 116b24d cli: add command: dns cache clear - bfcee4f DNS additionals parser enhancements - 3fa6363 fix DNS response additionals - adf7394 add periodic internal check routine to authentication backend - cab5a33 some work on authentication backend - 1b871e5 adjust read buffer to not do multiple inspections - f9869e6 add CLI command to clear SSL cache - 301690e bump version - 77fb1b4 make UDP work on old kernels again - 1abd864 fix bug #8 - strip A: and AAAA: before SSL domain bypass lo... - 837d084 perform log writing in separate thread - ceac38d add buffered logger - phase I. - d9e64f9 use flog instead of logging - e5228a5 add missing dtls config vars - 07f040f adapt to logging changes in socle 0.4.5 - 577f6d4 Merge branch 'master' of bitbucket.org:astibal/smithproxy - 77f8b4a minor fixes in DNS inspector + more debugs - f72dea6 smithproxy_cli: match numbers only - c95d9f5 make smithproxy_cli check for tenants and open correct port - b4ee9f0 add simple hack to avoid redundant half-closed log messages - 52f36ae CLI 'diag identity user list': swap rx and tx - aecbcc3 implement CLI command to display user list - 2428501 implement CLI commands for SSL whitelisting - 17479ad add domain cache list diag to CLI - b7e0cc7 load and set UDP quick port list configuration - 45ede8a buff DNS cache size a bit - 52d7747 fix http Host: header check - DNS is prefixed with A or AAAA - c932dbb fix client cert request handling - 785ebaa make bound sockets non-blocking. Unnoticed. Unbelievable. - 80a8691 adapt new changes in socle, make use of DTLSCom - 3c24a52 refactor SSLCom to template baseSSLCom - 5e03dea support half-closed connections - 3efa0a5 add replacement for revoked certificates - 791f7d9 logging of new auht token inf->dia - fde26a4 copy L3 protocol from source CX to target CX - 5156017 Ugh. Unlock instead of locking again. - b4e9d86 make sub-profiles work for IPv6 connections - bc3b4d5 make update_auth_ip_map aware of IPv6 - 417e1ab fix identity lookup in on_left_new - 611de75 create base cless for IdentityInfo - a164b96 generalize shm_ classes and use buffer instead to direct copy - d103117 add L3 proto aware output - 4ce565b rename ret to something more meaningful - 4dae05b rename update_identity to update_auth_ip_map - 8533790 move towards L3 protocol independent identity handling - 10664a9 improve shm_logon_info_ plus add IPv6 map lock - 172ab58 remove forgotten debug output marker - 26a401c fix the fix: fix of minor issue turned to be a big mistake :) - 1bbd328 add untested ipv6 routines - f264f88 add missing license - 75c10ef next steps to IPv6 logon table - 59c7d7a fix fqdn address policy matching - 97171d5 create templates to support other adress sizes (for IPv6) - 5dafeb4 teach DNS inspector and DNS response cache IPv6 - 027ba3c make bend understand IPv6 - 7f047b0 make LogonTable universal and usable for IPv4/IPv6 - 54a575c fix ipv4 portal authentication - 23b06fc teach portals to listen on IPv6 + logging - fe974c1 fix redirection with new token - d888195 handle auth redirection correctly, according to address6 - 70dfef5 cleanup in SSL replacements - e61751b use replacement messages in SSL issue page - a21c6f7 add TLS bypass based on DNS cache and DNS domain tree cache - c0efcd7 check SNI filter on connection against DNS cache - d4a3360 adapt new sslcom DH options naming - 982fcef replacement messages infrastructure - 9f3a707 avoid staticcontent deadlock - 538b685 add base files for static content cache - 89eb4a6 apply failed verify setting from config file - 03b334b fix singed int comparison - 3d6d522 javascript redirection using top instead of window - db71238 implement override for ssl non-conforming sites - 3fa8e7a fix incorrect logging levels - 6d57357 add relaxed certcheck config support - c63b32d add initial ssl replacements implementation - afc257c modify connection closed message to contain comflags - 3701379 version bump - 7143800 config file support for dns cached responses - 8ee22e2 implement dns cached responses - 3da8c90 mitmproxy: formatting, getting rid of tabs - f848ff1 add generic support for inspector verdict mechanism - 69b6d83 add cached DNS response check - afd4c51 disable experimental clamav AV - eb31ea9 bump the version - f73a7db make g++ happy, use unused variable - 7c24121 inspectors: fix signed comparison in DNS_Inspector - 4c84680 dns: fix signed comparison - 75f8025 cfgapi_auth: remove unused variable - 8c3bb0a fix zero-length fprintf - 72bb996 cfgapi: fix unused variables - e9ad4b1 mitmhost: fix signed comparison - d573dbf fix the fix: af78d9c - cfgapi_auth: signed comparison fix - af78d9c cfgapi_auth: signed comparison fix - d1ba0f9 bump version - d3ac062 make abbreviated handshake options configurable - c7c2aa4 print extra info for empty connections if log level is DEB - 209a8c9 add function to troubleshoot empty SSL connections - c713037 support left_ and right_use_pfs which overrides broader use... - 1b8e03b bug: dns alg -- additionals not processed correctly sometimes - fa9f74e load auth profiles at the end - ea0f4a4 cfgapi_obj_alg_dns_apply should return false by default - 38dd757 sub-profiles phase II - 1e0462e identity sub-profiles implementation, phase 1 - 3a5bb06 make possible to apply sub-profiles on the fly - decc495 ignore commented-out tenants - 8bdbfc7 fix startup script for ipv6 - befaf0f adding mandatory settings into cfg - e3d492a correct variable name + implement string port listener - 391525f add merged daemon main file - 4dc8cf4 add support for ipv6 into starting scripts - d5195a4 experimental AV support - don't use - c805f64 add basic infrastructure for administrator login via broker - 2073fcb add support for multiple intercepted interfaces - 1888d87 support magic IP for bendbrod client traffic - db297e8 add bendbrod (bend broker) to starting daemons - b92c14d apply tenant index also to CLI - 40dc950 bump version for tenant aware magic IP - 9797b79 teach config file understand magic IP for portal - a872aee poc of virtual IPs - 1.2.3.4 - fd1c2d7 make bend understand tenant specific user and key files - 7620fbf add check for tenant config - 2bbea0d make authentication work back again - 5765a3f make bend start again - bd2d85b DONT USE: lot of changes towards multitenancy - 43640b4 rework and tidy do_cmd - 27ca52e use log_file setting as formating string - 8260fb3 make init script more general - 680c1d7 add shorter thread names - 3638c6e introduce tenant aware starting scripts - e71d662 prepare config options for multi-tenancy - 85f2547 get rid of some compiler warnings - 3d314c2 move bitmask length to .cpp file - 252851a add ocsp mode option, rename the former one - db856e8 tune smithproxy TCP stack: don't resend SYNs that many times - beddff0 remove cert printing to log(), it does have bug - 2eb479e display simple blocked page when identity is not matching - ef89ca8 smaller fixes in bend - 4cf677c prepare configs for tenants - 9323920 reorganize/cleanup backend (bend) sources - 3203a5f Create for smithporter specific directory - 9df14a1 add smithporter in clients - 892c4b8 add bendbro daemon - 838974f bump smithproxy major version! - 32eea70 identity updates - 44da134 fix bend shm_logon_table - don't add trailing zeros into st... - 6ea3810 make logon status page reload each 10s - 1758ab4 create separate ip_auth_* functions - be593f3 change background in the style - a0c4604 change background in the style - d5d0494 authentication fixes and small enhancement - 025b375 shared ip table could be 0-sized too. -1 means no updates - 1fa39e3 make default idle timer 10 minutes - 29df47d auth.py - code indentation and cleanup - ede5362 authentication cleanup - 85d524e make authentication form nicer - d5f91fb don't attempt to really start if pidfile exists - 004b88d socks5 - set host and port so policy application succeeds - fea4d83 fix sock5 socket handoff - 782b116 Merge branch 'master' of bitbucket.org:astibal/smithproxy - 492aff3 add low_latency socket timers - 6033ce9 README.md edited online with Bitbucket - 6dd7803 README.md edited online with Bitbucket - 20d3938 README.md edited online with Bitbucket - a7b6e15 fix config-check smaller issues + exit code - 6daaaf2 logging level adjustment - f79e6fe add another CFGAPI lock - 3bf4a65 bump version - f60fae6 fix config reload feature - 70a8587 don't be so big-mouthed about development versions - e42c9dc correct log level in CFGAPI - 1a251d7 add --config-check-only (to check config file and exit) - df3f47c fix wording - 26c810a fix potential nullptr dereference - 2c2dd18 load and apply bypass SNI filter into TLS profile - bdea7a2 reorganize sni filters cfg logic - 0bda7cb add starttls signature for http proxy CONNECT to 443 - 3e54723 reorganize replace rules match and implement nth match feature - 8d7948b suggest in sample config file appearance of sni_filter - 0d229e3 rename replace_rules to content_rule - d9d1480 add example of evil content rewrite rules into cfg file - 7a1adbe bump version due to new feature: content rewrite rules - 8fcd7be initial content rewrite code - 47b49c0 add support for replace policies in content profiles - f684a67 remove forgotten info level message which should be debug - aa692e0 fix authentication fallback logic - 86d5d06 handle better remote ldap errors - add 'bend' logger into ... - 1474e32 fix ldap timeout - profile was ready already - 3c25f57 add ldap timeout capability on init() - 813e497 add forgotten threading into authentication frontend server - 47eeaf3 Merge branch 'master' of bitbucket.org:astibal/smithproxy - 3fc6c80 change in cli: 'show version' is replaced by 'show status' - 0acc223 README.md edited online with Bitbucket - e9b75a2 README.md edited online with Bitbucket - 7361c00 README.md edited online with Bitbucket - a417882 add wot backend infrastructure - 5b645b3 add license to wotcon.py - 077761b add license to crypto.py - 138faa3 add license to ldapcon.py - 5dec144 move logger creator to daemon file - 5835a0a add unix socket server daemon skeleton, add dummy wotd impl... - e9045fd add return logic to start() call, fix is_running - 84ee1a2 mitmproxy: introduce backend internal context - f3a39bd enforce identity on the policy - 43edf6e identity handling (adventurous - for brave souls) - 36b1701 bend: implement ldap authentication - f340986 bend: multi-identity improvements - 434186f bend: authenticate local users based on identities request ... - 4ba0f1e bend: parse users.cfg and fill internal structures - dd42775 bend - rename authenticate_check_db function - a8ec258 introduce identities mechanism into policy handling - 6fe8d17 start commenting code :) - e6716b7 add useful string functions - e64c7f3 fix logging levels II - bca3d45 fix logging levels - 59084cb make firewall policy understand both, scalars and lists - d3ce486 bump due to fqdn address feature - bf97754 add FqdnAddress and allow using it in the config - 69cb6ef Use AddressObjects II. - 890eeaa fix matching problem, match() returns bool, we used >= - 82a0bc7 make PolicyRule use of AddressObject instead of CIDR - c438ac6 introduce AddressObject for source/destination abstraction - d850357 small change to print performance with orders and bps. - dd09acc create general proxy perf. meters and make them available i... - 48b775f make ApplicationData child of sobject - 27d5bfb make MitmHostCX child of socle::sobject - f03d810 Merge branch 'master' of bitbucket.org:astibal/smithproxy - 5beff15 add statistics from sobject database - 82f1ff1 fix leak when DNS request was retransmit, new overwrote pre... - 519d8c2 add some details from mitmproxy - ee158fe add object verbosity support to CLI - 09e7446 implement diag proxy session list, clear - 1dde08a make MitmProxy childs of socle::object - a6045be add filtering for diag mem objects list - edddc68 fix UDP buffers while parsing, fix memory leak - 75f609e bump to 0.6.9 - 0c4c729 cli command to troubleshoot sobject derivates - f45a8f1 add l4_prefilter method - c156ffb fix DNS tcp transport - 451a3af reflect C_NAME macro changes - 1a1e0f1 reorganize storing in DNS inspector - fix a leak - 46fd7cd bump to 0.6.8 - 2bf5131 stability improvements - d03e749 improve DNS inspector - 4f8d7ec fixes and debug options - 5db8a59 if it's not possible to kill daemons with TERM, use KILL - 01f8357 new DNS parser (work in progress) - b37b833 forgotten inf_ which should have been dia_ - b89ee0d bump version for ALG implementation - e463ae5 add configuration facility for DNS ALG - 1bea840 add DNS stats command - 6648018 add DNS cache diag command - 67388d0 populate DNS response cache - 980a469 enable negative values in workers number - 31a2455 DNS inspection: add idle timeouts - b9751bb set idle timeout for DNS traffic - 8dbf1f2 enforce same DNS ID - 5a24bbe move DNS inspection to inspector files - b202e0d add config possibility to enable mtrace - 8096de1 naming and organizational changes - 702ceee DNS inspection initial commit - 0d9d720 add simple DNS detection (request only) - ae178c8 add harder ssl auto detection - 1da9bdd fix order of startup rules when inspecting all tcp traffic - 4e9cae5 set up correctly fd limits. 1024 is way too low - a07d1dc bump version - f219276 bump to 0.6.3 - 991c7d1 fix SSL autodetect which would normally block - 3656f68 copy also to delayed sockets - 1346e12 mark starttls connection as opening - f2c1e1e adapt smithproxy to handler hints - ada2391 remove forgotten log message - d48ddff bump version - ffcbe04 udp fixes - a77833d fix UDP proxy: add socket to monitor in MitmUdpProxy - fb2ca5c add real socket (count with virtual sockets) - 85b31bb add socket to monitor despite cx is already radd-ed - 3121cbf switch to 0.6 versions, set devel flag - be57518 bump version to 0.5.26 - 7f1ea1b add install hint for smithproxy_cli to cmakelists - 21fd4cb smithproxy_cli: make port more robust - 9f73a78 polishing CLI access - 5a9d97f don't allow CLI listen on 0.0.0.0 - use loopback - b61fef3 mark smithproxy stable! - 9eca3ec fix startup script for SMITH_TCP_PORTS_ALL - e11c0ce CLI improvements: more diags for buffers - 10af361 separate terminal and logfile logging levels - 7f59546 add possibility to debug ssl with custom log level - e627945 diag commands for ssl cert store - 0b57914 fix lsb section in init script - d551cf5 follow lintian recommendations - e409225 bump version to 0.5.25 - 5a5ef02 enable best-effort ssl traffic auto-detection - 5fedfc9 fix compilation errors on some platforms - e6419fc add missing infra file - f6d9505 make default passwords encrypted - c8a86c3 implement encrypted and salted passwords in users.cfg - 52933c5 separate bend logging from dog - 429f246 move specific signature match to separate method - 6179c76 small fixes while spending time on airport - 3a5b8c9 fix install target missing entries - 817f6df support DHE and ECDHE and control it's usage in tls_profiles - bc79c45 add restart feature in the service script - 849b891 introduce possibility to build deb in cmake - 287288c don't overwrite config files on make install - 2bd6e6b tidying auth stuff + logging - 37ae656 convenience changes in scripts + threaded bend - 721858a Merge branch 'master' of bitbucket.org:astibal/smithproxy - 48e41dc - use baseCom slave() intead of replicate() - fix problem i... - ac4c228 remove invalid line in CMakeLists.txt - d6b9327 preparations for new features: ldap and wot - NOOP - 5754041 make install to set rc scripts and file permissions - 1def3f5 tune logging in infra, drop privileges in www - 0838a1c make cmake installation complete and functional - b34cd07 operational smithdog (needs polishing!) - c9d7a92 fix daemonize feature - 66e79ae first really working smithdog version - de0eba0 add python module init - eb957af work-on-progress with smithdog - dafc4dd new certificates - again - eb10086 create more fancier certificates - 7dd91ad some mandatory changes in config - 456f825 smithdog daemon template - 50ec06e move python infra tools to more suitable locations - 03d8f38 install init script - 725acb1 add empty init script - 809848a add TEMP_DTLS_DROP also to startup.cfg - 1e47ea3 some sites (google) started to use DTLS, drop it to force TCP - 1f5e3fc Merge branch 'master' of bitbucket.org:astibal/smithproxy - 2bdb495 cleanup policy matching code + log levels tuning - 3bc01b4 make btrace_handler EINTR aware - 13c4d42 reload config on USR1 signal, safer signal handling - b0e2a34 expand some tabs in smithproxy.cpp (no code change) - dda5b94 bump version - 3f1207c partial fix: timed-outed auth user slip-through for single ... - fb8064a implement authentication timeout - 57cfc2d make proxy dead if it should be authenticated but replaceme... - ea044b9 important fix handling dst ports in policy check - 9be94c0 authentication API changes - 29b13ac make my_terminate safe from stdc++ locks - e8fac2c very basic authentication feature - 8623359 fix default certificates/paths - a067108 add default portal certificates - aa2ef09 cleanup bend - 547c7de implement better authentication portal redirection - cde2508 authentication mechanism improvements - dc4555a redirects: detect https or http - 820f18e implement redirection and logon portal - 20a2823 smcap pythonizer - http parser - alfa - afa1e0f move shmtable and shmbuffer to socle/common lib - 3d115d9 shared memory lib in C++/Python - 6515401 syncing shm_buffer and shm_table - f0ac697 start with C/C++ shared memory table implementation - 8718127 licensing info added - 040d96b wportals patch - add multipurpose web portals - 3247666 adding build scripts (atm for .deb) - 019ce13 smcap: add license and remove testing lines - 1936e6d delete man/smithproxy_net_setup.sh (better version in etc/s... - ad831f4 add python-libsmcap in tools - this is python parser, dumpi... - 7d8f81a make config file compatible with pylibconfig2 - 63a7d4e print short version info on --version - eee622d fix policy match feature, fix tls profile apply - f6798ad bump version tag - 8b3721c initial replacements implementation - 7234356 rename scripts and move to better places - baa39a7 don't sleep on start + always create PID file - 6613800 set and use default CA path in server-side connections - 5fc33d6 fix starttls with tls profile on socks5 - 396a8b0 apply TLS profile also on STARTTLS sessions - eda4645 add per-policy TLS profile options - 25e2a2e small improvements - 1798b0e mask SIGPIPE signal - fa532c2 improve CLI usability - 174163a use recursive lock for cfgapi - 21d5083 added multithreaded CLI - ee264fe initial implementation CLI feature - 3a62c7a merge in forgotten policy NAT check - 4c63990 fix: move SSL certstore to the end; fix install - 876276f bump version to 0.5.6 - 5016fe8 check socks5 conn. against policy, apply profiles - fbd2577 smaller improvements - f255255 implement basic NAT feature - 99611a2 remove old ipt setup script, fix socket leak in socks5 - 6924e40 replace ipt_ script with full-cope setup script - 0666883 minor enhancement: support socle 0.1.3 new logging features - ecbc2c9 minor logging improvements, name system threads - 1b753ac support logging facility override from socle 0.1.1-dev - 2084b71 add SOCKS5 feature - phase I - 0708c7b README.md edited online with Bitbucket - 9caf24f README.md edited online with Bitbucket - c01381c 0.4.1 linked against socle 0.0.82 (imp. bugfix) - e5dba5c release 0.4.0 linked against socle 0.0.81 - c449872 reflect enhancements in socle - a285c19 link with socle 0.0.78, set outbound transparency - aeb6dbf SSL SNI extension proxying support in socle - 2abf6a5 improve daemon pidfile operation and update manpage - 396649b logging into the file and daemonize features - 5800168 remove fortinet cert files - 20f9fa8 remove fortinet and add default certs - a19c252 remove fortinet and add default smithproxy certs - 779173b change default data dir to /var/local/smithproxy/data - 0200ad3 documentation changes - 1751840 make content payload dir/file pattern configurable - 0cbed02 unify/generalize policy application - 26d6e0e source formating stuff - 4841523 added abort signal handler - 7a6ae05 correct global write indication - a692c1a added SIGSEGV handler printing backtrace to stderr - a15049d cfgapi cleanup procedures - 73e4f69 detection profile tuning - 07f259c implementation of policy actions: profiles - 9efc943 implementation of policy actions: accept, deny - edb9f7b policy feature phase I. - 6614263 Merge branch 'master' of ssh://bitbucket.org/astibal/smithp... - ef70ded bump version due to important leak fix - ebef5b4 added missed pop3s and imaps ports to chain setup - 83eeab3 README.md edited online with Bitbucket - 3d4884a make absolute path for config file - 8d1b1bb place default config location to /etc/smithproxy - 0390eec make version string debian friendly - f1ccb9d version bump - dd1b2d1 config API in separate file - 16a527a bump to 0.4.0alpha, due to many improvements - 265e9b5 code cleanup, udp support and new ipt chain script - e084ede prepare for UDP ThreadedReceiver. No-op for now. - 786368f adapted new baseproxy polling design - 01172c1 don't log detection position, unless debug is set - cdadc91 logging and troubleshooting improvements - 5852f70 minor: add more ssl debug info - 05d8cc7 geez. Typo in version define... - 61a987a Oh yes. Make start of smithproxy critical event :) - 6276d8b polishing configuration settings - dac3292 config phase II - c66db13 minor changes in headers - d3fff37 config file phase I - d47c947 make payload logging optional - dcdf1ac memory leak fixes, adding virtual destructor - 8744284 starttls signatures for SMTP,POP3,IMAP,XMPP,FTPS - 780b3b8 imap starttls sig - 6df4c42 starttls phase 2 - starttls works, but it leaks - 681d68c use now non-template baseCom model - 6f0f2cb testing changes to smithproxy code - 46a8d63 logging small improvements - 1fdee52 adapt AppHostCX as baseclass - now smithproxy is capable to... - 0c42364 bump version - 6d610ca improve readability of main call - 30d3a6c move manpage to /man (from /doc) - 128d52e Adapt to new socle_dev structure. This version also moves f... - e0acfec namesocket: on error return errno, 0 otherwise - f7a45fe fix printing an error - 1fe6eab name port with error - ce7909e bump the version - 5dd92ef experimental call of namesocket to keep the name - 05a3f15 ssl and plain-text are running in the same binary - 76312bc Small tweaks in man page - bbaf88f Add default certificates into the repo - c2e7cbc Adding missing CMakeLists.txt into repo - e20e6d3 Adding manual file and quick tproxy howto - 09e15d1 more sane command line parameters, improved logs - 409a1fc adding relative path to cabala instead of absolute - 2a333fc remove tmitm file variants - cb2972f Rename files to suit this project name - b189705 preffer this directory to be in the path rather than cabala / - 58280f6 Bumped to version 0.2.0 - 53b9aed Initial commit - smithproxy is now standalone package Socle library- -- Support Wed, 17 Jul 2024 11:06:22 +0000