## smithproxy ### 0.9.32 3e26b52 apply important socle 2e3b28a apply socle 73ec694 apply socle b68c547 apply socle 2b52659 CLI - fix unchecked null pointer in `diag proxy session tls-info` 27513a9 apply socle 2562b4c allow reading custom certificates 5af1ecb cli - `diag workers proxy list` will now also display stats from socket queue bed4200 LRU cache - call cleanup after 'put' and allow capacity-sized cache 2a88afb neighbor cache - actually allow any positive capacity value a3de6b8 apply socle a98fe9b neighbor cache - make its capacity adjustable dc391de Merge pull request #44 from astibal/release-0.9.32 240f592 build - add channel to directly specify distribution type 32aa94c build - remove deprecated custom socle version arguments 02199f3 build - fix git version trimming, more logging 6d15e7b build - fix git version trimming e14ce34 Merge pull request #43 from astibal/release-0.9.32 c2119db adapt build script to be tolerant to tags prepended with non-alpha strings 0c72c21 well, fix another patch zero release issues 6bc4913 remove devel flag ### 0.9.31 83abccf version 0.9.32 - apply socle 187e1db apply socle 3f4d31a policy.addr - yikes, remove debug message 3d874c0 policy.addr: use unique_ptr with custom deleter 561fb02 snap: fix license string a879c50 Update build-ubuntu-22.04.yml 1368861 Update build-ubuntu-22.04.yml 81ce98b Update build-ubuntu-22.04.yml 4de7a85 Update build-ubuntu-22.04.yml 7b3c05e snap - fix long-lasting issue with snap builds c1fb3f5 shmauth - use internal standard function to split a string 2fa42cd apply socle 58e3947 apply socle - don't include execinfo.h on Alpine/MUSL platforms 4b8d42c access-filter: add feature allowing sending webhook early 31834df cfg - add tpool and webhook debugs config controls 9ebe333 tpool and webhook debugs set to default false ebe531f cli - add a little change to display running task log with verbosity 8 d08e719 http async - rework logging options dc8c312 thread pool - reflect API change in sx::http::AsyncRequest and CLI 1d5d9e3 thread pool - add pool task diagnostic info collection 99f4800 worker pools - refactor tasks from lambdas to classes 0fb5eb3 cli - log if config change was made 3465f7d cfg - add controls to alert logging into event list fbb3eb5 apply socle: 0fee7a0 apply socle - add option to suppress TLS errors in event log: - decode errors (closed socket before close-notify) default: on - any error default: off e45a506 cli - more diag info about thread pool 4dcd590 wrap task call in exception handler ee95307 apply socle f077eb1 webhooks - support stale connection detection 5d1e3f4 thread pool - make robustness improvements 5b21815 Merge remote-tracking branch 'origin/master' ed46561 apply socle 615ec21 apply socle 8352b89 add simple neighbor stats CLI command b086e6d increase max neighbor entries to 8k 4e5987b apply socle fix ed1e8b7 async http: make copy of url and payload for thread safety b05a1f0 enhance a bit diag proxy list e773ab4 apply socle fixing signature match a8bc316 add neighbor periodic update feature 0008b8d cli: request neighbor update using a new address list param 0c25b42 neighbor API improvements 7294297 max size removal and some more logging b38914f fix issue with multiple HTTP commands per controller af3d3d8 allow GRE socket to bind to specific interface 530ba6d allow binding to interface/IP also for webhook traffic b9c0a88 nbr: fix introduced issue when new neighbor webhook is sent with each update e313336 add diag cli to trigger a neighbor ping/bulk update webhook ef2b9e3 add diag commands + reorganize webhooks a bit e86f25e nbr: rename API param to more fitting 'hostname_tags' dbf5514 add for_each() to NbrHood 9eb976e webhook fix: call on_reply() in default_callback implementation 1c3bdad allow neighbor updates in reply to new neighbor webhook 7d0eef4 decouple API parts from webserver dispatched functions 4e17ebb add CLI and API endpoint to manipulate neighbor tags ab6e099 add tags update function ea21173 add a "tag" string 032cca7 add safety try/catch block when dumping json to a string 0cfe1aa apply socle 0d8c958 apply socle c565a22 add mutex to update() call 7d9cebc add http api binding and access restrictions 631b01a update new neighbor on its creation too 69128e0 increase default neighbor cache size to 4k entries 1ef9690 install simple portal-cert display tool, too 3ff0ec0 neighbor: added facility to save labels into neighbor data (ie. matched signatures) 64cffd5 save state on exit 90bfe47 neighbor: add some more accounting information 692c201 nbr: make daily stats actually a dict b423805 nbr API - update() makes better sense now e2afa85 change default portal cert validity to 1y 69a82f3 add authenticated API endpoint to reload custom certificates ca38879 neighbors: load state on startup from json file eba2c1c serialize out neighbor info to capture directory 2826187 neighbors: add restore part of serializing from json b20edc7 neighbor: add serialize out, add raw parameter to neighbor API 206c871 make neighbors to_json filterable, expose `max_days` API parameter 3fa0495 add authenticated API /api/diag/proxy/neighbor/list endpoint d10efe8 add also Neighbor singleton's to_json 47ea9f0 LRUCache tweak - make mutex mutable, allowing const functions 955be2a add to_json to Neighbor 6804fbb refactor neighbor monitoring and display functions 76b4923 http1: Host IP is actually a peer()'s IP d106603 http1: fix yet another place where Host: is not populated b516c4b http1: fix request with ? but empty params 8dca753 webhook - add detected signatures into webhook data details 1b8c274 http1 - use IP address if Host header is not found in request 6e48c38 apparmor rules update 4f02137 refine webhook enablement conditions efd8b2d add error tracking to webhook stats f604fe6 add webhook stats tracking and http session cleanup 025bcc9 fix response access and webhook override logic a7e0e66 fix shameful copy-paste typos :) 25a22cb implement dynamic webhook registration using API 984e000 Add enhanced proxy session listing 78c4ba9 Merge remote-tracking branch 'origin/master' 580f67b override `run_timers` in MitmProxy e578bbf set SO_KEEPALIVE if content_webhook is called 2274cca little tweak in content replacement logging b3838ed - add content profile functionality to allow inline change of mitm-ed traffic using webhook API calls 2256b68 expected_reply type is now available in whole sx::http namespace 5348497 log final version of captured data if content replacement is applied 51bbb6f adapt new changes in socle (support custom client certificates) b6c510c fix rare crash on TLS diag command 2757dfa add possibility to bypass tproxy for specific connection sip:dip:dport tuples completely 543c49d access-filter should trigger also when first data arrive from right (i.e. SMTP banner) fcf68ae fix curl resource leak, add retry mechanism and curl debugging (compile-time flag) c001b05 don't pass the string directly to printf-like stuff 533a5bb add socle fix cccfc8a support new socle TLS features b5689b8 add better control over proxy spraying behaviour b18a9b2 adapt changs in socle and lmhpp 3b438dc fix buffer boundaries check bc4b9e5 join API and other threads only if joinable 3e34ad6 don't wait for API server start() to finish, it runs forever 07021fb Merge PR #42 from DimitriPapadopoulos/codespell c8cd8d4 don't update neighbors with internal connections 13bd565 protect staticcontent with a lock and clear previous properties once done 30fc735 nltemplate - allow access to properties 38c2a8f debian11 - add apparmor to suggests too 8ce0cb4 packaging maintenance 968f1a6 remove potential deadlock condition 8c32715 Add global instance OID to webhook ping 8966b11 Report all live proxy OIDs on ping 3f2c55e decouple object API from HTTP API bc3e0e2 fix FLTO to run in parallel 075fcad add targets to repoman 971b460 fix size_t formatting a518b21 infra: add wip repoman - repository file generator 8376eac infra: drop latest files, script unused code and test existence of built package 04ed8b8 Merge remote-tracking branch 'origin/master' cfb55ed fix again changelog, add synopsis fd6b647 fix again changelog, add synopsis e317cf9 let's revert and use - instead of * e6b47e7 less spacing in debian changelog d02864f fix trailing / in path, don't write into changelog on error b1820a8 fix changelog generator names fba1894 changelog changes (wip) - unfortunately nothing will be tested until it's in repo c98d7ed introduce new changelog generator (wip) 6edee68 debian building script will now upload packages to `ARCH` specific directory 76e1432 Update ReleaseNotes.md and introduce a new QuickHowto-Webhook.md 67cdff8 don't use cmake fetchcontent 2384ed8 add PYTHONPATH to snapcraft.yaml 3e544f9 add a possibility to load fullchain.pem for custom certificates 944f679 QuickInstall-Mitm.md typos and wording 1be1c7d add QuickInstall-Mitm.md to document bootstrapping mitm capturing scenario 5c743be add localtime to debug and release crashlog ba130b4 mitm - stop filtering if set dead by a filter d2bb116 mitm - don't proxy if marked dead 8f11390 access filter - mark connection dead if rejected e650006 add response to `to_json`, later added to `connection-info` webhook 0904207 upgrade schema b96fc7a remove unused parameter 1d6a372 add synchronous webhook emit versions a204eaf improve 'connection-close' webhook - add interface ApplicationData::requests_all() to fetch all requests detected in the session. - apply socle fedb545 introduce L7 history d389b5a engine improvements 27b754a Fix misspellings found by codespell f09855a remove unused parameter 66965b3 move event "id" to root of the json sent with webhook 6926983 make webhook detail a static string key 52cf7ff add support for toggling packet checksum calculation on traffic export 651aa78 fix issue with saving upgraded schema into config file 617fbda webhook improvements 553f47c add boot_time random number c65da5f utilize ClassChar from baseHostCX and don't do expensive dynamic_cast 310a236 don't send empty connection-info webhooks c8df8d4 fix a bug where policy features are applied only if auth-profile is also configured 4632ac2 change neighbor action from too generic "new" to "neighbor" de42484 save disabled status only if it's configured (not if policy is error-disabled) b6dee62 create a mechanism to warn if parts of the configuration were not loaded c7ca357 fix policy feature save problem 011ab98 enable "statistics" filter and make it available in config 208f438 webhooks - create generic webhook send_action; args: action_name, details_json 7fc8ad3 improve proxy filters, add to_json functions 758bf87 FlowAnalysis::aggregate: aggregate ratios to (default) 1000ms bucket 82c016f add StatsFilter, which computes entropy, skew and similar metadata d6d3c60 mitmproxy: add qol 'to_connection_label' function 8ca3127 make mechanism to proxy filters update states eb3b66c apply socle fixes 93f4ba8 use lazy_ptr and move values to a struct for a better organization ae1b6e1 add utility Singleton and lazy_ptr classes - lazy_ptr creates underlying object only if accessed object must be default constructible Good for profiles, which must exist on access, but not necessarily earlier. 30420f6 sync in socle and lmhpp a0784a4 re-do connection closing logging to further implement webhook here 4d358ed use portal certificate for API service (instead of default server cert) a5217d2 make webhooks a little bit nicer, create "ping" webhook dcf5a37 change KB limit defaults, allow infinite KB logging 60a5598 add first practical webhook action when new neighbor is detected 1c75190 add webhook infrastructure + CLI testing command a18fe0d Update build-ubuntu-22.04.yml 3275141 Delete flawfinder-analysis.yml 0529fea Delete codeql-analysis.yml 6a6913e Create build-ubuntu-22.04.yml beaa2a7 debhelper: set compatibility level to 12 7b4ba51 add procps package to debian build dependencies a197e82 add docker builders for debian:12 b61140a add debian 12 support for creating deb packages 23bfba1 createdeb - fix multitude of security and reliability issues 10bdab2 add --branch to sx-builder tool to override config file setting d2ae1d6 fix few shell issues in createdeb tool a6f3320 add a curl-based, light HTTP Request class de68f06 add utility thread pool - to handle short-lived, synchronous tasks to not affect proxy operation 2600044 improve debian from sources build 19865f5 add neighborhood lru database 003a6dd apply lmhttp: timeout wating on empty POST request b8b56e7 apply socle: don't access event details without a lock! e7db3e8 update deb compat and control 52965ad apply socle + adapt CLI commands c794a40 socle - fix uninitialized certificate chain array 087a028 apply socle changes and fix broken starttls 2bd3a3c add socle changes + adapt CLI a6b6259 apply socle - fix custom certificates 1c92ea3 fix sx-network exceptions for local addresses 54df293 apply UDP fixes in socle 24d9cef fix annoying replacement HTML formatting issue 90f0fd3 apply socle ba7778f fix datagram - don't allocate negative sizes 50900fc fix incorrect logging aee1d11 Merge pull request #39 from astibal/load_db_filter 362509f update readme and release notes d9227d5 add `features` tag list into policy 84a0302 filter objects should be easy to create and tweak 672ee4e fix index out of bounds read when arguments are filtered out e23b423 they say `using` better 0e21187 rework proxy filters 7c127db unify proxy logging category 94c482a remove ugly locked_ code, use standard lock_guards 965172b add another custom certificate mechanism - target IP address 438e21e apply socle + change cli `diag ssl` to `diag tls` cad79c0 implement custom server certificates (based on SNI from client) d5af518 apply socle changes 4fcdbb8 fix snapcraft.yaml version ### 0.9.30 b488160 set snapcraft.yaml branch to release-0.9.31 e43dc08 update Release Notes 4014cb9 update Release Notes bc7f302 don't generate crashlogs on program exit for Release builds 2e8fe35 consider status as terminated when proxies are down e04e323 don't join threads from CLI thread 16f71a1 slash matters! 2dd1abc enable KTLS for kernel-assisted crypto in OpenSSL 3.x cdfa705 introduce CA single-file bundle support 1cd9ba1 improve sx-builder.py to use ssh-keys and different ssh user 68fd625 re-add nlohmann::json as a fetched project from cmake db0c916 add modern cmake to ubuntu 18.04 build 9757c67 UB ASAN should not be enabled by default a8d4876 add UB ASAN build support c456a63 add UB ASAN build support 58d1f5d apply UB fixes in socle 0b320f7 fix UB - use of moved object fe62c3e remove remnants of --tenant-index options (deprecated already) 512c9ff build support improvement 5266c08 add script running docker images 2fcf772 add docker images based on compiled .deb packages 04bd488 if enabled, make ASAN to display leaks each 30s 3192932 remove -i option and add mandatory argument for -t c1d2fa7 add clang support 7ba1339 fix clang reported warnings (errors with -Werror) 8d6794a fix incorrect processing of -o and -c arguments (issue #32) 8f195cb ok - remove timestamp from build e373053 disable string truncation warning a287545 refactor init_syslog - use AddressInfo 29f9681 C++20 requirements 51499ac print foreground statistics 0f7114e adapt socle changes - loglevel level and topic atomicity aba028f fix compile errors on armhf platforms 6b62315 apply socle changes 7f64791 kb initialization fix - asan reported issues 1b3b930 apply socle changes ebd6b05 better SIGINT handling bf6b185 well, let's not forget TCP/UDP are L4 protocols :) 0c37340 FqdnAddress - don't lock DNS cache e6b4687 don't call sock5_handoff for UDP in proxy message handler b33bfb9 Add 'Coverity' cmake build type 0a1c344 proxymaker - use smart pointers a03e27b code improvements and modernization fcabd29 apply socle changes 0d57cae const-fu in CLI code + apply socle changes 2a5ee33 Service::abort_sleep() now uses thread_safe nanosleep() instead of sleep() 9b9283e rework and improve DNS refresh/expiry thread 77cbe1b adding forgotten patches for DNS server list 3274c9b when receiving DNS response, don't create epoll context when timeout is zero fc63343 fix crash when no DNS response is received, or destination is somehow empty 6c9ca19 DNS nameserver lookups improvements 624fed4 DNS - use buffer::set_at 4646fff fix sock5 premature proxying 7b675e4 socks5 - add is_ssl flag for future use a81c559 add routing setup - destination is now changed if routing profile is present a98641b add missing includes 07a3a3f cli/cfg - if new entry is added, add also 'name' and 'routing' entries 187dc9d Socks5 - replace SockInfo with AddrInfo 47d1288 apply socle changes (decouple SockInfo src and dst structures) 42fa84d current session counter 3608127 socks5 - improvements 96a00d2 apply socle changes 40aa840 apply socle changes 25eabd7 evolve and modernize lockable class bbda0e2 mitmproxy - don't continue with proxy() if from buffer is empty() 66d7b9c to_read returns now lockbuffer now 26f8ab3 keep core18 and core20 snapcraft files for reference a1695aa snapcraft - use core22 f11bf65 drop request when: 853f965 configurable option to compiler to unroll short loops f4175a6 add UDP optional data for session tracking 13c6213 socks5 code rearrangements 29676b4 apply socle changes 0a16526 extend poll timeout even further 5498e36 use new generic response mechanism and respond with a string (raw response) 6f07ab1 add more generics into http server processing ce39531 apply socle changes 2863589 fix GET responses baefd9f add some generalization to http responder 8ed671d use compatible variable time_t types + const-fu d4cd405 first UDP SOCKS5 feature implementation - incomplete dc948f1 apply all good changes in socle c91cb8f add socks5 udp receiver stats into 'diag worker list' b3ff203 set -Werror and -Wno-unused-variable 0b04a50 apply socle changes 8c50d5b remove MitmHostCX "final" restriction 8371957 fix SOCKS5 UDP thread startup 657a696 fix malformed connect response 83218af handle UDP associate socks5 request c9f2d70 tidy a bit socks code d8047eb infrastructure for udp socks5 support 088f999 better protocol visibility; set protocol from inspectors and also set sub-protocol for DoH bc8603f apply socle changes 834c2a7 apply socle changes 2e82a9a apply socle f07a284 supposedly innocent conversion fixes 6a699e8 build only Debug tests d7ec109 add cli 'end' command to return up, to parent section 4de1b9a fix compile errors when USE_PAM is disabled (it's enabled by default) c7b5a9b config syntax change - address_object 'type' attribute set to string: "fqdn" or "cidr" 6301f6f improve a bit policy list in CLI bd53c7a HTTPS API improvements 4e51390 enable CLI user login 6c5cf0c move enable password from CliState to CfgFactory 83a5323 add libpam (and its distro name variations into build dependencies) 082bdb5 add admin group mechanism 7288aa2 add test for group membership if PAM is used f8fadfe enable system level authentication using PAM (WIP, don't use) acdd62e refactor duplicate code into separate functions 1adeb22 small api fix 58d8874 API server changes II 7f05433 API server changes b276d68 move all http handlers out from httpd code to separate module b66ae3e code beautification :) b40310e add 'ips' into optional 'diag proxy session list' command 99d351f few code improvements 46d396d apply socle changes 7239776 const-fu 7870c33 apply socle changes 5e13263 apply socle changes 67bb313 rename/refactor SNI access functions 478c2c9 eliminate expensive dynamic_cast in starttls c65688b eliminate expensive dynamic_cast 230e2fd apply socle SSLCom makeup 9a97e3e apply logging redux in socle 2aed73c apply socle fix UDP bind->connect data race e4bd038 remove google default dns servers - complain if config is missing nameservers setting instead c39cbb8 http api - add /api/config/uni/get controller retrieving configuration parts in JSON 1b74e55 add libconfig::Setting -> nlohnman::json conversion function into jsonize namespace 76f7552 httpd api - add example query parameters d759ed6 implement API for 'set' operations ede13ae refactor some cli-cfg code to be generic to be usable with API 51eaeed cli - additional fix for config change by current update subscriber 3706443 updateboard - add mechanism to recognize current client changed the config e158108 refactor and generalize cli-to-config code to be reusable by API (and others) b5e095d reload CLI when config changes, sync with socle bca3688 CfgFactory::save_config - return bool, not int bb51f2c cli - mark config change on UpdateBoard when element is removed a524bf6 cfgapi - add more robust change/save detection 900f60d cli - add warning if config is changed on the background (ie. using API) ab07a9e api: add universal config element controller 7186d50 fix cfg_status_response 65b8890 add configurable option whether API should listen on all addresses or loopback only 93f0027 move convenience params and response to jsonize.hpp 33d3bea pass HTTP request body data to controller handlers e977f61 make TimedOptional::expired_at const (and return by value) 3d8e0cc add simple CLI command to display http API database 0989686 decouple CLI from config changes for ADD operations 401cf56 move config change from CliState (now removed) to CFGFactory b8f89c6 cli add refactor - working wip 1b6761c wip - httpd - oops, default timout should be 3600s 7ba0040 wip - httpd - token timeout mechanism added d7e1cad wip - httpd - log message wording 934bef3 wip - httpd: add http access keys support to smithproxy 28d0962 wip - httpd: log access and request violations 4fc97d3 wip - don't allow in empty tokens if db is empty 27dcb16 wip - tokens are now taken from CRNG via openssl 923c5ff wip - webserver refactor names ... to be shorter/nicer 89128aa wip - add access-level controller decorators 1b0a3a8 wip - httpd updates c7b5b61 wip - make http server data infrastructure 3f031de adart to lmhttpd changes 80a0552 use socle and refactored virtual SSLCom::ssl_error_details() 452aade implement logging event details data and its CLI support e670469 mitmproxy - refactor id policy apply code 42311dd small code cleanups 968d33d adapt to socle commit: modernize SSLFactory class 30dc095 smaller code cleanups cb027db adapt socle changes in TYPENAME_ macros II ef39271 adapt socle changes in TYPENAME_ macros be971fc apply socle 8329774 remove old FIXME comments, prevent lgtm to complain 2be39fb smarter kb/node quota management f701496 less demanding http/1 engine signature 4f619c9 make mitmhostcx final + code cleanups f0ecf35 add to auth thread also timeout checks 7ef3e1c socksproxy code cleanup 9b98bb5 fix http/2 frame parser boundary checks 5736ae3 smarter kb/node quota management a2cedd0 make KB and Node infrastructure to clean older entries + code improvements 2193d36 add basic CLI KB tools into exec tree 6d03895 watch your back and nullptr 6570e70 rename some kb files to node_* 4869d4e rename some kb files to node_* 10b14c4 add kb tree infrastructure + tests c2e3145 add config variables for engine and kb control 320ecd4 fix incorrect formatting literal 64d60df add events on smithproxy start and config save/upgrade 538b2bc add more events + socle sync d4e1c7e add some CLI commands to see/clear event list d1faba3 apply socle changes efc0fe9 apply socle changes 20a7369 set devel flag 76a0615 update release notes with 0.9.30 info (!) c06d00f removed OpenSSL 3.0.0 stuff 2 7e86fcc removed OpenSSL 3.0.0 stuff 2eb2377 more changes needed for ubuntu 22.04 ea7aaf6 fix silly typo d8b9d28 build script - dependency for ubuntu22.04 3be1015 WIP merge release and debug build scripts + add ubuntu22.04 build 89353ba update readme ### 0.9.29 2477289 version bump 65685d4 code cleanups ca7c9f7 code cleanups 828e6f1 fix http2 frame parser crash (uncaught exception) 2589ea2 fix http2 headers parser crash (uncaught exception) 8714f06 hostcx - code cleanups + socle sync 62ee116 logrotate.d fix 4c60a2a deamon - fix harmless leak on exit + append crashlog d4e511e empty buffer processing guards + socle sync e4d8bf8 set dev flag 7866a3b set dev flag 13d6de5 make http/2+DoH use of a new AppHostCX::MODE_CONTINUOUS 84ac61a http/2 + DoH work (wip) 446d054 ApplicationData abstraction now holds generic key-value properties member 911686e dns proto - const-fu in various places 57f50d6 don't link with libz - fix debian10 build 3ee5441 few fixes in snap and config reload d0514e6 update release notes - ... and snapcraft.yaml ### 0.9.28 6bd3191 bump version bbd1ade introduce http2 engine in release code d076539 apply socle 4603faf rename flow member element from flow_ to data_ - original name was confusing when called with flow().flow() from user classes 0d6065b add some more http/2 code (inactive atm) d1d6349 don't enable http/2 yet 17b5a3c Merge remote-tracking branch 'origin/master' 29730fd refactor http v1 engine to use buffers and string_views 22397e1 apply socle cleanups and add CT warning c572340 code cleanup ce6a95b remove a redundant shutdown call d033ff2 standing behind Ukraine 8c7ec0f accomodate socle changes 93e2099 ehm. no redis and use pool in cmake f63112e cmakelists - enable asan based on cmake variable ee9fd13 hpack - fix mem leak d650cbd sync with socle 5818de8 more hpack rewriting + tests 1a81e2f http/2 engine improvements 01c21d3 hpack - adapt to new header storage f9438cd hpack - change test suite to use header multi-value dc5c734 headers can have multiple values (ie cookie), use header string map to vector of values 5791318 hpack - fix testing suite data e377a02 fix use after free bug bccb898 beautify and rework tables (tables freshly copied from RFC) 8853c5d fix table size typo (+ tidy) 06afb18 logging capture tweak to compile with gcc 7.5 90e5895 ... of course disable http2 engine atm 5650144 more appropriate debug messages order 14b6917 hpack fix huffman table, tests 897f364 refactor HTTP1 code add add wip-grade HTTP2 engine (off in cmake) e679c8b socle sync b0d6302 add hpack - WIP - note it requires lot of work 606aacd refactor http1 engine into new sub-namespace and directory 627b9af replace logging level not dependant on host cx fdaf8a5 sync with socle d173163 add crlf when hex_dump debug info 79e8776 add boilerplate code for redis support a04663a Socks5 IPv6 features 57ee468 fix CLI payload dump, print limited-size chunks until 20k cap 6d155e0 add mitmproxy 'com.proxy.payload' logan 2ec65d9 add logging context filtering feature d660851 apply socle logan_attached wipe 227544c optimize and call authentication handler only on session start 7995321 fix total bytes counter broken by previous buffer fastlane patch 98bc5ce sync with socle c0d3a23 socle - optimize buffer handling: after certain volume move whole buffers 0959e34 reflect recent socle changes 80606d2 socle sync 6830c43 apply important socle fixes + some logging discrepancies c11986c fix forgotten unique_ptr proxies occurrence 6092bbd apply socle fix 378c4cf apply socle UDP TLC and add diag to see UDP connection cache 6c9c04c clear acceptor proxies when stopping smithproxy instance 022d789 netservice: fix missing unique_ptr return types from prepare_listener 3ec5599 asyncdns uses smart pointers 6da5a38 minor cleanups d7313f3 fix dns inspector to loop unnecessarily 81be765 refactor bootstrapping code to use smart pointers 407131d add forgotten MEMPOOL_DISABLE fffbc0f rename ptr caches to suit cli debug parameter setting 38abe82 add a new development option to workaround mempool allocation eb2a8fb add extra debug option to cmake 6cdbbaa mitmproxy cleanups 0df8d15 mitmproxy - use identity_ unique_ptr 3d00a6a sync with socle 0528d3e sync with socle bcd45b4 sync with socle 2a763ff don't inspect ipv4 broadcast and ipv6 local multicast b3302e4 socle: rename mempool_bad_alloc to mempool_error 59d077d toggle mempool exceptions support via MEMPOOL_NOEXCEPT define 6f44545 fix few coverity issues 5eb1b12 apply socle data race fixes 5b5464b adapt socle logan changes 8357f53 we cannot copy unique_ptr c986732 apply socle changes in logan 14b0edf apply socle changes in masterproxy 094ab46 apply libcli and socle ab38989 shutdown: join all child workers 458e5ff join correctly all CLI children threads on exit d84ee50 return created callback entry reference e7c790d socle changes 28f3149 MasterProxy: apply changes due to persistent thread spraying in masterproxy 7c82b17 add settings/tuning section 7741157 socle: for compatibility reasons remove arguments for nodiscard cb0e1ab apply socle changes f6fac2e improve some diag commands 3f2a19d make 'diag proxy session list' print SNI if it's available 632790c apply socle changes 6b50705 make DatagramCom database created on demand on heap, not in global static storage b1065bc add experimental framework 8722e97 add helper facility to install git hooks on cmake run 2025111 flag should be in double-quotes 06e3c03 add support for experimental code which won't appear in official packages 2b4bd67 more fixes regarding /var/smithproxy 8e052a1 fix also apparmor 4e9374d set also captures/local/dir to new default capture destination directory e030b4a prepare a ground for privilege separation 49cd76b set default capture directory to /var/smithproxy 2d7aefc modify smithproxy to log into /var/log/smithproxy/ directory 071bc6f cmake: add helper to create directory, create /var/log/smithproxy/ on install abc7cf0 disable python by default, it's not doing anything useful atm b065ecb improve significantly CMakeLists.txt - USE_ flags are now easily tunable 7af41b3 improve 'show status' CLI command 1802cde fix linking problem with SmithProxy::create_api_thread if USE_LMHPP is not set 773e47c fix null pointer dereference 26562fb improve cfgapi apply code to not contain raw pointers 8a1fb52 fix python script profile which won't compile in 937d373 set dev flag 02dc8da remove last uses of NULL 340b7bd code cleanups in diag_cmds e49d29e sync with socle changes 4dce1fb add CURL_UPLOAD_OPTS support also into createdeb-debug 0ec67a8 update Release Notes ### 0.9.27 d4a43bd hotfix release 0.9.28 540dd25 add CURL_UPLOAD_OPTS ARG to Dockerfiles 11892be honor CURL_UPLOAD_OPTS config to support custom curl upload arguments 60455c8 set dev flag 34fe584 update readme ### 0.9.26 b76bcb9 bump versions to 0.9.27 9bd6a6b fix previous rushed patch d7d21b0 perform schema upgrade from versions with no schema support b0efd9e snap support improvements f964948 gre export: refactor and install exporter also to pcap_single instance 94b71b4 pcaplog: fix IPv6 file captures 8aeb6bc apply socle fixes 073dd70 apply socle fixes 2b9b7f5 pcapapi: change ip hook API and use classic interface-like approach 0a2b4b3 apply socle changes 5f9bd81 add support for "remote" capture only e34d6dc default config: add captures section b9ad738 deb postinst: another shell script-fu ba4cd9d deb postinst: don't use bash double sq brackets 773e7dd deb postinst: create default capture directory 1f41b50 make default capture.local.file_suffix empty d53cdfa cfgapi: remove "tun_src" which is now no-op (it can be added later if needed) b4a134b add an option to capture to remote GRE 2a010e6 fix missing character in variable name 970342c sync with socle updates 5e16177 improve file prefix/suffix logic - filename extension is added automatically - suffix is added to filename base at its end, before extension - it's OK if file_suffix and file_prefix are "" d0322c0 capture profiles - add helper to retreive file sufix 88a4908 separate routing setup 978157e update schema version c5a2dbc add captures.remote attributes f0c7e06 allow ":" in existing object values d7afe45 upgrade schema to move local capture options in a new config section 9fcb72b fix cligen - don't mask all variables if exact match is found 7e97e47 add 'captures' section in the CLI - II 94d414a add 'captures' section in the CLI a6648bb apply socle changes 3cd901b code cleanups in proxymaker 5b98f6a fix debug section was actually not loading 4303f5c move capture variables into separate structs and save new config section 6217b6a apply pcap TTL sanity socle fix afe4634 decouple config schema upgrade from version string 5685479 add socle changes into smithproxy 7863723 add socle dev flag 2271702 apply socle af72c47 deb: make postinst detect if systemctl is not present f0512e2 use https to download from github 2251bc7 fix copy-paste typo in createdeb II :-D f00c429 fix copy-paste typo in createdeb 7d3abef add source tarball upload dec8d71 install system units and enable them on .deb install 7102e6c fix smaller tenancy issue in network startup script 26c54e2 don't install init script on debian and derivatives 47d4c3e set devel flag b8cae59 add systemd units c6bad62 sync with socle 9c8e56b cfgapi code cleanups 0f7cc27 move statement 'using namespace libconfig' from headers 5c82c46 update Readme and Release Notes ### 0.9.25 516bb5a make a new release 2637d64 add more mempool tests babf1c5 add mempool test + fix data race aa56628 add mempool test + fix data race e43c155 add dnat routing l3 and l4 scheme 60f8b64 add routing profile ability ... route 13a34d9 some cleanups dc01bac cli prompt shows tenant name if non-default 9578156 add new function to expand addresses based on list of address_objects and protocol family 9419a36 make a little trick and let CIDR_PROTO match AF_FAMILY values 0f37ac8 write pidfile also if running in foreground c7a45c5 tenant index is unsigned ab0f7c8 check pointer, thread joinable state before actually calling join dab9628 fix tenant cli - operates on base + index port d5ea6c7 clean return instead of exit() b9c9834 support loading smithproxy.tenants.cfg f3f7c87 add facility to read smithproxy.tenants.cfg 2100452 dns - refactor and cleanups 5dd8121 DNS inspection - erase cached response if received 722563d refactor address object handling code - less free form allocations, more RAII f944622 add forgotten policy rule constant fae5442 refactor CfgFactory b8c2f3a refactor PolicyRule 991148c add convenience RAII 'allocated' wrapper with deleter calling free for malloc legacy allocated elements f3d85c0 add policy tests in CMakeLists.txt 8023840 add some policy unit tests b09fa94 use raw::allocated for strings from cidr:: legacy code, avoid manual free() calls 2c96aa3 const ref - fu 4b015b0 sx-builder: add --cleanup option to purge host system docker 4791d9c sync with socle b853e04 don't copy logans 2d08dc3 mark dev 60d4d69 add a new building tool sx-builder.py 8e1ce83 update snap 90c12a3 update 0.9.25 release notes ### 0.9.24 b618d00 bump version 1a4cee7 hotfix: fix 0.9.24 startup issue ca500b1 update 0.9.24 release notes ### 0.9.23 67918bb bump version 17b207a udpcom: fix heap use after free 064ac2b apply socle changes and set dev flag 49fa9a6 improve TLS profile application + support wildcard domain name in policy match TLS bypass (configured in tls_profile > sni_filter_bypass) 6ff2226 update socle 9f7728e don't create logans on each profile apply function 5f366b2 add SNI bypass FQDN address object e25dc63 fix missing error message if routing fails 3ad7903 introduce routing feature 6c76b19 fix CLI crash on edit policy if non-number is entered b903078 add facility to easily t-proxy all UDP traffic (disabled by default) 2179ba0 use proxymaker on transparent UDP proxy 474f98a make proxymaker more generic c8771b6 - fix minor leak if TlsProfile is not loaded with success, but it's not destructed ae7b102 - fix 'add' command on empty section side effect: 'edit' and 'remove' are present too, but are no-op, since there is no args available 6341114 add routing profile, and config section d8acf11 apply socle fixes 9c9c8d2 update README ### 0.9.21 c1ffbbb remove dev flag f302cd5 update Release Notes f9f7d33 pcap filesize quota set to megabytes (instead of bytes) 4c694b6 fix logfile permissions to 600 d2257fd add logrotate script ad3fca9 refactor proxy setup procedure I 0d9f466 to get session list, don't walk sobject db 24e4a4f add debian 11 docker builds 39d5706 add few more items to rest ping response a5549b0 open wide CORS policy 33f4612 fix new pcap file permissions a9cac05 update Release Notes 787af70 add proxy oid to json response + allow to find session by oid 3b07de5 apply socle 20eb7fd move json producing code into specific jsonize namespace + introduce proxy list JSON API e915802 small tidy-up 7f01075 use new socle changes 7f38d6a move cli thread components under service/ dir where it makes more sense 73f17d9 json diag ssl cert print d3f4eb7 create generic json responder 36a1666 bump version ebc2fb3 json ping response c1747da add possibility to set response parameters and option to listen on loopback d83d04b add license and include guard f471ed8 create dummy http server 1221aa3 add optional terminate check handler 323f987 build dev snaps now on again 10958b0 allow snapcraft to build 0.9.21 from master tree 87c31cb update Release Notes a930009 update Release Notes b3c4c6f make Dockerfiles support custom branch build 4176ebf Create codeql-analysis.yml 7201646 add libmicrohttpd dependency 101c251 some more buffer len control in external libcidr 7230c58 add jlohmann json header 534ed7d use strncpy in external libcidr 6213c2f Create flawfinder-analysis.yml c78961b update info files ### 0.9.20 bac27e2 add custom branch support to build Dockerfiles af9f345 fix pcap file rollover race 5393ae6 branch out release-0.9.20 63ec5d9 apply socle ### 0.9.18 86c964c bump versions 23b9f7e this single line makes config not load with misleading warning: Fatal - [service]: Setting not found: .starttls_signatures 1633d87 make pcap_single default writer output 5cb7813 pcap: close the file before rolling over fdf5d94 apply socle 886ba40 simplify and remove redundant code b37e9bf make host and proxy label a bit nicer 633631e add more writer comments ae88771 actually write cached response b36fd9e add API to dump cached responses (affects both smcap and pcap writers) c6fca27 apply socle improvements 859363c implement support for PCAP_SINGLE file automatic rollover 6681a67 make more robust capture options structure (don't keep it in members directly) 7883a02 cli: rework value filter to support very large integers 10483f3 allow pcap_single file rollover using CLI command 06335f9 introduce httpd service which is not yet even compiled in - disabled on cmake f37e435 introduce httpd service which is not yet even compiled in - disabled on cmake 45919ce add lmhpp module (not used) 1fcf3ce add socle changes 3842422 remove unreachable code c896d2b be more expressive 24e97b1 apply socle fixes f37d2e2 update snapcraft.yaml d186016 fix signature save issue 4eee996 apply socle fix 0a7b4c9 socle changes 9405859 apply socle changes e162c8a update Release Notes 74789c0 apply socle 2b49ebd bump versions 43494ce add CLI support for content write format 359d4ff apply socle 9bc69ce WIP - make pcap_single work too fedd2a9 content profile - fix typo 2e64744 apply socle changes 1da8869 add option to hex_dump to add CR before LF 37ebc9f apply socle fix d053010 WIP - pcapng files are now created, but content dump is not correct - TBA cf1754a apply socle cb72e88 refactor and rename traflog to SmcapLog 42d4f14 apply socle changes 61449fa dramatically simplify and a bit improve threaded file writer 2f464eb socle updates 41ef1f7 save write_format into the config file 0eae6bb add needed mechanism for config file versioning 8b38aea prepare mitmproxy to switch traffic dumper based on format type set in content profile 6717307 hold unique ptr of base class 4e412a9 socle::raw RAII guards 54f3850 socle update 93af1b0 traflog refactor 6e4728f mitmproxy - code cleanups 4d39331 apply socle changes 6a9b893 add pcapng writer support (including comment options) 6549d1c apply socle d02fe52 apply socle df74919 add pcap writer initial test coverage 89df149 apply change in traflog header in socle f733054 cmake - use backward compatible 'add_definitions' f55772a make project compile with GCC 11 c0ca984 apply fresh socle a2750f2 ignore SIGPIPE 02583a8 apply socle changes af531bf epoll minor refactor e2ed5f9 logger improvements 16b4952 apply socle 4166d21 refactor rename 'logger' to 'LogMux' and LogOutput to 'Log' d053bcd fix type conversion: writecrash - size_t is never negative 3be231f remove -Og which broke my debug sessions 9d9ce1d socle bump 4999110 more type conversion and return type improvements (breaks API) 670a72a socle sync bb5c067 add peering tests into cmake 75a9895 no peering.hpp yet b8619ce no dohinspector yet please e833322 handle better epoll_wait errored sockets ### 0.9.17 98780e4 fix diag sig list - should display all signatures, not only base() and tls() 9e45b8d better diag info about engine and signature match 03f6fa0 wip - refactor mitmhost to support engines in process_in() call 63b3718 apply socle f41e457 bump version due to API change c42d1e9 socle API changes 00d84c9 refactor http1 engine start function 0f97bd6 add some (compatible) optimizations into debug builds 84af228 fix incorrectly saving signatures (introduced with signature groups - 0.9.13 not affected) 1df27d0 refactor on_www_detected to more generic engine approach 437df96 add 'engine' signature attribute to trigger custom code (engine) 0f783f8 add basic http/2 start signature (prior knowledge) c5e4ee5 add configuration variable into TLS profile to control ALPN block 5f5af86 apply socle 37083f7 apply socle bc3ad8d display alpn in 'diag proxy session tls-info' 9a27131 add TLS parsing test suite 110a06b DNS fixes and improvements 73baf6f DNS fixes and improvements 868ad12 platform independent size string formatters (fix compiler warnings on ARM) 21a2aec cli 'test dns' : don't use 'select()' in 2021 49de5f2 add DNS tests + fix string tests which were broken before c27ab14 dns: changes code cleanups II dcd59c5 dns: add convenience to-string functions 6cdd104 code cleanups ### 0.9.13 e97ace7 socle and version bump 3b6ff97 socle and version bump b8e4825 CfgFactory change II - fix previously related patch leftovers 5f8dd8a create DaemonFactory instance on healp instead in static storage 73e7f07 CfgFactory now uses init() to initialize - API change 2fdbf9e logger internal change + API change - now it initilizes with init() - call LogOutput::init() at start of main 197ea1d close ony valid crashlog fd eb13bcc socle bump 1a3b132 code cleanups in inet namespace af7ac86 signatures - fix logic error in returning signature group 93adad0 add 'diag proxy session active' command to display only active sessions b262a34 apply current socle ecadf0b detect starttls only on first 10 client/server data exchanges 971551b signatures - add mechanism to enabling custom groups a088f15 wip - signatures are now separated based on their group 0d58807 signature tree overhaul - phase 1 8d76b75 update socle and add "group" and "enables" signature attributes ead6c0d update readme with API change 7282361 bump and apply socle changes 2408543 apply socle changes b1b4bba add strong stack protector to Release builds 3c57711 add Release build docker host script 88d055b release notes update (about skipped version) bf05f50 apply socle changes fd27daa class logging name refactor - API change 6781e79 optimize-out some debug outputs using _if_deb 5ffc0b6 remove unnecessary inheritance 1aaf674 remove raw pointers from mitmhostcx c7c5aef apply small API changes in AppHostCX ac8e3a7 remove empty interface methods and their calls 0f512d8 add DoH signature a4d816f dns code cleanups 5dff223 use unique_ptr for com_ in hostCX ac6a8e2 apply socle changes 1965ae4 add dev todo file 49756af remove unreachable code c95cb25 move global loglevels into their own namespace socle::log::level f2cb10c apply socle changes 531e216 huge -Wextra and -Wpedantic readiness code cleanup d44af65 code cleanup in appdata 7f37a5a apply socle changes df24d6d apply socle changes e446dcd make staticcontent clean its pointers on dtor 4f60124 smithdc tool code cleanup and fix most of the issues 4358355 apply sigslot removal changes in socle 5c15b03 remove sigslot library (used only in smithdc) and use C++17 lambdas e831026 apply socle version db77334 bump version due to API changes b7f0bd8 fix incorrect copy assignment operator 5539184 remove default argument from virtual to_string(int=iINF) from all places 55253bc Release_Notes update 8d640c8 apply socle changes 4574931 remove deprecated logging macros + code cleanup 7c3f4f9 apply socle changes f35e238 move socle::meters to baseProxy 6c7761a introduce cli 'toggle' command c0c3e0d refactor and add more generic CliCallback interface c96d355 refactor return value (not needed) fbe2e45 update release notes (to work around -0 version) ### 0.9.12 270703d update release information 710d7bb use new socle version 7d1d055 log changes in Release_Notes.md 30b3f75 apply socle changes 0f86b27 fix - dns inspection: add NS as allowed type in response authority section a339333 fix few coverity issues 7782c94 bump and snap 428401b simplify snapcraft.yaml f5b1b2b snapcraft: build a 'release' release f2ada48 release notes and snapcraft changes 3f212f1 code cleanup - refactored libcidr into its own namespace 6c72fbc add diag command to clear tls session cache 17acd62 apply socle and bump snap 09bfca0 improve some stats and list commands related to ssl ba9ad0e update release notes c3e6c7a print session info only for ticket and sessionid 0080bfe fix coverity issues 4c811f2 Merge pull request #24 from astibal/cache_up 093f54d switch to libcli/main and apply socle changes 05aff81 refactor ptr_cache DataBlock stored as a unique_ptr instead of value 0e99821 instantiate pool as a first thing in main() c62a015 use lru-mode ptr_cache as certificate store - seems to work ok! d0d85ed initial, counter-only lru implementation into ptr_cache a878fed refactor socle ptr_cache + some coverage tests 7bf4864 bump and snap 2c90a74 Merge pull request #23 from astibal/portal-split d04f764 add back pyparsing to pip3 deps (pylibconfig2 requires it) 1c3c723 note in README.md that since >0.9.12 is smithproxy_auth optional package 4eb72b6 remove m2crypto and swig from alpine part of linux-deps.sh 9a84b02 compile clihelp.cpp also on alpine (include libgen) 92af056 compile cfgapi.cpp with newer libconfig 539b63f fix linux-deps for debian10 7e1e6a7 fix control files II. 11b05e7 fix control files b9dd50f remove unnecessary -dev package dependencies and invalid compat level 46facd1 remove some unneeded deps or move pip deps to apt deps 5985032 fix createdeb to download desired branch and not always master a712373 use local askbot 878389c move askbot functions to core python scripts bb15829 remove unnecessary pip packages from postinst 381f8e3 remove python posix_ipc dependency in core package 01b9446 remove python lxml dependency in core package 055d9ff remove spyne c2d9088 remove zeep dep f484ff6 remove python-ldap dependency e1d2c2d remove docker/_attic d1d1899 remove pyparsing and fix debian/control 512f3ea remove old deb building scripts 9eaf4fb fix some typos 068b220 docs/ directory desperately outdated - atm remove old stuff and add link to help resources b20c843 remove portal from smithproxy 092db0d revert back build script cf33153 count releases from 1 because of debian rules ### 0.9.11 a6bfee4 0.9.12 release a6cf78b release candidate 2 56b6ec2 release candidate 2 275935e fix missing 'add' and 'remove' capabilities for most of profiles 04475b6 fix cli issue when 'set' command appears in sections with dynamic groups 49433dc add more CLI string convenience functions 9a570fb correctly propagate policy allow_* exceptions also for config without replacements a2afe8e correctly propagate policy allow_* exceptions also for config without replacements 57e6d25 correctly propagate policy allow_* exceptions also for config without replacements bab0c3e fix #22: honor tls_profile allow_* options b9e3795 fix override redirects - redirected always to /, which is not necessary 55131aa strings version upgrade (keeping 0.9.11 git tag until final release) 175f786 apply socle: fix cpu spikes when right connection waits for left's ClientHello peek fd42bf1 fix copy-paste mistake 8323fb1 bump and snap a6de054 add suggestion generators for set commands a1a0453 add convenience cli string functions 5f115b7 generate set commands for editable templated entries 533a94e bump and snap 9420413 add rest of settings + proto_objects, port_objects and some policy value checks 87d9f68 construct CidrAddress out from string directly 37522e6 fix regression: replacement of course can be an empty string 9bfcb92 add some test coverage to addrobj.hpp 6a43880 bump and snap bfd3c24 when smithproxy starts in the foreground, print out listener count to not stay totally silent 86de5e6 avoid std::cout use in library code unless necessary ef8c7fc pid file handling and smaller tidy-ups cfa7b45 cmake - run gtest only if present 5d6c844 add coverage for sx::str namespace 7f6947a fix sx::str::string_replace_all busy loop 958573e fix stupid typo a6f1dff separate debug and release .dpkg builds 9ccb67c bump and snap e9cb095 update release notes 6f6315d improve cli value filters: now filters can be chained and modify the value bd685d2 rename cli/ directory to cmd/ 4533233 mark bailing on smithproxy normal exit to not deadlock mempool 5a3c3f0 don't use libunwind for release builds ddfa7ce solve ugly crashdumps - now they are beautiful b65b040 let's not use copies of DaemonFactory singleton, please. efd84b4 add cli 'execute shutdown' to terminate running smithproxy process 65048c7 make openssl allocation calls via mempool if MEMPOOL_ALL is defined efbc897 move crypto mem check from release builds 48ced10 SSLFactory - pass pointers as values, store with smart deleter CertCacheEntry a05ab9d bump and snap 4f7ac8b add facility MEMPOOL_ALL to replace global new/delete to mempool 863f197 IMPORTANT FIX: memory leak in sobjectdb 7fbfd97 tidy args c0e8689 use malloc_allocator for MEMPOOL_DEBUG map 71216b0 for modes without MEMPOOL_ALL return to crash-less terminate f81f946 canary.hpp missing include guardians a37c836 add MEMPOOL_ALL experimental option d2df45b apply socle 2520e9e add various compile-time options tags to 'show status' 04d5d01 rename _private namespace to deleters + add ::free deleter for specific non-new/delete use 5c90174 bump and snap 8af81d6 Merge remote-tracking branch 'origin/master' a6eabc3 use utils/ + generate chain of all options for cli 'set list_variable [a1, a2 .. aN]' 036f654 use utils/ + generate chain of all options for cli 'set list_variable [a1, a2 .. aN]' 339c397 add whole lot of utils 83af416 bump and snap 677e2c8 fix policy removal 2f01e6e on element removal, remove also 'remove' command b2095d8 when adding a new element, also save cli_command 9433092 migrate CliState to thread_local storage (all cli_* are invalidated on thread exit) d237e01 generate commands: add also callbacks when adding section cli_commands d009b65 apply libcli 4065c8e report running config change only only once 6157c7a apply socle changes 8b4b536 CLI improvements 4cb658d new download server links 9ad48e8 update ctlog download script with the new server link 0031747 dockerfiles should initialize build args 69badeb build dockerfiles - add proxy into apt config if 'http_proxy' build-arg is present da749df bump and snap 8d37e18 add better facility to check values before they are set in the config 773838c time being, remove possibility to delete or add signatures (they need a different handling) 8dc0282 add to codebase function searching for cli callback for templated objects 21831b5 snapcraft.yaml version update d370000 cli - make new policies editable and others removable 58d196e cfgapi loads now policy correctly when profiles names have empty string d453048 move commands use separate function d282fb8 add hacky code to allow moving newly created policies 9374309 allow empty string values and return true 9a79901 fix small issue in generating checksum for latest dpkg 4014f30 various smaller improvements 81b4adc add CLI 'policy move X' commands up, down, top, bottom 053e099 snap version 7700e64 fix: cli editing works only in first cli session f8d4cd0 snapcraft bump a2bd484 cli improvements 92206e3 Release Notes update 3380f9a make move cli command really move policy bce58e6 refactor and some some cfg operations from cli to CfgFactory 53ba647 add policy 'move' command 6dd4efd version fix in snapcraft.yaml 9daf339 fix header git version checker 1b20704 new policy now can be added via CLI 9e97d49 don't allow trying remove nonexisting elements ff344ea add 'disabled' and 'name' attributes into the policy 342572a fix logging protocol reference 7233bee add --shm-size to startup script to avoid sigbus crashes 1736dbd build script - ubuntu: more apt less pip3 aa4f5d5 build script - alpine: use more apk in favor of pip3 b5cd572 rewrite parts of CLI, mainly add/remove/edit fa002be add 'remove' support for policy section 46b8e03 add policy map also to the list - this is change needed to generalize policy to be used as a standard CfgElement d76fb21 update deps script and Release Notes 8ef81d2 update Release Notes cdfaa13 code cleanup 6428430 add cli 'remove' command check for element usage - used element cannot be removed 61a67f0 make all dynamic configuration groups generic CfgElement maps 950c04e make proto and dport CfgElements + make usage weak refs on load c22db48 rename dependencies -> usages which better fit the idea de5bc4f add more infra to dependency checks + move around some code fa9bd3e mention 'remove' in Release Notes 100db64 use CfgElement for all config items in the policy 5e5e581 make AddressObject child of CfgElement 3d5410d reject reserved names starting with __ in 'add' cli command 7046940 ignore reserved names starting with __ 08f4621 refactor profiles and inherit from new CfgElement parent class e4c6b3f refactor and move policy profiles to its own header 42372bd 'remove' cli command works without reference check c7fe8c5 add dummy tls_ca cleanup in cfgfactory dfd5fc2 generate add even if section is empty 171d23c add 'remove' command hooks 0edfb52 cfgapi add dummy tls_ca handlers c53587c refactor and move CliState to its own header e78b6a2 add 'add' CLI command to Release Notes bdb00e2 improve policy match and add fix l4 protocol match 3d84ccc add into policy match in cfgfactory also policyrule context log message d96e7a2 code readability improvements c66c38d improve 'add' cli command handling 1e094f0 addset default ... to default :) 7646e59 add the add command into CLI - new objects can be created with default values - wip c36eeb2 add methods creating default instances of most CfgFactory objects a82e6f0 remove unused cxxopts.hpp c5a528b remove unused argparse c945f77 be more strict on pidfile removal - it must contain value of non-existing process da2d463 don't remove unowned pid file - fixes various issues with startup c1f796a daemonize: move exit() from master after fork to main() so we can better cleanup 78ce4ab improve smithproxy startup 5a43302 change project read me - technical information will move to docs e72c480 fix underscore issue in snapcraft.yaml 2401864 add CT support into snap release bf92586 add CT support reference into Release Notes 930cebd add CT support reference into Release Notes ce41489 add save/load/apply support for tls profile CT support c8d82af add SCT debug info to 'diag proxy session tls-info 8' 235fd42 apply socle - add some more CT logic 4a390fe add some more CT logic 5564b8c use BioMemory in CT debugs a1acece add certificate transparency feature from socle 124e4c2 remove no longer existing testing docker tag 21892e1 Release_Notes.md updates 9e71429 actually we always want to overwrite Release_Notes.md 2576fe4 add Release Notes and sha256sum package upload 46276a7 cmake split ed944a3 handle 'cannot bind' situation correctly 9e4674f testing tag no longer exists ecb62f3 add debian build Dockerfile 1d684c1 docker hub dance 63ba9de reorganize structure according to working examples on the net f280b99 docker hub build override 2 64bec86 change hook variable 2f233c5 fixing github build hook 1 99689ac add forgotten shebang to the docker build hook 3996da9 add forgotten shebang to the docker build hook 373a18f add hook/build to support hub.docker.com build variables handling c77ad56 add Ubuntu 18.04 into automatized builds 262362c remove remnants of old building system and add ubuntu20.04 fully automatized build docker image 96b918e better package building script 9d644e4 apply socle changes ### 0.9.10 c48684e bump version due to important fixes in socle 4ba4bea move regex compiled strings to static storage and fix alpine/musl issues ### 0.9.7 cf7e596 bump versions after io2 merge df9cc07 Merge branch 'io2' 3f9af66 Merge branch 'master' into 'io2' to resolve conflicts (use already merged socle/master) 66b501d fix crash on smithproxy exit due to destructing un-joined thread be95141 make "show status" cli aware of new acceptor x workers mechanics 9622c09 improve startup scripts + make them follow new accept_* directives in cfg file 884140c introduce new switch to enable incoming acceptors d8344eb bump socle 9cb8d0b move generic worker initialization to (another) parent class 6baf147 fix wrong workercount argument passing plain setting to tls b317089 socle updates a75e415 socle updates 4555dfb Merge branch 'io2' of ssh://github.com/astibal/smithproxy into io2 58c5b7b socle bump - fix some theoretical deadlocks (never reproduced, detected by sanitizers) 2799d8e fix socket handling in SOCKS proxy code + ARM fixes 36f326c improve cli 'diag worker list' and don't lock across cli_prints, to prevent dead-locking on CLI socket I/O. 7558bc7 add cli 'diag worker list' which will traverse acceptors, workers and their proxies. 9638653 fix: add worker threads to list as intended 0ee8745 refactor and adapt proxy_type enum class into regular type with to_string method c8e4e9c fix and improve incorrect "diag ssl verify list" output 83bd280 apply socle fixes 39b5155 add canary check, enabled if MEMPOOL_DEBUG is defined b9379f3 create canary class to better handle with canary checks 7c49114 reserve vector sizes to avoid many reallocations 9681a55 adapt CLI to mempool 2.0 29ed6ee UDPCom::shutdown add extra check and remove virtual sockets from in_virt_set e6fd8ea udp - log when writing to pool without real socket (io2 branch relies on it). 8ba4eae DNS inspector - if response is not cached, reset previous cached state 3373fb7 UDPCom::shutdown add extra check and remove virtual sockets from in_virt_set ee3ab99 fix memory pool resource leak in receiver (udp) worker thread 787cfc9 apply socle 6012549 apply socle 18cfdf7 tiny tidy f4d6481 adapt to changes in mempool 5c68daf udp changes 2cb2229 baseProxy com() operations on virtual socket also applied on real socket if present 5d5aad1 better logic to udpcom::in_readset 2dba09c add udp entries stats to CLI 1839e5a make redirected udp work ff38deb remove libcli dependencies (we use own libcli fork) d0b0dad get rid of all unneeded libcli tooling 52e6682 wip - don't use - don't idle out bind_sockets (they wait for incoming connections) a0fd337 wip - don't use - revert back testing redir script 4a2f449 use epoll() on linux instead of clunky select() fbf6ea2 wip - don't use - add idle check to baseProxy::run_timers() 8de2f50 make udp work eff4ff1 refactor sockaddr_storage helpers and merge them with packet_info into new SocketInfo struct 0e99bcf wip - don't use - move embryonic state from datagram entry to udpcom.hpp f598afa wip - don't use - removing some unused code and template args 7fcec3d move CLI thread start at the very beginning c790206 fix old on_left_new_raw version 296e4dd we have to max out opened file descriptors (proxy can have opened many files/sockets!) f40bf96 wip (don't use) - whole a lot of changes to make work N:M acceptor:worker design c6d7c9c wip (don't use) - likely contains data races - sync with socle - UDP doesn't work (to be rewritten totally) 8e3c189 wip (don't use) - likely contains data races - sync with socle - UDP doesn't work (to be rewritten totally) bb212ad wip (don't use) - likely contains data races - UDP doesn't work (to be rewritten totally) 3d220fb wip (don't use) - likely contains data races - sync with socle - UDP doesn't work (to be rewritten totally) c230eea wip (don't use) - likely contains data races - sync with socle - UDP doesn't work (to be rewritten totally) 134198b wip (don't use) - likely contains data races - mutex-protect bind_sockets against concurrent accept() calls 93fecd0 wip (don't use) - likely contains data races - fdqueue wrapper mix-in class FdQueueHandler b302d55 wip (don't use) - likely contains data races - shared socket queue 28b3223 wip (don't use) - contains data race for udp (and possibly also elsewhere) c9a15a0 wip (don't use) - fix immediate crash on dangling reference c0a3b88 wip (don't use) - make acceptor thread a vector of threads dbfb0bd some rearrangements in socle 39e0273 create custom mutex container 11931c5 baseProxy - adding listen() call, creating cx for already existing socket ### 0.9.6 f9ad8a2 bump version due to important fixes 86b9c3f fix socket handling in SOCKS proxy code + ARM fixes 6e0926f bump snapcraft version 6831452 apply memory pool exhaustion fix from io2 branch 7dbce9e moving files and moving to ubuntu20.04 as devel platform 92c7e32 moved, unchanged docker launchers b62fce7 add debugsx.sh to docker extras b3b908d better way to build and run local src debug docker c88e921 ubuntu18.04 flat debug build 1b2328a ubuntu20.04 flat dockerfile e2585c2 ubuntu18.04 flat dockerfile ce56f15 fedora flat dockerfile 0ad6410 debian flat dockerfile e69ca98 openssl package was missing in alpine 9f79312 alpine flat dockerfile f92311b bump socle submodule 6241ab3 fix SNI bypass 083f48b replace sref with shared_ptr to hold sni bypass filter 56c1be5 don't create DNS_Inspector with each session + policy apply logs 686e28e don't send data if marked dead (possibly due proxy is dropped for reason) ab1da9d fix broken dockerfile deps - one-step build 5f89081 DNS inspection - use smart pointers b6cb4e7 protect socket set with mutex 8a09961 deploy new snap version ### 0.9.5 bb6d38f use fixed 0.9.6 candidate 0ea3b3f fix a typo 0496851 0.9.6 - fixing various issues with capture saves and ipv6 651dea4 add ipv6 into policies to follow same defaults like ipv4 19f2b58 include ipv6 into redirected traffic 7c9c4b0 add post-refresh hook to update certificates ### 0.9.4 90e54b3 bump version to 0.9.5 06f1b63 sync with socle 15d0e11 add more sanitizers (commented out) 761313a use new baseHostCX::io_write() and break possible recursion back to apply_verdict() 3125eae snapcraft mask out some unneeded snap commands c565f71 fix crashing crash handler, please! :/ 952c90b use correct std::string constructor (and fix heap overflow) ### 0.9.3 bbb5dd7 bump version due changes in config file variable and its default value b57875a make .deb generator great again and fix build/postinst eb7fdef beware: important cfg entry name and default value changed 79adf9c improve snap description ### 0.9.2 bc3d7ef bump versions to 0.9.3 13406e6 craft the snapcraft.yaml I. e67485b another snapcraft to add lxml to python deps 9cbf68e snapcraft - try to install dev libs for other platforms 9f334ac fix root ID detection 33df1f5 working snap with few cludges and missing features 3b6045e fix double free in dns code 5cefe45 fix *many* data races bd3ede1 add commented-out lines for thread-sanitizer 475978c fix a typo ... cdda678 adapt to even stricter rules when 'id -u root' is not returning anything (assuming 0) 2915561 add more python deps 3af4a8f call user id with number, not with name (some versions don't like it) c587f1d add libffi-dev to support arm platforms b30ef1f push socle submodule hash d71fc43 ocspinvoker demo (commented out - wip) 1cb6c28 cfgapi run cleanup in d-tor 2e9960f unlink pidfile in destructor 60b5a26 make cli server gracefully finish on smithproxy.terminate_flag 4ee4571 fix cli mempool trace output (if enabled) 54309b7 prevent rare mem leak in DNS inspector 98bd322 cleanup SSLFactory code d841dc4 improve snapcraft.yaml (still wip) 3ba5341 fix cmakelists: add debug flags properly and don't overwrite existing certificates on install e527b05 fix typo with wrong redirect port for dns redirect f37cbeb snapcraft changes d42b78b this compiles, but paths are wrong c6d2566 some more work on snap cb8e47a improve startup scripts and tools ed73d27 some cosmetic changes fa206c0 fix CMakeLists.txt 9362531 snapcraft requirements 3cfba69 working (surprisingly) snapcraft.yaml 6e27395 add snapcraft.yaml 6b6a99a remove redundant code block b4777f3 after setting 'other' value to ttl, we have to save it to settings profile to actually use it! 1549d09 commit socle submodule 3ec9930 improve sxyca and cert generator 9d6e988 add simple sx_certinfo util to display CA cert 0045389 add 35k and 50k pages to mempool (remove "big" pool, which was no-op) e0e6da4 set default nat type on policy to auto (interface mode) ee33578 fix error flags according to changes in baseProxy 63b295c apply socle changes cd85b3d add ocsp invoker to CMakeLists.txt 4ab6b46 add factory class AsyncOcspInvoker which should make use of AsyncOCSP even easier 8844844 asynocsp - fix typo and yield string of yield, not fsm state a8a703d add some logging + don't iterate behind end of map 2f28400 small rearrangements ### 0.9.1 f352e98 adapt linux-deps.sh script improvements into separate distro.sh (needed somewhere else, where don't need inter-file dependency to avoid source duplication) 07f5276 bump version cb6c4bc re-add back debian binary package scripts 4c13970 building from sources notes 0e6d84d automatic expired dns cache entries removal (interval between 10-300s based on min TTL entry in cache) fe8cd91 clean-up in certstore 57fbc8e rework/refactor ptr_cache as a container of std::shared_ptrs 4f9bc6d travis: well, it's gonna work, someday 81daf42 travis: not using sudo -i ffb037a rework dockerfiles; supported OSes: debian, ubuntu, alpine, fedora 259d9e3 use generic linux-deps.sh script d484dfe add libunwind and improve description a bit 3cf4d7f using --recursive clone 5a0a9b0 install pip3 instead of pip2 bc9aa18 add symlink sx_cli for smithproxy_cli a8414d6 add kali detection b9f44f8 add fedora support to linux-deps.sh + NOTES.md f0e4c89 work around some compiler issues with UxCom virtual destructor 6057df6 code beatification f9b79bb sudo II 5a10306 travis - enable sudo 0738f98 making it work in stupid /bin/sh e4597b3 remove too smart bash features to make all work on travis :( b10159a travis ... 86ca549 back to basics - travis f713231 upgrade pip once it's installed 81597b5 wrong variable ... ee3c8b8 /bin/sh is just fine (not all distros have bash by default) f0a7325 link or not to link, that's the question! fbbb531 add Alpine Linux support (edge) 78466fa reflect libconfig++ API change in versions >= 1.7.0 180de0e add select include to compile in alpine e9d7a7a some innocent formatting and const-ify 7b0000f some innocent formatting 5a0d580 boolean default value in config was string ... was failing on arm platform only 8-| 223ac8b reflect previous changes in CLI in config 88571b8 use all cores :) bfda61e typo in arch64 machine detection on debian a051ea2 make smithproxy run on arm I - work around libconfig issue e9fd1ca make smithproxy deps script install correctly python3 lxml on debian arm 555d082 make smithproxy link correctly on ARM platforms (add atomic library) c7033d3 include string into clihelp.hpp 9c96926 make dependency script work for debians e1876eb make dependency script to detect distro IIb 21323fc make dependency script to detect distro IIa cbbaf00 make dependency script to detect distro II 809a6de make dependency script to detect distro 1eb5f20 make dependency script ubuntu version aware d5f1424 improve a bit ubuntu20 dep script 930cf50 create build script (to be used in install, travis and docker scripts) f8034d7 changes in dir structure 2fed80e travis for amd64, arm64 for precise and xenial acc8201 add ubuntu 20.04 docker file 09a254d update dependencies script for ubuntu20.04 (spyne vs. python >= 3.7) ab0f086 update dependencies script for ubuntu20.04 03b428d add dependencies script for ubuntu20.04 0ec6478 add dependencies script for ubuntu20.04 f635ab5 use relative path for submodules which should make to work both ssh and https when cloning 5f44aae initial (not working) travis support 4ad6cbb minor fixes based on sonar d3d611e libsmcap - still for python2 ... stage1 with moving to p3 (wip) a5daab9 mempool - make some counters atomic and remove them from critical sections 3ac5287 get rid of (some) unused variables 5e669a2 avoid using global namespace: extensions to spoof by certstore e6246c6 refactor logging facility and get rid of global variables (use singleton with smart pointers) aca2dd6 fix various minor issues 8d7aeae ad project name to CMakeLists.txt cdd64d6 fix proxy com dependency tree on starttls fef712e enhance 'diag proxy session tls-info' with verify information, SNI, SCT and http Host: header check ff84e65 async cleanup (commented out example code in MitmProxy::handle_com_response_ssl - will be removed later) c5112c7 reflect new 60s average in meters 1a869df mitmproxy meters change - session meter is 10s average, total meter is 60s average a44438b code cleanups 7201974 introducing new CLI command 'diag proxy session tls-info' 1095054 add GNU/GPL v3 license 4a5ce04 forbid SHA1 issuer signatures 7d38981 forgotten type fix c404c81 splitting cmdserver.cpp - got a bit too big (to be continued...) 48f8608 code cleanups e5ffd23 logging on steroids now ab3e5f1 fix - don't pass non-trivial object to variadic template functions 3340718 code bautification 03b9e4b improve asynchronous OCSP state machine 53ebed0 wait only 3s, instead of 10s to let smithproxy start up in the container (could be set even lower in the future). a224ef6 big certificate verify overhaul 70fe58f AsyncOCSP inherits from sobject e5dc7cd fix variable type potential mismatch 67752cf untap on finish - patch fix b6d6e59 add convenience function translating state values to strings e2ebbc2 untap when finished 88c560a create simple WithID class providing incrementing object atomic ID 64b94e1 logging wording change 2d5e446 change some logging levels 8cfb245 rework resolve_identity logging 8541033 split tap() into two functions f7010b8 change half-open timeout to 5s (was 30s) 79412bc fix ioctl accepting int (not unsigned int) 2278d26 fix async dns update logic - wait for real answer, don't respond with null answer 47cac94 move Service class to its header and source files 664af25 move terminate_flag to Service class ce73ee2 some refactoring touches + making smithd start (smithd is not being used atm) 30e606e some code clean-ups 43bb3e0 remove legacy cfgtable global variable 51edbfb feature: smithproxy will generate fresh portal certificate on (re)start 6b9caa4 python code cleanups d3cc4d7 code cleanups 880502b fixes to compile flawlessly on armhf platform 7f7fe03 fix semaphore segv in racy environments 5d0ce5f fix armhf platform glibc behavior on fstat (segv with nullptr arg) e9afc39 fix dockerfile and compiler version symlinks d4d2269 well, this should have been a number anyway 2edb786 add total sessions statistics 5f3a8ef tiny code cleanups 6057dda add valgrind to debug docker image 43546f2 add support for high number threads to valgrind service 7516e35 fix - don't reset uptime on config reload + add total bytes transferred to CLI "show status" 7f73882 wip - CLI improvements III 2111ed1 wip - CLI improvements II c0d9d07 add new default certificates to make traffic work with newest Google Chrome a5e3acf python certificate generator scripts improvements 58e6564 wip - create set command argument validation 9dfbc39 wip - CLI improvements - add hook to check variable value a1ac5b8 wip - add signatures to CLI d54eec3 wip - CLI improvements - policy support cdb0c28 wip - CLI improvements/code generalization III aa82df3 wip - CLI improvements/code generalization II ce0120a wip - CLI improvements/code generalization d738c4c wip - CLI improvements/code generalization 1b3d38f wip - generalize callback setup functions II (not working, don't use). e619ac7 cli refactors and rearrangements - VII. 866e727 wip - cli refactors and rearrangements VI. 9dabdb7 wip - cli refactors and rearrangements V. e99b13d wip - cli refactors and rearrangements IV. 2c9d8fb wip - cli refactors and rearrangements III. d4fbca9 wip - cli refactors and rearrangements II. e6f0d13 wip - cli refactors and rearrangements 5afb54a wip - generalize callback setup functions I. 515606a cli code cleanups 1752f10 cli improvements (and cli related fixups) a8be642 add array as a compound value directly editable by 'set' (finished) f1f5019 wip - add array as a compound value directly editable by 'set' - I a669467 config file - fix overusing of lists in favor to arrays a90bbc6 docker: run smithproxy in isolated container (ie. when traffic is not to be tested) 06a9860 small to-const refactor b188b3b fixes ocsp sigabort, epoll fd leak 58b80cb use cache for debug-localsrc if possible (argument for docker build are accepted as parameter) 830d2b3 fix AppHostCX::to_string 47d0e10 use argparse module a41d0a7 change argparse module - original one was not really working well c3ac444 make own value variables in AppHostCX::to_string - for better debugging e05d73c increase initial read buffer, truncating longer UDP packets! c725d12 make debug build optimized d71f8ef fix typo in mktemp b908713 add and improve some docker utility scripts a62568d add script redirecting non-root host-originated traffic to smithproxy redirect ports 34e34db Merge branch 'master' of ssh://github.com/astibal/smithproxy 2024502 wip - debian dockerfiles 90c471d add some more mode docker support (wip) 5c778ab typo in docker CMD 8b61d2b Merge pull request #10 from astibal/redirworkers af8f046 receiver redirect map - prefill it with nameservers c3064ac set default udp/redirect listen port to 51053 - to suggest it's DNS-only 6795835 wip - ThreadedReceiver - if REDIRECTed, use google dns (to be changed) 743ea47 prepare redirect workers for udp 785fc5c make redirect n output work for tcp/ssl 8c467d4 adding infrastructure to recognize proxyy type (tproxy, redirect, socks, etc) 37c3ff5 verbosier error d6bf614 small update in VerifyStatus a2d68c3 fix: cache also failed ocsp attempts, which were erroneously reported with REVOKED status 372eb06 startup script interface auto-detection 993dd05 shared_ptr in subprofiles 17a7c46 more rules to apparmor profile c787178 shared pointers for address object db 742e581 Merge pull request #9 from astibal/apparmor b5555ad apparmor profile - works in enforce mode with default installation ee0482f wip - use shared pointers in policy code IV 284fabb wip - use shared pointers in policy code II 9f02b06 wip - use shared pointers in policy code II 85ee2af wip - use shared pointers in policy code 6024ba4 refactor signatures as std::vector of shared pointers II c805acc refactor signatures as std::vector of shared pointers 36b9db6 search for string start to match apply_setting 1ab74a3 better error log if OCSP fails to connect b479598 new docker image tags cfe3b14 ubuntu 18.04, ubuntu 19.10 and debian 10 build-system dockers 36e2f91 wip - smithproxy 0.9 new build system V 32512d9 wip - smithproxy 0.9 new build system IV 6f12a3f wip - smithproxy 0.9 new build system III 0b1aa28 wip - new 0.9 build system II fa89058 wip - dockerfile fixes + new 0.9 build system 9e37146 dockerfile fixes e941780 build scripts for all versions are now maintained in master branch only 77935d4 add back dockerfiles for 0.8 5ddc028 move infra to src/ 622959a man page rewamp I b55019e docker files structure changes for 0.9 and later 650fc55 fix smithproxy_version.h generator file paths b5ff188 Merge pull request #8 from astibal/move2src 6d7d79d wip moving files V - fix/remove testing async OCSP code 68d4da2 wip moving files IV - fix unwanted daemon->service changes in string literals c175adc wip moving files III 73b6a11 wip moving files II 31daf79 wip moving files into src/ directory and cleaning a bit source structure 6da47ca refactor/generalize ocsp_result cache into verify result cache 62c8606 implement, improve and fix asynchronous OCSP querier 748fe74 cli - allow to set all debug variables at once in 'debug set ...' command a8a66c6 remove lock in place where it's not necessary 0bd4388 fix code consecutively locking 2 mutexes (without releasing) which leads to deadlock 602c33a fix crash when processing incomplete ClientHello a2d1fb0 async socket implementation b75bc4f async socket processing preparation f4442a9 wip - CLI config/save II 64d64ab wip - CLI config/save 2ec0a47 add SigFactory 080c048 fix signal handlers 4206cca refactor/generalize ocsp_result cache into verify result cache d979f83 cached OCSP verify responses now reflect TTL from response 7003275 refactor SSL certificate validation status names 0ef2512 add merge strategy to submodule update bae4d85 cli improvements: c68c185 Merge pull request #2 from astibal/submod 33eeb1d make socle a git submodule compatible 69a0461 add initial preparation for python scripting ### 0.9.0 bbe996c 0.9.1 version + dev flag d25a651 use socketpair instead of pipe (should be faster), experimental: use 4 threads per core (2 per cpu-thread) b4463c3 use LTO gcc optimizer (should produce a bit faster code) e21ed95 Create another exception, prepare catch block in MasterProxy 2b015de multiple coverity fixes 646e4fc lockable improvements 963e422 Update FUNDING.yml 30bafa3 Create FUNDING.yml d09502f Delete ccpp.yml 6c33853 Update ccpp.yml e95bdb7 Update ccpp.yml 0a4c72c Create ccpp.yml ### Unreleased Changes ## socle ### 0.9.32 272dac9 epoll - fix a busy loop when all sockets in the event array are being processed 0884341 epoll - fix incorrect logging of unhandled poller flag dbb480c fix an issue in logging 4fe9c13 epoll - allow all sockets be marked with all flags at once in single epoll_wait() loop 0b6cccb epoll - don't process sockets if there are any returned by epoll_wait 4f798ff fdqueue - if socket queue is empty, clear hint socket under queue lock 13aa23e fdqueue - add second from socketpair in stats_str() bcc336f signatures - rework matching mechanism 25b9844 rename variable for better readability e1282b5 fdqueue - add stats to string function e0e03da fdqueue - hint sockets robustness fix 38ba6b8 SSL_read - fix error_syscall handling 2f97c2f SSL_read - fix zero_return handling f9f283d better SSL_peek error handling f527dd2 build - fix clang complaints ### 0.9.30 3f57c40 socle version 0.9.32 90396d1 tcp - smaller improvements in connect() mechanism f68e62d add more Alpine/MUSL fixes 83e19dd don't include execinfo.h on Alpine/MUSL platforms fe0b7cd add timeops helper function a877276 tls - filter out only event log, not logging generally d579063 TLS - allow suppressing any TLS errors 1a6f22f TLS - add operational state in SSLCom for error handler ea22c3f tls - prevent logging if cert. validation fails due to reasons allowed by options a09ef23 socle: make connection open and idle timeout configurable 676558e socle epoll: fix out-of-bounds array access if more than max events occurred afe68ff signature match: reflect continous mode flow changes in signature match 9301446 gre raw socket: allow to bind to interface 4562035 string tags now allow also 3 more characters 870863f tags: reset token state with on a command char 14fc5cb add stringops to work with string tags 3b910ba adding days since epoch timestamp a75b49e enhance socle expiring_int with convenience functions 16ca264 add a specific baseCom so_ function for SO_KEEPALIVE e566e1a fix a warning of out-of-order initialization 61b4cbe if OCSP is totally disabled, skip whole status response callback processing 23df34c introduce client certificate support 89072d6 fix logging logic error if refusing TLS bypass e8f2aee add TLS options: don't allow other than custom cert + don't bypass on TLS parse problem bdf25ee log better when custom certificate fails to load 9d5f3f4 check boundaries for pre_write scan and report skipped bytes f859096 do better job on guarding proxies - worker proxies changes may have triggered data race and causing crash - proxies, before erasing from list, must join io spray thread - fix try block which would skip in_progress flag reset f48feac hexdump - place prefix correctly 8355b06 narrow down sub-proxy spraying rules 048b06a change default worker size from 2->5 to enable spraying 3f51789 little const-fu 0e06dd7 ptrcache - move/emplace shared pointer, instead of copy it b309ba0 fix buffer overrun - stop on X509_digest error - uninitialized variable with above error will overrun the bugger c33acbb fix FLTO to run in parallel 2b40f1a add a possibility to load fullchain.pem for custom certificates 21f2628 log SNI in quotes if hostname check fails 3cc5496 IP and TCP checksums are now on NOT calculated by default 268e9bf don't malloc in l4hdr_cksum, use `alloca` 2e779e4 socle - avoid expensive dynamic_cast in baseHostCX child tree 282c40a make blocking `send` to non-blocking with recovery attempts 091dee4 apphostcx: move flow to the heap 1705f2d add little logging level condition macro - QoL 52ace53 use portal certificate for API service (instead of default server cert) f91c3c6 don't access event details without a lock! bd410a7 make mitm and custom certificates separate caches 83a2a29 fix uninitialized certificate chain array 7e0170a make cert chain nicer as an array 46ec2ed file convenience type 73da539 rework again custom certificates - now having ability to custom set cert chain 8b32468 don't run init_server() more than needed fd70ed0 raw::var add some convenience stuff 5ba4cdf rework certificate cache + support custom contexts d81a043 certificate must be loaded first by SSLCom::init_server() 6bdc945 fix previously broken UDP receiver in 73c02ec 73c02ec fix datagram - don't allocate negative sizes d6ef96d unify proxy logging category 87c681c make standard functions from virtuals - virtuals not needed, sparing cycles! 0853345 buffer - simplify dealloc code, add assign(std::string_view) e5d3116 remove ugly locked_ code, use standard lock_guards ac096bf add another custom certificate mechanism - target IP address ef92f8f add infrastructure to perform SNI based certificate cache check 4e35822 don't fast-track server certificate - wait for the one from server (peer cx) 6ab4ed1 logger type-fu, cleanup 3a108bb baseproxy will unbind peers on shutdown, but destroys cx on destruction 286d323 don't call on_new_socket() when accept not successful 0146e9f don't shutdown when not appropriate 2f2a872 allow peer() to reset peering if nullptr is supplied 1d05aec set sub-proxies dead if master is dead 06a4139 enable KTLS for kernel-assisted crypto in OpenSSL 3.x caa40db introduce CA single-file bundle support 2a13bd0 add UB ASAN build support 67ace74 fix UB in threaded proxy parents 62becb2 add dynamic_cast cache into raw:: namespace eecf4c5 make clang happier with ASAN enabled f3d10c6 add clang support e4fb421 fix clang reported warnings (errors with -Werror) da8f1dc C++20 requirements 758c1ef const fu - older openssl doesn't accept const* c2e722a loglevel - make level and topic atomic uints cabc5e4 fdq workerpipe - fix asan reported data race 0825dd3 don't allow memPool::tryhard_available to over allocate aa2dc90 fix smaller issue in mempool stats ad74457 epoll fixes - asan reported problems a01929f revamp mempool code 50423eb Add 'Coverity' cmake build type ddce50a improve SSLFactory code 0048a1b proxymaker - use smart pointers 6af24d6 code improvements and modernization 58b0aa3 few fixes in vars, add unique::release() 8a3986d AddressInfo now has convenient constructors 5b5febd buffer - add templated convenience set_at a5329c9 SockInfo - decouple src and dst structures f848dd2 add utility introspecting `as_v4` and `as_v6` functions family into SocketInfo d3d5f58 buffer - add utility copy_from(index) 07a6935 evolve and modernize lockable class d2676c3 SSLCom::read() - fix misleading debug logging message 6a6d991 to_read returns now lockbuffer now ed0c96c baseproxy - when processing socket I/O, erase socket from real socket-set 8b63c66 socle should not return google nameservers as default values ba02cc3 configurable option to compiler to unroll short loops e9361ba remove unsupported 'z' printing formatter d639394 refactor baseProxy::run_poll 8064bbb extend poll timeout even further 4f1fdef cosmetic changes b371af5 remove smaller logging, formatting and conversion issues 42cb28a prevent ugly bugs in the future and lay strict rules on templated buffer::append() 39676e9 expiring_ptr has virtual function, therefore we should add also virtual d-tor ed88174 small, quick error reporting fix - log (only) non-zero certificate verify results 3754990 set -Werror and -Wno-unused-variable 16b3036 small fixes in read/write limiting II 88c15bf fix read_limit() minor bugs 5bcfa51 cosmetic changes (typos, debug messages and formatting) 19127e0 apply socle changes afc9a60 socket poller waits longer unless rescan sockets are enqueued 095532e socket scheduler -> worker improvements db18027 mempool std classes variants - add mp::multiset 95f9440 fd queue scheduler smaller refactor 25471b5 make read limiting more value-safe (making it std::size_t optional) 314b7fc rearrangements around host::read 6089be0 some safe values and types b76037f smaller type corrections cbc24e6 supposedly innocent conversion fixes 8a4344a improvements in numeric system c3c6553 some more numops II -heavy wip 0ac50c5 some more numops -heavy wip b301a90 add again some number safety features - warning: heavy wip 9af7815 add few improvements to convert and tests 58d0f15 fix forgotten comparison 57d4a18 improve convert.hpp 6c0fa65 let's convert numbers better and safer 8283db9 SSLFactory updates f91e088 cleanup - remove old, commented-out code a6ebac3 few code tidy-ups 950d44f const-fu b9e2454 logan tweaks 259b147 remove dynamic cast and add event log when client certificate is requested b9c99cc remove redundant code after previous changes 051b962 on ClientHello parse, change SNI also on the other party afeeb39 rename/refactor SNI access functions b7f05d7 add better reporting and handling of SSL_ERROR_SYSCALL 960c40c refactor SSLCom old code into slightly better a353cc6 add alpn to sslcom::to_string da7b03a logging redux c7c8f27 fix UDP bind->connect data race b2fc9e5 make socketinfo more usable (refactor out socket ops) fda425c remove commented-out code 1f02126 remove deprecated calls if OpenSSL 3.x.x is used 6535897 add a small convenience string_escape feature (escape spaces) b0cf7f6 refactor SSLCom::cert_detail() to virtual SSLCom::ssl_error_details() 03a552b implement logging event details data db5ad0f modernize SSLFactory class 26792b5 replace guards with scope locks fe76984 adapt socle changes in TYPENAME_ macros dca63d4 loggermac - TYPENAME_ macro tidying - remove static member variable and return class-name string directly from function 9edd61d baseProxy code cleanup - remove unused connect() blocking parameter f80093b baseProxy code cleanup II - remove unused sleep code 7ddd31f baseProxy code cleanup I a23e6c0 remove old FIXME comments, prevent lgtm to complain 6c1d6a9 flow - implement validity status, don't append more than max bytes 8ebe116 flow refactor 1 67fa8e1 fix dtor walking incorrect iterator - three years old memory corruption on flowmatch dtor - this is hotfix, vector should contain smart pointers e4a0f2d add more events (OCSP) ef68319 event for certificate issues f5b67a7 introduce log events ring buffer e62fe73 helper functions in SSLCom code in separate namespace socle::com::ssl 97568cf make detect bytes size smaller, 2k is just fine to trigger a sig or engine d501408 set devel flag d703120 detect OpenSSL >= 3.0.0 ### 0.9.29 feccaf8 version bump 47f11f9 code cleanups aee0b1d fix an overlooked typo in function name e716dbc hostcx - code cleanups + socle sync c236385 hostcx - fix name(int, bool) potential thread lock ae734ef hostcx - don't call process_in() and process_out() on already seen bytes ae71bad set dev flag efdbaef introduce AppHostCX MODE_CONTINUOUS 70a067d smaller socle changes 66397b5 buffer::view const-fu ### 0.9.28 30d6eb4 bump version 2699937 fix peek_all 06f74ef pre_read: attempt to peek all data if reached buffer limit a45f27f smaller changes c4ca822 rename flow member element from flow_ to data_ - original name was confusing when called with flow().flow() from user classes 7704786 code cleanup 2e1336d buffer: add release() function 43ea396 several logan fixes 8e5546a don't allocate memory if mempool is not used 0477002 threaded worker - use smart pointers be35e6b cmakelists - enable asan based on cmake variable 3eddfcf threads - remove on_run_round b503d2f threads - remove on_run_round b2846bc logging level tweaks 0151f5d signatures - use 'flow' and 'flow.match' log label b4526ae buffer add convenience view(n) creating view from n-th byte to the end of the buffer 9912ba2 revert some refactoring relicts 870f470 don't add too many exchanges even thy didn't reached max byte limit 5070b51 add crlf when hex_dump debug info 4e6e9e9 replace hex_dump with its C++ variant 75f08a6 allow hex_print to print fake data position offset 7072725 add side_t mapping to angle brackets cabbe45 add logan_lite context filtering feature 8e16c32 small log level change fc88ef1 mega logan cleanup 73ba3b3 scope exit helpers e4ba0a9 tweaks in UDP for IPv6 b080828 socle - optimize buffer handling: after certain volume move whole buffers 34726db hostcx: don't return view, return ref to buffer instead 56832ed code clean-ups 7f4e325 fix TCP connection vs state race 3b6a71e some mistakes have been made - fix socket to key conversion e805f57 UDPCom tender loving care e8a65ae Revert "refactor bootstrapping code to use smart pointers" 77282f9 refactor bootstrapping code to use smart pointers 44c1d5c add a new development option to workaround mempool allocation c501a8b epoller improvements f829d72 minor code cleanups dcbfd7f ptr_cache refactor 27e6a33 even more shmtable cleanups 6fecb8d code cleanup in shmtable 85c8e1b signature flow data now uses unique_ptr f5f7441 nicer function name 83a4f65 refactor tunables and add mechanism to better handle in-progress connect b6e3a21 unique_ptr instead of raw pointer 47ba0e3 fix - remove orphaned UDP sockets from baseProxy::run_poll() aa58a02 acceptors: catch more generic socle error exceptions 925e548 create_session_key: enforce positive/negative bit based on parameter 71f6085 rename mempool_bad_alloc to mempool_error 50aff63 toggle mempool exceptions support via MEMPOOL_NOEXCEPT define c4e8b04 fix few coverity issues dab6f5f prevent udp data race and protect also in_virt_set lock 08e7a85 epoll - don't create handler if it's nullptr 41a70a9 mark in_progress from calling thread 21a9097 convert logan singleton raw pointer to smart pointer da03236 logan improvements 00874f6 masterproxy improvements dc9d64d shutdown: join all child workers c430461 make fetch_add call directly from variable 58b1c30 MasterProxy: sub-proxy spraying is now persistent 9237a3e MasterProxy: introduce sub-proxy thread spraying 7db3200 baseProxy: make `handle_socket_once` re-entrant dfae11c add custom RAII scope variable guard ca56486 baseHostCX: make define constants static tunables 5fe407e for compatibility reasons remove arguments for nodiscard 5459402 cosmetic improvement of proxy to_string 1c292c7 set nodiscard message on flag_set, which is not writing to the argument, but result is returned by value 5e680c8 make DatagramCom database created on demand on heap, not in global static storage dc95abc ipv6 headers with IPV6_ORIGDSTADDR & Co are actually available already 899aa84 set dev flag f7020e0 remove last uses of NULL 85aa112 actually we cannot get around reinterpret_cast a9bf061 smaller tidy-ups 202a676 make hex_print more relaxed about arguments using templates 3a092c3 add temporary buffer helpers which allocate from mempool ### 0.9.27 b0ef94c bump stable version due to ipv6+udp hotfix 11737ce fix IPv6 UDP reverse connection binding problem preventing connection actually happen 4a3bcec set dev flag ### 0.9.26 5a39cb5 socle: make release 0.9.27 239b7d6 pcaplog: fix IPv6 file captures f5dcec0 fix IPv6 transparency 01fedf3 pcapapi: write() - don't modify singleton ip hook to self 86b304d pcapapi: make IP packet hook a std::weak_ptr 54eb850 pcapapi: change ip hook API and use classic interface-like approach e3174cd add support for "remote" capture only 743d11b add missing license headers d268ea7 add gre exporter facility to set tunnel TTL ae39800 pcaplog: add GreExporter functor struct compatible with pcaplog ip hook API b2c6e4e pcaplog: change packet hook API to contain besides packet itslf also packet details/metadata 751b5ef pcaplog: implement packet hook mechanism c67a3b0 rearrange writer code to be nicer aefb4f1 pcapapi test improvement - make tun interface up 3cbc7c5 improve tainted::var 72eaed4 pcapapi: make default ttl sane (32 for inner/bare IP, 1 for GRE tunnels) f1b3073 add test for sending IPv6-in-IPv4/GRE into raw socket e753852 refactor packet builder code 40c5530 fix awkward direction in test packet builder 1672be4 add dev flag 86f7678 test also gre tunnel src/dst 815ab77 pcap encapsulation into GRE tunnel can set now src/dst addresses 3e5ea7a add convenience un/pack() functions 8b9ff53 add pcapng API ability to write packets inside GRE ### 0.9.24 423a248 make a new release 57e9eca add more mempool tests 8720a58 remove unused struct member 17fcb88 use std::move, use const ref 7360cb7 const ref - fu a3515e1 add convenience RAII 'allocated' wrapper with deleter calling free for malloc legacy allocated elements 6913dbe don't copy logans 13a8f9c bump and mark dev ### 0.9.23 6b719a2 bump version dd27236 udpcom: fix heap use after free 801bf53 set dev flag 69decc7 improve UDP receiver - don't call on_left_new() under DatagramCom::lock 72686ac improve semaphore init 8b7f7f2 fix diag message crash - format string mistake e2b1ddf support wildcard SNI bypass notation 21c6341 add SNI bypass FQDN address object 5ee3cbc pcapapi - improve buffer handling 29f902e fix 2 crashes in debug mode ### 0.9.21 ea08f20 remove dev flag dc9b371 bump version 1630094 fix logfile permissions to 600 f781860 fix pcaplog related crashes on exit ae3876d fix new pcap file permissions 257707e save_XYZ_value II d0731bf add safe_val equivalent for ull format 1961888 expose com shortname() to public 4b79fc7 bump version 40b4778 fix pcap file rollover race ### 0.9.20 85a0d63 fix pcap file rollover race ### 0.9.18 c3c674a bump versions 3ee4ea3 pcap: close the file before rolling over 3396b00 make host and proxy label a bit nicer 9536a9a pcap: comment frames on connection close a761db2 pcap: split too large tcp segments into predefined max size 074ccf3 implement support for PCAP_SINGLE file automatic rollover 7994c82 allow pcap_single file rollover using CLI command a92dfe9 udpcom - check and report if connect failed fabea6f don't run so_ on negative sockets 7400fb9 make 'behind_read_warn' const value 3b19220 add convenience mkdir wrapper with logging 1147db8 stringformat - be polite and don't throw c1a0d13 don't iterate if only first is returned f281bf0 mempool don't copy chunk 20441f0 logan noexcept ctor (moving string only) e4c88e4 introduce simple tainted value filter 9eeecd7 don't use buffers from fast proxy buffers (mempool) d8986b8 fix L4 checksums + its test coverage 53a7a53 socketinfo - convenience to-inet conversions 52d58f1 stringformat.hpp - throw when realloc fails aaf9eea fix tcp sequence number calculation df0218c pcaplog - add support for proxy comments a64a951 pcaplog - don't write tcp handshake if the stream was recreated in the meantime 3cbf60d create a new file if the currently used has been deleted 4e9e25e bump versions 24b4a07 WIP - make pcap_single work too b6a4973 WIP - we can now write semi-correct separate PCAP files 2554574 threaded file writer - run only single worker-thread f0ddc90 socketinfo - add to-string convenience functions d4f31cb fix typo 47a66aa pre-allocate correct sizein save_NG* fbc7ddd add option to hex_dump to add CR before LF 94813f8 fix nullptr reference in pool writer d00624a WIP - pcapng files are now created, but content dump is not correct - TBA 6f9a853 traflog refactor next e1c654e refactor and rename traflog to SmcapLog 4e42923 add easy non-crypto non-critical only prng a9a1190 add missing include 6f01f08 don't waste resources on shared_ptr and use unique_ptr instead c511b22 protect poolwriter ofstream by mutex 97952f5 dramatically simplify and a bit improve threaded file writer 58dd642 first and shy raw::lax use bc24bfc file writer interface now must implement write for buffer too 1a901ab some buffer code cleanup 1bb5be6 add buffer ostream operator (it took so long) 1edf2b2 basetraflog must have virtual dtor dca8951 socle::raw RAII guards bc2eb89 traflog refactor 03db236 const-fu e36e67b add forgotten test coverage for pcapng 9fb4d46 add pcapng writer support (including comment options) 71911df test_pcapapi - use mempool 85ab124 host cx ctor buffer initialization tweak - don't copy, just adjust capacity 1a7125a buffer convenience + fixes 2df1fc4 add UDP and checksum support 0bc8fa4 pcap writer major refactoring + ipv6 support ab13960 sslcom: fix parsing rare ClientHello without extensions (allowed for < tls.1.3) 6316e5f WIP - add initial pcap writer d4f815a refactor traffic and file writers 961d068 make project compile with GCC 11 195aee9 udpcom::write_to_pool - fix return value type 98ba826 SSLCom alpn callback - load this from ssl external data storage 2daf052 rearrange logan_lite ctors 5ca84f7 pre-create lite logans in SSLCom 7401a59 epoll minor refactor 31146a2 minor sslcom refactor 1 8b682c8 refactor tcpcom::connect to fix rare fd leak and code readability 7b7f147 logger improvements e9c586d sslcom: fix and improve alpn callback c41dd9e refactor rename 'logger' to 'LogMux' and LogOutput to 'Log' 911591a don't call hr(), it can trigger recursion 17d822c make loglevel ctors noexcept c85433a mempool smaller tweaks d205fd8 fix tests: LogOutput::init is missing 55adda5 initialize timeval attributes and fix types in log_if_error 9e6e5c2 update Socle README/github frontpage with API changes info 224ae8a improve tests for new peering code ed680d4 adjust some logging levels dd9d548 remove -Og which broke my debug sessions 6ad6f9a fix escape function inefficient string handling d4dbff6 more type conversion and return type improvements (breaks API) 0435034 change IO virtual functions return type (breaks API) 3837645 peering testing more checks 9d9d27e move lock acquisition close to return 7006c1d add initial, thread safe peering infrastructure 84dd5a4 no peering.hpp yet b6108b6 handle better epoll_wait errored sockets 2932d93 fix some coverity issues ### 0.9.17 fd9a483 fix unclosed ifdef cde5129 bump version due to API change d6f7a4e socle API changes 0873182 smaller com improvements d9e81f0 use sockaddr_storage when ::accept() 459798e add string_error for custom code - don't use strerr which is not thread safe 558bbdf add some (compatible) optimizations into debug builds 1299211 add variable to control alpn block (filtering alpn out on/off); default is off 299a34f add ALPN support 03f59bd detect ALPN and prepare its support into SSLCom 62e607d add TLS parsing test suite 9cc2318 SSLCom: fix orphaned com (no owner CX) calling hr() triggering infinite recursion 48b4ec4 adjust poller timeout constants type to be compatible with std::chrono 3547027 code cleanups ### 0.9.13 9d578ce code cleanup, add socket ops convenience functions, add few comments and bump 9c5000e few typo-matic changes 7f16edc logger internal change + API change - now it initilizes with init() - call LogOutput::init() at start of main 85490b0 sanity check logoutput resource bf80776 report setsockopt errors in TCPCom::bind 80e3e74 close socket on error 32f2bef add more tests and more cleanups into inet namespace 39f3042 code cleanups in inet namespace ac938ee signatures - fix logic error in returning signature group d8d04a5 expose metering info as const reference 8f4457d detect starttls only on plaintext TCP (and save few CPU cycles) f86c9bc detect starttls only on first 10 client/server data exchanges b93d600 wip - signatures are now separated based on their group 47aa133 signature tree overhaul - phase 1 a5f4f1c speed up signature zipping into apphostcx a7845e4 allow apphostcx to iterate all enabled signature vectors 787e21c fix issues in SignatureTree b8c250b bump socle version 169f609 Add SignatureTree into apphostcx 84a00a7 add strong stack protector to Release builds 0cb8c18 rearrangements in baseProxy bottleneck-handling code d352126 few minor optimizations in baseProxy 30cf808 some baseProxy code cleanup cb2a0fa class logging name refactor - API change e549751 optimize-out some debug outputs using _if_deb d121b56 remove empty interface methods and their calls c8bc760 use unique_ptr for com_ in hostCX ef397b6 make code clearer when ClientHello cannot be parsed 3394d95 regex - actually check return value an spare some cycles if no match is found 005aa46 move global loglevels into their own namespace socle::log::level af90a63 remove few [[maybe_unused]] to follow previous patch guidelines fa45ff0 huge -Wextra and -Wpedantic readiness code cleanup 21c5947 code cleanup in timeops 8cff287 pass log level as a reference 85d4bc2 baseHostCX adds unhandle() to remove itself from pollers on shutdown c784af6 fix logger leak - should clean up target profiles in dtor 2d9b762 remove sigslot library (used only in smithdc) and use C++17 lambdas 0eb84f0 bump version due to API changes 08bcc35 optimize some crl and ocsp ops 02fa362 fix incorrect copy assignment operator 0d72b61 constexpr values in baseProxy 3b3996a remove default argument from virtual to_string(int=iINF) from all places 4ff5f91 proxy - avoid calling virtual shutdown() call in destructor 7e10a5f remove deprecated logging macros 62534d1 remove deprecated logging macros + code cleanup 197d7a0 use re-entrant posix localtime_r if available 06d231c logan improvements and cleanup 8165411 fix logan copy constructor 8f1b6e1 move socle::meters to baseProxy 1694c20 improve socle::meter metering d008097 use unsigned types in socle::meter 0ca6a62 remove UB - delete instead of free in ltventry 99fea19 comment-mark false positive memory leak for LGTM static code analyzer 07453ed fix traflog memory leak ### 0.9.12 d9f2492 bump to new release version 46bd8d4 memory sizing - introduce SX_MEMSIZE environmental control variable 2fc816c fix few coverity issues 32eb47c improve SSL_SESSION storing - fix leak on copying 45cb46f store sessionid into sslcom object c3777de ptr_cache new contructor with MODE spec 11f89a2 introduce sizing variables 0c40328 remove CACHE_SERVER flag 6e8ff28 don't include msg and info ssl callbacks in RELEASE builds 29ab5c7 fix also signedness of poll timers 25369a7 toggle development flag in socle 8904bce fix coverity issues 9e40404 Merge pull request #6 from astibal/cache_up 756cc17 cleanup unused code 3fa22f1 refactor ptr_cache DataBlock stored as a unique_ptr instead of value a40af5b fix unintentional raw formatting in print_cert() 8934abe fix DataBlock age(), ctor dtor cleanup b08d359 tiny tidy 0c3acb1 no, debug values should not go into prod 42c8917 use lru-mode ptr_cache as certificate store - seems to work ok! 8bba0e2 bit better LRU refresh method, but unfortunately with lot of changes e376af2 initial, counter-only lru implementation into ptr_cache 3d53328 ptr_cache - add erase test 44803b8 refactor socle ptr_cache + some coverage tests ### 0.9.11 977ee3b 0.9.12 release ff9c60b release candidate 2 5d85e5f new readme - remove outdated information, keep it simple dc38097 correctly propagate policy allow_* exceptions also for config without replacements 4efcddf correctly propagate policy allow_* exceptions also for config without replacements f6358a3 strings version upgrade (keeping 0.9.11 git tag until final release) 057b0d6 fix cpu spikes when right connection waits for left's ClientHello peek c4c31c3 avoid std::cout use in library code unless necessary 9fc067f reallocation on bailing from pool is potentially risky, allocate via ::malloc 122eac4 SSLFactory - pass pointers as values, store with smart deleter CertCacheEntry 2503d17 don't let handler_db grow - really remove entry on cleanup ed081d0 reserve some subproxy entries in masterproxy 195fbb9 use std::map instead unordered map bb37c2d mode post is deprecated, but detect properly at least if ever used 4e0c81c make static initialization properly 0aa6f98 add facility MEMPOOL_ALL to replace global new/delete to mempool 2bd7c81 fix crash on exit due introduced by previous fix eb869c0 IMPORTANT FIX: memory leak in sobjectdb d852ca5 use malloc_allocator for MEMPOOL_DEBUG map 1ea50fc for modes without MEMPOOL_ALL return to crash-less terminate f6d98b4 mperror.hpp was missing include guardians 6bb8f8f mpallocator.hpp - move include inside guardians 6fc8cba canary.hpp missing include guardians 473e673 add MEMPOOL_ALL experimental option a7d1555 move debug-level logging to BUILD_RELEASE only (this might be reverted) 305922b move templated version of string_printf to .hpp 3b27cf7 add new string_format_heap function to help troubleshoot mempool (and not use mempool_*) 03b09ec use std::tolower c40ad1b add some more CT logic 3e389f4 use BioMemory in CT debugs 07c996c add into socle easy interface to openssl mem-based BIO (class BioMemory) 942f251 add certificate transparency support for outbound connections ### 0.9.10 6352195 check truncating result bfd8942 bump version due to important fixes 50e2964 fix sigbus error due to empty mapped file ### 0.9.6 f617d91 bump versions after io2 merge 4f4bbe2 Merge pull request #5 from astibal/io2 64fb980 Merge branch 'master' into io2 334fb01 prev patch log and comments cleanup ebc47aa move generic worker initialization to (another) parent class 7081cba make proxyType::to_string const edad4ed delete default FdQueue ctor 07316fe small api readability improvement 5b801e3 don't call hint_socket() multiple times (it loads atomic) 90c9813 make epoll socket variable atomic (it can be modified from different threads) bcb03f9 fix some theoretical deadlocks (never reproduced, detected by sanitizers) 4d54ee4 protect masterproxy child proxies list with a mutex 366e299 add methods to threadedreceiver 669cdae refactor and adapt proxy_type enum class into regular type with to_string method 15aee54 fix: reorganize embryonic info in udpcom to prevent socket leak 948b524 fix socket leak when removing datagram entry from proxy 3287f27 fix socket leak on embryonic already existing session 22df387 smaller cleanups 39a9b35 add canary check, enabled if MEMPOOL_DEBUG is defined 45747da create canary class to better handle with canary checks 0ff757d reserve vector sizes to avoid many reallocations a7e18b7 use auto c833cd0 mempool version 2.0 1743447 udp - log when writing to pool without real socket (io2 branch relies on it). f6f4e61 fix udp race 5756aaa fix typo a0052b9 UDPCom::shutdown add extra check and remove virtual sockets from in_virt_set b033a86 fix memory pool resource leak in receiver (udp) worker thread c5eea31 cleanup b062486 don't copy self into self a935375 fix mempool mpdata::map() entry leak in mempool_realloc 2f97be0 logging level changes 626071d mempool improvements 6be99e4 fix memory pool exhaustion bug bf97102 fix memory pool exhaustion bug 77688a1 udp changes a14d18c baseProxy com() operations on virtual socket also applied on real socket if present d193ee6 definitely remove on_left_new_raw_old() from ThreadedReceiver b513c38 tidy 968e667 better logic to udpcom::in_readset 50ab7e7 innocent typos 6db483c make redirected udp work 74df0bc wip - don't use - don't idle out bind_sockets (they wait for incoming connections) 12ee1f1 wip - don't use - add idle check to baseProxy::run_timers() 7f5bbc8 udp - don't create right socket in SocketInfo 8b1773d make udp work 4cc0708 change exceptions to inherit from std::runtime_error 8fcabbc fix small typo 2067360 refactor sockaddr_storage helpers and merge them with packet_info into new SocketInfo struct 7f5217c wip - don't use - move embryonic state from datagram entry to udpcom.hpp 24549fd wip - don't use - removing some unused code and template args d4849c6 fix old on_left_new_raw version e478ec8 commit add_first_datagrams() declaration ... oops d02b1c3 baseProxy - print/peek content of hint socket if debug is on 3aec3c3 packetinfo.cpp - unblock socket on init c509e87 now, with individual worker hint sockets, we must read out hint if session/socket is already stolen (to not enter loop) 844696a wip (don't use) - whole a lot of changes to make work N:M acceptor:worker design 2516e86 baseProxy - add generic proxy exception c5e0f54 baseProxy - catch runtime exceptions and die 38b058d baseProxy - don't add hint socket back to inset 5aed29d wip (don't use) - likely contains data races - sync with socle - UDP doesn't work (to be rewritten totally) 2dc20ef wip (don't use) - likely contains data races - UDP doesn't work (to be rewritten totally) 441a3c5 wip (don't use) - likely contains data races - UDP doesn't work (to be rewritten totally) a51d54d smaller labels for ipv4, ipv6 and other protocols a30062f add convenience _cons and log_simple overload for stringstream e2181bd wip (don't use) - likely contains data races - sync with socle - UDP doesn't work (to be rewritten totally) 222ff2f wip (don't use) - likely contains data races - sync with socle - UDP doesn't work (to be rewritten totally) ce08938 wip (don't use) - likely contains data races - sync with socle - UDP doesn't work (to be rewritten totally) f2c7f06 wip (don't use) - likely contains data races - UDP doesn't work (being rewritten) 69d15be wip (don't use) - likely contains data races - mutex-protect bind_sockets against concurrent accept() calls 119ad28 wip (don't use) - likely contains data races - fix data race in protected_set in cost of copying sets via temporary objects 6f639db wip (don't use) - likely contains data races - fdqueue wrapper mix-in class FdQueueHandler 43ddf5a wip (don't use) - likely contains data races - shared socket queue c79760f some rearrangements in socle 285801a create custom mutex container b51fc66 baseProxy - adding listen() call, creating cx for already existing socket 3c0f9eb rename handle_cx_new to handle_sockets_accept - it better reflects reality 292d836 fix SNI bypass f0bef52 replace sref with shared_ptr to hold sni bypass filter 11d8fbf formatting only (spointer and sref will be deprecated) bb5a302 nullptr, not zero 94794e8 protect socket set with mutex 073c60f mempool - throw mempool_bad_alloc if buffers are depleted e777e9b remove virtual sockets without handler immediately ### 0.9.5 1a48aef fix serious issue in traffic dumper 943253d 0.9.6 - fixing various issues with capture saves and ipv6 b57a5e4 fixed IPv6 issue with redirected connections via OUTPUT ab52bfc fix strange capture file/dir permissions - allow read only owner and group ### 0.9.4 84a899d bump version to 0.9.5 070c6e0 allow memory allocation if bailing, cleanups need to allocate :/ d5a8150 add more sanitizers (commented out) a474e45 ! while it's convenient to troubleshoot by reading from stdout, it might have also unwanted results always comment out/remove all _cons() calls 7e14373 make UDP receivers packetized - each single session read won't be appended to buffer, but buffers are "chained" and sent separately. 80ddaa7 introduce io_read() and io_write() convenience wrapper methods b948d06 prepare virtual socket feedback for queue re-run ### 0.9.3 f4ac0a1 bump version due changes in config file variable and its default value ### 0.9.2 3e4f2dd bump versions to 0.9.3 42efed6 fix *many* data races 839be4f add commented-out lines for thread-sanitizer 1efbd2f cleanup SSLFactory code e08c0df improve mempool: dealloc on exit and add allocation origin (pool/heap) 756fa7a logan smaller code cleanups 7e04ae0 fix cmakelists: add debug flags properly and don't overwrite existing certificates on install 2845591 add 35k and 50k pages to mempool (remove "big" pool, which was no-op) be3b8fd optimize lock by moving it closer to critical section in memPool::acquire() 65417ee fix rare deadlock condition in mempool_free bda1ab9 add stats of created and deleted objects in total ad02533 make name_ inline static c05ff03 code cleanup and some logging minor touches 05a8ecf Merge remote-tracking branch 'origin/master' f47267e ptr_cache: lock before erasing iterator 1d56f1c ptr_cache - lock when erasing with iterator de3eb6f ptr_cache: override erase to take iterator as an argument 2a162f1 small rearrangements ### 0.9.1 644a060 bump version acf6a98 clean-up in certstore a3bb1e2 ... 6b75086 work around some compiler issues with UxCom virtual destructor 4a6853e uxcom doesnt have to virtual inherit e691867 code beautification e6be429 mempool - make some counters atomic and remove them from critical sections 1487974 refactor logger_level to loglevel 40c2d93 get rid of (some) unused variables 51e93e8 move old OpensSSL 1.0.0 threading setup code to CompatThreading class (making it untested) cf97ed3 epoll - replace ftime with std::chrono features 105575b avoid using global namespace: extensions to spoof by certstore 7030db5 avoid using global namespace: crc32 73417a4 refactor logging facility and get rid of global variables (use singleton with smart pointers) d624b10 fix micro-seconds in logs 4edd6b4 ad project name to CMakeLists.txt c54c7b6 exploit the new possibility to enforce socket read with set_enforce(fd) a2e094d fix smaller issue in meter - don't count incomplete score in curr_counter 7b3701d baseHostCX - when changing com() object, always delete previous one f85e680 add a mechanism to reliably reiterate read() operation on socket 2ae727c add verify origin into SSLCom for better diagnostics 9922e65 remove mutexes b538281 improve meters with scoreboard e9b20b9 code cleanups eaa4549 code cleanups 169857f fix non-trivial object use in variadic args a10c0fc remove formatter lock (not needed anymore) ba45fa9 add SSL* getter ... a12f169 add LGPL v3 license file 42f0b2c forbid SHA1 issuer signatures 5e9726b code cleanups 00c8dfc remove forgotten logging defs 1288d95 logging on steroids now 5ad9bbb avoid __ (reserved) 370fc7c avoid __ (reserved) 93781ed don't use uninitialized variables e33dd55 fix - don't pass non-trivial object to variadic template functions 35c5493 code bautification :) 8f1ff68 improve asynchronous OCSP state machine 82e27a2 big certificate verify overhaul 2cf644f monitor write when socket_state is OPENING 238bb59 big strings - move, don't copy 13db527 add convenience functions returning string representation of status values 17590e4 non-blocking connect should not hard-fail 802e649 fix logging 18d4b18 fix - check if ocsp response is null 4825684 cast uint to int b01eed8 error if peercom doesn't exist 5c66e85 fix string formatting - missing .c_str() 4e7c73b epoll - remove semicolons, remove returning const-iness 4ef7b30 change some logging levels in baseproxy d570200 add flag testing functions 75b1663 log reference could be const 750e9b9 code cleanups 992c254 fixes to compile flawlessly on armhf platform d0589c1 fix semaphore segv in racy environments 06b6a84 remove unnecessary legacy include 2619e48 fix signed integer casting and sizes on different platforms I 2cb4e7d fix armhf platform glibc behavior on fstat (segv with nullptr arg) dc89f90 tiny code cleanups 5efffe9 convenience "total" counter to metering class c26f7f7 fix tolower 0527404 small to-const refactor 627089f fixes ocsp sigabort, epoll fd leak 4a16d2a Merge branch 'master' of ssh://github.com/astibal/socle 4cde00c fix AppHostCX::to_string 4fa5d1c make own value variables in AppHostCX::to_string - for better debugging ab6feeb increase initial read buffer, truncating longer UDP packets! 39c1328 make debug build optimized 0add166 fix to major extent problem with UDP clashed sessions 0dac6b6 Merge pull request #4 from astibal/redirworkers c8bf312 correct message debug level 60c75e7 make redirect map as a singleton 207b00b wip - ThreadedReceiver - if REDIRECTed, use google dns (to be changed) db8eb31 trivial code cleanup fb9ffa4 make redirect n output work for tcp/ssl ca64507 adding infrastructure to recognize proxyy type (tproxy, redirect, socks, etc) 082399d Merge branch 'master' of ssh://github.com/astibal/socle bedcab3 threadedProxyWorker interface class 994859a don't use threading yield - unnecesarry scheduling? 8764fba trivial local change in ocsp error message 9bfc706 verbosier error cc57372 small update in VerifyStatus 9192467 fix: cache also failed ocsp attempts, which were erroneously reported with REVOKED status 207bc98 Merge pull request #3 from astibal/sharedsig 26afdc8 refactor signatures as std::vector of shared pointers II 44a8192 refactor signatures as std::vector of shared pointers 297b01b better error log if OCSP fails to connect 26e791d verifycert - struct .revoked attribute should be int, not bool 7f13643 implement, improve and fix asynchronous OCSP querier 873a970 further improve SSL performace and reliability a19cad9 fix TLS handshake bottleneck! 1af73c0 cleanup baseCom derivates from redundant socket variables 8a335e1 fix crash when processing incomplete ClientHello 6faea54 async socket processing preparation ee0e30a refactor/generalize ocsp_result cache into verify result cache 6912251 cached OCSP verify responses now reflect TTL from response cf89eae refactor SSL certificate validation status names 0cbab43 make socle a git submodule compatible ### Unreleased Changes ## libcli ### Unreleased Changes ## lmhpp ### Unreleased Changes