Release: mmtcpfwd v0.1.0 stable Date : May 29, 2001 By : Matthew Mondor * First official non-development stable release - As unreleased v0.7e was intensively used on several production systems for quite a while now, I decided to release the first official stable version. * Changes since v0.7e - none * Changes since v0.7d - Better logging if any kind of error happen (eg: out of memory anytime) - Fixed a bug which under some circumstances caused a daemon for a service to die Release: mmtcpfwd v0.7d Date : March 10, 2001 By : Matthew Mondor * Bug fixes - Fix a bug which would cause the RootServer process to die, when undenying an IP address. This bug also was introduced in various 0.7b optimizations. Note that the last official stable version was 6.0. This did not affect the service per say, but prevented the DENY system to work properly. * Security enhancements - Will now refuse to start except from the superuser. The RootServer requires root, as well as switching to nobody/nogroup. mmtcpfwd could not bind privileged ports (<1024) if it was not started as root also. Moreover, you would not want a user to be able to use mmtcpfwd to redirect say, a high port on your system to another system, to build a free public transparent proxy... - More sanity checking made to IP addresses communicated to the RootServer process through the internal pipe. * Other - Added more logging around error conditions that may arise while the service runs. - The RootServer code and undeny handler were rewritten. Release: mmtcpfwd v0.7c Date : Febuary 22, 2001 By : Matthew Mondor * Bug fixes - Fixed a lame bug which would cause a socket to never be closed if connection could not be established with the service to forward to. It took a while before it could be discovered since we usually forward to existing services. This was introduced as part of 0.7b optimizations. * Other - Modified README a bit - I will now provide md5 hash on the official site (http://mmondor.rubiks.net) Release: mmtcpfwd v0.7b Date : Febuary 16, 2001 By : Matthew Mondor * Bug fixes - Fixed a bug which sometimes occured when many passive operations were performed sequencially real quick. The blocking of PASV, LPSV and EPSV commands sent to the control port while the transfer was ongoing could cause a two minutes lock to occur. A better approach is used now which prevents those commands from being immediately sent to the control port, but they are queued and sent as soon as the passive transfer ends. * Optimizations - Optimitized tight loops as much as possible as well as the time mutexes were locked. Linked list functions and search routines were also modified to take less CPU cycles. * Security enhancements - The rootserver process now closes the config file handle which was still open after it's fork() - Rewrote the random code to be even more unpredictable for inetd * Other - Documentation was retouched to be cleaner - Changelog file order was reversed so that newer versions changes are documented first. Release: mmtcpfwd v0.7 Date : Febuary 6, 2001 By : Matthew Mondor * Code cleanup - Code was read entirely and fixed to be more efficient and more secure at several locations. Some optimizations were also performed. Also now compiles without any warnings with -Wall. * New features - IPs to not be DENYed even when exceeding allowed connections can now be specified in the configuration file. Connection limits are still respected however for those. The only IP which used to automatically be spared was 127.0.0.1. I could have implemented it to use wildcards or netmasks, but this would be at some performance cost. We usually want some protection from most IPs even within the LAN under heavy DOSsing, especially as the LAN bandwidth is usually very fast. There are however no limits as to how many IP addresses may be spared. - There now is an optional time lenght that can be set for how long an IP address is to be DENYed. The undeny command and time lenght in minutes are specified in the configuration file. Release: mmtcpfwd v0.6 Date : Febuary 1, 2001 By : Matthew Mondor * New features - mmidentd is now imbedded into mmtcpfwd. There were many security improvements in mmtcpfwd since mmidentd was written, and I seen no point in having to maintain two packages using almost the same code. It permits mmidentd to follow all latest mmtcpfwd security improvements. - Implemented ftp passive connections forwarding. Supports PASV, LPSV and EPSV. Makes sure to bind the ports it listens to to the address it belongs to, and implements a timeout to not listen indefinitely if the user/client never connects to it, as well as sanity checking to ensure that only the actual client connect to passive ports. Does not have the race condition vulnerability that most ftp passive proxies have, and does the less things possible as root. It also masquerades the addresses of the LAN box to the internet IP address of the gateway despite the FTP RFC. Also added masquerading of the STAT bsd-ftpd, ginseng-ftpd command. which usually can be used manually to find out the internal LAN IP of the ftpd immediately after issuing a passive request using telnet with most ftp proxying software. * Security enhancements - Noticed that mmtcpfwd could slow the system using tcpflood.c from localhost against it extensively, this is now fixed * Bug fixes - Lines only containing spaces in the configuration file would prevent it from properly be loaded under some circumstances. Fixed. * Other - Rewrote documentation (README) to detail all possibilities Release: mmtcpfwd v0.5 Date : January 11, 2001 By : Matthew Mondor * Minor bugfixes - Fixed the transparent proxying kernel support which was broken. The special bind() call that has to be used for it has to be executed as root, and the forwarders are non-root. Fixed it using seteuid() and setegid() calls instead of the former setuid(). If transproxy is enabled for a particular port, it quickly regains root privileges to bind() then drops to the non-root user again, in a safely manner. - Fixed a small possible bug in the readconfline() function used to read the configuration file. This was not noticeable but security inspections made me add another conditional. - When a large number of clients were exceeding their amount of connections at the same time, from the same IP it could happen that the DENY rule be sent several times (tcpflood.c especially). This is now fixed, a DENY rule will never get set more than once for a single IP. - A host to forward to used to be resolved once only, which did not permit to use hostnames which can report several IPs, and was unsuitable for dynamic hosts. This is now fixed. Using an IP address will be real quick and will not require hostname resolving, otherwise the hostname will be resolved each time, but in the client thread's to not slow the main loop. - The logged open/closed connection IDs used to only be unique to one port. Those are now 48-bit, using the port it listens to as the first 16-bits. * Security enhancements - Added proper error checking around the functions to drop root privileges, to properly log the error entry - Connection limits sanity checking code was rewritten around a better design. There is not only a list per port forwarder with one node entry per IP, but also a list of connected clients for every IP node, which permits more control and thus better security. This way I can control the whole multithreading architecture. When an IP address is to be denied, the children forwarding the connections will properly exit, connections closed and IP node entry freed, before the DENY command be applied. This ensures a much cleaner system despite many attacks. Now greatly resists to tcpflood.c * New features - The command to DENY an IP address is now provided in the configuration file. This permits much better portability between 2.2 and 2.4 systems and more flexibility for the user - The message line sent to the client before DENYing an IP when connecting on a fake service is now in the configuration file as well - Now truely supports kernel transparent proxying support properly without being root - If set to resolve hostnames of IPs connecting to us, we only do so once for any active IPnode, so if we have 10 connections from the same IP at the same time the hostname is only resolved once, thus accelerating things Release: mmtcpfwd v0.4b Date : December 10, 2000 By : Matthew Mondor * Security enhancement - Noticed that the non-root port forwarders still had some file descriptors open from the parent process, resulting from fork() duplication, childs now immediately close them before starting their normal operations. - This also allows to leave more free file descriptors for the system and normal forwarding activities. - This fix resulted more from paranoia than from actual risks, if the remote user was somehow able to buffer overflow with some code to use the descriptors it could have become a security risk. My fd functions are very safe against that however, and not running as root also secures things alot. - mmidentd, a fake MASQ-compatible ident server I wrote also has all those security enhancements, as it is made to run on firewalls. * Created a standard Makefile - Allows easyer compilation, using CFLAGS env var - Now can link with shared libraries, making the executable much smaller - Also permits to make clean and make uninstall Release: mmtcpfwd v0.3b (second devel release) Date : November 8, 2000 By : Matthew Mondor * Added better logging features: - Connection ID for every connection, permitting to match open/close events, and keeping better stats - Logs how many seconds a connection lasted and how much bytes were transfered in both directions - Reports the reason/status when a connection is closed * Added transproxy (kernel transparent proxying) support - When kernel been compiled for it, in a MASQ/NAT environment, this permits the internal box providing the service to see the clients IPs instead of the IP of firewall box running mmtcpfwd - Requires a new column to be added in the config file for real services to be forwarded (see example mmtcpfwd.conf, and README file) First public release was compiled on October 23, 2000, and was devel v0.2b, written my Matthew Mondor