- Messages
- 17,767
Cardservproxy 0.9.0 release
0.9.0 - 2010-08-15 (see README.0.9.0.txt for conceptual changes and tips)
- Fixed: The included ConaxConnector plugin in 0.8.13 was an older version.
- Fixed: Extra http auth login was required for accessing plugin webs (bug introduced in 0.8.13).
- Fixed: Probing of connectors with unknown status wasn't done when cache hits occured.
- Fixed: No longer possible to create multiple profiles where both ca-id and network-id are the same.
- Fixed: Anonymized (non-au) newcamd card-data can no longer end up with user id 1 (this confused some clients).
- Fixed: Disabling a profile now automatically disables any connectors that explicitly references it.
- Fixed: Enigma services file parsing now uses comma separated filter strings, to allow names with spaces.
- Fixed: No longer possible to set the same user as au-user for multiple cards within the same profile.
- Fixed: Initial web startup is now delayed until after there is a usermanager available.
- Fixed: CCcam.channelinfo parsing errors (some of them).
- Fixed: Potentially serious and long standing ClusteredCache bug that caused sporadic io errors when sync-period > 0.
- Changed: Now possible to configure max-cache-wait both as a fixed time value (as before) and as a percentage of
the max-cw-wait for the request. I.e if set to the string "50%", requests for a profile with 9000 ms max-cw-wait would
end up with a max-cache-wait of 4500 ms, while requests for another profile with 650 ms would get 325 ms.
- Changed: Adding manual can-decode/cannot-decode services to a connector will now also update any previously
automapped data to prevent conflicting/overlapping information (so no need to clear maps after manual changes).
- Changed: Network-id is now used in enigma services file parsing only when no provider string filter is set.
- Changed: All time fields in the config can now be specified in minutes/secs/millisecs by adding a suffix (m, s, ms).
If no suffix is added, the old default for the field will be assumed (so configs/docs remain compatible).
- Changed: Added and updated defaults in the generated proxy.xml template to make more sense with the current version.
- Changed: ClusteredCache sync-period is now used even in receive-only mode (without peers). This can allow you to
significantly increase cache hits at the expense of ecm transaction time. ClusteredCache is now used by default.
- Added: Services parser for dvbviewer exports (ini files). The filter string is matched against the "Root" key if set.
- Added: Services parser for neutrino services.xml.
- Added: Timed ecm blacklist per connector, to avoid forwarding the same ecm several times to a connector that can't
handle it (mainly when there is no sid to go by in the request). Entries will be kept for 3*max-cw-wait.
- Added: Slightly better awareness of satellite concepts like provider-idents and other ca-system-specific artefacts.
This includes extending the service mapper with an additional custom-id/cid (besides sid) for systems like irdeto.
For some systems this will include provider-ident as a factor in the mapping (with require-provider-match for profile).
- Changed: Max-connections changed to a per-profile value, to handle the satellite scenario of the same user connecting
to multiple profiles. I.e now max-connections 1 means the user is allowed 1 connection in every profile they have.
NOTE: This means if you change the value or add ports to a profile, you may have to kick users before it takes effect.
- Added: New connector type 'csp-connector' specifically for chaining multiple proxies together. Requires that the
ONID (network-id) and ca-id is set properly for all profiles in all involved proxies. This type allows multiple
profiles to be shared over a single connection, and prevents loops (forwarding the same ecm back and forth between
proxies that have each other as connectors).
The protocol is documented in the source and connections are initiated using the httpd (so ssl can/should be used).
See proxy-reference.html for more info.
- Added: New connector type 'chameleon-connector' for connecting to newcs as mgcamd and accessing multiple cards in one
newcamd session. Only properly identified traffic can be sent to this connector type (known caid + provider ident).
Only remote cards that map into locally defined profiles (matching caid/provider ident) will be used.
- Added: Support for mgcamd/newcs newcamd-extensions in incoming connections (via a single extended-port for all
profiles), using multiple systems over a single newcamd session. For this to work all combinations of caid and
provider ident must map to a profile with network-id set. Ambiguous traffic will be denied.
- Added: Redundant forwarding. The service mappers can now be configured to select two of the least loaded connectors
instead of just one (if two or more candidate connectors exist for a request). If enabled, this can up to double the
load on the cards, but assuming enough capacity exists it will mean always having a backup ready in case the primary
connector choice failed/timed out for any reason. Should improve reliability in single-node proxy setups.
- Added: Plugin dependency resolver. This makes it easy to build plugins that make use of existing 3rd party libraries,
by fetching jars automatically on first load. See README.Plugins.txt for more info and DreamboxPlugin for examples.
- Added: getProperties() method in the plugin interface, for returning arbitrary usage information shown in the output
of the proxy-plugins status command.
- Added: When using only asynchronous connectors, it is now possible for a client session to get a cache hit even after
a forward to card was initiated. This can result in transactions with both F and C/R flags.
- Added: Last-seen data now also contains entries for failed login/connect attempts, available through a new status
command 'login-failures' (available to all users, but non-admins can only see attempts made with their user name).
- Added: New interface ReplyFilter that plugins can use to intercept and alter/block DCW's as they're returned from
connectors, before they're processed by the proxy (possibly find and delete bad CW's). See README.Plugins.txt.
A DcwFilterPlugin that illustrates this and blocks some common bad responses is included.
- Added: Fixes for running under jamvm on embedded systems (including the broken auto-generating of the config template).
- Added: New status commands for troubleshooting: 'export-services', 'system-properties', 'system-threads', 'file-log'
and 'proxy-plugins'.
- Added: Option to configure the date-format used by the default logger (allows easier fail2ban monitoring).
- Added: Arbitrary ****-data/remote info can now be returned by connectors (for display/troubleshooting/statistics).
- Added: Multiple client ids (oscam, scam, rq-sssp etc).
- Added: More example plugins included (and updated versions of the rest).
- Added: JVM version check. The proxy will refuse to start with anything but a sun jvm. If you're absolutely sure, this
can be overridden by adding the following to the java cmd line: -Dcom.bowman.cardserv.allowanyjvm=true
- Changes to proxy.xml:
Added: Element <csp-connect> to <status-web> (to receive csp-connections, enabled by default).
Added: Element <csp-connector> to <connectors> (to define csp-connectors). See proxy-reference.html.
Added: Element <chameleon-connector> to <connectors> (connector to a newcs/chameleon setup as mgcamd). Same as a
newcamd-connector, except it is not bound to a profile, always asynchronous and ignoring the client-id setting.
Added: Element <extended-newcamd> to <profiles> (unbound port for extended newcamd protocol, as used between mgcamd
and newcs). Allows mgcamd to use multiple systems (all profiles the user has access to) over a single connection.
Added: Element <log-dateformat> to <logging> (optional java SimpleDateFormat string to use for the standard logs).
Added: Attribute 'provider-idents' to <profile> (optional, allows listing of provider-idents, even with no connectors).
Added: Attribute 'require-provider-match' to <profile> (true/false, default: true). Set to false if you know that for
this profile, provider idents in ecm requests do not need to match those on the cards (this is the case for irdeto).
NOTE: If require-provider-match is false, provider-idents will get 000000 added automatically. Conversely, if only
ident 000000 is specified for a profile, require-provider-match defaults to false instead of true when omitted.
Added: Attribute 'provider-idents' to <newcamd-connector>, (optional, overrides the idents from the server/card).
Added: Attribute 'exclusive' to <can-decode-services> (true/false, default: false). Set to true for a list to indicate
that there should be no probing done for the connector, only those services listed are to be considered decodable.
Added: Attribute 'profile' to <can-decode-services> and <cannot-decode-services>. Only applicable for connector types
csp-connector and chameleon-connector, where multiple lists can be used to specify services for several profiles.
that there should be no probing done for the connector, only those services listed are to be considered decodable.
Changed: Attribute 'provider' for <service-file> changed to 'filter' to avoid confusion. If provider-idents have been
specified correctly for the profile, there is no longer any need to repeat that list in the case of cccam parsing.
Changed: All elements that allowed hex sid lists to be specified (per connector or profile) now accept an alternate
syntax sid:cid (where cid is custom id, used for situations like the irdeto chid where sid alone is not enough).
NOTE: <allow-services> is an exception, checks against that list are made with sid only.
Changed: Element <unknown-sid> removed from <mapper>, replaced with <dummy-services> that may contain multiple sids.
Use this to list any fake sids used by limited clients that can't know the real one, to avoid interference with maps.
Added: Element <redundant-forwarding> to <mapper> (true/false, default: false). Can be set globally or per profile,
as with other mapping settings. Transactions that trigger redundant forwarding will get the new flag '2'.
Added: Attribute 'include-file-events' to <warning-threshold> (true/false, default: true). Setting this to false
disables the 'file-log' http query (no file log events will be intercepted for display on the web).
- Changes to the http/xml api: (always use /xmlHandler?command=status-commands or ctrl-commands to see syntax).
Added: New status command 'export-services', dumps the internal state of the service maps (admin only). Add the param
format=hex for an alternate format matching the sid lists used in the config.
Added: New status command 'system-properties', shows the JVM system properties (superuser only).
Added: New status command 'system-threads', dumps all JVM threads as strings (superuser only).
Added: New status command 'login-failures', shows a list of failed login attempts per user or ip (for most interfaces).
Added: New status command 'proxy-plugins' for listing all loaded plugins and any associated info they publish.
Added: New status command 'file-log', returns recently intercepted file loggings with level WARNING or SEVERE.
Added: New ctrl command 'gen-keystore', auto creates a java keystore for using the status web with SSL.
Added: New ctrl command 'disable-connector', temporarily disables a specified connector.
Added: New ctrl command 'set-profile-debug', temporarily changes debug flags (set to false for ALL to delete ecm logs).
Added: New ctrl command 'set-user-debug', temporarily changes debug for a user (enabling log-ecm, log-emm, log-zap).
Added: New ctrl command 'remove-failed', removes entries matching specified wildcard mask from login-failures.
Added: New ctrl command 'clear-file-log', removes intercepted file log entries from the web-backend.
Added: Attribute 'time' to <jvm> (proxy-status output). Local system time as a rfc822 date.
Added: Attribute 'cdata' to <service> (most output containing services). Custom data for service mapping (chid/ident).
Added: Element <remote-info> to <connector> (cws-connectors output). List of <cws-param> elements with name/value
attributes, containing arbitrary information about the connector.
Added: Attributes 'network-id', 'ca-id', 'provider-ident' and 'origin-id' to <ecm> (transaction logs). These are only
included when the transaction occured in the '*' profile, and origin-id only for CspSession transactions.
Added: Attribute 'au' to <session> for NewcamdSessions. Indicates which connector the session is forwarding emms to.
Added: Attribute 'build' to <proxy-status>. The build number for the running cardservproxy.jar.