«•» GeoSharing Worlds No.1 Satellite Forum «•»

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • Dear Old Forum Members Please Register Your Account Again.And Please Use Your Old Username.We Lost All Our Old Data.frownfrown
    Thanks 
    <<Register Now>>

multics-r82-hellboy-V31

-=EYEDREAM=-

Administrator
Staff member
Administrator
Moderator
Registered
Joined
Dec 18, 2018
Messages
32
Reaction score
13
Points
8
Code:
## Changelog
## r82-hellboy-V32

## r82-hellboy-V31
- [ENH] Compute the worst profiles in three cases: worst profile in cache, worst profile in cacheex and worst profile in servers 
- [FIX] Fixed SMS Message from cache page, will not refresh the content till you focused in textbox (beware: if you focus out and you wrote a big text it will be deleted so stay focused till you send the message). 
- [ENH] Show link to whatismyipaddress.com in failban page for source addresses in case there's no ip2country file configured in multics.
- [SEC] Don't send referrer to whatismyipaddress.com when clicking on links to that site (security)
- [SEC] Don't send referrer to when clicking on link to mutics.club site in index page (security)
- [FIX] Solve BUS ERROR message on arm-dream binary 

## r82-hellboy-V30
- [FIX] Solved BIG memory leak in web interface (upgrade recommended)
- [FIX] Show correct CACHE TIMEOUT of each profile in the show config page
- [ENH] Add country flags to source ip address on failban page. Source ip address is now clickable and you can go to https://whatismyipaddress.com directly to get more information on that IP

- [ENH] Add button to close all open alerts
- [ENH] Generate alerts for more situations related to bad authentication of users when it's available for the specific cs protocol:
   * Good username but bad password
   * Multiple connections, with indication of the following cases:
                + Multiple connections in more that 60 seconds (Already connected)
                + Multiple connections in less that 60 seconds (Just connected)
                + Multiple connections from different IP
  * This information was already in the logs of multics. We are only adding it to alerts so people that never look logs can take care of it.

- [ENH] New feature to add cccam and mgcamd users from web interface. To enable it modify the INCLUDE of the file that will hold the new users like the following:
  // File that will hold the users
  INCLUDE: "/var/etc/users.cfg", USERFILE

  New users will be added at the end of the defined USERFILE.
  Only one USERFILE definition can be used.
  Once enabled the web interface will show a new form in the CCCAM and MGCAMD pages to allow adding new users.
  Only username and password, no more is included in the web interface. If you need to add other things to the users you use the normal editor.

- [ENH] Allow disable/enable cacheex clients and servers from cacheex page on web interface
- [ENH] Include HTTPALLOWEDIP and HTTPALLOWEDHOST parameters in configuration to restrict http web interface access to specific sources.
   * All sources not included here will not have access to http web interface.
   * If none of this new parameters HTTPALLOWEDIP and HTTPALLOWEDHOST is defined source access control will be disabled.
   * HTTPALLOWEDIP will hold a comma separated list of IP addresses or IP ranges like in these examples:
        HTTPALLOWEDIP: 127.127.127.127, 127.0.0.1-127.0.0.255
        HTTPALLOWEDIP: 0.0.0.0-255.255.255.255  ### This would be equivalent to disabling access control
   * HTTPALLOWEDHOST will hold a comma separated list of hostnames. Your server SHOULD be able to DNS resolve those hostnames.
   * There's a proccess inside multics that tries resolve those hostnames at certain intervals, but it's not running continuosly. So when multics starts allow sometime (at least one minute) for this process to execute and when the DNS is updated (dynamic DNS) allow also at least one minute too plus the DNS propagation time that is out of multics control.
   * Example of HTTPALLOWEDHOST:
        HTTPALLOWEDHOST: yourwork.no-ip.org, yourhouse.no-ip.org
   * Note that there's no single (') or double (") quotes for hostnames and for IP address. You'll get an error if you use them.
   * Note that spaces are not allowed inside IP ranges.

- [ENH] Include NOIPFAILBAN and NOHOSTFAILBAN parameters in configuration to allow specifiying sources that won't be included in failban.
   * If none of this new parameters NOIPFAILBAN and NOHOSTFAILBAN there will be no exceptions for failban.
   * 127.0.0.1 ip address will be added if not included in the configuration.
   * Syntax is equivalent to HTTPALLOWEDIP and HTTPALLOWEDHOST.


## r82-hellboy-V29
- [FIX] Solve possible crash condition when updating SID statistics
- [FIX] Make autorefresh work in profile page
- [ENH] Add options "SHARE CCCAM", "SHARE MGCAMD" and "SHARE NEWCAMD" to profile page
- [FIX] Remove option TIMEPERECM as it's not well implemented and can cause problems
- [ENH] Implement connection timeout to remote servers, instead of relying on linux timeouts. This will reduce configuration changes reload times that have to wait until current connections are established or timed-out (linux connect timeouts are typically arround 3 minutes, in multics we have reduced to 5 seconds).
- [ENH] Add logging for reread configuration in loglevels INFO and DEBUG for troubleshooting purpose
- [ENH] Allow changing runtime loglevel from webinterface (debug page). Things to consider:
    * You will be able to change the loglevel at runtime from web interface, but the change will not persist between restarts.
    * Also, once you change loglevel from web interface it will not be altered if you modify the configuration file. The change from web interface takes precedence over the change from config file, until you restart multics.
    * It affects all logging, not only the logs currently shown in webinterface. So if you change loglevel to LOGTRACE and have file logging in /var/tmp consider you are changing the loglevel of all multics, not just the loglevel of what is shown in the webinterface (your log file will grow!!!!)

- [ENH] Implement alert module that will show a alert list in the web interface.
Alert conditions:
- String with alert message
- Simple checksum of the string (to be able to increment the alert count and not to duplicate the alert)
- Initial time and date the alert raised
- Last time the alert raised
- Alert count
- Alert status (open/closed): the admin can close alerts

Things that could trigger alert:
- Authentication failed to any cs protocol (ccam, newcamd, mgcamd, etc) in local server with indication if the access triggered failban also
- Cache access not authorized (not in my cache peers)
- Authentication failed to http web interface

Things to consider:
- This is a simple list of alerts triggered from the core logic of multics, not complex rules to generate alerts
- There will be no correlation of alerts with this design that is a simple string with alert message.
- Alerts will not persist between multics restarts


## r82-hellboy-V28
- [ENH] Add filter by MGCAMD, CAMD35 or CS378X in servers page
- [ENH] Redesign of cacheex page, including more statistics, instant hits, profiles hits, link to detailed informations of each peer... Tested with cacheex modes 2 and 3 (no tested with mode 1)
- [FIX] Solve buffer overflow in webinterface /config logic when showing a VERY LONG line
- [ENH] Add uniform data about cccam, mgcamd and newcamd clients in detail page (i.e.: mgcamd wasn't showing different IP logins but cccam was showing it...)
- [FIX] Show ECM LENGTH in hexadecimal in config page
- [FIX] Make autorefresh work in cachepeer and server pages
- [FIX] ECM filtering was not checking the same conditions for mgcamd, camd35 and cs378x as it was checking for newcamd and cccam. Make uniform checks for all protocols (ecm length, caid, provid, accepted sid, etc). Remove viacess ECM checking because it was discarding legit ECMs.
- [ENH] Generate statistics about the SIDs that are getting DCW on each cs profile and show them in the detail page of each profile. This requires CPU time so by default is not enabled. To enable it add "GENERATERUNTIMESIDS: yes" in config file
- [ENH] Improve bar diagram of profile page to better read it
- [ENH] Show hit times for each profile in tooltip table of peer on cache page
- [ENH] Show hit times for each profile in tooltip table of peer on cacheex page
- [ENH] Show hit times for each profile in cache peer page. Show instant hits of each profile.
- [ENH] Show last CAID:PROVID received from cacheex peer that was flagged "bad" (99% of times it's because you're getting cw for a CAID:PROVID not in your config)
- [ENH] Log all received cacheex messages flagged as "bad" in DEBUG loglevel
- [ENH] Multics exchanges cache with other multics and with oscam (csp protocol) without ONID. ONID is not needed in profiles now. Remove the following config options:
* ACCEPT NULL ONID
* ONID
Also for cache peers it's no effect if you add "1" or not after the port. So: "CACHE PEER: 127.0.0.1 8888 1" will do the same as "CACHE PEER: 127.0.0.1 8888"

## r82-hellboy-V27
- [ENH] Apply patch from oscam special for videoguard CAIDs to filter out bad CW. Can be disabled with DISABLEGERMANPATCH=yes in config file.
- [ENH] Intelligent cache exchange funcionallity to try to stop bad cw in cache for caids 098c and 09c4. Cache peers with Hellboy version 27 onwards will exchange information on the CAIDS they have excluded from CW crc checking with option DISABLECRCCWS_ONLY_FOR.
DISABLECRCCWS_ONLY_FOR: 0500, 098c, 09c4

It's a nonsense to exchange cache for 098c, 09c4 and 0500 with peers that don't have disabled CRC CWS for those CAIDs.

From HB 27 onwards peers will only send and accept received cache for CAIDs in the list of DISABLECRCCWS_ONLY_FOR from peers that have also put those CAIDs in the list.

Examples:
1- I have HB 27 with recommended setting of "DISABLECRCCWS_ONLY_FOR: 0500, 098c, 09c4" and I exchange with a peer that has HB 27 (o later) with the recommended "DISABLECRCCWS_ONLY_FOR: 0500, 098c, 09c4".  --> All three CAIDs will be included in cache exchange with this peer. The rest of CAIDs are not affected.
2- I have HB 27 with recommended setting of "DISABLECRCCWS_ONLY_FOR: 0500, 098c, 09c4" and I exchange with a peer that has HB 27 (o later) with the setting "DISABLECRCCWS_ONLY_FOR: 098c".  --> From those three CAIDs only 098c will be excanged.  The rest of CAIDs are not affected.
3- I have HB 27 with recommended setting of "DISABLECRCCWS_ONLY_FOR: 0500, 098c, 09c4" and I exchange with a peer that doesn't have HB 27 (or later). You won't exchange cache for CAIDs 0500, 098c and 09c4 with that peer because it's nonsense.

If people start moving to HB 27 (or later) with recommended setting of "DISABLECRCCWS_ONLY_FOR: 0500, 098c, 09c4" we hope that the cache will start progresivly to become more filtered of crap cw and that will benefit all.

- [ENH] If no DISABLECRCCWS_ONLY_FOR setting present in config file include 0500, 098c and 09c4 as default.

- [ENH] Extend 'shares' option functionality to define not only the cache sent to other peers but also the cache accepted from other peers. Before this version the 'shares' option especified the CAID:PROVID that the cache would send to other peer. In this version it also controls the cache that we receive from the peer. Keep in mind that incoming cache doesn't have a PROVID (only CAID in the cache protocol) so for incoming cache if you add for example 0100:004106 you will receive all the cache for CAID 0100 in all providers because of that protocol limitation. It will also happen with CAID 0500 that has lots of providers. The cache sent to other peers doesn't have this limitation if it's cache generated inside your server, because in this case the provider is known.

- [ENH] New feature to show the current config that multics is using. It constructs a configuration with the right syntax from the values that are in memory. This can help:
  ++ To identify errors in configuration
  ++ To identify configuration parameters that are not used (they won't be shown)
  ++ To send the real configuration to other people for troubleshooting, without meaningless parameters and in a common order.
This new feature is shown in the editor page. There's an option also to donwload the configuration as a text file.

- [FIX] Give DCW failed to the client when there are no servers available to decode certain CAID instead of waiting DCW TIMEOUT
- [FIX] Mipsel binary was giving bus error
- [FIX] When oscam/csp tried to connect to an autoadd&autoenable cache it was disabled. If autoadd&autoenable is configured any peer should connect, including oscam/csp peers
- [ENH] Send telegram message notifying cache SMS received


## r82-hellboy-V26
- [ENH] Introduce a functionality to disable CRC control word checking for certain CAIDS that currently are not including any known cyclic redundancy checking capacity. To disable it just add to your configuration:
DISABLECRCCWS_ONLY_FOR: 0500, 098c, 09c4

That will disable CRC checking of control words for CAIDS 0500, 098c and 09c4

Thanks to dogcs and saintomer1866 for testing!!

- [ENH] Add action to failban page to allow removing all the rules from one point with single click
- [FIX] Allow the following syntax for SID LIST:
    SID LIST:
    SID LIST!:
    SID LIST=
    SID LIST!=
  (without an space after the word LIST only the first case was working correctly)

## r82-hellboy-V25
- [FIX] Fixing the size of FAILBAN command we execute for IPTABLES and fix for 127.0.0.1 exclusion.
- [ENH] Optimized logging (less CPU usage)
- [FIX] Make autorefresh work again
- [ENH] Telegram send and iptables management will run in separate thread, so that the core of multics don't have to wait until these jobs finish
- [ENH] Show free memory in MB in webinterface. Show also total memory and cached memory if it's available
- [ENH] Global failban can be activated both with "FAILBAN: ON" or with "FAILBAN ENABLE: ON", so old config files (using syntax "FAILBAN: ON") will not need to be changed
- [FIX] Apply changes to failban configuration in the configuration files without the need to restart multics
- [FIX] Encode messages sent to telegram to allow special characters like '=', '&' and '+' that sometimes are present in profile names (failban messages to telegram where sometimes cut)


## r82-hellboy-V24
- [FIX] Excluded 127.0.0.1 from FAILBAN on ClusterCache, sometimes CSP Cache push was Banned.
- [ENH] Added posibility to FAILBAN for CCcam, MgCamd, Newcamd, ClusteCache, cs378x, Camd35 or as till yet for all together.
- [ENH] Only start TELNET thread when TELNET is enabled
- [ENH] Assign names to all threads started by multics to allow better troubleshooting
- [ENH] Read initial config from main proccess instead of reading it from the config thread (eliminates the need for sleep)
- [ENH] Added option -t to command line. With this option you can test your configuration files without fully starting multics. Before reporting any problem you should check you have no errors in your configuration files!!!

- [INTERNAL] Added /config URI to webinterface to allow changing delay connect and delay threads timers for my testing (don't publish this message!!)

## r82-hellboy-V23
- [FIX] Lower profiles will get cache hits now on servers with many profiles. Anyway be advised that the more profiles you add to multics the more processing power it takes on any multics version. No need to have America and Asia profiles if you live in Europe mate :)
- [ENH] Get full CACHE configuration including active peers to a text file by downloading from http://HOST:PORT/cache?action=config
- [ENH] Improve error messages when reading config files. Most messages will now show line and column of the config file where the error is detected. Suggestion: launch multics with -f -v and see output if it shows any errors/warnings in your config.
- [FIX] Added omitted CCcam Server versions "2.1.4", "2.2.0", "2.2.1".
- [FIX] Fixed if non valid version of CCcam Server was set, (caused segfault). Now it will set default to 2.0.11.

## r82-hellboy-V22
- [ENH] Include list of iptables rules on webinterface, with the ability to remove any rule. To be used FAILBAN need to be enabled.
- [ENH] DNS thread improvement (code optimization)

## r82-hellboy-V21
- [ENH] Show full options of cache peer in cache peer detail page on webinterface (fwd, csp, nominhits, etc)
- [ENH] Allow access to cache peer detail page on active CSP peers (protocol=0)
- [FIX] Remove FREECCCAM server from multics (no payservers please!)
- [ENH] Reenable cache peer disabled for MINHITS after nominhits=1 is added in config file for that peer
- [ENH] Reenable cache peer disabled for MINREPLIES after nominreplies=1 is added in config file for that peer
- [FIX] Revert ACCEPT NULL CAID and ACCEPT NULL PROVIDER.
- [ENH] Show value of CACHEEX VALIDECMTIME for profiles in webinterface
- [FIX] Race condition made multics crash sometimes when removing a server from config
- [FIX] Race condition when disabling a cache peer for lowhits or lowreps made sometimes look the peer as alive in webinterface
- [CLN] Remove unused option autoadd from cache peer (not from cache, but from cache peer!!)

## r82-hellboy-V20
- [CLN] Removed some more unused parts from code.
- [ENH] Show indication that cache peer has been disabled for lowhits or lowreps in webinterface. Colors and text will change. Sorry for the colors I'm not good with that, but that's what you have
- [ENH] Ignore newcamd extended messages in newcamd ports
- [ENH] Send keepalive caching to newcamd/mgcamd servers as r81
- [FIX] FAILBAN fix if unable to use IPTABLES, more clear and added info to IPTABLES about intruders.
- [ENH] Eliminate restriction of multiple peers from same IP if auto-add is enabled. It was implemented to protect multics from multiple shit peers connecting, but now with CACHE MINHITS and CACHE MINREPLIES we have a more granular method of auto-selecting our cache peers.
- [ENH] Added option to disable cache peer if doesn't supply a minimum number of hits per hour. Hits are computed by adding Cache Hits to Instant Hits. Hits are checked every 6 hours (and remember that replies are checked every 1 hour if you enable also CACHE MINREPLIES). By default it's disabled.

Examples:
CACHE MINHITS: 0 # No effect. It will disable the check.
CACHE MINHITS: 1 # At least 1 hit per hour. So after 6 hours (when the task run for the first time) each peer should have at least 6 hits (adding Cache Hits and Instant Hits), after 12 hours (when the task runs for the second time) each peer should have at least 12 hits...
CACHE MINHITS: 10 # At least 10 hits per hour

The calculation is done considering the multics runtime, not the peer connection time which is not carried.

Once a peer is autodisabled for MINHITS or MINREPLIES cannot be reenabled (until you restart multics).

Peers not connecting to multics will be disabled by the task.

You can add an exception to certain peers with the parameter nominhits, for instance:

CACHE PEER: hostname port { nominhits=1 } # exclude this cache peer from disable

Also, if you don't like the way it's implemented you can simply continue working with multics without enabling this feature and use external scripts made by yourself if you're competent to build them. This can be implemented in many ways and for sure you would have done it better, but you haven't done it so just say thanks because somebody did something you didn't do :-)

## r82-hellboy-V19
- [ENH] Enable or Disable FAILBAN from config.
- [ENH] Send TELEGRAM message on ban with username and ip and protocol.
- [ENH] Show cache threshold setting in cache page
- [FIX] Fixed some bugs in cache
- [ENH] Added option to disable cache peer if doesn't supply a minimum number of replies per hour.

To enable and adjust to 1000 replies per hour you have to add:
CACHE MINREPLIES: 1000

Every hour multics will check that the replies sent by each cache peer divided between the number of hours uptime of the server exceeds or equals the value setting of CACHE MINREPLIES. If it doesn't the cache peer will be disabled.

You can add an exception to certain peers with the parameter nominreplies, for instance:

CACHE PEER: hostname port { nominreplies=1 } # exclude this cache peer from disable


## r82-hellboy-V18
- [ENH] Fail logins to ban. All cache , cccam , mgcamd , newcs users with invalid credentials will be banned automatically.

## r82-hellboy-V17
- [ENH] Identify Hellboy version of the cccam servers you connect to.

## r82-hellboy-V16
- [ENH] Identify Hellboy version of the newcamd and mgcamd servers you connect to.
- [CLN] Some more Code cleanup.

## r82-hellboy-V15
- [ENH] Enable sending cache from multics to oscam (cspsendcache option)

## r82-hellboy-V14
- [ENH] Added to identify HB version in cache section
- [CLN] Removed ACCEPT NULL CAID and ACCEPT NULL PROVIDER
- [FIX] Disallow to create profiles without CAID and PROVIDERS parameter (before: without these params was able to create profiles with auto 0 as value)

## r82-hellboy-V13
- [CLN] Code cleanup.

## r82-hellboy-V12
- [ENH] Send telegram message on failed login attempt to multics web
- [ENH] Added exception for tunneled Nagra 1884,1861

## r82-hellboy-V11
- [ENH] Implemented restart command in telnet server
- [ENH] This version will identify itself as "Multics-HB r82" in the cache section of your peers. This way you can know which of your peers are using "Hellboy" :)
- [ENH] Added exception for tunneled Nagra 1862

## r82-hellboy-V10
- [ENH] Now multics can send you a Telegram message when started or restarted
- [FIX] Solve buffer overflow in logging function
- [FIX] Control null pointer in newcamd server causing segfault
- [FIX] Control null pointer in mgcamd server causing segfault
- [FIX] Added to exceptions tuneled Nagra card (1817, 1818)

## r82-Bust3D-V9
- [NEW] Added Stealth Mode for CCcam Server: Behaviour like the original CCcam.

## r82-Bust3D-V8
- [FIX] Stylesheet file check funktion fixed now works.

## r82-Bust3D-V7
- [FIX] Added to exception tuneled Nagra card 1819

## r82-Bust3D-V6
- [NEW] Added possibility to choose CCCam up to version 2.3.2 (2.0.11, 2.1.1,2.1.2, 2.1.3, 2.2.1, 2.3.0, 2.3.1, 2.3.2).
- [FIX] Small bugfixes to able to compile other architectures.

## r82-Bust3D-V5
- [FIX] Added to exception tuneled Nagra card 1814
- [FIX] Error for profiles added to log not only to stdout.
- [FIX] Error log for no config on default location or invalid config file added to log not only to stdout.

## r82-Bust3D-V4
- [FIX] If FILE STYLESHEET in multics.cfg point to non existing file then use default style.
- [FIX] PROFILE validation was broken from begining because of my mistake, but now working and tested with all possible combinations and also for tuneled Nagra cards.

## r82-Bust3D-V3
- [FIX] Added to PROFILE validation logic tuneled Nagra Cards ( 1811,1863,1883,1863,1813 )

## r82-Bust3D-V2
- [FIX] Added to PROFILE validation Bulcrypt caid

## r82-Bust3D-V1
- [FIX] Show error if config file not found instead of segfault.
- [NEW] Implemented PROFILES verification on start and show error if caid and provid combinations are invalid.

## Git version
- [NEW] SSL implementation for HTTP Server
- [ENH] Handle CSAT/TNTSAT nano e0 ECM. There's a new option in profiles called SKIPCWC (similar to oscam "disablecrccws"). Add the following to the affected profiles to activate (only to the affected profiles or it will cause problems!):
ENABLE SKIPCWC: 1
- [FIX] When adding cache peer to running multics it connects to it without need to restart.
- [FIX] ECM sent to cs378x servers where counted twice so hit percentage was showing half the real statistic in servers.
- [ENH] Allow enable/disable camd35 clients. Allow debug camd35 clients.
- [ENH] Create /camd35client URI and update links from /camd35 URI to allow access detailed camd35 client information.
- [ENH] Allow enable/disable cs378x clients. Allow debug cs378x clients.
- [ENH] Create /cs378xclient URI and update links from /cs378x URI to allow access detailed cs378x client information.
- [FIX] Add cccam build number 3367 that is the corresponding to 2.3.0
 

Attachments

Top