ts-warp

CHANGELOG

• 2024.09.07 ts-warp-1.5.6, gui-warp-1.0.25 (gui-warp-v1.0.32-mac), ns-warp-1.0.7
  • GUI-Warp.app: Better handling of starter, starter.c updated to v1.3
  • GUI-Warp.app: starter.c updated to v1.2
  • inifile.c: proxy_server variable parsing. Thanks [email protected] for the bug-hunting and testing
  • GUI-Warp.app: starter.c to handle environment variables
  • minmiconf: Updated to version 1.1.1.0
  • configure: Added lost paths check for macOS SDK directories
  • GUI-Warp.app: Added an internal launcher - starter.c
  • ts-warp.sh: Enable PF-firewall in ts-warp.sh start; Minor fixes for PF on macOS in GUI-Warp on stop
  • pidlist.c: ACT shows destination IP-address, when internal proxy servers are used
  • ts-warp.c: -D 0..512 DPI bypass fragment size by default 0 - disabled; To enable use a positive value, e.g., 2

• 2024.08.15 ts-warp-1.5.5, gui-warp-1.0.25 (gui-warp-v1.0.30-mac), ns-warp-1.0.7
  • ts-warp.c, http.c: Deep Packet Inspections bypass. Option -D to disable it.
  • ts-warp.c: Internal proxy servers allowed making direct connection to destinations

Experimental Deep Packet Inspections bypass

According to SpoofDPI project, sending the first 1 byte of a request to the server, and then sending the rest of the data can help to bypass Deep Packet Inspections of HTTPS.

TS-Warp has the feature enabled by default. Just use TS-Warp in Transparent mode, or point your browser to TS-Warp
Internal HTTP(S) proxy at default 127.0.0.1:8080 or SOCKS5 proxy at 127.0.0.1:7080.

• 2024.07.23 ts-warp-1.5.4, gui-warp-1.0.25 (gui-warp-v1.0.30-mac), ns-warp-1.0.7
  • ts-warp.c: ACT-file created as RUNAS_USER user owner
  • ts-warp.c: On macOS delayed setuid()/setgid() disabled as almost useless

2024.07.23 ts-warp-1.5.3, gui-warp-1.0.25 (gui-warp-v1.0.30-mac), ns-warp-1.0.7

• ts-warp.c: Enable on macOS delayed setuid()/setgid() to run as non-privileged user
• ts-warp.c: SSH2 proxy connection fixed, thanks Stefan Hildebrandt for the bug-hunting
• ssh2.c: password for keyboard-interactive and password now always required
• examples\ts-warp.ini: Highlight info about accessing proxy_key (the private key) permissions/location

• 2024.07.12 ts-warp-1.5.2, gui-warp-1.0.25 (gui-warp-v1.0.30-mac), ns-warp-1.0.7
  • GUI-Warp: About-tab displays CHANGELOG.md-file
  • Makefile: installs/deinstalls text-files files into/from <PREFIX>/share/ts-warp directory
  • GUI-Warp.app: ts-warp.sh can be run from CLI to control ts-warp daemon e.g.:
    sudo /Applications/gui-warp.app/Contents/Resources/ts-warp.sh start /Users/$USER/ts-warp
  • GUI-Warp.app: build.sh uses current openssl and libssh2 versions
  • Makefile: WITH_LIBSSH2?=0 to disable LIBSSH2 by default
  • ts-warp_autofw.sh Ignore domain names if they are not resolveable to IP-addresses
  • Typos fixed again
  • gui-warp.py: Minor cosmetic changes
  • minmiconf: v1.1.0.2 - OpenBSD support; ts-warp_auto.sh modernization; gui-warp.py: Save INI button fix
  • gui-warp.py: v1.0.30-mac, gui-warp.py.in: v1.0.25, minmiconf: v1.1.0.1
  • configure: updated to minmiconf-1.1.0.0
  • Ignore a section if proxy_server value is not specified

• 2024.04.09 ts-warp-1.5.1, gui-warp-1.0.24 (gui-warp-v1.0.29-mac), ns-warp-1.0.7
  • ts-warp_autofw.sh: Support for domains in response to the issue
  • configure: Better PREFIX handling
  • README.md: Rewritten for configure
  • configure: Configure script introduced
  • GUI-Warp application window title caption update
  • ts-warp.c: WITH_TCP_NODELAY proper processing

2024.03.12 ts-warp-1.5.0, gui-warp-1.0.23 (gui-warp-v1.0.28-mac), ns-warp-1.0.7

• gui-warp.app, gui-warp.py: Correcting paths in gui-warp.ini
• gui-warp.app: Symlink to /Applications in DMG
• gui-warp.py, gui-warp.app: gui-warp.ini back to macOS; daemon_options var controls ts-warp startup options
• ssh2.c: Deny SSH2-proxy connections with no username
• ssh2.c: Do not try manual authentication is agent-authentication was successful
• ssh2.c: Variable proxy_ssh_force_auth in ts-warp.ini to force or negotiate SSH2 authenticaton methods
• ts-warp.c: CLI options to disable TS-Warp port listeners: -T 0:0, -S 0:0 and -H 0:0
• ssh2.c: SSH-agent support added
• ts-warp.c, ssh2.c: Fix SSH2 related memory leaks, proper SSH session closure
• inifile.c: Hide SSH privatekey key passphrase in logs
• ssh2.c: Authentication methods reworked. proxy_key_passphrase INI-entry appeared
• inifile.c: Allow proxy_key to be specified in the INI-file
• build.sh: MacOS application build fix for LIBSSH2
• ts-warp.c, Makefile: LIBSSH2 compilation issues under Linux
• inifile.c: Enable default proxy port-numbers based on proxy_type: Socks4/5: 1080, HTTPS: 3128, SSH2: 22
• examples\ts-warp.ini: Ports specified for HTTPS and SSH2 proxies
• ts-warp.c: Prevent HTTP-port overwriting TRANSPARENT-port
• build.sh when makind gui-warp.app downloads/builds static SSL and SSH2 libraries WITH_LIBSSH2=1 sh ./build.sh
• SSH2 proxy supported in any position of a CHAIN
• gui-warp.app: on macOS deiconify from Dock; LICENSE file added to the application
• http.c: http_client_request() tolerate fail on send() and recv()
• ts-warp.c: NIT lookup lifted up the code to work for all proxies
• ts-warp.c: minor logging bugfix, README.md updates
• SSH2 proxy-client introduction
• ts-warp.c: Be silent on LIBSSH2_ERROR_EAGAIN in libssh2_channel_read()
• gui-warp.app: Makefile and build.sh prepred for static LIBSSH2
• SSH2 proxy first successful run
• Added SSH2 to the main loop
• ssh2.c: libssh2_channel_direct_tcpip() added
• ssh2.c: libssh2_userauth_*() added
• gui-warp.app: build.sh Stage clean removes correct dmg at right time

ts-warp-1.4.8, gui-warp-1.0.22 (gui-warp-v1.0.27-mac), ns-warp-1.0.7

• gui-warp.app: update link points to GUI-Warp.dmg image
• gui-warp.app: build.sh creates DMG image
• Makefile: ts-warp-ssh2 special target (for development) with LIBSSH2
• ssh2.c: Started ssh2_client_request()
• Makefile: Install manpages
• LIBSSH2 init/deinit
• SSH2 proxy preparation
• ts-warp.c: Cleaner code
• ts-warp.ini: Examples are commented
• ts-warp.sh.in: on stop flush only TS-Warp related anchors
• Minor cosmetic changes

ts-warp-1.4.7, gui-warp-1.0.22 (gui-warp-v1.0.26-mac), ns-warp-1.0.7

• ts-warp.sh.in: remove unused variables
• ts-warp.c: Drop direct requests to Transparent port
• Makefile: examples-* target user-name check fix
• ts-warp.sh.in, ts-warp_autofw.sh.in: On Linux try Iptables firts, then Nftables; fix execution.
• socks.c: Typo fix
• gui-warp.py, gui-warp.app: Links to releases; better PID-file checking
• Makefile, README.md: Better custom installation PREFIX
• gui/Makefile: images go to share/ts-warp directory
• gui-warp.py: Better parsing of gui-warp.ini - key error fix

ts-warp-1.4.6, gui-warp-1.0.19 (gui-warp-v1.0.24-mac), ns-warp-1.0.7

• gui-warp.app: Move precompiled app out of sources
• examples/*.in: Table names replaced SOCKS -> TSWARP
• Makefile: FreeBSD pkg build as root creates config files for nobody user. Check and modify if needed.
• FreeBSD port updated and moved out of sources
• pidlist.c: warn_unused_result on GCC suppressed
• build.sh: Setting current python3 interpreter when building macOS app
• gui-warp: some remediations for the macOS app on Sonoma
• gui-warp.py: Fix FW-tab
• gui-warp: Lost contents of the INI-tab return, thanks Luis Pontes [email protected] for reporting
• gui-warp: smoother LOG-file refresh, less CPU utilization
• gui-warp: Better Unicode support
• FreeBSD port added
• README.md: minor updates
• gui-warp: About tab, many little fixes
• gui-warp.app: sudo fix
• xedec.c: Hex hash conversion fix

2023.10.10 ts-warp-1.4.0, gui-warp-1.0.11 (gui-warp-v1.0.18-mac), ns-warp-1.0.7

• ts-warp: Incompatible to previous versions, CLI options for connections: -T Transparent, -S Socks, -H HTTP
• ts-warp: Transparent connections port: 10800, Internal Socks server port: 7080, Internal HTTP server port: 8080
• http.c: Internal HTTP proxy fixes
• http.c: http_server_request() special buffer for replies
• gui-warp.app: Create missed leafs of configuration directory tree if they are not exist
• socks.c: Finish only client processes on Socks errors
• http.c: http_server_request() reply the same protocol as in the request

ts-warp-1.3.9, gui-warp-1.0.11 (gui-warp-1.0.17-mac), ns-warp-1.0.7

• NS-Warp: rolled-back to stable; fixed many errors; version bump; README.md update
• MacOS GUI-WARP app: remove references to CLI configuration
• ACT in GUI-Warp macOS port
• gui-warp.py: ACT tab introduced; minor ACT pipe fixes
• Timestamps added to ACT; option to unlink ACT pipe
• ACT data requested via SIGUSR2 available in <PREFIX>/var/spool/ts-warp.act
• Deprecated CLI options removed: -i, -P
• USR2 signal to report active connections and traffic (ACT)
• Traffic counters, minor decorative changes
• ts-warp.c: Minor optimization
• ns-warp: Build fix, goto removed
• inifile.c: chk_inivar() less verbosity level
• gui-warp: UI minor tweaks
• Makefile: compiler -O3 optimization
• xedec.c: xdecrypt() fix memory issue - NULL-terminated string
• gui-warp.py: Strip extra newline char when saving INI-file

ts-warp-1.3.2, gui-warp-1.0.8 (gui-warp-1.0.14-mac), ns-warp-1.0.4

• Makefile: Text formatting; README.md update
• gui\gui-warp.py: Encode password dialog
• gui-warp.app: Better configuration paths
• gui-warp.app: Options input box
• ts-warp_autofw.sh: ranges creation fix
• gui-warp.app: ~/ts-warp.ini restrict file permissions
• gui-warp.app: ~/ts-warp_pf.conf auto-generation, minor tweaks
• gui-warp.app: ts-warp.sh script permissions and typo
• gui-warp.app: Repack, build.sh script, better layout
• gui-warp.app: macOS standalone all-in-one application: GUI-Warp + TS-Warp introduced
• Various minor changes
• gui\gui-warp.py: Password dialog as modal window. Thanks Sławomir Koper for discovering the menu click issue
• gui\gui-warp.py: Don't ask password under root
• Makefile: Set permissions on config files
• gui\gui-warp.py: Password authentication dialog for sudo
• gui\gui-warp.py: macOS Application with py2app. See build instuctions in setup.py
• README.md: Quick installation section added

ts-warp-1.3.0, gui-warp-1.0.3, ns-warp-1.0.4

• http.c: Correct HTTP proxy reply
• socks.c, ts-warp.c: socks5_server_reply() created for the innternal Socks5 server
• inifile.c: ini_look_server() performs namelookup only if section has target_host or target_domain
• ts-warp_autofw.sh: Include target_hosts and proxy_servers with port-addresses,
  thanks Gleb Reys [email protected] for the bug-hunt
• Base64.c: base64_strdec() created
• HTTPS proxy authentication added
• Base64.c: base64_strenc() created
• ts-warp.c: HTTP proxy chains
• http.c: http_client_request() created, method CONNECT
• proxy_* replaced socks_* in examples and scripts
• Unifying proxy definitions and various routines for Socks and HTTP protocols
• Fix direct TCP connections
• Internal HTTP the first try: no checks, no external proxy, no proxy-chains
• Socks5 server related tweaks; daddr refactoring
• struct uvaddr to combine sockaddr_storage and char * to replace daddr and dname
• http.c, http.h: included; http_server_request() in progress
• ts-warp.c: process_socks() removed due to unnecessary complexity
• ts-warp: -i IP:Port will be deprecated in the future releases in favour of -S IP:Port and -H IP:Port
• ts-warp.c: Make clients-to-ts-warp connections non-blocking
• ts-warp.c: Socks processing moved into process_socks()
• network.c: str2inet() correct struct addrinfo into struct sockaddr_storage mapping
• The project renamed to "Transparent Socks Proxy and Traffic Wrapper" to match internal Socks server functionality

ts-warp-1.2.0, gui-warp-1.0.3, ns-warp-1.0.4

• Internal Socks5 server example in ts-warp.ini; README.md update
• ts-warp.sh: pkill -x for correct restart
• -P flag to disable internal SOCKS5 server
• socks.c: socks5_server_request() fix SA_FAMILY() for AF_INET and AF_INET6; Trimming redundant spaces
• Basic SOCKS5 server-side functions are implemented; socks5_atype() removed; Socks related functions refactored
• ns\ns-warp.c Outgoing socket fix
• socks.c: socks5_server_request() added; inifile.c: minor fixes
• socks.c: socks5_serve_hello() added
• inifile.c, inifile.h: ini_look_server() supports hostnames
• Makefile: detect configuration targets are completed
• Makefile: prevent examples-general and examples-special from running as root
• struct sockaddr -> struct sockaddr_storage to handle IPv6 correctly
• Makefile: create etc on install-configs/install-examples stage
• ts-warp_autofw.sh block using as root; Added to make all/make clean

ts-warp-1.1.7, gui-warp-1.0.2, ns-warp-1.0.3

• ts-warp_autofw.sh makes and prints out sample firewall configuration based on
  ts-warp.ini contents
• Switch back default to special firewall configuration
• Starting loglevel changed to LOG_WARN; Minor changes and README.md update
• Simplify firewall configuration. make install/make install-configs installs general simplified firewall
  example- and configuration- files to forward all TCP traffic via TS-Warp. See README.md for details
  and examples of more complex special firewall configuration files.
• inifile.c: show_ini(): captions instead of IDs for targets and balansing
• Updated -h option
• network.c Reduce timeout for a new not yet established connections
• ts-warp.c faster failover switch. Details in #6
• ts-warp.sh stop ensures the daemon is killed
• Updated README.md files

ts-warp-1.1.6, gui-warp-1.0.2, ns-warp-1.0.3

• Release preparation
• ns-warp.sh: Startup script; README.md update; Minor changes
• ns-warp: Run as different user
• ts-warp.sh: Check if a process from the pid-file really exists
• Manpages formatting: https://github.com/mezantrop/ts-warp/issues/5
• Makefile: Multiple minor changes
• README.md: gui-warp.py with sudo; a new screenshot
• gui-warp.py: Minor updates
• gui-warp.py: Many small changes: gui-warp-1.0.3

ts-warp-1.1.5, gui-warp-1.0.2, ns-warp-1.0.2

• gui-warp.py: The most of the widgets changed from tk to ttk for better theme (light/dark) support
• gui-warp.py: Correct Save changes Button references on INI and FW tabs
• gui-warp.py: App() class fwfile argument to override default ts-warp_pf.conf location, thanks Gema Robles
• ts-warp.sh.in: Do not replace original PF-rules
• network.c: inet2str() Returns IP:PORT
• inifile.c: Many minor logfile tweaks
• ts-warp.c: read_ini() added more allowed characters in sections: a-zA-Z0-9_\t -+()
• inifile.c, pidlist.c: show_ini(), pidlist_show() logs using LOG_CRIT
• socks.c, socks.h: Extended SOCKS status codes
• ns-warp.c: Cosmetic chanes
• ns-warp: dns.c/forward_ip() rewritten for speed; Many fixes and improvements
• ns-warp.c: fork() to reduce possible resolve timeout

ts-warp-1.1.4, gui-warp-1.0, ns-warp-1.0.2

• ns-warp: memory usage fix
• ts-warp.c: TCP nodelay enabled
• network.c, str2inet(): Return INADDR_NONE if resolve fails
• mk_pidfile(): fix for NULL pwd structure
• ns-warp: CIDR addresses for NIT-pools
• ts-warp.c: Correct clients exit procedure
• ts-warp.c: Use empty SOCKS section name in the PID list for direct connections
• On Linux nftables rules and usage examples added

ts-warp-1.1.3, gui-warp-1.0, ns-warp-1.0.1

• SOCKS servers section Failover/Roundrobin/None modes enabled
• README.md, examples\ts-warp.ini: updated
• Minor decorative formatting
• ts-warp.c: Accepts SIGUSR1 to show configuration and clients
• pidlist.c, pidlist.h: Clients processes monitoring
• inifile.c: target_network IPv4 addresses in CIDR notation
• ts-warp.sh: pkill utilized in stop -f routine
• Proper PID logging
• ts-warp.sh stop: no redundant messages when autodetecting PID