October 24, 2020, 01:52:54 PM

Author Topic: Cardservproxy  (Read 14265 times)

0 Members and 3 Guests are viewing this topic.

Offline antox

  • Ferengi
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16798
Cardservproxy
« on: February 04, 2010, 09:44:03 AM »
 Cardservproxy 0.9.0

  Cardservproxy 0.9.0
  -------------------

  First, in order to avoid the usual confusion about the proxy:
  - This is not a cam emulator or card server, it knows next to nothing about ca systems, DVB concepts, iso7816 or the md api.
  - It's 100% memory-hogging-java, intended to run on stable servers, not on stb's or desktop pcs (although of course this
  may still be possible).
  - It's not for everyone, it could be considered an SDK for building custom sharing solutions or integrating sharing into
  existing communities. If you don't have any experience writing code, the proxy probably isn't for you.
  - Yes it's controversial. Used properly a cluster of 2 proxies could handle several thousand clients with a handful of cards,
  bandwidth being the only real limit. NOTE: This assumes complete understanding of all aspects of the newcamd protocol,
  as well as any quirks introduced by the ca-systems you're trying to proxy.
  - There are no commercial or "full" versions of the proxy by this author (and there never will be). This is the only one.
  3rd party branches are encouraged, as long as they are free and full source is made available.

  Cardservproxy is a scalable proxy primarily for the newcamd protocol, with load balancing and cluster handling built in.
  It will keep track of 2 or more cardservers (typically newcs) and accept incoming connections from clients (any client
  that support the newcamd or radegast protocols). It removes the need for complex clients or servers, by centralizing all
  of the complexity.
  It is primarily intended for cable/terrestrial dvb setups, or those where each client only ever connects to one
  profile (or at most two). For scenarios where users need to connect to more than two systems, you should probably
  look elsewhere for something that does not involve the newcamd protocol.

  Features/benefits:
  - The proxy hides the servers from the clients. New servers can be added/removed on the fly without affecting traffic
  or having to change the clients configurations.
  - The proxy hides the clients from the servers, the servers will only ever have a single very busy user (the proxy)
  from a fixed ip.
  - User management is centralized in the proxy, the servers will not have to be updated to add new users. The proxy user
  manager is pluggable and can be connected to any external user database with a minimum of coding.


Offline antox

  • Ferengi
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16798
Re: Cardservproxy 0.9.0
« Reply #1 on: February 08, 2010, 12:51:58 PM »
 Cardservproxy 0.9.0 RC4 Source code
Cardservproxy 0.9.0 RC4 Source code

Cardservproxy 0.9.0
-------------------

First, in order to avoid the usual confusion about the proxy:
- This is not a cam emulator or card server, it knows next to nothing about ca systems, DVB concepts, iso7816 or the md api.
- It's 100% memory-hogging-java, intended to run on stable servers, not on stb's or desktop pcs (although of course this
may still be possible).
- It's not for everyone, it could be considered an SDK for building custom sharing solutions or integrating sharing into
existing communities. If you don't have any experience writing code, the proxy probably isn't for you.
- Yes it's controversial. Used properly a cluster of 2 proxies could handle several thousand clients with a handful of cards,
bandwidth being the only real limit. NOTE: This assumes complete understanding of all aspects of the newcamd protocol,
as well as any quirks introduced by the ca-systems you're trying to proxy.
- There are no commercial or "full" versions of the proxy by this author (and there never will be). This is the only one.
3rd party branches are encouraged, as long as they are free and full source is made available.

Cardservproxy is a scalable proxy primarily for the newcamd protocol, with load balancing and cluster handling built in.
It will keep track of 2 or more cardservers (typically newcs) and accept incoming connections from clients (any client
that support the newcamd or radegast protocols). It removes the need for complex clients or servers, by centralizing all
of the complexity.
It is primarily intended for cable/terrestrial dvb setups, or those where each client only ever connects to one
profile (or at most two). For scenarios where users need to connect to more than two systems, you should probably
look elsewhere for something that does not involve the newcamd protocol.

Features/benefits:
- The proxy hides the servers from the clients. New servers can be added/removed on the fly without affecting traffic
or having to change the clients configurations.
- The proxy hides the clients from the servers, the servers will only ever have a single very busy user (the proxy)
from a fixed ip.
- User management is centralized in the proxy, the servers will not have to be updated to add new users. The proxy user
manager is pluggable and can be connected to any external user database with a minimum of coding.
- Connected servers don't have to have identical card subscriptions, the proxy can keep

Offline antox

  • Ferengi
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16798
Re: Cardservproxy
« Reply #2 on: February 20, 2010, 09:46:08 PM »
 Cardservproxy-0.9.0.RC5
Cardservproxy changelog:
------------------------

0.9.0 - RC5

- Fixed: The included ConaxConnector plugin in 0.8.13 was an older version.
- Fixed: Extra http auth login was required for accessing plugin webs (bug introduced in 0.8.13).
- Fixed: Probing of connectors with unknown status wasn't done when cache hits occured.
- Fixed: No longer possible to create multiple profiles where both ca-id and network-id are the same.
- Fixed: Anonymized (non-au) newcamd card-data can no longer end up with user id 1 (this confused some clients).
- Fixed: Disabling a profile now automatically disables any connectors that explicitly references it.
- Fixed: Enigma services file parsing now uses comma separated filter strings, to allow names with spaces.
- Changed: Network-id is now used in enigma services file parsing only when no provider string filter is set.
- Changed: All time fields in the config can now be specified in minutes/secs/millisecs by adding a suffix (m, s, ms).
If no suffix is added, the old default for the field will be assumed (so configs/docs remain compatible).
- Changed: Added and updated defaults in the generated proxy.xml template to make more sense with the current version.
- Changed: ClusteredCache sync-period is now used even in receive-only mode (without peers). This can allow you to
significantly increase cache hits at the expense of ecm transaction time. ClusteredCache is now used by default.
- Added: Services parser for dvbviewer exports (ini files). The filter string is matched against the "Root" key if set.
- Added: Timed ecm blacklist per connector, to avoid forwarding the same ecm several times to a connector that can't
handle it (mainly when there is no sid to go by in the request). Entries will be kept for 3*max-cw-wait.
- Added: Slightly better awareness of satellite concepts like provider-idents and other ca-system-specific artefacts.
This includes extending the service mapper with an additional custom-id/cid (besides sid) for systems like 1rd3t0.
For some systems this will include provider-ident as a factor in the mapping (with require-provider-match for profile).
- Changed: Max-connections changed to a per-profile value, to handle the satellite scenario of the same user connecting
to multiple profiles. I.e now max-connections 1 means the user is allowed 1 connection in every profile they have.
NOTE: This means if you change the value or add ports to a profile, you may have to kick users before it takes effect.

- Added: New connector type 'csp-connector' specifically for chaining multiple proxies together. Requires that the
ONID (network-id) and ca-id is set properly for all profiles in all involved proxies. This type allows multiple
profiles to be shared over a single connection, and prevents loops (forwarding the same ecm back and forth between
proxies that have each other as connectors).
The protocol is documented in the source and connections are initiated using the httpd (so ssl can/should be used).
See proxy-reference.html for more info.
- Added: New connector type 'chameleon-connector' for connecting to newcs as mgcamd and accessing multiple cards in one
newcamd session. Only properly identified traffic can be sent to this connector type (known caid + provider ident).
Only remote cards that map into locally defined profiles (matching caid/provider ident) will be used.
- Added: Support for mgcamd/newcs newcamd-extensions in incoming connections (via a single extended-port for all
profiles), using multiple systems over a single newcamd session. For this to work all combinations of caid and
provider ident must map to a profile with network-id set. Ambiguous traffic will be denied.
- Added: Redundant forwarding. The service mappers can now be configured to select two of the least loaded connectors
instead of just one (if two or more candidate connectors exist for a request). If enabled, this can up to double the
load on the cards, but assuming enough capacity exists it will mean always having a backup ready in case the primary
connector choice failed/timed out for any reason. Should improve reliability in single-node proxy setups.
- Added: Plugin dependency resolver. This makes it easy to build plugins that make use of existing 3rd party libraries,
by fetching jars automatically on first load. See README.Plugins.txt for more info.

- Added: When using only asynchronous connectors, it is now possible for a client session to get a cache hit even after
a forward to card was initiated. This can result in transactions with both F and C/R flags.
- Added: Last-seen data now also contains entries for failed login/connect attempts, available through a new status
command 'login-failures' (available to all users, but non-admins can only see attempts made with their user name).
- Added: New interface ReplyFilter that plugins can use to intercept and alter/block DCW's as they're returned from
connectors, before they're processed by the proxy (possibly find and delete bad CW's). See README.Plugins.txt.
A DcwFilterPlugin that illustrates this and blocks some common bad responses is included.
- Added: Fixes for running under jamvm on embedded systems (including the broken auto-generating of the config template).
- Added: New status commands for troubleshooting: 'export-services', 'system-properties' and 'system-threads'.
- Added: Option to configure the date-format used by the default logger.
- Added: Arbitrary ****-data/remote info can now be returned by connectors (for display/troubleshooting/statistics).
- Added: Multiple client ids (oscam, scam, rq-sssp etc).
- Added: More example plugins included.

- Changes to proxy.xml:
Added: Element to (to receive csp-connections, enabled by default).
Added: Element to (to define csp-connectors). See proxy-reference.html.
Added: Element to (connector to a newcs/chameleon setup as mgcamd). Same as a
newcamd-connector, except it is not bound to a profile, always asynchronous and ignoring the client-id setting.
Added: Element to (unbound port for extended newcamd protocol, as used between mgcamd
and newcs). Allows mgcamd to use multiple systems (all profiles the user has access to) over a single connection.
Added: Element to (optional java SimpleDateFormat string to use for the standard logs).
Added: Attribute 'provider-idents' to (optional, allows listing of provider-idents, even with no connectors).
Added: Attribute 'require-provider-match' to (true/false, default: true). Set to false if you know that for
this profile, provider idents in ecm requests do not need to match those on the cards (this is the case for 1rd3t0).
NOTE: If require-provider-match is false, provider-idents will get 000000 added automatically. Conversely, if only
ident 000000 is specified for a profile, require-provider-match defaults to false instead of true when omitted.
Added: Attribute 'provider-idents' to , (optional, overrides the idents from the server/card).
Added: Attribute 'exclusive' to (true/false, default: false). Set to true for a list to indicate
that there should be no probing done for the connector, only those services listed are to be considered decodable.
Changed: Attribute 'provider' for changed to 'filter' to avoid confusion. If provider-idents have been
specified correctly for the profile, there is no longer any need to repeat that list in the case of cccam parsing.
Changed: All elements that allowed hex sid lists to be specified (per connector or profile) now accept an alternate
syntax sid:cid (where cid is custom id, used for situations like the 1rd3t0 chid where sid alone is not enough).
NOTE: is an exception, checks against that list are made with sid only.
Added: Element to (true/false, default: false). Can be set globally or per profile,
as with other mapping settings. Transactions that trigger redundant forwarding will get the new flag '2'.

- Changes to the http/xml api: (always use /xmlHandler?command=status-commands or ctrl-commands to see syntax).
Added: New status command 'export-services', dumps the internal state of the service maps (admin only). Add the param
format=hex for an alternate format matching the sid lists used in the config.
Added: New status command 'system-properties', shows the JVM system properties (superuser only).
Added: New status command 'system-threads', dumps all JVM threads as strings (superuser only).
Added: New status command 'login-failures', shows a list of failed login attempts per user or ip (for most interfaces).
Added: New ctrl command 'gen-keystore', auto creates a java keystore for using the status web with SSL.
Added: New ctrl command 'disable-connector', temporarily disables a specified connector.
Added: New ctrl command 'set-profile-debug', temporarily changes debug flags (set to false for ALL to delete ecm logs).
Added: New ctrl command 'remove-failed', removes entries matching specified wildcard mask from login-failures.
Added: Attribute 'time' to (proxy-status output). Local system time as a rfc822 date.
Added: Attribute 'cdata' to (most output containing services). Custom data for service mapping (chid/ident).
Added: Element to (cws-connectors output). List of elements with name/value
attributes, containing arbitrary information about the connector.
Added: Attributes 'network-id', 'ca-id', 'provider-ident' and 'origin-id' to (transaction logs). These are only
included when the transaction occured in the '*' profile, and origin-id only for CspSession transactions.

Offline antox

  • Ferengi
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16798
Re: Cardservproxy
« Reply #3 on: July 04, 2010, 11:40:05 AM »
Card Server Proxy - Full Collection

All Original Final Copies Are Available Here .

3 Rar Parts .
You are not allowed to view links. Register or Login Rar Parts .
You are not allowed to view links. Register or Login
You are not allowed to view links. Register or Login

Offline digitv

  • Jr. Member
  • **
  • Posts: 14
CSP 0.9.0 RC6
« Reply #4 on: July 05, 2010, 12:05:17 AM »
Latest version a025

Offline antox

  • Ferengi
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16798
Re: Cardservproxy
« Reply #5 on: July 12, 2010, 01:03:45 PM »
cardservproxy-0.9.0.RC6(5)
cardservproxy-0.9.0.RC6(5)

12-07-2010

(see README.0.9.0.txt for conceptual changes and tips)

Gracias a DrPepper

Offline antox

  • Ferengi
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16798
Re: Cardservproxy
« Reply #6 on: July 28, 2010, 07:59:24 PM »
CSP Version 0.9.0 RC6 (SB SVN r11)
28-07-2010

CSP Version 0.9.0 RC6 (SB SVN r11)

Changes to r7:





Author: bowman    

Added a generic profile meta-data set to the csp-connect protocol, to enable showing more details about remote profile configs (to see if they make sense). Currently only includes the effective max-cw-wait and max-cache-wait values for each mapped profile in a csp-connector.   

Made it possible to specify max-cache-wait as a percentage of max-cw-wait (makes more sense when using multiple profiles with different max-cw-wait limits).


Synced minor logging changes from old local repos.

Added clear-history command to DreamboxPlugin?.



Offline kargo.25

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4249
Cardservproxy 0.9.0 - RC6
« Reply #7 on: August 04, 2010, 08:57:32 PM »
CSP Version 0.9.0 RC6 (SB SVN r14)

Changes to r11:

Author: merek

Some more caid's for exotic ca systems in ca.properties


Author: bowman

Updated config reference.


Author: bowman

Added build number + a hack to use the current svn repository revision as build number for cardservproxy.jar, when the ant build is able to execute svnversion (needs to be in PATH)

Offline antox

  • Ferengi
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16798
Re: Cardservproxy
« Reply #8 on: August 11, 2010, 06:03:13 PM »
CSP Version 0.9.0 RC6 (SB SVN r27)



Code: You are not allowed to view links. Register or Login
Author: merek

- Dont use -Xmx512m as default in init scripts, as this could break small installations
- Add LSB information to ubuntu/debian init scripts

Author: DrPepper

Changed Memory Allocation to 512MB

Author: DrPepper

Changed Memory Allocation to 512MB

Author: bowman

Added ecm source to logging for service discovery (easier to se who caused an addition to service maps).

Author: bowman

Prepared for 0.9.0 release.

Author: bowman

Forgot to change the error msg.

Author: bowman

Fixed jvm check and added startup hint.


Online labud

  • Administrator
  • Hero Member
  • *****
  • Posts: 9026
Re: Cardservproxy
« Reply #9 on: August 30, 2010, 05:09:24 AM »
CSP Version 0.9.0 Release (SB SVN r35)

Changeset [35] by bowman
Per profile max-cw-wait value can now be set below <1s, like the global …
-----------------------------------------------








UNAUTHORIZED DECODING OF ENCRYPTED SIGNALS FROM EITHER DOMESTIC OR FOREIGN PROVIDERS IS AGAINST THE LAW !!!
INFORMATION CONTAINED IN MY POSTS ["C/P FROM ANOTHER SITE"] ARE FOR LEARNING AND EDUCATIONAL PURPOSES ONLY !!!
PLEASE, DO NOT SEND ME PRIVATE MESSAGES WITH TECHNICAL QUESTIONS, USE FORUM FOR IT !!!

Offline antox

  • Ferengi
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16798
Re: Cardservproxy
« Reply #10 on: September 16, 2010, 08:24:46 AM »


Cardservproxy - 0.9.1

15.09.2010

Cardservproxy changelog:
2 ------------------------
3
4 0.9.1 - RC0
5
6 - Fixed: Handling for unknown sid (0 or a dummy sid listed in dummy-services) was broken in 0.9.0.
7 - Fixed: Incoming requests for dummy sids should not retain the dummy when forwarded, now changed to 0.
8 - Fixed: Per profile max-cw-wait could not be set below 1s (now both per profile and global allow down to 100 ms).
9 - Fixed: Probing was sometimes attempted even when there was only one candidate connector.
10 - Fixed: Radegast support updated to make sense with 0.9.x.
11 - Changed: Two ecms (or dcw replies) with the same payload data but different dvb table ids (even/0x80 vs odd/0x81) are
12 now considered identical by the proxy.

Offline antox

  • Ferengi
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16798
Re: Cardservproxy
« Reply #11 on: September 23, 2010, 09:52:48 AM »
Cardservproxy Version 0.9.1 RC0 (SB SVN r42)

22.09.2010

Changeset [42] by bowman

- More fixes to cache extension framework.

Offline antox

  • Ferengi
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16798
Re: Cardservproxy
« Reply #12 on: October 06, 2010, 06:24:40 PM »

06/10/2010

Quote
0.9.1 - RC0-svn-r44

- Fixed: Handling for unknown sid (0 or a dummy sid listed in dummy-services) was broken in 0.9.0.
- Fixed: Incoming requests for dummy sids should not retain the dummy when forwarded, now changed to 0.
- Fixed: Per profile max-cw-wait could not be set below 1s (now both per profile and global allow down to 100 ms).
- Fixed: Probing was sometimes attempted even when there was only one candidate connector.
- Fixed: Radegast support updated to make sense with 0.9.x.
- Changed: Two ecms (or dcw replies) with the same payload data but different dvb table ids (even/0x80 vs odd/0x81) are
now considered identical by the proxy. Implications unknown.
- Changed: ClusteredCache transport format now includes meta-data such as ca-id and network-id.
NOTE: This breaks compatibility with previous versions. If one node has the new format, all nodes must be upgraded.
- Added: Cws event for found service now shown in the status-web (despite the command being called error-log).
- Added: Experimental sid cache linking feature, allows cache hits based on meta-data like sid rather than ecm payload.
Links added via the web commands are stored in etc/links.cfg (this file is monitored for changes and autoloaded also).
- Added: More sanity checks to DcwFilterPlugin (checksums, length and an option to monitor all replies for duplicates).

- Changes to proxy.xml:
Added: Attribute 'enable-service-linking' to (true/false, default: false). Enables sid cache linker.

- Changes to the http/xml api:
Added: Attribute 'filtered-by' to (transaction logs). Contains the reason for a B flag, or the filtering plugin.
Added: New event type 9 - "found service" added to connector events output (error-log

Offline savan

  • Full Member
  • ***
  • Posts: 119
Re: Cardservproxy
« Reply #13 on: October 13, 2010, 07:05:10 PM »
New version!
Changes:
- Updated docs and more cleanup for 0.9.1
- Fixed: Emm handling for extended newcamd in systems with signifcant provider-idents
- Changed: ClusteredCache transport format now includes meta-data such as ca-id and network-id.
 NOTE: This breaks compatibility with previous versions. If one node has the new format, all nodes must be upgraded.
 The source ip's of any received incompatible updates are listed in the property 'version-mismatch'.

- Added: DreamboxPlugin (csp-agent) support for more/older dm500 images.
- Added: proxy-reference.html updated with highlighting for important elements and additional examples.

Tako da ko ima staru verziju nek menja i nek obavesti sve pirove koji imaju staru verziju da instaliraju najnoviju, jer kluster ne radi kako treba sa starim verzijama!!!



Offline savan

  • Full Member
  • ***
  • Posts: 119
Re: Cardservproxy
« Reply #14 on: October 13, 2010, 07:05:10 PM »
New version!
Changes:
- Updated docs and more cleanup for 0.9.1
- Fixed: Emm handling for extended newcamd in systems with signifcant provider-idents
- Changed: ClusteredCache transport format now includes meta-data such as ca-id and network-id.
 NOTE: This breaks compatibility with previous versions. If one node has the new format, all nodes must be upgraded.
 The source ip's of any received incompatible updates are listed in the property 'version-mismatch'.

- Added: DreamboxPlugin (csp-agent) support for more/older dm500 images.
- Added: proxy-reference.html updated with highlighting for important elements and additional examples.

Tako da ko ima staru verziju nek menja i nek obavesti sve pirove koji imaju staru verziju da instaliraju najnoviju, jer kluster ne radi kako treba sa starim verzijama!!!