2004-05-18  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 2.0.9

2004-05-12  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 2.0.8.5

	* lib/conntrack.c (z_conntrack_packet_in): Free packet if canot
	send it to a proxy. (Backported from 2.1) Bug: #3094

2004-03-11  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Proxy.py: fixed ugly Glib warnings when reconnecting
	to the server fails (fixes #3105)

	* configure.in: bumped version to 2.0.8.4

2004-02-23  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 2.0.8.3

2004-02-06  Balazs Scheidler  <bazsi@bzorp.balabit>

	* scripts/zorpctl.conf: increases PROCESS_LIMIT_MIN to 2048

2004-02-03  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 2.0.8.2

	* Applied mag's patches. (debianizations and warning elimination)

2004-01-30  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Service.py: fixed race condition in num_services
	counting (backported from HEAD, fixes #2929)
	
2004-01-29  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 2.0.8.1

	* lib/pydispatch.c (z_py_zorp_dispatch_accepted): clone sockaddrs
	to avoid passing ZSockAddr references through thread boundary (as
	ref & unref of sockaddrs are not thread safe)

2003-12-02  Szalay Attila  <sasa@mochrul.balabit>

	* Bumped to version 2.0.8

	* lib/dispatch.c: locking cleanup (2.1 backport)        

	* lib/conntrack.c: (z_conntrack_add_stream,
	z_conntrack_remove_stream): added a mutex protecting the
	connection_poll as it was accessed from multiple threads,
	(z_conntrack_socket_free): fixed a memory leak in ZCTSockets, the
	ZSockAddr members were not freed,
	(z_conntrack_socket_ref, z_conntrack_socket_unref): use a lock to
	protect the reference counter,
	(various functions): ZPacket does not use reference counts any
	more (to avoid the need to lock)
	(z_conntrack_socket_start, z_conntrack_socket_shutdown):
	add/remove a reference to the referenced structure to avoid
	freeing ZCTSockets which were not shut down
	(z_conntrack_packet_in): backported runtime session_limit, added
	log messages about new sessions (2.1 backport)

	* lib/pydispatch.c: added support for session_limit (2.1 backport)

	* lib/packstream.c: adapted to refcountless ZPackets (2.1 backport)

	* lib/packet.c: dropped reference counting as it would require a
	lock on the ref_count field (2.1 backport)

	* lib/dispatch.c (z_dispatch_connection): lock the chain while
	traversing it,
	(z_dispatch_register): upgrade to write lock earlier to avoid
	parallel binding to the same port, handle races by looking up the
	hashtable again when the write lock is acquired (2.1 backport)

	* lib/attach.c: set the bound address in the ZConnection structure
	to let the proxy use it in its log messages

2003-10-29  Szalay Attila  <sasa@mochrul.balabit>

	* Bumped to version 2.0.7

2003-10-27  Balazs Scheidler  <bazsi@bzorp.balabit>

	* doc/zorp-tutorial.txt: merged tutorial update from mag@debian.org

2003-10-18  Balazs Scheidler  <bazsi@bzorp.balabit>

	* configure.in: bumped version to 2.0.6.4

2003-10-16  Balazs Scheidler  <bazsi@bzorp.balabit>

	* fixed a couple of warnings

2003-10-09  Balazs Scheidler  <bazsi@bzorp.balabit>

	* configure.in: bumped version to 2.0.6.3

	* lib/attach.c: fixed memory leak, the user's destroy_notify
	callback was not called if attaching was cancelled

2003-10-07  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/szig.c: fixed typo, z_stream_fd_new was used instead of z_stream_new

	* Bumped to version 2.0.6.2

2003-10-06  Szalay Attila  <sasa@mochrul.balabit>

	* Bumped to version 2.0.6.1

2003-10-01  Balazs Scheidler  <bazsi@bzorp.balabit>

 	* pylib/Zorp/Dispatch.py (CSZoneDispatcher.__init__,
	ZoneDispatcher.__init__): clear follow_parent argument from the
	keyword hash, prior to calling the inherited constructor

	* backported from 2.1:

	* lib/szig.c: fixed a memory leak in SZIG

2003-09-29  Balazs Scheidler  <bazsi@bzorp.balabit>

	* scripts/zorpctl.in: add 64 to the calculated fd limit

2003-09-29  Szalay Attila  <sasa@mochrul.balabit>

	* Bumped to version 2.0.6

	* Fix debian dependency.

2003-09-25  Balazs Scheidler  <bazsi@bzorp.balabit>
 
         * lib/pyfastpath.c (z_fp_transparent_router_setup): forced port
	was erroneously parsed as an object, parse it as an int instead
         (caused forced_port to be always set, thus TransparentRouter was
	not working)

2003-09-24  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Zorp.py: added getKeywordArg() function which helps
	parsing optional keyword arguments

	* pylib/Zorp/Dispatch.py, pylib/Zorp/Listener.py,
	pylib/Zorp/Receiver.py: use constructor arguments consistently,
	make sure all necessary arguments are passed to Dispatchers using
	its keyword argument hash

2003-09-19  Balazs Scheidler  <bazsi@bzorp.balabit>

	* backported from HEAD:
	
         * lib/pysockaddr.c: fixed a problem in gethostbyname_r workaround
	code, the Python interpreter was not correctly locked while
	constructing the Python error object

2003-09-17  Szalay Attila  <sasa@mochrul.balabit>

	* Bumped to version 2.0.5.12

	* Backported from commercial version:

	* Allways create new python thread.

	* lib/packsock.c: handle when recvmsg return with EINTR.

	* Actualize examples.

	* Really stop using buggy gethostbyname_r function.

2003-08-21  Szalay Attila  <sasa@mochrul.balabit>

	* Install NEWS file instead of ChangeLog

	* Bumped to version 2.0.5.10

	* Doesn't use gethostbyname_r because of mem leaking.

2003-08-19  Szalay Attila  <sasa@mochrul.balabit>

	* Bumped to version 2.0.5.9

2003-08-01  Szalay Attila  <sasa@mochrul.balabit>

	* pylib/Zorp/Proxy.py (Proxy.__destroy__): Bugfix. Destroy server_fd if 
proxy doesn't picked it.

2003-07-02  Szalay Attila  <sasa@mochrul.balabit>

	* zorp-modules now depends on exact version of zorp.

2003-06-23  Szalay Attila  <sasa@mochrul.balabit>

	* Set SO_BRADCAST socket option.

	* Make connection tracking reference counted.

2003-06-16  Szalay Attila  <sasa@mochrul.balabit>

	* Bumped to version 2.0.4

	* pylib/Zorp/Chainer.py: bugfix, do not save the current protocol
	identifier in self as the same service might be used for both TCP
	and UDP sessions

2003-06-02  Szalay Attila  <sasa@mochrul.balabit>

	* Backport fixes from commercial version:

	* pylib/policy.boot: Bugfix. Remove importing Zorp.Auth

	* lib/plugsession.c: Bugfix. Use correct buffer.

2003-05-29  Szalay Attila  <sasa@mochrul.balabit>

	* pylib/Zorp/Proxy.py: Bugfix. Prefix session.session_id with self.

2003-05-28  Szalay Attila  <sasa@mochrul.balabit>

	* Accept root in --uid option

	* InbandRouter now accept forge_addr parameters

	* Doesn' raise exception when error occured resolving hostnames

	* Change zorp pid files to /var/run/zorp

	* Check if SockAddr is really an IP address.

	* Allow threads when attach start.

	* Doesn't use connection tracking timeout. (proxy will timeout)

	* Correctly check libssl 0.9.7

2003-05-09  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0.3.1

	* lib/tpsocket.c (z_tp_autobind): fix problem with already bound
	sockets

2003-01-21  Balazs Scheidler  <bazsi@balabit.balabit>

	* commercial backport:

	* acconfig.h: renamed ZORPLIB_ENABLE_IPV6 to ENABLE_IPV6

	* configure.in: bumped version number to 2.0rc2

	* doc/man/instances.conf.5, doc/man/zorp.conf.5,
	doc/man/zorpctl.8: updated docs

	* lib/attach.c: added z_session_enter/z_session_leave

	* lib/plugsession.c (z_plug_session_query_bandwidth):
	initialize bandwidth to 0.0


	* lib/dispatch.c: changed z_sockaddr_buf declarations to use
	MAX_SOCKADDR_STRING

	* lib/fastpath.c: -"-

	* lib/pysockaddr.c: -"-, implemented z_py_zorp_sockaddr_clone()

	* lib/tpsocket.c (z_tp_listen): removed an erroneous error message

	* lib/zorp.c (z_log_set_fake_session_id): changed the
	implementation so it does not use pycfg as it is removed

	* lib/zpython.c: removed ipchains support

	* pylib/Zorp/Chainer.py: added port 0 support for DirectedRouter

	* scripts/zorpctl.in: completely reorganized

	* zorp/main.c: invalid arguments are reported (and zorp exits)

2002-11-18  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/plugsession.c: backported packetstats support from the commercial branch

2002-11-12  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pyfastpath.c: implemented TransparentRouter fastpath

	* pylib/Zorp/Router.py: use TransparentRouter fastpath

	* lib/pyfastpath.c: fixed log output, do not try to format a
	sockaddr if it is NULL

	* lib/pyproxy.c (z_py_zorp_proxy_check): new function, returns
	TRUE if the given Python object is a PyProxy

	* lib/fastpath.c (ZProxyFastpath, ZProxyFastpathSession): new
	structs, reorganized fastpath, in addition to a ZConnection a
	ZProxyFastpathSession is used to alter local/remote addresses on
	the fastpath (router, snat/dnat, chainer)

	* lib/pyfastpath.c, lib/zorp/pyfastpath.h: new files, separated
	python specific functions from fastpath.c

	* configure.in: bumped version number to 2.0pre20

2002-11-11  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre19

	* lib/attach.c: call z_conntrack_socket_start once the connection
	has been initialized

	* lib/conntrack.c: split z_conntrack_socket_new into
	z_conntrack_socket_new and z_conntrack_socket_start, the latter
	adding the allocated streams to the Conntrack poll loop, this
	fixes a race in attach
	(z_conntrack_packet_in): call z_conntrack_socket_start()

	* pylib/Zorp/Proxy.py: fixed session_id of stacked proxy streams
	(instead of the parent proxy type, use the newly stacked proxy
	name)

	* lib/satyr.c: fixed a memory leak (session_id was allocated and
	was not freed), fixed session_id semantics

	* lib/proxy.c (z_proxy_stack_proxy): fixed a stream reference
	leak, the stacked stream was leaked
	(z_proxy_get_addresses): API change, new argument protocol where
	the protocol used by this session is returned

	* lib/pyproxy.c: instead of calling z_proxy_free, call z_proxy_unref

	* lib/proxy.c: added reference counting (z_proxy_ref, and
	z_proxy_unref functions), added new proxy state PS_DESTROYING
	which is set if z_proxy_destroy is called

	* lib/plugsession.c, lib/zorp/plugsession.h: added plugsession
	implementation here, so both pssl and plug can use it

2002-11-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/proxy.c (z_proxy_stack_proxy): fix channel naming

	* pylib/Zorp/Service.py (startInstance): set client stream name
	here

	* pylib/Zorp/Proxy.py (Proxy): changed __init__ syntax, it doesn't
	expect a name parameter anymore, it is expected to be set by the
	class statement (e.g. it must be a class defined attribute) all
	proxies were updated accordingly

	* configure.in: bumped version number to 2.0pre17 (pssl2 proxy
	fix)

	* configure.in: bumped version number to 2.0pre16

	* pylib/Zorp/Chainer.py: changed server_addr to server_address in
	log message

	* lib/proxy.c (z_proxy_connect_server_fast_event): added a log
	message about the result of the connection establishment
	
	* lib/fastpath.c: fixed a couple of issues on the fastpath, it
	should really work now

	* lib/connection.c (z_connection_destroy): free conn->bound

	* lib/attach.c (z_attach_tcp_callback): fill conn->bound

2002-11-06  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/proxy.c (z_proxy_get_addresses): added new argument which
	returns the listener address which launched this proxy

	* configure.in: bumped version number to 2.0pre15

	* pylib/Zorp/Session.py: new attribute called 'protocol', used for
	protocol autodetection

	* pylib/Zorp/Dispatch.py: store the protocol as it is needed later
	for protocol autodetection

	* pylib/Zorp/Chainer.py (ConnectChainer): support protocol
	autodetection (defaults to the client side protocol unless
	explicitly overridden)

	* lib/pydispatch.c (z_py_zorp_dispatch_accept): handle the case
	when conn == NULL (reset during accept for example)

2002-11-05  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre14 (identical to
	pre13, but binary linked against 0.0.2 of liblicense)

	* configure.in: bumped version number to 2.0pre13

	* lib/packsock.c: if the local address is not specified for a
	connection, first determine a suitable local address based on the
	routing table (involves an ugly connect-unconnect-reconnect phase)

	* configure.in: bumped version number to 2.0pre12

	* lib/packsock.c: autobind socket even if local address is not present

	* configure.in: bumped version number to 2.0pre11

	* lib/packsock.c: added a couple of log messages in error conditions

	* lib/packsock.c: the netfilter implementation did not return GIOStatus, fixed

	* configure.in: bumped version number to 2.0pre10

2002-11-04  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/connection.c (z_connection_format): handle conn == NULL

	* zorp/main.c: z_license_init API was changed, adapted main.c
	accordingly

	* lib/zorp/Makefile.am: killed unneeded files

	* lib/satyr.c (z_satyr_destroy): don't call g_string_free if
	self->username is NULL (fixes bug 231)

2002-11-03  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Matcher.py: added docstrings (fixes bug id: 188)
	
2002-10-31  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre9

	* dispatch.c (z_dispatch_entry_free): don't call
	self->data_destroy when it is NULL

	* configure.in: bumped version number to 2.0pre8

	* lib/dispatch.c (z_dispatch_register): fixed the case when
	dynamic port allocation was requested, the entry is associated
	with the allocated port not the requested one (which is always 0)

	* configure.in: bumped version number to 2.0pre7

	* lib/attach.c: added a log message on established connections,
	(z_attach_free): check if self->c.connect is NULL, and don't free
	it, if it is

	* added a couple of missing copyright headers

	* configure.in: bumped version number to 2.0pre6

2002-10-30  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre5

	* pylib/Zorp/Auth.py (InbandAuthentication): fixed some bugs,
	adapted to the new auth mechanism

	* lib/proxyvars.c: moved a couple of z_enter()/z_leave() pairs to
	the correct place

	* lib/authprovider.c: fixed a couple of bugs in the simple
	password checking mechanism (for inband authentication)

2002-10-28  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre4, changed min
	required zorplibll version to 1.5.49

	* lib/dispatch.c: get the original destination with
	z_getdestname() instead of z_getsockname

	* lib/tpsocket.c: split z_getsockname implementation into two:
	z_getsockname and z_getdestname, z_getsockname is used by
	dispatch, the other everywhere else

	* configure.in: bumped version number to 2.0pre3

2002-10-28  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Router.py: -- || --

	* pylib/Zorp/Receiver.py: -- || --

	* pylib/Zorp/NAT.py: -- || --

	* pylib/Zorp/Listener.py: -- || --

	* pylib/Zorp/Domain.py: -- || --


	* pylib/Zorp/Chainer.py: -- || --

	* pylib/Zorp/Auth.py: Write machine parseable parameter description.

	* lib/packstream.c: handle setting nonblock parameters in packet
	streams.

	* lib/dispatch.c: Insert z_enter and z_leave calls in functions.

	* lib/authprovider.c: New function to check username/passwd in one
	call. Needed for proxys.

	* lib/attach.c: Bugfix. Check self->c.connect instead of connect

2002-10-25  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre2

	* lib/attach.c (z_attach_free): fixed two leaks
	(self->connected_cond and self->connected_lock was not freed),
	(z_attach_block): refer to self while waiting for the connection
	to establish

	* lib/proxyvars.c (z_proxy_var_register): support a free function
	for custom types

2002-10-24  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/tpsocket.c: bugfix, try getting the NATed destination first

	* lib/license.c: bugfix, do not insert a local variable into the
	hash

	* pylib/Zorp/Listener.py, pylib/Zorp/Dispatch.py: fixed ZoneListener & CSZoneListener

	* lib/sysdep.c: report sysdep_tproxy value

2002-10-24  Szalay Attila  <sasa@balabit.hu>

	* lib/pyproxy.c (z_py_zorp_proxy_check_license): Bugfix. Set
	default return value to TRUE

	* lib/packstream.c (z_stream_packet_write_method): Write data dump.

2002-10-22  Balazs Scheidler  <bazsi@balabit.balabit>

	* debian/rules: added debfiles target to automatically generated
	filelists based on included modules

	* lib/satyr.c: call z_ssl_session_unref() instead of
	z_ssl_session_destroy()

	* pylib/Zorp/Router.py: refer to client_local instead of client_dest

	* pylib/Zorp/Session.py: removed client_dest, its value is in
	client_local now,
	(Session.destroy): close client & server stream if present (called
	when an error occurs)

	* pylib/Zorp/Dispatch.py: removed license limit verification (it
	was moved to C), changed the accepted() member function to match
	the way it is called from C

	* lib/zpython.c: new variable PyExc_LicenseException

	* lib/pysatyr.c: raise PyExc_LicenseException instead of a string
	with the same value

	* lib/pyproxy.c: implemented licensed IP checking, currently
	supports only IPv4, and assumes a lot of things about the Python
	layer

	* lib/pypolicy.c: get a reference to Zorp.LicenseException to be
	able to raise a LicenseException from C (otherwise the raised
	exception would not be compatible with the Python except block)

	* lib/pydispatch.c: removed client_dest (its value is passed as
	client_local), added bound address as client_listen

	* lib/proxyvars.c (z_proxy_var_dump): don't dump OBSOLETE variables

	* lib/license.c (z_license_is_ip_permitted): new function,
	implementing IP counting in C

	* lib/dispatch.c: store the bound-to address in ZConnection, so
	proxies will know which address to bind their fast-path,
	(z_dispatch_bind_listener): handle the case when z_io_listen_new
	returns NULL (indicating an I/O error)

	* configure.in: ZORP_COMPILE_DATE is exported as YYYY/MM/DD to
	match the format in the license file

2002-10-18  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/tpsocket.c: support Z_SD_TPROXY_LINUX22 in initialization

	* lib/proxy.c (z_proxy_get_addresses): new function, fetches all
	session specific addresses

	* lib/license.c: added version 2.0 verification

	* lib/conntrack.c: save bound address

	* lib/attach.c: save original local address

	* lib/packsock.c (z_packsock_open): always enable SO_REUSEADDR on
	UDP sockets,
	(z_packsock_read): fixed return value (rc was overwritten)
	(z_packsock_init): support Linux 2.2 fallback

2002-10-18  Szalay Attila  <sasa@balabit.hu>

	* lib/packstream.c (z_stream_fd_ctrl_method): New
	function. Reflect to libzorpll changes.

2002-10-14  Szalay Attila  <sasa@balabit.hu>

	* First state of obsolate variable support. This type of variable,
	like alias point to other variable, but will be removed from next
	version.

2002-10-14  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/license.c (z_license_check_validity): fixed date comparison

	* pylib/Zorp/Service.py, pylib/Zorp/Zone.py, pylib/Zorp/Auth.py:
	use Globals module to store global information

	* pylib/Zorp/Globals.py: new module, all global python variables
	are stored here

	* lib/sysdep.c: removed old unused code, implemented run-time
	detection of kernel versions, z_sysdep_init calls z_packsock_init
	& z_tp_socket_init based on the detected version

	* lib/pyattach.c (ZorpAttach.start): raise an exception if an
	error occurs

	* lib/packsock.c: return GIOStatus in I/O functions, modified so
	it supports runtime fallback between kernels

	* lib/conntrack.c: packsock returns GIOStatus & GError **,
	modified conntrack accordingly,
	support for several packets at session startup

	* lib/attach.c: support for UDP remote addresses added,

2002-10-10  Szalay Attila  <sasa@balabit.hu>

	* lib/pyproxy.c (z_py_zorp_proxy_new): Bugfix. Return NULL if
	cannot load proxy.

	* zorp/main.c (z_version): Remove logging the state of
	packet-trace becouse it's removed.

2002-10-09  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pyattach.c: blocking functions now delegated to low level
	ZAttach

	* lib/fastpath.c: implemented ConnectChainer fastpath (parameter
	passing is still lacking...)

	* lib/connection.c (z_connection_free): renamed to z_connection_destroy

	* lib/attach.c (z_attach_block): new function, does blocking using
	condition variables (similarly what pyattach had)

	* lib/zorpthread.c: free the allocated thread state when the
	thread exits

	* lib/szig.c (z_szig_search): free the result of g_strsplit(),
	(z_szig_accept_callback): return a gboolean as that is now
	required by z_io_listen

	* lib/proxy.c (z_proxy_destroy): free fastpath state variables

	* lib/dispatch.c (z_dispatch_tcp_accept): fix memory leak, client
	address's refcount was incremented, thus it was never freed

	* lib/connection.c: fix two memory leaks (conn->stream was not
	unrefed, conn itself was not freed)

2002-10-08  Szalay Attila  <sasa@balabit.hu>

	* lib/dispatch.c (z_dispatch_equal): Bugfix. Use ZDispatchKey
	correctly in assert.

2002-10-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/dispatch.c: checked race against race conditions, the way
	state is freed is now unified between listeners and conntracks,

	* lib/conntrack.c (ZConntrack): added support for reference
	counts,
	(ZCTAcceptFunc): now returns a gboolean to indicate that no
	further connections should be accepted
	(z_conntrack_cancel): implemented this function (previously it was
	empty),

	NOTE: conntrack might still contain a race when the stream
	is removed from the poll, see comment in z_conntrack_cancel

2002-10-07  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 1.5.7

	* pylib/Zorp/Proxy.py: fixed up stream naming, it should now be
	consistent
	
	* pylib/Zorp/Dispatch.py: removed the constants ZD_PROTO_* (moved
	to Zorp.py), AbstractDispatch.__init__ is not protocol specific
	anymore

	* pylib/Zorp/Chainer.py: use Attach instead of Connect & Sender

	* lib/pysender.c, lib/pyconnect.c, lib/zorp/pysender.h,
	lib/zorp/pyconnect.h: removed files

	* lib/zpython.c (z_python_policy_init): removed initialization of
	connect and sender, a general interface called Attach is now used
	instead

	* lib/packstream.c: fixed a couple of messages here and there,
	session_ids are now correct, I/O messages were added

	* lib/fastpath.c: still broken, a blocking connect must be written
	(or added to ZAttach)

	* lib/dispatch.c (z_dispatch_chain_destroy): bugfix, free the lock
	instead of locking it,
	(z_dispath_entry_free): new function, as a ZDispatchEntry is freed
	at several different places,
	(z_dispatch_key_hash, z_dispatch_key_equal): use the new
	z_sockaddr_inet_check function,
	(z_dispatch_register): support wildcard addresses (when port
	number is 0)

	* lib/conntrack.c: cleaned up logging, now session_ids are more or
	less correct, a few messages might need to be added here and there

	* lib/connection.c (z_connection_free): new parameter named close,
	which specifies whether the stream needs to be closed

	* lib/attach.c (ZAttach): support for destroy_notify, mutex
	protected refcounting,
	(z_attach_get_local): new function
	(UDP support): still needs to be added

2002-10-02  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: added --autobind-ip parameter to usage screen

	* pylib/Zorp/Receiver.py, pylib/Zorp/Listener.py: made listener
	classes wrappers around Dispatcher, most of the code was removed4

	* pylib/Zorp/Dispatch.py: created ZoneDispatcher, CSZoneDispatcher

	* lib/connection.c, lib/zorp/connection.h: new files, separated ZConnection related functions to these files

	* lib/zorp.c: removed () from the default session_id

	* lib/tpsocket.c: added an additional check to verify dummy
	interface availability

	* lib/pysender.c: allow specifying session_id

	* lib/pydispatch.c: allow specifying session_id to be passed to
	low-level listeners

	* lib/packstream.c: cleaned up logging a bit

	* lib/packsock.c: implemented support for Linux 2.2 udp tproxy, it
	also works on an unpatched 2.4 kernel (runtime fallback still
	needs to be done)

	* lib/fastpath.c: renamed ZDirectedRouterStruct to
	ZDirectedRouterData, the same happened to
	ZSendChainerData. SendChainer now support specifying session_id

	* lib/dispatch.c: support returning the bound local address when
	registering a dispatch entry, correctly free a ZDispatchChain,
	removed ZConnection support functions, they were moved to a
	separate file

	* lib/conntrack.c: cleaned up a couple of messages, and logging

2002-09-25  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/conntrack.c (z_conntrack_packet_in): verify that
	z_conntrack_socket_new succeeeded (instead of SIGSEGV)
	(this time tested, and confirmed that conntrack seems to work for
	UDP protocols)

2002-09-24  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/conntrack.c: changed according to the new packsock interface

	* lib/packsock.c, lib/zorp/packsock.h: reworked packsock interface
	to be a little bit more generic. sockets are created by packsock,
	a clear distinction was made between listening and already
	established packsocks. (an established packsock is one which is
	bound & connected, a listening packsock is one which receives
	datagrams with unidirectional nat)
	implemented Netfilter 2.4 support

	* lib/packet.c, lib/zorp/packet.h: removed ZPacket->from and
	ZPacket->to,
	(z_packet_set_data): new function to initialize data holding
	members of a ZPacket

2002-09-20  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: added initialization of z_conntrack

	* pylib/Zorp/Dispatch.py, pylib/Zorp/Listener.py,
	pylib/Zorp/Receiver.py: don't pass self to MasterSession

	* pylib/Zorp/Session.py: MasterSession does not need 'starter' as
	its argument, the attribute with the same name was removed as well

	* pylib/Zorp/Chainer.py: don't use 'session.starter', as that
	attribute was removed (it uses a
	'session.service.proxy_class.tracker_name' instead, maybe a link
	between the current session and the current proxy instance would
	be needed (not trivial, as this means a circular reference)

	* lib/pysender.c: updated to the latest conntrack changes

	* lib/packstream.c: updated to the latest ZStream changes

	* lib/fastpath.c: the SendChainer fastpath was updated to the latest
	changes

	* lib/conntrack.c: changed conntrack to use a global poll, and a
	single thread, instead of a new thread for every conntrack (this
	lestens the connection between ZConntrack and ZCTSocket), protocol
	helper is now optional, defaults to a plug-like conntrack

2002-09-18  Szalay Attila  <sasa@balabit.hu>

	* Bumped to version 1.5.6

2002-09-17  Szalay Attila  <sasa@balabit.hu>

	* lib/pyconnect.c (z_py_zorp_connect_connected): Non blocking
	connect send stream to callback, not fd.

2002-09-17  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: added check for license validity at every 10000th
	iteration of the main loop

	* lib/pyreceive.c, lib/zorp/pyreceive.h: removed these files, the
	functions of Receivers will be implemented using the Dispatcher

	* lib/pysender.c: started to adapt to the new conntrack/dispatch
	architecture, but it's not working yet

	* pylib/Zorp/Dispatch.py: adapted to changed pysender.c

	* lib/pydispatch.c: adapted to dispatch.c parameter passing,
	python passes protocol specific parameters as a dictionary

	* lib/proxy.c (z_proxy_connect_server_fast_event): changed to use
	ZConnection instead of ZFastSession, the fast_chainer callback
	returns a ZStream instead of modifying ZFastSession directly
	(which is now a ZConnection),
	(z_proxy_add_fast_session): function removed,
	(z_fast_session_destroy): function removed

	* lib/packstream.c: reorganized & cleaned up, a ZPacketStream does
	not touch the data members of its pair, it calls a function
	instead (z_stream_feed & z_stream_fetch etc), closing a
	ZPacketStream is not synchronized any more, when one side closes
	the stream, the other side gets an EOF or EPIPE (read or write)

	* lib/packsock.c: adapted to new ZPacket structure

	* lib/packet.c: reorganized ZPacket a bit (still need to be
	cleaned up a bit though), removed ZPacket.packheader, its
	attributes were inlined to ZPacket

	* lib/license.c (z_license_verify_validity): new function, which
	verifies whether the loaded license is still valid (within the
	evaluation period)

	* lib/fastpath.c: ZFastSession was removed, changed to 
	ZConnection

	* lib/dispatch.c: protocol specific parameters are passed as
	ZConntrackParams, which is a union of ZConntrackTCPParams and
	ZConntrackUDPParams

	* lib/conntrack.c: removed proxy pooling code, it will be
	performed by the proxies, changed a couple of functions (to return
	GIOStatus for example), removed ZFastSession structure, it will be
	a common structure defined in dispatch.h (ZConnection)

2002-09-16  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Proxy.py (Proxy.stackProxy): Remove second argument
	from proxy_class becouse it isn't needed.

2002-09-12  Szalay Attila  <sasa@balabit.hu>

	* Revise log tags and level.

2002-09-11  Szalay Attila  <sasa@balabit.hu>

	* lib/tpsocket.c (z_tp_socket_init): Send modprobe command output
	to /dev/null

2002-09-05  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/conntrack.c: started porting to the new dispatch
	architecture
	(removed dependency between proxies and conntrackers, cleaned up
	identifiers, and removed a couple of unneeded attributes)
	
2002-09-04  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Dispatch.py: new file, python interface for dispatch.c

	* lib/pydispatch.c: python interface file for dispatch.c

	* lib/dispatch.c, lib/zorp/dispatch.h: new files which implement
	the new connection dispatching architecture, this system will make
	it possible to drop the dependency between Receivers and Proxyies
	and also allow to specify expected connections from within C

	* lib/zpython.c: initialize pydispatch.c

	* zorp/main.c: initialize dispatch.c

2002-09-03  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/conntrack.c (z_conntrack_new): renamed variable 'protocol'
	to 'tracker', the parameter tracker was renamed to 'tracker_name'

	* lib/conntrack.h (ZConnTrack): the field protocol was renamed to
	protocol_tracker, this change was applied at several places in
	conntrack.c

	* lib/zorp/proxy.h (ZFastConnection): renamed to ZFastSession,
	this structure will be killed once the new dispatch architecture
	is in place,
	(ZProxy): add_connection member function renamed to add_session,
	this pointer will also be killed once the new architecture is in
	place

2002-09-02  Balazs Scheidler  <bazsi@balabit.balabit>
	
	* lib/conntrack.c: continued cleanup of yeti's code. lot of
	unneeded variables and structure members were removed, the members
	in ZConnTrack and ZCTSocket were documented while learning the code

	* lib/zorp/conntrack.h (ZConnTrack): removed port, open, mutex,
	connpool, started members, bound address renamed from addr to
	bind_addr,
	(ZCTSocket): removed proto_data, proto_data_len members

	* lib/packsock.c: removed the limited z_packsock_setup()
	interface, will need something more sophisticated

2002-08-30  Szalay Attila  <sasa@balabit.hu>

	* lib/pysatyr.c (z_py_zorp_satyr_auth): Bugfix. Eliminate
	neverending cycle if communication error occur. (Memleak is
	possible)

2002-08-30  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Service.py: added variables default_router,
	default_chainer, default_snat, default_dnat, default_auth which
	hold default values for services, so those don't need to be
	explicitly given for each service

2002-08-28  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version to 1.5.5

	* lib/pyconnect.c (z_py_zorp_connect_block_method): return None if
	the connection fails, yeti: 3

	* pylib/Zorp/Service.py (Service.startInstance): set the name of
	the client stream as soon as the instance number of the proxy is
	available
	
	* pylib/Zorp/Receiver.py: removed the 1:1 enforced connection
	between receivers and services (the reason for the Session.starter
	change)
	
	* pylib/Zorp/Proxy.py (Proxy.stackProxy): set the name of the
	server stream as well

	* pylib/Zorp/Session.py: MasterSession has a new parameter
	'starter' where it expects a reference to the class that
	instantiated it (this might make policy reloading difficult)

	* pylib/Zorp/Connector.py (Connect.__init__): added a timeout
	argument which defaults to 30 seconds
	
	* pylib/Zorp/Chainer.py: make SendChainer able to determine
	required parameters automatically, without having to specify them
	(to make it easier for the user to use UDP based services)

	* lib/pyconnect.c, lib/pyconnect.c: instead of specifying a dummy
	name for streams, a zero length string is specified, which tells
	z_log() to log under the fake session id (or the session id
	associated to the current thread)

	* lib/proxy.c (z_proxy_stack_proxy): pass a stream to stackProxy
	(it was expected by the Python part, but not implemented in C)
	yeti: 2

	* lib/pylisten.c, lib/pyreceive.c: XDECREF returned result from
	callback, yeti: 1

	* pylib/Zorp/Router.py: make AbstractRouter parent class for all
	router classes, renamed setupFastPath to setupFastpath (the way it
	is referenced)

2002-08-27  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/proxyvars.c: added inclusion of proxy.h

	* lib/zorp/proxy.h: include proxyvars.h

	* lib/zorp/proxyvars.h: removed inclusion of proxy.h, forward
	declared struct _ZProxy

	* pylib/Zorp/Session.py (Service.__init__): removed a trailing
	comma from the session_id initialization, this caused
	session.session_id to become a tuple instead of a string
	(Service.__del__): call stopInstance only if service is not None

	* pylib/Zorp/Service.py: imported the services hash from the Zorp
	module

	* pylib/Zorp/Receiver.py: reordered arguments to match Listener

	* pylib/Zorp/NAT.py: renamed setupProxy to setupFastpath

	* pylib/Zorp/Core.py: import SendChainer as well

	* pylib/Zorp/Chainer.py: use the new log() syntax

	* lib/zorp/proxy.h: removed the definition of
	z_proxy_set_active_session (this function was renamed to
	z_proxy_vars_set_active_session)

	* lib/pyreceive.c: changed arguments order to be more similar to
	Listener

	* lib/pyproxy.c (z_py_zorp_proxy_new): expect 3 arguments instead
	of 4

	* lib/pyproxy.c: z_session_vars_new() was incorrectly named
	z_proxy_vars_session_new, fixed

	* lib/packstream.c: removed z_stream_packet_set_callback_method,
	and z_stream_packet_set_cond and referenced the functions in
	stream.c instead

	* lib/packsock.c: added a simple BSD only code which doesn't
	support transparency (now is used when ENABLE_NETFILTER_TPROXY is
	defined)

	* lib/fastpath.c: check if the passed Proxy instance has an
	underlying C Proxy as well (fixes a SIGSEGV), return NULL in case
	of an exception (instead of PyInt_FromLong(-1))

	* lib/conntrack.c: fixed some indentation issues

2002-08-26  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Router.py: renamed setupProxy to setupFastpath

	* pylib/Zorp/Receiver.py (SimpleReceive, Receiver, ZoneReceiver):
	reordered arguments, and defaulted some arguments to sane
	defaults, added a FIXME note about 1:N connection between services
	& receivers, added connection tracker autodetection, fixed license
	check, the client stream might not have been closed if the
	connection is over the license limit

	* pylib/Zorp/Zorp.py: renamed InternalError to InternalException

	* pylib/Zorp/Listener.py: returns None if connection is rejected
	instead of Z_REJECT, and return the proxy instance if accepted
	(made it similar to the UDP case)

	* pylib/Zorp/Chainer.py: renamed setupProxy to setupFastpath,
	changed to new log() semantics

	* lib/proxy.h: removed ctrack.h reference and added conntrack.h
	instead,
	(ZProxy): removed unused callbacks, changed macros z_proxy_var_new
	& z_session_var_new (adapted to new proxyvars structure, the proxy
	interface does not change)
	
	* lib/policy.h: added list handling primitives

	* lib/conntrack.h: removed reference to proxy.h and added forward
	declarations for ZProxy structures (to avoid circular inclusion of
	header files), added reference to packet.h
	
	* lib/zpython.c: removed reference to pyctrack.h

	* lib/pyreceive.c: renamed proto argument to tracker

	* lib/pylisten.c (z_py_zorp_listen_accept): expect the return
	argument to be either None (if an error occurs), or the proxy
	instance, the same semantics is used by UDP proxies

	* lib/proxyvars.c: renamed from pyvars.c, made the interface a
	less Python dependant, Z_TYPE_METHOD requires a new argument,
	otherwise ZProxy dependancy was removed, introduced ZSessionVars
	to aid UDP session variables, renamed ZPySessionVars to
	ZSessionVars

	* lib/proxy.c: include proxyvars.h instead of pyvars.h, adapted to
	the reworked pyvars interface (now renamed to proxyvars),
	(z_proxy_set_active_session): removed, moved to proxyvars.c and
	renamed to z_proxy_vars_set_active

	* lib/packsock.c: removed a refernce to old header file ctrack.h

	* lib/conntrack.c (z_conntrack_new): renamed proto argument to
	tracker, to indicate what it really means

2002-08-23  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/packsock_22.c & lib/packsock_wasteful.c: merged, created a
	linux22 specific and a netfilter specific ifdef, changed the
	tproxy implementation to be linux22 specific (uses MSG_PROXY flag
	instead of recvmsg), the same things will be copied to the
	netfilter specific code	

	* lib/ct_tproxy.c & lib/ct_wasteful.c: merged to one conntrack.c
	based on wasteful as generally the one fd per UDP session will be
	used

	* lib/packstream.c: handle the timeout value -1 (it was not
	handled before) , some minor typos were fixed,
	(z_stream_packet_read_method): initialize shift to 0 when a
	partial packet is read and a new packet is fetched

	---

	* zorp/main.c: updated --version output

	* pylib/Zorp/Service.py (Service.startInstance): removed type
	argument

	* pylib/Zorp/Proxy.py (Proxy.__init__): removed type argument as
	it is not needed anymore,
	(DatagramProxy): removed

	* lib/sysdep.c, lib/tpsocket.c: changed according to new defines
	by configure.in

	* integrating and cleaning up yeti's conntrack code, new files:
	ct_tproxy.c, ct_wasteful.c, packsock_22.c, packsock_wasteful.c,
	packstream.c, packsock.h, packstream.h)

	* configure.in: cleaned up, tproxy settings can now be specified
	with --enable-tproxy=[method], deprecated configure options are
	reported as such

2002-08-22  Balazs Scheidler  <bazsi@balabit.balabit>

	* scripts/zorpctl.in: resource limits are checked only if zorpctl
	start is issued

	* pylib/Zorp/Proxy.py (Proxy.__destroy__): instead of calling
	self.auth.stopSession, reference auth as self.session.auth (fixes
	a bogus error message when the authentication is not successful)

2002-08-21  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Router.py: handle the case when dest_addr.port == 0,
	and use the original client destination port instead

2002-08-22  Szalay Attila  <sasa@balabit.hu>

	* Start to reimplement UDP handling.

2002-08-05  Szalay Attila  <sasa@balabit.hu>

	* Bumped to version 1.5.3

	* Finish zas integration.

2002-07-31  Balazs Scheidler  <bazsi@balabit.balabit>

	* scripts/zorpctl.in: added further ulimit checks

2002-07-30  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/io.c: modified to call z_getsockname and z_listen (for 2.4
	kernel support)

	* lib/socket.c, lib/tpsocket.c, lib/zorp/socket.h,
	lib/zorp/tpsocket.h: new files, implementing support for netfilter
	tproxy

	* configure.in: added --enable-netfilter-tproxy switch

2002-07-29  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: move z_free_queue_init earlier during
	initialization (required by z_szig_init)

	* pylib/Zorp/Connector.py: specify 30 as default timeout for
	connection establishment

	* lib/szig.c: fixed bug which caused segfault when szig was
	initialized and the required directory was not found

	* lib/pyconnect.c: implemented Connect timeout

2002-07-23  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Zone.py (Zone.setAddrParent): bugfix, store parent in
	addr_parent (stored a reference to self instead), caused no
	problems as addr_parent has not been used yet

2002-07-16  Szalay Attila  <sasa@balabit.hu>

	* Bumped to version 1.5.2

	* Set all proxys, to use z_zorp_thread_new. A wrapper around
	z_thread_new to set the working threads number.

	* Implement Simple Zorp Imformation Gathering.

2002-07-15  Balazs Scheidler  <bazsi@balabit.balabit>

	* updated debian/rules (now supports ZORP_DEBUG, and inserted
	netfilter specific configure options)

2002-07-10  Szalay Attila  <sasa@balabit.hu>

	* Bumped to version 1.5.1

	* zorp/main.c (z_dump_maps): Forward ported function, to log maps
	when fatal signal arrived.

2002-07-01  Balazs Scheidler  <bazsi@balabit.balabit>

	* proxy.c (z_proxy_destroy): fixed pyvars freeing

2002-06-26  Balazs Scheidler  <bazsi@balabit.balabit>

	* fixed a couple of -W triggered warnings

2002-06-24  Balazs Scheidler  <bazsi@balabit.balabit>

        * pylib/Zorp/Router.py: added overrideable parameter for
        DirectedRouter and TransparentRouter

        * lib/pylisten.c: do not explicitly close fds passed to Python
        except when an exception occurs during accepted callback, forward
        ported a listener race fix (instead of XDECREFing in destroy
        immediately we do this in a freeq callback)

        * pylib/Zorp/NAT.py: fixed default_reject reference in OneToOneNAT
        & OneToOneMultiNAT, forwardported HashNAT

        * lib/pyvars.c: forward ported config dump

        * lib/pysockaddr.c (z_py_zorp_gethostbyname): added support for
        Sun gethostbyname_r, check if the returned hostentry is NULL

	* zorp/main.c: make auto_bind_ip configurable from the command line

	* lib/tpsocket.c: compile in netfilter specific parts only if
	ENABLE_NETFILTER_TPROXY is defined
	
	* lib/tpsocket.h: add extern char *auto_bind_ip

2002-06-19  Szalay Attila  <sasa@balabit.hu>

	* First try of new authentication. Now with a lot of FIXMEEE

2002-06-13  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Zone.py (RootZone.__init__): Bugfix. Permitting "*"
	service if old style outbound_services is used.

2002-06-12  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Chainer.py: handle all exceptions that might occur
	during Connect()

2002-06-07  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/tpsocket.c, lib/pyconnect.c, lib/pylisten.c: reorganized
	tpsocket support so SockAddrInetRange works properly (global
	function pointers to socket handling functions)

2002-06-06  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/tpsocket.c: call IP_TPROXY_ASSIGN even if we bound to a
	local address (so -m tproxy matches)

2002-06-02  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/tpsocket.c: added a few trace messages; enable CAP_NET_ADMIN prior to calling tproxy functions

2002-05-31  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/zorp/nfiptproxy-kernel.h: new file, a copy of the interface
	file <linux/netfilter_ipv4/ip_tproxy.h>

	* lib/pyconnect.c, lib/pylisten.c: use tpsocket instead of simple
	sockets to support transparency

	* lib/tpsocket.c, lib/zorp/tpsocket.h: socket supporting
	transparent proxying for use by listeners and connectors

2002-05-24  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/sysdep.c: moved from zorp-lib back to here

2002-05-21  Balazs Scheidler  <bazsi@balabit.balabit>

        * lib/pylisten.c: fixed a race condition occurring when destroy
        was called (setting self->handler to NULL), and our callback has
        already entered (didn't check self->handler to NULL)

2002-05-14  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/license.c (z_license_load): correctly close the license file
	in all cases

        * lib/pypolicy.c: added /*NOLOG*/ clauses to two log messages

        * pylib/Zorp/Core.py: added imports OneToOneNAT, RandomNAT,
        StaticNAT, OneToOneMultiNAT

        * lib/zpython.c: changed log() function to accept a new argument,
        which specifies the session_id, remains compatible with the old
        interface by checking the number of arguments

        * pylib/Zorp/*.py: changed log() invocations to the new interface

        * pylib/Listener.py: added session_id to messages

2002-05-06  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Listener.py (CSZoneListener): New class. Ths Listener
	class is capable to select service based on client and server
	zone.

	* pylib/Zorp/Conntrack.py (AbstractTracker.connectServer):
	Bugfix. Set local to self.session.client_local.

	* pylib/Zorp/NAT.py (ForgeClientSourceNAT): Flag
	ForgeClientSourceNAT as Obsolete.

2002-05-02  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Session.py (setServer): new argument local_addr, for
	specifying outgoing source address, defaults to None

	* pylib/Zorp/Chainer.py: call SNATs with session.server_local as
	addr, to avoid having to look into the session for addresses to
	translate

	* pylib/Zorp/Router.py: added forge_addr arguments to __init__
	constructors, and support for setting the outgoing source address

2002-04-26  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Chainer.py: added docstrings to FailoverChainer and
	SideStackChainer

2002-04-19  Szalay Attila  <sasa@balabit.hu>

	* Finish set COPYRIGHT header.

2002-04-10  Szalay Attila  <sasa@balabit.hu>

	* Finish glib2.0 compatibility.

	* lib/ctracker.c (z_tracker_write): Bugfix. Return with NULL if
	value NULL

2002-02-13  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Session.py (setServer): handle the case where addr is
	a tuple

2002-02-11  Balazs Scheidler  <bazsi@balabit.balabit>

 	* src/pysockaddr.c (z_py_gethostbyname): fixed the gethostbyname_r
	call (instead of checking the value returned in error, check its
	return value)

2002-01-23  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Zone.py: reverted __str__ not to quote the IP address
	of the zone

	* pylib/Zorp/NAT.py: made OneToOneNAT finally work

	* pylib/Zorp/Router.py: use session.setServer instead of
	manipulating session.server_address directly

2002-01-10  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Chainer.py (connectServer): fixed a typo, changed an
	`or' to `and'

2002-01-10  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/log.c: include <time.h> instead of <sys/time.h> so it works on
        woody too

	* pylib/Zorp/Core.py: handle import errors when Conntrack is not enabled

2002-01-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Conntrack.py: supply nat_type arguments to calls to
	NAT code,
	pylib/Zorp/Chainer.py: -"-

	* pylib/Zorp/NAT.py (AbstractNAT.performTranslation): added
	nat_type argument which tells the nat object which translation it
	is used in (snat or dnat)

	* lib/pysockaddr.c: use gethostbyname_r instead of simple
	gethostbyname to help concurrence, fixed a bug in the fallback
	getbostbyname version

	* configure.in: added check for gethostbyname_r

2002-01-04  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: removed explicitly enabling core dumps

	* pylib/Zorp/Zorp.py: fixed typo (AuthException)

	* lib/pypolicy.c: changed exception handling a bit, earlier a
	detailed traceback of each exception was dumped, now string exceptions
	are simply reported as an error message to avoid ugly tracebacks

	* lib/proxy.c: added session_id arguments to z_policy_call

	* lib/ctracker.c: added session_id arguments to z_policy_call

	* lib/authorization.c: added session_id arguments to z_policy_call

2002-01-03  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: removed message about the creation of the pidfile

2002-01-02  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Chainer.py (AbstractChainer): supply a default
	__init__ method,
	(FailoverChainer): call inherited __init__,
	(SideStackChainer): new class

	* pylib/Zorp/Proxy.py (Proxy): supply a default config() method,
	(Proxy.chainParent): change behaviour if Chainer is not defined
	(not currently used), if server_stream is defined return it
	intact, if server_fd is defined create a stream and return it,
	otherwise raise an exception

	* pylib/Zorp/Zorp.py: import socket related constants from socket
	module instead of defining our own (more portable)

2001-12-20  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Proxy.py: if resolving a hostname fails, report it in
	the logs

	* pylib/Zorp/Chainer.py: new class FailoverChainer

	* zorp/main.c: call z_log_destroy as it was not called

	* lib/log.c (z_log_destroy): close stderr-syslog pipe so the
	stderr reading thread quits

	* pylib/Zorp/Auth.py: set auth_info based on whether we
	authenticated from the cache, or really from satyrd

	* pylib/Zorp/Proxy.py: added auth_info argument to userAuthenticated

2001-12-20  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Chainer.py: do not report "Server connection
	established" with fd == -1, if the connection failed,

	* pylib/Zorp/Auth.py: new class AuthCache which implements
	authentication caching for protocols like HTTP,
	AbstractAuthentication: added auth_cache as argument to __init__,
	SatyrAuthentication: added auth_cache as argument to __init__,
	implemented caching in performOutbandAuth

2001-12-20  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Proxy.py: handle IOError in setServerAddress to avoid
	exceptions on unknown hostnames

	* pylib/Zorp/Chainer.py: handle session.server_address == None case

2001-12-18  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Zorp.py: added AF_INET6 symbol

	* pylib/Zorp/Zone.py: new class Inet6Zone

	* pylib/Zorp/Domain.py: new class Inet6Domain

	* pylib/Zorp/Core.py: conditionally import ipv6 symbols

	* lib/sockaddr.c: support IPv6 socket addresses

	* lib/pysockaddr.c: export inet_ntop & inet_pton, and SockAddrInet6

	* configure.in: added --enable-ipv6 option (defines ENABLE_IPV6
	cpp symbol)

2001-12-17  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/zorp/proxy.h, lib/zorp/log.h: changed function prototypes not to use C++
	reserved words.

2001-11-20  Szalay Attila  <sasa@balabit.hu>

	* Rewrite inbound az outbound_services. Use
	permitted/inherited/effective triple.

2001-11-05  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c (main): handle SIGTRAP and ignore it

	* pylib/Zorp/NAT.py (AbstractNAT.__init__) new function

        * configure.in: define HAVE_PR_SET_KEEPCAPS if PR_SET_KEEPCAPS is
	present
	
        * zorp/main.c: fixed prctl() problem which prevented Zorp to run
	as non-root
	
2001-10-15  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Zone.py (RootZone.getName): new function. Get the zone real name.

2001-10-15  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: handle SIGHUP

2001-10-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/log.c (z_send_syslog): check return values of write() more
	strictly

2001-10-04  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Session.py: set fd_close attribute to TRUE by default

	* pylib/Zorp/Listener.py: fixed ZoneListener

	* pylib/Zorp/Core.py: added import of ZoneListener

2001-10-02  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/log.c: use our own log writer to send syslog messages

2001-09-25  Szalay Attila  <sasa@balabit.hu>

	* lib/ctrackrouter.c (z_conntrack_router_newfd_with_data): Enable
	late connecting. (Only connect when the first packet is arrived.

2001-09-24  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/license.c: accept expired certificates on licenses

2001-09-21  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: moved sigusr1 & sigusr2 handlers to the main loop
	(so the race between the handler and the core doesn't occur)

2001-09-17  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Listener.py: accept -1 as unlimited in host count checking

2001-09-16  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: added --chroot argument to Zorp

	* lib/log.c: dup fds prior to starting stderr thread,
	handle cases when the stderr pipe cannot be opened by fdopen()

	* pylib/Zorp/Proxy.py: authenticate users only if no
	authentication was performed previously

2001-09-13  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pyconnect.c (z_py_zorp_connect_connected): fixed a possible
	deadlock when z_io_connect_start immediately calls its callback

	* lib/io.c (z_io_connect_start): do not call callback if
	z_connect() fails, return NULL instead

2001-09-10  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pyvars.c (z_pyvar_string_free, z_pyvar_sockaddr_free): new
	functions, pyvars now frees registered variables automatically

2001-09-07  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c (z_enable_core): new function,
	(z_fatal_signal_handler): ensure coredumping by killing our
	process after reporting the signal

2001-09-06  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Auth.py (AbstractAuthentication.performAuth): new
	method, which performs authentication callable from Proxy.__config__

	* pylib/Zorp/Proxy.py (Proxy.__config__): moved generalized auth
	here (inband & outband merged)

	* pylib/Zorp/Service.py: removed Satyr authentication and moved to
	Proxy, since it blocked the main thread (while a user was
	authenticating nobody else could do so, and no sessions could be
	started either)

2001-09-04  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/proxy.c (z_proxy_destroy): free up thread state (caused a
	leak during operation, it was freed only at the end of the
	program)

2001-09-03  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/satyr.c (z_satyr_destroy): didn't unref sockaddr if the
	connection to the satyrd wasn't successful

	* pylib/Zorp/Auth.py: authorization dbs are named just like
	services, so no python variables are needed to assign authentication
	to authorization,
	changed TISAuthorization -> TISAuthorization & ZASAuthorization, the
	latter using the extended authentication protocol

	* lib/zorp/policy.h (z_policy_var_parse_tuple): new macro
	corresponding to PyArg_ParseTuple

2001-08-28  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: merged signal handlers into a single function

	* lib/memtrace.c, lib/zorp/memtrace.h: new files, implementing a simple
	& fast memory consistency checker (as a side effect it can help debug
	leaks as well)

2001-08-24  Balazs Scheidler  <bazsi@balabit.balabit>

	* scripts/zorpctl.in: added zorpctl status

	* lib/pysatyr.c: check for "satyr" licensed-option

	* lib/license.c (z_license_is_option_permitted): new function, checks
	if the given option is licensed

2001-08-21  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Conntrack.py: wrote docstring

	* pylib/Zorp/Auth.py (performInbandAuth): refer to
	auth_inband_supported instead of inband_auth_supported to reflect
	name change
2001-08-21  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Core.py: Import receiver and AbstractTracker.

	* lib/misc.c (z_port_enabled): New function. Return TRUE if the
	given port is in a portrange.

2001-08-21  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pyvars.c (z_pyvar_alias_get, z_pyvar_alias_set): implemented
	alias support for exported variables

	* zorp/main.c (z_dump_backtrace): fixed format string to avoid gcc
	warnings

2001-08-16  Szalay Attila  <sasa@balabit.hu>

	* lib/readline.c: Put z_enter and z_leave into every function.
	(z_read_line_get_copy): Return error when readed line is bigger
	than buffer

2001-08-14  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Zorp.py: added error checking to init(), so undefined
	instances are reported as such instead of an exception

2001-08-11  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Listener.py, lib/io.c, lib/pyconnect.c: implemented backlog parameter to Listener

	* lib/io.c, lib/pyconnect.c: fixed some might-be-races in the hope
	it fixes a SIGSEGV problem

2001-08-09  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/log.c (z_log): save errno prior to writing a messages to avoid
	clobbering its value

	* lib/stream.c: removed errno saving, as it is now implemented in
	z_log()

2001-08-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/license.c: added default options if a license file is not
	available (3 different ips), added checking for validity periods

	* pylib/Zorp/Listen.py: readded license check

	* lib/io.c: added z_enter/z_leave pairs

2001-08-08  Szalay Attila  <sasa@balabit.hu>

	* lib/log.c (z_logv): If ENABLE_TRACE and log_tags are both TRUE
	log thread id fo debugging.

2001-08-03  Szalay Attila  <sasa@balabit.hu>

	* lib/readline.c (z_read_line_get): If not setted ZRL_TRUNCATE,
	return error when input line is too long.

2001-07-31  Szalay Attila  <sasa@balabit.hu>

	* zorp/main.c (z_sigusr1_handler): New function. Grow the verbose
	level woth one on a USR1 signal
	(z_sigusr2_handler): - || - 

	* lib/dimhash.c (z_dim_hash_table_makekey): Bugfix. When examine
	key parts it was look every time the first key.

2001-07-26  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Proxy.py: proxies should not be able to override
	address set by DirectedRouter

2001-07-12  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Service.py: fixed a typo, AddClient renamed to addClient

2001-07-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/NAT.py (OneToOneNAT): new attribute/parameter
	default_reject, controls whether IP addresses outside the given
	range should be rejected, or returned unmodified.

2001-06-28  Szalay Attila  <sasa@balabit.hu>

	* lib/pyvars.c (z_py_zorp_dimhash_subscript): Change String a
	Tuple recognization sequence.

	* pylib/Zorp/Listener.py (Listener.accepted): Use exported
	Licenseed Number value

2001-06-22  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Matcher.py: new module implementing general string
	matcher to be used by URL filtering

2001-06-21  Balazs Scheidler  <bazsi@balabit.hu>

	* scripts/zorpctl.in: check permissions of $sysconfdir and fail if
	permissions are higher than needed.

2001-06-12  Balazs Scheidler  <bazsi@balabit.hu>

	* configure.in: bumped version number to 0.9.2

	* pylib/Zorp/Service (Service.__init__): added auth_name parameter

	* pylib/Zorp/Auth.py (SatyrAuthentication.performOutbandAuth): use
	service.auth_name instead service.name

	* lib/zpython.c (z_python_init): fixed PYTHONPATH setting, Zorp
	now doesn't require PYTHONPATH prior to startup.

	* lib/zpython.c (z_py_get_license_value): new function to return
	license hash contents (exported to Python as getLicenseValue)

	* lib/license.c: use ZORP_CONFIG_DATE instead of __DATE__ when
	reporting startup license date

	* configure.in: added ZORP_CONFIG_DATE define, contains configuration
	date

2001-06-07  Szalay Attila  <sasa@balabit.hu>

	* lib/pyreceive.c (z_py_zorp_receive_new_instance): Bgfix. Explain
	when cannot bind to given address.

2001-06-06  Szalay Attila  <sasa@balabit.hu>

	* lib/dimhash.c: Remove allocating memory. Use preallocated stack
	place.

	* lib/ctracker.c (int_to_str): Change snprintf to self create
	procedure.

2001-05-30  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/NAT.py: implemented OneToOneNAT, RandomNAT classes

	* lib/zorp/log.h (z_llog): declared z_llog() as a printf-style
	function

	* lib/stream.c: check z_log_enabled() prior to generating the
	packet dump

	* lib/log.c (z_log_enabled): new function for checking whether a
	given class/verbosity message will get to the logs, thus we can
	check whether to format an expensive message

2001-05-29  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/dimhash.c: z_dim_hash_key_free() new function, frees up a
	dimhash key array,
	(z_dim_hash_table_search): fixed allocation of saved key array

	* lib/pyvars.c (z_py_zorp_dimhash_unref_items): free key as well
	(FIXME: freeing this key should really be done in dimhash itself),
	(z_py_zorp_dimhash_subscript, z_py_zorp_dimhash_ass_subscript):
	free allocated key

	* lib/threads.c (z_thread_init): added support for idle_threads, 
	zorp defaults to max_threads * 0.1 idle threads
	
	* lib/zpython.c (z_python_init): PYTHONPATH setup uses the environment
	variable as well (to make it possible to override built in setting)

	* zorp/main.c: added inclusion of <zorp/sysdep.h>, added support for
	--idle-threads parameter

2001-05-28  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/zpython.c: set PYTHONPATH automatically (overriding the value
	specified in the environment)

	* configure.in: added test for getopt_long and getopt.h

2001-05-16  Szalay Attila  <sasa@balabit.hu>

	* lib/dimhash.c (z_dim_hash_table_rec_search): Reorganize dimhash
	search. (C) Kovacs Krisztian

2001-05-11  Balazs Scheidler  <bazsi@balabit.hu>

	* zorp/main.c: use getopt() instead of getopt_long() if the latter
	is not available,
	added short options to usage screen,
	call z_sysdep_init(), z_sysdep_destroy()

	* lib/ctracker.c, lib/ctrackrouter.c, lib/ipchains.c,
	  lib/packsock.c, lib/pyctracker.c, lib/pyipchains.c, 
	  lib/pyreceive.c, lib/zorp/ipchains.h: made optional, 
	conditonally compiled when ENABLE_CONNTRACK is defined

	* lib/stream.c: added inclusion of sys/types.h

	* lib/tisauth.c: added inclusion of string.h
	
	* lib/zpython.c: removed transparent destination address detection
	and moved to sysdep.c

	* lib/poll.c: changed ETIME to ETIMEDOUT

	* lib/Makefile.am: added sysdep.c

	* configure.in: added additional enable/disable options

	* acconfig.h: added some possible ENABLE_*

2001-05-09  Balazs Scheidler  <bazsi@balabit.hu>


	* lib/pytisauth.c: adapted to the slightly changed tisauth.c

	* lib/tisauth.c: implemented authserver reconnection

	* lib/pyconnect.c: report connection failures right after the
	connect syscall

	* lib/satyr.c: removed unused SSL_CTX creator function
	(z_ssl_session_new is used instead)

	* lib/*.c: documented log messages

2001-05-07  Balazs Scheidler  <bazsi@balabit.hu>

	* pylibZorp/Proxy.py (Proxy.connectServer): server_fd_picked is
	set to TRUE even if we are a toplevel proxy, because otherwise
	session.server_fd was closed both by the proxy and the python
	layer

	* src/ssl.c: ZSSLVerifyData removed, ZSSLSession is used instead,
	an ssl session has to be freed using z_ssl_session_destroy

	* src/satyr.c: moved from SSL * to ZSSLSession *

	* src/readline.c (z_readline_get): added handling ZRL_SINGLE_READ
	which causes an ST_AGAIN to be returned if a full line is not
	available

	* src/pylisten.c (z_py_zorp_listen_accepted): report accepted fd
	value in debug message

	* src/proxy.c (z_proxy_stack_proxy): added debug message about
	client and server fd pairs

	* src/giossl.c: moved from SSL * to ZSSLSession *

2001-05-03  Szalay Attila  <sasa@balabit.hu>

	* lib/pyvars.c: Implement multidim. hash.

	* lib/dimhash.c: New file. Handle "multidimensional" hash (when
	hashkey are tuple)

2001-04-28  Balazs Scheidler  <bazsi@balabit.hu>

	* tests/Makefile.am: commented out making satyr test

	* scripts/zorpctl.in: commented out setting and exporting
	LD_LIBRARY_PATH

	* lib/zorp.c: moved z_log_set_fake_session_id here

	* pysatyr.c: log fixes

	* lib/log.c: moved z_log_set_fake_session_id to zorp.c, because
	it pulled in python dependencies into zorpll

	* lib/Makefile.am: libzorp split, libzorp.so and libzorpll.so
	installs to $prefix/lib, instead of a package specific directory

	* zorp-config.in: new command line switches --ll-libs and
	--local-ll-libs
	
	* configure.in: changed needed for splitting up libzorp into
	libzorp and libzorpll

2001-04-27  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Auth.py (SatyrAuthentication): added timeout parameter

	* lib/stream.c: added support for timeouts in SSL enabled streams

	* lib/pysatyr.c (z_py_zorp_satyr_new_instance): added support for
	satyr timeouts,
	(z_py_zorp_satyr_auth): check requested method whether it is allowed, 
	added some log messages

	* lib/zorp/zorp.h: added CORE_AUTH log tag

	* lib/pytisauth.c: fixed a possible SIGSEGV when connecting to the
	authserv failed

	* lib/sockaddr.c: unix domain socket address size is calculated
	dynamically (just like in syslog-ng which triggered an RSBAC bug)

2001-04-26  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Conntrack.py (CTracker.connectServer): Use snat and dnat

2001-04-25  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Zorp.py: added Z_DROP constant

	* pylib/Zorp/Service.py: added support for snat/dnat

	* pylib/Zorp/NAT.py: changed FakeNAT to ForgeClientSourceNAT

	* pylib/Zorp/Core.py: changed FakeNAT to ForgeClientSourceNAT

	* pylib/Zorp/Chainer.py: added support for snat/dnat

	* lib/readline.c: added checking for embedded NUL characters

	* debian/rules: zorp-config.1 manual package should only be in zorp-dev

2001-04-24  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Zone.py: zones with enumerated address ranges, where
	the number of addresses is 1 don't have real subzones

	* lib/ssl.c (z_ssl_session_new): SSL_* functions return 1 on
	success and not -1 on failure, changed error checks accordingly,
	added reporting SSL error message 

2001-04-18  Szalay Attila  <sasa@balabit.hu>

	* lib/ctracker.c: Implement proxy pool.

2001-04-17  Szalay Attila  <sasa@balabit.hu>

	* lib/ctracker.c: Move timeout a max_packet variables into
	ctracker.

2001-04-17  Balazs Scheidler  <bazsi@balabit.hu>

	* zorp/main.c (z_dump_backtrace): added printing the real
	SIGSEGV/SIGILL location (even more i386 specific)

	* src/stream.c (z_data_dump): made a dummy function, because it
	was SLOOOOOW

	* src/pylisten.c (z_py_zorp_listen_accepted): fixed two possible
	race conditions

	* src/io.c (z_io_listen_accepted): fixed a possible race condition

	* pylib/Zorp/Zone.py: readded umbrella support

2001-04-14  Balazs Scheidler  <bazsi@balabit.hu>

	* scripts/zorpctl.in: we now check if the process exists if a
	pidfile is still found, if the pidfile is stale we remove it and
	start a new instance

2001-04-13  Szalay Attila  <sasa@balabit.hu>

	* lib/ctrackrouter.c (z_conntrack_router_newfd): Bugfix. Doesn't
	drop g_slist_prepend return value.

	* pylib/Zorp/Conntrack.py (CTracker.startProxyInstance): Now
	connections go through the full authentication
	(CTracker.connectServer): Now use router and nat functionality

	* lib/ctracker.c (z_tracker_add_connect): Now connect into
	destination to use correct from address

2001-04-13  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Auth.py: correctly calculate the value for use_ssl

	* lib/sockaddr.c (z_sockaddr_new): changed a g_error() invocation to
	z_log()

	* lib/satyr.c: adapted to the new ssl core, changed Satyr protocol
	so that Zorp initiates SSL handshare (if enabled in the policy),
	and to include more address information in the greeting (AF_INET,
	IP address, port number)

	* lib/ssl.c: cleaned up ssl core (use z_ssl_session_new to create
	an SSL session structure with the given key, cert and verification
	parameters)

2001-04-11  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Proxy.py: avoid using the socket module by using
	the functions provided by the Zorp core.
	
	* pylib/Zorp/SockAddr.py: -"-

	* pylib/Zorp/Core.py: new module importing all core classes, so 
	configuration files will not need to import them one by one

	* lib/pytisauth.c: use enhanced TIS authserv features (stateless
	protocol elements) if available, Zorp will not use more than
	1 connection to the authserv,
	(ZorpTISAuth): new field lock, avoiding race conditions for
	hashtable accesses

	* lib/tisauth.c: implemented new stateless protocol functions

2001-04-10  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/pysockaddr.c: moved htonl, ntohl, getsockname here

	* doc/examples/https.py: new example demonstrating the use of
	a transparent HTTPS proxy

	* lib/zpython.c (z_py_close_fd): new function, exported as closeFd
	to make it possible to avoid using the os module,
	(htonl, htonl): new exported funtions to avoid the usage of the
	socket module

2001-04-10  Szalay Attila  <sasa@balabit.hu>

	* Remove pyathconn.h link from some source.

	* lib/zorp/pysatyr.h: Remark pyauthconn.h (Doesn't need.)

	* pylib/Zorp/Proxy.py (Proxy.__init__): Bugfix. Remove `);' from
	end of line: log(CORE_SESSION, 1, "%s: Proxy...

	* Delete lib/receive.c Not used.

	* Rename z_denter and z_dleave in some files.

2001-04-09  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Conntrack.py: New file. Python part of connection
	tracking.

	* lib/ctrackrouter.c: New file. Polling part of conenction tracking.

	* lib/ctracker.c: New file. Main part of connecion tracking.

	* lib/pyctracker.c: New file. Glue between C conntrack and python
	policy

	* pylib/Zorp/Service.py (Service.startInstance): New parameter:
	type.
	(Service.startCTInstance): New function. Start a connection
	tracking module.
	(Service.addClient): New function. Set the socket, where the
	service listen.

	* pylib/Zorp/Receiver.py (Receiver.__init__): Major rewrite.

	* pylib/Zorp/Proxy.py (Proxy.__init__): Call ZorpProxy with type
	parameter.

	* lib/registry.c (z_registry_init): Enhance registry. Now every
	proxy type have it's own hash.
	(z_registry_add): Now must set the proxy type.
	(z_registry_get_one): New function. Return the egzakt entry
	pointed with name and type.
	(z_registry_has_key): New function. Return TRUE if there is any
	line in the registry with the given name.

	* lib/pyreceive.c: Major rewrite. This module only create a socket
	now.

	* lib/pyproxy.c (z_py_zorp_proxy_new): New parameter: type. Set
	type of proxy.

	* lib/poll.c (z_poll_remove_stream): New function. Remove a
	ZStream from poll.

	* lib/packsock.c: Rewrite packsock.c. Keep only z_packsock_receive
	and z_packsock_read.

2001-04-09  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/*.py: changed log messages to the new format.

2001-04-05  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/pytisauth.c, lib/cap.c: added trace calls

        * Zorp-Core adapted to new, consistent logging format

	* lib/packsock.c, lib/labelset.c, lib/pylabelset.c,
	lib/authconn.c, lib/pyauthconn.c: removed files

2001-04-04  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/*.c: adapted to the new log macros

	* lib/zorp/log.h: changed trace macro names to be more consistent

2001-03-29  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Auth.py: written docstrings

	* lib/zpython.c: removed inclusion of pyauthconn.h and
	z_py_zorp_authconn_init

	* lib/ssl.c, lib/zorp/ssl.h: moved z_stream_ssl here

	* lib/tokenize.c, lib/zorp/tokenize.h: renamed lineio.h, reviewed,
	cleaned up

	* lib/satyr.c, lib/pysatyr.c, lib/zorp/satyr.h,
	lib/zorp/pysatyr.h: rewritten to conform to the new auth
	architecture

	* lib/authorization.c (z_authorization_get_methods): fixed
	allocation of the result array

	* lib/Makefile.am: removed authconn.c pyauthconn.c from
	compilation, they should be adapted to the new authentication
	framework

2001-03-26  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Proxy.py: store TRUE in server_fd_picked if the proxy
	is a stacked one, and it picked up its the server side fd with 
	connectServer(), if server_fd_picked is FALSE upon destroyal of the
	proxy instance, the fd is silently closed

	* pylib/Zorp/Proxy.py (Proxy.stackProxy): new function, moved from
	Plug/Pssl for easier proxy stacking

	* lib/proxy.c (z_proxy_stack_proxy, z_stacked_proxy_new,
	z_stacked_proxy_destroy): new functions, these make it easier to use
	stacked proxies.

	* lib/giossl.c (GIOSSLChannel): moved to giossl.h

	* lib/stream.c: make shutdown a function pointer, so that SSL
	enabled streams may define their own shutdown (using SSL_shutdown)

2001-03-23  Balazs Scheidler  <bazsi@balabit.hu>

	* main.c: enable setting maximum threads with the --threads parameter

2001-03-19  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/pysockaddr.c (z_py_zorp_sockaddr_getattr): added support for
	family attribute

	* lib/pytisauth.c: added support for startSession & stopSession

	* pylib/Zorp/Proxy.py: call self.auth.stopSession from __destroy__

	* pylib/Zorp/Auth.py (Authorization): added startSession() and
	stopSession() methods,
	(Authentication.performInbandAuthentication): call auth.startSession()

2001-03-17  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/io.c, lib/pyconnect.c, lib/pylisten.c: ZIOConnect and
	ZIOListen made reference counted, ugly locking cleaned up

2001-03-16  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Chainer.py: rewritten

	* pylib/Zorp/NAT.py: new file

	* pylib/Zorp/Router.py: new file

	* pylib/Zorp/Service.py: adapted to the new Chainer/Router modell

	* pylib/Zorp/Listener.py: -"-

2001-03-15  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/sockaddr.c (z_connect): loop on EINTR instead of returning
	an error condition

2001-03-14  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/zpython.c (z_python_init): call the initialization function
	for pytisauth

	* lib/pytisauth.c, lib/zorp/pytisauth.h: new files, Python wrapper
	for tisauth.c

	* lib/tisauth.c, lib/zorp/tisauth.h: new files, implement low level
	interface to TIS authentication server

2001-03-12  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/pyvars.c (z_proxy_var_new): added support for Z_VAR_TYPE_METHOD

	* pylib/Auth.py: readded, and rewritten (Authorization and
	Authentication classes)

	* lib/proxy.c: standard events with underlines added (__config__,
	__startup__, __shutdown__)

	* lib/authorization.c, lib/zorp/authorization.h: new files for
	interfacing to authorization databases

2001-03-07  Balazs Scheidler  <bazsi@balabit.hu>

	* zorp/main.c: call license checks

	* lib/zorp/license.h: new file

	* lib/license.c: new file, implements license file checks

2001-02-22  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Chainer.py: DirectedChainer checks its remote argument
	whether it's a SockAddrInet instance

	* pylib/Zorp/Zorp.py: define Z_ABORT, and define some logtags used
	in the python part of Zorp.

	* pylib/Zorp/Listener.py: SimpleListen new class

	* pylib/Zorp/Domain.py: small fix to use netmask() method instead of
	using the mask attribute directly

	* pylib/Zorp/Connector.py: define and call connect_hook and
	unconnect_hook so the administrator is able to change
	packet filter rules dynamically

	* lib/thread.c: protect the thread list with a mutex, it could 
	cause infinite loops, or SIGSEGVs

2001-02-19  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/cap.c: don't do anything if --no-caps is specified

	* lib/packsock.c: z_packsock_sendfrom() enable requried capabilities

2001-02-15  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Session.py: moved a log message (about the client
	connection info) to Service.py (after the session instance id is
	determined)

	* scripts/zorpctl.in: fixed a problem in zorpctl restart (when no
	instance names was given to restart)

2001-02-11  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/pylisten.c: the return value of the accepted() callback should
	be Z_ACCEPT or Z_REJECT not a simple boolean value

	* pylib/Zorp/Chainer.py: Chainer class renamed to abstract Chainer.

2001-02-07  Balazs Scheidler  <bazsi@balabit.hu>

	* zorp/policy.py.sample: fixed some bugs

2001-02-06  Balazs Scheidler  <bazsi@balabit.hu>

	* scripts/instances.conf.sample: changed copyright

2001-01-30  Balazs Scheidler  <bazsi@balabit.hu>

	* configure.in: bumped version number to 0.7.14

	* lib/proxy.c (z_proxy_destroy): don't use z_python_global_state,
	use self->thread instead

	* lib/log.c: protect message output with a mutex to avoid
	message clashes

2001-01-29  Balazs Scheidler  <bazsi@balabit.hu>

	* debian/control (zorp-dev): fixed a typo, depend on zorp-libs
	instead of zorp-lib

	* debian/rules: instead of configure-ing modules by hand, do 
	a make config-stamp in the modules directory

	* configure.in: separate CPPFLAGS and DEPS_CPPFLAGS variable (for
	CPPFLAGS to be used for Zorp compilation and CPPFLAGS required by
	dependencies glib, python etc)

	* zorp-config.in: separate --cflags and --cppflags arguments,
	use @DEPS_CPPFLAGS@ instead of CPPFLAGS directly to avoid inclusion
	of the Zorp source directory in the include search path

	* lib/pyvars.c (z_pyvars_setattr, z_pyvars_getattr): check if
	self->vars is NULL

	* lib/pylisten.c (z_py_zorp_listen_free): call
	z_io_listen_destroy() if the python instance is freed

	* lib/proxy.c (z_proxy_destroy): call __destroy__() event,
	(z_proxy_destroy): dispose z_pyvars to avoid circular references
	(caused memory leaks in HTTP),
	(z_proxy_config_event): added log message,
	(z_proxy_startup_event): -"-,
	(z_proxy_shutdown_event): -"-,
	(z_proxy_connect_server_event): -"-
	(z_proxy_destroy_event): new function to call __destroy__()

	* lib/io.c, lib/zorp/io.h (z_fd_set_oobinline): new function to
	enable the SO_OOBINLINE socket parameter (used by the FTP module)

2001-01-25  Szalay Attila  <sasa@balabit.hu>

	* configure.in: version number bumped to 0.7.13

	* zorp-config.in (Usage): New parameter --local-libs and
	--local-cflags. Used when zorp-modules is compiled with zorp.

2001-01-25  Balazs Scheidler  <bazsi@balabit.hu>

	* zorp/main.c: stackdump is moved to a separate function to be
	called by different signal handlers

	* pylib/Zorp/Session.py (MasterSession.__init__): new attribute
	`started' which is set to TRUE when startInstance is called

	* pylib/Zorp/Service.py (AbstractService.stopInstance): new
	function, to be called when the session of the given service
	exits,
	(Service.__init__): initialize new attributes: max_instances,
	num_instances,
	(Service): delete attribute definition from the class (they are
	created during initialization),
	(Service.startInstance): ensure that session limits are not
	broken,
	(Service.stopInstance): decrease num_instances if the stopped
	session was started

	* pylib/Zorp/Proxy.py: write a log message when a proxy module
	starts and exits

	* pylib/Zorp/Listener.py: move message tags to variables,
	add handler for LimitException

	* pylib/Zorp/Zorp.py: new exception type LimitException

2001-01-24  Szalay Attila  <sasa@balabit.hu>

	* zorp/main.c (z_sigill_handler): New function, called when SIGILL
	caught.

	* lib/pypolicy.c (z_policy_call_object): Bugfix. Remove DECREF, becouse
	variable is not referred from here.

2001-01-22  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Session.py: use Zorp.firewall_name in session_ids

	* pylib/Zorp/Listener.py: store getSockName(client_fd) in
	session.client_local

	* pylib/Zorp/Listener.py: new parameter to Listener, transparent
	it disallows directly connecting to the given socket (to avoid
	an endless loop, when a transparent listener is connected directly)
	
	* lib/zpython.c (z_py_get_sock_name): new function, which returns
	the sockname of the given socket

	* lib/io.c (z_fd_set_keepalive): enable SO_KEEPALIVE on the given
	socket,
	(z_io_listen_accept): call z_fd_set_keepalive,
	(z_io_connect_connected): -"-

2001-01-22  Szalay Attila  <sasa@balabit.hu>

	* lib/zorp/proxy.h (func_cp): New macro. Write a CheckPoint into log.

2001-01-22  Balazs Scheidler  <bazsi@balabit.hu>

	* new ChangeLog started
