What's new? 'cFos' ISDN Driver Family
* New feature
+ Minor improvement
! Software-change requires modification of your configuration
- Information only
Revision history: ---------------------------------------------------------
cFos 8.01 build 3134
x TCP SYNs were not properly prioritized. Fixed.
x Uploads do now slow down downloads less than before.
x Fixed behaviour of overlapping active areas in skins. Now the topmost one
catches the mouse click.
x When no rule matches and no class has yet been set for a connection the class
is set to default. This partially reverts the change from build 3133.
cFos 8.01 build 3133
+ When the traffic class is still not set (at the beginning of a connection)
the column will display "working" or nothing. If more traffic is coming,
the class name will be shown.
+ If traffic shaping is (partly) inactive, this is now shown in "spd speed"
x When no rule matches and no class has yet been determined for a connection
we set the class to default, otherwise we leave it unchanged.
x Fixed serious bug in -l7-prot, -udp-prog, -tcp-prog and -prog filter rules
when they were used with negation (like -l7-prot !@user.ini/normalprots).
This caused program and protocol settings to malfunction if you had made
changes to them (changes are recorded in user.ini and filter rules contain
negations to read them properly). This bug was introduced in since
v8.01.3128. Thanks to km for his bug reports.
x Skins would not display more than 21Mb/s speed. Fixed. Thanks to kamcm for
x Fixed a long-standing problem where cFos might perform poorly after a
wakeup from standby. Notably, UDP connections would not time-out and ever
increase in numbers.
- Removed superfluous .htm files from distribution.
cFos 8.01 build 3132
+ Added -udp-vol rule: it counts the volume of an UDP pseudo-connection.
Volume in this sense are all bytes including the IP and UDP header.
Added -udp-cnt rule: it counts the number of UDP packets in an UDP
+ Extended arguments for -tcp-seq and -tcp-cnt rules to 64 bit.
+ Added gset variable tx_shape, default 1, to en/disable tx-shaping globally.
x Fixed a error where certain skins would be incorrectly loaded and thus not
displayed at all.
x Fixed a bug in -prog and -l7-prot filters: they did not properly accept
multiple arguments separated by commas. Thanks to Thomas Quella for his bug
x Large ping values were always displayed as 999ms. Fixed.
x Variance accommodation now works for satellite connections with their very
long ping times as well. Thanks to ipcopter.de for help and support.
x No pinger boot will be done if both rx_shape and tx_shape are 0.
x Better tracking if test-pings reached the destination. If so, pinger will
not be used for burst and pingstat line starts with a '+'.
- By default max_trace_size is now 10 mbytes.
- If for some reason test-pings reach their destination (i.e. they are not
returned with "TTL exceeded"), we inhibit further test-pings with that TTL.
- Switched to new compiler.
cFos 8.01 build 3131
* cFos now features packet loss avoidance. Some Internet connections
have a very small packet buffer for incoming data. This buffer is quickly
overrun when too much data is received, leading to packet loss. The packet
loss is then detected by the sending TCP and the rate of transmission is
lowered. Nevertheless, this leads to higher ping times and packet loss
for all data received, even UDP data used for Gaming or VoIP. Tests show
that the packet loss rate can be as high as 5%.
Now cFos detects this packet loss in TCP streams and keeps the streams
from sending too much data. This avoids packet loss, leading to much lower
loss rates, fewer SACKs and sometimes much better throughput.
The feature is on by default, but can be switched off by setting
"cfo gset avoid_loss 0 -save" or switching off "Packet loss avoidance" under
Options, Settings, Preferences.
+ Classes can now have -tos switch set to set TOS byte on all outgoing
packets. Since TOS and DSCP both are stored in the same byte, they are
incompatible to one another: you can not use both at the same time.
+ Added dumping of TOS values for "cfo dump ...".
+ Added "cfo vari" command to show variance sample data. It accepts parameters
-clean to force cleaning of old values, -clear to clear all values and -set
to force use of the calculated variance.
+ Tx-shaping has now a better average ping time, since cFos doesn't try to
increase the send speed so often, much less so in low latency mode. This
lowers average ping time by about 8 msec in pure upload tests here.
+ New parameters to set the desired ping delays in both directions: tx_delay,
tx_width, rx_delay and rx_width. cFos tries to keep the ping between
tx_delay and tx_delay + tx_width when sending and between rx_delay and
rx_delay + rx_width when receiving. The values are in usec. Removed
If receive speed is too low, because cFos is too agressive in keeping
a small ping, increase the rx_* values.
Added delay_auto setting, true by default. If set, it will automatically
set rx/tx_delay and rx/tx_width to sensible values. If you want your own
values in rx/tx_delay and rx/tx_width, you just assign some value to them or
switch off delay_auto. This is still work in progress where the assignment
might change in the future.
+ Added SACK statistics in "cfo netstat" and "cfo perf on" output.
+ Numerous fixes and improvements for rx-shaping.
+ Added "nsclear" command to clear the "netstat" counters.
+ Added filter expressions -l, -r, -l-mynet, -r-mynet, -l-bcast, -r-bcast,
-l-iplist and -r-iplist. They work like the -s and -d, etc. pendants, just
for local and remote addresses, i.e. invariant of the direction of traffic.
+ Added gset variable "max_hops" (default 8) to allow cFos to ping with
higher TTLs. Allowed TTL values are 8 - 16. If you change it, you should
use "cfo pingboot" afterwards. Thanks to gj090879 for inspiration.
+ Added global variable "vari_trace". When switched off new variance data is
no longer dumped to trace.txt; that is the default now.
+ Even if "Automatic MSS (MTU) optimization" is off (default), a set msslimit
and the intrinsic limit of the medium (like 1492 for PPPoE) will be used to
change the MSS. Therefore, it's good to set the medium properly. Plus,
it helps rx-shaping.
x Fixed a problem where variance would not be properly calculated after pinger
was changed. Thanks to Gothico for the trace.
x Fixed a serious bug that affected TCP volume counting of sent traffic.
Thanks to Toxic for his trace.
x Fixed bug in medium settings for media cable, frame_count, cable_mixed, 3g.
x Fixed a problem where cFos could cause too much delay in tx direction.
x Hopefully fixed a problem where maxtxraw might become too large. Thanks to
Toxic for the trace.
x Setting msslimit to 536 with medium PPPoE had no effect. Fixed.
x The TCP MSS will no longer be lowered if the medium "adaptive" is set. If
you know the type of your connection, set it properly under Options,
Settings, Traffic Shaping, , Options. If you have some DSL variant
cFos might reduce the TCP MSS on your connections to gain up to 3%
speed if "Automatic MSS (MTU) optimization" is switched on.
x Fixed some erroneous UTF-8 BOMs in settings.ini.
x Fixed a problem where data would sometimes not be written properly to
data.ini. Thanks to AndyC for his case.
cFos 8.01 build 3128
+ Added "calibrated" value to "cfo speed" output to show how well calibrated
cFos already is; a value of 0 means "not at all", 100 means "fully".
+ We're now trying harder to keep starting TCP streams from congesting the
+ Speeded ICMP packet handling. Thanks to Archer for report.
+ Improved pinger selection when ping reliability is low.
+ No pings are sent when there was no traffic for some time. This is to help
+ Added "Unknown" protocol to priority dialogs as well.
+ New skins added: "TA Insight Skin", with Windows 7 look and real-time
analysis. Both traffic analysis skins now have a ping variance display and
a traffic shaping indicator. The ping variance display shows the variance
and statistical certainty of the ping times of your connection. The traffic
shaping indicator flashes whenever a packet is prioritized, i.e. when it is
sent faster than it would without traffic shaping.
+ Added "DivX" to the list of streaming agents for the layer-7 protocol
+ HTTP GET requests are now sent to the high queue regardless of the class of
+ Pinging with UDP is now preferred over ICMP, if both work. UDP pinging is
+ The skins can now load images with GDI+, thus supporting the formats PNG,
TIFF, JPG and GIF.
+ The skins can now use XRGB 32bit bitmap files, in addition to the ARGB
x Increased value for avg_time to improve accuracy of maximum speed
x Fixed some program priorities. Thanks to Yochanan.
x Fixed a bug in filter rules: when a protocol or program is set to non-normal
priority by factory defaults and the user changed the priority to normal, it
would have no effect, i.e. the factory default priority would still be used
instead or the normal priority the user had set. Thanks to Peter Chamberlin
for his bug report.
x Fixed sending priority of pings. This should increase reliability of
- Removed TCP pinger.
- License keys that included a limited 1-year update right and were sold until
July 2008 for a special price no longer work now. If you want to continue to
use cFos, please purchase an update.
- UDP checksum checking is now off by default.
- Images of dialogs are now in PNG format.
- cFos queues now by default outgoing data for a maximum of 1 sec instead
of 3 secs. This forces TCP to adjust to line conditions faster. You can
change this settings by setting "cfo gset max_queue_time -save", where
is measured in milliseconds.
cFos 8.01 build 3127
+ When cFos was being used with CAPI*.DLL (-v0 switch) and the CAPI did not
report the manufacturer on load (since maybe something was still
unconnected), cFos will now try later to get the manufacturer info.
+ The count of connections displayed in skin windows now by default displays
the sum of TCP + UDP connections (formerly it was only TCP connections), but
can be switched to either only TCP, only UDP or both by clicking on the
+ Added l7-detection for Teredo IPv6 tunnelling. Thanks to Zbig for
+ Added decay of statistical data for calculation of variance after 15
minutes, so no values that are too old will be used in calculation.
x Fixed double dumping of settings to trace at the beginning of connection.
x IPlist's were not loaded at program start, only with
"cfo reload -iplist". Fixed.
- Executables are now flagged to support Data Execution Prevention (DEP) and
Address space layout randomization (ASLR), two security features of Windows
and to support 3GB of user space memory.
cFos 8.01 build 3124
! gset variable default_reg_id is now called reg_id_default.
+ Global variable checksum_ip may now be set to 2 as well, meaning that IP
checksum will only be checked on incoming packets.
x Fixed starting of Driver Setup from context menu under Vista and Win7.
Thanks to Uwe Engelmann for bug report.
x Fixed a long delay when opening context menu. Thanks to Uwe Engelmann for
x Now handle_mss is 0 by default, i.e. TCP MSS is not changed by cFos.
This should fix problems with some strange web sites.
- The reg_id = 1 (fixed) has been removed. Only 2 (cooperative) remains.
cFos 8.01 build 3123
! cFos now measures the variance of ping packets and uses this value
when shaping. Usually the variance is quite small (e.g. with DSL 16 mbit/s
it's about 4ms), but with wireless networks it can be substantially higher.
This value can be accessed via variable "variance" (cfo set variance). If
you don't want this value to be automatically changed by cFos, set the
global variable "vari_fixed" to 1 (cfo gset vari_fixed 1 -save).
+ Hopefully fixed a strange crash in fax mode. Thanks to Jens Willmroth for
cFos 8.01 build 3122
+ Added switches to force or prevent loading of CAPI2032.DLL by cfosdnt.exe:
-force-con instructs cfosdnt.exe to load capi2032.dll, -force-nocon instructs
it not to try. Note that the switches have to be used when loading
cfosdnt.exe, not in cfos.ini. Thanks to Marcel Müller for inspiration.
cFos 8.01 build 3121
x Fixes for renamed .hta files in skins.
cFos 8.01 build 3120
+ Added gset variable dump_wshark to create dump files in Wireshark compatible
x cfos.ini [monitor] actions are now again case-insensitive. Thanks to Dieter
Sippel for his bug report.
x Fixed crash in fax mode.
- .hta files have been renamed to .cfhta to prevent them from being started
cFos 8.00 build 3100 -- 17-Mar-2010
* Added new concept of "limit classes and filters". They are used before the
"regular classed and filters" are used. Thus, the firewall filters have been
moved to the limit filters.
The main difference between limit and regular classes is that -speed
parameter for limit classes sets a maximum send speed for packets in this
class. With this you can rate-limit your applications or protocols when
There is no user interface save the command line yet. To illustrate, here
is an example: Limit app.exe to 20000 bytes/sec:
cfo limit class slow -speed 20000
cfo limit filter -A -prog app.exe -c slow
Class and filter settings are automatically saved when changed and loaded
when cFos loads. You can use the full range of filter expressions to
specify which traffic should be rate-limited. See
http://www.cfos.de/speed/documentation/filter_expressions.shtml for the
documentation of filter expressions.
Use "cfo limit help" to get a list of subcommands.
* New skin: cFos now comes with a "Traffic Analysis" skin, which allows
fine grained real-time traffic analysis. The skin comes in two sizes:
small to get a quick overview and large for detailed analysis. Each skin
draws up to 10 graphs. To enable/disable a graph line click on the
'legend' button on the left border to open the left pane. Then click on
the text for each colour to enable/disable the respective graph.
Each graph displays the value of a certain traffic "slot", where the volume
of traffic of certain programs and protocols is counted. You can setup
which traffic goes to which slot (and is thereby drawn by which graph)
in the slot setup dialog. In this Beta version the slot dialog is sometimes
hard to use, but we are improving the slot setup dialog in upcoming
* Rewrote ping engine. "Hybrid ping" is dead, long live "meta ping"! :)
The new pinger engine can make test pings to measure connection latency
with ICMP (like ping), but as well with UDP and TCP. All pingers operate in
parallel and cFos automatically selects the best one. The reliability
of the measurements is checked all the time and cFos will switch to a
different pinger if one starts to fail.
Hopefully, this will further reduce the problems users have with misbehaving
firewalls, routers and ISPs.
Commands of the new ping engine:
pinger set the protocol and TTL for outgoing test pings
pingstat print ping statistics (-clear clears stats after printing)
pingclear clears ping statistics
pingboot cycle thru all pingers to find best protocol and TTL
sethops set the TTL for outgoing test pings
* New and improved configuration dialogs that should be easier to use and
navigate. The Usage Graph dialog now also shows the total sums of the
displayed line diagrams.
* cFos can now block huge lists of IP-addresses the same way IP-Blockers
like Protowall and Peerguardian support them. All traffic to or from one of
the listed addresses is blocked. We call those lists "iplists".
It works like this: cFos supports these iplists through two filter
expressions: -s-iplist and -d-iplist. They are already set by default in
The filters -s-iplist and -d-iplist accept as a second parameter an iplist
name. The default name used in settings.ini is "ipfilter". In the [iplist]
section in settings.ini or user.ini you must specify the iplist names with
the corresponding IP block list files that contain the IP-ranges to be
blocked. These block lists are not supplied with cFos.
An example excerpt from settings.ini:
filter=-tx -d-iplist ipfilter -c drop
filter=-rx -s-iplist ipfilter -c drop
This will read both files and make them available as iplist named 'ipfilter'.
This iplist is used by default to filter packets to the drop queue, i.e. to
discard them. Use "cfo reload -iplist" to reload the iplists from the source
for more. Thanks to esz for the idea.
+ Added Layer-7 detection for RTMP. Thanks to Vadim for providing the
+ When the browser or a plug-in like flash controls a multimedia
stream downloads/uploads, layer-7 analysis now classifies this as
a seperate protocol, called BSTREAM_C/BSTREAM_S. It is prioritized high
by default. Unfortunately, all downloads/uploads of video and audio
files are also classified as BSTREAM_C/BSTREAM_S, because they look
the exactly the same, so the layer-7 analysis cannot distinguish
between viewing or downloading a stream. If you download more
videos instead of watching their streams, you can set the priority
+ Added NSPlayer to the list of streaming clients, so layer-7 detection
finds streams even if not marked with the appropriate content-type
+ We now choose to send pings to a fast responding hop, even if it is further
away from us than a slower one. Thanks to PULARITHA1 for inspiration.
+ Now you can switch the type of pinger with "cfo pinger ", where prot
is "tcp", "udp" or "icmp" to the same ttl and usermode/kernelmode, but
+ Added 2nd monitor support for the status window.
+ "cfo class xxx -D" command can now delete a class even if there are still
filters pointing to it; the filters are then deleted as well as the class.
+ Program name lookup for connections has been sped up.
+ Added -pid filter expression that matches the process ID of Windows
processes. Please note that a process ID is only valid until the process
terminates. Yet, it might get re-used by a different process some time
+ Added -pid option for "cfo connections" to show the Windows process ID for
+ Added gset variable auto_burst. Setting "cfo gset auto_burst 0 -save" will
switch off cFos' automatic burst to find the line speed when going
+ Added "Traffic Analysis Icon Skin"! Thanks to our designer Ingo Günther. :)
+ Added support for buttons in taskbar icon skins for Windows 7.
+ The Traffic Analysis Skin windows now has a little line bar diagram
below the slot name (on the left pane) to indicate traffic for each slot
+ New slot commands: you can set up the slots from the cfo command line as
well. To do so, you can use the following commands. All commands begin
with "cfo slot ":
get/set mode get/set the traffic counting mode. available modes are:
tx, rx, max, total_tx, total_rx, total_max
'max' modes display rx or tx, whichever is faster in percent
'total' modes display all traffic, ignoring protocol/program settings
unused protocols display protocols that have not been assigned to a slot
unused programs display program names that have not been assigned to a slot
save save all slot settings to user.ini
reload load all slot settings from user.ini
+ The Traffic Analysis Skin windows now has a little line bar diagram
below the slot name (on the left pane) to indicate traffic for each slot
+ Skin window position is now stored for each skin. This only applies if
you disable "auto-arrange".
+ Added new skin functionality: you can now draw lines and set text with
arbitrary fonts in your system.
+ Improved burst code to find the line speed after install. This will happen
automatically only three times after connect now. Added detection of a
second traffic shaper to burst.
+ New language: Nederlands! That makes a total of 19 languages supported.
Even more languages are downloadable from our web site, here:
+ Added tracking of UDP pseudo-connections counts.
+ Improved bulk detection: non bulk streams (i.e. interactive) connections
must now not exceed a certain speed.
+ Added cfo con -lss and -ss option to display the largest ever used segment
size and all segment size values.
+ When started in compatibility mode, cFos will still know the real
operating system version.
+ The skins now support system fonts for text display. Thus skin designers
don't need to define their own bitmap fonts any more. Also the HISTORY
method supports line drawing. See http://www.cfos.de/skin/skin_ref_e.htm
+ Added a quicker way for the minimum RTT to adapt to higher ping times.
+ Two more regulation parameters of variable shaper are now available and can
be changed on the command-line: tx_dest_width and rx_dest_width. They are
both counted in usec. You can change them e.g. by "cfo set tx_dest_width
20000". Changes are saved on a per-port basis automatically.
+ Added gset variable dump_ascii to switch off ASCII printing of data in data
+ Added -stat parameter to "cfo tcb" command. This will print detailed traffic
statistics for each TCP connection.
+ You can now configure to check if outgoing TCP segments are resends of
segments that are still in the send queue. By default this check is no
longer performed, since it may consume too much time for a meagre gain of
some 0.1% tx bandwidth in tests here. If you want to squeeze the last bit
of speed out of your connection, switch it on with
"cfo gset resent_in_queue 1 -save".
+ Speeded handling of out-of-sequence TCP segments. This could lessen overall
CPU load by some percent and lower the memory consumption.
+ "cfos cons -speed" now lists a new column: flags. Listed flags are: MSS,
WSCALE, SACK, TSOPT and ECN. An upper case letter indicates that the option
is in use for that TCP connection, a lowercase letter indicates the initiator
of the connection tried to negotiate the option to no avail and a '-' means
the option is off. See "cfo cons -?" for more help.
+ IP blocklists are now also accepted in Protowall/Peerguardian format. The
old format (which is still supported) was by Emule.
+ Finally added auto-hide on fullscreen to the skin window. Thanks to
Richard B. (dj deipotent), who provided the code for this feature.
cFos automatically closes the skin windows, if an application
(e.g. a game) switches to fullscreen mode. It opens the window after
fullscreen mode is exited if the last time it was opened was automatically.
You can toggle this setting in the window settings menu of the context menu.
+ Added new global setting "bulk_detect", which is 1 by default. Switch it
off to prevent cFos from guessing if certain l7-protocols (like IRC,
Telnet, file sharing) are in bulk mode, i.e. transferring large amounts of
+ Added -tcp-lport, -udp-lport and -lport to match local ports and -tcp-rport,
-udp-rport and -rport to match remote ports.
+ Added help texts for global variables dump_sessions and passthru. Use e.g.
"cfo gset passthru /?" to get help.
+ Added new filter option "-force-set-class". By setting this option in a
filter expression you can force cfos to set the class of this filter
as the main class of the TCP/UDP connection this packet belongs to.
section "RX-priorisation" for more details. Thanks to GB W for inspiration.
+ Added additional way of allocation to relieve non-paged pool.
+ Added Layer-7 detection for large HTTP downloads (client & server).
HTTP transfers which take more than 1 sec. at full speed are now
classified as HTTP_C_BULK / HTTP_S_BULK and have low priority as
default. You can change the priority in the Layer-7 Protocol prioritization
+ Speeded memory allocation.
+ Added new skin: "LC History"; it's like our well-known Liquid Crystal skin,
but with a history that scrolls to the left.
+ Filter expressions -s and -d now accept lists of addresses. Thanks to
reMiND for the idea.
+ Added a switch to log all TCP connections with their adresses, ports,
statistics, etc. to a disk file. This may be good if you want to see
what happened, when you didn't watch the status window. The data of the
sessions is not saved, only statistics.
To activate set "cfo gset log_sessions 1". Add a "-save" if you want to
keep it activated after a restart. The disk file is called
session_log.txt; you can set it max size with gset variable
max_session_log_size, default is 1mb.
+ Added cfo command "tcb" to show interactively some of the info that is
written to session_log.txt.
x Fixed high DPC latency problems, which were reported by Infium98. This
could help when you notice occasional stutter of sound output.
x For whatever reason, packets of streams with l7-protocols set normal
priority did not "fall through" as is documented, but were set to default
priority right away. This has been fixed. Thanks to eXtreme for leading
my attention there.
x Switches -dscp, -weight, -vlan-id, -vlan-prio can now be used for default
class as well. Thanks to vadim for bug report.
x Fixed bug with game mode: sometimes windows opened where they should stay
x When bursting to find the line speed, cFos sometimes would send so much
data that it virtually froze the machine. Hopefully this is fixed now.
x Fixed bug in meta pinger that could have caused a crash.
x Fixed range checking for "msslimit" set variable.
x Driver all too often did not load saved settings and instead used burst to
determine line speed. Fixed.
x Fixed process name resolution for Windows 7 x64.
x Fixed a bug in burst code that was introduced in build 3097.
x Program names in connection overview are now unicode as well.
x cfo command line now works with unicode as well.
x Fixed a bug where cFos wouldn't remember the status window position
(only applicable if auto-arrange is turned off).
x cFos will not boot the pinger when shaping is switched off.
x cFos will not boot the pinger when shaping is switched off.
x Fixed missing messages for Event Viewer in cfosnt.sys.
x Tried to fix a rare bluescreen when using CAPI2032.DLL. Thanks to Jürgen
Koblitz for dump file.
x Fixed a bug where cFos wouldn't remember the status window position
(only applicable if auto-arrange is turned off).
x Fixed a long-standing skin bug, which caused cfosdnt.exe to sometimes
crash while switching skins. Thanks to Ingo Günther.
x Fixed tsclear command. It had erroneously cleared rx_limit, tx_limit and
x RTP detection would try to identify packets as RTP even if UDP pseudo-
connection had the l7-protocol already saved. This could lead to BitTorrent
UDP connections being flagged as RTP. Fixed. Thanks to TheXtremeKing for
x Better bulk detection for small MSS. Thanks to Sz. J.
x Fixed TCP counter "ACKs for unsent data".
x Fixed a rare crash when dump mode was on.
x Fixed a bluescreen in fax mode. Thanks to Markus Bantel for dump file.
x Fixed "cfo medium" command.
x Tried to fix a spurious bluescreen when using CAPI2032.DLL.
x Fixed problems with memory allocation.
x If the cfos.ini file was saved as non-unicode, it was not changed to
unicode later. This could cause a problem, when unicode filenames were
tried to save. Fixed.
x If the measured delay was too high the fixed shaping algorithm now lowers the
txspeed more, even if we attained a higher speed some time before. This
should guard better against measurement or calculation errors.
x Fixed potentially serious bug in interlocked handling.
x Tried to fix a crash when using CAPI2032.DLL. Thanks to Sebastian Boden for
x Overview of active connections should have less "Unknown" program names now.
x Expanded and fixed "cfo tvstat" counters.
x RTP statistics were not printed when there were no RTCP sessions. Fixed.
x RTP detection bug fix.
x UDP checksum errors were counted but not printed. Fixed.
x UDP packets without checksum are now properly handled.
x Fixed bug in handling of out-of-memory.
x The variable shaper sent pings all the time, even if there was no traffic
otherwise. This has been fixed. Thanks to Octavian for the report.
x Added better handling of multiple but different SYN segments and improved
recovery after ACK for unsent data. Thanks to khashayar zayyani for help.
x Sometimes HTTP, SSL and SSH non-BULK l7-protocols would stay on default
priority even if the l7-protocol priority was set to high. Fixed. Thanks
to mumia for bug report.
x It seems some networks trash the Ping IP packet when they return it to the
sender and cFos couldn't find the replies in its lists. Thus, we
relaxed the check a bit. Thanks to Deepak for bug report.
x Fixed cfos.ini caller monitor actions; they were broken if you used number
to name replacements like "7669826=cFos". Thanks to Torsten Frehe for his
x L7 protocols SSL_C, SSL_S and SSH sometimes switched between _BULK and
regular versions periodically. This has been amended.
x The saved "cfo dump -save" setting was never read. Fixed.
x Fixed a crash that happened with dynamic CAPI loading. Thanks to Roger
Heitkamp for dump files.
x IP reassembly code was broken. Fixed.
- Strict RTP checking is default again. Too often regular UDP packets were
erroneously detected as RTP. With strict checking RTP packets must contain
a source ID, previously introduced by a corresponding RTCP packet. But some
software does not use RTCP connections, like IxChariot or VoIPBuster.
- Class names can now contain any character except SPACE and TAB and even
these characters, if you enclose the name in double quotes.
- Improved call stack usage.
- The default maximum trace.txt file size has been increased to 1 mb.
- The skins formerly named "cFosSpeed..." are now named "Aquarium..." :)
- Added additional trace output for route detection.
- Added some decoding for Win7 in trace file.
- The dialog\calibration*.htm files are now used from our server directly
instead of from the distribution.
- Added code for post mortem debugging.
cFos 7.52 build 3065 -- 28-Feb-2008
+ cFos now uses less allocations and thus less CPU load.
x cFos didn't load under Windows 2000 for PPPoE. Fixed.
x Fixed a spurious crash that could happen when connection connections were
lost. Thanks to Andreas Mydlarz for the cash dump.
x Fixed error in connection report.
cFos 7.50 build 3045 -- 18-Jan-2008
* Added rx-priorisation. It works as follows:
Each class (high, default, low, lowest) has a weight assigned. Furthermore,
all TCP streams are mapped to a certain class (this only applies for bulk
data; e.g. ACKs are always sent out in the higher class), according to
filter rules. The class weight is used when TCP windows for rx-shaping are
computed. A TCP stream with weight 100 gets a window that is about 4 times
bigger than a stream with weight 25. This should *usually* translate into
more speed on that stream, but not necessarily (e.g. the sending server
might not be fast enough).
The pre-set weights are:
class high -weight 400
class default -weight 100
class low -weight 25
class lowest -weight 6
I.e. regular browser downloads (class default) should get about 16 times
the speed than Torrents (class lowest).
The weighting needs some time (some seconds) to be through, so a newly
created higher-than-average TCP stream needs these seconds to come to full
* Now you can set MAXimum rx-speed and tx-speed!
Just use "cfo set rx_limit " resp. "cfo set tx_limit ". The
value is in bytes as cFos calculates them. This might be up to some
percent more than what your software shows you. It's best to look at maxrx
resp. maxtxraw ("cfo set maxrx" resp. "cfo set maxtxraw") and then set the
limit accordingly. The value is automatically saved. To set no limit, set
it to "inf" (like "cfo set rx_limit inf").
The tx_limit is quite accurate, but the rx_limit is only met statistically,
i.e. it's possible you receive more than the limit, but shortly afterwards
you'll receive less.
It is a good idea to give your client one full blast upload and download
before setting one of those limits. Otherwise, it will have problems
calculating, because it doesn't know the "true" line speeds.
* Speeded DSL transmit/receive speed and lowered CPU utilisation.
+ ctrace.txt is now in UTF-8 coding, but without a byte-order marker at the
beginning. Use e.g. notepad for viewing.
+ Added a way to change and save rtt_tab's. Thanks to Darko Grskovic for
+ Increased way too small buffer limits from 32k to 512k.
+ Added "cfo ati " command to see the ATIx modem command outputs.
and improved ATI7 PPP statistics.
+ Variable shaper will regain full speed quicker after it slowed down when
congestion was detected.
+ Added "cfo cperf" command to switch on or off class traffic dumping. By
setting "cfo cperf on" cFos will dump about once per second how many
bytes were sent in what priority class. This can help in testing filter
rules or finding performance problems.
+ When cFos' variable shaper is sending slow because of tx congestion
and that congestion goes away, cFos will now return to its old tx speed
+ Now UDP checksums are checked as well.
+ Added "cfo timerstyle" command to query (just "cfo timerstyle"), set
"cfo timerstyle " or list supported values ("cfo timerstyle -?").
Changes to timerstyle are only active after a restart of cFos.
+ Added layer-7 protocols SSL_S_BULK and SSL_C_BULK. Switching of SSL
sessions between bulk and regular mode is done automatically based
on speed and packet sizes.
Added l7-protocol SSH_BULK. SSH sessions are automatically switched to this
protocol, if they transfer mostly data in large blocks, so we presume they
are doing some file transfer. Thanks to ghorvath for inspiration.
+ Added gset variable fwlog. Setting it to 0 ("cfo gset fwlog 0 -save")
will disable fwlog.txt logging of firewalled packets. Thanks to danny
+ Straightened evaluation of which filter rules determine the class of a
connection. Now rules like -tcp-dport, etc. work as well. The third column
of a "cfo filter" output is 'c' for rules that set the class.
+ Added additional column with MSS to "cfo cons". It is included in
"cfo -speed", can be added with "-mss" option and has the column key 'm'
for -show, -addshow resp. -sort parameters.
Added additional columns for average tcp segment size (ass) to "cfo cons".
They are included in "cfo -speed", can be added with "-ass" option and have
the column keys 'a' for tx ass and 'A' for rx ass for -show, -addshow resp.
+ Now the class of UDP pseudo-connections is displayed, too, when you use
"cfo cons -class" or the "current connections" dialog.
+ Added global option 'relaxed_discr' to relax the check of discriminators of
Multilink-PPP (MPPP) bundles. It's set to 1 by default. With this option
on, only the class must match, not the whole discriminator.
+ Now you can display the class most packets of a TCP connection are classified
to (higher, high, default, low or lowest). Use "cfo cons -class" or -show:c,
-addshow:c or -sort:c options. See other "cons" or "-sort:" entries here
in whatsnew.txt for more details.
The "current connections" dialog show the class as well.
+ Added a proper "cfo cons -?" help screen.
+ New filter rules -tcp-seq and -tcp-cnt to match on bytes of sequence space
transmitted or number of packets in this connection, respectively. Thanks
to pogowurst for inspiration.
+ More changes in rx-shaping: cFos should now work much better with very
many connections, like with BitTorrent. Please report if it works for you!
+ Added an experimental new way to detect if cfosdnt.exe is running on "the"
console. cfosdnt.exe on "the" console is the one that e.g. loads
capi2032.dll and makes it available to kernelmode cfosnt.sys.
To use this alternative method, open cfos.ini and in section [cfos] set
new_console_detect=1. You need to restart cfosdnt.exe afterwards.
x Buttons in the icon skins where not working under Windows Vista. Fixed.
x Fixed a skin problem.
x Fixed warning that is displayed if too many connections cause rx-shaping
to be inefficient. It was displayed regardless of the number of
x Fixed a problem where downloads would be slowed too much. Thanks to FR.
x FTPS (FTP with SSL, FTP with TLS) command sessions are now identified
as FTPCMD in layer-7 detection. Thanks to ghorvath.
x Changing l7-protocol priority to "Normal" didn't work. Fixed.
x Fixed two possible causes for non-MSS aligned RWINs.
x Fixed problems with main_class display.
x Fixed a problem under Vista where skin settings would not be written to
disk after modification.
- Discontinued support of Windows 9x/Me and Windows NT 4.0. Now at least
Windows 2000 is required.
- FTPDATA protocol can now be set to high or higher priority, regardless of
its packet sizes.
- Removed tracing of minimal RTT ping packets.
- Module "ackfilter" is now disabled by default. Set "ackfilter=1" in
section [param] in cfos.ini to enable it again. This does only
switch off the filtering of presumably superfluous TCP ACKs, not the
regular priorisation of TCP ACKs.
cFos 7.20 build 3003 -- 02-Apr-2007
* All cFos executables and drivers are now digitally signed.
This is a requirement for Windows Vista x64, but comes in handy for all
other operating systems. If you download a version without a digital
signature of "cFos Software GmbH" it has been tampered with and is not
from us. In that case, download an original version from
+ Added gset variable save_in_session. If set to 0, it will prevent cFos
from saving data.ini, budget and traffic stats every 10 minutes. However,
ctrace.txt is still saved if output is printed to it. Thanks to Paszczak
for the feature request.
+ Increased time cFos wait for CAPI2032.DLL to load dynamically (if you use
-v0 -kr) to 3 seconds, so slow loading LAN CAPIs will have enough time.
+ When lowering msslimit this is now enforced on existing connections as
well. Before that, it only worked on new connections.
+ Added both media and methods frame_count and cable_mixed.
+ "cfo perf" output is now scaled with K or M postfixes if values become too
+ Added -dscp filter condition. You can give a range of DSCP values as
"-dscp x:y" or a single values like "-dscp x". See RFC 2474 for details on
DSCP and http://www.cfos.de/speed/documentation/filter_expressions.shtml for
details on filter expressions. Thanks to Knarf for inspiration.
+ Added -dscp option to class command to set a DSCP value to all outgoing
packets of a class. See RFC 2474 for details on DSCP.
+ Added parameters to "cfo cons": -time to also show the duration of
connections and -addshow:... to also show some columns; columns are selected
like with -show.
+ Changed rx-shaping so that it allows for faster speed recovery when rx speed
is too low.
+ Until now -l7-prot rule didn't accept the protocol "unknown", this has been
fixed. Now you can write "filter=-tx -l7-prot unknown -c lowest" to match
all packets with no recognised l7-protocol.
+ cFos now keeps RTTs of each TCP connection. We have to see how useful
that turns out to be. View them with "cfo cons -rtt". The column key for
rtts is 'i'.
+ More switches for cfo cons: -win, -all, -speed to add window limit, all
variables resp. all speed critical variables to display.
x Fixes in rx-shaping for slow speeds (like ISDN).
x Fixed a rare problem with license keys when re-installing cFos.
x Fix for a crash at deinstallation.
x cFos now doesn't CAPI_RELEASE or closes the CAPI at all. This seems to lock
up some Vista machines.
x Fixed a bug where layer-7 detection sometimes confused http streaming server
x Various fixes for Vista: don't display the tip of the day (caused trouble with
Windows Defender); fixed key registration problem; fixed missing program names
for connections; don't change TcpWindowSize or RWIN parameter (it's no longer
supported thanks to TCP/IP auto-tuning).
x Fixed dynamic loading of CAPI2032.DLL, which sometimes wasn't working.
Thanks to Günter Niedermeier.
x Trace output of process names for some OSes was trashed. Fixed.
x Sometimes not all settings were loaded from DATA.INI when a port was opened.
x Fixed a problem where V.110 and V.120 would not be available when
CAPI2032.dll was used. Thanks to Olaf Krebs.
x Upload speed was sometimes too low when low-latency mode was activated.
x Fixed IP checksum check, which sometimes let packets with bad IP checksums
pass. This bug was introduced in build 7.05.2990.
x Fixed a rare crash in DSL reception code. Thanks to Novad Protikin for the
- When connecting to the Internet with DSL the default setting of S83
(PPP LCP Echo-Req generation timer) is now 0, i.e. the Echo-Req generation
is switched off. If you want to switch it back on, just add some extra
initialisation string like "ATS83=5 S84=24".
- Again a hint to heavy downloaders: limit the number of your download
connections. This ensures more stable download rates and in the end faster
downloads. 20-40 seems to be a good value.
- cFos now accepts new language files: just place a file named cfosml_XX.txt
(replace XX with some language abbreviation) into cFos' homedir. Set the
#language of that file to a yet unused number. In CFOS.INI, set the
fulllangid key in the [cFos] section to that number and restart your
computer (or only cfosdnt.exe).
- TCP window size is now adjusted to allow 25 Mbit/s downloads.
cFos 7.04 build 2968 -- 30-Aug-2006
x New cFos installations had empty settings.hta dialog. Fixed.
cFos 7.02 build 2967 -- 28-Aug-2006
+ Added display of budget level in skins that support it.
+ Added context menu entry to switch latency setting.
+ cFosSpeed default skin now has a nice explanatory "panel" that pops up
when you hover over one of the active areas.
+ Recoded RX (downstream) traffic shaping. This should help especially
BitTorrent users with improved download speed and better ping times. To
further increase your download speed, limit the number of receiving
connections. 400 seem to be normal with Azureus, but 50 result in better
This fix could as well help users that had the effect of dropping TX rates
+ RX (downstream) traffic shaping can now be switched on or off by setting
"cfo gset rx_shape 1" resp. "0". In the same way traffic shaping can now
be totally switched on or off by setting "cfo gset shape 1" resp. "0".
+ "cfo cons" output can now be sorted and only specific columns can be
printed. Use -sort: to sort and -show: to specify
the columns to be printed. Column keys are case significant. -noudp
and -notcp will not print UDP resp. tcp connections.
Column keys are:
p Protocol (TCP or UDP) (only display, no sort)
l Local IP:port number
o Remote IP:port number
g Program name
r RX volume
t TX volume
R Current RX speed
T Current TX speed
d Duration of connection
- To reverse the sorting order
Example: "cfo cons -sort:-d -show:lod -noudp" shows all TCP connections
and displays local and remote IP:ports and their connection time, oldest
+ HTA dialogs are now existent only once and pull their language specific
texts from the regular ml-file cfosml.txt. Translators now only have to
translate cfosml.txt and no longer work on the HTA files as well.
Dialogs are available in all our previously supported languages, which
are: German, English, Spanish, Hungarian, Turkish and traditional Chinese.
+ "Current Connections" has a new design and can now be sorted.
+ Added "medium /?", "set medium /?" and "set method /?" with a list of
x cFos runs now under Vista x64. Thanks to Paul Mercer for his help.
x Small HTA fixes for IE7.
x Settings entry in context menu is now again visible under Win2000.
x Fixed an endless loop when changing firewall setting (through command
line or 'Settings' menu).
x Fixed dump_sessions 4. Thanks to martin winkler. :)
x Now cFos properly distinguishes between http media downloads and
x Fixed Kademlia detection.
- Switched off tooltip display for skin windows.
- Status windows show speeds now based on transmitted IP packet volume.
Thanks to Vigil for inspiration.
- Context menu entries "Clear calibration data" and "Send calibration pulse"
are now reduced to one entry.
cFos 7.00 build 2944 -- 31-May-2006
* Major feature: Added Protocol Layer 7 Detection. From now on,
cFos analyzes traffic based on the transferred data rather than
the port number used. This gives cFos precise traffic analysis
capabilities and thereby allows you fine-grained control over your
traffic. cFos detects the following protocols:
Commonly used: HTTP, FTP, POP3, SMTP, IMAP4
Voice-over IP: RTP, RTCP, SIP
Special protocols: Telnet, SSH, SSL, IRC, DNS, (S)NTP, RPC
Filesharing: eDonkey, Kazaa, Bittorrent, Kademlia, Gnutella(2),
Streaming Media: HTTP-Streams with various Media-Players and RTSP
For each protocol cFos distinguishes between client and server
mode. All protocols can be prioritized individually. In addition there
is a "Connections console" giving you real-time information about the
current connections and their detected protocols. User data of these
connections can also be recorded into a log file for analysis, see session
As a by-product you can now use internet connection sharing to connect
several computers to the Internet and still have e.g. filesharing traffic
prioritized low. The next major release will have additional bandwidth
negotiation for multiple PCs connected to a single router.
* New Technology: cFos is now available as 64-bit version for Windows XP x64
Edition. Driver, Status Window and Setup are true 64-bit programs! The
64-bit version has all the features of the 32-bit version.
ISDN support works with CAPI2064.DLL and kernelmode CAPI.
* Added support for ISDN. From now on ISDN users also benefit from
cFos Traffic Shaping! This makes your ISDN connections more responsive
by reducing ping times. All the advantages of the broadband Traffic Shaping
are now available for ISDN.
* cFos is now able to traffic shape VJ-compressed connections as well.
* Added UDP pseudo-connection tracking. UDP packets between two peers are
believed to belong to the same connection if they arrive less 10 seconds
apart. The pseudo-connections are displayed under "cfo cons" as well.
The timeout can be adjusted by the udp_timeout gset variable (the variable
is in milliseconds).
* Added session dump: you can now dump TCP sessions and UDP pseudo-sessions
in their own files. This way you can have all packets of one session in
one file (and not more). Activate it with "cfo gset dump_sessions 2" and
switch on TCP payload dumping with "cfo gset dump_tcp_data 1" (without TCP
data dumps there won't be anything interesting for us to see). The
maximum file size is set to 100k, if you want to change it use
"cfo gset max_session_dump_size 200k" (change "200k" to your liking).
All in one line that is:
cfo gset dump_sessions 2; gset dump_tcp_data 1
"cfo gset dump_sessions" accepts the following values:
0 don't dump sessions
2 dump, but delete dump file if there was no data except TCP SYNs
3 dump like 2, but delete also if l7-protocol is known.
4 dump and never delete dump file
+ Azureus.exe has been added to program prios. Unfortunately, the new Azureus
release uses encryption which makes detection hard. Therefore, these
streams are not yet detected by our layer7 detection.
+ Protocols and programs that are set to "normal" prio are not matched at all
(since there is no longer a filter rule for normal prio). Especially,
packets of protocols that are set to normal can be matched by later
program filters (usually protocols are matched first and only if no match
was found, programs are matched).
+ Added "cfo fstat" command to display which filters matched how often. Use
it to check if your filters are working. "cfo fstat -clear" clears the
+ Added traditional chinese and turkish HTA dialogs.
+ Added "click-through" mode to skin windows. If you activate it, mouse clicks
are processed by the window beneath the cFos skin window.
+ Added support for dynamic loading of CAPI2032.DLL. Also, cFos will now try
to load CAPI2032.DLL when you open a port if it could not be loaded earlier.
+ Added new skin variable "latency_mode" and a new action to execute cfo
commands via skin buttons. Thus our skins now allow you to switch to low
latency mode. The additional variable "latency" indicates if low latency
mode is actually on.
+ Added new cfo command "cfo connections" or "cfo cons". This will show a
list of all tcp connections with traffic, uptime and program, one per line.
+ Now tray icons are re-displayed after explorer restarts.
+ Errors while doing a "cfo reload" are now printed on the console as well
(not only to the ctrace.txt file).
+ The new gset parameter "strict_rtp_check=0" in the [Param] section of
cfos.ini can now turn off strict checking of RTP packets. With strict
checking RTP packets must contain a source ID, previously introduced by a
corresponding RTCP packet. Disable this check if you use Voice over IP
Software which doesn't generate RTCP packets, like VoIPBuster. Default is 1
+ Better ping times in "Favour Ping Time" mode, since we limit the MSS
there to 536 bytes, if your connection is slower than about 20-30 kb/sec.
+ Rx shaping should more smooth now, i.e. you should experience less
fluctuations in the ping time.
+ Improved accuracy of downstream speed calculation.
+ "method" set variable can now be entered and displayed symbolically.
+ Added IP fragmentation support.
+ Better Multilink PPP support, now fully supports MP fragmentation and VJ
+ Reintroduced TCP checksums: if a packet doesn't check out, it will be
ignored by cFos.
+ Added -mp-header, -mp-begin, -mp-end filter, -mp-frag, -rand rules.
See filter_expressions.txt for details.
+ The rule that caused a packet to be dropped is now printed to FWLOG.TXT.
+ Some internal changes and speed improvements.
+ Added "cfo dump ip" to dump IP packets (possibly fragmented, but after
MP-reassembly and VJ-decompression) and "cfo dump ipr" to dump IP datagrams
(after IP reassembly) when they are handled by cFos.
+ AT&F now reads its settings from cfos.ini section factory (if existent).
AT&WF can be used to write this section. AT&F1 can be used to really
reset to internal "factory" defaults.
+ Increased number of internal buffers for PPPoE. This should fix
"Internal structures full" messages in ctrace.txt.
+ Added differential statistics to "cfo pingstat". The numbers in brackets
are the counts starting after the last time a ping worked. This should
help diagnose problems where pings work but at some time stop doing so.
+ TCP RWIN is now set so that DSL-6000 (and other 6mbit fast connections)
will work with full speed. Thanks to graf for the hint.
+ New S76=2 setting allows you to set ISDN protocol for incoming calls
regardless of LLC/HLC signalling.
+ Fixed problems with HTA dialogs related to registry permissions.
+ "cfo cstat" now shows txspeed and max_queue_size as well.
+ Added modem command AT#L to simulate a login event for test purposes.
+ cFos now handles (i.e. mainly ignores) the GSM AT commands +CBST, CPIN
+ TCP data retransmissions of packets that are still queued are no longer
sent out. This can save some 1% tx volume.
+ Improved the way ping messages are sent out. This helps the shaping
algorithm to run more smoothly.
x Fixed a bug where PPPoE login would not work reliably when more than one
PPPoE server answered.
x Fixed a rare problem where cFos would not detect incoming calls.
x Changes to fix problems when displaying taskbar icon.
x Fixed a rare crash.
x Fixed a semi-rare crash.
x Another fix for VJ-compression in only one direction was needed.
x Fixed a crash when VJ-compression was used in only one direction.
x Fixed problem with missing import for certain NT4 systems.
x Shaping is now only activated when it is switched on in feature setup (i.e.
if -x80 is set to something other than zero.) Until now, even with -x80=0
a connection listed under [connections] in cfos.ini would have been shaped.
x Now tcp_warn and strict_mp switches are properly read from [Param] section
of cfos.ini and properly inited.
x Fixed a problem where .ini files could not be accessed due to sharing
x Fixed a rare UNEXPECTED_KERNEL_MODE_TRAP crash. Thanks to Samuel Lee
for a minidump and testing.
x On connections with low-downstream bandwidth rx shaping might have taken some
seconds to effectively kick in. Fixed.
x Too many packets were logged to FWLOG.TXT. Fixed.
x Final fix for that RTP crash. Thanks to Armin Schöffmann for testing.
x The cFosSpeed-style skins in cFos didn't show the red arrows that indicate
incoming data. Fixed. Thanks to Joshua Lee for the report.
x It seems that some routers reassemble TCP streams. This resulted in some
unwanted "method 1 to 2" switches. Fixed.
x Fixed a bug that caused the ACK-filter to filter way too many ACKs, thus
degrading download performance. Thanks to AlexV for his help.
x Fixed a missing external "SHGetSpecialFolderPathW under NT4.
x Fix which prevents RINGING indication on already used COM ports.
x Fixed a spurious crash. Thanks to Dirk Schoen for his help.
x Fixed DSL code for the detection of network cards. This should fix
problems users were having in connecting with nForce 4 cards.
x The burst code should be more stable now.
x cFos sometimes waited a longer time for CAPI messages than needed. This
may have slowed communications on many ports simultaneously. Thanks to
Frank Auerswald for testing.
x Fixed an occasional crash at shutdown when data kept pouring in.
x Fixed a bug which could result in wrong amounts of "Segments w/o
connection". This could have been the cause for processes sending too
fast, even with low(est) priorisation.
x Fixed some more "unverified RST" warnings. Strange TCP segments travel the
- Removed filter_expressions.txt from distribution. See
- Firewall can now be switched on/off in context-menu > settings while cFos is
- Tracing is now on by default, i.e. there is always a CTRACE.TXT file
created with some basic info on your system and connections. If you are
reporting bugs, please attach this file to your mail.
- Changed speed reported to Windows on PPPoE connections to 100 mbps.
- New design of HTML files.
cFos 6.10 build 2875 -- 07-Jul-2005
If you're interested in even older history, get it from our FTP
server as CFOSHIST.ZIP.
------------------------ End of file ---------------------------