diff options
author | Jakub Sławiński | 2005-03-15 01:22:55 +0100 |
---|---|---|
committer | Joshua Judson Rosen | 2014-07-17 21:14:58 +0200 |
commit | 1adde65db245ec1fca752cfee4c198badf40fb5f (patch) | |
tree | bba33f3b1fe7d469f9df7a89af9dac77b27fa3bb /doc/afclient.1 | |
parent | udp_patch (diff) | |
download | apf-1adde65db245ec1fca752cfee4c198badf40fb5f.tar.gz |
v0.6
- Fixed: default password incompatibilities from config file
- Added: "client's id" option
- Lightly Modified: verbose mode
- Added: temporary listen ports
- Fixed: bug in printing "client's id"
- Added: 'dateformat' option to set format of the date in the logs
- Modified: command line option and config file behaviour
- Added: logging to a socket
- Fixed: parsing config file
- Fixed: major bug in packet buffering
- Added: several clients-users in one realm
- Modified: default hostname used by afserver
- Modified: server listening behaviour (for clients)
- Fixed: bug in checking options values
- Modified: verbose mode
- Modified: client initial connection to server
- Added: connection time / uptime statistics
- Added: first version of remote administration (statistics only)
- Fixed: major bug in remove_client routine
- Added: 'raclients' option
- Added: use of automake/autoconf
- Added: creating ~/.apf directory
- Modified: the way of creating/managing keys/certificates
- Added: 'dnslookups' option
- Modified: usage functions
- Fixed: no handling of missing 'listen' option after 'newrealm' in config file
- Added: 'quit' command in remote administration mode
- Modified: logging error messages during initialization
- Modified: 'newrealm' changed to 'realm' in config file
- Added: realm names
- Modified: connection time / uptime
- Added: client names / unique numbers
- Added: user unique numbers
- Fixed: segmentation fault after 'quit' command
Diffstat (limited to 'doc/afclient.1')
-rw-r--r-- | doc/afclient.1 | 246 |
1 files changed, 246 insertions, 0 deletions
diff --git a/doc/afclient.1 b/doc/afclient.1 new file mode 100644 index 0000000..5cdd770 --- /dev/null +++ b/doc/afclient.1 @@ -0,0 +1,246 @@ +.TH afclient 1 "apf 0.6" Jeremian +.SH NAME +afclient \- active port forwarder client +.SH SYNOPSIS +.B afclient [ +.I options +.B ] -n +.I servername +.B -p +.I portnum +.SH DESCRIPTION +.B Afclient +is a port forwarding program designed to be efficient and easy to use. It connects to +.B afserver +to listenport (default listenport is 50126) and after a successful authorization +.B afclient +redirects all the data to the specified destination host:port. +.SH "EXAMPLES" +.B afclient -n servername -p 22 + program connects to servername:50126 and redirects data to local port 22 (becomes a daemon) + +.B afclient -n servername -p 22 -v + the same as above, but verbose mode is enabled (program won't enter daemon mode) + +.B afclient -n servername -r + program connects to servername:50126 in remote administration mode +.SH OPTIONS +.I "Basic options" + +.B -n, --servername NAME + name of the host, where +.I afserver +is running (required) + +.B -m, --manageport PORT + manage port number - server must be listening on it (default: 50126) + +.B -d, --hostname NAME + the name of this host/remote host - the final destination of the packets (default: the name returned by hostname function) + +.B -p, --portnum PORT + the port we are forwarding connection to (required) + +.B -h, --help + prints help screen + +.I Authorization + +.B -i, --id STRING + sends the id string to afserver + +.B --pass PASSWORD + set the password used for client identification (default: no password) + +.I Configuration + +.B -k, --keyfile FILE + the name of the file with RSA key (default: client.rsa) + +.B -D, --dateformat FORMAT + format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S) + +.I Modes + +.B -u, --udpmode + udp mode - client will use udp protocol to communicate with the hostname:portnum (-p) + +.B -U, --reverseudp + reverse udp forwarding. Udp packets will be forwarded from hostname:portnum (-p) to the server name:portnum (-m) + +.B -r, --remoteadmin + remote administration mode. (using '-p PORT' will force afclient to use port rather then stdin-stdout) + +.I Logging + +.B -O, --heavylog + logging everything to a logfile + +.B -o, --lightlog + logging some data to a logfile + +.B -S, --heavysocklog + logging everything to a localport + +.B -s, --lightsocklog + logging some data to a localport + +.B -v, --verbose + to be verbose - program won't enter the daemon mode (use several times for greater effect) + +.I "IP family" + +.B -4, --ipv4 + use ipv4 only + +.B -6, --ipv6 + use ipv6 only + +.I Modules + +.B -l, --load + load a module for user's packets filtering + +.B -L, --Load + load a module for service's packets filtering + +.SH "REMOTE ADMINISTRATION" + +Remote administration mode is enabled by +.B '-r, --remoteadmin' +option. Required options: +.B '-n, --servername NAME' + +After successful authorization stdin/stdout are used to communicate with user. All the commands parsing is done by +.BR afserver . +Commands guaranteed to be available: + +.B help + display help + +.B lcmd + lists available commands + +.B quit + quit connection + +For list of all available commands take a look at +.BR afserver (1). + +When +.B '-p, --portnum PORT' +is used, +.B afclient +listens for connection from user at NAME:PORT. NAME is set by +.B '-d, --hostname' +option or hostname() function, when the option is missing. + +When user quits (close the connection or send +.B 'quit' +command), +.B afclient +exits. + +.SH MODULES + +.B Afclient +can use external modules for user's packets filtering +.RB ( "'-l, --load'" ) +and service's packets filtering +.RB ( "'-L, --Load'" ). +Module file has to declare three functions: + +.BI "char* info(" void ); + + info() return values: + - info about module + + Example: + + char* + info(void) + { + return "Module tester v0.1"; + } + +.BI "int allow(char* " host ", char* " port ); + + allow() return values: + 0 - allow to connect + !0 - drop the connection + + Example: + + int + allow(char* host, char* port) + { + return 0; /* allow to connect */ + } + +.BI "int filter(char* " host ", unsigned char* " message ", int* " length ); + + filter() return values: + 0 - allow to transfer + 1 - drop the packet + 2 - drop the connection + 3 - release the module + 4 - drop the packet and release the module + 5 - drop the connection and release the module + + Example: + + int + filter(char* host, unsigned char* message, int* length) + { + int i; + for (i = 1; i < *length; ++i) { + if (message[i-1] == 'M') { + if (message[i] == '1') { + return 1; /* ignored */ + } + if (message[i] == '2') { + return 2; /* dropped */ + } + if (message[i] == '3') { + return 3; /* release */ + } + if (message[i] == '4') { + return 4; /* ignored + release */ + } + if (message[i] == '5') { + return 5; /* dropped + release */ + } + } + } + return 0; /* allow to transfer */ + } + +Modules have to be compiled with +.B -fPIC -shared +options. + +.SH "SEE ALSO" + +.BR afserver (1), +.BR afserver.conf (5) + +.SH BUGS + +.B Afclient +is still under development. There are no known open bugs at the moment. + +.SH "REPORTING BUGS" + +Please report bugs to <jeremian [at] poczta.fm> + +.SH AUTHOR + +Jeremian <jeremian [at] poczta.fm> + +.SH CONTRIBUTIONS + +Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru> and Marco Solari <marco.solari [at] koinesistemi.it> + +.SH LICENSE + +Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (C) 2003,2004,2005 jeremian <jeremian [at] poczta.fm>. See the file COPYING for details. |