summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorJakub Sławiński2005-03-15 01:22:55 +0100
committerJoshua Judson Rosen2014-07-17 21:14:58 +0200
commit1adde65db245ec1fca752cfee4c198badf40fb5f (patch)
treebba33f3b1fe7d469f9df7a89af9dac77b27fa3bb /doc
parentudp_patch (diff)
downloadapf-1adde65db245ec1fca752cfee4c198badf40fb5f.tar.gz
v0.6
- Fixed: default password incompatibilities from config file - Added: "client's id" option - Lightly Modified: verbose mode - Added: temporary listen ports - Fixed: bug in printing "client's id" - Added: 'dateformat' option to set format of the date in the logs - Modified: command line option and config file behaviour - Added: logging to a socket - Fixed: parsing config file - Fixed: major bug in packet buffering - Added: several clients-users in one realm - Modified: default hostname used by afserver - Modified: server listening behaviour (for clients) - Fixed: bug in checking options values - Modified: verbose mode - Modified: client initial connection to server - Added: connection time / uptime statistics - Added: first version of remote administration (statistics only) - Fixed: major bug in remove_client routine - Added: 'raclients' option - Added: use of automake/autoconf - Added: creating ~/.apf directory - Modified: the way of creating/managing keys/certificates - Added: 'dnslookups' option - Modified: usage functions - Fixed: no handling of missing 'listen' option after 'newrealm' in config file - Added: 'quit' command in remote administration mode - Modified: logging error messages during initialization - Modified: 'newrealm' changed to 'realm' in config file - Added: realm names - Modified: connection time / uptime - Added: client names / unique numbers - Added: user unique numbers - Fixed: segmentation fault after 'quit' command
Diffstat (limited to 'doc')
-rw-r--r--doc/afclient.1246
-rw-r--r--doc/afserver.1175
-rw-r--r--doc/afserver.conf.5126
-rw-r--r--doc/afserver_example.conf57
-rw-r--r--doc/en/README479
-rw-r--r--doc/fr/fr_README488
-rw-r--r--doc/ru/ru_README294
7 files changed, 1865 insertions, 0 deletions
diff --git a/doc/afclient.1 b/doc/afclient.1
new file mode 100644
index 0000000..5cdd770
--- /dev/null
+++ b/doc/afclient.1
@@ -0,0 +1,246 @@
+.TH afclient 1 "apf 0.6" Jeremian
+.SH NAME
+afclient \- active port forwarder client
+.SH SYNOPSIS
+.B afclient [
+.I options
+.B ] -n
+.I servername
+.B -p
+.I portnum
+.SH DESCRIPTION
+.B Afclient
+is a port forwarding program designed to be efficient and easy to use. It connects to
+.B afserver
+to listenport (default listenport is 50126) and after a successful authorization
+.B afclient
+redirects all the data to the specified destination host:port.
+.SH "EXAMPLES"
+.B afclient -n servername -p 22
+ program connects to servername:50126 and redirects data to local port 22 (becomes a daemon)
+
+.B afclient -n servername -p 22 -v
+ the same as above, but verbose mode is enabled (program won't enter daemon mode)
+
+.B afclient -n servername -r
+ program connects to servername:50126 in remote administration mode
+.SH OPTIONS
+.I "Basic options"
+
+.B -n, --servername NAME
+ name of the host, where
+.I afserver
+is running (required)
+
+.B -m, --manageport PORT
+ manage port number - server must be listening on it (default: 50126)
+
+.B -d, --hostname NAME
+ the name of this host/remote host - the final destination of the packets (default: the name returned by hostname function)
+
+.B -p, --portnum PORT
+ the port we are forwarding connection to (required)
+
+.B -h, --help
+ prints help screen
+
+.I Authorization
+
+.B -i, --id STRING
+ sends the id string to afserver
+
+.B --pass PASSWORD
+ set the password used for client identification (default: no password)
+
+.I Configuration
+
+.B -k, --keyfile FILE
+ the name of the file with RSA key (default: client.rsa)
+
+.B -D, --dateformat FORMAT
+ format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S)
+
+.I Modes
+
+.B -u, --udpmode
+ udp mode - client will use udp protocol to communicate with the hostname:portnum (-p)
+
+.B -U, --reverseudp
+ reverse udp forwarding. Udp packets will be forwarded from hostname:portnum (-p) to the server name:portnum (-m)
+
+.B -r, --remoteadmin
+ remote administration mode. (using '-p PORT' will force afclient to use port rather then stdin-stdout)
+
+.I Logging
+
+.B -O, --heavylog
+ logging everything to a logfile
+
+.B -o, --lightlog
+ logging some data to a logfile
+
+.B -S, --heavysocklog
+ logging everything to a localport
+
+.B -s, --lightsocklog
+ logging some data to a localport
+
+.B -v, --verbose
+ to be verbose - program won't enter the daemon mode (use several times for greater effect)
+
+.I "IP family"
+
+.B -4, --ipv4
+ use ipv4 only
+
+.B -6, --ipv6
+ use ipv6 only
+
+.I Modules
+
+.B -l, --load
+ load a module for user's packets filtering
+
+.B -L, --Load
+ load a module for service's packets filtering
+
+.SH "REMOTE ADMINISTRATION"
+
+Remote administration mode is enabled by
+.B '-r, --remoteadmin'
+option. Required options:
+.B '-n, --servername NAME'
+
+After successful authorization stdin/stdout are used to communicate with user. All the commands parsing is done by
+.BR afserver .
+Commands guaranteed to be available:
+
+.B help
+ display help
+
+.B lcmd
+ lists available commands
+
+.B quit
+ quit connection
+
+For list of all available commands take a look at
+.BR afserver (1).
+
+When
+.B '-p, --portnum PORT'
+is used,
+.B afclient
+listens for connection from user at NAME:PORT. NAME is set by
+.B '-d, --hostname'
+option or hostname() function, when the option is missing.
+
+When user quits (close the connection or send
+.B 'quit'
+command),
+.B afclient
+exits.
+
+.SH MODULES
+
+.B Afclient
+can use external modules for user's packets filtering
+.RB ( "'-l, --load'" )
+and service's packets filtering
+.RB ( "'-L, --Load'" ).
+Module file has to declare three functions:
+
+.BI "char* info(" void );
+
+ info() return values:
+ - info about module
+
+ Example:
+
+ char*
+ info(void)
+ {
+ return "Module tester v0.1";
+ }
+
+.BI "int allow(char* " host ", char* " port );
+
+ allow() return values:
+ 0 - allow to connect
+ !0 - drop the connection
+
+ Example:
+
+ int
+ allow(char* host, char* port)
+ {
+ return 0; /* allow to connect */
+ }
+
+.BI "int filter(char* " host ", unsigned char* " message ", int* " length );
+
+ filter() return values:
+ 0 - allow to transfer
+ 1 - drop the packet
+ 2 - drop the connection
+ 3 - release the module
+ 4 - drop the packet and release the module
+ 5 - drop the connection and release the module
+
+ Example:
+
+ int
+ filter(char* host, unsigned char* message, int* length)
+ {
+ int i;
+ for (i = 1; i < *length; ++i) {
+ if (message[i-1] == 'M') {
+ if (message[i] == '1') {
+ return 1; /* ignored */
+ }
+ if (message[i] == '2') {
+ return 2; /* dropped */
+ }
+ if (message[i] == '3') {
+ return 3; /* release */
+ }
+ if (message[i] == '4') {
+ return 4; /* ignored + release */
+ }
+ if (message[i] == '5') {
+ return 5; /* dropped + release */
+ }
+ }
+ }
+ return 0; /* allow to transfer */
+ }
+
+Modules have to be compiled with
+.B -fPIC -shared
+options.
+
+.SH "SEE ALSO"
+
+.BR afserver (1),
+.BR afserver.conf (5)
+
+.SH BUGS
+
+.B Afclient
+is still under development. There are no known open bugs at the moment.
+
+.SH "REPORTING BUGS"
+
+Please report bugs to <jeremian [at] poczta.fm>
+
+.SH AUTHOR
+
+Jeremian <jeremian [at] poczta.fm>
+
+.SH CONTRIBUTIONS
+
+Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru> and Marco Solari <marco.solari [at] koinesistemi.it>
+
+.SH LICENSE
+
+Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (C) 2003,2004,2005 jeremian <jeremian [at] poczta.fm>. See the file COPYING for details.
diff --git a/doc/afserver.1 b/doc/afserver.1
new file mode 100644
index 0000000..0a39c2c
--- /dev/null
+++ b/doc/afserver.1
@@ -0,0 +1,175 @@
+.TH afserver 1 "apf 0.6" Jeremian
+.SH NAME
+afserver \- active port forwarder server
+.SH SYNOPSIS
+.B afserver [
+.I options
+.B ]
+.SH DESCRIPTION
+.B Afserver
+is a port forwarding program designed to be efficient and easy to use. It listens for incoming
+.B afclient
+connections at listenport (default listenport is 50126). After successful client authorization,
+.B afserver
+listens for incoming user connections. When a new user connection is opened, all the data is redirected to previously connected
+.B afclient,
+which redirects it to the specified destination host:port.
+.SH EXAMPLES
+.B afserver
+ program starts with default options (become a daemon)
+
+.B afserver -v
+ verbose mode is enabled (program won't enter daemon mode)
+
+.B afserver -n localhost -l 5435 -m 6375
+ program will listen on localhost:5435 for users and on localhost:6375 for clients
+.SH OPTIONS
+.I "Basic options"
+
+.B -n, --hostname NAME
+ used when creating listening sockets (default: '')
+
+.B -l, --listenport PORT
+ listening port number - users connect to it (default: 50127)
+
+.B -m, --manageport PORT
+ manage port number -
+.I afclient
+connects to it (default: 50126)
+
+.B -h, --help
+ prints help screen
+
+.I Authorization
+
+.B --pass PASSWORD
+ password used for client identification (default: no password)
+
+.I Configuration
+
+.B -c, --cerfile FILE
+ the name of the file with certificate (default: cacert.pem)
+
+.B -k, --keyfile FILE
+ the name of the file with RSA key (default: server.rsa)
+
+.B -f, --cfgfile FILE
+ the name of the file with the configuration for the
+.I afserver
+
+.B -D, --dateformat FORMAT
+ format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S)
+
+.B -t, --timeout N
+ the timeout value for the client's connection (default: 5)
+
+.B -u, --users N
+ the amount of users allowed to use this server (default: 5)
+
+.B -C, --clients N
+ the number of allowed clients to use this server (default: 1)
+
+.B -r, --realm
+ set the realm name (default: none)
+
+.B -R, --raclients N
+ the number of allowed clients in remote administration mode to use this server (default: 1)
+
+.B -U, --usrpcli N
+ the number of allowed users per client (default: $users)
+
+.B -M, --climode N
+ strategy used to connect users with clients (default: 1)
+ Available strategies:
+ 1. fill first client before go to next
+
+.B -p, --proto TYPE
+ type of server (tcp|udp) - what protocol it will be operating for (default: tcp)
+
+.B -b, --baseport
+ listenports are temporary and differ for each client
+
+.B --nossl
+ ssl is not used to transfer data (but it's still used to establish a connection) (default: ssl is used)
+
+.B --nozlib
+ zlib is not used to compress data (default: zlib is used)
+
+.B --dnslookups
+ try to obtain dns names of the computers rather than their numeric IP
+
+.I Logging
+
+.B -O, --heavylog
+ logging everything to a logfile
+
+.B -o, --lightlog
+ logging some data to a logfile
+
+.B -S, --heavysocklog
+ logging everything to a localport
+
+.B -s, --lightsocklog
+ logging some data to a localport
+
+.B -v, --verbose
+ to be verbose - program won't enter the daemon mode (use several times for greater effect)
+
+.I "IP family"
+
+.B -4, --ipv4
+ use ipv4 only
+
+.B -6, --ipv6
+ use ipv6 only
+
+.SH "REMOTE ADMINISTRATION"
+
+Currently available commands are:
+
+.B help
+ display help
+
+.B lcmd
+ lists available commands
+
+.B info
+ prints info about server
+
+.B rshow
+ display realms
+
+.B cshow X
+ display clients in X realm
+
+.B ushow X
+ display users in X realm
+
+.B quit
+ quit connection
+
+.SH "SEE ALSO"
+
+.BR afclient (1),
+.BR afserver.conf (5)
+
+.SH BUGS
+
+.B Afserver
+is still under development. There are no known open bugs at the moment.
+
+.SH "REPORTING BUGS"
+
+Please report bugs to <jeremian [at] poczta.fm>
+
+.SH AUTHOR
+
+Jeremian <jeremian [at] poczta.fm>
+
+.SH CONTRIBUTIONS
+
+Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru> and Marco Solari <marco.solari [at] koinesistemi.it>
+
+.SH LICENSE
+
+Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (C) 2003,2004,2005 jeremian <jeremian [at] poczta.fm>. See the file COPYING for details.
diff --git a/doc/afserver.conf.5 b/doc/afserver.conf.5
new file mode 100644
index 0000000..b15bf2d
--- /dev/null
+++ b/doc/afserver.conf.5
@@ -0,0 +1,126 @@
+.TH afserver.conf 5 "apf 0.6" Jeremian
+.SH NAME
+afserver.conf \- Configuration File for afserver
+.SH INTRODUCTION
+.B Afserver
+supports several mechanisms to supply configuration and run-time parameters: command line options,
+.B afserver.conf
+and hard-coded defaults. When the same information is supplied in more than one way, the highest precedence mechanism is used. When configuration file is used (option:
+.IR "-f FILE")
+command line options like
+.IR --hostname ,
+.IR --listenport ,
+.I --manageport
+and
+.I --pass
+are ignored. Options from configuration file are taken before values from command line. When something is not declared, hard-coded values are used.
+
+.SH DESCRIPTION
+.B Afserver
+uses configuration file, which name is supplied by the
+.I -f FILE
+option. The
+.B afserver.conf
+file is composed of two sections which have to be in fixed order. In first section global values like certificates, keys and logging options are set. The second section starts with first
+.B newrealm
+command and includes options describing specific realms. There may be several
+.B newrealm
+commands.
+
+.SH "GLOBAL OPTIONS"
+
+.B certificate FILE
+ the name of the file with certificate (default: cacert.pem)
+
+.B key FILE
+ the name of the file with RSA key (default: server.rsa)
+
+.B lightlog FILE
+ logging some data to a logfile
+
+.B heavylog FILE
+ logging everything to a logfile
+
+.B heavysocklog PORT
+ logging everything to a localport
+
+.B lightsocklog PORT
+ logging some data to a localport
+
+.B dateformat FORMAT
+ format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S). Format string is trimmed. In order to include white characters into format string, use dots to mark beginning and end of the text. If the dot is first or last character, it's removed. Only one character from the beginning and one from the end can be removed.
+
+.SH "REALM OPTIONS"
+
+.B realm [NAME]
+ starts configuration of the next realm. Name of the realm can be specified using this option.
+
+.B hostname NAME
+ used when creating listening sockets (default: '')
+
+.B listen PORT
+ listening port number - users connect to it (required at least one)
+
+.B manage PORT
+ manage port number - afclient connects to it (required at least one)
+
+.B pass PASSWORD
+ password used for client identification (default: no password)
+
+.B users N
+ the amount of users allowed to use this server (default: 5)
+
+.B timeout N
+ the timeout value for the client's connection (default: 5)
+
+.B clients N
+ the number of allowed clients to use this server (default: 1)
+
+.B raclients N
+ the number of allowed clients in remote administration mode to use this server (default: 1)
+
+.B usrpcli N
+ the number of allowed users per client (default: $users)
+
+.B climode N
+ strategy used to connect users with clients (default: 1)
+ Available strategies:
+ 1. fill first client before go to next
+
+.B proto TYPE
+ type of server (tcp|udp) - what protocol it will be operating for (default: tcp)
+
+.B nossl
+ ssl is not used to transfer data (but it's still used to establish a connection) (default: ssl is used)
+
+.B nozlib
+ zlib is not used to compress data (default: zlib is used)
+
+.B baseport
+ listenports are temporary and differ for each client
+
+.B dnslookups
+ try to obtain dns names of the computers rather than their numeric IP
+
+.B ipv4
+ use ipv4 only
+
+.B ipv6
+ use ipv6 only
+
+.SH "SEE ALSO"
+
+.BR afclient (1),
+.BR afserver (1)
+
+.SH AUTHOR
+
+Jeremian <jeremian [at] poczta.fm>
+
+.SH CONTRIBUTIONS
+
+Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru> and Marco Solari <marco.solari [at] koinesistemi.it>
+
+.SH LICENSE
+
+Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (C) 2003,2004,2005 jeremian <jeremian [at] poczta.fm>. See the file COPYING for details.
diff --git a/doc/afserver_example.conf b/doc/afserver_example.conf
new file mode 100644
index 0000000..2046b03
--- /dev/null
+++ b/doc/afserver_example.conf
@@ -0,0 +1,57 @@
+# This is an example configuration file for active port forwarder
+# Firstly, we have to declare our files with key and certificate
+
+certificate cacert.pem
+
+# Please note, that we can place only blank characters between words
+
+key server.rsa
+
+# when we want to log some information, we specify file for lightlog
+# when we want to log everything - we do this by using heavylog option
+
+# type name of file
+
+lightlog logfile
+#heavylog logfile
+
+# we we could also want to use sockets instead of files
+
+# type port (on localhost)
+
+#lightsocklog 12345
+#heavysocklog 12345
+
+#dateformat %d.%m.%Y %H:%M:%S
+
+# And it's time to create forwarding targets (named realms here)
+
+#realm indicates a new set of commands to a server
+#realmname is optional
+realm my realm
+
+#options values
+
+#hostname <yourhostname> #this is the name of the server (used to choose interface)
+listen 50127 #portnumber on which server is listening for users
+manage 50126 #portnumber on which server is listening for afclient
+#users 5 #amount of users we are allowing to connect (>0) (default: 5)
+#timeout 5 #timeout value for the client's connection (>0) (default: 5)
+#clients 1 #number of allowed clients for this realm (>0) (default: 1)
+#usrpcli $users #allowed users per client for this realm (>0) (default: $users)
+#climode 1 #strategy used for connecting users with clients (1) (default: 1)
+#proto tcp #type of the realm (which protocol it will forward (tcp|udp) (default: tcp)
+#pass mypassword #this is a password used for client identification
+#raclients 1 #number of allowed clients in remote administration mode (>0) (default: 1)
+#nossl #don't use ssl for data transfer
+#nozlib #don't use zlib
+#baseport #listenports are temporary and differ for each client
+#dnslookups #try to obtain dns names of the computers
+#ipv4 #use ipv4 only
+#ipv6 #use ipv6 only
+
+# and now the second realm
+
+realm
+listen 50125
+manage 50124
diff --git a/doc/en/README b/doc/en/README
new file mode 100644
index 0000000..0e49c3e
--- /dev/null
+++ b/doc/en/README
@@ -0,0 +1,479 @@
+AF - Active Port Forwarder 0.6 - README
+Copyright (C) 2003,2004,2005 jeremian - <jeremian [at] poczta.fm>
+=================================================================
+
+================================================================================
+
+GRAY-WORLD.NET / Active Port Forwarder
+======================================
+
+ The Active Port Forwarder program is part of the Gray-World.net projects.
+
+ Our Gray-World Team presents on the http://gray-world.net website the projects
+ and publications we are working on which are related to the NACS (Network
+ Access Control System) bypassing research field and to the computer and
+ network security topics.
+
+================================================================================
+
+=======
+SUMMARY
+=======
+
+INTRO
+
+1. INSTALLATION
+ 1.1 Instructions
+ 1.2 Required libs
+ 1.3 Tested platforms
+2. USAGE
+ 2.1 afserver
+ 2.2 afclient
+3. REMOTE ADMINISTRATION
+4. MODULES
+5. EXAMPLES
+ 5.1 tcp mode
+ 5.2 reverse udp mode
+6. BUGS/PROBLEMS
+
+NOTES
+
+THANKS
+
+================================================================================
+
+=====
+INTRO
+=====
+
+Active port forwarder is a software tool for secure port forwarding.
+It uses ssl to increase security of communication between a server and a client.
+Originally, it was developed to forward data point to point. However, the need
+for bypassing firewalls in order to connect to internally located computers
+influenced the further development of the project.
+
+AF is dedicated for people, who don't have an external ip number and want to
+make some services available across the net.
+
+Moreover, zlib is used to compress the transferred data.
+
+Using one, permanent data/control channel with flow control / packet buffering
+provides good performance and reasonably small latency.
+
+Multiple clients allow to create more sophisticated tunneling scheme.
+
+================================================================================
+
+===============
+1. INSTALLATION
+===============
+
+ 1.1 Instructions
+ ----------------
+
+1. Download the compressed sources from http://www.gray-world.net/pr_af.shtml
+2. Unpack them with tar zxvf
+3. Type "./configure"
+4. Type "make"
+5. Type "make install" while logged as root
+6. If something goes wrong - mail the author or post a message on
+ http://gray-world.net/board/
+
+ 1.2 Required libs
+ -----------------
+
+1. openssl - http://www.openssl.org/
+2. zlib - http://www.gzip.org/zlib/
+
+ 1.3 Tested platforms
+ --------------------
+
+1. Linux:
+ Gentoo, Slackware, Mandrake - built without any problems
+2. Windows:
+ win32 - cygwin version is available on the project homepage
+
+================================================================================
+
+========
+2. USAGE
+========
+
+ 2.1 afserver
+ ------------
+
+ Basic options:
+
+ -n, --hostname - it's used when creating listening sockets
+ (default: '')
+ -l, --listenport - listening port number - users connect
+ to it (default: 50127)
+ -m, --manageport - manage port number - second part of the active
+ port forwarder connects to it (default: 50126)
+ -h, --help - prints this help
+
+ Authorization:
+
+ --pass - set the password used for client identification
+ (default: no password)
+
+ Configuration:
+
+ -c, --cerfile - the name of the file with certificate
+ (default: cacert.pem)
+ -k, --keyfile - the name of the file with RSA key (default: server.rsa)
+ -f, --cfgfile - the name of the file with the configuration for the
+ active forwarder (server)
+ -D, --dateformat - format of the date printed in logs (see 'man strftime'
+ for details) (default: %d.%m.%Y %H:%M:%S)
+
+ -t, --timeout - the timeout value for the client's connection
+ (default: 5)
+ -u, --users - the amount of users allowed to use this server
+ (default: 5)
+ -C, --clients - the number of allowed clients to use this server
+ (default: 1)
+ -r, --realm - set the realm name (default: none)
+ -R, --raclients - the number of allowed clients in remote administration
+ mode to use this server (default: 1)
+ -U, --usrpcli - the number of allowed users per client (default: $users)
+ -M, --climode - strategy used for connecting users with clients
+ (default: 1)
+ Available strategies:
+ 1. fill first client before go to next
+
+ -p, --proto - type of server (tcp|udp) - for which protocol it will
+ be operating (default: tcp)
+ -b, --baseport - listenports are temporary and differ for each client
+ --nossl - ssl is not used for transferring data (but it's still
+ used to establish a connection) (default: ssl is used)
+ --nozlib - zlib is not used for compressing data (default:
+ zlib is used)
+ --dnslookups - try to obtain dns names of the computers rather than
+ their numeric IP
+
+ Logging:
+
+ -O, --heavylog - logging everything to a logfile
+ -o, --lightlog - logging some data to a logfile
+ -S, --heavysocklog - logging everything to a localport
+ -s, --lightsocklog - logging some data to a localport
+ -v, --verbose - to be verbose - program won't enter the daemon mode
+ (use several times for greater effect)
+
+ IP family:
+
+ -4, --ipv4 - use ipv4 only
+ -6, --ipv6 - use ipv6 only
+
+ 2.2 afclient
+ ------------
+
+ Basic options:
+
+ -n, --servername - where the second part of the active
+ port forwarder is running (required)
+ -m, --manageport - manage port number - server must be
+ listening on it (default: 50126)
+ -d, --hostname - the name of this host/remote host - the final
+ destination of the packets (default: the name
+ returned by hostname function)
+ -p, --portnum - the port we are forwarding connection to (required)
+ -h, --help - prints this help
+
+ Authorization:
+
+ -i, --id - send the id string to afserver
+ --pass - set the password used for client identification
+ (default: no password)
+
+ Configuration:
+
+ -k, --keyfile - the name of the file with RSA key (default: client.rsa)
+ -D, --dateformat - format of the date printed in logs (see 'man strftime'
+ for details) (default: %d.%m.%Y %H:%M:%S)
+
+ Modes:
+
+ -u, --udpmode - udp mode - client will use udp protocol to
+ communicate with the hostname
+ -U, --reverseudp - reverse udp forwarding. Udp packets will be forwarded
+ from hostname:portnum (-p) to the server name:portnum
+ (-m)
+ -r, --remoteadmin - remote administration mode. (using '-p #port' will
+ force afclient to use port rather then stdin-stdout)
+
+ Logging:
+
+ -O, --heavylog - logging everything to a logfile
+ -o, --lightlog - logging some data to a logfile
+ -S, --heavysocklog - logging everything to a localport
+ -s, --lightsocklog - logging some data to a localport
+ -v, --verbose - to be verbose - program won't enter the daemon mode
+ (use several times for greater effect)
+
+ IP family:
+
+ -4, --ipv4 - use ipv4 only
+ -6, --ipv6 - use ipv6 only
+
+ Modules:
+
+ -l, --load - load a module for user's packets filtering
+ -L, --Load - load a module for service's packets filtering
+
+================================================================================
+
+========================
+3. REMOTE ADMINISTRATION
+========================
+
+Afclient can be started in remote administration mode by '-r, --remoteadmin'
+option. Required option: '-n, --servername NAME'.
+
+After successful authorization stdin/stdout is used to communicate with user.
+All the commands parsing is done by afserver.
+
+Currently available commands are:
+
+ help
+ display help
+
+ lcmd
+ lists available commands
+
+ info
+ prints info about server
+
+ rshow
+ display realms
+
+ cshow X
+ display clients in X realm
+
+ ushow X
+ display users in X realm
+
+ quit
+ quit connection
+
+Afclient with '-p, --portnum PORT' option listens for connection from user at
+NAME:PORT. NAME is set by '-d, --hostname' option or hostname() function, when
+the option is missing.
+
+When user quits (close the connection or send 'quit' command), afclient exits.
+
+================================================================================
+
+==========
+4. MODULES
+==========
+
+Afclient can use external modules for user's packets filtering ('-l, --load')
+and service's packets filtering ('-L, --Load'). Module file has to declare three
+functions:
+
+char* info(void);
+
+ info() return values:
+ - info about module
+
+ Example:
+
+ char*
+ info(void)
+ {
+ return "Module tester v0.1";
+ }
+
+int allow(char* host, char* port);
+
+ allow() return values:
+ 0 - allow to connect
+ !0 - drop the connection
+
+ Example:
+
+ int
+ allow(char* host, char* port)
+ {
+ return 0; /* allow to connect */
+ }
+
+int filter(char* host, unsigned char* message, int* length);
+
+ filter() return values:
+ 0 - allow to transfer
+ 1 - drop the packet
+ 2 - drop the connection
+ 3 - release the module
+ 4 - drop the packet and release the module
+ 5 - drop the connection and release the module
+
+ Example:
+
+ int
+ filter(char* host, unsigned char* message, int* length)
+ {
+ int i;
+ for (i = 1; i < *length; ++i) {
+ if (message[i-1] == 'M') {
+ if (message[i] == '1') {
+ return 1; /* ignored */
+ }
+ if (message[i] == '2') {
+ return 2; /* dropped */
+ }
+ if (message[i] == '3') {
+ return 3; /* release */
+ }
+ if (message[i] == '4') {
+ return 4; /* ignored + release */
+ }
+ if (message[i] == '5') {
+ return 5; /* dropped + release */
+ }
+ }
+ }
+ return 0; /* allow to transfer */
+ }
+
+Modules have to be compiled with '-fPIC -shared' options.
+
+================================================================================
+
+===========
+5. EXAMPLES
+===========
+
+ 5.1 tcp mode
+ ------------
+
+ local network |FireWall| Internet
+ ||
+ || User 1
+ || /(tcp)
+ AF Client <---Encrypted/Compressed channel---> AF Server
+ / || | \(tcp)
+ /(tcp) || (tcp)| User 2
+ / || \
+ Http server || User 3
+ ||
+
+
+The use of it is extremely simple. Let's suppose we want to create a http server
+on our computer and we are behind a masquerade or a firewall:
+
+1) We have to find some machine on the net with an external ip and a shell
+ account.
+
+2) Use "make" to compile everything on that machine. (you can freely remove the
+ afclient and client.rsa files)
+
+3) You can edit the config file or just type from the console (to use the config
+ type -f <cfgfile>) :
+ $ ./afserver
+ This will work, if you want to use default values:
+ - hostname will be taken from hostname function (it would be ideally, if
+ there is appropriate registration in /etc/hosts)
+ - server will be listening for users on port 50127
+ - server will be listening for client on port 50126
+ - server will be for maximum 5 users
+ - server will forward tcp packets
+ - there will be no logging and no verbose messages
+ - there will be no password identification
+ - ip protocol family will be unspecified
+
+4) We use "make" on our machine (we can delete everything apart from afclient
+ and client.rsa)
+
+5) We are typing from the console:
+ $ ./afclient -n <name of the server> -p 80
+ Where <name of the server> is a string like : 'bastion.univ.gda.pl' or
+ '153.19.7.200'
+
+6) We can now enter with a web-browser to: <name of the server>:50127 and we
+ will enter to our computer in the fact.
+
+ 5.2 reverse udp mode
+ --------------------
+
+ local network |FireWall| Internet
+ || (udp)
+ || User 1-------AF Client
+ || /(tcp)
+ AF Client <---Encrypted/Compressed channel---> AF Server
+ / || |
+ /(udp) || (tcp)|
+ / || /
+ Game server || AF Client-------User 2
+ || (udp)
+
+
+Let's see how to use af to forward udp packets. Suppose we want to create a game
+server on our computer (udp port 27960 on our machine):
+
+1) - 4) is the same like in example 1. (but we add option: -p udp)
+
+5) We are typing from the console:
+ $ ./afclient -u -n <name of the server> -p 27960
+ Where <name of the server> is a name (or ip) of a host where our server is
+ running.
+
+6) Connecting to our game is more complicated. The user must use afclient to do
+ this. He has to specify the server he is connecting to and the port, which
+ his program will be listening on:
+ $ ./afclient -U -d <hostname> -p <portnum> -n <name of the server> \
+ -m <server port>
+ Where <hostname> is the name of the user machine (who wants to connect to our
+ game). <portnum> is the port he will be connecting to. <name of the server>
+ is the name of the host where our server is running. <server port> is the
+ port on which the server is listening for users. In order to connect to our
+ game, the user has to connect to <hostname>:<portnum>.
+
+================================================================================
+
+================
+6. BUGS/PROBLEMS
+================
+
+There are no known/open bugs at the moment.
+
+================================================================================
+
+=====
+NOTES
+=====
+
+Active port forwarder is still under development, so please sent any comments,
+bugs notices and suggestions about it to <jeremian [at] poczta.fm>
+
+If you have some problems or want to share your opinions with others, feel free
+to post a message at http://gray-world.net/board/
+
+================================================================================
+
+======
+THANKS
+======
+
+ Big thanks to the GW Team:
+
+ to Alex <alex [at] gray-world.net>
+ and Simon <scastro [at] entreelibre.com> for testing AF and a lot of advices.
+
+ Thanks to Ilia Perevezentsev <iliaper [at] mail.ru> who read and corrected the
+README file.
+
+ Thanks to Marco Solari <marco.solari [at] koinesistemi.it> for a lot of
+requests, suggestions and ideas.
+
+ And thanks for using this software!
+
+LICENSE
+-------
+
+ Active Port Forwarder is distributed under the terms of the GNU General
+ Public License v2.0 and is copyright (C) 2003,2004,2005 jeremian <jeremian
+ [at] poczta.fm>. See the file COPYING for details.
+
diff --git a/doc/fr/fr_README b/doc/fr/fr_README
new file mode 100644
index 0000000..1366291
--- /dev/null
+++ b/doc/fr/fr_README
@@ -0,0 +1,488 @@
+AF - Active Port Forwarder 0.6 - README
+Copyright (C) 2003,2004,2005 jeremian - <jeremian [at] poczta.fm>
+=================================================================
+
+================================================================================
+
+GRAY-WORLD.NET / Active Port Forwarder
+======================================
+
+ Le programme Active Port Forwarder est partie intégrante des projets
+ Gray-World.net.
+
+ Notre équipe présente sur le site http://gray-world.net les projets et
+ publications sur lesquels nous travaillons. Ces projets et publications sont
+ relatifs au contournement des systèmes de contrôle d'accès réseau (NACS
+ bypassing) ainsi qu'à la sécurité des systèmes et réseaux.
+
+================================================================================
+
+========
+SOMMAIRE
+========
+
+INTRO
+
+1. INSTALLATION
+ 1.1 Instructions
+ 1.2 Librairies requises
+ 1.3 Plate-formes testées
+2. USAGE
+ 2.1 afserver
+ 2.2 afclient
+3. ADMINISTRATION DISTANTE
+4. MODULES
+5. EXEMPLES
+ 5.1 tcp mode
+ 5.2 reverse udp mode
+6. BUGS/PROBLEMES
+
+NOTES
+
+THANKS
+
+================================================================================
+
+=====
+INTRO
+=====
+
+Active port forwarder est un programme permettant de réaliser du forwarding de
+port sécurisé. Il utilise le protocole SSL pour augmenter le niveau de sécurité
+des communications entre serveur et client. Son développement initial comme
+outil de communication point à point a été influencé de façon à permettre le
+contournement de firewalls et les communications à destination d'équipements
+localisés sur le réseau interne.
+
+Af est destiné aux personnes sans adresse IP publique externe qui désirent
+offrir des services accessibles depuis le net.
+
+La librairie Zlib est de plus employée pour compresser les données transférées.
+
+L'utilisation d'un canal contrôle/données permanent avec une gestion de flux et
+une mise en cache des paquets fournit de bonnes performances et un temps de
+latence raisonnablement court.
+
+L'emploi de clients multiples permet la création de schémas de tunneling plus
+sophistiqués.
+
+================================================================================
+
+===============
+1. INSTALLATION
+===============
+
+ 1.1 Instructions
+ ----------------
+
+1. Télécharger les sources compressées depuis www.gray-world.net/pr_af.shtml
+2. Décompresser avec tar zxvf
+3. Entrer "./configure"
+4. Entrer "make"
+5. Entrer "make install" sous l'identité root
+6. Si un problème survient - envoyez un mail à l'auteur ou postez un message
+ sur http://gray-world.net/board/
+
+ 1.2 Librairies requises
+ -----------------------
+
+1. openssl - http://www.openssl.org/
+2. zlib - http://www.gzip.org/zlib/
+
+ 1.3 Plate-formes testées
+ ------------------------
+
+1. Linux:
+ Gentoo, Slackware, Mandrake - Compilation sans problème
+2. Windows:
+ win32 - Version cygwin disponible sur la page du projet
+
+================================================================================
+
+========
+2. USAGE
+========
+
+ 2.1 afserver
+ ------------
+
+ Basic options:
+
+ -n, --hostname - it's used when creating listening sockets
+ (default: '')
+ -l, --listenport - listening port number - users connect
+ to it (default: 50127)
+ -m, --manageport - manage port number - second part of the active
+ port forwarder connects to it (default: 50126)
+ -h, --help - prints this help
+
+ Authorization:
+
+ --pass - set the password used for client identification
+ (default: no password)
+
+ Configuration:
+
+ -c, --cerfile - the name of the file with certificate
+ (default: cacert.pem)
+ -k, --keyfile - the name of the file with RSA key (default: server.rsa)
+ -f, --cfgfile - the name of the file with the configuration for the
+ active forwarder (server)
+ -D, --dateformat - format of the date printed in logs (see 'man strftime'
+ for details) (default: %d.%m.%Y %H:%M:%S)
+
+ -t, --timeout - the timeout value for the client's connection
+ (default: 5)
+ -u, --users - the amount of users allowed to use this server
+ (default: 5)
+ -C, --clients - the number of allowed clients to use this server
+ (default: 1)
+ -r, --realm - set the realm name (default: none)
+ -R, --raclients - the number of allowed clients in remote administration
+ mode to use this server (default: 1)
+ -U, --usrpcli - the number of allowed users per client (default: $users)
+ -M, --climode - strategy used for connecting users with clients
+ (default: 1)
+ Available strategies:
+ 1. fill first client before go to next
+
+ -p, --proto - type of server (tcp|udp) - for which protocol it will
+ be operating (default: tcp)
+ -b, --baseport - listenports are temporary and differ for each client
+ --nossl - ssl is not used for transferring data (but it's still
+ used to establish a connection) (default: ssl is used)
+ --nozlib - zlib is not used for compressing data (default:
+ zlib is used)
+ --dnslookups - try to obtain dns names of the computers rather than
+ their numeric IP
+
+ Logging:
+
+ -O, --heavylog - logging everything to a logfile
+ -o, --lightlog - logging some data to a logfile
+ -S, --heavysocklog - logging everything to a localport
+ -s, --lightsocklog - logging some data to a localport
+ -v, --verbose - to be verbose - program won't enter the daemon mode
+ (use several times for greater effect)
+
+ IP family:
+
+ -4, --ipv4 - use ipv4 only
+ -6, --ipv6 - use ipv6 only
+
+ 2.2 afclient
+ ------------
+
+ Basic options:
+
+ -n, --servername - where the second part of the active
+ port forwarder is running (required)
+ -m, --manageport - manage port number - server must be
+ listening on it (default: 50126)
+ -d, --hostname - the name of this host/remote host - the final
+ destination of the packets (default: the name
+ returned by hostname function)
+ -p, --portnum - the port we are forwarding connection to (required)
+ -h, --help - prints this help
+
+ Authorization:
+
+ -i, --id - send the id string to afserver
+ --pass - set the password used for client identification
+ (default: no password)
+
+ Configuration:
+
+ -k, --keyfile - the name of the file with RSA key (default: client.rsa)
+ -D, --dateformat - format of the date printed in logs (see 'man strftime'
+ for details) (default: %d.%m.%Y %H:%M:%S)
+
+ Modes:
+
+ -u, --udpmode - udp mode - client will use udp protocol to
+ communicate with the hostname
+ -U, --reverseudp - reverse udp forwarding. Udp packets will be forwarded
+ from hostname:portnum (-p) to the server name:portnum
+ (-m)
+ -r, --remoteadmin - remote administration mode. (using '-p #port' will
+ force afclient to use port rather then stdin-stdout)
+
+ Logging:
+
+ -O, --heavylog - logging everything to a logfile
+ -o, --lightlog - logging some data to a logfile
+ -S, --heavysocklog - logging everything to a localport
+ -s, --lightsocklog - logging some data to a localport
+ -v, --verbose - to be verbose - program won't enter the daemon mode
+ (use several times for greater effect)
+
+ IP family:
+
+ -4, --ipv4 - use ipv4 only
+ -6, --ipv6 - use ipv6 only
+
+ Modules:
+
+ -l, --load - load a module for user's packets filtering
+ -L, --Load - load a module for service's packets filtering
+
+================================================================================
+
+==========================
+3. ADMINISTRATION DISTANTE
+==========================
+
+Afclient peut être démarré en mode d'administration distante avec l'option '-r,
+--remoteadmin'. L'option requise est: '-n, --servername NAME'.
+
+Après autorisation, les flux stdin/stdout sont utilisés pour communiquer avec
+l'utilisateur. La prise en compte des commandes est effectuée par afserver.
+
+Les commandes disponibles sont:
+
+ help
+ display help
+
+ lcmd
+ lists available commands
+
+ info
+ prints info about server
+
+ rshow
+ display realms
+
+ cshow X
+ display clients in X realm
+
+ ushow X
+ display users in X realm
+
+ quit
+ quit connection
+
+Afclient se positionne en écoute sur NAME:PORT avec '-p, --portnum PORT'. NAME
+est positionné avec l'option '-d, --hostname' ou par la fonction hostname() si
+l'argument n'est pas fourni.
+
+Quand l'utilisateur quitte (termine la connexion ou envoie la commande 'quit'),
+afclient se termine.
+
+================================================================================
+
+==========
+4. MODULES
+==========
+
+Afclient peut utiliser des modules externes pour le filtrage des paquets ('-l,
+ --load') utilisateurs et pour le filtrage des paquets service ('-L, --Load').
+Le fichier contenant les modules doit déclarer trois fonctions :
+
+char* info(void);
+
+ info() return values:
+ - info about module
+
+ Example:
+
+ char*
+ info(void)
+ {
+ return "Module tester v0.1";
+ }
+
+int allow(char* host, char* port);
+
+ allow() return values:
+ 0 - allow to connect
+ !0 - drop the connection
+
+ Example:
+
+ int
+ allow(char* host, char* port)
+ {
+ return 0; /* allow to connect */
+ }
+
+int filter(char* host, unsigned char* message, int* length);
+
+ filter() return values:
+ 0 - allow to transfer
+ 1 - drop the packet
+ 2 - drop the connection
+ 3 - release the module
+ 4 - drop the packet and release the module
+ 5 - drop the connection and release the module
+
+ Example:
+
+ int
+ filter(char* host, unsigned char* message, int* length)
+ {
+ int i;
+ for (i = 1; i < *length; ++i) {
+ if (message[i-1] == 'M') {
+ if (message[i] == '1') {
+ return 1; /* ignored */
+ }
+ if (message[i] == '2') {
+ return 2; /* dropped */
+ }
+ if (message[i] == '3') {
+ return 3; /* release */
+ }
+ if (message[i] == '4') {
+ return 4; /* ignored + release */
+ }
+ if (message[i] == '5') {
+ return 5; /* dropped + release */
+ }
+ }
+ }
+ return 0; /* allow to transfer */
+ }
+
+Les modules doivent être compilés avec les options '-fPIC -shared'.
+
+================================================================================
+
+===========
+5. EXEMPLES
+===========
+
+ 5.1 tcp mode
+ ------------
+
+ local network |FireWall| Internet
+ ||
+ || User 1
+ || /(tcp)
+ AF Client <---Encrypted/Compressed channel---> AF Server
+ / || | \(tcp)
+ /(tcp) || (tcp)| User 2
+ / || \
+ Http server || User 3
+ ||
+
+
+L'utilisation de Af est extrèmement simple. Supposons que nous voulons mettre en
+place un serveur http sur notre station et que nous sommes masqueradés ou placé
+derrière un firewall:
+
+1) Nous devons tout d'abord trouver une station sur internet avec une IP
+publique et un shell.
+
+2) Utilisez ensuite make pour compiler Af sur cette machine. (Vous pouvez par la
+suite supprimer les fichiers afclient et client.rsa)
+
+3) Editez le fichier de configuration ou entrez sur la console: (pour utiliser
+la configuration, entrez type -f <cfgfile>)
+ $ ./afserver
+ Si vous voulez utiliser les valeurs par défaut:
+ - Le nom d'hôte sera pris en compte par la fonction hostname (Il serait idéal
+ qu'il soit référencé dans le fichier /etc/hosts)
+ - Le serveur sera en écoute pour les utilisateurs sur le port 50127
+ - Le serveur sera en écoute pour le client sur le port 50126
+ - Le serveur sera limité à 5 utilisateurs
+ - Le serveur retransmettra les paquets tcp
+ - Aucun log ou message verbeux ne sera activé
+
+4) Nous utilisons make sur notre propre station (Nous pouvons ensuite supprimer
+tous les fichiers sauf afclient et client.rsa)
+
+5) Nous entrons sur la console:
+ $ ./afclient -n <name of the server> -p 80
+ Où <name of the server> est une chaîne du type : 'bastion.univ.gda.pl' ou
+ '153.19.7.200'
+
+6) Nous pouvons ensuite utiliser notre navigateur web avec :
+ <name of the server>:50127 et nous atteindrons notre propre station.
+
+ 5.2 reverse udp mode
+ --------------------
+
+ local network |FireWall| Internet
+ || (udp)
+ || User 1-------AF Client
+ || /(tcp)
+ AF Client <---Encrypted/Compressed channel---> AF Server
+ / || |
+ /(udp) || (tcp)|
+ / || /
+ Game server || AF Client-------User 2
+ || (udp)
+
+
+Regardons comment nous pouvons utiliser af pour forwarder des paquets udp.
+Supposez que nous voulons mettre en place un serveur de jeu sur notre station
+(port udp 27960 sur notre station):
+
+1) - 4) sont les mêmes que pour l'exemple 1.
+
+5) Nous entrons sur la console:
+ $ ./afclient -u -n <name of the server> -p 27960
+ Où <name of the server> est un nom (ou une ip) d'un hôte sur lequel notre
+ serveur tourne.
+
+6) Nous connecter à notre jeu est un peu plus compliqué. L'utilisateur doit se
+ servir de afclient pour cela.
+ Il doit spécifier le serveur auquel il veut se connecter et le port sur
+ lequel son programme sera en écoute:
+ $ ./afclient -U -d <hostname> -p <portnum> -n <name of the server> -m\
+ <server port>
+ Où <hostname> est le nom de la station utilisateur (qui veut se connecter à
+ notre jeu). <portnum> est le port auquel il se connectera. <name of the
+ server> est le nom de l'hôte sur lequel notre serveur tourne. <server port>
+ est le port sur lequel notre serveur est en écoute pour les utilisateurs.
+ Pour se connecter à notre jeu, l'utilisateur doit se connecter à <hostname>:
+ <portnum>.
+
+================================================================================
+
+================
+6. BUGS/PROBLEMS
+================
+
+Aucun bug n'est connu ou en cours de résolution à ce moment.
+
+================================================================================
+
+=====
+NOTES
+=====
+
+Active port forwarder est toujours en phase en développement, alors envoyez moi
+vos commentaires, les bugs que vous rencontrez et vos suggestions à
+<jeremian [at] poczta.fm>
+
+Si vous rencontrez des problèmes ou voulez partager vos opinions , vous pouvez
+poster un message sur le forum http://gray-world.net/board/.
+
+================================================================================
+
+======
+THANKS
+======
+
+ Remerciements à l'équipe GW:
+
+ à Alex <alex [at] gray-world.net>
+ et Simon <scastro [at] entreelibre.com> pour les tests de AF et de nombreux
+conseils.
+
+ Merci à Ilia Perevezentsev <iliaper [at] mail.ru> qui a lu et corrigé le
+fichier README.
+
+ Merci à Marco Solari <marco.solari [at] koinesistemi.it> pour de nombreuses
+requêtes, suggestions et idées.
+
+ Et merci à vous pour l'utilisation de cet outil.
+
+LICENCE
+-------
+
+ Active Port Forwarder est distribué sous les termes de la licence GNU -
+ General Public Licence version 2.0 et est copyright (c)2003,2004,2005 jeremian
+ <jeremian [at] poczta.fm>.
+ Consultez le fichier COPYING pour plus de details.
diff --git a/doc/ru/ru_README b/doc/ru/ru_README
new file mode 100644
index 0000000..4e825f7
--- /dev/null
+++ b/doc/ru/ru_README
@@ -0,0 +1,294 @@
+AF - Active Port Forwarder v0.5.4 - README
+Copyright (C) 2003,2004 jeremian - &lt;jeremian [at] poczta.fm&gt;
+===================
+
+================================================================================
+
+GRAY-WORLD.NET / Active Port Forwarder
+==========================
+
+ Ïðîãðàììà Active Port Forwarder ÿâëÿåòñÿ ÷àñòüþ ïðîåêòà Gray-World.net.
+
+ Íàøà êîìàíäà Gray-World ïðåäñòàâëÿåò íà ñàéòå http://gray-world.net ïðîåêòû è
+ ïóáëèêàöèè, íàä êîòîðûìè ìû ðàáîòàåì, îòíîñÿùèåñÿ ê îáëàñòè èññëåäîâàíèÿ
+ NACS (Ñèñòåì Êîíòðîëÿ Ñåòåâîãî Äîñòóïà), à òàêæå ê òåìå êîìïüþòåðíîé è
+ ñåòåâîé áåçîïàñíîñòè.
+
+================================================================================
+
+==========
+ÑÎÄÅÐÆÀÍÈÅ
+==========
+
+ÎÏÈÑÀÍÈÅ
+
+1. ÓÑÒÀÍÎÂÊÀ
+ 1.1 Èíñòðóêöèè
+ 1.2 Íåîáõîäèìûå áèáëèîòåêè
+ 1.3 Òåñòîâûå ïëàòôîðìû
+2. ÈÑÏÎËÜÇÎÂÀÍÈÅ
+ 2.1 afserver
+ 2.2 afclient
+3. ÏÐÈÌÅÐÛ
+ 3.1 tcp-ðåæèì
+ 3.2 îáðàòíûé udp-ðåæèì
+4. ÈÇÂÅÑÒÍÛÅ ÎØÈÁÊÈ/ÏÐÎÁËÅÌÛ
+
+ÇÀÌÅ×ÀÍÈß
+
+ÁËÀÃÎÄÀÐÍÎÑÒÈ
+
+================================================================================
+
+========
+ÎÏÈÑÀÍÈÅ
+========
+
+Active port forwarder ýòî ïðîãðàììíûé èíñòðóìåíò äëÿ áåçîïàñíîãî òóíåëèðîâàíèÿ
+äàííûõ. Îí èñïîëüçóåò SSL äëÿ çàùèòû ñîåäèíåíèÿ ìåæäó êëèåíòîì è ñåðâåðîì.
+Èçíà÷àëüíî, ïðîãðàììà áûëà ðàçðàáîòàíà äëÿ ïðîñòîé ïåðåñûëêè äàííûõ îò òî÷êè ê
+òî÷êå. Îäíàêî íåîáõîäèìîñòü îáõîäà áðàíäìàóýðà ñ öåëüþ ñäåëàòü êîìïüþòåðû
+ëîêàëüíîé ñåòè äîñòóïíûìè èçâíå, ïîâëèÿëà íà äàëüíåéøåå ðàçâèòèå ïðîåêòà.
+
+AF ïðåäíàçíà÷åí äëÿ ëþäåé, íå èìåþùèõ âíåøíåãî IP àäðåñà è êîòîðûå õîòÿò ñäåëàòü
+íåêîòîðûå ëîêàëüíûå ñåðâèñû äîñòóïíûìè â ñåòè.
+
+Â ïðîãðàììå èñïîëüçîâàíà áèáëèîòåêà zlib äëÿ ñæàòèÿ ïåðåäàâàåìûõ äàííûõ.
+
+Èñïîëüçîâàíèå åäèíîãî êàíàëà äëÿ ïåðåäà÷è äàííûõ è êîìàíä óïðàâëåíèÿ â ñî÷åòàíèè
+ñ áóôåðèçàöèåé ïåðåñûëàåìûõ ïàêåòîâ îáåñïå÷èâàåò õîðîøóþ ïðîèçâîäèòåëüíîñòü è
+ìàëîå âðåìÿ îòêëèêà ñèñòåìû.
+
+Äëÿ çàïóñêà afserver íå òðåáóåòñÿ ïðèâèëåãèé root, òàêæå îí íå èñïîëüçóåò
+thread-û èëè äðóãèå ïðîöåññû.
+
+================================================================================
+
+============
+1. ÓÑÒÀÍÎÂÊÀ
+============
+
+ 1.1 Èíñòðóêöèè
+ --------------
+
+1. Çàãðóçèòå óïàêîâàííûé èñõîäíûé êîä ñ http://www.gray-world.net/pr_af.shtml
+2. Ðàñïàêóéòå - tar zxvf
+3. Âûïîëíèòå êîìàíäó "make".
+4. Åñëè ÷òî-òî ïîøëî íå òàê - íàïèøèòå ïèñüìî àâòîðó èëè îñòàâüòå ñîîáùåíèå íà
+ http://gray-world.net/board/
+
+ 1.2 Íåîáõîäèìûå áèáëèîòåêè
+ --------------------------
+
+1. openssl - http://www.openssl.org/
+2. zlib - http://www.gzip.org/zlib/
+
+ 1.3 Òåñòîâûå ïëàòôîðìû
+ ----------------------
+
+1. Linux:
+ Gentoo, Slackware, Mandrake - áûëî ñîáðàíî áåç êàêèõ-ëèáî ïðîáëåì
+2. Freebsd:
+ 4.4, 4.9 - Íåîáõîäèì patch ñ äîìàøíåé ñòðàíèöû ïðîåêòà
+3. Windows:
+ win32 - Âåðñèÿ ñ cygwin äîñòóïíà íà äîìàøíåé ñòðàíèöå ïðîåêòà
+
+================================================================================
+
+================
+2. ÈÑÏÎËÜÇÎÂÀÍÈÅ
+================
+
+ 2.1 afserver
+ ------------
+
+ Ïàðàìåòðû:
+ -h, --help - ïå÷àòàåò ýòó ñïðàâêó
+ -n, --hostname - èñïîëüçóåòñÿ ïðè ñîçäàíèè "ñëóøàþùèõ" ñîêåòîâ
+ (ïî óìîë÷àíèþ: èìÿ âîçâðàùàåìîå ôóíêöèåé hostname)
+ -l, --listenport - ïîðò ñåðâåðà - ïîëüçîâàòåëè ñîåäèíÿþòñÿ
+ ñ íèì (ïî óìîë÷àíèþ: 50127)
+ -m, --manageport - ïîðò äëÿ óïðàâëåíèÿ - äðóãàÿ ÷àñòü active
+ port forwarder ñîåäèíÿåòñÿ ñ íèì (ïî óìîë÷àíèþ: 50126)
+ -u, --users - êîëè÷åñòâî ïîëüçîâàòåëåé, èñïîëüçóþùèõ ñåðâåð
+ (ïî óìîë÷àíèþ: 5)
+ -c, --cerfile - èìÿ ôàéëà ñ ñåðòèôèêàòîì
+ (ïî óìîë÷àíèþ: cacert.pem)
+ -k, --keyfile - èìÿ ôàéëà ñ êëþ÷îì RSA (ïî óìîë÷àíèþ: server.rsa)
+ -f, --cfgfile - èìÿ ôàéëà ñ êîíôèãóðàöèåé äëÿ active forwarder (ñåðâåð)
+ -p, --proto - òèï ñåðâåðà (tcp|udp) - ñ êàêèì ïðîòîêîëîì îí áóäåò
+ ðàáîòàòü (ïî óìîë÷àíèþ: tcp)
+ -O, --heavylog - ïèñàòü âñå ñîîáùåíèÿ â logfile
+ -o, --lightlog - ïèñàòü íåêîòîðûå ñîîáùåíèÿ â logfile
+ -v, --verbose - âûâîä ñîîáùåíèé â êîíñîëü - ïðîãðàìà íå áóäåò ðàáîòàòü
+ êàê daemon.
+ --nossl - ïðîòîêîë ssl íå áóäåò èñïîëüçîâàí äëÿ ïåðåäà÷è äàííûõ (íî
+ áóäåò èñïîëüçîâàí äëÿ óñòàíîâêè ñîåäèíåíèé) (ïî óìîë÷àíèþ:
+ ssl èñïîëüçóåòñÿ âñåãäà)
+ --nozlib - zlib íå áóäåò èñïîëüçîâàòüñÿ äëÿ ñæàòèÿ äàííûõ
+ (ïî óìîë÷àíèþ: zlib èñïîëüçóåòñÿ)
+ --pass - çàäàòü ïàðîëü äëÿ èäåíòèôèêàöèè êëèåíòà
+ (ïî óìîë÷àíèþ: íåò ïàðîëÿ)
+ -4, --ipv4 - èñïîëüçîâàòü òîëüêî ipv4
+ -6, --ipv6 - èñïîëüçîâàòü òîëüêî ipv6
+
+ 2.2 afclient
+ ------------
+
+ Options:
+ -h, --help - ïå÷àòàåò ýòó ñïðàâêó
+ -n, --servername - ãäå ðàáîòàåò âòîðàÿ ÷àñòü active port
+ forwarder (íåîáõîäèìî)
+ -m, --manageport - ïîðò äëÿ óïðàâëåíèÿ - ñåðâåð ñîåäèíÿåòñÿ ñ íèì
+ (ïî óìîë÷àíèþ: 50126)
+ -d, --hostname - èìÿ ëîêàëüíîãî/óäàëåííîãî ñåðâåðà - äàííûå áóäóò òóíåëèðîâàíû
+ íà íåãî (ïî óìîë÷àíèþ: èìÿ âîçâðàùàåìîå ôóíöèåé hostname)
+ -p, --portnum - ïîðò íà êîòîðûé áóäóò òóíåëèðîâàíû äàííûå (íåîáõîäèìî)
+ -k, --keyfile - èìÿ ôàéëà ñ êëþ÷îì RSA (ïî óìîë÷àíèþ: client.rsa)
+ -u, --udpmode - udp-ðåæèì - êëèåíò áóäåò èñïîëüçîâàòü udp ïðîòîêîë äëÿ
+ êîììóíèêàöèè ñ hostname
+ -U, --reverseudp - îáðàòíûé udp-ðåæèì. Udp ïàêåòû áóäóò ïåðåíàïðàâëÿòüñÿ
+ ñ hostname:portnum (-p) íà ñåðâåð name:portnum (-m)
+ -O, --heavylog - ïèñàòü âñå ñîîáùåíèÿ â logfile
+ -o, --lightlog - ïèñàòü íåêîòîðûå ñîîáùåíèÿ â logfile
+ -v, --verbose - âûâîä ñîîáùåíèé â êîíñîëü - ïðîãðàìà íå áóäåò ðàáîòàòü
+ êàê daemon.
+ --pass - çàäàòü ïàðîëü äëÿ èäåíòèôèêàöèè êëèåíòà
+ (ïî óìîë÷àíèþ: íåò ïàðîëÿ)
+ -4, --ipv4 - èñïîëüçîâàòü òîëüêî ipv4
+ -6, --ipv6 - èñïîëüçîâàòü òîëüêî ipv6
+ -l, --load - çàãðóçèòü ìîäóëü äëÿ ôèëüòðàöèè ïàêåòîâ
+
+================================================================================
+
+==========
+3. ÏÐÈÌÅÐÛ
+==========
+
+ 3.1 tcp-ðåæèì
+ -------------
+
+ local network |FireWall| Internet
+ ||
+ || User 1
+ || /(tcp)
+ AF Client &lt;---Encrypted/Compressed channel---&gt; AF Server
+ / || | \(tcp)
+ /(tcp) || (tcp)| User 2
+ / || \
+ Http server || User 3
+ ||
+
+
+Èñïîëüçîâàíèå ýòîãî ðåæèìà ÷åðåçâû÷àíî ïðîñòîå. Äàâàéòå ïðåäïîëîæèì, ÷òî ìû
+õîòèì ñîçäàò http ñåðâåð íà íàøåì êîìïüþòåðå, íàõîäÿùåìñÿ â ëîêàëüíîé ñåòè çà
+áðàíäìàóýðîì:
+
+1) Ìû äîëæíû íàéòè ìàøèíó ñ âíåøíèì IP àäðåñîì è äîñòóïîì ê shell.
+
+2) Èñïîëüçîâàòü "make" ÷òîáû ñêîìïèëèðîâàòü AF íà íåé. (âû ìîæåòå ñïîêîéíî
+ óäàëÿòü ôàéëû afclient è client.rsa)
+
+3) Âû ìîæåòå îòðåäàêòèðîâàòü êîíôèãóðàöèîííûé ôàéë èëè ïåðåäàòü ïðîãðàììå âñå
+ ïàðàìåòðû èç êîíñîëè (äëÿ èñïîëüçîâàíèÿ ôàéëà íàáåðèòå -f <cfgfile>) :
+ $ ./afserver
+ Ýòî áóäåò ðàáîòàòü, åñëè âû õîòèòå èñïîëüçîâàòü íàñòðîéêè ïî óìîë÷àíèþ:
+ - hostname áóäåò âçÿò èç ôóíêöèè hostname (ýòî ðàáîòàåò çàìå÷àòåëüíî, åñëè
+ åñòü ñîîòâåòñòâóþùàÿ çàïèñü â /etc/hosts)
+ - ñåðâåð áóäåò æäàòü ïîëüçîâàòåëåé íà ïîðòó 50127
+ - ñåðâåð áóäåò æäàòü êëèåíòà íà ïîðòó 50126
+ - ñåðâåð áóäåò îáñëóæèâàòü ìàêèìóì 5 ïîëüçîâàòåëåé
+ - ñåðâåð áóäåò ïåðåíàïðàâëÿòü tcp ñîåäèíåíèÿ
+ - îòëàäî÷íûõ ñîîáùåíèé íå áóäåò
+ - èäåíòèôèêàöèé ïî ïàðîëþ íå áóäåò
+ - âåðñèÿ ïðîòîêîëà ip íå áóäåò çàäàíà
+
+4) Ìû èñïîëüçóåì "make" íà íàøåé ìàøèíå (ìîæíî óäàëèòü âñå êðîìå afclient è
+ client.rsa)
+
+5) Íàáèðàåì â êîíñîëè:
+ $ ./afclient -n <èìÿ ñåðâåðà> -p 80
+ Ãäå <èìÿ ñåðâåðà> ñòðîêà òèïà: 'bastion.univ.gda.pl' èëè '153.19.7.200'
+
+6) Òåïåðü â áðàóçåðå ìû ìîæåì íàáðàòü: <èìÿ ñåðâåðà>:50127 è ïîïàäåì íà íàø
+ êîìïüþòåð.
+
+ 3.2 îáðàòíûé udp-ðåæèì
+ ----------------------
+
+ local network |FireWall| Internet
+ || (udp)
+ || User 1-------AF Client
+ || /(tcp)
+ AF Client &lt;---Encrypted/Compressed channel---&gt; AF Server
+ / || |
+ /(udp) || (tcp)|
+ / || /
+ Game server || AF Client-------User 2
+ || (udp)
+
+
+Äàâàéòå òåïåðü ïîñìîòðèì êàê ìû ìîæåì èñïîëüçîâàòü af äëÿ ïåðåíàïðàâëåíèÿ udp
+ïàêåòîâ. Ïðåäïîëîæèì, ÷òî ìû õîòèì ñîçäàòü èãðîâîé ñåðâåð íà íàøåì êîìïüþòåðå
+(udp ïîðò 27960):
+
+1) - 4) òîæå ñàìîå, ÷òî è â ïåðâîì ïðèìåðå. (íî äîáàâëÿåì ïàðàìåòð: -p udp)
+
+5) Íàáèðàåì â êîíñîëè:
+ $ ./afclient -u -n <èìÿ ñåðâåðà> -p 27960
+ Ãäå <èìÿ ñåðâåðà> ýòî èìÿ (èëè ip) êîìïþòåðà ãäå ðàáîòàåò íàø ñåðâåð.
+
+6) Ïðîöåññ ñîåäèíåíèÿ ñ èãðîâûì ñåðâåðîì áîëåå ñëîæíûé. Ïîëüçîâàòåëü äîëæåí
+ çàïóñòèòü fclient ÷òîáû ñäåëàòü ýòî. Îí äîëæåí óêàçàòü ñåðâåð ñ êîòîðûì îí
+ áóäåò ñîåäèíÿòüñÿ è ïîðò, íà êîòîðîì åãî ïðîãðàììà áóäåò ñëóøàòü:
+ $ ./afclient -U -d <hostname> -p <ïîðò> -n <èìÿ ñåðâåðà> \
+ -m <ïîðò ñåðâåðà>
+
+ Ãäå <hostname> èìÿ ìàøèíû ïîëüçîâàòåëÿ (êîòîðûé ñîåäèíÿåòñÿ ñ èãðîâûì
+ ñåðâåðîì), <ïîðò> - ëîêàëüíûé ïîðò, <èìÿ ñåðâåðà> - èìÿ ñåðâåðà, <ïîðò
+ ñåðâåðà> - ïîðò íà êîòîðîì ñåðâåð æäåò ïîëüçîâàòåëåé.Òåïåðü, ÷òîáû ïîïàñòü íà
+ èãðîâîé ñåðâåð, ïîëüçîâàòåëü äîëæåí ñîåäèíÿòñÿ ñ <hostname>:<ïîðò>.
+
+================================================================================
+
+============================
+4. ÈÇÂÅÑÒÍÛÅ ÎØÈÁÊÈ/ÏÐÎÁËÅÌÛ
+============================
+
+Íà äàííûé ìîìåíò, íåò íèêàêèõ èçâåñòíûõ ïðîáëåì.
+
+================================================================================
+
+=========
+ÇÀÌÅ×ÀÍÈß
+=========
+
+Active port forwarder íàõîäèòñÿ â ðàçðàáîòêå, òàê ÷òî ïîæàëóéñòà, ïðèñûëàéòå
+ñâîè êîììåíòàðèè, çàìå÷àíèÿ îá îøèáêàõ è ïðåäëîæåíèÿ íà jeremian [at] poczta.fm
+
+Åñëè ó âàñ åñòü êàêèå-ëèáî ïðîáëåìû ñ èñïîëüçîâàíèåì ïðîãðàììû èëè âû õîòèòå
+ïîäåëèòüñÿ ñâîèì ìíåíèåì î íåé, ïîæàëéñòà îñòàâëÿéòå ñâîè ñîîáùåíèÿ íà:
+http://gray-world.net/board/
+
+================================================================================
+
+=============
+ÁËÀÃÎÄÀÐÍÎÑÒÈ
+=============
+
+ Áîëüøîå ñïàñèáî êîìàíäå GW:
+
+ Alex <alex [at] gray-world.net>
+ è Simon <scastro [at] entreelibre.com> çà òåñòèðîâàíèå AF è ìíîæåñòâî ñîâåòîâ.
+
+ Ñïàñèáî Ilia Perevezentsev <iliaper [at] mail.ru> çà êîððåêòèðîâêó àíãëèéñêîé
+ âåðñèè ýòîãî ôàéëà.
+
+ È ñïàñèáî çà èñïîëüçîâàíèå AF!
+
+ËÈÖÅÍÇÈß
+--------
+
+ Active Port Forwarder is distributed under the terms of the GNU General
+ Public License v2.0 and is copyright (c) 2003,2004 jeremian <jeremian [at]
+ poczta.fm>. See the file COPYING for details.