v0.7

- Added: http proxy tunnels between afserver and afclient - Fixed: sigint interception with threads enabled (in http proxy mode) - Fixed: FATAL ERROR in afclient in some situations after close of afserver when http proxy mode is enabled - Added: afclients can connect directly to afserver with enabled proxy mode - Fixed: timeout routine in http proxy tunnels - Added: 'rshow' command in ra mode displays 'tunneltype' - Fixed: printing IP of clients when http proxy mode is enabled - Added: 'tunneltype' per client in ra mode after 'cshow' command - Fixed: closing connection when http proxy mode is enabled - Fixed: threads initialization - Fixed: afserver closing after sigint - Fixed: afclient threads initialization - Added: 'version' option to display program version number - Modified: establishing afclient<->afserver connection - Added: 'keep-alive' option - Fixed: using 'proxyport' without 'proxyname' - Added: auto-reconnect feature to afclient - Added: 'ar-tries' and 'ar-delay' options - Modified: http proxy logging - Fixed: closing connection with afclient after receiving id - Fixed: thread closing due to wrong initialization sequence - Fixed: small bug in initialization process - Heavily Modified: logging routines - Added: audit option - Modified: default dateformat is now ISO 8601 - Modified: printing usage - Fixed: bug in threads' initialization in afclient - Added: 'timeout' and 'dateformat' options in ra mode - Modified: empty dateformat disables printing '[] ' - Added: 'audit' and 'dnslookups' options in ra mode - Fixed: afserver freeze bug - Added: 'kuser' and 'kclient' options in ra mode - Fixed: bug in starting afclient in ra mode - Added: audit log printed also after kicking the client
author: Jakub Sławiński 2005-06-07 12:06:18 +0200
committer: Joshua Judson Rosen 2014-07-17 21:14:58 +0200
commit: 32aff2b27ccc3b3e51fb6f0bd77fe0073827c527 (patch)
tree: f2fc2530a6960f6fdf4d63eb80c4f61342250bbd /doc
parent: v0.6 (diff)
download: apf-32aff2b27ccc3b3e51fb6f0bd77fe0073827c527.tar.gz
5 files changed, 270 insertions, 76 deletions
diff --git a/doc/afclient.1 b/doc/afclient.1
index 5cdd770..7fd5a1c 100644
--- a/doc/afclient.1
+++ b/doc/afclient.1
@@ -1,4 +1,4 @@
-.TH afclient 1 "apf 0.6" Jeremian
+.TH afclient 1 "apf 0.7" Jeremian
 .SH NAME
 afclient \- active port forwarder client
 .SH SYNOPSIS
@@ -41,6 +41,9 @@ is running (required)
 .B -p, --portnum PORT
   the port we are forwarding connection to (required)
 
+.B -V, --version
+  display version number
+
 .B -h, --help
   prints help screen
 
@@ -60,6 +63,15 @@ is running (required)
 .B -D, --dateformat FORMAT
   format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S)
 
+.B -K, --keep-alive N
+  send keepalive packets every N seconds (default: not send keepalive packets)
+
+.B -A, --ar-tries N
+  try N times to reconnect to afserver after its premature quit (default: unlimited)
+
+.B -T, --ar-delay N
+  wait N seconds between reconnect tries (default: 5)
+
 .I Modes
 
 .B -u, --udpmode
@@ -69,21 +81,12 @@ is running (required)
   reverse udp forwarding. Udp packets will be forwarded from hostname:portnum (-p) to the server name:portnum (-m)
   
 .B -r, --remoteadmin
-  remote administration mode. (using '-p PORT' will force afclient to use port rather then stdin-stdout)
+  remote administration mode. (using '-p PORT' will force afclient to use port rather than stdin-stdout)
 
 .I Logging
 
-.B -O, --heavylog
-  logging everything to a logfile
-
-.B -o, --lightlog
-  logging some data to a logfile
-
-.B -S, --heavysocklog
-  logging everything to a localport
-
-.B -s, --lightsocklog
-  logging some data to a localport
+.B -o, --log LOGCMD
+  log choosen information to file/socket
 
 .B -v, --verbose
   to be verbose - program won't enter the daemon mode (use several times for greater effect)
@@ -104,6 +107,14 @@ is running (required)
 .B -L, --Load
   load a module for service's packets filtering
 
+.I HTTP PROXY
+
+.B -P, --proxyname
+  the name of the machine with proxy server
+
+.B -X, --proxyport
+  the port used by proxy server (default: 8080)
+
 .SH "REMOTE ADMINISTRATION"
 
 Remote administration mode is enabled by
@@ -141,6 +152,50 @@ command),
 .B afclient
 exits.
 
+.SH "LOGCMD FORMAT"
+
+.B LOGCMD
+has the following synopsis:
+.B target,description,msgdesc
+
+Where
+.B target
+is
+.B file
+or
+.B sock
+
+.B description
+is
+.B filename
+or
+.B host,port
+
+and
+.B msgdesc
+is the subset of:
+
+.B LOG_T_ALL,
+.B LOG_T_USER,
+.B LOG_T_CLIENT,
+.B LOG_T_INIT,
+.B LOG_T_MANAGE,
+.B LOG_T_MAIN,
+.B LOG_I_ALL,
+.B LOG_I_CRIT,
+.B LOG_I_DEBUG,
+.B LOG_I_DDEBUG,
+.B LOG_I_INFO,
+.B LOG_I_NOTICE,
+.B LOG_I_WARNING,
+.B LOG_I_ERR
+
+written without spaces.
+
+  Example:
+
+  file,logfile,LOG_T_USER,LOG_T_CLIENT,LOG_I_INFO,LOG_I_NOTICE
+
 .SH MODULES
 
 .B Afclient
diff --git a/doc/afserver.1 b/doc/afserver.1
index 0a39c2c..cf17b49 100644
--- a/doc/afserver.1
+++ b/doc/afserver.1
@@ -1,4 +1,4 @@
-.TH afserver 1 "apf 0.6" Jeremian
+.TH afserver 1 "apf 0.7" Jeremian
 .SH NAME
 afserver \- active port forwarder server
 .SH SYNOPSIS
@@ -89,6 +89,9 @@ connects to it (default: 50126)
 .B -b, --baseport
   listenports are temporary and differ for each client
 
+.B -a, --audit
+  additional information about connections are logged
+
 .B --nossl
   ssl is not used to transfer data (but it's still used to establish a connection) (default: ssl is used)
 
@@ -100,17 +103,8 @@ connects to it (default: 50126)
 
 .I Logging
 
-.B -O, --heavylog
-  logging everything to a logfile
-  
-.B -o, --lightlog
-  logging some data to a logfile
-  
-.B -S, --heavysocklog
-  logging everything to a localport
-  
-.B -s, --lightsocklog
-  logging some data to a localport
+.B -o, --log LOGCMD
+  log choosen information to file/socket
   
 .B -v, --verbose
   to be verbose - program won't enter the daemon mode (use several times for greater effect)
@@ -123,6 +117,11 @@ connects to it (default: 50126)
 .B -6, --ipv6
   use ipv6 only
 
+.I HTTP PROXY
+
+.B -P, --enableproxy
+  enable http proxy mode
+
 .SH "REMOTE ADMINISTRATION"
 
 Currently available commands are:
@@ -148,6 +147,68 @@ Currently available commands are:
 .B quit
   quit connection
 
+.B timeout N X
+  set timeout value in X realm
+
+.B audit {0|1} X
+  set audit mode in X realm
+
+.B dnslookups {0|1} X
+  set dnslookups mode in X realm
+
+.B dateformat S
+  set dateformat
+
+.B kuser S
+  kick user named S
+
+.B kclient N
+  kick client with number N
+
+.SH "LOGCMD FORMAT"
+
+.B LOGCMD
+has the following synopsis:
+.B target,description,msgdesc
+
+Where
+.B target
+is
+.B file
+or
+.B sock
+
+.B description
+is
+.B filename
+or
+.B host,port
+
+and
+.B msgdesc
+is the subset of:
+
+.B LOG_T_ALL,
+.B LOG_T_USER,
+.B LOG_T_CLIENT,
+.B LOG_T_INIT,
+.B LOG_T_MANAGE,
+.B LOG_T_MAIN,
+.B LOG_I_ALL,
+.B LOG_I_CRIT,
+.B LOG_I_DEBUG,
+.B LOG_I_DDEBUG,
+.B LOG_I_INFO,
+.B LOG_I_NOTICE,
+.B LOG_I_WARNING,
+.B LOG_I_ERR
+
+written without spaces.
+
+  Example:
+
+  file,filename,LOG_T_ALL,LOG_I_CRIT,LOG_I_ERR,LOG_I_WARNING
+
 .SH "SEE ALSO"
 
 .BR afclient (1),
diff --git a/doc/afserver.conf.5 b/doc/afserver.conf.5
index b15bf2d..18d1b2a 100644
--- a/doc/afserver.conf.5
+++ b/doc/afserver.conf.5
@@ -1,4 +1,4 @@
-.TH afserver.conf 5 "apf 0.6" Jeremian
+.TH afserver.conf 5 "apf 0.7" Jeremian
 .SH NAME
 afserver.conf \- Configuration File for afserver
 .SH INTRODUCTION
@@ -22,9 +22,9 @@ uses configuration file, which name is supplied by the
 option. The
 .B afserver.conf
 file is composed of two sections which have to be in fixed order. In first section global values like certificates, keys and logging options are set. The second section starts with first
-.B newrealm
+.B realm
 command and includes options describing specific realms. There may be several
-.B newrealm
+.B realm
 commands.
 
 .SH "GLOBAL OPTIONS"
@@ -35,17 +35,8 @@ commands.
 .B key FILE
   the name of the file with RSA key (default: server.rsa)
 
-.B lightlog FILE
-  logging some data to a logfile
-
-.B heavylog FILE
-  logging everything to a logfile
-
-.B heavysocklog PORT
-  logging everything to a localport
-
-.B lightsocklog PORT
-  logging some data to a localport
+.B log LOGCMD
+  log choosen information to file/socket
 
 .B dateformat FORMAT
   format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S). Format string is trimmed. In order to include white characters into format string, use dots to mark beginning and end of the text. If the dot is first or last character, it's removed. Only one character from the beginning and one from the end can be removed.
@@ -98,6 +89,9 @@ commands.
   
 .B baseport
   listenports are temporary and differ for each client
+
+.B audit
+  additional information about connections are logged
   
 .B dnslookups
   try to obtain dns names of the computers rather than their numeric IP
@@ -108,6 +102,9 @@ commands.
 .B ipv6
   use ipv6 only
 
+.B enableproxy
+  enable http proxy mode
+
 .SH "SEE ALSO"
 
 .BR afclient (1),
diff --git a/doc/afserver_example.conf b/doc/afserver_example.conf
index 2046b03..f7c0be8 100644
--- a/doc/afserver_example.conf
+++ b/doc/afserver_example.conf
@@ -12,17 +12,13 @@ key		server.rsa
 
 # type		name of file
 
-lightlog	logfile
-#heavylog	logfile
+log	      file,logfile,LOG_T_ALL,LOG_I_CRIT,LOG_I_ERR,LOG_I_WARNING
 
 # we we could also want to use sockets instead of files
 
-# type          port (on localhost)
+#log      sock,localhost,LOG_T_ALL,LOG_I_ALL
 
-#lightsocklog   12345
-#heavysocklog   12345
-
-#dateformat %d.%m.%Y %H:%M:%S
+#dateformat %Y-%m-%d %H:%M:%S
 
 # And it's time to create forwarding targets (named realms here)
 
@@ -46,9 +42,11 @@ manage    50126         #portnumber on which server is listening for afclient
 #nossl                #don't use ssl for data transfer
 #nozlib                #don't use zlib
 #baseport               #listenports are temporary and differ for each client
+#audit                   #additional information about connections are logged
 #dnslookups              #try to obtain dns names of the computers
 #ipv4                   #use ipv4 only
 #ipv6                  #use ipv6 only
+#enableproxy          #enable http proxy mode
 
 # and now the second realm
 
diff --git a/doc/en/README b/doc/en/README
index 0e49c3e..d676098 100644
--- a/doc/en/README
+++ b/doc/en/README
@@ -1,4 +1,4 @@
-AF - Active Port Forwarder 0.6 - README
+AF - Active Port Forwarder 0.7 - README
 Copyright (C) 2003,2004,2005 jeremian - <jeremian [at] poczta.fm>
 =================================================================
 
@@ -30,11 +30,13 @@ INTRO
   2.1 afserver
   2.2 afclient
 3. REMOTE ADMINISTRATION
-4. MODULES
-5. EXAMPLES
-  5.1 tcp mode
-  5.2 reverse udp mode
-6. BUGS/PROBLEMS
+4. HTTP PROXY TUNNELS
+5. LOGGING
+6. MODULES
+7. EXAMPLES
+  7.1 tcp mode
+  7.2 reverse udp mode
+8. BUGS/PROBLEMS
 
 NOTES
 
@@ -110,6 +112,7 @@ Multiple clients allow to create more sophisticated tunneling scheme.
                         to it (default: 50127)
   -m, --manageport    - manage port number - second part of the active
                         port forwarder connects to it (default: 50126)
+  -V, --version       - display version number
   -h, --help          - prints this help
 
  Authorization:
@@ -137,27 +140,24 @@ Multiple clients allow to create more sophisticated tunneling scheme.
   -R, --raclients     - the number of allowed clients in remote administration
                         mode to use this server (default: 1)
   -U, --usrpcli       - the number of allowed users per client (default: $users)
-  -M, --climode       - strategy used for connecting users with clients
-                        (default: 1)
+  -M, --climode       - strategy used to connect users with clients (default: 1)
                       Available strategies:
                         1. fill first client before go to next
 
-  -p, --proto         - type of server (tcp|udp) - for which protocol it will
-                        be operating (default: tcp)
+  -p, --proto         - type of server (tcp|udp) - what protocol it will be
+                        operating for (default: tcp)
   -b, --baseport      - listenports are temporary and differ for each client
-  --nossl             - ssl is not used for transferring data (but it's still
-                        used to establish a connection) (default: ssl is used)
-  --nozlib            - zlib is not used for compressing data (default:
-                        zlib is used)
+  -a, --audit         - additional information about connections are logged
+  --nossl             - ssl is not used to transfer data (but it's still used
+                        to establish a connection) (default: ssl is used)
+  --nozlib            - zlib is not used to compress data (default: zlib is
+                        used)
   --dnslookups        - try to obtain dns names of the computers rather than
                         their numeric IP
 
  Logging:
 
-  -O, --heavylog      - logging everything to a logfile
-  -o, --lightlog      - logging some data to a logfile
-  -S, --heavysocklog  - logging everything to a localport
-  -s, --lightsocklog  - logging some data to a localport
+  -o, --log           - log choosen information to file/socket
   -v, --verbose       - to be verbose - program won't enter the daemon mode
                         (use several times for greater effect)
 
@@ -166,6 +166,11 @@ Multiple clients allow to create more sophisticated tunneling scheme.
   -4, --ipv4          - use ipv4 only
   -6, --ipv6          - use ipv6 only
 
+ HTTP PROXY:
+
+  -P, --enableproxy   - enable http proxy mode
+
+
   2.2 afclient
   ------------
 
@@ -179,11 +184,12 @@ Multiple clients allow to create more sophisticated tunneling scheme.
                         destination of the packets (default: the name
                         returned by hostname function)
   -p, --portnum       - the port we are forwarding connection to (required)
+  -V, --version       - display version number
   -h, --help          - prints this help
 
  Authorization:
 
-  -i, --id            - send the id string to afserver
+  -i, --id            - sends the id string to afserver
   --pass              - set the password used for client identification
                         (default: no password)
 
@@ -192,23 +198,25 @@ Multiple clients allow to create more sophisticated tunneling scheme.
   -k, --keyfile       - the name of the file with RSA key (default: client.rsa)
   -D, --dateformat    - format of the date printed in logs (see 'man strftime'
                         for details) (default: %d.%m.%Y %H:%M:%S)
+  -K, --keep-alive N  - send keepalive packets every N seconds
+                        (default: not send keepalive packets)
+  -A, --ar-tries N    - try N times to reconnect to afserver after
+                        its premature quit (default: unlimited)
+  -T, --ar-delay N    - wait N seconds between reconnect tries (default: 5)
 
  Modes:
 
   -u, --udpmode       - udp mode - client will use udp protocol to
-                        communicate with the hostname
+                        communicate with the hostname:portnum (-p)
   -U, --reverseudp    - reverse udp forwarding. Udp packets will be forwarded
                         from hostname:portnum (-p) to the server name:portnum
                         (-m)
   -r, --remoteadmin   - remote administration mode. (using '-p #port' will
-                        force afclient to use port rather then stdin-stdout)
+                        force afclient to use port rather than stdin-stdout)
 
  Logging:
 
-  -O, --heavylog      - logging everything to a logfile
-  -o, --lightlog      - logging some data to a logfile
-  -S, --heavysocklog  - logging everything to a localport
-  -s, --lightsocklog  - logging some data to a localport
+  -o, --log           - log choosen information to file/socket
   -v, --verbose       - to be verbose - program won't enter the daemon mode
                         (use several times for greater effect)
 
@@ -222,6 +230,12 @@ Multiple clients allow to create more sophisticated tunneling scheme.
   -l, --load          - load a module for user's packets filtering
   -L, --Load          - load a module for service's packets filtering
 
+ HTTP PROXY:
+
+  -P, --proxyname     - the name of the machine with proxy server
+  -X, --proxyport     - the port used by proxy server (default: 8080)
+
+
 ================================================================================
 
 ========================
@@ -257,6 +271,25 @@ Currently available commands are:
        quit
          quit connection
 
+       timeout N X
+         set timeout value in X realm
+
+       audit {0|1} X
+         set audit mode in X realm
+
+       dnslookups {0|1} X
+         set dnslookups mode in X realm
+
+       dateformat S
+         set dateformat
+
+       kuser S
+         kick user named S
+
+       kclient N
+         kick client with number N
+
+
 Afclient with '-p, --portnum PORT' option listens for connection  from  user  at
 NAME:PORT.  NAME is set by '-d, --hostname' option or hostname() function,  when
 the option is missing.
@@ -265,8 +298,58 @@ When user quits (close the connection or send 'quit' command),  afclient  exits.
 
 ================================================================================
 
+=====================
+4. HTTP PROXY TUNNELS
+=====================
+
+Afclient can communicate with afserver via HTTP proxy. In order to use this
+feature, afserver must be started with '-P, --enableproxy' option. Afclient must
+specify the proxy host ('-P, --proxyname' option) and port ('-X, --proxyport'
+option).
+
+Afclient with HTTP proxy mode enabled can still accept connections from
+afclients, which don't use HTTP proxy mode.
+
+================================================================================
+
+==========
+5. LOGGING
+==========
+
+Logging can be enabled by '-o, --log' option. The argument to this option must
+be in the form:
+  target,description,msgdesc
+
+Where
+  target is file or sock
+  description is filename or host,port
+  msgdesc is the subset of:
+    LOG_T_ALL,
+    LOG_T_USER,
+    LOG_T_CLIENT,
+    LOG_T_INIT,
+    LOG_T_MANAGE,
+    LOG_T_MAIN,
+    LOG_I_ALL,
+    LOG_I_CRIT,
+    LOG_I_DEBUG,
+    LOG_I_DDEBUG,
+    LOG_I_INFO,
+    LOG_I_NOTICE,
+    LOG_I_WARNING,
+    LOG_I_ERR
+
+    written without spaces.
+
+
+  Example:
+  
+  file,filename,LOG_T_MANAGE,LOG_I_ALL
+
+================================================================================
+
 ==========
-4. MODULES
+6. MODULES
 ==========
 
 Afclient can use external modules for user's packets  filtering  ('-l,  --load')
@@ -343,10 +426,10 @@ Modules have to be compiled with '-fPIC -shared' options.
 ================================================================================
 
 ===========
-5. EXAMPLES
+7. EXAMPLES
 ===========
 
-  5.1 tcp mode
+  7.1 tcp mode
   ------------
 
                     local network   |FireWall|   Internet
@@ -395,7 +478,7 @@ on our computer and we are behind a masquerade or a firewall:
 6) We can now enter with a web-browser to: <name of  the  server>:50127  and  we
    will enter to our computer in the fact.
 
-  5.2 reverse udp mode
+  7.2 reverse udp mode
   --------------------
 
                     local network   |FireWall|   Internet
@@ -434,7 +517,7 @@ server on our computer (udp port 27960 on our machine):
 ================================================================================
 
 ================
-6. BUGS/PROBLEMS
+8. BUGS/PROBLEMS
 ================
 
 There are no known/open bugs at the moment.
author	Jakub Sławiński	2005-06-07 12:06:18 +0200
committer	Joshua Judson Rosen	2014-07-17 21:14:58 +0200
commit	32aff2b27ccc3b3e51fb6f0bd77fe0073827c527 (patch)
tree	f2fc2530a6960f6fdf4d63eb80c4f61342250bbd /doc
parent	v0.6 (diff)
download	apf-32aff2b27ccc3b3e51fb6f0bd77fe0073827c527.tar.gz