Initial project structure based on Active Port Forwarder 0.8.4.

9 files changed, 2462 insertions, 0 deletions

diff --git a/doc/afclient.1 b/doc/afclient.1
new file mode 100644
index 0000000..677ec7a
--- /dev/null
+++ b/doc/afclient.1
@@ -0,0 +1,344 @@
+.TH afclient 1 "apf 0.8.4" Jeremian
+.SH NAME
+afclient \- active port forwarder client
+.SH SYNOPSIS
+.B afclient [
+.I options
+.B ] -n
+.I servername
+.B -p
+.I portnum
+.SH DESCRIPTION
+.B Afclient
+is a port forwarding program designed to be efficient and easy to use. It connects to
+.B afserver
+to listenport (default listenport is 50126) and after a successful authorization
+.B afclient
+redirects all the data to the specified destination host:port.
+.SH "EXAMPLES"
+.B afclient -n servername -p 22
+  program connects to servername:50126 and redirects data to local port 22 (becomes a daemon)
+
+.B afclient -n servername -p 22 -v
+  the same as above, but verbose mode is enabled (program won't enter daemon mode)
+
+.B afclient -n servername -r
+  program connects to servername:50126 in remote administration mode
+.SH OPTIONS
+.I "Basic options"
+
+.B -n, --servername NAME
+  name of the host, where
+.I afserver
+is running (required)
+
+.B -m, --manageport PORT
+  manage port number - server must be listening on it (default: 50126)
+
+.B -d, --hostname NAME
+  the name of this host/remote host - the final destination of the packets (default: the name returned by hostname function)
+
+.B -p, --portnum PORT
+  the port we are forwarding connection to (required)
+
+.B --localname NAME
+  local machine name for connection with afserver (used to bind socket to different interfaces)
+
+.B --localport NAME
+  local port name for connection with afserver (used to bind socket to different addressees)
+
+.B --localdesname NAME
+  local machine name for connections with destination application (used to bind socket to different interfaces)
+
+.B -V, --version
+  display version number
+
+.B -h, --help
+  prints help screen
+
+.I Authorization
+
+.B -i, --id STRING
+  sends the id string to afserver
+  
+.B --pass PASSWORD
+  set the password used for client identification (default: no password)
+
+.B --ignorepkeys
+  ignore invalid server's public keys
+
+.I Configuration
+
+.B -k, --keyfile FILE
+  the name of the file with RSA key (default: client.rsa)
+
+.B -c, --cerfile
+  the name of the file with certificate (default: no certificate used)
+
+.B -f, --cfgfile FILE
+  the name of the file with the configuration for the
+.I afclient
+
+.B -s, --storefile
+  the name of the file with stored public keys (default: known_hosts)
+  
+.B -D, --dateformat FORMAT
+  format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S)
+
+.B -K, --keep-alive N
+  send keepalive packets every N seconds (default: not send keepalive packets)
+
+.I Auto-reconnection
+
+.B --ar-start
+  enable auto-reconnection when afserver is not reachable on start (default: disabled)
+
+.B --ar-quit
+  enable auto-reconnection after normal afserver quit (default: disabled)
+
+.B --noar
+  disable auto-reconnection after premature afserver quit (default: enabled)
+
+.B -A, --ar-tries N
+  try N times to reconnect (default: unlimited)
+
+.B -T, --ar-delay N
+  wait N seconds between reconnect tries (default: 5)
+
+.I Modes
+
+.B -u, --udpmode
+  udp mode - client will use udp protocol to communicate with the hostname:portnum
+
+.B -U, --reverseudp
+  reverse udp forwarding. Udp packets will be forwarded from hostname:portnum to the server name:manageport
+  
+.B -r, --remoteadmin
+  remote administration mode. (using '-p PORT' will force afclient to use port rather than stdin-stdout)
+
+.I Logging
+
+.B -o, --log LOGCMD
+  log choosen information to file/socket
+
+.B -v, --verbose
+  to be verbose - program won't enter the daemon mode (use several times for greater effect)
+
+.I "IP family"
+
+.B -4, --ipv4
+  use ipv4 only
+
+.B -6, --ipv6
+  use ipv6 only
+
+.I Modules
+
+.B -l, --load
+  load a module for user's packets filtering
+
+.B -L, --Load
+  load a module for service's packets filtering
+
+.I HTTP/HTTPS PROXY
+
+.B -S, --use-https
+  use https proxy instead of http proxy
+
+.B -P, --proxyname
+  the name of the machine with proxy server
+
+.B -X, --proxyport
+  the port used by proxy server (default: 8080)
+
+.B -C, --pa-cred  U:P
+  the user (U) and password (P) used in proxy authorization
+
+.B -B, --pa-t-basic
+  the Basic type of proxy authorization (default)
+
+.SH "REMOTE ADMINISTRATION"
+
+Remote administration mode is enabled by
+.B '-r, --remoteadmin'
+option. Required options:
+.B '-n, --servername NAME'
+
+After successful authorization stdin/stdout are used to communicate with user. All the commands parsing is done by
+.BR afserver .
+Commands guaranteed to be available:
+
+.B help
+  display help
+
+.B lcmd
+  lists available commands
+
+.B quit
+  quit connection
+
+For list of all available commands take a look at
+.BR afserver (1).
+
+When 
+.B '-p, --portnum PORT'
+is used,
+.B afclient
+listens for connection from user at NAME:PORT. NAME is set by
+.B '-d, --hostname'
+option or hostname() function, when the option is missing.
+
+When user quits (close the connection or send
+.B 'quit'
+command),
+.B afclient
+exits.
+
+.SH "LOGCMD FORMAT"
+
+.B LOGCMD
+has the following synopsis:
+.B target,description,msgdesc
+
+Where
+.B target
+is
+.B file
+or
+.B sock
+
+.B description
+is
+.B filename
+or
+.B host,port
+
+and
+.B msgdesc
+is the subset of:
+
+.B LOG_T_ALL,
+.B LOG_T_USER,
+.B LOG_T_CLIENT,
+.B LOG_T_INIT,
+.B LOG_T_MANAGE,
+.B LOG_T_MAIN,
+.B LOG_I_ALL,
+.B LOG_I_CRIT,
+.B LOG_I_DEBUG,
+.B LOG_I_DDEBUG,
+.B LOG_I_INFO,
+.B LOG_I_NOTICE,
+.B LOG_I_WARNING,
+.B LOG_I_ERR
+
+written without spaces.
+
+  Example:
+
+  file,logfile,LOG_T_USER,LOG_T_CLIENT,LOG_I_INFO,LOG_I_NOTICE
+
+.SH MODULES
+
+.B Afclient
+can use external modules for user's packets filtering
+.RB ( "'-l,  --load'" )
+and service's packets filtering
+.RB ( "'-L, --Load'" ).
+Module file has to declare three functions:
+
+.BI "char* info(" void );
+  
+  info() return values:
+  - info about module
+
+  Example:
+
+  char*
+  info(void)
+  {      
+    return "Module tester v0.1";
+  }    
+         
+.BI "int allow(char* " host ", char* " port );
+       
+  allow() return values:
+  0 - allow to connect
+  !0 - drop the connection
+         
+  Example:
+       
+  int    
+  allow(char* host, char* port)
+  {    
+    return 0; /* allow to connect */
+  }
+       
+.BI "int filter(char* " host ", unsigned char* " message ", int* " length );
+
+  filter() return values:
+  0 - allow to transfer 
+  1 - drop the packet
+  2 - drop the connection
+  3 - release the module
+  4 - drop the packet and release the module
+  5 - drop the connection and release the module
+
+  Example:
+
+  int
+  filter(char* host, unsigned char* message, int* length)
+  {
+    int i;
+    for (i = 1; i < *length; ++i) {
+      if (message[i-1] == 'M') {
+        if (message[i] == '1') {
+          return 1; /* ignored */
+        }
+        if (message[i] == '2') {
+          return 2; /* dropped */
+        }
+        if (message[i] == '3') {
+          return 3; /* release */
+        }
+        if (message[i] == '4') {
+          return 4; /* ignored + release */
+        }
+        if (message[i] == '5') {
+          return 5; /* dropped + release */
+        }
+      }
+    }
+    return 0; /* allow to transfer */
+  }
+
+Modules have to be compiled with
+.B -fPIC -shared
+options.
+
+.SH "SEE ALSO"
+
+.BR afclient.conf (5),
+.BR afserver (1),
+.BR afserver.conf (5)
+  
+.SH BUGS
+
+.B Afclient
+is still under development. There are no known open bugs at the moment.
+
+.SH "REPORTING BUGS"
+
+Please report bugs to <jeremian [at] poczta.fm>
+
+.SH AUTHOR
+
+Jeremian <jeremian [at] poczta.fm>
+
+.SH CONTRIBUTIONS
+
+Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru>, Marco Solari <marco.solari [at] koinesistemi.it>, and Joshua Judson Rosen <rozzin [at] geekspace.com>
+
+.SH LICENSE
+
+Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm>. See the file COPYING for details.
diff --git a/doc/afclient.conf.5 b/doc/afclient.conf.5
new file mode 100644
index 0000000..4f8a5c6
--- /dev/null
+++ b/doc/afclient.conf.5
@@ -0,0 +1,152 @@
+.TH afclient.conf 5 "apf 0.8.4" Jeremian
+.SH NAME
+afclient.conf \- Configuration File for afclient
+.SH INTRODUCTION
+.B Afclient
+supports several mechanisms to supply configuration and run-time parameters: command line options,
+.B afclient.conf
+and hard-coded defaults. When the same information is supplied in more than one way, the highest precedence mechanism is used. When configuration file is used (option:
+.IR "-f FILE")
+command line options like
+.IR --reverseudp ,
+.IR --udpmode ,
+.IR --remoteadmin ,
+.IR --load ,
+.I --Load
+and
+.I --pass
+are ignored. Options from configuration file are taken before values from command line (with the exception of
+.IR --keyfile ,
+.IR --storefile ,
+.IR --dateformat ,
+.IR --ignorepkeys
+and the options connected with http proxy and auto-reconnect support). When something is not declared, hard-coded values are used.
+
+.SH DESCRIPTION
+.B Afclient
+uses configuration file, which name is supplied by the
+.I -f FILE
+option. The
+.B afclient.conf
+file is the set of command-line like options, which can be written in any order.
+
+.SH "OPTIONS"
+
+.B servername NAME
+  name of the host, where
+.I afserver
+is running
+
+.B manageport PORT
+  manage port number - server must be listening on it (default: 50126)
+
+.B hostname NAME
+  the name of this host/remote host - the final destination of the packets (default: the name returned by hostname function)
+
+.B portnum PORT
+  the port we are forwarding connection to
+
+.B localname NAME
+  local machine name for connection with afserver (used to bind socket to different interfaces)
+
+.B localport NAME
+  local port name for connection with afserver (used to bind socket to different addressees)
+
+.B localdesname NAME
+  local machine name for connections with destination application (used to bind socket to different interfaces)
+
+.B id STRING
+  sends the id string to afserver
+
+.B pass PASSWORD
+  set the password used for client identification (default: no password)
+
+.B ignorepkeys
+  ignore invalid server's public keys
+
+.B keyfile FILE
+  the name of the file with RSA key (default: client.rsa)
+
+.B cerfile FILE
+  the name of the file with certificate (default: no certificate used)
+
+.B storefile FILE
+  the name of the file with stored public keys (default: known_hosts)
+
+.B dateformat FORMAT
+  format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S). Format string is trimmed. In order to include white characters into format string, use dots to mark beginning and end of the text. If the dot is first or last character, it's removed. Only one character from the beginning and one from the end can be removed.
+
+.B keep-alive N
+  send keepalive packets every N seconds (default: not send keepalive packets)
+
+.B ar-start
+  enable auto-reconnection when afserver is not reachable on start (default: disabled)
+
+.B ar-quit
+  enable auto-reconnection after normal afserver quit (default: disabled)
+
+.B noar
+  disable auto-reconnection after premature afserver quit (default: enabled)
+
+.B ar-tries N
+  try N times to reconnect (default: unlimited)
+
+.B ar-delay N
+  wait N seconds between reconnect tries (default: 5)
+
+.B udpmode
+  udp mode - client will use udp protocol to communicate with the hostname:portnum
+
+.B reverseudp
+  reverse udp forwarding. Udp packets will be forwarded from hostname:portnum to the server name:manageport
+
+.B remoteadmin
+  remote administration mode. (using '-p PORT' will force afclient to use port rather than stdin-stdout)
+
+.B log LOGCMD
+  log choosen information to file/socket
+
+.B ipv4
+  use ipv4 only
+
+.B ipv6
+  use ipv6 only
+
+.B load FILE
+  load a module for user's packets filtering
+
+.B Load FILE
+  load a module for service's packets filtering
+
+.B use-https
+  use https proxy instead of http proxy
+
+.B proxyname NAME
+  the name of the machine with proxy server
+
+.B proxyport PORT
+  the port used by proxy server (default: 8080)
+
+.B pa-cred  U:P
+  the user (U) and password (P) used in proxy authorization
+
+.B pa-t-basic
+  the Basic type of proxy authorization (default)
+
+.SH "SEE ALSO"
+
+.BR afserver.conf (5),
+.BR afclient (1),
+.BR afserver (1)
+
+.SH AUTHOR
+
+Jeremian <jeremian [at] poczta.fm>
+
+.SH CONTRIBUTIONS
+
+Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru>, Marco Solari <marco.solari [at] koinesistemi.it>, and Joshua Judson Rosen <rozzin [at] geekspace.com>
+
+.SH LICENSE
+
+Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm>. See the file COPYING for details.
diff --git a/doc/afclient_example.conf b/doc/afclient_example.conf
new file mode 100644
index 0000000..d336ce3
--- /dev/null
+++ b/doc/afclient_example.conf
@@ -0,0 +1,54 @@
+# This is an example configuration file for active port forwarder (client)
+
+#servername <yourservername>  #name of the server to connect to (required)
+#manageport 50126             #manage port number (default: 50126)
+#hostname <yourhostname>      #the name of the destination host (default:
+                              #  the name returned by hostname function)
+#portnum 22                   #the destination port of the tunnel (required)
+
+#localname <localname>        #local machine name for connection with afserver
+#localport <localport>        #local port name for connection with afserver
+#localdesname <localdesname>  #local machine name for connections with destination application
+
+#id example client's id       #sends the id string to afserver
+#pass password                #set the password used for client identification
+#ignorepkeys                  #ignore invalid server's public keys
+
+#keyfile client.rsa           #the name of the file with RSA key (default: client.rsa)
+#cerfile filename             #the name of the file with certificate (default: no certificate used)
+#storefile known_hosts        #the name of the file with stored public keys (default: known_hosts)
+#dateformat %Y-%m-%d %H:%M:%S #format of the date printed in logs (default: %Y-%m-%d %H:%M:%S)
+#keep-alive 15                #send keepalive packets every N seconds (default: not send keepalive packets)
+
+#ar-start                     #enable auto-reconnection when afserver is not reachable on start
+                              #  (default: disabled)
+#ar-quit                      #enable auto-reconnection after normal afserver quit (default: disabled)
+#noar                         #disable auto-reconnection after premature afserver quit (default: enabled)
+
+#ar-tries 10                  #try N times to reconnect (default: unlimited)
+#ar-delay 10                  #wait N seconds between reconnect tries (default: 5)
+
+#udpmode                      #udp mode - client will use udp protocol to communicate with
+                              #  the hostname:portnum (-p)
+#reverseudp                   #reverse udp forwarding. Udp packets will be forwarded
+                              #  from hostname:portnum to the server name:manageport
+#remoteadmin                  #remote administration mode. (using '-p #port' will
+                              #  force afclient to use port rather than stdin-stdout)
+
+# Logging can be enabled by log option. The argument to this option must
+# be in the form:
+#     target,description,msgdesc
+
+#log       file,clogfile,LOG_T_ALL,LOG_I_CRIT,LOG_I_ERR,LOG_I_WARNING
+
+#ipv4                         #use ipv4 only
+#ipv6                         #use ipv6 only
+
+#load usermodule              #load a module for user's packets filtering
+#Load servicemodule           #load a module for service's packets filtering
+
+#use-https                    #use https proxy instead of http proxy
+#proxyname httpproxy          #the name of the machine with proxy server
+#proxyport 8080               #the port used by proxy server (default: 8080)
+#pa-cred user:password        #the user (U) and password (P) used in proxy authorization
+#pa-t-basic                   #the Basic type of proxy authorization (default)
diff --git a/doc/afserver.1 b/doc/afserver.1
new file mode 100644
index 0000000..887d79b
--- /dev/null
+++ b/doc/afserver.1
@@ -0,0 +1,249 @@
+.TH afserver 1 "apf 0.8.4" Jeremian
+.SH NAME
+afserver \- active port forwarder server
+.SH SYNOPSIS
+.B afserver [
+.I options
+.B ]
+.SH DESCRIPTION
+.B Afserver
+is a port forwarding program designed to be efficient and easy to use. It listens for incoming
+.B afclient
+connections at listenport (default listenport is 50126). After successful client authorization,
+.B afserver
+listens for incoming user connections. When a new user connection is opened, all the data is redirected to previously connected
+.B afclient,
+which redirects it to the specified destination host:port.
+.SH EXAMPLES
+.B afserver
+  program starts with default options (become a daemon)
+  
+.B afserver -v
+  verbose mode is enabled (program won't enter daemon mode)
+  
+.B afserver -n localhost -l 5435 -m 6375
+  program will listen on localhost:5435 for users and on localhost:6375 for clients
+.SH OPTIONS
+.I "Basic options"
+
+.B -n, --hostname NAME
+  used when creating listening sockets (default: '')
+
+.B -l, --listenport [HOST:]PORT
+  listening [host:]port number - users connect to it (default: 50127)
+
+.B -m, --manageport [HOST:]PORT
+  manage [host:]port number -
+.I afclient
+connects to it (default: 50126)
+
+.B -V, --version
+  display version number
+
+.B -h, --help
+  prints help screen
+
+.I Authorization
+
+.B --pass PASSWORD
+  password used for client identification (default: no password)
+
+.I Configuration
+
+.B -c, --cerfile FILE
+  the name of the file with certificate (default: server-cert.pem)
+
+.B -A, --cacerfile FILE
+  the name of the file with CA certificates (if used, require clients to have valid certificates)
+
+.B -d, --cerdepth
+  the maximum depth of valid certificate-chains
+
+.B -k, --keyfile FILE
+  the name of the file with RSA key (default: server.rsa)
+  
+.B -f, --cfgfile FILE
+  the name of the file with the configuration for the
+.I afserver
+
+.B -D, --dateformat FORMAT
+  format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S)
+
+.B -t, --timeout N
+  the timeout value for the client's connection (default: 5)
+
+.B --maxidle N
+  the maximum idle time for the client's connection (default: disabled)
+
+.B -u, --users N
+  the amount of users allowed to use this server (default: 5)
+
+.B -C, --clients N
+  the number of allowed clients to use this server (default: 1)
+
+.B -r, --realm
+  set the realm name (default: none)
+
+.B -R, --raclients N
+  the number of allowed clients in remote administration mode to use this server (default: 1)
+
+.B -U, --usrpcli N
+  the number of allowed users per client (default: $users)
+
+.B -M, --climode N
+  strategy used to connect users with clients (default: 1)
+  Available strategies:
+    1. fill first client before go to next
+
+.B -p, --proto TYPE
+  type of server (tcp|udp) - what protocol it will be operating for (default: tcp)
+
+.B -b, --baseport
+  listenports are temporary and differ for each client
+
+.B -a, --audit
+  additional information about connections are logged
+
+.B --nossl
+  ssl is not used to transfer data (but it's still used to establish a connection) (default: ssl is used)
+
+.B --nozlib
+  zlib is not used to compress data (default: zlib is used)
+
+.B --dnslookups
+  try to obtain dns names of the computers rather than their numeric IP
+
+.I Logging
+
+.B -o, --log LOGCMD
+  log choosen information to file/socket
+  
+.B -v, --verbose
+  to be verbose - program won't enter the daemon mode (use several times for greater effect)
+
+.I "IP family"
+
+.B -4, --ipv4
+  use ipv4 only
+  
+.B -6, --ipv6
+  use ipv6 only
+
+.I HTTP PROXY
+
+.B -P, --enableproxy
+  enable http proxy mode
+
+.SH "REMOTE ADMINISTRATION"
+
+Currently available commands are:
+
+.B help
+  display help
+
+.B lcmd
+  lists available commands
+
+.B info
+  prints info about server
+
+.B rshow
+  display realms
+
+.B cshow X
+  display clients in X realm
+
+.B ushow X
+  display users in X realm
+
+.B quit
+  quit connection
+
+.B timeout N X
+  set timeout value in X realm
+
+.B audit {0|1} X
+  set audit mode in X realm
+
+.B dnslookups {0|1} X
+  set dnslookups mode in X realm
+
+.B dateformat S
+  set dateformat
+
+.B kuser S
+  kick user named S
+
+.B kclient N
+  kick client with number N
+
+.SH "LOGCMD FORMAT"
+
+.B LOGCMD
+has the following synopsis:
+.B target,description,msgdesc
+
+Where
+.B target
+is
+.B file
+or
+.B sock
+
+.B description
+is
+.B filename
+or
+.B host,port
+
+and
+.B msgdesc
+is the subset of:
+
+.B LOG_T_ALL,
+.B LOG_T_USER,
+.B LOG_T_CLIENT,
+.B LOG_T_INIT,
+.B LOG_T_MANAGE,
+.B LOG_T_MAIN,
+.B LOG_I_ALL,
+.B LOG_I_CRIT,
+.B LOG_I_DEBUG,
+.B LOG_I_DDEBUG,
+.B LOG_I_INFO,
+.B LOG_I_NOTICE,
+.B LOG_I_WARNING,
+.B LOG_I_ERR
+
+written without spaces.
+
+  Example:
+
+  file,filename,LOG_T_ALL,LOG_I_CRIT,LOG_I_ERR,LOG_I_WARNING
+
+.SH "SEE ALSO"
+
+.BR afserver.conf (5),
+.BR afclient (1),
+.BR afclient.conf (5)
+
+.SH BUGS
+
+.B Afserver
+is still under development. There are no known open bugs at the moment.
+
+.SH "REPORTING BUGS"
+
+Please report bugs to <jeremian [at] poczta.fm>
+
+.SH AUTHOR
+
+Jeremian <jeremian [at] poczta.fm>
+
+.SH CONTRIBUTIONS
+
+Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru> Marco Solari <marco.solari [at] koinesistemi.it>, and Joshua Judson Rosen <rozzin [at] geekspace.com>
+
+.SH LICENSE
+
+Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm>. See the file COPYING for details.
diff --git a/doc/afserver.conf.5 b/doc/afserver.conf.5
new file mode 100644
index 0000000..c62e105
--- /dev/null
+++ b/doc/afserver.conf.5
@@ -0,0 +1,138 @@
+.TH afserver.conf 5 "apf 0.8.4" Jeremian
+.SH NAME
+afserver.conf \- Configuration File for afserver
+.SH INTRODUCTION
+.B Afserver
+supports several mechanisms to supply configuration and run-time parameters: command line options,
+.B afserver.conf
+and hard-coded defaults. When the same information is supplied in more than one way, the highest precedence mechanism is used. When configuration file is used (option:
+.IR "-f FILE")
+command line options like
+.IR --hostname ,
+.IR --listenport ,
+.I --manageport
+and
+.I --pass
+are ignored. Options from configuration file are taken before values from command line (with the exception of
+.IR --cerfile ,
+.I --keyfile
+and
+.I --dateformat
+). When something is not declared, hard-coded values are used.
+
+.SH DESCRIPTION
+.B Afserver
+uses configuration file, which name is supplied by the
+.I -f FILE
+option. The
+.B afserver.conf
+file is composed of two sections which have to be in fixed order. In first section global values like cerfile, keyfile and logging options are set. The second section starts with first
+.B realm
+command and includes options describing specific realms. There may be several
+.B realm
+commands.
+
+.SH "GLOBAL OPTIONS"
+
+.B cerfile FILE
+  the name of the file with certificate (default: server-cert.pem)
+
+.B cacerfile FILE
+  the name of the file with CA certificates (if used, require clients to have valid certificates)
+
+.B cerdepth N
+  the maximum depth of valid certificate-chains
+
+.B keyfile FILE
+  the name of the file with RSA key (default: server.rsa)
+
+.B log LOGCMD
+  log choosen information to file/socket
+
+.B dateformat FORMAT
+  format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S). Format string is trimmed. In order to include white characters into format string, use dots to mark beginning and end of the text. If the dot is first or last character, it's removed. Only one character from the beginning and one from the end can be removed.
+
+.SH "REALM OPTIONS"
+
+.B realm [NAME]
+  starts configuration of the next realm. Name of the realm can be specified using this option.
+
+.B hostname NAME
+  used when creating listening sockets (default: '')
+
+.B listenport PORT
+  listening port number - users connect to it (required at least one)
+
+.B manageport PORT
+  manage port number - afclient connects to it (required at least one)
+
+.B pass PASSWORD
+  password used for client identification (default: no password)
+
+.B users N
+  the amount of users allowed to use this server (default: 5)
+  
+.B timeout N
+  the timeout value for the client's connection (default: 5)
+ 
+.B --maxidle N
+  the maximum idle time for the client's connection (default: disabled)
+ 
+.B clients N
+  the number of allowed clients to use this server (default: 1)
+  
+.B raclients N
+  the number of allowed clients in remote administration mode to use this server (default: 1)
+  
+.B usrpcli N
+  the number of allowed users per client (default: $users)
+  
+.B climode N
+  strategy used to connect users with clients (default: 1)
+  Available strategies:
+    1. fill first client before go to next
+    
+.B proto TYPE
+  type of server (tcp|udp) - what protocol it will be operating for (default: tcp)
+
+.B nossl
+  ssl is not used to transfer data (but it's still used to establish a connection) (default: ssl is used)
+  
+.B nozlib
+  zlib is not used to compress data (default: zlib is used)
+  
+.B baseport
+  listenports are temporary and differ for each client
+
+.B audit
+  additional information about connections are logged
+  
+.B dnslookups
+  try to obtain dns names of the computers rather than their numeric IP
+  
+.B ipv4
+  use ipv4 only
+  
+.B ipv6
+  use ipv6 only
+
+.B enableproxy
+  enable http proxy mode
+
+.SH "SEE ALSO"
+
+.BR afclient.conf (5),
+.BR afclient (1),
+.BR afserver (1)
+
+.SH AUTHOR
+
+Jeremian <jeremian [at] poczta.fm>
+
+.SH CONTRIBUTIONS
+
+Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru>, Marco Solari <marco.solari [at] koinesistemi.it>, and Joshua Judson Rosen <rozzin [at] geekspace.com>
+
+.SH LICENSE
+
+Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm>. See the file COPYING for details.
diff --git a/doc/afserver_example.conf b/doc/afserver_example.conf
new file mode 100644
index 0000000..8bdafa6
--- /dev/null
+++ b/doc/afserver_example.conf
@@ -0,0 +1,58 @@
+# This is an example configuration file for active port forwarder (server)
+# Firstly, we have to declare our files with key and certificate
+
+cerfile	server-cert.pem
+
+# Please note, that we can place only blank characters between words
+
+keyfile		server.rsa
+
+# Logging can be enabled by log option. The argument to this option must
+# be in the form:
+#     target,description,msgdesc
+
+log	      file,logfile,LOG_T_ALL,LOG_I_CRIT,LOG_I_ERR,LOG_I_WARNING
+
+# we we could also want to use sockets instead of files
+
+#log      sock,localhost,LOG_T_ALL,LOG_I_ALL
+
+#dateformat %Y-%m-%d %H:%M:%S
+
+# And it's time to create forwarding targets (named realms here)
+
+#realm indicates a new set of commands to a server
+#realmname is optional
+realm my realm
+
+#options        values
+
+#hostname  <yourhostname> #this is the name of the server (used to choose interface)
+listenport    50127      #portnumber on which server is listening for users
+manageport    50126     #portnumber on which server is listening for afclient
+#users     5           #amount of users we are allowing to connect (>0) (default: 5)
+#timeout   5          #timeout value for the client's connection (>0) (default: 5)
+#maxidle   300        #the maximum idle time for the client's connection (>0) (default: disabled)
+#clients   1          #number of allowed clients for this realm (>0) (default: 1)
+#usrpcli   $users     #allowed users per client for this realm (>0) (default: $users)
+#climode   1          #strategy used for connecting users with clients (1) (default: 1)
+#proto     tcp       #type of the realm (which protocol it will forward (tcp|udp) (default: tcp)
+#pass   mypassword  #this is a password used for client identification
+#raclients 1         #number of allowed clients in remote administration mode (>0) (default: 1)
+#nossl                #don't use ssl for data transfer
+#nozlib                #don't use zlib
+#baseport               #listenports are temporary and differ for each client
+#audit                   #additional information about connections are logged
+#dnslookups              #try to obtain dns names of the computers
+#ipv4                   #use ipv4 only
+#ipv6                  #use ipv6 only
+#enableproxy          #enable http proxy mode
+#cacerfile filename  #the name of the file with CA certificates
+                    # (if used, require clients to have valid certificates)
+#cerdepth          #the maximum depth of valid certificate-chains
+
+# and now the second realm
+
+realm
+listenport    50125
+manageport    50124
diff --git a/doc/en/README b/doc/en/README
new file mode 100644
index 0000000..e9f5b20
--- /dev/null
+++ b/doc/en/README
@@ -0,0 +1,685 @@
+AF - Active Port Forwarder 0.8.4 - README
+Copyright (C) 2003-2007 jeremian - <jeremian [at] poczta.fm>
+=================================================================
+
+================================================================================
+
+GRAY-WORLD.NET / Active Port Forwarder
+======================================
+
+  The Active Port Forwarder program is  part  of  the  Gray-World.net  projects.
+
+  Our Gray-World Team presents on the http://gray-world.net website the projects
+  and publications we are working on which are  related  to  the  NACS  (Network
+  Access Control System) bypassing  research  field  and  to  the  computer  and
+  network security topics.
+
+================================================================================
+
+=======
+SUMMARY
+=======
+
+INTRO
+
+1. INSTALLATION
+  1.1 Instructions
+  1.2 Required libs
+  1.3 Tested platforms
+2. USAGE
+  2.1 afserver
+  2.2 afclient
+3. REMOTE ADMINISTRATION
+  3.1 Usage
+  3.2 Commands
+  3.3 States
+    3.3.1 Users
+    3.3.2 Clients
+  3.4 Relay mode
+4. HTTP PROXY TUNNELS
+5. LOGGING
+6. MODULES
+7. MULTI TUNNELS
+8. EXAMPLES
+  8.1 tcp mode
+  8.2 reverse udp mode
+9. BUGS/PROBLEMS
+
+NOTES
+
+THANKS
+
+================================================================================
+
+=====
+INTRO
+=====
+
+Active  port  forwarder  is  a  software  tool  for  secure   port   forwarding.
+It uses ssl to increase security of communication between a server and a client.
+Originally, it was developed to forward data point to point.  However, the  need
+for bypassing firewalls in order to  connect  to  internally  located  computers
+influenced the further development of the project.
+
+AF is dedicated for people, who don't have an external ip  number  and  want  to
+make some services available across the net.
+
+Moreover, zlib is used to compress the transferred data.
+
+Using one, permanent data/control channel with flow control /  packet  buffering
+provides good performance and reasonably small latency.
+
+Multiple clients allow to create more sophisticated tunneling scheme.
+
+================================================================================
+
+===============
+1. INSTALLATION
+===============
+
+  1.1 Instructions
+  ----------------
+
+1. Download the compressed sources from http://www.gray-world.net/pr_af.shtml
+2. Unpack them with tar zxvf
+3. Type "./configure"
+4. Type "make"
+5. Type "make install" while logged as root
+6. If something goes wrong - mail the author or post a message on
+   http://gray-world.net/board/
+
+  1.2 Required libs
+  -----------------
+
+1. openssl   -   http://www.openssl.org/
+2. zlib      -   http://www.gzip.org/zlib/
+
+  1.3 Tested platforms
+  --------------------
+  
+1. Linux:
+  Gentoo, Slackware, Mandrake - built without any problems
+2. Windows:
+  win32 - cygwin version is available on the project homepage
+  
+================================================================================
+
+========
+2. USAGE
+========
+
+  2.1 afserver
+  ------------
+
+ Basic options:
+
+  -n, --hostname      - it's used when creating listening sockets
+                        (default: '')
+  -l, --listenport    - listening [host:]port - users connect to it
+                        (default: 50127)
+  -m, --manageport    - manage [host:]port - afclient connects to it
+                        (default: 50126)
+  -V, --version       - display version number
+  -h, --help          - prints this help
+
+ Authorization:
+
+  --pass              - set the password used for client identification
+                        (default: no password)
+
+ Configuration:
+
+  -c, --cerfile       - the name of the file with certificate
+                        (default: server-cert.pem)
+  -A, --cacerfile     - the name of the file with CA certificates
+                        (if used, require clients to have valid certificates)
+  -d, --cerdepth      - the maximum depth of valid certificate-chains
+  -k, --keyfile       - the name of the file with RSA key (default: server.rsa)
+  -f, --cfgfile       - the name of the file with the configuration for the
+                        active forwarder (server)
+  -D, --dateformat    - format of the date printed in logs (see 'man strftime'
+                        for details) (default: %d.%m.%Y %H:%M:%S)
+  -t, --timeout       - the timeout value for the client's connection
+                        (default: 5)
+  --maxidle           - the maximum idle time for the client's connection
+                        (default: disabled)
+  -u, --users         - the amount of users allowed to use this server
+                        (default: 5)
+  -C, --clients       - the number of allowed clients to use this server
+                        (default: 1)
+  -r, --realm         - set the realm name (default: none)
+  -R, --raclients     - the number of allowed clients in remote administration
+                        mode to use this server (default: 1)
+  -U, --usrpcli       - the number of allowed users per client (default: $users)
+  -M, --climode       - strategy used to connect users with clients (default: 1)
+                      Available strategies:
+                        1. fill first client before go to next
+
+  -p, --proto         - type of server (tcp|udp) - what protocol it will be
+                        operating for (default: tcp)
+  -b, --baseport      - listenports are temporary and differ for each client
+  -a, --audit         - additional information about connections are logged
+  --nossl             - ssl is not used to transfer data (but it's still used
+                        to establish a connection) (default: ssl is used)
+  --nozlib            - zlib is not used to compress data (default: zlib is
+                        used)
+  --dnslookups        - try to obtain dns names of the computers rather than
+                        their numeric IP
+
+ Logging:
+
+  -o, --log           - log choosen information to file/socket
+  -v, --verbose       - to be verbose - program won't enter the daemon mode
+                        (use several times for greater effect)
+
+ IP family:
+
+  -4, --ipv4          - use ipv4 only
+  -6, --ipv6          - use ipv6 only
+
+ HTTP PROXY:
+
+  -P, --enableproxy   - enable http proxy mode
+
+
+  2.2 afclient
+  ------------
+
+ Basic options:
+
+  -n, --servername    - where the second part of the active
+                        port forwarder is running (required)
+  -m, --manageport    - manage port number - server must be
+                        listening on it (default: 50126)
+  -d, --hostname      - the name of this host/remote host - the final
+                        destination of the packets (default: the name
+                        returned by hostname function)
+  -p, --portnum       - the port we are forwarding connection to (required)
+  --localname         - local machine name for connection with afserver
+                        (used to bind socket to different interfaces)
+  --localport         - local port name for connection with afserver
+                        (used to bind socket to different addressees)
+  --localdesname      - local machine name for connections with destination
+                        application (used to bind socket to different interfaces)
+  -V, --version       - display version number
+  -h, --help          - prints this help
+
+ Authorization:
+
+  -i, --id            - sends the id string to afserver
+  --pass              - set the password used for client identification
+                        (default: no password)
+  --ignorepkeys       - ignore invalid server's public keys
+
+ Configuration:
+
+  -k, --keyfile       - the name of the file with RSA key (default: client.rsa)
+  -c, --cerfile       - the name of the file with certificate
+                        (default: no certificate used)
+  -f, --cfgfile       - the name of the file with the configuration for the
+                        active forwarder (client)
+  -s, --storefile     - the name of the file with stored public keys
+                        (default: known_hosts)
+  -D, --dateformat    - format of the date printed in logs (see 'man strftime'
+                        for details) (default: %d.%m.%Y %H:%M:%S)
+  -K, --keep-alive N  - send keepalive packets every N seconds
+                        (default: not send keepalive packets)
+
+ Auto-reconnection:
+
+  --ar-start          - enable auto-reconnection when afserver is not
+                        reachable on start (default: disabled)
+  --ar-quit           - enable auto-reconnection after normal afserver quit
+                        (default: disabled)
+  --noar              - disable auto-reconnection after premature afserver
+                        quit (default: enabled)
+  -A, --ar-tries N    - try N times to reconnect (default: unlimited)
+  -T, --ar-delay N    - wait N seconds between reconnect tries (default: 5)
+
+ Modes:
+
+  -u, --udpmode       - udp mode - client will use udp protocol to
+                        communicate with the hostname:portnum
+  -U, --reverseudp    - reverse udp forwarding. Udp packets will be forwarded
+                        from hostname:portnum to the server name:manageport
+  -r, --remoteadmin   - remote administration mode. (using '-p #port' will
+                        force afclient to use port rather than stdin-stdout)
+
+ Logging:
+
+  -o, --log           - log choosen information to file/socket
+  -v, --verbose       - to be verbose - program won't enter the daemon mode
+                        (use several times for greater effect)
+
+ IP family:
+
+  -4, --ipv4          - use ipv4 only
+  -6, --ipv6          - use ipv6 only
+
+ Modules:
+
+  -l, --load          - load a module for user's packets filtering
+  -L, --Load          - load a module for service's packets filtering
+
+ HTTP/HTTPS PROXY:
+
+  -S, --use-https     - use https proxy instead of http proxy
+  -P, --proxyname     - the name of the machine with proxy server
+  -X, --proxyport     - the port used by proxy server (default: 8080)
+  -C, --pa-cred  U:P  - the user (U) and password (P) used in proxy
+                        authorization
+  -B, --pa-t-basic    - the Basic type of proxy authorization (default)
+
+
+================================================================================
+
+========================
+3. REMOTE ADMINISTRATION
+========================
+
+  3.1 Usage
+  ---------
+  
+Afclient can be started in remote administration  mode  by  '-r,  --remoteadmin'
+option. Required option: '-n, --servername NAME'.
+
+After successful authorization stdin/stdout is used to  communicate  with  user.
+All the commands parsing is done by afserver.
+
+  3.2 Commands
+  ------------
+  
+Currently available commands are:
+
+       help
+         display help
+
+       lcmd
+         lists available commands
+
+       info
+         prints info about server
+
+       rshow
+         display realms
+
+       cshow X
+         display clients in X realm
+
+       ushow X
+         display users in X realm
+
+       quit
+         quit connection
+
+       timeout N X
+         set timeout value in X realm
+
+       audit {0|1} X
+         set audit mode in X realm
+
+       dnslookups {0|1} X
+         set dnslookups mode in X realm
+
+       dateformat S
+         set dateformat
+
+       kuser S
+         kick user named S
+
+       kclient N
+         kick client with number N
+
+
+  3.3 States
+  ----------
+  
+    3.3.1 Users
+    -----------
+    
+    Connected users can be in several states:
+    
+       running
+         user is properly connected and can send/receive data
+         
+       opening
+         user is connected to afserver, but afclient hasn't confirmed connection
+         with the destination. There is no traffic allowed in this situation.
+         
+       opening (closed)
+         user was in 'opening' state, but 'kuser' command has been used and it's
+         now queued for closing as soon as afclient will be ready to confirm
+         this
+         
+       stopped
+         user wasn't responsible, so all the packets addressed to it are queued.
+         Afclient is informed to not receive any packets for this user.
+         
+       closing
+         connection with user has been lost. Afclient has to confirm user
+         deletion
+         
+       unknown
+         probably afserver internal state has been corrupted.
+         
+         
+    3.3.2 Clients
+    -------------
+
+    Connected clients can be in several states:
+    
+       running
+         client is properly connected and can serve user's requests
+         
+       ssl handshake
+         connection with client has been initialized and now ssl routines are
+         negotiating all the details needed to establish secure tunnel. This
+         stage with 'authorization' must not exceed the time set by 'timeout'
+         option.
+         
+       authorization
+         ssl tunnel is ready and afclient has to authorize itself to the
+         afserver. This stage with 'ssl handshake' must not exceed the time set
+         by 'timeout' option.
+         
+       unknown
+         probably afserver internal state has been corrupted.
+
+
+  3.4 Relay mode
+  --------------
+
+Afclient with '-p, --portnum PORT' option listens for connection  from  user  at
+NAME:PORT.  NAME is set by '-d, --hostname' option or hostname() function,  when
+the option is missing.
+
+When user quits (close the connection or send 'quit' command),  afclient  exits.
+
+================================================================================
+
+=====================
+4. HTTP PROXY TUNNELS
+=====================
+
+Afclient can communicate with afserver via HTTP proxy.  In  order  to  use  this
+feature, afserver must be started with '-P, --enableproxy' option. Afclient must
+specify the proxy host ('-P, --proxyname' option) and  port  ('-X,  --proxyport'
+option).
+
+Afclient with  HTTP  proxy  mode  enabled  can  still  accept  connections  from
+afclients, which don't use HTTP proxy mode.
+
+================================================================================
+
+==========
+5. LOGGING
+==========
+
+Logging can be enabled by '-o, --log' option. The argument to this option must
+be in the form:
+  target,description,msgdesc
+
+Where
+  target is file or sock
+  description is filename or host,port
+  msgdesc is the subset of:
+    LOG_T_ALL,
+    LOG_T_USER,
+    LOG_T_CLIENT,
+    LOG_T_INIT,
+    LOG_T_MANAGE,
+    LOG_T_MAIN,
+    LOG_I_ALL,
+    LOG_I_CRIT,
+    LOG_I_DEBUG,
+    LOG_I_DDEBUG,
+    LOG_I_INFO,
+    LOG_I_NOTICE,
+    LOG_I_WARNING,
+    LOG_I_ERR
+
+    written without spaces.
+
+
+  Example:
+  
+  file,filename,LOG_T_MANAGE,LOG_I_ALL
+
+================================================================================
+
+==========
+6. MODULES
+==========
+
+Afclient can use external modules for user's packets  filtering  ('-l,  --load')
+and service's packets filtering ('-L, --Load'). Module file has to declare three
+functions:
+
+char* info(void);
+  
+  info() return values:
+  - info about module
+
+  Example:
+
+  char*
+  info(void)
+  {
+    return "Module tester v0.1";
+  }
+
+int allow(char* host, char* port);
+
+  allow() return values:
+  0 - allow to connect
+  !0 - drop the connection
+
+  Example:
+
+  int
+  allow(char* host, char* port)
+  {
+    return 0; /* allow to connect */
+  }
+
+int filter(char* host, unsigned char* message, int* length);
+
+  filter() return values:
+  0 - allow to transfer
+  1 - drop the packet
+  2 - drop the connection
+  3 - release the module
+  4 - drop the packet and release the module
+  5 - drop the connection and release the module
+
+  Example:
+
+  int
+  filter(char* host, unsigned char* message, int* length)
+  {
+    int i;
+    for (i = 1; i < *length; ++i) {
+      if (message[i-1] == 'M') {
+        if (message[i] == '1') {
+          return 1; /* ignored */
+        }
+        if (message[i] == '2') {
+          return 2; /* dropped */
+        }
+        if (message[i] == '3') {
+          return 3; /* release */
+        }
+        if (message[i] == '4') {
+          return 4; /* ignored + release */
+        }
+        if (message[i] == '5') {
+          return 5; /* dropped + release */
+        }
+      }
+    }
+    return 0; /* allow to transfer */
+  }
+
+Modules have to be compiled with '-fPIC -shared' options.
+
+================================================================================
+
+================
+7. MULTI TUNNELS
+================
+
+Since version 0.8  it's  possible  to  transfer  multiple  tunnels  in  the  one
+afclient <-> afserver connection.
+
+On the afserver we have to specify multiple listen ports with  the  same  manage
+port.
+
+When we set several '-p' options on the afclient, the new user connections  will
+be distributed according  to  the  sequence  of  the  options,  i.e.   new  user
+connecting to the second UsrCli pair  (with  the  same  manage  ports)  will  be
+transferred to the destination pointed by the second '-p' option.
+
+================================================================================
+
+===========
+8. EXAMPLES
+===========
+
+  8.1 tcp mode
+  ------------
+
+                    local network   |FireWall|   Internet
+                                        ||
+                                        ||                           User 1
+                                        ||                           /(tcp)
+             AF Client <---Encrypted/Compressed channel---> AF Server
+             /                          ||                    |      \(tcp)
+            /(tcp)                      ||               (tcp)|       User 2
+           /                            ||                     \
+    Http server                         ||                      User 3
+                                        ||
+
+
+The use of it is extremely simple. Let's suppose we want to create a http server
+on our computer and we are behind a masquerade or a firewall:
+
+1) We have to find some machine on the net with  an  external  ip  and  a  shell
+   account.
+   
+2) Use "make" to compile everything on that machine. (you can freely remove the
+   afclient and client.rsa files)
+
+3) You can edit the config file or just type from the console (to use the config
+   type -f <cfgfile>) :
+        $ ./afserver
+   This will work, if you want to use default values:
+   - hostname will be taken from hostname function  (it  would  be  ideally,  if
+     there is appropriate registration in /etc/hosts)
+   - server will be listening for users on port 50127
+   - server will be listening for client on port 50126
+   - server will be for maximum 5 users
+   - server will forward tcp packets
+   - there will be no logging and no verbose messages
+   - there will be no password identification
+   - ip protocol family will be unspecified
+
+4) We use "make" on our machine (we can delete everything apart from afclient
+   and client.rsa)
+
+5) We are typing from the console:
+        $ ./afclient -n <name of the server> -p 80
+   Where <name of the server>  is  a  string  like  :  'bastion.univ.gda.pl'  or
+   '153.19.7.200'
+
+6) We can now enter with a web-browser to: <name of  the  server>:50127  and  we
+   will enter to our computer in the fact.
+
+  8.2 reverse udp mode
+  --------------------
+
+                    local network   |FireWall|   Internet
+                                        ||                     (udp)
+                                        ||              User 1-------AF Client
+                                        ||                           /(tcp)
+             AF Client <---Encrypted/Compressed channel---> AF Server
+             /                          ||                    |      
+            /(udp)                      ||               (tcp)|       
+           /                            ||                   /
+    Game server                         ||               AF Client-------User 2
+                                        ||                         (udp)
+
+
+Let's see how to use af to forward udp packets. Suppose we want to create a game
+server on our computer (udp port 27960 on our machine):
+
+1) - 4)  is  the  same  like  in  example  1.  (but  we  add  option:  -p  udp)
+
+5) We are typing from the console:
+  $ ./afclient -u -n <name of the server> -p 27960
+   Where <name of the server> is a name (or ip) of a host where  our  server  is
+   running.
+
+6) Connecting to our game is more complicated. The user must use afclient to do
+   this.  He has to specify the server he is connecting to and the  port,  which
+   his program will be listening on:
+       $ ./afclient -U -d <hostname> -p <portnum> -n <name of the server>  \
+         -m <server port>
+   Where <hostname> is the name of the user machine (who wants to connect to our
+   game). <portnum> is the port he will be connecting to. <name of the server>
+   is the name of the host where our server is running.  <server  port>  is  the
+   port on which the server is listening for users.  In order to connect to  our
+   game, the user has to connect to <hostname>:<portnum>.
+
+================================================================================
+
+================
+9. BUGS/PROBLEMS
+================
+
+There are no known/open bugs at the moment.
+
+================================================================================
+
+=====
+NOTES
+=====
+
+Active port forwarder is still under development, so please sent  any  comments,
+bugs notices and suggestions about it to <jeremian [at] poczta.fm>
+
+If you have some problems or want to share your opinions with others, feel  free
+to post a message at http://gray-world.net/board/
+
+================================================================================
+
+======
+THANKS
+======
+
+ Big thanks to the GW Team:
+
+ to Alex <alex [at] gray-world.net>
+ and Simon <scastro [at] entreelibre.com> for testing AF and a lot of advices.
+
+ Thanks to Ilia Perevezentsev <iliaper [at] mail.ru> who read and corrected the
+README file.
+
+ Thanks to Marco Solari <marco.solari [at] koinesistemi.it> for a lot of
+requests, suggestions and ideas.
+
+ Thanks to Joshua Judson Rosen <rozzin [at] geekspace.com> for the patch adding
+certificate-based authentication to the APF.
+
+ And thanks for using this software!
+
+LICENSE
+-------
+
+  Active Port Forwarder is distributed  under  the  terms  of  the  GNU  General
+  Public License v2.0  and is copyright (C)  2003-2007  jeremian  <jeremian
+  [at] poczta.fm>. See the file COPYING for details.
+
+  In addition, as a special exception, the copyright holders give permission  to
+  link the code of portions of this  program  with  the  OpenSSL  library  under
+  certain conditions as described in each individual source file, and distribute
+  linked combinations including the two.
diff --git a/doc/fr/fr_README b/doc/fr/fr_README
new file mode 100644
index 0000000..1366291
--- /dev/null
+++ b/doc/fr/fr_README
@@ -0,0 +1,488 @@
+AF - Active Port Forwarder 0.6 - README
+Copyright (C) 2003,2004,2005 jeremian - <jeremian [at] poczta.fm>
+=================================================================
+
+================================================================================
+
+GRAY-WORLD.NET / Active Port Forwarder
+======================================
+
+  Le  programme  Active  Port  Forwarder  est  partie  intйgrante  des   projets
+  Gray-World.net.
+
+  Notre йquipe  prйsente  sur  le  site  http://gray-world.net  les  projets  et
+  publications sur lesquels nous travaillons. Ces projets et  publications  sont
+  relatifs au contournement  des  systиmes  de  contrфle  d'accиs  rйseau  (NACS
+  bypassing) ainsi qu'а la sйcuritй des systиmes et rйseaux.
+
+================================================================================
+
+========
+SOMMAIRE
+========
+
+INTRO
+
+1. INSTALLATION
+  1.1 Instructions
+  1.2 Librairies requises
+  1.3 Plate-formes testйes
+2. USAGE
+  2.1 afserver
+  2.2 afclient
+3. ADMINISTRATION DISTANTE
+4. MODULES
+5. EXEMPLES
+  5.1 tcp mode
+  5.2 reverse udp mode
+6. BUGS/PROBLEMES
+
+NOTES
+
+THANKS
+
+================================================================================
+
+=====
+INTRO
+=====
+
+Active port forwarder est un programme permettant de rйaliser du  forwarding  de
+port sйcurisй. Il utilise le protocole SSL pour augmenter le niveau de  sйcuritй
+des communications entre serveur et  client.  Son  dйveloppement  initial  comme
+outil de communication point а point a йtй influencй de  faзon  а  permettre  le
+contournement de firewalls et les  communications  а  destination  d'йquipements
+localisйs sur le rйseau interne.
+
+Af est destinй aux personnes sans  adresse  IP  publique  externe  qui  dйsirent
+offrir des services accessibles depuis le net.
+
+La librairie Zlib est de plus employйe pour compresser les donnйes transfйrйes.
+
+L'utilisation d'un canal contrфle/donnйes permanent avec une gestion de flux  et
+une mise en cache des paquets fournit de bonnes  performances  et  un  temps  de
+latence raisonnablement court.
+
+L'emploi de clients multiples permet la crйation de schйmas  de  tunneling  plus
+sophistiquйs.
+
+================================================================================
+
+===============
+1. INSTALLATION
+===============
+
+  1.1 Instructions
+  ----------------
+
+1. Tйlйcharger les sources compressйes depuis www.gray-world.net/pr_af.shtml
+2. Dйcompresser avec tar zxvf
+3. Entrer "./configure"
+4. Entrer "make"
+5. Entrer "make install" sous l'identitй root
+6. Si un problиme survient - envoyez un mail а l'auteur ou postez un message
+   sur http://gray-world.net/board/
+
+  1.2 Librairies requises
+  -----------------------
+
+1. openssl   -   http://www.openssl.org/
+2. zlib      -   http://www.gzip.org/zlib/
+
+  1.3 Plate-formes testйes
+  ------------------------
+  
+1. Linux:
+  Gentoo, Slackware, Mandrake - Compilation sans problиme
+2. Windows:
+  win32 - Version cygwin disponible sur la page du projet
+  
+================================================================================
+
+========
+2. USAGE
+========
+
+  2.1 afserver
+  ------------
+
+ Basic options:
+
+  -n, --hostname      - it's used when creating listening sockets
+                        (default: '')
+  -l, --listenport    - listening port number - users connect
+                        to it (default: 50127)
+  -m, --manageport    - manage port number - second part of the active
+                        port forwarder connects to it (default: 50126)
+  -h, --help          - prints this help
+
+ Authorization:
+
+  --pass              - set the password used for client identification
+                        (default: no password)
+
+ Configuration:
+
+  -c, --cerfile       - the name of the file with certificate
+                        (default: cacert.pem)
+  -k, --keyfile       - the name of the file with RSA key (default: server.rsa)
+  -f, --cfgfile       - the name of the file with the configuration for the
+                        active forwarder (server)
+  -D, --dateformat    - format of the date printed in logs (see 'man strftime'
+                        for details) (default: %d.%m.%Y %H:%M:%S)
+
+  -t, --timeout       - the timeout value for the client's connection
+                        (default: 5)
+  -u, --users         - the amount of users allowed to use this server
+                        (default: 5)
+  -C, --clients       - the number of allowed clients to use this server
+                        (default: 1)
+  -r, --realm         - set the realm name (default: none)
+  -R, --raclients     - the number of allowed clients in remote administration
+                        mode to use this server (default: 1)
+  -U, --usrpcli       - the number of allowed users per client (default: $users)
+  -M, --climode       - strategy used for connecting users with clients
+                        (default: 1)
+                      Available strategies:
+                        1. fill first client before go to next
+
+  -p, --proto         - type of server (tcp|udp) - for which protocol it will
+                        be operating (default: tcp)
+  -b, --baseport      - listenports are temporary and differ for each client
+  --nossl             - ssl is not used for transferring data (but it's still
+                        used to establish a connection) (default: ssl is used)
+  --nozlib            - zlib is not used for compressing data (default:
+                        zlib is used)
+  --dnslookups        - try to obtain dns names of the computers rather than
+                        their numeric IP
+
+ Logging:
+
+  -O, --heavylog      - logging everything to a logfile
+  -o, --lightlog      - logging some data to a logfile
+  -S, --heavysocklog  - logging everything to a localport
+  -s, --lightsocklog  - logging some data to a localport
+  -v, --verbose       - to be verbose - program won't enter the daemon mode
+                        (use several times for greater effect)
+
+ IP family:
+
+  -4, --ipv4          - use ipv4 only
+  -6, --ipv6          - use ipv6 only
+
+  2.2 afclient
+  ------------
+
+ Basic options:
+
+  -n, --servername    - where the second part of the active
+                        port forwarder is running (required)
+  -m, --manageport    - manage port number - server must be
+                        listening on it (default: 50126)
+  -d, --hostname      - the name of this host/remote host - the final
+                        destination of the packets (default: the name
+                        returned by hostname function)
+  -p, --portnum       - the port we are forwarding connection to (required)
+  -h, --help          - prints this help
+
+ Authorization:
+
+  -i, --id            - send the id string to afserver
+  --pass              - set the password used for client identification
+                        (default: no password)
+
+ Configuration:
+
+  -k, --keyfile       - the name of the file with RSA key (default: client.rsa)
+  -D, --dateformat    - format of the date printed in logs (see 'man strftime'
+                        for details) (default: %d.%m.%Y %H:%M:%S)
+
+ Modes:
+
+  -u, --udpmode       - udp mode - client will use udp protocol to
+                        communicate with the hostname
+  -U, --reverseudp    - reverse udp forwarding. Udp packets will be forwarded
+                        from hostname:portnum (-p) to the server name:portnum
+                        (-m)
+  -r, --remoteadmin   - remote administration mode. (using '-p #port' will
+                        force afclient to use port rather then stdin-stdout)
+
+ Logging:
+
+  -O, --heavylog      - logging everything to a logfile
+  -o, --lightlog      - logging some data to a logfile
+  -S, --heavysocklog  - logging everything to a localport
+  -s, --lightsocklog  - logging some data to a localport
+  -v, --verbose       - to be verbose - program won't enter the daemon mode
+                        (use several times for greater effect)
+
+ IP family:
+
+  -4, --ipv4          - use ipv4 only
+  -6, --ipv6          - use ipv6 only
+
+ Modules:
+
+  -l, --load          - load a module for user's packets filtering
+  -L, --Load          - load a module for service's packets filtering
+
+================================================================================
+
+==========================
+3. ADMINISTRATION DISTANTE
+==========================
+
+Afclient peut кtre dйmarrй en mode d'administration distante avec l'option  '-r,
+--remoteadmin'. L'option requise est: '-n, --servername NAME'.
+
+Aprиs autorisation, les flux stdin/stdout sont utilisйs  pour  communiquer  avec
+l'utilisateur. La prise en compte des commandes est effectuйe par afserver.
+
+Les commandes disponibles sont:
+
+       help
+         display help
+
+       lcmd
+         lists available commands
+
+       info
+         prints info about server
+
+       rshow
+         display realms
+
+       cshow X
+         display clients in X realm
+
+       ushow X
+         display users in X realm
+
+       quit
+         quit connection
+
+Afclient se positionne en йcoute sur NAME:PORT avec '-p, --portnum  PORT'.  NAME
+est positionnй avec l'option '-d, --hostname' ou par la  fonction hostname()  si
+l'argument n'est pas fourni.
+
+Quand l'utilisateur quitte (termine la connexion ou envoie la commande  'quit'),
+afclient se termine.
+
+================================================================================
+
+==========
+4. MODULES
+==========
+
+Afclient peut utiliser des modules externes pour le filtrage des  paquets  ('-l,
+ --load') utilisateurs et pour le filtrage des paquets service  ('-L,  --Load').
+Le fichier contenant les modules doit dйclarer trois fonctions :
+
+char* info(void);
+  
+  info() return values:
+  - info about module
+
+  Example:
+
+  char*
+  info(void)
+  {
+    return "Module tester v0.1";
+  }
+
+int allow(char* host, char* port);
+
+  allow() return values:
+  0 - allow to connect
+  !0 - drop the connection
+
+  Example:
+
+  int
+  allow(char* host, char* port)
+  {
+    return 0; /* allow to connect */
+  }
+
+int filter(char* host, unsigned char* message, int* length);
+
+  filter() return values:
+  0 - allow to transfer
+  1 - drop the packet
+  2 - drop the connection
+  3 - release the module
+  4 - drop the packet and release the module
+  5 - drop the connection and release the module
+
+  Example:
+
+  int
+  filter(char* host, unsigned char* message, int* length)
+  {
+    int i;
+    for (i = 1; i < *length; ++i) {
+      if (message[i-1] == 'M') {
+        if (message[i] == '1') {
+          return 1; /* ignored */
+        }
+        if (message[i] == '2') {
+          return 2; /* dropped */
+        }
+        if (message[i] == '3') {
+          return 3; /* release */
+        }
+        if (message[i] == '4') {
+          return 4; /* ignored + release */
+        }
+        if (message[i] == '5') {
+          return 5; /* dropped + release */
+        }
+      }
+    }
+    return 0; /* allow to transfer */
+  }
+
+Les modules doivent кtre compilйs avec les options '-fPIC -shared'.
+
+================================================================================
+
+===========
+5. EXEMPLES
+===========
+
+  5.1 tcp mode
+  ------------
+
+                    local network   |FireWall|   Internet
+                                        ||
+                                        ||                           User 1
+                                        ||                           /(tcp)
+             AF Client <---Encrypted/Compressed channel---> AF Server
+             /                          ||                    |      \(tcp)
+            /(tcp)                      ||               (tcp)|       User 2
+           /                            ||                     \
+    Http server                         ||                      User 3
+                                        ||
+
+
+L'utilisation de Af est extrиmement simple. Supposons que nous voulons mettre en
+place un serveur http sur notre station et que nous sommes masqueradйs ou  placй
+derriиre un firewall:
+
+1) Nous devons tout d'abord  trouver  une  station  sur  internet  avec  une  IP
+publique et un shell.
+
+2) Utilisez ensuite make pour compiler Af sur cette machine. (Vous pouvez par la
+suite supprimer les fichiers afclient et client.rsa)
+
+3) Editez le fichier de configuration ou entrez sur la  console: (pour  utiliser
+la configuration, entrez type -f <cfgfile>)
+	$ ./afserver
+   Si vous voulez utiliser les valeurs par dйfaut:
+   - Le nom d'hфte sera pris en compte par la fonction hostname (Il serait idйal
+     qu'il soit rйfйrencй dans le fichier /etc/hosts)
+   - Le serveur sera en йcoute pour les utilisateurs sur le port 50127
+   - Le serveur sera en йcoute pour le client sur le port 50126
+   - Le serveur sera limitй а 5 utilisateurs
+   - Le serveur retransmettra les paquets tcp
+   - Aucun log ou message verbeux ne sera activй
+
+4) Nous utilisons make sur notre propre station (Nous pouvons ensuite  supprimer
+tous les fichiers sauf afclient et client.rsa)
+
+5) Nous entrons sur la console:
+	$ ./afclient -n <name of the server> -p 80
+   Oщ <name of the server> est une chaоne du  type  :  'bastion.univ.gda.pl'  ou
+   '153.19.7.200'
+
+6) Nous pouvons ensuite utiliser notre navigateur web avec : 
+   <name of the server>:50127 et nous atteindrons notre propre station.
+
+  5.2 reverse udp mode
+  --------------------
+
+                    local network   |FireWall|   Internet
+                                        ||                     (udp)
+                                        ||              User 1-------AF Client
+                                        ||                           /(tcp)
+             AF Client <---Encrypted/Compressed channel---> AF Server
+             /                          ||                    |      
+            /(udp)                      ||               (tcp)|       
+           /                            ||                   /
+    Game server                         ||               AF Client-------User 2
+                                        ||                         (udp)
+
+
+Regardons comment nous pouvons utiliser  af  pour  forwarder  des  paquets  udp.
+Supposez que nous voulons mettre en place un serveur de jeu  sur  notre  station
+(port udp 27960 sur notre station):
+
+1) - 4) sont les mкmes que pour  l'exemple  1.
+
+5) Nous entrons sur la console:
+	$ ./afclient -u -n <name of the server> -p 27960
+   Oщ <name of the server> est un nom (ou une ip) d'un  hфte  sur  lequel  notre
+   serveur tourne.
+
+6) Nous connecter а notre jeu est un peu plus compliquй. L'utilisateur  doit  se
+   servir de afclient pour cela.
+   Il doit spйcifier le serveur auquel il veut  se  connecter  et  le  port  sur
+   lequel son programme sera en йcoute:
+        $ ./afclient -U -d <hostname> -p <portnum> -n <name of the server> -m\
+          <server port>
+   Oщ <hostname> est le nom de la station utilisateur (qui veut se  connecter  а
+   notre jeu). <portnum> est le port auquel  il  se  connectera.  <name  of  the
+   server> est le nom de l'hфte sur lequel notre serveur tourne.  <server  port>
+   est le port sur lequel notre serveur est en йcoute pour les utilisateurs.
+   Pour se connecter а notre jeu, l'utilisateur doit se connecter а  <hostname>:
+   <portnum>.
+
+================================================================================
+
+================
+6. BUGS/PROBLEMS
+================
+
+Aucun bug n'est connu ou en cours de rйsolution а ce moment.
+
+================================================================================
+
+=====
+NOTES
+=====
+
+Active port forwarder est toujours en phase en dйveloppement, alors envoyez  moi
+vos commentaires, les bugs que vous rencontrez et vos suggestions а
+<jeremian [at] poczta.fm>
+
+Si vous rencontrez des problиmes ou voulez partager vos opinions ,  vous  pouvez
+poster un message sur le forum http://gray-world.net/board/.
+
+================================================================================
+
+======
+THANKS
+======
+
+ Remerciements а l'йquipe GW:
+
+ а Alex <alex [at] gray-world.net>
+ et Simon <scastro [at] entreelibre.com> pour les tests de  AF  et  de  nombreux
+conseils.
+
+ Merci а Ilia  Perevezentsev <iliaper [at] mail.ru>  qui  a  lu  et  corrigй  le
+fichier README.
+
+ Merci а Marco  Solari <marco.solari [at] koinesistemi.it>  pour  de  nombreuses
+requкtes, suggestions et idйes.
+
+ Et merci а vous pour l'utilisation de cet outil.
+
+LICENCE
+-------
+
+  Active Port Forwarder est distribuй sous  les  termes  de  la  licence  GNU  -
+  General Public Licence version 2.0 et est copyright (c)2003,2004,2005 jeremian
+  <jeremian [at] poczta.fm>.
+  Consultez le fichier COPYING pour plus de details.
diff --git a/doc/ru/ru_README b/doc/ru/ru_README
new file mode 100644
index 0000000..4e825f7
--- /dev/null
+++ b/doc/ru/ru_README
@@ -0,0 +1,294 @@
+AF - Active Port Forwarder v0.5.4 - README
+Copyright (C) 2003,2004 jeremian - &lt;jeremian [at] poczta.fm&gt;
+===================
+
+================================================================================
+
+GRAY-WORLD.NET / Active Port Forwarder
+==========================
+
+  Программа Active Port Forwarder является частью проекта Gray-World.net.
+
+  Наша команда  Gray-World представляет на сайте http://gray-world.net проекты и
+  публикации,  над  которыми  мы работаем,  относящиеся  к  области исследования
+  NACS  (Систем  Контроля  Сетевого Доступа),  а также  к  теме  компьютерной  и
+  сетевой безопасности.
+
+================================================================================
+
+==========
+СОДЕРЖАНИЕ
+==========
+
+ОПИСАНИЕ
+
+1. УСТАНОВКА
+  1.1 Инструкции
+  1.2 Необходимые библиотеки
+  1.3 Тестовые платформы
+2. ИСПОЛЬЗОВАНИЕ
+  2.1 afserver
+  2.2 afclient
+3. ПРИМЕРЫ
+  3.1 tcp-режим
+  3.2 обратный udp-режим
+4. ИЗВЕСТНЫЕ ОШИБКИ/ПРОБЛЕМЫ
+
+ЗАМЕЧАНИЯ
+
+БЛАГОДАРНОСТИ
+
+================================================================================
+
+========
+ОПИСАНИЕ
+========
+
+Active port forwarder  это программный инструмент  для безопасного тунелирования
+данных.  Он использует  SSL для  защиты  соединения  между  клиентом и сервером.
+Изначально, программа была разработана  для простой  пересылки данных от точки к
+точке.  Однако  необходимость  обхода  брандмауэра  с  целью сделать  компьютеры
+локальной сети доступными извне, повлияла на дальнейшее развитие проекта.
+
+AF предназначен для людей, не имеющих внешнего IP адреса и которые хотят сделать
+некоторые локальные сервисы доступными в сети.
+
+В программе использована библиотека zlib для сжатия передаваемых данных.
+
+Использование единого канала для передачи данных и команд управления в сочетании
+с буферизацией  пересылаемых пакетов  обеспечивает хорошую  производительность и
+малое время отклика системы.
+
+Для  запуска  afserver  не  требуется  привилегий  root,  также он не использует
+thread-ы или другие процессы. 
+
+================================================================================
+
+============
+1. УСТАНОВКА
+============
+
+  1.1 Инструкции
+  --------------
+
+1. Загрузите упакованный исходный код с http://www.gray-world.net/pr_af.shtml
+2. Распакуйте - tar zxvf
+3. Выполните команду "make".
+4. Если что-то пошло не так - напишите письмо автору или оставьте сообщение на
+   http://gray-world.net/board/
+
+  1.2 Необходимые библиотеки
+  --------------------------
+
+1. openssl   -   http://www.openssl.org/
+2. zlib      -   http://www.gzip.org/zlib/
+
+  1.3 Тестовые платформы
+  ----------------------
+  
+1. Linux:
+  Gentoo, Slackware, Mandrake - было собрано без каких-либо проблем
+2. Freebsd:
+  4.4, 4.9 - Необходим patch с домашней страницы проекта
+3. Windows:
+  win32 - Версия с cygwin доступна на домашней странице проекта
+  
+================================================================================
+
+================
+2. ИСПОЛЬЗОВАНИЕ
+================
+
+  2.1 afserver
+  ------------
+
+  Параметры:
+  -h, --help          - печатает эту справку
+  -n, --hostname      - используется при создании "слушающих" сокетов
+                        (по умолчанию: имя возвращаемое функцией hostname)
+  -l, --listenport    - порт сервера - пользователи соединяются
+                        с ним (по умолчанию: 50127)
+  -m, --manageport    - порт для управления - другая часть active
+                        port forwarder соединяется с ним (по умолчанию: 50126)
+  -u, --users         - количество пользователей, использующих сервер
+                        (по умолчанию: 5)
+  -c, --cerfile       - имя файла с сертификатом
+                        (по умолчанию: cacert.pem)
+  -k, --keyfile       - имя файла с ключом RSA (по умолчанию: server.rsa)
+  -f, --cfgfile       - имя файла с конфигурацией для active forwarder (сервер)
+  -p, --proto         - тип сервера (tcp|udp) - с каким протоколом он будет
+                        работать (по умолчанию: tcp)
+  -O, --heavylog      - писать все сообщения в logfile
+  -o, --lightlog      - писать некоторые сообщения в logfile
+  -v, --verbose       - вывод сообщений в консоль - програма не будет работать
+                        как daemon.
+  --nossl             - протокол ssl не будет использован для передачи данных (но
+                        будет использован для установки соединений) (по умолчанию:
+                        ssl используется всегда)
+  --nozlib            - zlib не будет использоваться для сжатия данных
+                        (по умолчанию: zlib используется)
+  --pass              - задать пароль для идентификации клиента
+                        (по умолчанию: нет пароля)
+  -4, --ipv4          - использовать только ipv4
+  -6, --ipv6          - использовать только ipv6
+
+  2.2 afclient
+  ------------
+
+  Options:
+  -h, --help          - печатает эту справку
+  -n, --servername    - где работает вторая часть active port
+                        forwarder (необходимо)
+  -m, --manageport    - порт для управления - сервер соединяется с ним
+                        (по умолчанию: 50126)
+  -d, --hostname      - имя локального/удаленного сервера - данные будут тунелированы
+                        на него (по умолчанию: имя возвращаемое фунцией hostname)
+  -p, --portnum       - порт на который будут тунелированы данные (необходимо)
+  -k, --keyfile       - имя файла с ключом RSA (по умолчанию: client.rsa)
+  -u, --udpmode       - udp-режим - клиент будет использовать udp протокол для
+                        коммуникации с hostname
+  -U, --reverseudp    - обратный udp-режим. Udp пакеты будут перенаправляться
+                        с hostname:portnum (-p) на сервер name:portnum (-m)
+  -O, --heavylog      - писать все сообщения в logfile
+  -o, --lightlog      - писать некоторые сообщения в logfile
+  -v, --verbose       - вывод сообщений в консоль - програма не будет работать
+                        как daemon.
+  --pass              - задать пароль для идентификации клиента
+                        (по умолчанию: нет пароля)
+  -4, --ipv4          - использовать только ipv4
+  -6, --ipv6          - использовать только ipv6
+  -l, --load          - загрузить модуль для фильтрации пакетов
+
+================================================================================
+
+==========
+3. ПРИМЕРЫ
+==========
+
+  3.1 tcp-режим
+  -------------
+
+                    local network   |FireWall|   Internet
+                                        ||
+                                        ||                           User 1
+                                        ||                           /(tcp)
+             AF Client &lt;---Encrypted/Compressed channel---&gt; AF Server
+             /                          ||                    |      \(tcp)
+            /(tcp)                      ||               (tcp)|       User 2
+           /                            ||                     \
+    Http server                         ||                      User 3
+                                        ||
+
+
+Использование  этого  режима  черезвычано  простое.  Давайте предположим, что мы
+хотим создат  http сервер  на нашем компьютере,  находящемся в локальной сети за
+брандмауэром:
+
+1) Мы должны найти машину с внешним IP адресом и доступом к shell.
+   
+2) Использовать  "make"  чтобы  скомпилировать AF  на  ней.  (вы можете спокойно
+   удалять файлы afclient и client.rsa)
+
+3) Вы можете  отредактировать  конфигурационный файл  или передать программе все
+   параметры из консоли (для использования файла наберите -f <cfgfile>) :
+        $ ./afserver
+   Это будет работать, если вы хотите использовать настройки по умолчанию:
+   - hostname будет  взят из  функции hostname  (это работает замечательно, если
+     есть соответствующая запись в /etc/hosts)
+   - сервер будет ждать пользователей на порту 50127
+   - сервер будет ждать клиента на порту 50126
+   - сервер будет обслуживать макимум 5 пользователей
+   - сервер будет перенаправлять tcp соединения
+   - отладочных сообщений не будет
+   - идентификаций по паролю не будет
+   - версия протокола ip не будет задана
+
+4) Мы используем  "make"  на нашей  машине  (можно удалить  все кроме afclient и
+   client.rsa)
+
+5) Набираем в консоли:
+        $ ./afclient -n <имя сервера> -p 80
+   Где <имя сервера>  строка типа: 'bastion.univ.gda.pl' или '153.19.7.200'
+
+6) Теперь  в  браузере  мы  можем  набрать: <имя сервера>:50127 и попадем на наш
+   компьютер.
+
+  3.2 обратный udp-режим
+  ----------------------
+
+                    local network   |FireWall|   Internet
+                                        ||                     (udp)
+                                        ||              User 1-------AF Client
+                                        ||                           /(tcp)
+             AF Client &lt;---Encrypted/Compressed channel---&gt; AF Server
+             /                          ||                    |      
+            /(udp)                      ||               (tcp)|       
+           /                            ||                   /
+    Game server                         ||               AF Client-------User 2
+                                        ||                         (udp)
+
+
+Давайте  теперь посмотрим  как мы можем использовать  af для перенаправления udp
+пакетов. Предположим,  что мы хотим создать  игровой сервер  на нашем компьютере
+(udp порт 27960):
+
+1) - 4)  тоже самое, что и в первом примере. (но добавляем параметр: -p udp)
+
+5) Набираем в консоли:
+	$ ./afclient -u -n <имя сервера> -p 27960
+   Где <имя сервера> это имя (или ip) компютера где работает наш сервер.
+
+6) Процесс соединения  с игровым  сервером  более сложный.  Пользователь  должен
+   запустить fclient  чтобы  сделать это.  Он должен указать сервер с которым он
+   будет соединяться и порт, на котором его программа будет слушать:
+       $ ./afclient -U -d <hostname> -p <порт> -n <имя сервера>  \
+         -m <порт сервера>
+
+   Где  <hostname>  имя  машины  пользователя  (который  соединяется  с  игровым
+   сервером),  <порт> -  локальный  порт,  <имя  сервера> -  имя сервера,  <порт
+   сервера> - порт на котором сервер ждет пользователей.Теперь, чтобы попасть на
+   игровой сервер, пользователь должен соединятся с <hostname>:<порт>.
+
+================================================================================
+
+============================
+4. ИЗВЕСТНЫЕ ОШИБКИ/ПРОБЛЕМЫ
+============================
+
+На данный момент, нет никаких известных проблем.
+
+================================================================================
+
+=========
+ЗАМЕЧАНИЯ
+=========
+
+Active port  forwarder  находится в разработке,  так что пожалуйста, присылайте
+свои комментарии, замечания об ошибках и предложения на jeremian [at] poczta.fm
+
+Если у вас  есть какие-либо проблемы  с использованием  программы или вы хотите
+поделиться своим мнением о ней, пожалйста оставляйте свои сообщения на:
+http://gray-world.net/board/
+
+================================================================================
+
+=============
+БЛАГОДАРНОСТИ
+=============
+
+ Большое спасибо команде GW:
+
+ Alex <alex [at] gray-world.net>
+ и Simon <scastro [at] entreelibre.com> за тестирование AF и множество советов.
+
+ Спасибо Ilia Perevezentsev <iliaper [at] mail.ru>  за корректировку английской
+ версии этого файла.
+
+ И спасибо за использование AF!
+
+ЛИЦЕНЗИЯ
+--------
+
+  Active Port Forwarder is distributed	under  the  terms  of  the  GNU  General
+  Public License v2.0 and is copyright (c)  2003,2004  jeremian  <jeremian  [at]
+  poczta.fm>. See the file COPYING for details.