summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Changelog4
-rw-r--r--activefor.h2
-rw-r--r--afclient.c6
-rw-r--r--afserver.c25
-rw-r--r--docs/en/README47
-rw-r--r--file.h62
6 files changed, 71 insertions, 75 deletions
diff --git a/Changelog b/Changelog
index af4e6af..d6c8e6b 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,7 @@
+19.11.2004 (udp_patch):
+ - Lightly Modified: verbose in client's udp reverse mode
+ - Fixed: major bug in udp protocol forwarding
+
11.10.2004 (v0.5.5):
- Added: rsa key generation by afclient
- Modified: afclient is now generating keys by default
diff --git a/activefor.h b/activefor.h
index 18211e1..29244c7 100644
--- a/activefor.h
+++ b/activefor.h
@@ -39,7 +39,7 @@
#define S_STATE_OPEN 7
#define S_STATE_STOPPED 11
-#define AF_VER(info) info" v0.5.5"
+#define AF_VER(info) info" v0.5.5 (+udp_patch)"
#define TYPE_TCP 1
#define TYPE_UDP 3
diff --git a/afclient.c b/afclient.c
index 61ab6b8..710cd8f 100644
--- a/afclient.c
+++ b/afclient.c
@@ -404,13 +404,13 @@ main(int argc, char **argv)
}
else {
if (n > 0) {
- aflog(2, "Sending %d bytes to service (w:%d/%d)", n,
+ aflog(2, "Sending %d bytes to service (w:%d/%d) (FROM:%s)", n,
#ifdef SIOCOUTQ
notsent
#else
buflength - notsent
#endif
- , buflength);
+ , buflength, sock_ntop(cliaddr, len, NULL, NULL));
buff[0] = AF_S_MESSAGE;
buff[1] = AF_S_LOGIN;
buff[2] = AF_S_MESSAGE;
@@ -439,7 +439,7 @@ main(int argc, char **argv)
aflog(0, "premature quit of the server -> exiting...");
exit(1);
}
- aflog(2, "Sending %d bytes to user", n);
+ aflog(2, "Sending %d bytes to user (TO:%s)", n, sock_ntop(cliaddr, addrlen, NULL, NULL));
sendto(contable[0].connfd, buff, n, 0, cliaddr, addrlen);
} /* - FD_ISSET MASTER.COMMFD RSET */
}
diff --git a/afserver.c b/afserver.c
index 369ef69..a8ca773 100644
--- a/afserver.c
+++ b/afserver.c
@@ -28,7 +28,6 @@
#include <fcntl.h>
#include <signal.h>
#include <string.h>
-#include <sys/time.h>
#include <getopt.h>
static void usage(char* info);
@@ -840,29 +839,7 @@ main(int argc, char **argv)
buff[3] = n >> 8; /* high bits of message length */
buff[4] = n; /* low bits of message length */
sent = write(pointer->contable[numofcon].connfd, buff, n+5);
- if ((sent > 0) && (sent != n)) {
- insertblnode(&(pointer->contable[numofcon].head), sent, n, buff);
- pointer->contable[numofcon].state = S_STATE_STOPPED;
- FD_SET(pointer->contable[numofcon].connfd, &wset);
- buff[0] = AF_S_DONT_SEND; /* stopping transfer */
- buff[1] = numofcon >> 8; /* high bits of user number */
- buff[2] = numofcon; /* low bits of user number */
- aflog(3, " realm[%d]: TO user[%d]: BUFFERING MESSAGE STARTED (%d/%d)", j, numofcon,
- sent, n);
- send_message(pointer->type, pointer->clitable[k].cliconn, buff, 5);
- }
- else if ((sent == -1) && (errno == EAGAIN)) {
- insertblnode(&(pointer->contable[numofcon].head), 0, n, buff);
- pointer->contable[numofcon].state = S_STATE_STOPPED;
- FD_SET(pointer->contable[numofcon].connfd, &wset);
- buff[0] = AF_S_DONT_SEND; /* stopping transfer */
- buff[1] = numofcon >> 8; /* high bits of user number */
- buff[2] = numofcon; /* low bits of user number */
- aflog(3, " realm[%d]: TO user[%d]: BUFFERING MESSAGE STARTED (%d/%d)", j, numofcon,
- sent, n);
- send_message(pointer->type, pointer->clitable[k].cliconn, buff, 5);
- }
- else if (sent == -1) {
+ if (sent == -1) {
aflog(1, " realm[%d]: user[%d]: CLOSED (write-udp)", j, numofcon);
aflog(2, " IP:%s PORT:%s", pointer->contable[numofcon].namebuf,
pointer->contable[numofcon].portbuf);
diff --git a/docs/en/README b/docs/en/README
index e9ded51..8901699 100644
--- a/docs/en/README
+++ b/docs/en/README
@@ -1,4 +1,4 @@
-AF - Active Port Forwarder v0.5.4 - README
+AF - Active Port Forwarder v0.5.5 - README
Copyright (C) 2003,2004 jeremian - <jeremian [at] poczta.fm>
===================
@@ -7,10 +7,10 @@ Copyright (C) 2003,2004 jeremian - <jeremian [at] poczta.fm>
GRAY-WORLD.NET / Active Port Forwarder
==========================
- The Active Port Forwarder program is part of the Gray-World.net projects.
+ The Active Port Forwarder program is part of the Gray-World.net projects.
Our Gray-World Team presents on the http://gray-world.net website the projects
- and publications we are working on which are related to the NACS (Network
+ and publications we are working on which are related to the NACS (Network
Access Control System) bypassing research field and to the computer and
network security topics.
@@ -44,13 +44,13 @@ THANKS
INTRO
=====
-Active port forwarder is a software tool for secure port forwarding.
+Active port forwarder is a software tool for secure port forwarding.
It uses ssl to increase security of communication between a server and a client.
Originally, it was developed to forward data point to point. However, the need
for bypassing firewalls in order to connect to internally located computers
influenced the further development of the project.
-AF is dedicated for people, who don't have an external ip number and want to
+AF is dedicated for people, who don't have an external ip number and want to
make some services available across the net.
Moreover, zlib is used to compress the transferred data.
@@ -58,6 +58,8 @@ Moreover, zlib is used to compress the transferred data.
Using one, permanent data/control channel with flow control / packet buffering
provides good performance and reasonably small latency.
+Multiple clients allow to create more sophisticated tunneling scheme.
+
================================================================================
===============
@@ -99,15 +101,23 @@ provides good performance and reasonably small latency.
------------
Options:
- -h, --help - prints this help
-n, --hostname - it's used when creating listening sockets
(default: name returned by hostname function)
-l, --listenport - listening port number - users connect
to it (default: 50127)
-m, --manageport - manage port number - second part of the active
port forwarder connects to it (default: 50126)
+ -t, --timeout - the timeout value for the client's connection
+ (default: 5)
-u, --users - the amount of users allowed to use this server
(default: 5)
+ -C, --clients - the number of allowed clients to use this server
+ (default: 1)
+ -U, --usrpcli - the number of allowed users per client (default: $users)
+ -M, --climode - strategy used for connecting users with clients (default: 1)
+ Available strategies:
+ 1. fill first client before go to next
+
-c, --cerfile - the name of the file with certificate
(default: cacert.pem)
-k, --keyfile - the name of the file with RSA key (default: server.rsa)
@@ -119,15 +129,19 @@ provides good performance and reasonably small latency.
-o, --lightlog - logging some data to a logfile
-v, --verbose - to be verbose - program won't enter the daemon mode
(use several times for greater effect)
- --nossl - ssl is not used for transferring data (but it's still
+
+ --nossl - ssl is not used for transfering data (but it's still
used to establish a connection) (default: ssl is used)
--nozlib - zlib is not used for compressing data (default:
zlib is used)
--pass - set the password used for client identification
(default: no password)
+
-4, --ipv4 - use ipv4 only
-6, --ipv6 - use ipv6 only
+ -h, --help - prints this help
+
2.2 afclient
------------
@@ -140,13 +154,13 @@ provides good performance and reasonably small latency.
-d, --hostname - the name of this host/remote host - the final
destination of the packets (default: the name
returned by hostname function)
- -p, --portnum - the port we are forwarding the connection to (required)
- -k, --keyfile - the name of the file with RSA key (default: client.rsa)
+ -p, --portnum - the port we are forwarding connection to (required)
+ -k, --keyfile - the name of the file with RSA key (default: (none))
-u, --udpmode - udp mode - client will use udp protocol to
communicate with the hostname
-U, --reverseudp - reverse udp forwarding. Udp packets will be forwarded
from hostname:portnum (-p) to the server name:portnum
- (-m)
+ (-m)
-O, --heavylog - logging everything to a logfile
-o, --lightlog - logging some data to a logfile
-v, --verbose - to be verbose - program won't enter the daemon mode
@@ -155,7 +169,8 @@ provides good performance and reasonably small latency.
(default: no password)
-4, --ipv4 - use ipv4 only
-6, --ipv6 - use ipv6 only
- -l, --load - load a module for packets filtering
+ -l, --load - load a module for user's packets filtering
+ -L, --Load - load a module for service's packets filtering
================================================================================
@@ -181,7 +196,7 @@ provides good performance and reasonably small latency.
The use of it is extremely simple. Let's suppose we want to create a http server
on our computer and we are behind a masquerade or a firewall:
-1) We have to find some machine on the net with an external ip and a shell
+1) We have to find some machine on the net with an external ip and a shell
account.
2) Use "make" to compile everything on that machine. (you can freely remove the
@@ -191,7 +206,7 @@ on our computer and we are behind a masquerade or a firewall:
type -f <cfgfile>) :
$ ./afserver
This will work, if you want to use default values:
- - hostname will be taken from hostname function (it would be ideally, if
+ - hostname will be taken from hostname function (it would be ideally, if
there is appropriate registration in /etc/hosts)
- server will be listening for users on port 50127
- server will be listening for client on port 50126
@@ -230,10 +245,10 @@ on our computer and we are behind a masquerade or a firewall:
Let's see how to use af to forward udp packets. Suppose we want to create a game
server on our computer (udp port 27960 on our machine):
-1) - 4) is the same like in example 1. (but we add option: -p udp)
+1) - 4) is the same like in example 1. (but we add option: -p udp)
5) We are typing from the console:
- $ ./afclient -u -n <name of the server> -p 27960
+ $ ./afclient -u -n <name of the server> -p 27960
Where <name of the server> is a name (or ip) of a host where our server is
running.
@@ -287,7 +302,7 @@ README file.
LICENSE
-------
- Active Port Forwarder is distributed under the terms of the GNU General
+ Active Port Forwarder is distributed under the terms of the GNU General
Public License v2.0 and is copyright (c) 2003,2004 jeremian <jeremian [at]
poczta.fm>. See the file COPYING for details.
diff --git a/file.h b/file.h
index 9132caa..56f06e3 100644
--- a/file.h
+++ b/file.h
@@ -25,45 +25,45 @@
#ifndef _JS_FILE_H
#define _JS_FILE_H
-#define F_UNKNOWN 1
-#define F_IGNORE 2
-#define F_ROPTION 3
-#define F_RVALUE 4
-#define F_MIDDLE 5
+#define F_UNKNOWN 1
+#define F_IGNORE 2
+#define F_ROPTION 3
+#define F_RVALUE 4
+#define F_MIDDLE 5
typedef struct {
- char* hostname;
- char* lisportnum;
- char* manportnum;
- char* users;
- char* clients;
- char* usrpcli;
- char* clim;
- char* timeout;
- unsigned char pass[4];
- int usercon;
- int usernum;
+ char* hostname;
+ char* lisportnum;
+ char* manportnum;
+ char* users;
+ char* clients;
+ char* usrpcli;
+ char* clim;
+ char* timeout;
+ unsigned char pass[4];
+ int usercon;
+ int usernum;
int clicon;
int clinum;
int upcnum;
- int tmout;
- int listenfd;
- int managefd;
- int climode;
- char type;
- socklen_t addrlen;
- struct sockaddr* cliaddr;
- ConnectclientT* clitable;
- ConnectuserT* contable;
+ int tmout;
+ int listenfd;
+ int managefd;
+ int climode;
+ char type;
+ socklen_t addrlen;
+ struct sockaddr* cliaddr;
+ ConnectuserT* contable;
+ ConnectclientT* clitable;
} RealmT;
typedef struct {
- char* certif;
- char* keys;
- char* logfnam;
- char logging;
- int size;
- RealmT* realmtable;
+ char* certif;
+ char* keys;
+ char* logfnam;
+ char logging;
+ int size;
+ RealmT* realmtable;
} ConfigurationT;
ConfigurationT parsefile(char*, int*); /* parse the cfg file */