summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/afclient.181
-rw-r--r--doc/afserver.185
-rw-r--r--doc/afserver.conf.525
-rw-r--r--doc/afserver_example.conf12
-rw-r--r--doc/en/README143
5 files changed, 270 insertions, 76 deletions
diff --git a/doc/afclient.1 b/doc/afclient.1
index 5cdd770..7fd5a1c 100644
--- a/doc/afclient.1
+++ b/doc/afclient.1
@@ -1,4 +1,4 @@
-.TH afclient 1 "apf 0.6" Jeremian
+.TH afclient 1 "apf 0.7" Jeremian
.SH NAME
afclient \- active port forwarder client
.SH SYNOPSIS
@@ -41,6 +41,9 @@ is running (required)
.B -p, --portnum PORT
the port we are forwarding connection to (required)
+.B -V, --version
+ display version number
+
.B -h, --help
prints help screen
@@ -60,6 +63,15 @@ is running (required)
.B -D, --dateformat FORMAT
format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S)
+.B -K, --keep-alive N
+ send keepalive packets every N seconds (default: not send keepalive packets)
+
+.B -A, --ar-tries N
+ try N times to reconnect to afserver after its premature quit (default: unlimited)
+
+.B -T, --ar-delay N
+ wait N seconds between reconnect tries (default: 5)
+
.I Modes
.B -u, --udpmode
@@ -69,21 +81,12 @@ is running (required)
reverse udp forwarding. Udp packets will be forwarded from hostname:portnum (-p) to the server name:portnum (-m)
.B -r, --remoteadmin
- remote administration mode. (using '-p PORT' will force afclient to use port rather then stdin-stdout)
+ remote administration mode. (using '-p PORT' will force afclient to use port rather than stdin-stdout)
.I Logging
-.B -O, --heavylog
- logging everything to a logfile
-
-.B -o, --lightlog
- logging some data to a logfile
-
-.B -S, --heavysocklog
- logging everything to a localport
-
-.B -s, --lightsocklog
- logging some data to a localport
+.B -o, --log LOGCMD
+ log choosen information to file/socket
.B -v, --verbose
to be verbose - program won't enter the daemon mode (use several times for greater effect)
@@ -104,6 +107,14 @@ is running (required)
.B -L, --Load
load a module for service's packets filtering
+.I HTTP PROXY
+
+.B -P, --proxyname
+ the name of the machine with proxy server
+
+.B -X, --proxyport
+ the port used by proxy server (default: 8080)
+
.SH "REMOTE ADMINISTRATION"
Remote administration mode is enabled by
@@ -141,6 +152,50 @@ command),
.B afclient
exits.
+.SH "LOGCMD FORMAT"
+
+.B LOGCMD
+has the following synopsis:
+.B target,description,msgdesc
+
+Where
+.B target
+is
+.B file
+or
+.B sock
+
+.B description
+is
+.B filename
+or
+.B host,port
+
+and
+.B msgdesc
+is the subset of:
+
+.B LOG_T_ALL,
+.B LOG_T_USER,
+.B LOG_T_CLIENT,
+.B LOG_T_INIT,
+.B LOG_T_MANAGE,
+.B LOG_T_MAIN,
+.B LOG_I_ALL,
+.B LOG_I_CRIT,
+.B LOG_I_DEBUG,
+.B LOG_I_DDEBUG,
+.B LOG_I_INFO,
+.B LOG_I_NOTICE,
+.B LOG_I_WARNING,
+.B LOG_I_ERR
+
+written without spaces.
+
+ Example:
+
+ file,logfile,LOG_T_USER,LOG_T_CLIENT,LOG_I_INFO,LOG_I_NOTICE
+
.SH MODULES
.B Afclient
diff --git a/doc/afserver.1 b/doc/afserver.1
index 0a39c2c..cf17b49 100644
--- a/doc/afserver.1
+++ b/doc/afserver.1
@@ -1,4 +1,4 @@
-.TH afserver 1 "apf 0.6" Jeremian
+.TH afserver 1 "apf 0.7" Jeremian
.SH NAME
afserver \- active port forwarder server
.SH SYNOPSIS
@@ -89,6 +89,9 @@ connects to it (default: 50126)
.B -b, --baseport
listenports are temporary and differ for each client
+.B -a, --audit
+ additional information about connections are logged
+
.B --nossl
ssl is not used to transfer data (but it's still used to establish a connection) (default: ssl is used)
@@ -100,17 +103,8 @@ connects to it (default: 50126)
.I Logging
-.B -O, --heavylog
- logging everything to a logfile
-
-.B -o, --lightlog
- logging some data to a logfile
-
-.B -S, --heavysocklog
- logging everything to a localport
-
-.B -s, --lightsocklog
- logging some data to a localport
+.B -o, --log LOGCMD
+ log choosen information to file/socket
.B -v, --verbose
to be verbose - program won't enter the daemon mode (use several times for greater effect)
@@ -123,6 +117,11 @@ connects to it (default: 50126)
.B -6, --ipv6
use ipv6 only
+.I HTTP PROXY
+
+.B -P, --enableproxy
+ enable http proxy mode
+
.SH "REMOTE ADMINISTRATION"
Currently available commands are:
@@ -148,6 +147,68 @@ Currently available commands are:
.B quit
quit connection
+.B timeout N X
+ set timeout value in X realm
+
+.B audit {0|1} X
+ set audit mode in X realm
+
+.B dnslookups {0|1} X
+ set dnslookups mode in X realm
+
+.B dateformat S
+ set dateformat
+
+.B kuser S
+ kick user named S
+
+.B kclient N
+ kick client with number N
+
+.SH "LOGCMD FORMAT"
+
+.B LOGCMD
+has the following synopsis:
+.B target,description,msgdesc
+
+Where
+.B target
+is
+.B file
+or
+.B sock
+
+.B description
+is
+.B filename
+or
+.B host,port
+
+and
+.B msgdesc
+is the subset of:
+
+.B LOG_T_ALL,
+.B LOG_T_USER,
+.B LOG_T_CLIENT,
+.B LOG_T_INIT,
+.B LOG_T_MANAGE,
+.B LOG_T_MAIN,
+.B LOG_I_ALL,
+.B LOG_I_CRIT,
+.B LOG_I_DEBUG,
+.B LOG_I_DDEBUG,
+.B LOG_I_INFO,
+.B LOG_I_NOTICE,
+.B LOG_I_WARNING,
+.B LOG_I_ERR
+
+written without spaces.
+
+ Example:
+
+ file,filename,LOG_T_ALL,LOG_I_CRIT,LOG_I_ERR,LOG_I_WARNING
+
.SH "SEE ALSO"
.BR afclient (1),
diff --git a/doc/afserver.conf.5 b/doc/afserver.conf.5
index b15bf2d..18d1b2a 100644
--- a/doc/afserver.conf.5
+++ b/doc/afserver.conf.5
@@ -1,4 +1,4 @@
-.TH afserver.conf 5 "apf 0.6" Jeremian
+.TH afserver.conf 5 "apf 0.7" Jeremian
.SH NAME
afserver.conf \- Configuration File for afserver
.SH INTRODUCTION
@@ -22,9 +22,9 @@ uses configuration file, which name is supplied by the
option. The
.B afserver.conf
file is composed of two sections which have to be in fixed order. In first section global values like certificates, keys and logging options are set. The second section starts with first
-.B newrealm
+.B realm
command and includes options describing specific realms. There may be several
-.B newrealm
+.B realm
commands.
.SH "GLOBAL OPTIONS"
@@ -35,17 +35,8 @@ commands.
.B key FILE
the name of the file with RSA key (default: server.rsa)
-.B lightlog FILE
- logging some data to a logfile
-
-.B heavylog FILE
- logging everything to a logfile
-
-.B heavysocklog PORT
- logging everything to a localport
-
-.B lightsocklog PORT
- logging some data to a localport
+.B log LOGCMD
+ log choosen information to file/socket
.B dateformat FORMAT
format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S). Format string is trimmed. In order to include white characters into format string, use dots to mark beginning and end of the text. If the dot is first or last character, it's removed. Only one character from the beginning and one from the end can be removed.
@@ -98,6 +89,9 @@ commands.
.B baseport
listenports are temporary and differ for each client
+
+.B audit
+ additional information about connections are logged
.B dnslookups
try to obtain dns names of the computers rather than their numeric IP
@@ -108,6 +102,9 @@ commands.
.B ipv6
use ipv6 only
+.B enableproxy
+ enable http proxy mode
+
.SH "SEE ALSO"
.BR afclient (1),
diff --git a/doc/afserver_example.conf b/doc/afserver_example.conf
index 2046b03..f7c0be8 100644
--- a/doc/afserver_example.conf
+++ b/doc/afserver_example.conf
@@ -12,17 +12,13 @@ key server.rsa
# type name of file
-lightlog logfile
-#heavylog logfile
+log file,logfile,LOG_T_ALL,LOG_I_CRIT,LOG_I_ERR,LOG_I_WARNING
# we we could also want to use sockets instead of files
-# type port (on localhost)
+#log sock,localhost,LOG_T_ALL,LOG_I_ALL
-#lightsocklog 12345
-#heavysocklog 12345
-
-#dateformat %d.%m.%Y %H:%M:%S
+#dateformat %Y-%m-%d %H:%M:%S
# And it's time to create forwarding targets (named realms here)
@@ -46,9 +42,11 @@ manage 50126 #portnumber on which server is listening for afclient
#nossl #don't use ssl for data transfer
#nozlib #don't use zlib
#baseport #listenports are temporary and differ for each client
+#audit #additional information about connections are logged
#dnslookups #try to obtain dns names of the computers
#ipv4 #use ipv4 only
#ipv6 #use ipv6 only
+#enableproxy #enable http proxy mode
# and now the second realm
diff --git a/doc/en/README b/doc/en/README
index 0e49c3e..d676098 100644
--- a/doc/en/README
+++ b/doc/en/README
@@ -1,4 +1,4 @@
-AF - Active Port Forwarder 0.6 - README
+AF - Active Port Forwarder 0.7 - README
Copyright (C) 2003,2004,2005 jeremian - <jeremian [at] poczta.fm>
=================================================================
@@ -30,11 +30,13 @@ INTRO
2.1 afserver
2.2 afclient
3. REMOTE ADMINISTRATION
-4. MODULES
-5. EXAMPLES
- 5.1 tcp mode
- 5.2 reverse udp mode
-6. BUGS/PROBLEMS
+4. HTTP PROXY TUNNELS
+5. LOGGING
+6. MODULES
+7. EXAMPLES
+ 7.1 tcp mode
+ 7.2 reverse udp mode
+8. BUGS/PROBLEMS
NOTES
@@ -110,6 +112,7 @@ Multiple clients allow to create more sophisticated tunneling scheme.
to it (default: 50127)
-m, --manageport - manage port number - second part of the active
port forwarder connects to it (default: 50126)
+ -V, --version - display version number
-h, --help - prints this help
Authorization:
@@ -137,27 +140,24 @@ Multiple clients allow to create more sophisticated tunneling scheme.
-R, --raclients - the number of allowed clients in remote administration
mode to use this server (default: 1)
-U, --usrpcli - the number of allowed users per client (default: $users)
- -M, --climode - strategy used for connecting users with clients
- (default: 1)
+ -M, --climode - strategy used to connect users with clients (default: 1)
Available strategies:
1. fill first client before go to next
- -p, --proto - type of server (tcp|udp) - for which protocol it will
- be operating (default: tcp)
+ -p, --proto - type of server (tcp|udp) - what protocol it will be
+ operating for (default: tcp)
-b, --baseport - listenports are temporary and differ for each client
- --nossl - ssl is not used for transferring data (but it's still
- used to establish a connection) (default: ssl is used)
- --nozlib - zlib is not used for compressing data (default:
- zlib is used)
+ -a, --audit - additional information about connections are logged
+ --nossl - ssl is not used to transfer data (but it's still used
+ to establish a connection) (default: ssl is used)
+ --nozlib - zlib is not used to compress data (default: zlib is
+ used)
--dnslookups - try to obtain dns names of the computers rather than
their numeric IP
Logging:
- -O, --heavylog - logging everything to a logfile
- -o, --lightlog - logging some data to a logfile
- -S, --heavysocklog - logging everything to a localport
- -s, --lightsocklog - logging some data to a localport
+ -o, --log - log choosen information to file/socket
-v, --verbose - to be verbose - program won't enter the daemon mode
(use several times for greater effect)
@@ -166,6 +166,11 @@ Multiple clients allow to create more sophisticated tunneling scheme.
-4, --ipv4 - use ipv4 only
-6, --ipv6 - use ipv6 only
+ HTTP PROXY:
+
+ -P, --enableproxy - enable http proxy mode
+
+
2.2 afclient
------------
@@ -179,11 +184,12 @@ Multiple clients allow to create more sophisticated tunneling scheme.
destination of the packets (default: the name
returned by hostname function)
-p, --portnum - the port we are forwarding connection to (required)
+ -V, --version - display version number
-h, --help - prints this help
Authorization:
- -i, --id - send the id string to afserver
+ -i, --id - sends the id string to afserver
--pass - set the password used for client identification
(default: no password)
@@ -192,23 +198,25 @@ Multiple clients allow to create more sophisticated tunneling scheme.
-k, --keyfile - the name of the file with RSA key (default: client.rsa)
-D, --dateformat - format of the date printed in logs (see 'man strftime'
for details) (default: %d.%m.%Y %H:%M:%S)
+ -K, --keep-alive N - send keepalive packets every N seconds
+ (default: not send keepalive packets)
+ -A, --ar-tries N - try N times to reconnect to afserver after
+ its premature quit (default: unlimited)
+ -T, --ar-delay N - wait N seconds between reconnect tries (default: 5)
Modes:
-u, --udpmode - udp mode - client will use udp protocol to
- communicate with the hostname
+ communicate with the hostname:portnum (-p)
-U, --reverseudp - reverse udp forwarding. Udp packets will be forwarded
from hostname:portnum (-p) to the server name:portnum
(-m)
-r, --remoteadmin - remote administration mode. (using '-p #port' will
- force afclient to use port rather then stdin-stdout)
+ force afclient to use port rather than stdin-stdout)
Logging:
- -O, --heavylog - logging everything to a logfile
- -o, --lightlog - logging some data to a logfile
- -S, --heavysocklog - logging everything to a localport
- -s, --lightsocklog - logging some data to a localport
+ -o, --log - log choosen information to file/socket
-v, --verbose - to be verbose - program won't enter the daemon mode
(use several times for greater effect)
@@ -222,6 +230,12 @@ Multiple clients allow to create more sophisticated tunneling scheme.
-l, --load - load a module for user's packets filtering
-L, --Load - load a module for service's packets filtering
+ HTTP PROXY:
+
+ -P, --proxyname - the name of the machine with proxy server
+ -X, --proxyport - the port used by proxy server (default: 8080)
+
+
================================================================================
========================
@@ -257,6 +271,25 @@ Currently available commands are:
quit
quit connection
+ timeout N X
+ set timeout value in X realm
+
+ audit {0|1} X
+ set audit mode in X realm
+
+ dnslookups {0|1} X
+ set dnslookups mode in X realm
+
+ dateformat S
+ set dateformat
+
+ kuser S
+ kick user named S
+
+ kclient N
+ kick client with number N
+
+
Afclient with '-p, --portnum PORT' option listens for connection from user at
NAME:PORT. NAME is set by '-d, --hostname' option or hostname() function, when
the option is missing.
@@ -265,8 +298,58 @@ When user quits (close the connection or send 'quit' command), afclient exits.
================================================================================
+=====================
+4. HTTP PROXY TUNNELS
+=====================
+
+Afclient can communicate with afserver via HTTP proxy. In order to use this
+feature, afserver must be started with '-P, --enableproxy' option. Afclient must
+specify the proxy host ('-P, --proxyname' option) and port ('-X, --proxyport'
+option).
+
+Afclient with HTTP proxy mode enabled can still accept connections from
+afclients, which don't use HTTP proxy mode.
+
+================================================================================
+
+==========
+5. LOGGING
+==========
+
+Logging can be enabled by '-o, --log' option. The argument to this option must
+be in the form:
+ target,description,msgdesc
+
+Where
+ target is file or sock
+ description is filename or host,port
+ msgdesc is the subset of:
+ LOG_T_ALL,
+ LOG_T_USER,
+ LOG_T_CLIENT,
+ LOG_T_INIT,
+ LOG_T_MANAGE,
+ LOG_T_MAIN,
+ LOG_I_ALL,
+ LOG_I_CRIT,
+ LOG_I_DEBUG,
+ LOG_I_DDEBUG,
+ LOG_I_INFO,
+ LOG_I_NOTICE,
+ LOG_I_WARNING,
+ LOG_I_ERR
+
+ written without spaces.
+
+
+ Example:
+
+ file,filename,LOG_T_MANAGE,LOG_I_ALL
+
+================================================================================
+
==========
-4. MODULES
+6. MODULES
==========
Afclient can use external modules for user's packets filtering ('-l, --load')
@@ -343,10 +426,10 @@ Modules have to be compiled with '-fPIC -shared' options.
================================================================================
===========
-5. EXAMPLES
+7. EXAMPLES
===========
- 5.1 tcp mode
+ 7.1 tcp mode
------------
local network |FireWall| Internet
@@ -395,7 +478,7 @@ on our computer and we are behind a masquerade or a firewall:
6) We can now enter with a web-browser to: <name of the server>:50127 and we
will enter to our computer in the fact.
- 5.2 reverse udp mode
+ 7.2 reverse udp mode
--------------------
local network |FireWall| Internet
@@ -434,7 +517,7 @@ server on our computer (udp port 27960 on our machine):
================================================================================
================
-6. BUGS/PROBLEMS
+8. BUGS/PROBLEMS
================
There are no known/open bugs at the moment.