From 63c8258ea8e6a2c03c03549326755aac5e0e1d1d Mon Sep 17 00:00:00 2001 From: Jakub Sławiński Date: Fri, 19 Nov 2004 13:47:43 +0100 Subject: udp_patch - Lightly Modified: verbose in client's udp reverse mode - Fixed: major bug in udp protocol forwarding --- Changelog | 4 ++++ activefor.h | 2 +- afclient.c | 6 +++--- afserver.c | 25 +---------------------- docs/en/README | 47 +++++++++++++++++++++++++++++--------------- file.h | 62 +++++++++++++++++++++++++++++----------------------------- 6 files changed, 71 insertions(+), 75 deletions(-) diff --git a/Changelog b/Changelog index af4e6af..d6c8e6b 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,7 @@ +19.11.2004 (udp_patch): + - Lightly Modified: verbose in client's udp reverse mode + - Fixed: major bug in udp protocol forwarding + 11.10.2004 (v0.5.5): - Added: rsa key generation by afclient - Modified: afclient is now generating keys by default diff --git a/activefor.h b/activefor.h index 18211e1..29244c7 100644 --- a/activefor.h +++ b/activefor.h @@ -39,7 +39,7 @@ #define S_STATE_OPEN 7 #define S_STATE_STOPPED 11 -#define AF_VER(info) info" v0.5.5" +#define AF_VER(info) info" v0.5.5 (+udp_patch)" #define TYPE_TCP 1 #define TYPE_UDP 3 diff --git a/afclient.c b/afclient.c index 61ab6b8..710cd8f 100644 --- a/afclient.c +++ b/afclient.c @@ -404,13 +404,13 @@ main(int argc, char **argv) } else { if (n > 0) { - aflog(2, "Sending %d bytes to service (w:%d/%d)", n, + aflog(2, "Sending %d bytes to service (w:%d/%d) (FROM:%s)", n, #ifdef SIOCOUTQ notsent #else buflength - notsent #endif - , buflength); + , buflength, sock_ntop(cliaddr, len, NULL, NULL)); buff[0] = AF_S_MESSAGE; buff[1] = AF_S_LOGIN; buff[2] = AF_S_MESSAGE; @@ -439,7 +439,7 @@ main(int argc, char **argv) aflog(0, "premature quit of the server -> exiting..."); exit(1); } - aflog(2, "Sending %d bytes to user", n); + aflog(2, "Sending %d bytes to user (TO:%s)", n, sock_ntop(cliaddr, addrlen, NULL, NULL)); sendto(contable[0].connfd, buff, n, 0, cliaddr, addrlen); } /* - FD_ISSET MASTER.COMMFD RSET */ } diff --git a/afserver.c b/afserver.c index 369ef69..a8ca773 100644 --- a/afserver.c +++ b/afserver.c @@ -28,7 +28,6 @@ #include #include #include -#include #include static void usage(char* info); @@ -840,29 +839,7 @@ main(int argc, char **argv) buff[3] = n >> 8; /* high bits of message length */ buff[4] = n; /* low bits of message length */ sent = write(pointer->contable[numofcon].connfd, buff, n+5); - if ((sent > 0) && (sent != n)) { - insertblnode(&(pointer->contable[numofcon].head), sent, n, buff); - pointer->contable[numofcon].state = S_STATE_STOPPED; - FD_SET(pointer->contable[numofcon].connfd, &wset); - buff[0] = AF_S_DONT_SEND; /* stopping transfer */ - buff[1] = numofcon >> 8; /* high bits of user number */ - buff[2] = numofcon; /* low bits of user number */ - aflog(3, " realm[%d]: TO user[%d]: BUFFERING MESSAGE STARTED (%d/%d)", j, numofcon, - sent, n); - send_message(pointer->type, pointer->clitable[k].cliconn, buff, 5); - } - else if ((sent == -1) && (errno == EAGAIN)) { - insertblnode(&(pointer->contable[numofcon].head), 0, n, buff); - pointer->contable[numofcon].state = S_STATE_STOPPED; - FD_SET(pointer->contable[numofcon].connfd, &wset); - buff[0] = AF_S_DONT_SEND; /* stopping transfer */ - buff[1] = numofcon >> 8; /* high bits of user number */ - buff[2] = numofcon; /* low bits of user number */ - aflog(3, " realm[%d]: TO user[%d]: BUFFERING MESSAGE STARTED (%d/%d)", j, numofcon, - sent, n); - send_message(pointer->type, pointer->clitable[k].cliconn, buff, 5); - } - else if (sent == -1) { + if (sent == -1) { aflog(1, " realm[%d]: user[%d]: CLOSED (write-udp)", j, numofcon); aflog(2, " IP:%s PORT:%s", pointer->contable[numofcon].namebuf, pointer->contable[numofcon].portbuf); diff --git a/docs/en/README b/docs/en/README index e9ded51..8901699 100644 --- a/docs/en/README +++ b/docs/en/README @@ -1,4 +1,4 @@ -AF - Active Port Forwarder v0.5.4 - README +AF - Active Port Forwarder v0.5.5 - README Copyright (C) 2003,2004 jeremian - =================== @@ -7,10 +7,10 @@ Copyright (C) 2003,2004 jeremian - GRAY-WORLD.NET / Active Port Forwarder ========================== - The Active Port Forwarder program is part of the Gray-World.net projects. + The Active Port Forwarder program is part of the Gray-World.net projects. Our Gray-World Team presents on the http://gray-world.net website the projects - and publications we are working on which are related to the NACS (Network + and publications we are working on which are related to the NACS (Network Access Control System) bypassing research field and to the computer and network security topics. @@ -44,13 +44,13 @@ THANKS INTRO ===== -Active port forwarder is a software tool for secure port forwarding. +Active port forwarder is a software tool for secure port forwarding. It uses ssl to increase security of communication between a server and a client. Originally, it was developed to forward data point to point. However, the need for bypassing firewalls in order to connect to internally located computers influenced the further development of the project. -AF is dedicated for people, who don't have an external ip number and want to +AF is dedicated for people, who don't have an external ip number and want to make some services available across the net. Moreover, zlib is used to compress the transferred data. @@ -58,6 +58,8 @@ Moreover, zlib is used to compress the transferred data. Using one, permanent data/control channel with flow control / packet buffering provides good performance and reasonably small latency. +Multiple clients allow to create more sophisticated tunneling scheme. + ================================================================================ =============== @@ -99,15 +101,23 @@ provides good performance and reasonably small latency. ------------ Options: - -h, --help - prints this help -n, --hostname - it's used when creating listening sockets (default: name returned by hostname function) -l, --listenport - listening port number - users connect to it (default: 50127) -m, --manageport - manage port number - second part of the active port forwarder connects to it (default: 50126) + -t, --timeout - the timeout value for the client's connection + (default: 5) -u, --users - the amount of users allowed to use this server (default: 5) + -C, --clients - the number of allowed clients to use this server + (default: 1) + -U, --usrpcli - the number of allowed users per client (default: $users) + -M, --climode - strategy used for connecting users with clients (default: 1) + Available strategies: + 1. fill first client before go to next + -c, --cerfile - the name of the file with certificate (default: cacert.pem) -k, --keyfile - the name of the file with RSA key (default: server.rsa) @@ -119,15 +129,19 @@ provides good performance and reasonably small latency. -o, --lightlog - logging some data to a logfile -v, --verbose - to be verbose - program won't enter the daemon mode (use several times for greater effect) - --nossl - ssl is not used for transferring data (but it's still + + --nossl - ssl is not used for transfering data (but it's still used to establish a connection) (default: ssl is used) --nozlib - zlib is not used for compressing data (default: zlib is used) --pass - set the password used for client identification (default: no password) + -4, --ipv4 - use ipv4 only -6, --ipv6 - use ipv6 only + -h, --help - prints this help + 2.2 afclient ------------ @@ -140,13 +154,13 @@ provides good performance and reasonably small latency. -d, --hostname - the name of this host/remote host - the final destination of the packets (default: the name returned by hostname function) - -p, --portnum - the port we are forwarding the connection to (required) - -k, --keyfile - the name of the file with RSA key (default: client.rsa) + -p, --portnum - the port we are forwarding connection to (required) + -k, --keyfile - the name of the file with RSA key (default: (none)) -u, --udpmode - udp mode - client will use udp protocol to communicate with the hostname -U, --reverseudp - reverse udp forwarding. Udp packets will be forwarded from hostname:portnum (-p) to the server name:portnum - (-m) + (-m) -O, --heavylog - logging everything to a logfile -o, --lightlog - logging some data to a logfile -v, --verbose - to be verbose - program won't enter the daemon mode @@ -155,7 +169,8 @@ provides good performance and reasonably small latency. (default: no password) -4, --ipv4 - use ipv4 only -6, --ipv6 - use ipv6 only - -l, --load - load a module for packets filtering + -l, --load - load a module for user's packets filtering + -L, --Load - load a module for service's packets filtering ================================================================================ @@ -181,7 +196,7 @@ provides good performance and reasonably small latency. The use of it is extremely simple. Let's suppose we want to create a http server on our computer and we are behind a masquerade or a firewall: -1) We have to find some machine on the net with an external ip and a shell +1) We have to find some machine on the net with an external ip and a shell account. 2) Use "make" to compile everything on that machine. (you can freely remove the @@ -191,7 +206,7 @@ on our computer and we are behind a masquerade or a firewall: type -f ) : $ ./afserver This will work, if you want to use default values: - - hostname will be taken from hostname function (it would be ideally, if + - hostname will be taken from hostname function (it would be ideally, if there is appropriate registration in /etc/hosts) - server will be listening for users on port 50127 - server will be listening for client on port 50126 @@ -230,10 +245,10 @@ on our computer and we are behind a masquerade or a firewall: Let's see how to use af to forward udp packets. Suppose we want to create a game server on our computer (udp port 27960 on our machine): -1) - 4) is the same like in example 1. (but we add option: -p udp) +1) - 4) is the same like in example 1. (but we add option: -p udp) 5) We are typing from the console: - $ ./afclient -u -n -p 27960 + $ ./afclient -u -n -p 27960 Where is a name (or ip) of a host where our server is running. @@ -287,7 +302,7 @@ README file. LICENSE ------- - Active Port Forwarder is distributed under the terms of the GNU General + Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (c) 2003,2004 jeremian . See the file COPYING for details. diff --git a/file.h b/file.h index 9132caa..56f06e3 100644 --- a/file.h +++ b/file.h @@ -25,45 +25,45 @@ #ifndef _JS_FILE_H #define _JS_FILE_H -#define F_UNKNOWN 1 -#define F_IGNORE 2 -#define F_ROPTION 3 -#define F_RVALUE 4 -#define F_MIDDLE 5 +#define F_UNKNOWN 1 +#define F_IGNORE 2 +#define F_ROPTION 3 +#define F_RVALUE 4 +#define F_MIDDLE 5 typedef struct { - char* hostname; - char* lisportnum; - char* manportnum; - char* users; - char* clients; - char* usrpcli; - char* clim; - char* timeout; - unsigned char pass[4]; - int usercon; - int usernum; + char* hostname; + char* lisportnum; + char* manportnum; + char* users; + char* clients; + char* usrpcli; + char* clim; + char* timeout; + unsigned char pass[4]; + int usercon; + int usernum; int clicon; int clinum; int upcnum; - int tmout; - int listenfd; - int managefd; - int climode; - char type; - socklen_t addrlen; - struct sockaddr* cliaddr; - ConnectclientT* clitable; - ConnectuserT* contable; + int tmout; + int listenfd; + int managefd; + int climode; + char type; + socklen_t addrlen; + struct sockaddr* cliaddr; + ConnectuserT* contable; + ConnectclientT* clitable; } RealmT; typedef struct { - char* certif; - char* keys; - char* logfnam; - char logging; - int size; - RealmT* realmtable; + char* certif; + char* keys; + char* logfnam; + char logging; + int size; + RealmT* realmtable; } ConfigurationT; ConfigurationT parsefile(char*, int*); /* parse the cfg file */ -- cgit v1.1