From 1adde65db245ec1fca752cfee4c198badf40fb5f Mon Sep 17 00:00:00 2001
From: Jakub Sławiński
Date: Tue, 15 Mar 2005 01:22:55 +0100
Subject: v0.6

  - Fixed: default password incompatibilities from config file
  - Added: "client's id" option
  - Lightly Modified: verbose mode
  - Added: temporary listen ports
  - Fixed: bug in printing "client's id"
  - Added: 'dateformat' option to set format of the date in the logs
  - Modified: command line option and config file behaviour
  - Added: logging to a socket
  - Fixed: parsing config file
  - Fixed: major bug in packet buffering
  - Added: several clients-users in one realm
  - Modified: default hostname used by afserver
  - Modified: server listening behaviour (for clients)
  - Fixed: bug in checking options values
  - Modified: verbose mode
  - Modified: client initial connection to server
  - Added: connection time / uptime statistics
  - Added: first version of remote administration (statistics only)
  - Fixed: major bug in remove_client routine
  - Added: 'raclients' option
  - Added: use of automake/autoconf
  - Added: creating ~/.apf directory
  - Modified: the way of creating/managing keys/certificates
  - Added: 'dnslookups' option
  - Modified: usage functions
  - Fixed: no handling of missing 'listen' option after 'newrealm' in config file
  - Added: 'quit' command in remote administration mode
  - Modified: logging error messages during initialization
  - Modified: 'newrealm' changed to 'realm' in config file
  - Added: realm names
  - Modified: connection time / uptime
  - Added: client names / unique numbers
  - Added: user unique numbers
  - Fixed: segmentation fault after 'quit' command
---
 doc/afclient.1 | 246 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 246 insertions(+)
 create mode 100644 doc/afclient.1

(limited to 'doc/afclient.1')

diff --git a/doc/afclient.1 b/doc/afclient.1
new file mode 100644
index 0000000..5cdd770
--- /dev/null
+++ b/doc/afclient.1
@@ -0,0 +1,246 @@
+.TH afclient 1 "apf 0.6" Jeremian
+.SH NAME
+afclient \- active port forwarder client
+.SH SYNOPSIS
+.B afclient [
+.I options
+.B ] -n
+.I servername
+.B -p
+.I portnum
+.SH DESCRIPTION
+.B Afclient
+is a port forwarding program designed to be efficient and easy to use. It connects to
+.B afserver
+to listenport (default listenport is 50126) and after a successful authorization
+.B afclient
+redirects all the data to the specified destination host:port.
+.SH "EXAMPLES"
+.B afclient -n servername -p 22
+  program connects to servername:50126 and redirects data to local port 22 (becomes a daemon)
+
+.B afclient -n servername -p 22 -v
+  the same as above, but verbose mode is enabled (program won't enter daemon mode)
+
+.B afclient -n servername -r
+  program connects to servername:50126 in remote administration mode
+.SH OPTIONS
+.I "Basic options"
+
+.B -n, --servername NAME
+  name of the host, where
+.I afserver
+is running (required)
+
+.B -m, --manageport PORT
+  manage port number - server must be listening on it (default: 50126)
+
+.B -d, --hostname NAME
+  the name of this host/remote host - the final destination of the packets (default: the name returned by hostname function)
+
+.B -p, --portnum PORT
+  the port we are forwarding connection to (required)
+
+.B -h, --help
+  prints help screen
+
+.I Authorization
+
+.B -i, --id STRING
+  sends the id string to afserver
+  
+.B --pass PASSWORD
+  set the password used for client identification (default: no password)
+
+.I Configuration
+
+.B -k, --keyfile FILE
+  the name of the file with RSA key (default: client.rsa)
+  
+.B -D, --dateformat FORMAT
+  format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S)
+
+.I Modes
+
+.B -u, --udpmode
+  udp mode - client will use udp protocol to communicate with the hostname:portnum (-p)
+
+.B -U, --reverseudp
+  reverse udp forwarding. Udp packets will be forwarded from hostname:portnum (-p) to the server name:portnum (-m)
+  
+.B -r, --remoteadmin
+  remote administration mode. (using '-p PORT' will force afclient to use port rather then stdin-stdout)
+
+.I Logging
+
+.B -O, --heavylog
+  logging everything to a logfile
+
+.B -o, --lightlog
+  logging some data to a logfile
+
+.B -S, --heavysocklog
+  logging everything to a localport
+
+.B -s, --lightsocklog
+  logging some data to a localport
+
+.B -v, --verbose
+  to be verbose - program won't enter the daemon mode (use several times for greater effect)
+
+.I "IP family"
+
+.B -4, --ipv4
+  use ipv4 only
+
+.B -6, --ipv6
+  use ipv6 only
+
+.I Modules
+
+.B -l, --load
+  load a module for user's packets filtering
+
+.B -L, --Load
+  load a module for service's packets filtering
+
+.SH "REMOTE ADMINISTRATION"
+
+Remote administration mode is enabled by
+.B '-r, --remoteadmin'
+option. Required options:
+.B '-n, --servername NAME'
+
+After successful authorization stdin/stdout are used to communicate with user. All the commands parsing is done by
+.BR afserver .
+Commands guaranteed to be available:
+
+.B help
+  display help
+
+.B lcmd
+  lists available commands
+
+.B quit
+  quit connection
+
+For list of all available commands take a look at
+.BR afserver (1).
+
+When 
+.B '-p, --portnum PORT'
+is used,
+.B afclient
+listens for connection from user at NAME:PORT. NAME is set by
+.B '-d, --hostname'
+option or hostname() function, when the option is missing.
+
+When user quits (close the connection or send
+.B 'quit'
+command),
+.B afclient
+exits.
+
+.SH MODULES
+
+.B Afclient
+can use external modules for user's packets filtering
+.RB ( "'-l,  --load'" )
+and service's packets filtering
+.RB ( "'-L, --Load'" ).
+Module file has to declare three functions:
+
+.BI "char* info(" void );
+  
+  info() return values:
+  - info about module
+
+  Example:
+
+  char*
+  info(void)
+  {      
+    return "Module tester v0.1";
+  }    
+         
+.BI "int allow(char* " host ", char* " port );
+       
+  allow() return values:
+  0 - allow to connect
+  !0 - drop the connection
+         
+  Example:
+       
+  int    
+  allow(char* host, char* port)
+  {    
+    return 0; /* allow to connect */
+  }
+       
+.BI "int filter(char* " host ", unsigned char* " message ", int* " length );
+
+  filter() return values:
+  0 - allow to transfer 
+  1 - drop the packet
+  2 - drop the connection
+  3 - release the module
+  4 - drop the packet and release the module
+  5 - drop the connection and release the module
+
+  Example:
+
+  int
+  filter(char* host, unsigned char* message, int* length)
+  {
+    int i;
+    for (i = 1; i < *length; ++i) {
+      if (message[i-1] == 'M') {
+        if (message[i] == '1') {
+          return 1; /* ignored */
+        }
+        if (message[i] == '2') {
+          return 2; /* dropped */
+        }
+        if (message[i] == '3') {
+          return 3; /* release */
+        }
+        if (message[i] == '4') {
+          return 4; /* ignored + release */
+        }
+        if (message[i] == '5') {
+          return 5; /* dropped + release */
+        }
+      }
+    }
+    return 0; /* allow to transfer */
+  }
+
+Modules have to be compiled with
+.B -fPIC -shared
+options.
+
+.SH "SEE ALSO"
+
+.BR afserver (1),
+.BR afserver.conf (5)
+  
+.SH BUGS
+
+.B Afclient
+is still under development. There are no known open bugs at the moment.
+
+.SH "REPORTING BUGS"
+
+Please report bugs to <jeremian [at] poczta.fm>
+
+.SH AUTHOR
+
+Jeremian <jeremian [at] poczta.fm>
+
+.SH CONTRIBUTIONS
+
+Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru> and Marco Solari <marco.solari [at] koinesistemi.it>
+
+.SH LICENSE
+
+Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (C) 2003,2004,2005 jeremian <jeremian [at] poczta.fm>. See the file COPYING for details.
-- 
cgit v1.1