From 32aff2b27ccc3b3e51fb6f0bd77fe0073827c527 Mon Sep 17 00:00:00 2001 From: Jakub Sławiński Date: Tue, 7 Jun 2005 12:06:18 +0200 Subject: v0.7 - Added: http proxy tunnels between afserver and afclient - Fixed: sigint interception with threads enabled (in http proxy mode) - Fixed: FATAL ERROR in afclient in some situations after close of afserver when http proxy mode is enabled - Added: afclients can connect directly to afserver with enabled proxy mode - Fixed: timeout routine in http proxy tunnels - Added: 'rshow' command in ra mode displays 'tunneltype' - Fixed: printing IP of clients when http proxy mode is enabled - Added: 'tunneltype' per client in ra mode after 'cshow' command - Fixed: closing connection when http proxy mode is enabled - Fixed: threads initialization - Fixed: afserver closing after sigint - Fixed: afclient threads initialization - Added: 'version' option to display program version number - Modified: establishing afclient<->afserver connection - Added: 'keep-alive' option - Fixed: using 'proxyport' without 'proxyname' - Added: auto-reconnect feature to afclient - Added: 'ar-tries' and 'ar-delay' options - Modified: http proxy logging - Fixed: closing connection with afclient after receiving id - Fixed: thread closing due to wrong initialization sequence - Fixed: small bug in initialization process - Heavily Modified: logging routines - Added: audit option - Modified: default dateformat is now ISO 8601 - Modified: printing usage - Fixed: bug in threads' initialization in afclient - Added: 'timeout' and 'dateformat' options in ra mode - Modified: empty dateformat disables printing '[] ' - Added: 'audit' and 'dnslookups' options in ra mode - Fixed: afserver freeze bug - Added: 'kuser' and 'kclient' options in ra mode - Fixed: bug in starting afclient in ra mode - Added: audit log printed also after kicking the client --- doc/en/README | 143 ++++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 113 insertions(+), 30 deletions(-) (limited to 'doc/en') diff --git a/doc/en/README b/doc/en/README index 0e49c3e..d676098 100644 --- a/doc/en/README +++ b/doc/en/README @@ -1,4 +1,4 @@ -AF - Active Port Forwarder 0.6 - README +AF - Active Port Forwarder 0.7 - README Copyright (C) 2003,2004,2005 jeremian - ================================================================= @@ -30,11 +30,13 @@ INTRO 2.1 afserver 2.2 afclient 3. REMOTE ADMINISTRATION -4. MODULES -5. EXAMPLES - 5.1 tcp mode - 5.2 reverse udp mode -6. BUGS/PROBLEMS +4. HTTP PROXY TUNNELS +5. LOGGING +6. MODULES +7. EXAMPLES + 7.1 tcp mode + 7.2 reverse udp mode +8. BUGS/PROBLEMS NOTES @@ -110,6 +112,7 @@ Multiple clients allow to create more sophisticated tunneling scheme. to it (default: 50127) -m, --manageport - manage port number - second part of the active port forwarder connects to it (default: 50126) + -V, --version - display version number -h, --help - prints this help Authorization: @@ -137,27 +140,24 @@ Multiple clients allow to create more sophisticated tunneling scheme. -R, --raclients - the number of allowed clients in remote administration mode to use this server (default: 1) -U, --usrpcli - the number of allowed users per client (default: $users) - -M, --climode - strategy used for connecting users with clients - (default: 1) + -M, --climode - strategy used to connect users with clients (default: 1) Available strategies: 1. fill first client before go to next - -p, --proto - type of server (tcp|udp) - for which protocol it will - be operating (default: tcp) + -p, --proto - type of server (tcp|udp) - what protocol it will be + operating for (default: tcp) -b, --baseport - listenports are temporary and differ for each client - --nossl - ssl is not used for transferring data (but it's still - used to establish a connection) (default: ssl is used) - --nozlib - zlib is not used for compressing data (default: - zlib is used) + -a, --audit - additional information about connections are logged + --nossl - ssl is not used to transfer data (but it's still used + to establish a connection) (default: ssl is used) + --nozlib - zlib is not used to compress data (default: zlib is + used) --dnslookups - try to obtain dns names of the computers rather than their numeric IP Logging: - -O, --heavylog - logging everything to a logfile - -o, --lightlog - logging some data to a logfile - -S, --heavysocklog - logging everything to a localport - -s, --lightsocklog - logging some data to a localport + -o, --log - log choosen information to file/socket -v, --verbose - to be verbose - program won't enter the daemon mode (use several times for greater effect) @@ -166,6 +166,11 @@ Multiple clients allow to create more sophisticated tunneling scheme. -4, --ipv4 - use ipv4 only -6, --ipv6 - use ipv6 only + HTTP PROXY: + + -P, --enableproxy - enable http proxy mode + + 2.2 afclient ------------ @@ -179,11 +184,12 @@ Multiple clients allow to create more sophisticated tunneling scheme. destination of the packets (default: the name returned by hostname function) -p, --portnum - the port we are forwarding connection to (required) + -V, --version - display version number -h, --help - prints this help Authorization: - -i, --id - send the id string to afserver + -i, --id - sends the id string to afserver --pass - set the password used for client identification (default: no password) @@ -192,23 +198,25 @@ Multiple clients allow to create more sophisticated tunneling scheme. -k, --keyfile - the name of the file with RSA key (default: client.rsa) -D, --dateformat - format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S) + -K, --keep-alive N - send keepalive packets every N seconds + (default: not send keepalive packets) + -A, --ar-tries N - try N times to reconnect to afserver after + its premature quit (default: unlimited) + -T, --ar-delay N - wait N seconds between reconnect tries (default: 5) Modes: -u, --udpmode - udp mode - client will use udp protocol to - communicate with the hostname + communicate with the hostname:portnum (-p) -U, --reverseudp - reverse udp forwarding. Udp packets will be forwarded from hostname:portnum (-p) to the server name:portnum (-m) -r, --remoteadmin - remote administration mode. (using '-p #port' will - force afclient to use port rather then stdin-stdout) + force afclient to use port rather than stdin-stdout) Logging: - -O, --heavylog - logging everything to a logfile - -o, --lightlog - logging some data to a logfile - -S, --heavysocklog - logging everything to a localport - -s, --lightsocklog - logging some data to a localport + -o, --log - log choosen information to file/socket -v, --verbose - to be verbose - program won't enter the daemon mode (use several times for greater effect) @@ -222,6 +230,12 @@ Multiple clients allow to create more sophisticated tunneling scheme. -l, --load - load a module for user's packets filtering -L, --Load - load a module for service's packets filtering + HTTP PROXY: + + -P, --proxyname - the name of the machine with proxy server + -X, --proxyport - the port used by proxy server (default: 8080) + + ================================================================================ ======================== @@ -257,6 +271,25 @@ Currently available commands are: quit quit connection + timeout N X + set timeout value in X realm + + audit {0|1} X + set audit mode in X realm + + dnslookups {0|1} X + set dnslookups mode in X realm + + dateformat S + set dateformat + + kuser S + kick user named S + + kclient N + kick client with number N + + Afclient with '-p, --portnum PORT' option listens for connection from user at NAME:PORT. NAME is set by '-d, --hostname' option or hostname() function, when the option is missing. @@ -265,8 +298,58 @@ When user quits (close the connection or send 'quit' command), afclient exits. ================================================================================ +===================== +4. HTTP PROXY TUNNELS +===================== + +Afclient can communicate with afserver via HTTP proxy. In order to use this +feature, afserver must be started with '-P, --enableproxy' option. Afclient must +specify the proxy host ('-P, --proxyname' option) and port ('-X, --proxyport' +option). + +Afclient with HTTP proxy mode enabled can still accept connections from +afclients, which don't use HTTP proxy mode. + +================================================================================ + +========== +5. LOGGING +========== + +Logging can be enabled by '-o, --log' option. The argument to this option must +be in the form: + target,description,msgdesc + +Where + target is file or sock + description is filename or host,port + msgdesc is the subset of: + LOG_T_ALL, + LOG_T_USER, + LOG_T_CLIENT, + LOG_T_INIT, + LOG_T_MANAGE, + LOG_T_MAIN, + LOG_I_ALL, + LOG_I_CRIT, + LOG_I_DEBUG, + LOG_I_DDEBUG, + LOG_I_INFO, + LOG_I_NOTICE, + LOG_I_WARNING, + LOG_I_ERR + + written without spaces. + + + Example: + + file,filename,LOG_T_MANAGE,LOG_I_ALL + +================================================================================ + ========== -4. MODULES +6. MODULES ========== Afclient can use external modules for user's packets filtering ('-l, --load') @@ -343,10 +426,10 @@ Modules have to be compiled with '-fPIC -shared' options. ================================================================================ =========== -5. EXAMPLES +7. EXAMPLES =========== - 5.1 tcp mode + 7.1 tcp mode ------------ local network |FireWall| Internet @@ -395,7 +478,7 @@ on our computer and we are behind a masquerade or a firewall: 6) We can now enter with a web-browser to: :50127 and we will enter to our computer in the fact. - 5.2 reverse udp mode + 7.2 reverse udp mode -------------------- local network |FireWall| Internet @@ -434,7 +517,7 @@ server on our computer (udp port 27960 on our machine): ================================================================================ ================ -6. BUGS/PROBLEMS +8. BUGS/PROBLEMS ================ There are no known/open bugs at the moment. -- cgit v1.1