diff --git a/README b/README index 8702d3d..39d0d40 100644 --- a/README +++ b/README @@ -7,15 +7,118 @@ Please read doc/html/index.html and man pages. + Features: + 1. General + + HTTP/1.1 Proxy with keep-alive client and server support, + transparent proxy support. + + Anonymous and random client emulation HTTP proxy mode + + FTP over HTTP support. + + DNS caching with built-in resolver + + HTTPS (CONNECT) proxy + + SOCKSv4/4.5 Proxy + + SOCKSv5 Proxy + + UDP and bind support for SOCKSv5 (fully compatible with + SocksCAP/FreeCAP for UDP) + + Transparent SOCKS redirection for HTTP, POP3, FTP, SMTP, ICQ + + POP3 Proxy + + FTP proxy + + DNS proxy + + TCP port mapper + + UDP port mapper + + SMTP proxy + + ICQ/AOL proxy + + Threaded application (no child process). + + Web administration and statistics + + Plugins for functionality extension + + Native 64 bit application for 64 bit OS, including 64-bit editions of + Windows. + + IPv6 support + 2. Proxy chaining and network connections + + Connect back proxy support to bypass firewalls + + Parent proxy support for any type of incoming connection + + Username/password authentication for parent proxy(s). + + HTTPS/SOCKS4/SOCKS5 and redirection parent support + + Random parent selection + + Chain building (multihop proxing) + + Load balancing between few network connections by choosing network + interface + 3. Logging + + turnable log format compatible with any log parser + + stdout logging + + file logging + + syslog logging (Unix) + + ODBC logging + + log file rotation (hourly, daily, weekly, monthly) + + automatic log file comperssion with external archiver (for files) + + automatic removal of older log files + + Character filtering for log files + + different log files for different servces are supported + 4. Access control + + ACL-driven (user/source/destination/protocol/weekday/daytime or + combined) bandwith limitation for incoming and (!)outgoing trafic. + + ACL-driven (user/source/destination/protocol/weekday/daytime or + combined) traffic limitation per day, week or month for incoming and + (!) outgoing traffic + + User authentication by DNS hostname + + User authentication by username / password + + Access control by username, source IP, destination IP, destination + port and destination action (POST, PUT, GET, etc), weekday and daytime. + + Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP + + Cleartext or encrypted (crypt/MD5 or NT) passwords. + + Connection redirection + + Access control by requested action (CONNECT/BIND, + HTTP GET/POST/PUT/HEAD/OTHER). + + NTLM (v1 only) authentication for HTTP proxy access + + All access control entries now support weekday and time limitations + + Hostnames and * templates are supported instead of IP address + 5. Extensions + + Regular expression filtering (with PCRE) via PCREPlugin + currently HTTP traffic only for URLs, HTTP headers and HTTP data. + + Authentication with Windows username/password (cleartext only!) + + SSL/TLS decryptions with certificate spoofing + + NAT support under Linux + 6. Configuration + + support for configuration files + + support for includes in configuration files + + interface binding + + running as daemon process + + utility for automated networks list building + + configuration reload on any file change + Unix + + support for chroot + + support for setgid + + support for setuid + + support for signals + Windows + + support --install as service + + support --remove as service + + support for service START, STOP, PAUSE and CONTINUE commands (on + PAUSE no new connection accepted, but active connections still in + progress, on CONTINUE configuration is reloaded) + Windows 95/98/ME + + support --install as service + + support --remove as service + 6. Compilation + + MSVC (static) + + Intel Windows Compiler (msvcrt.dll) + + Windows/gcc (msvcrt.dll) + + Cygwin/gcc (cygwin.dll) + + Unix/gcc + + Unix/ccc + + Solaris + + Mac OS X, iPhone OS + + Linux and derivered systems + + Lite version for Windows 95/98/NT/2000/XP/2003 + + 32 bit and 64 bit versions for Windows Vista and above, Windows 2008 server and above + 3proxy Combined proxy server may be used as - Windows 95/98/NT/2000/XP/2003/Vista executable or service (supports installation and removal). It uses config file to read it's configuration (see 3proxy.cfg.sample for details). - --install installs and starts proxy as NT/2000/XP service + --install installs and starts proxy as Windows service (config file should be located in the same directory) --remove removes the service (should be stopped before via - net stop 3proxy). + 'net stop 3proxy'). 3proxy.exe is all-in-one, it doesn't require all others .exe to work. See 3proxy.cfg.sample for examples, see man 3proxy.cfg diff --git a/src/auth.c b/src/auth.c index f1a9c2c..7e8263b 100644 --- a/src/auth.c +++ b/src/auth.c @@ -1067,13 +1067,13 @@ unsigned long udpresolve(int af, unsigned char * name, unsigned char * value, un break; } if(makeauth && !SAISNULL(&authnserver.addr)){ - memcpy(sinsr, &authnserver.addr, sizeof(addr)); + memcpy(sinsr, &authnserver.addr, sizeof(authnserver.addr)); } else { - memcpy(sinsr, &nservers[i].addr, sizeof(addr)); + memcpy(sinsr, &nservers[i].addr, sizeof(nservers[i].addr)); } if(usetcp){ - if(so._connect(sock,sinsr,sizeof(addr))) { + if(so._connect(sock,sinsr,SASIZE(sinsr))) { so._shutdown(sock, SHUT_RDWR); so._closesocket(sock); break; diff --git a/src/common.c b/src/common.c index f4a68fb..6cb3d50 100644 --- a/src/common.c +++ b/src/common.c @@ -688,7 +688,7 @@ int doconnect(struct clientparam * param){ #ifdef _WIN32 unsigned long ul = 1; #endif - if(so._connect(param->remsock,(struct sockaddr *)¶m->sinsr,sizeof(param->sinsr))) { + if(so._connect(param->remsock,(struct sockaddr *)¶m->sinsr,SASIZE(¶m->sinsr))) { return (13); } param->nconnects++; diff --git a/src/dnspr.c b/src/dnspr.c index 2f8a532..3e4137e 100644 --- a/src/dnspr.c +++ b/src/dnspr.c @@ -140,7 +140,7 @@ void * dnsprchild(struct clientparam* param) { } memcpy(¶m->sinsr, &nservers[0].addr, sizeof(param->sinsr)); if(nservers[0].usetcp) { - if(so._connect(param->remsock,(struct sockaddr *)¶m->sinsr,sizeof(param->sinsr))) RETURN(830); + if(so._connect(param->remsock,(struct sockaddr *)¶m->sinsr,SASIZE(¶m->sinsr))) RETURN(830); buf-=2; *(unsigned short*)buf = htons(i); i+=2; diff --git a/src/ftppr.c b/src/ftppr.c index f1a4f74..7c9cb00 100644 --- a/src/ftppr.c +++ b/src/ftppr.c @@ -119,11 +119,11 @@ void * ftpprchild(struct clientparam* param) { clidatasock = INVALID_SOCKET; } if ((clidatasock=socket(SASOCK(¶m->sincl), SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) {RETURN(821);} - sasize = sizeof(param->sincl); *SAPORT(¶m->sincl) = 0; if(so._bind(clidatasock, (struct sockaddr *)¶m->sincl, SASIZE(¶m->sincl))){RETURN(822);} if (pasv) { if(so._listen(clidatasock, 1)) {RETURN(823);} + sasize = sizeof(param->sincl); if(so._getsockname(clidatasock, (struct sockaddr *)¶m->sincl, &sasize)){RETURN(824);} if(*SAFAMILY(¶m->sincl) == AF_INET) sprintf((char *)buf, "227 OK (%u,%u,%u,%u,%u,%u)\r\n", @@ -145,8 +145,7 @@ void * ftpprchild(struct clientparam* param) { if(sscanf((char *)buf+5, "%lu,%lu,%lu,%lu,%hu,%hu", &b1, &b2, &b3, &b4, &b5, &b6)!=6) {RETURN(828);} *SAPORT(¶m->sincr) = htons((unsigned short)((b5<<8)^b6)); - sasize = sizeof(param->sincr); - if(so._connect(clidatasock, (struct sockaddr *)¶m->sincr, sasize)) { + if(so._connect(clidatasock, (struct sockaddr *)¶m->sincr, SASIZE(¶m->sincr))) { so._closesocket(clidatasock); clidatasock = INVALID_SOCKET; RETURN(826); diff --git a/src/proxymain.c b/src/proxymain.c index ab55602..4198f61 100644 --- a/src/proxymain.c +++ b/src/proxymain.c @@ -530,7 +530,7 @@ int MODULEMAINFUNC (int argc, char** argv){ new_sock=so._socket(SASOCK(&defparam.sincr), SOCK_STREAM, IPPROTO_TCP); if(new_sock != INVALID_SOCKET){ parsehost(srv.family, cbc_string, (struct sockaddr *)&defparam.sincr); - if(so._connect(new_sock,(struct sockaddr *)&defparam.sincr,sizeof(defparam.sincr))) { + if(so._connect(new_sock,(struct sockaddr *)&defparam.sincr,SASIZE(&defparam.sincr))) { so._closesocket(new_sock); new_sock = INVALID_SOCKET; usleep(SLEEPTIME);