bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2026-06-13 11:00:11 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: bughz:41c120c5273fb45b44297665b94b032b28351ead
Branches Tags
bughz:master
bughz:test-ci
bughz:0.8
bughz:0.7
bughz:0.9.6
bughz:0.9.5
bughz:0.9.4
bughz:0.9.3
bughz:0.9.2
bughz:0.9.1
bughz:0.9.0
bughz:0.9.0-rc
bughz:0.8.13
bughz:0.8.12
bughz:0.8.11
bughz:0.8.10
bughz:0.8.9
bughz:3proxy-0.8.8
bughz:0.8.8
bughz:3proxy-0.8.7
bughz:3proxy-0.8.6
bughz:3proxy-0.8.5
bughz:3proxy-0.8.4
bughz:3proxy-0.8.3
bughz:3proxy-0.8.2
bughz:3proxy-0.7.1.4
bughz:3proxy-0.8.1
bughz:3proxy-0.8.0
bughz:3proxy-0.8-pre
bughz:3proxy-0.7.1.3
bughz:3proxy-0.7.1.2
bughz:v0.7.1.2
bughz:v0.7.1.1
bughz:v0.7.1
bughz:v0.7
..
compare: bughz:e9848b6622e1226286e3b0398fa8aebd30069bef
Branches Tags
bughz:master
bughz:test-ci
bughz:0.8
bughz:0.7
bughz:0.9.6
bughz:0.9.5
bughz:0.9.4
bughz:0.9.3
bughz:0.9.2
bughz:0.9.1
bughz:0.9.0
bughz:0.9.0-rc
bughz:0.8.13
bughz:0.8.12
bughz:0.8.11
bughz:0.8.10
bughz:0.8.9
bughz:3proxy-0.8.8
bughz:0.8.8
bughz:3proxy-0.8.7
bughz:3proxy-0.8.6
bughz:3proxy-0.8.5
bughz:3proxy-0.8.4
bughz:3proxy-0.8.3
bughz:3proxy-0.8.2
bughz:3proxy-0.7.1.4
bughz:3proxy-0.8.1
bughz:3proxy-0.8.0
bughz:3proxy-0.8-pre
bughz:3proxy-0.7.1.3
bughz:3proxy-0.7.1.2
bughz:v0.7.1.2
bughz:v0.7.1.1
bughz:v0.7.1
bughz:v0.7

2 Commits
41c120c527 ... e9848b6622

Author SHA1 Message Date
Vladimir Dubrovin
e9848b6622 Fix blake2 for Watcom
Some checks failed
RPM/DEB build aarch64 / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Has been cancelled
Details
RPM/DEB build armhf / ${{ matrix.target }} (ubuntu-latest) (push) Has been cancelled
Details
RPM/DEB build x86-64 / ${{ matrix.target }} (ubuntu-latest) (push) Has been cancelled
Details
Build Win32 3proxy-lite with Watcom / ${{ matrix.target }} (windows-2022) (push) Has been cancelled
Details
Build Win32 3proxy with MSVC / ${{ matrix.target }} (windows-2022) (push) Has been cancelled
Details
Build Win64 3proxy with MSVC / ${{ matrix.target }} (windows-2022) (push) Has been cancelled
Details
Build Win-arm64 3proxy with MSVC / ${{ matrix.target }} (windows-2022) (push) Has been cancelled
Details
2026-04-24 17:43:33 +03:00
Vladimir Dubrovin
e419a21cf9 build windows release 2026-04-24 17:24:39 +03:00
147 changed files with 4792 additions and 6226 deletions
Show Stats Expand all files Collapse all files

4
.github/workflows/build-rpm-arm64.yml vendored
View File

@ -1,7 +1,9 @@
name: RPM/DEB build aarch64
on:
workflow_dispatch:
push:
branches: [ "master", "test-ci" ]
paths: [ 'RELEASE', '.github/workflows/build-rpm-arm64.yml' ]
jobs:
ci:

4
.github/workflows/build-rpm-armhf.yml vendored
View File

@ -1,7 +1,9 @@
name: RPM/DEB build armhf
on:
workflow_dispatch:
push:
branches: [ "master", "test-ci" ]
paths: [ 'RELEASE', '.github/workflows/build-rpm-armhf.yml' ]
jobs:
ci:

4
.github/workflows/build-rpm-x86-64.yml vendored
View File

@ -1,7 +1,9 @@
name: RPM/DEB build x86-64
on:
workflow_dispatch:
push:
branches: [ "master", "test-ci" ]
paths: [ 'RELEASE', '.github/workflows/build-rpm-x86-64.yml' ]
jobs:
ci:

8
.github/workflows/build-watcom.yml vendored
View File

@ -1,7 +1,9 @@
name: Build Win32 3proxy-lite with Watcom
on:
workflow_dispatch:
push:
branches: [ "master", "test-ci" ]
paths: [ 'RELEASE', '.github/workflows/build-watcom.yml' ]
jobs:
ci:
@ -43,7 +45,7 @@ jobs:
mkdir dist\3proxy\doc\ru
mkdir dist\3proxy\doc\html
mkdir dist\3proxy\doc\html\plugins
mkdir dist\3proxy\doc\html\man5
mkdir dist\3proxy\doc\html\man3
mkdir dist\3proxy\doc\html\man8
mkdir dist\3proxy\doc\devel
copy bin\3proxy.exe dist\3proxy\bin\
@ -55,7 +57,7 @@ jobs:
copy doc\html\*.* dist\3proxy\doc\html\
copy doc\html\plugins\*.* dist\3proxy\doc\html\plugins\
copy doc\html\man8\*.* dist\3proxy\doc\html\man8\
copy doc\html\man5\*.* dist\3proxy\doc\html\man5\
copy doc\html\man3\*.* dist\3proxy\doc\html\man3\
copy doc\devel\*.rtf dist\3proxy\doc\devel\
copy copying dist\3proxy\
copy authors dist\3proxy\

8
.github/workflows/build-win32.yml vendored
View File

@ -1,7 +1,9 @@
name: Build Win32 3proxy with MSVC
on:
workflow_dispatch:
push:
branches: [ "master", "test-ci" ]
paths: [ 'RELEASE', '.github/workflows/build-win32.yml' ]
jobs:
ci:
@ -49,7 +51,7 @@ jobs:
mkdir dist\3proxy\doc\ru
mkdir dist\3proxy\doc\html
mkdir dist\3proxy\doc\html\plugins
mkdir dist\3proxy\doc\html\man5
mkdir dist\3proxy\doc\html\man3
mkdir dist\3proxy\doc\html\man8
mkdir dist\3proxy\doc\devel
copy bin\3proxy.exe dist\3proxy\bin\
@ -61,7 +63,7 @@ jobs:
copy doc\html\*.* dist\3proxy\doc\html\
copy doc\html\plugins\*.* dist\3proxy\doc\html\plugins\
copy doc\html\man8\*.* dist\3proxy\doc\html\man8\
copy doc\html\man5\*.* dist\3proxy\doc\html\man5\
copy doc\html\man3\*.* dist\3proxy\doc\html\man3\
copy doc\devel\*.rtf dist\3proxy\doc\devel\
copy copying dist\3proxy\
copy authors dist\3proxy\

22
.github/workflows/build-win64.yml vendored
View File

@ -1,7 +1,9 @@
name: Build Win64 3proxy with MSVC
on:
workflow_dispatch:
push:
branches: [ "master", "test-ci" ]
paths: [ 'RELEASE', '.github/workflows/build-win64.yml' ]
jobs:
ci:
@ -28,6 +30,7 @@ jobs:
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v3
- name: make Windows MSVC
if: ${{ startsWith(matrix.target, 'windows') }}
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
@ -38,17 +41,6 @@ jobs:
echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
echo %NOW% / %RELEASE% / %BUILDDATE% / %VERSION%
nmake /F Makefile.msvc
- name: Decode Certificate
shell: pwsh
run: |
$pfx_cert_byte = [System.Convert]::FromBase64String("${{ secrets.WINDOWS_CERTIFICATE }}")
[System.IO.File]::WriteAllBytes("${{ github.workspace }}\cert.pfx", $pfx_cert_byte)
- name: Sign
shell: pwsh
run: |
$signtool = (Get-ChildItem "C:\Program Files (x86)\Windows Kits\10\bin\*\x64\signtool.exe" | Sort-Object { [version]$_.Directory.Parent.Name } -Descending | Select-Object -First 1).FullName
& $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy.exe"
& $signtool sign /f "${{ github.workspace }}\cert.pfx" /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "bin\3proxy_crypt.exe"
- name: make dist dir
shell: cmd
run: |
@ -61,19 +53,19 @@ jobs:
mkdir dist\3proxy\doc\ru
mkdir dist\3proxy\doc\html
mkdir dist\3proxy\doc\html\plugins
mkdir dist\3proxy\doc\html\man5
mkdir dist\3proxy\doc\html\man3
mkdir dist\3proxy\doc\html\man8
mkdir dist\3proxy\doc\devel
copy bin\3proxy.exe dist\3proxy\bin64\
copy bin\*.dll dist\3proxy\bin64\
copy bin\3proxy_crypt.exe dist\3proxy\bin64\
copy bin\mycrypt.exe dist\3proxy\bin64\
copy cfg\*.* dist\3proxy\cfg\
copy cfg\sql\*.* dist\3proxy\cfg\sql\
copy doc\ru\*.* dist\3proxy\doc\ru\
copy doc\html\*.* dist\3proxy\doc\html\
copy doc\html\plugins\*.* dist\3proxy\doc\html\plugins\
copy doc\html\man8\*.* dist\3proxy\doc\html\man8\
copy doc\html\man5\*.* dist\3proxy\doc\html\man5\
copy doc\html\man3\*.* dist\3proxy\doc\html\man3\
copy doc\devel\*.rtf dist\3proxy\doc\devel\
copy copying dist\3proxy\
copy authors dist\3proxy\

8
.github/workflows/build-winarm64.yml vendored
View File

@ -1,7 +1,9 @@
name: Build Win-arm64 3proxy with MSVC
on:
workflow_dispatch:
push:
branches: [ "master", "test-ci" ]
paths: [ 'RELEASE', '.github/workflows/build-winarm64.yml' ]
jobs:
ci:
@ -49,7 +51,7 @@ jobs:
mkdir dist\3proxy\doc\ru
mkdir dist\3proxy\doc\html
mkdir dist\3proxy\doc\html\plugins
mkdir dist\3proxy\doc\html\man5
mkdir dist\3proxy\doc\html\man3
mkdir dist\3proxy\doc\html\man8
mkdir dist\3proxy\doc\devel
copy bin\3proxy.exe dist\3proxy\bin64\
@ -61,7 +63,7 @@ jobs:
copy doc\html\*.* dist\3proxy\doc\html\
copy doc\html\plugins\*.* dist\3proxy\doc\html\plugins\
copy doc\html\man8\*.* dist\3proxy\doc\html\man8\
copy doc\html\man5\*.* dist\3proxy\doc\html\man5\
copy doc\html\man3\*.* dist\3proxy\doc\html\man3\
copy doc\devel\*.rtf dist\3proxy\doc\devel\
copy copying dist\3proxy\
copy authors dist\3proxy\

1
.github/workflows/c-cpp-Linux.yml vendored
View File

@ -7,7 +7,6 @@ on:
pull_request:
branches: [ "master" ]
paths: [ '**.c', '**.h', 'Makefile.Linux', '.github/configs', '.github/workflows/c-cpp-Linux.yml' ]
workflow_dispatch:
jobs:
ci:

1
.github/workflows/c-cpp-MacOS.yml vendored
View File

@ -7,7 +7,6 @@ on:
pull_request:
branches: [ "master" ]
paths: [ '**.c', '**.h', 'Makefile.FreeBSD', '.github/configs', '.github/workflows/c-cpp-MacOS.yml' ]
workflow_dispatch:
jobs:
ci:

1
.github/workflows/c-cpp-Windows.yml vendored
View File

@ -7,7 +7,6 @@ on:
pull_request:
branches: [ "master" ]
paths: [ '**.c', '**.h', 'Makefile.msvc', '.github/configs', '.github/workflows/c-cpp-Windows.yml' ]
workflow_dispatch:
jobs:
ci:

1
.github/workflows/c-cpp-cmake.yml vendored
View File

@ -7,7 +7,6 @@ on:
pull_request:
branches: [ "master" ]
paths: [ '**.c', '**.h', '**.cmake', 'CMakeLists.txt', '.github/configs', '.github/workflows/c-cpp-cmake.yml' ]
workflow_dispatch:
jobs:
ci:

9
.gitignore vendored
View File

@ -259,12 +259,3 @@ pip-log.txt
.mr.developer.cfg
CLAUDE.md
bin/3proxy_crypt
bin/3proxy_ftppr
bin/3proxy_pop3p
bin/3proxy_proxy
bin/3proxy_smtpp
bin/3proxy_socks
bin/3proxy_tcppm
bin/3proxy_tlspr
bin/3proxy_udppm
build*/*

11
CHANGELOG
View File

@ -1,11 +0,0 @@
3proxy-0.9.6 Released April, 11 2026
+ ssl_client and multiple configuration options added to SSLPlugin, SSLPlugin code significantly improved and bugfixed. See https://github.com/3proxy/3proxy/wiki/SSLPlugin. 3proxy can now be used as stunnel replacement for many scenarios.
+ HAProxy proxy protocol v1 support as client and server, add -H option for service to expect HA proxy v1 protocol header, use ha parent type: parent 1000 ha 0.0.0.0 0 to send v1 header.
+ tlspr is supported in auto
+ tlspr supports -s option, it breaks HELLO packet to prevent some DPIs from detecting SNI
+ maxseg configuration option and TCP_MAXSEG socket flag support added. It sets maximum size of TCP segment to fix PathMTU discovery problems
+ -Ne / -Ni options added to specify external / internal NAT address for SOCKSv5
+ cmake environment added
! External pcre2 (pcre2-8) library is used for PCRE, pcre code is removed from 3proxy
! Multiple minor bugfixes

11
CHANGELOG.rus
View File

@ -1,11 +0,0 @@
3proxy-0.9.6 Вышел 11 Апреля 2026
+ В SSLPlugin добавлены ssl_client и множество опций конфигурации, код SSLPlugin значительно улучшен и исправлен. См. https://github.com/3proxy/3proxy/wiki/SSLPlugin. 3proxy теперь может использоваться как замена stunnel во многих сценариях.
+ Поддержка прокси-протокола HAProxy v1 на стороне клиента и сервера. Добавлена опция -H для сервиса, чтобы ожидать заголовок прокси-протокола HA v1. Используйте тип родителя ha: parent 1000 ha 0.0.0.0 0 для отправки заголовка v1.
+ tlspr поддерживается в режиме auto
+ tlspr поддерживает опцию -s, которая разбивает HELLO-пакет для предотвращения обнаружения SNI некоторыми DPI
+ Добавлена опция конфигурации maxseg и поддержка флага сокета TCP_MAXSEG. Устанавливает максимальный размер TCP-сегмента для решения проблем с обнаружением PathMTU
+ Добавлены опции -Ne / -Ni для указания внешнего/внутреннего NAT-адреса для SOCKSv5
+ Добавлено окружение cmake
! Внешняя библиотека pcre2 (pcre2-8) используется для PCRE, код pcre удалён из 3proxy
! Множество мелких исправлений ошибок

274
CMakeLists.txt
View File

@ -46,8 +46,8 @@ endif()
# Options
option(3PROXY_BUILD_SHARED "Build shared libraries for plugins" ON)
option(3PROXY_USE_OPENSSL "Enable TLS/SSL support (requires OpenSSL)" ON)
option(3PROXY_USE_PCRE2 "Enable PCRE2 regex filtering" ON)
option(3PROXY_USE_OPENSSL "Enable OpenSSL/SSLPlugin" ON)
option(3PROXY_USE_PCRE2 "Enable PCRE2/PCREPlugin" ON)
option(3PROXY_USE_PAM "Enable PAM/PamAuth" ON)
option(3PROXY_USE_ODBC "Enable ODBC support (Unix only, always ON on Windows)" OFF)
option(3PROXY_USE_SPLICE "Use Linux splice() for zero-copy (Linux only)" ON)
@ -56,31 +56,6 @@ option(3PROXY_USE_WSAPOLL "Use WSAPoll instead of select() (Windows only)" ON)
option(3PROXY_USE_NETFILTER "Enable Linux netfilter support (Linux only)" ON)
option(3PROXY_USE_UNIX_SOCKETS "Enable Unix domain socket support (Unix only)" ON)
if(NOT WIN32 AND NOT APPLE)
option(3PROXY_STATIC_LINK "Statically link libraries using -Wl,-Bstatic (Linux/Unix only)" OFF)
endif()
# Binary name prefix for standalone modules and crypt (default: 3proxy_)
# For crypt: if prefix is empty, "my" is used instead ( mycrypt)
set(3PROXY_BINARY_PREFIX "3proxy_" CACHE STRING "Prefix for standalone module and crypt binary names")
# Standalone module build options (OFF by default)
option(3PROXY_BUILD_ALL "Build all standalone binaries" OFF)
option(3PROXY_BUILD_PROXY "Build standalone proxy binary" OFF)
option(3PROXY_BUILD_SOCKS "Build standalone socks binary" OFF)
option(3PROXY_BUILD_POP3P "Build standalone pop3p binary" OFF)
option(3PROXY_BUILD_SMTPP "Build standalone smtpp binary" OFF)
option(3PROXY_BUILD_FTPPR "Build standalone ftppr binary" OFF)
option(3PROXY_BUILD_TCPPM "Build standalone tcppm binary" OFF)
option(3PROXY_BUILD_UDPPM "Build standalone udppm binary" OFF)
option(3PROXY_BUILD_TLSPR "Build standalone tlspr binary" OFF)
if(3PROXY_BUILD_ALL)
foreach(_M PROXY SOCKS POP3P SMTPP FTPPR TCPPM UDPPM TLSPR)
set(3PROXY_BUILD_${_M} ON)
endforeach()
endif()
# Output directory
set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
@ -109,6 +84,7 @@ if(WIN32)
# MSVC-specific settings
add_compile_definitions(
MSVC
WITH_SSL
)
# Use static runtime library
set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
@ -126,6 +102,7 @@ if(WIN32)
# clang-cl (Clang with MSVC frontend)
add_compile_definitions(
MSVC
WITH_SSL
)
set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
add_compile_options(
@ -256,14 +233,14 @@ endif()
# OpenSSL
set(OPENSSL_FOUND FALSE)
if(3PROXY_USE_OPENSSL)
find_package(OpenSSL REQUIRED)
find_package(OpenSSL QUIET)
if(OpenSSL_FOUND)
set(OPENSSL_FOUND TRUE)
add_compile_definitions(WITH_SSL)
message(STATUS "OpenSSL found: ${OPENSSL_VERSION}")
else()
message(STATUS "OpenSSL not found, SSLPlugin will not be built")
endif()
else()
message(STATUS "OpenSSL disabled by user request")
endif()
# PCRE2
@ -271,10 +248,9 @@ set(PCRE2_FOUND FALSE)
if(3PROXY_USE_PCRE2)
find_package(PCRE2 QUIET)
if(PCRE2_FOUND)
add_compile_definitions(WITH_PCRE)
message(STATUS "PCRE2 found: ${PCRE2_VERSION}")
else()
message(STATUS "PCRE2 not found, PCRE support will not be built")
message(STATUS "PCRE2 not found, PCREPlugin will not be built")
endif()
endif()
@ -300,26 +276,17 @@ if(WIN32 OR 3PROXY_USE_ODBC)
endif()
endif()
# Define WITH_ODBC when ODBC is available
if(ODBC_FOUND)
add_compile_definitions(WITH_ODBC)
endif()
# Set NORADIUS if OpenSSL is not available (RADIUS requires MD5 from OpenSSL)
if(NOT OPENSSL_FOUND)
add_compile_definitions(NORADIUS)
# Set NOODBC if ODBC is not found
if(NOT ODBC_FOUND)
add_compile_definitions(NOODBC)
endif()
# Source files for 3proxy core
set(3PROXY_CORE_SOURCES
src/3proxy.c
src/auth.c
src/acl.c
src/limiter.c
src/redirect.c
src/authradius.c
src/hash.c
src/hashtables.c
src/resolve.c
src/sql.c
src/conf.c
@ -328,8 +295,10 @@ set(3PROXY_CORE_SOURCES
src/stringtable.c
)
# BLAKE2 source for 3proxy_crypt
# MD4/MD5/BLAKE2 sources for 3proxy_crypt
set(MD_SOURCES
src/libs/md4.c
src/libs/md5.c
src/libs/blake2b-ref.c
)
@ -355,7 +324,7 @@ target_include_directories(base64_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
# These are used by the main 3proxy executable
# ============================================================================
# Server modules object library (without WITHMAIN, without UDP)
# Server modules object library (without WITHMAIN)
add_library(srv_modules OBJECT
src/proxy.c
src/pop3p.c
@ -366,21 +335,13 @@ add_library(srv_modules OBJECT
src/auto.c
src/socks.c
src/webadmin.c
src/udppm.c
src/dnspr.c
)
target_include_directories(srv_modules PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}/src
)
# UDP port mapper server module (without WITHMAIN)
add_library(srvudppm_obj OBJECT src/udppm.c)
target_include_directories(srvudppm_obj PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}/src
)
# UDP socket relay (used by 3proxy, socks, udppm)
add_library(udpsockmap_obj OBJECT src/udpsockmap.c)
target_include_directories(udpsockmap_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
# mainfunc object (proxymain.c compiled with MODULEMAINFUNC=mainfunc for 3proxy)
add_library(mainfunc OBJECT src/proxymain.c)
@ -394,9 +355,6 @@ target_include_directories(ftp_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
# 3proxy_crypt object for 3proxy (without WITHMAIN)
add_library(3proxy_crypt_obj OBJECT src/3proxy_crypt.c)
target_include_directories(3proxy_crypt_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
if(OpenSSL_FOUND)
target_include_directories(3proxy_crypt_obj PRIVATE ${OPENSSL_INCLUDE_DIR})
endif()
# ============================================================================
# Main 3proxy executable
@ -405,35 +363,19 @@ endif()
add_executable(3proxy
${3PROXY_CORE_SOURCES}
${MD_SOURCES}
$<TARGET_OBJECTS:srv_modules>
$<TARGET_OBJECTS:srvudppm_obj>
$<TARGET_OBJECTS:mainfunc>
$<TARGET_OBJECTS:common_obj>
$<TARGET_OBJECTS:udpsockmap_obj>
$<TARGET_OBJECTS:base64_obj>
$<TARGET_OBJECTS:ftp_obj>
$<TARGET_OBJECTS:3proxy_crypt_obj>
)
target_sources(3proxy PRIVATE ${MD_SOURCES})
if(OpenSSL_FOUND)
target_sources(3proxy PRIVATE src/ssllib.c src/ssl.c)
endif()
if(PCRE2_FOUND)
target_sources(3proxy PRIVATE src/pcre.c)
endif()
target_include_directories(3proxy PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}/src
${CMAKE_CURRENT_SOURCE_DIR}/src/libs
)
if(OpenSSL_FOUND)
target_include_directories(3proxy PRIVATE ${OPENSSL_INCLUDE_DIR})
endif()
if(PCRE2_FOUND)
target_include_directories(3proxy PRIVATE ${PCRE2_INCLUDE_DIRS})
endif()
target_link_libraries(3proxy PRIVATE Threads::Threads)
@ -445,123 +387,36 @@ if(ODBC_FOUND)
endif()
endif()
# OpenSSL linking
if(OpenSSL_FOUND)
if(3PROXY_STATIC_LINK)
# Will be linked statically below (if static libraries are found)
else()
target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
endif()
endif()
# PCRE2 linking
if(PCRE2_FOUND)
if(3PROXY_STATIC_LINK)
# Will be linked statically below (if static libraries are found)
elseif(TARGET PCRE2::PCRE2)
target_link_libraries(3proxy PRIVATE PCRE2::PCRE2)
else()
target_link_libraries(3proxy PRIVATE ${PCRE2_LIBRARIES})
endif()
endif()
# Static linking of OpenSSL and PCRE2 (when option is enabled)
if(3PROXY_STATIC_LINK AND (OpenSSL_FOUND OR PCRE2_FOUND))
set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
set(_static_libs "")
if(OpenSSL_FOUND)
find_library(_ssl_static_lib ssl)
find_library(_crypto_static_lib crypto)
if(_ssl_static_lib AND _crypto_static_lib)
list(APPEND _static_libs ${_ssl_static_lib} ${_crypto_static_lib})
endif()
endif()
if(PCRE2_FOUND)
find_library(_pcre2_static_lib NAMES pcre2-8)
if(_pcre2_static_lib)
list(APPEND _static_libs ${_pcre2_static_lib})
endif()
endif()
set(CMAKE_FIND_LIBRARY_SUFFIXES ${_saved_cmake_find_library_suffixes})
if(_static_libs)
target_link_libraries(3proxy PRIVATE -Wl,-Bstatic ${_static_libs} -Wl,-Bdynamic)
message(STATUS "Static linking enabled for OpenSSL/PCRE2")
else()
message(WARNING "3PROXY_STATIC_LINK is ON but static libraries not found, falling back to dynamic")
if(OpenSSL_FOUND)
target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
endif()
if(PCRE2_FOUND)
if(TARGET PCRE2::PCRE2)
target_link_libraries(3proxy PRIVATE PCRE2::PCRE2)
else()
target_link_libraries(3proxy PRIVATE ${PCRE2_LIBRARIES})
endif()
endif()
endif()
endif()
if(WIN32)
target_link_libraries(3proxy PRIVATE ${WINDOWS_LIBS})
if(OpenSSL_FOUND)
target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
endif()
if(COMPILER_IS_MSVC AND EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/3proxy.rc)
target_sources(3proxy PRIVATE 3proxy.rc)
endif()
elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
target_link_libraries(3proxy PRIVATE dl)
if(OpenSSL_FOUND)
target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
endif()
endif()
# Build 3proxy_crypt utility
add_executable(3proxy_crypt
src/3proxy_crypt.c
${MD_SOURCES}
$<TARGET_OBJECTS:base64_obj>
)
target_sources(3proxy_crypt PRIVATE ${MD_SOURCES})
target_compile_definitions(3proxy_crypt PRIVATE WITHMAIN)
target_include_directories(3proxy_crypt PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}/src
${CMAKE_CURRENT_SOURCE_DIR}/src/libs
)
if(OpenSSL_FOUND)
target_include_directories(3proxy_crypt PRIVATE ${OPENSSL_INCLUDE_DIR})
endif()
target_link_libraries(3proxy_crypt PRIVATE Threads::Threads)
if(OpenSSL_FOUND)
if(3PROXY_STATIC_LINK)
set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
find_library(_ssl_static_lib ssl)
find_library(_crypto_static_lib crypto)
set(CMAKE_FIND_LIBRARY_SUFFIXES ${_saved_cmake_find_library_suffixes})
if(_ssl_static_lib AND _crypto_static_lib)
target_link_libraries(3proxy_crypt PRIVATE -Wl,-Bstatic ${_ssl_static_lib} ${_crypto_static_lib} -Wl,-Bdynamic)
message(STATUS "3proxy_crypt: static OpenSSL")
else()
message(WARNING "3PROXY_STATIC_LINK is ON but static OpenSSL not found, using dynamic")
target_link_libraries(3proxy_crypt PRIVATE OpenSSL::SSL OpenSSL::Crypto)
endif()
else()
target_link_libraries(3proxy_crypt PRIVATE OpenSSL::SSL OpenSSL::Crypto)
endif()
endif()
if("${3PROXY_BINARY_PREFIX}" STREQUAL "")
set_target_properties(3proxy_crypt PROPERTIES OUTPUT_NAME "mycrypt")
else()
set_target_properties(3proxy_crypt PROPERTIES OUTPUT_NAME "${3PROXY_BINARY_PREFIX}crypt")
endif()
# Build standalone proxy executables
foreach(PROXY_NAME proxy socks pop3p smtpp ftppr tcppm udppm tlspr)
string(TOUPPER "${PROXY_NAME}" _MODULE_OPT)
if(NOT 3PROXY_BUILD_${_MODULE_OPT})
continue()
endif()
if(PROXY_NAME STREQUAL "ftppr" OR PROXY_NAME STREQUAL "proxy")
# ftppr and proxy use ftp_obj
add_executable(${PROXY_NAME}
@ -576,10 +431,6 @@ foreach(PROXY_NAME proxy socks pop3p smtpp ftppr tcppm udppm tlspr)
)
endif()
set_target_properties(${PROXY_NAME} PROPERTIES
OUTPUT_NAME "${3PROXY_BINARY_PREFIX}${PROXY_NAME}"
)
target_include_directories(${PROXY_NAME} PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}/src
)
@ -589,10 +440,6 @@ foreach(PROXY_NAME proxy socks pop3p smtpp ftppr tcppm udppm tlspr)
NOPORTMAP
)
if(NOT PROXY_NAME STREQUAL "udppm")
target_compile_definitions(${PROXY_NAME} PRIVATE NOUDPMAIN)
endif()
target_link_libraries(${PROXY_NAME} PRIVATE Threads::Threads)
if(PROXY_NAME STREQUAL "proxy")
@ -610,14 +457,6 @@ foreach(PROXY_NAME proxy socks pop3p smtpp ftppr tcppm udppm tlspr)
if(PROXY_NAME STREQUAL "proxy" OR PROXY_NAME STREQUAL "smtpp")
target_sources(${PROXY_NAME} PRIVATE $<TARGET_OBJECTS:base64_obj>)
endif()
if(PROXY_NAME STREQUAL "udppm")
target_sources(${PROXY_NAME} PRIVATE src/hash.c)
endif()
if(PROXY_NAME STREQUAL "socks" OR PROXY_NAME STREQUAL "udppm")
target_sources(${PROXY_NAME} PRIVATE src/udpsockmap.c)
endif()
endforeach()
# Plugin output directory
@ -636,30 +475,35 @@ foreach(PLUGIN ${DEFAULT_PLUGINS})
add_subdirectory(src/plugins/${PLUGIN})
endforeach()
if(OPENSSL_FOUND)
add_subdirectory(src/plugins/SSLPlugin)
endif()
if(PCRE2_FOUND)
add_subdirectory(src/plugins/PCREPlugin)
endif()
if(PAM_FOUND)
add_subdirectory(src/plugins/PamAuth)
endif()
# Build full list of plugins to be built
set(ALL_PLUGINS ${DEFAULT_PLUGINS})
if(OPENSSL_FOUND)
list(APPEND ALL_PLUGINS SSLPlugin)
endif()
if(PCRE2_FOUND)
list(APPEND ALL_PLUGINS PCREPlugin)
endif()
if(PAM_FOUND)
list(APPEND ALL_PLUGINS PamAuth)
endif()
# Installation rules
install(TARGETS 3proxy 3proxy_crypt
install(TARGETS 3proxy 3proxy_crypt proxy socks pop3p smtpp ftppr tcppm udppm tlspr
RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
)
foreach(PROXY_NAME proxy socks pop3p smtpp ftppr tcppm udppm tlspr)
string(TOUPPER "${PROXY_NAME}" _MODULE_OPT)
if(3PROXY_BUILD_${_MODULE_OPT})
install(TARGETS ${PROXY_NAME}
RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
)
endif()
endforeach()
# Install plugins
file(GLOB PLUGINFILES "${PLUGIN_OUTPUT_DIR}/*${PLUGIN_SUFFIX}")
if(WIN32)
@ -793,32 +637,10 @@ endif()
# Install man pages
if(NOT WIN32)
# Config man page (section 5) no prefix
file(GLOB MAN5_FILES "${CMAKE_CURRENT_SOURCE_DIR}/man/*.5")
install(FILES ${MAN5_FILES} DESTINATION ${CMAKE_INSTALL_MANDIR}/man5)
# Main 3proxy man page no prefix
install(FILES "${CMAKE_CURRENT_SOURCE_DIR}/man/3proxy.8"
DESTINATION ${CMAKE_INSTALL_MANDIR}/man8
)
# 3proxy_crypt man page no prefix (already has 3proxy_)
if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/man/3proxy_crypt.8")
install(FILES "${CMAKE_CURRENT_SOURCE_DIR}/man/3proxy_crypt.8"
DESTINATION ${CMAKE_INSTALL_MANDIR}/man8
)
endif()
# Module man pages installed with binary prefix only if module is built
foreach(_MAN proxy socks pop3p smtpp ftppr tcppm udppm tlspr)
string(TOUPPER "${_MAN}" _MODULE_OPT)
if(3PROXY_BUILD_${_MODULE_OPT})
set(_MAN_SRC "${CMAKE_CURRENT_SOURCE_DIR}/man/${_MAN}.8")
if(EXISTS "${_MAN_SRC}")
install(FILES "${_MAN_SRC}"
DESTINATION ${CMAKE_INSTALL_MANDIR}/man8
RENAME "${3PROXY_BINARY_PREFIX}${_MAN}.8"
)
endif()
endif()
endforeach()
file(GLOB MAN3_FILES "${CMAKE_CURRENT_SOURCE_DIR}/man/*.3")
file(GLOB MAN8_FILES "${CMAKE_CURRENT_SOURCE_DIR}/man/*.8")
install(FILES ${MAN3_FILES} DESTINATION ${CMAKE_INSTALL_MANDIR}/man3)
install(FILES ${MAN8_FILES} DESTINATION ${CMAKE_INSTALL_MANDIR}/man8)
endif()
# Summary
@ -840,9 +662,6 @@ if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
message(STATUS " USE_SPLICE: ${3PROXY_USE_SPLICE}")
message(STATUS " USE_NETFILTER: ${3PROXY_USE_NETFILTER}")
endif()
if(NOT WIN32 AND NOT APPLE)
message(STATUS " STATIC_LINK: ${3PROXY_STATIC_LINK}")
endif()
if(WIN32)
message(STATUS " USE_WSAPOLL: ${3PROXY_USE_WSAPOLL}")
endif()
@ -855,10 +674,3 @@ message(STATUS " ODBC: ${ODBC_FOUND}")
message(STATUS "")
message(STATUS " Plugins to build: ${ALL_PLUGINS}")
message(STATUS "")
message(STATUS " Standalone modules:")
message(STATUS " Binary prefix: \"${3PROXY_BINARY_PREFIX}\"")
foreach(_M proxy socks pop3p smtpp ftppr tcppm udppm tlspr)
string(TOUPPER "${_M}" _MO)
message(STATUS " BUILD_${_MO}: ${3PROXY_BUILD_${_MO}}")
endforeach()
message(STATUS "")

16
Dockerfile.busybox
View File

@ -13,7 +13,7 @@
# use "log" without pathname in config to log to stdout.
# plugins are located in /usr/local/3proxy/libexec (/libexec for chroot config)
# symlinked as /lib and /lib64 in both root and chroot configurations, so no need
# to specify full path to plugin.
# to specify full path to plugin. SSLPlugin is supported.
#
# Since 0.9.6 image is distroless, no reason to use chroot, chroot
# configuration is supported for compatibility only.
@ -23,7 +23,7 @@ FROM docker.io/gcc AS buildenv
COPY . 3proxy
RUN cd 3proxy &&\
apt --assume-yes update && apt --assume-yes install libssl-dev libpcre2-dev &&\
make -f Makefile.Linux LIBSTATIC=true PAM_CHECK=false &&\
make -f Makefile.Linux &&\
strip bin/3proxy &&\
strip bin/*so &&\
mkdir /dist &&\
@ -41,10 +41,14 @@ RUN cd 3proxy &&\
RUN cd /dist &&\
ln -s /lib lib64 &&\
ln -s /lib usr/lib &&\
ln -s /lib usr/lib64
RUN cp /lib/ld-*.so.* /dist/usr/local/3proxy/libexec || true
RUN cp /lib64/ld-*.so.* /dist/usr/local/3proxy/libexec || true
RUN cp "/lib/`gcc -dumpmachine`"/libdl.so.* /dist/usr/local/3proxy/libexec &&\
ln -s /lib usr/lib64 &&\
cp /lib64/ld-*.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libdl.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libcrypto.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libssl.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libpcre2-8.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libz.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libzstd.so.* /dist/usr/local/3proxy/libexec &&\
ls -lR /dist
FROM docker.io/busybox:glibc

18
Dockerfile.full
View File

@ -13,7 +13,7 @@
# use "log" without pathname in config to log to stdout.
# plugins are located in /usr/local/3proxy/libexec (/libexec for chroot config)
# symlinked as /lib and /lib64 in both root and chroot configurations, so no need
# to specify full path to plugin.
# to specify full path to plugin. SSLPlugin is supported.
#
# Since 0.9.6 image is distroless, no reason to use chroot, chroot
# configuration is supported for compatibility only.
@ -23,7 +23,7 @@ FROM docker.io/gcc AS buildenv
COPY . 3proxy
RUN cd 3proxy &&\
apt --assume-yes update && apt --assume-yes install libssl-dev libpcre2-dev &&\
make -f Makefile.Linux LIBSTATIC=true PAM_CHECK=false &&\
make -f Makefile.Linux &&\
strip bin/3proxy &&\
mkdir /dist &&\
mkdir /dist/etc &&\
@ -42,11 +42,15 @@ RUN cd /dist &&\
ln -s /usr/local/3proxy/libexec lib &&\
ln -s /usr/local/3proxy/libexec usr/lib &&\
ln -s /usr/local/3proxy/libexec usr/lib64 &&\
ln -s /usr/local/3proxy/libexec /dist/usr/local/3proxy/libexec/`gcc -dumpmachine`
RUN cp /lib/ld-*.so.* /dist/usr/local/3proxy/libexec || true
RUN cp /lib64/ld-*.so.* /dist/usr/local/3proxy/libexec || true
RUN cp "/lib/`gcc -dumpmachine`"/libc.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libdl.so.* /dist/usr/local/3proxy/libexec
ln -s /usr/local/3proxy/libexec /dist/usr/local/3proxy/libexec/`gcc -dumpmachine` &&\
cp /lib64/ld-*.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libc.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libdl.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libcrypto.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libssl.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libpcre2-8.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libz.so.* /dist/usr/local/3proxy/libexec &&\
cp "/lib/`gcc -dumpmachine`"/libzstd.so.* /dist/usr/local/3proxy/libexec
RUN cd /dist/usr/local/3proxy/ &&\
ln -s libexec lib &&\
ln -s libexec lib64 &&\

6
Dockerfile.minimal
View File

@ -6,7 +6,7 @@
# This is busybox based docker with only 3proxy static executable.
#
# Limitations for minimal version:
# no support for plugins and system resolver.
# no support for plugins, IPv6, RADIUS, system resolver.
# 'nserver' or 'fakeresolve' are mandatory in configuration.
#
# Build:
@ -28,7 +28,9 @@
FROM docker.io/gcc AS buildenv
COPY . 3proxy
RUN cd 3proxy &&\
make -f Makefile.Linux STATIC=true &&\
export "LDFLAGS=-static" &&\
export "CFLAGS=-DNOPLUGINS -DNORADIUS -DNOIPV6 -DNOODBC -DNOCRYPT -DNOSTDRESOLVE" &&\
make -f Makefile.Linux PLUGINS= LIBS= &&\
strip bin/3proxy
FROM scratch

53
Makefile.FreeBSD
View File

@ -1,20 +1,15 @@
#
# 3 proxy Makefile for GCC/Unix
#
# add -DWITH_ODBC to CFLAGS and -lodbc to LDFLAGS to compile with ODBC
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR = ../bin/
PREFIX ?= 3proxy_
CRYPT_PREFIX ?= $(PREFIX)
MANDIR ?= /usr/share/man
CC ?= cc
CFLAGS ?= -O3 -flto
CFLAGS += -c -fno-strict-aliasing -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_UN
CFLAGS := -c -fno-strict-aliasing -DNOODBC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_UN $(CFLAGS)
COUT = -o
LN ?= ${CC}
LDFLAGS ?= -O3 -flto
LDFLAGS += -pthread -fno-strict-aliasing
# -lpthreads may be reuiured on some platforms instead of -pthreads
# -ldl or -lld may be required for some platforms
@ -35,33 +30,16 @@ TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.FreeBSD
PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
ifeq ($(STATIC), true)
LDFLAGS += -static
CFLAGS += -DNOPLUGINS -DNOSTDRESOLVE -DNOCRYPT
ZLIB = -lz -lzstd
PLUGINS =
PAM_CHECK = false
endif
ifeq ($(LIBSTATIC), true)
STATIC_PREFIX = -Wl,-Bstatic
STATIC_SUFFIX = -Wl,-Bdynamic
ZLIB = -lz -lzstd
endif
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o -lcrypto -lssl 2>/dev/null && rm testssl testssl.o && echo true||echo false)
ifeq ($(OPENSSL_CHECK), true)
LIBS += $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX)
CFLAGS += -DWITH_SSL
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
else
ZLIB :=
LIBS += -l crypto -l ssl
PLUGINS += SSLPlugin
endif
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -lpcre2-8 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -lpcre2-8 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
ifeq ($(PCRE_CHECK), true)
CFLAGS += -DWITH_PCRE
PCRE_OBJS = pcre$(OBJSUFFICS)
PCRE_LIBS = $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX)
PLUGINS += PCREPlugin
endif
PAM_CHECK ?= $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpam.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testpam testpam.o -lpam 2>/dev/null && rm testpam testpam.o && echo true||echo false)
PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpam.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testpam testpam.o -lpam 2>/dev/null && rm testpam testpam.o && echo true||echo false)
ifeq ($(PAM_CHECK), true)
PLUGINS += PamAuth
endif
@ -71,25 +49,14 @@ include Makefile.inc
install: all
if [ ! -d "/usr/local/3proxy/bin" ]; then mkdir -p /usr/local/3proxy/bin/; fi
install bin/3proxy /usr/local/3proxy/bin/3proxy
install bin/$(CRYPT_PREFIX)crypt /usr/local/3proxy/bin/$(CRYPT_PREFIX)crypt
for f in proxy socks pop3p smtpp ftppr tcppm udppm tlspr; do \
if [ -f bin/$(PREFIX)$$f ]; then install bin/$(PREFIX)$$f /usr/local/3proxy/bin/$(PREFIX)$$f; fi; \
done
install bin/3proxy_crypt /usr/local/3proxy/bin/3proxy_crypt
install scripts/rc.d/3proxy /usr/local/etc/rc.d/3proxy
install scripts/add3proxyuser.sh /usr/local/3proxy/bin/
if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then echo /usr/local/3proxy/3proxy.cfg already exists; else install scripts/3proxy.cfg /usr/local/etc/3proxy/; fi
if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then /usr/local/3proxy/3proxy.cfg already exists ; else install scripts/3proxy.cfg /usr/local/etc/3proxy/; fi
if [ ! -d /var/log/3proxy/ ]; then mkdir /var/log/3proxy/; fi
touch /usr/local/3proxy/passwd
touch /usr/local/3proxy/counters
touch /usr/local/3proxy/bandlimiters
install -d $(MANDIR)/man8
install -m 644 man/3proxy.8 $(MANDIR)/man8/3proxy.8
for f in proxy socks pop3p smtpp ftppr tcppm udppm tlspr; do \
if [ -f man/$$f.8 ]; then install -m 644 man/$$f.8 $(MANDIR)/man8/$(PREFIX)$$f.8; fi; \
done
install -m 644 man/3proxy_crypt.8 $(MANDIR)/man8
install -d $(MANDIR)/man5
install -m 644 man/3proxy.cfg.5 $(MANDIR)/man5/3proxy.cfg.5
echo Run /usr/local/3proxy/bin/add3proxyuser.sh to add \'admin\' user
allplugins:

72
Makefile.Linux
View File

@ -1,21 +1,17 @@
#
# 3 proxy Makefile for GCC/Linux/Cygwin
#
# add -DWITH_ODBC to CFLAGS and -lodbc to LIBS to compile with ODBC
# remove -DNOODBC from CFLAGS and add -lodbc to LIBS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR = ../bin/
PREFIX ?= 3proxy_
CRYPT_PREFIX ?= $(PREFIX)
CC ?= gcc
CFLAGS ?= -O3 -flto -fPIC
CFLAGS += -fno-strict-aliasing -c -pthread -DWITHSPLICE -D_GNU_SOURCE -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER -D WITH_UN
CFLAGS := -g -fPIC -O2 -fno-strict-aliasing -c -pthread -DWITHSPLICE -D_GNU_SOURCE -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER -D WITH_UN $(CFLAGS)
COUT = -o
LN ?= ${CC}
DCFLAGS ?=
LDFLAGS ?= -O3 -flto -fPIC
LDFLAGS += -fno-strict-aliasing -pthread
LDFLAGS := -fPIC -O2 -fno-strict-aliasing -pthread $(LDFLAGS)
DLFLAGS ?= -shared
DLSUFFICS = .ld.so
# -lpthreads may be reuqired on some platforms instead of -pthreads
@ -34,38 +30,19 @@ MAKEFILE = Makefile.Linux
# PamAuth requires libpam, you may require pam-devel package to be installed
# SSLPlugin requires -lcrypto -lssl
#LIBS = -lcrypto -lssl -ldl
LIBS ?= -ldl
#PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
ifeq ($(STATIC), true)
LDFLAGS += -static
CFLAGS += -DNOPLUGINS -DNOSTDRESOLVE -DNOCRYPT
ZLIB = -lz -lzstd
PLUGINS =
PAM_CHECK = false
else
LIBS += -ldl
endif
ifeq ($(LIBSTATIC), true)
STATIC_PREFIX = -Wl,-Bstatic
STATIC_SUFFIX = -Wl,-Bdynamic
ZLIB = -lz -lzstd
endif
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o -lcrypto -lssl 2>/dev/null && rm testssl testssl.o && echo true||echo false)
ifeq ($(OPENSSL_CHECK), true)
LIBS += $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX)
CFLAGS += -DWITH_SSL
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
else
ZLIB :=
LIBS += -l crypto -l ssl
PLUGINS += SSLPlugin
endif
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -lpcre2-8 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
ifeq ($(PCRE_CHECK), true)
CFLAGS += -DWITH_PCRE
PCRE_OBJS = pcre$(OBJSUFFICS)
PCRE_LIBS = $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX)
PLUGINS += PCREPlugin
endif
PAM_CHECK ?= $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpam.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testpam testpam.o -lpam 2>/dev/null && rm testpam testpam.o && echo true||echo false)
PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpam.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testpam testpam.o -lpam 2>/dev/null && rm testpam testpam.o && echo true||echo false)
ifeq ($(PAM_CHECK), true)
PLUGINS += PamAuth
endif
@ -84,15 +61,14 @@ INSTALL = /usr/bin/install
INSTALL_BIN = $(INSTALL) -m 755
INSTALL_DATA = $(INSTALL) -m 644
INSTALL_OBJS = bin/3proxy \
bin/$(CRYPT_PREFIX)crypt \
bin/$(PREFIX)ftppr \
bin/$(PREFIX)pop3p \
bin/$(PREFIX)proxy \
bin/$(PREFIX)smtpp \
bin/$(PREFIX)socks \
bin/$(PREFIX)tcppm \
bin/$(PREFIX)tlspr \
bin/$(PREFIX)udppm
bin/ftppr \
bin/3proxy_crypt \
bin/pop3p \
bin/proxy \
bin/socks \
bin/tcppm \
bin/udppm \
bin/tlspr
INSTALL_CFG = scripts/3proxy.cfg.chroot
@ -106,7 +82,7 @@ INSTALL_SYSTEMD_SCRIPT = scripts/3proxy.service
CHROOTDIR = $(DESTDIR)$(chroot_prefix)/3proxy
CHROOTREL = ../..$(chroot_prefix)/3proxy
MANDIR5 = $(DESTDIR)$(man_prefix)/man/man5
MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3
MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8
BINDIR = $(DESTDIR)$(exec_prefix)/bin
ETCDIR = $(DESTDIR)/etc/3proxy
@ -149,14 +125,10 @@ install-etc: install-etc-dir install-etc-default-config
done;
install-man:
$(INSTALL_BIN) -d $(MANDIR5)
$(INSTALL_BIN) -d $(MANDIR3)
$(INSTALL_BIN) -d $(MANDIR8)
$(INSTALL_DATA) man/3proxy.cfg.5 $(MANDIR5)
$(INSTALL_DATA) man/3proxy.8 $(MANDIR8)
for f in proxy socks pop3p smtpp ftppr tcppm udppm tlspr; do \
if [ -f man/$$f.8 ]; then $(INSTALL_DATA) man/$$f.8 $(MANDIR8)/$(PREFIX)$$f.8; fi; \
done
$(INSTALL_DATA) man/3proxy_crypt.8 $(MANDIR8)
$(INSTALL_DATA) man/*.3 $(MANDIR3)
$(INSTALL_DATA) man/*.8 $(MANDIR8)
install-init:
$(INSTALL_BIN) -d $(INITDDIR)

21
Makefile.Solaris
View File

@ -2,12 +2,12 @@
# 3 proxy Makefile for Solaris/SunCC
#
#
# add -DWITH_ODBC to CFLAGS and -lodbc to LDFLAGS to compile with ODBC
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR = ../bin/
CC ?= cc
CFLAGS = -xO3 -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DFD_SETSIZE=4096 -DWITH_POLL
CC = cc
CFLAGS = -xO3 -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DFD_SETSIZE=4096 -DWITH_POLL
COUT = -o ./
LN = $(CC)
LDFLAGS = -xO3
@ -27,20 +27,7 @@ AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Mak
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.Solaris
PLUGINS = StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testssl testssl.o -lcrypto -lssl 2>/dev/null && rm testssl testssl.o && echo true||echo false)
ifeq ($(OPENSSL_CHECK), true)
LIBS += -l crypto -l ssl
CFLAGS += -DWITH_SSL
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
endif
PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
ifeq ($(PCRE_CHECK), true)
CFLAGS += -DWITH_PCRE
PCRE_OBJS = pcre$(OBJSUFFICS)
PCRE_LIBS = -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic
endif
PLUGINS = StringsPlugin TrafficPlugin
include Makefile.inc

36
Makefile.Solaris-gcc Normal file
View File

@ -0,0 +1,36 @@
#
# 3 proxy Makefile for Solaris/gcc
#
#
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR = ../bin/
CC = gcc
CFLAGS = -O2 -fno-strict-aliasing -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DFD_SETSIZE=4096 -DWITH_POLL
COUT = -o ./
LN = $(CC)
LDFLAGS = -O3
DCFLAGS = -fPIC
DLFLAGS = -shared
DLSUFFICS = .ld.so
LIBS = -lpthread -lsocket -lnsl -lresolv -ldl
LIBSPREFIX = -l
LIBSSUFFIX =
LNOUT = -o ./
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.Solaris-gcc
PLUGINS = StringsPlugin TrafficPlugin
include Makefile.inc
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done

2
Makefile.am Normal file
View File

@ -0,0 +1,2 @@
SUBDIRS = src man
EXTRA_DIST = doc cfg

24
Makefile.debug Normal file
View File

@ -0,0 +1,24 @@
#
# 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
#
BUILDDIR = ../bin/
CC = cl
CFLAGS = /FD /MDd /nologo /W3 /ZI /Wp64 /GS /Gs /RTCsu /EHs- /GA /GF /DEBUG /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /c
COUT = /Fo
LN = link
LDFLAGS = /nologo /subsystem:console /machine:I386 /DEBUG
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib
LNOUT = /out:
EXESUFFICS = .exe
OBJSUFFICS = .obj
DEFINEOPTION = /D
COMPFILES = *.pch *.idb
REMOVECOMMAND = del 2>NUL >NUL
TYPECOMMAND = type
COMPATLIBS =
MAKEFILE = Makefile.debug
include Makefile.inc
allplugins:

15
Makefile.msvc
View File

@ -2,35 +2,32 @@
# 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
#
#
# ODBC support is enabled by default on Windows (/D WITH_ODBC, odbc32.lib)
# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
BUILDDIR = ../bin/
CC = cl
VERSION = $(VERSION)
BUILDDATE = $(BUILDDATE)
CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "WITH_SSL" /D "WITH_PCRE" /D "WITH_ODBC" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(BUILDDATE) $(VERSION)
CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "WITH_SSL" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(BUILDDATE) $(VERSION)
COUT = /Fo
LN = link
LDFLAGS = /nologo /subsystem:console /incremental:no
DLFLAGS = /DLL
DLSUFFICS = .dll
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib libcrypto.lib libssl.lib pcre2-8.lib
LIBSPREFIX =
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib libcrypto.lib libssl.lib
LIBSPREFIX =
LIBSSUFFIX = .lib
LIBEXT = .lib
LIBEXT = .lib
LNOUT = /out:
EXESUFFICS = .exe
OBJSUFFICS = .obj
DEFINEOPTION = /D
DEFINEOPTION = /D
COMPFILES = *.pch *.idb
REMOVECOMMAND = del
TYPECOMMAND = type
COMPATLIBS =
MAKEFILE = Makefile.msvc
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin FilePlugin
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
PCRE_OBJS = pcre$(OBJSUFFICS)
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin FilePlugin SSLPlugin PCREPlugin
VERFILE = 3proxy.res $(VERFILE)
VERSIONDEP = 3proxy.res $(VERSIONDEP)
AFTERCLEAN = if exist src\*.res (del src\*.res) && if exist src\*.err (del src\*.err)

112
Makefile.openwrt-mips Normal file
View File

@ -0,0 +1,112 @@
#
# 3 proxy Makefile for GCC/Linux/Cygwin
#
#
# remove -DNOODBC from CFLAGS and add -lodbc to LIBS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR = ../bin/
CC = mips-openwrt-linux-gcc
CFLAGS ?= -g -O2 -fno-strict-aliasing -c -pthread -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER
COUT = -o
LN = $(CC)
DCFLAGS = -fPIC
LDFLAGS ?= -O2 -fno-strict-aliasing -pthread -s
DLFLAGS = -shared
DLSUFFICS = .ld.so
# -lpthreads may be reuqired on some platforms instead of -pthreads
LIBSPREFIX = -l
LIBSSUFFIX =
LNOUT = -o
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.openwrt-mips
# PamAuth requires libpam, you may require pam-devel package to be installed
# SSLPlugin requires -lcrypto -lssl
#LIBS = -lcrypto -lssl -ldl
LIBS ?= -ldl
#PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
ifeq ($(OPENSSL_CHECK), true)
LIBS += -l crypto -l ssl
PLUGINS += SSLPlugin
endif
PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
ifeq ($(PCRE_CHECK), true)
PLUGINS += PCREPlugin
endif
PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
ifeq ($(PAM_CHECK), true)
PLUGINS += PamAuth
endif
include Makefile.inc
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done
DESTDIR =
prefix = /usr/local
exec_prefix = $(prefix)
man_prefix = $(prefix)/share
INSTALL = /usr/bin/install
INSTALL_BIN = $(INSTALL) -m 755
INSTALL_DATA = $(INSTALL) -m 644
INSTALL_OBJS = src/3proxy \
src/ftppr \
src/3proxy_crypt \
src/pop3p \
src/proxy \
src/socks \
src/tcppm \
src/udppm
INSTALL_CFG_OBJS = scripts/3proxy.cfg \
scripts/add3proxyuser.sh
INSTALL_CFG_DEST = config
INSTALL_CFG_OBJS2 = passwd counters bandlimiters
MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3
MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8
BINDIR = $(DESTDIR)$(exec_prefix)/bin
ETCDIR = $(DESTDIR)$(prefix)/etc/3proxy
install-bin:
$(INSTALL_BIN) -d $(BINDIR)
$(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR)
install-etc-dir:
$(INSTALL_BIN) -d $(ETCDIR)
install-etc-default-config:
if [ -f $(ETCDIR)/$(INSTALL_CFG_DEST) ]; then \
: ; \
else \
$(INSTALL_DATA) $(INSTALL_CFG_OBJS) $(ETCDIR)/$(INSTALL_CFG_DEST) \
fi
install-etc: install-etc-dir
for file in $(INSTALL_CFG_OBJS2); \
do \
touch $(ETCDIR)/$$file; chmod 0600 $(ETCDIR)/$$file; \
done;
install-man:
$(INSTALL_BIN) -d $(MANDIR3)
$(INSTALL_BIN) -d $(MANDIR8)
$(INSTALL_DATA) man/*.3 $(MANDIR3)
$(INSTALL_DATA) man/*.8 $(MANDIR8)
install: install-bin install-etc install-man

73
Makefile.unix
View File

@ -2,22 +2,17 @@
# 3 proxy Makefile for GCC/Unix
#
#
# add -DWITH_ODBC to CFLAGS and -lodbc to LDFLAGS to compile with ODBC
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR = ../bin/
PREFIX ?= 3proxy_
CRYPT_PREFIX ?= $(PREFIX)
MANDIR ?= /usr/share/man
CC ?= gcc
# you may need -L/usr/pkg/lib for older NetBSD versions
CFLAGS ?= -O3 -flto
CFLAGS += -fno-strict-aliasing -c -pthread -D_THREAD_SAFE -D_REENTRANT -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_UN
CFLAGS := -g -O2 -fno-strict-aliasing -c -pthread -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_UN $(CFLAGS)
COUT = -o
LN ?= $(CC)
LDFLAGS ?= -O3 -flto
LDFLAGS += -pthread -fno-strict-aliasing
LDFLAGS ?= -O2 -fno-strict-aliasing -pthread
# -lpthreads may be reuqired on some platforms instead of -pthreads
# -ldl or -lld may be required for some platforms
DCFLAGS ?= -fPIC
@ -37,33 +32,16 @@ TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.unix
PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
ifeq ($(STATIC), true)
LDFLAGS += -static
CFLAGS += -DNOPLUGINS -DNOSTDRESOLVE -DNOCRYPT
ZLIB = -lz -lzstd
PLUGINS =
PAM_CHECK = false
endif
ifeq ($(LIBSTATIC), true)
STATIC_PREFIX = -Wl,-Bstatic
STATIC_SUFFIX = -Wl,-Bdynamic
ZLIB = -lz -lzstd
endif
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o -lcrypto -lssl 2>/dev/null && rm testssl testssl.o && echo true||echo false)
ifeq ($(OPENSSL_CHECK), true)
LIBS += $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX)
CFLAGS += -DWITH_SSL
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
else
ZLIB :=
LIBS += -l crypto -l ssl
PLUGINS += SSLPlugin
endif
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -lpcre2-8 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
ifeq ($(PCRE_CHECK), true)
CFLAGS += -DWITH_PCRE
PCRE_OBJS = pcre$(OBJSUFFICS)
PCRE_LIBS = $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX)
PLUGINS += PCREPlugin
endif
PAM_CHECK ?= $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpam.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testpam testpam.o -lpam 2>/dev/null && rm testpam testpam.o && echo true||echo false)
PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpam.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testpam testpam.o -lpam 2>/dev/null && rm testpam testpam.o && echo true||echo false)
ifeq ($(PAM_CHECK), true)
PLUGINS += PamAuth
endif
@ -71,28 +49,17 @@ endif
include Makefile.inc
install: all
if [ ! -d "/usr/local/3proxy/bin" ]; then mkdir -p /usr/local/3proxy/bin/; fi
install bin/3proxy /usr/local/3proxy/bin/3proxy
install bin/$(CRYPT_PREFIX)crypt /usr/local/3proxy/bin/$(CRYPT_PREFIX)crypt
for f in proxy socks pop3p smtpp ftppr tcppm udppm tlspr; do \
if [ -f bin/$(PREFIX)$$f ]; then install bin/$(PREFIX)$$f /usr/local/3proxy/bin/$(PREFIX)$$f; fi; \
done
install scripts/rc.d/3proxy /usr/local/etc/rc.d/3proxy
install scripts/add3proxyuser.sh /usr/local/3proxy/bin/
if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then echo /usr/local/3proxy/3proxy.cfg already exists; else install scripts/3proxy.cfg /usr/local/etc/3proxy/; fi
if [ ! -d /var/log/3proxy/ ]; then mkdir /var/log/3proxy/; fi
touch /usr/local/3proxy/passwd
touch /usr/local/3proxy/counters
touch /usr/local/3proxy/bandlimiters
install -d $(MANDIR)/man8
install -m 644 man/3proxy.8 $(MANDIR)/man8/3proxy.8
for f in proxy socks pop3p smtpp ftppr tcppm udppm tlspr; do \
if [ -f man/$$f.8 ]; then install -m 644 man/$$f.8 $(MANDIR)/man8/$(PREFIX)$$f.8; fi; \
done
install -m 644 man/3proxy_crypt.8 $(MANDIR)/man8
install -d $(MANDIR)/man5
install -m 644 man/3proxy.cfg.5 $(MANDIR)/man5/3proxy.cfg.5
echo Run /usr/local/3proxy/bin/add3proxyuser.sh to add \'admin\' user
if [ ! -d "/usr/local/3proxy/bin" ]; then mkdir -p /usr/local/3proxy/bin/; fi
install bin/3proxy /usr/local/3proxy/bin/3proxy
install bin/3proxy_crypt /usr/local/3proxy/bin/3proxy_crypt
install scripts/rc.d/3proxy /usr/local/etc/rc.d/3proxy
install scripts/add3proxyuser.sh /usr/local/3proxy/bin/
if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then /usr/local/3proxy/3proxy.cfg already exists ; else install scripts/3proxy.cfg /usr/local/etc/3proxy/; fi
if [ ! -d /var/log/3proxy/ ]; then mkdir /var/log/3proxy/; fi
touch /usr/local/3proxy/passwd
touch /usr/local/3proxy/counters
touch /usr/local/3proxy/bandlimiters
echo Run /usr/local/3proxy/bin/add3proxyuser.sh to add \'admin\' user
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done

3
Makefile.watcom
View File

@ -6,13 +6,14 @@
BUILDDIR = ../bin/
CC = cl
CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NORADIUS" /D"WATCOM" /D "MSVC" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRId64=\"I64d\"" /D "PRIu64=\"I64u\"" /D "SCNu64=\"I64u\"" /D "SCNx64=\"I64x\"" /D "SCNd64=\"I64d\"" /D "PRIx64=\"I64x\"" /c $(VERSION) $(BUILDDATE)
CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NOODBC" /D "NORADIUS" /D"WATCOM" /D "MSVC" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRId64=\"I64d\"" /D "PRIu64=\"I64u\"" /D "SCNu64=\"I64u\"" /D "SCNx64=\"I64x\"" /D "SCNd64=\"I64d\"" /D "PRIx64=\"I64x\"" /c $(VERSION) $(BUILDDATE)
COUT = /Fo
LN = link
LDFLAGS = /nologo /subsystem:console /incremental:no
DLFLAGS = /DLL
DLSUFFICS = .dll
LIBS = ws2_32.lib advapi32.lib user32.lib kernel32.lib
LIBSOLD = libeay32MT.lib ssleay32MT.lib
LIBSPREFIX =
LIBSSUFFIX = .lib
LIBEXT = .lib

18
Makefile.win
View File

@ -2,20 +2,19 @@
# 3 proxy Makefile for GCC/windows
#
#
# ODBC support is enabled by default on Windows (-DWITH_ODBC, -lodbc32)
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support
BUILDDIR = ../bin/
CC ?= gcc
CFLAGS ?= -O3 -flto
CFLAGS += -fno-strict-aliasing -c -mthreads -DWITH_WSAPOLL -DWITH_ODBC
CFLAGS := -O2 -s -c -mthreads -DWITH_WSAPOLL $(CFLAGS)
COUT = -o
LN ?= $(CC)
LDFLAGS ?= -O3 -flto
LDFLAGS += -fno-strict-aliasing -mthreads
LDFLAGS := -O2 -s -mthreads $(LDFLAGS)
DLFLAGS ?= -shared
DLSUFFICS = .dll
LIBS += -lws2_32 -lodbc32 -ladvapi32 -luser32 -lbcrypt
LIBS := -lws2_32 -lodbc32 -ladvapi32 -luser32 $(LIBS)
LIBSPREFIX = -l
LIBSSUFFIX =
LNOUT = -o
@ -38,8 +37,7 @@ ifndef OPENSSL_CHECK
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
ifeq ($(OPENSSL_CHECK), true)
LIBS += -l crypto -l ssl
CFLAGS += -DWITH_SSL
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
PLUGINS += SSLPlugin
endif
PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
ifeq ($(PAM_CHECK), true)
@ -47,9 +45,7 @@ ifeq ($(PAM_CHECK), true)
endif
PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n#include <pcre2.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -lpcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
ifeq ($(PCRE_CHECK), true)
CFLAGS += -DWITH_PCRE
PCRE_OBJS = pcre$(OBJSUFFICS)
PCRE_LIBS = -lpcre2-8
PLUGINS += PCREPlugin
endif
endif

2
README.md
View File

@ -1,6 +1,6 @@
# 3APA3A 3proxy tiny proxy server
(c) 2002-2026 by Vladimir '3APA3A' Dubrovin <vlad@3proxy.org>
(c) 2002-2025 by Vladimir '3APA3A' Dubrovin <3APA3A@security.nnov.ru>
## Branches

2
RELEASE
View File

@ -1 +1 @@
0.9.6
0.9.6.1

19
debian/3proxy.manpages vendored
View File

@ -1,11 +1,10 @@
man/3proxy.8
man/3proxy.cfg.5
man/3proxy_ftppr.8
man/3proxy_pop3p.8
man/3proxy_tlspr.8
man/3proxy_proxy.8
man/3proxy_smtpp.8
man/3proxy_socks.8
man/3proxy_tcppm.8
man/3proxy_udppm.8
man/3proxy_crypt.8
man/3proxy.cfg.3
man/ftppr.8
man/pop3p.8
man/tlspr.8
man/proxy.8
man/smtpp.8
man/socks.8
man/tcppm.8
man/udppm.8

6
debian/changelog vendored
View File

@ -1,3 +1,9 @@
3proxy (0.9.6.1-1) buster; urgency=medium
*3proxy 0.9.6.1 initial build
-- z3APA3A <3apa3a@3proxy.org> Fri, 24 Apr 2026 17:23:05 +0300
3proxy (0.9.6-1) buster; urgency=medium
*3proxy 0.9.6 initial build

15
debian/copyright vendored
View File

@ -4,10 +4,17 @@ Upstream-Contact: 3proxy@3proxy.org
Source: https://3proxy.org/
Files: *
Copyright: 2000-2026 Vladimir Dubrovin <vlad@3proxy.org>
Copyright: 2000-2020 3APA3A, Vladimir Dubrovin, 3proxy.org
License: BSD-3-clause or Apache or GPL-2+ or LGPL-2+
Files: src/libs/blake2*.*
Copyright: 2012, Samuel Neves <sneves@dei.uc.pt>
License: public-domain (CC0 1.0 Universal) or OpenSSL license or Apache 2.0
Files: src/libs/md*.*
Copyright: 1990,1991,1992 RSA Data Security, Inc
License: public-domain
Files: src/libs/regex.*
Copyright: Henry Spencer
License: public-domain
Files: src/libs/smbdes.c
Copyright: Andrew Tridgell 1998
License: GPL-2+

26
doc/changelog/0/7/0
View File

@ -1,26 +0,0 @@
3proxy 0.7
This release is partially forced: while no new significant functions are
added, 0.7 is code is much more stable and less buggy than 0.6. Since
there is no new development for a long time, except few minor bugfixes,
I decided to finally release 0.7. You may want it if you:
Use HTTP proxy
Use 3proxy under *BSD/Mac OS X/iPhone OS
Use plugins, specially traffic related ones, like PCRE.
I have no time for active developement. There are interesting features
in nearly ready state, e.g. SSL support / SSL decryption via
certificates spoofing, NAT support and SSL auto-detection. You can step
into development, if you are interested.
There are some configuration changes:
auth iponly is now default (because most misconfigurations were
because of default auth none)
maxconn is now 500 by default (because WebKit browsers ignore
standards and create a lot of connections even if proxy is configured)
NTLM is disabled by default (-n options, -n1 to enable) because
NTLMv1 is disabled by default in Windows since Vista and there is no
NTLMv2 library with compatible license. Report me, if any.

35
doc/changelog/0/7/1
View File

@ -1,35 +0,0 @@
3proxy-0.7.1.4
!! Fix transparent flag not reset after keep-alive connection, can lead to
3proxy-0.7.1.3
! traffic displayed incorrectly
! archiver doesn't add suffix if logname contains macro
! fix potential race condition on configuration reload
! fix FTP over HTTP authentication
3proxy-0.7.1.2
! Request / header size limitation relaxed for HTTP proxy
3proxy 0.7.1.1
! Linux compilation issues resolved
3proxy 0.7.1
Minor improvements and bugfixes:
+ Windows icons added
+ Warnings added for most common misconfigurations
+ ftppr NLSD command supported
! Ignore NTLM handshake if NTLM is not enabled
!! memcpy replaced with memmove for overlapped region
! better EINTR handling on *nix
! FTP proxy debugging output removed (introduced in 0.7), binding for data connection corrected
! memory leak fixed in ldapauth plugin

9
doc/changelog/0/8/0
View File

@ -1,9 +0,0 @@
+ IPv6 support
+ back connect support
+ name resolution over TCP, parent proxy support for dnspr
+ SSLPlugin for TLS/SSL traffic decryption
! multiple race conditions fixed
! reduced memory usage
! Generate Forwarded: header instead of X-Forwarded-For:
! Default name resolution is non-blocking in *nix
! multiple race conditions fixed on configuration reload

1
doc/changelog/0/8/1
View File

@ -1 +0,0 @@
!!Fix: destination IP may be not checked against ACL

2
doc/changelog/0/8/10
View File

@ -1,2 +0,0 @@
! Fix: parent proxy can be used in some cases where it shouldn't
! Fix: bandlimiters may not work for older connections on configuration reload

9
doc/changelog/0/8/11
View File

@ -1,9 +0,0 @@
Minor bugfixes / improvements:
! Fixed: deadlock on insufficient resources
! Fixed: race condition in ssl_plugin
! Fixed: minor memory leak on configuration reload
! Fixed: recursion detection was not working
! Fixed: %n for IPv6 in logging terminates log record
! Fixed: reverse PTR validation (required for dnsauth)
! Fixed: error on external 0.0.0.0 for NOIPV6 (light version)
+ Better support for IPv6 in ftppr

5
doc/changelog/0/8/12
View File

@ -1,5 +0,0 @@
Bugfixes:
! Fixed hostname support in SOCKSv5 UDP portmapping
! -fno-strict-aliasing added to gcc options (compiling without this option can lead to unpredictable issues under Debian with gcc 6 and potentially others)
! Fixed LDAP plugin compilation issues (LDAP plugin is still listed as unsupported though)
and some minor fixes and improvements.

3
doc/changelog/0/8/13
View File

@ -1,3 +0,0 @@
Bugfixes:
!! Fixed out-of-bound write and few minor bugs on configuration saving in admin
! fixed: $ is not correctly handled in the beginning of quoted line on configuration parsing

3
doc/changelog/0/8/2
View File

@ -1,3 +0,0 @@
!! Fix transparent flag not reset after keep-alive connection, can lead to DoS by authenticated user.
! Do not use SO_REUSEADDR by default (leads to random 00013 errors under some glibc versions)
! Use SASIZE() instead of sizeof() in bind() for FreeBSD compatibility

1
doc/changelog/0/8/3
View File

@ -1 +0,0 @@
! fixed: use SASIZE() instead of sizeof() in connect() for FreeBSD compatibility

5
doc/changelog/0/8/4
View File

@ -1,5 +0,0 @@
+ Build PamPlugin on *nix
+ stacksize and -S options, stacksize defaults changed for FreeBSD
+ extip redirection type added
! SSL plugin fix to correct handling of certificates path
! fixed random errors on IPv6 connect

1
doc/changelog/0/8/5
View File

@ -1 +0,0 @@
!Fix: mutex was used prior to initialization on 'log' command processing

1
doc/changelog/0/8/6
View File

@ -1 +0,0 @@
! Fix: random 00012 errors in some configurations

15
doc/changelog/0/8/7
View File

@ -1,15 +0,0 @@
! Fix 'daemon' command for Linux
! Fix 'extip' redirections 00009 errors
! Fix counters for older Win platforms
! Resolve logging race conditions
! attempt to fix pam_auth race conditions
! FTP proxy workaround for broken gethostname() on some libc limplementations
! authcache IP matching corrected
! fix SOCKSv5 BIND/UDP ASSOC
! use setreuid/setregid instead of setuid / setgid
+ OpenWatcom makefiles for Windows
+ -u2 support for proxy
+ support %i in logformat
+ force/noforce configuration commands to disconnect / do not disconnect clients if nolonger match ACL after configuration change
+ support longer external passwords

3
doc/changelog/0/8/8
View File

@ -1,3 +0,0 @@
!! Fix resolver for non-compressed reply parsing (on mixed-case sensitive resolvers)
! Fix plugins export on OpenWatcom compiler (light version)
! Fix SOCKSv5

1
doc/changelog/0/8/9
View File

@ -1 +0,0 @@
! Fix: tcppm may fail if used with parent proxy

6
doc/changelog/0/9/0
View File

@ -1,6 +0,0 @@
+ Socket options, interface binding
+ Connection limiting / connection rate limiting
+ RADIUS support (beta)
+ Zero copy (splice) support for Linux
+ Possibility to limit user to single IP (via authentication cache)
! bugfixes, improvements

8
doc/changelog/0/9/1
View File

@ -1,8 +0,0 @@
Bugfixes:
! Fixed: socket may be closed before all data received/sent
! Fixed: bandlimin non-working
! Fixed: countall/nocountall
! Fixed: few race conditions
Improvements:
+ deb/rpm build, systemd support (experimental)

9
doc/changelog/0/9/2
View File

@ -1,9 +0,0 @@
Bugfixes:
! Fixed: bandwidth limiters (once again)
! Fixed: data filtering plugins (PCREPlugin, SSLPlugin). SSLPlugin use on Linux requires to disable splice (-s0)
! FIxed: standalone proxies do not react on HUP (Ctrl+C) in Linux/Unix
! Fixed: few minor bugs
Improvements:
+ deb for arm platforms (experimental)
+ Openssl 1.1 support for SSLPlugin

11
doc/changelog/0/9/3
View File

@ -1,11 +0,0 @@
Bugfixes:
! Fixed: systemd description file (proxy may fail to start after reboot or via systemctl)
! Fixed: group/account creation in installation scripts
! Fixed: countall/nocounall do not work in some configurations
! Fixed: counters do not work if counter file is not specified
! Fixed: counters without rotation (type N) are incorrectly shown in web admin interface
! Fixed: %n may be incomplete or missed in long log records
! Fixed: connect back functionality does not work
Improvements:
+ Docker builds

4
doc/changelog/0/9/4
View File

@ -1,4 +0,0 @@
! Fix: invalid handling of '-' character in ACL hostname
! Fix: minor bugfixes and improvements
+ parentretry command added (defaults to 2) to retry connections to parent proxies
- icqpr related code (OSCAR proxy) removed, due to drop of OSCAR support by messengers

7
doc/changelog/0/9/5
View File

@ -1,7 +0,0 @@
!! Security fix: proxy can potentially crash on on some platforms due to overlapping regions in strcpy() (thanks to @lenix123 for reporting)
+ new proxy service type: `tlspr` - SNI proxy, may also be used as parent `tls` type, sniffs hostname from TLS handhake, read more in https://github.com/3proxy/3proxy/wiki/tlspr https://github.com/3proxy/3proxy/wiki/How-To-(incomplete)#TLSPR
+ new proxy service type: `auto` - autodetect proxy type between `proxy` and `socks`
+ SSLPlugin is rewritten, production-ready, supports TLS (SSL) server (may be used to create https:// type proxy), certificates checks and cypher options, see https://github.com/3proxy/3proxy/wiki/SSLPlugin
+ -g option is added for grace delay to reduce CPU load, see https://github.com/3proxy/3proxy/wiki/High-Load
! Multiple minor bugfixes
! More supported sockets options

9
doc/changelog/0/9/6
View File

@ -1,9 +0,0 @@
+ ssl_client and multiple configuration options added to SSLPlugin, SSLPlugin code significantly improved and bugfixed. See https://github.com/3proxy/3proxy/wiki/SSLPlugin. 3proxy can now be used as stunnel replacement for many scenarios.
+ HAProxy proxy protocol v1 support as client and server, add -H option for service to expect HA proxy v1 protocol header, use ha parent type: parent 1000 ha 0.0.0.0 0 to send v1 header.
+ tlspr is supported in auto
+ tlspr supports -s option, it breaks HELLO packet to prevent some DPIs from detecting SNI
+ maxseg configuration option and TCP_MAXSEG socket flag support added. It sets maximum size of TCP segment to fix PathMTU discovery problems
+ -Ne / -Ni options added to specify external / internal NAT address for SOCKSv5
+ cmake environment added
! External pcre2 (pcre2-8) library is used for PCRE, pcre code is removed from 3proxy
! Multiple minor bugfixes

508
doc/devel/devref.rtf Normal file
View File

@ -0,0 +1,508 @@
{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1049\deflangfe1049{\fonttbl{\f0\froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f2\fmodern\fcharset204\fprq1{\*\panose 02070309020205020404}Courier New;}
{\f3\froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}{\f10\fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings;}{\f39\froman\fcharset0\fprq2 Times New Roman;}{\f37\froman\fcharset238\fprq2 Times New Roman CE;}
{\f40\froman\fcharset161\fprq2 Times New Roman Greek;}{\f41\froman\fcharset162\fprq2 Times New Roman Tur;}{\f42\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f43\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}
{\f44\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f45\froman\fcharset163\fprq2 Times New Roman (Vietnamese);}{\f59\fmodern\fcharset0\fprq1 Courier New;}{\f57\fmodern\fcharset238\fprq1 Courier New CE;}
{\f60\fmodern\fcharset161\fprq1 Courier New Greek;}{\f61\fmodern\fcharset162\fprq1 Courier New Tur;}{\f62\fbidi \fmodern\fcharset177\fprq1 Courier New (Hebrew);}{\f63\fbidi \fmodern\fcharset178\fprq1 Courier New (Arabic);}
{\f64\fmodern\fcharset186\fprq1 Courier New Baltic;}{\f65\fmodern\fcharset163\fprq1 Courier New (Vietnamese);}}{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;
\red255\green255\blue0;\red255\green255\blue255;\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}{\stylesheet{
\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \rtlch\fcs1 \af0\afs24\alang1025 \ltrch\fcs0 \fs24\lang1049\langfe1049\cgrid\langnp1049\langfenp1049 \snext0 Normal;}{\*\cs10 \additive \ssemihidden
Default Paragraph Font;}{\*\ts11\tsrowd\trftsWidthB3\trpaddl108\trpaddr108\trpaddfl3\trpaddft3\trpaddfb3\trpaddfr3\trcbpat1\trcfpat1\tblind0\tblindtype3\tscellwidthfts0\tsvertalt\tsbrdrt\tsbrdrl\tsbrdrb\tsbrdrr\tsbrdrdgl\tsbrdrdgr\tsbrdrh\tsbrdrv
\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \rtlch\fcs1 \af0\afs20 \ltrch\fcs0 \fs20\lang1024\langfe1024\cgrid\langnp1024\langfenp1024 \snext11 \ssemihidden Normal Table;}}
{\*\latentstyles\lsdstimax156\lsdlockeddef0}{\*\listtable{\list\listtemplateid-1938272566{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'01\'00;}{\levelnumbers\'01;}\rtlch\fcs1 \af0
\ltrch\fcs0 \fbias0 \fi-360\li360\jclisttab\tx360\lin360 }{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'03\'00.\'01;}{\levelnumbers\'01\'03;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0
\fi-360\li360\jclisttab\tx360\lin360 }{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'05\'00.\'01.\'02;}{\levelnumbers\'01\'03\'05;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-720\li720
\jclisttab\tx720\lin720 }{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'07\'00.\'01.\'02.\'03;}{\levelnumbers\'01\'03\'05\'07;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-720\li720
\jclisttab\tx720\lin720 }{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'09\'00.\'01.\'02.\'03.\'04;}{\levelnumbers\'01\'03\'05\'07\'09;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0
\fi-1080\li1080\jclisttab\tx1080\lin1080 }{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'0b\'00.\'01.\'02.\'03.\'04.\'05;}{\levelnumbers\'01\'03\'05\'07\'09\'0b;}\rtlch\fcs1 \af0
\ltrch\fcs0 \fbias0 \fi-1080\li1080\jclisttab\tx1080\lin1080 }{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'0d\'00.\'01.\'02.\'03.\'04.\'05.\'06;}{\levelnumbers
\'01\'03\'05\'07\'09\'0b\'0d;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-1440\li1440\jclisttab\tx1440\lin1440 }{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext
\'0f\'00.\'01.\'02.\'03.\'04.\'05.\'06.\'07;}{\levelnumbers\'01\'03\'05\'07\'09\'0b\'0d\'0f;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-1440\li1440\jclisttab\tx1440\lin1440 }{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1
\levelspace0\levelindent0{\leveltext\'11\'00.\'01.\'02.\'03.\'04.\'05.\'06.\'07.\'08;}{\levelnumbers\'01\'03\'05\'07\'09\'0b\'0d\'0f\'11;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-1800\li1800\jclisttab\tx1800\lin1800 }{\listname ;}\listid233053280}
{\list\listtemplateid269381388\listhybrid{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\leveltemplateid1994686728\'02\'00.;}{\levelnumbers\'01;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0
\fi-360\li720\jclisttab\tx720\lin720 }{\listlevel\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0\levelstartat0\levelspace0\levelindent0{\leveltext\leveltemplateid-2036938464\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }
{\listlevel\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0\levelstartat0\levelspace0\levelindent0{\leveltext\leveltemplateid1578941516\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }{\listlevel\levelnfc255\levelnfcn255
\leveljc0\leveljcn0\levelfollow0\levelstartat0\levelspace0\levelindent0{\leveltext\leveltemplateid936021434\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }{\listlevel\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0
\levelstartat0\levelspace0\levelindent0{\leveltext\leveltemplateid-1323636224\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }{\listlevel\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0\levelstartat0\levelspace0\levelindent0
{\leveltext\leveltemplateid-1892018578\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }{\listlevel\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0\levelstartat0\levelspace0\levelindent0{\leveltext\leveltemplateid-108487922
\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }{\listlevel\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0\levelstartat0\levelspace0\levelindent0{\leveltext\leveltemplateid-4969626\'00;}{\levelnumbers;}\rtlch\fcs1 \af0
\ltrch\fcs0 \jclisttab\tx360 }{\listlevel\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0\levelstartat0\levelspace0\levelindent0{\leveltext\leveltemplateid1135759886\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }{\listname
;}\listid243993609}{\list\listtemplateid1411046654{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat2\levelspace0\levelindent0{\leveltext\'01\'00;}{\levelnumbers\'01;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-360\li360
\jclisttab\tx360\lin360 }{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat2\levelspace0\levelindent0{\leveltext\'03\'00.\'01;}{\levelnumbers\'01\'03;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-360\li720\jclisttab\tx720\lin720 }
{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'05\'00.\'01.\'02;}{\levelnumbers\'01\'03\'05;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-720\li1440\jclisttab\tx1440\lin1440 }{\listlevel
\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'07\'00.\'01.\'02.\'03;}{\levelnumbers\'01\'03\'05\'07;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-720\li1800\jclisttab\tx1800\lin1800 }{\listlevel
\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'09\'00.\'01.\'02.\'03.\'04;}{\levelnumbers\'01\'03\'05\'07\'09;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-1080\li2520\jclisttab\tx2520\lin2520 }
{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'0b\'00.\'01.\'02.\'03.\'04.\'05;}{\levelnumbers\'01\'03\'05\'07\'09\'0b;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-1080\li2880
\jclisttab\tx2880\lin2880 }{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'0d\'00.\'01.\'02.\'03.\'04.\'05.\'06;}{\levelnumbers\'01\'03\'05\'07\'09\'0b\'0d;}\rtlch\fcs1 \af0 \ltrch\fcs0
\fbias0 \fi-1440\li3600\jclisttab\tx3600\lin3600 }{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'0f\'00.\'01.\'02.\'03.\'04.\'05.\'06.\'07;}{\levelnumbers
\'01\'03\'05\'07\'09\'0b\'0d\'0f;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-1440\li3960\jclisttab\tx3960\lin3960 }{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext
\'11\'00.\'01.\'02.\'03.\'04.\'05.\'06.\'07.\'08;}{\levelnumbers\'01\'03\'05\'07\'09\'0b\'0d\'0f\'11;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-1800\li4680\jclisttab\tx4680\lin4680 }{\listname ;}\listid368384829}{\list\listtemplateid1424627480\listhybrid
{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\leveltemplateid1868871046\'01-;}{\levelnumbers;}\loch\af0\hich\af0\dbch\af0\fbias0 \fi-360\li420\jclisttab\tx420\lin420 }{\listlevel
\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\lvltentative\levelspace0\levelindent0{\leveltext\leveltemplateid68747267\'01o;}{\levelnumbers;}\f2\fbias0 \fi-360\li1140\jclisttab\tx1140\lin1140 }{\listlevel\levelnfc23\levelnfcn23
\leveljc0\leveljcn0\levelfollow0\levelstartat1\lvltentative\levelspace0\levelindent0{\leveltext\leveltemplateid68747269\'01\u-3929 ?;}{\levelnumbers;}\f10\fbias0 \fi-360\li1860\jclisttab\tx1860\lin1860 }{\listlevel\levelnfc23\levelnfcn23\leveljc0
\leveljcn0\levelfollow0\levelstartat1\lvltentative\levelspace0\levelindent0{\leveltext\leveltemplateid68747265\'01\u-3913 ?;}{\levelnumbers;}\f3\fbias0 \fi-360\li2580\jclisttab\tx2580\lin2580 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0
\levelfollow0\levelstartat1\lvltentative\levelspace0\levelindent0{\leveltext\leveltemplateid68747267\'01o;}{\levelnumbers;}\f2\fbias0 \fi-360\li3300\jclisttab\tx3300\lin3300 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1
\lvltentative\levelspace0\levelindent0{\leveltext\leveltemplateid68747269\'01\u-3929 ?;}{\levelnumbers;}\f10\fbias0 \fi-360\li4020\jclisttab\tx4020\lin4020 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\lvltentative
\levelspace0\levelindent0{\leveltext\leveltemplateid68747265\'01\u-3913 ?;}{\levelnumbers;}\f3\fbias0 \fi-360\li4740\jclisttab\tx4740\lin4740 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\lvltentative\levelspace0
\levelindent0{\leveltext\leveltemplateid68747267\'01o;}{\levelnumbers;}\f2\fbias0 \fi-360\li5460\jclisttab\tx5460\lin5460 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\lvltentative\levelspace0\levelindent0{\leveltext
\leveltemplateid68747269\'01\u-3929 ?;}{\levelnumbers;}\f10\fbias0 \fi-360\li6180\jclisttab\tx6180\lin6180 }{\listname ;}\listid634527506}{\list\listtemplateid1914202178\listhybrid{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0
\levelstartat1\levelspace0\levelindent0{\leveltext\leveltemplateid745160830\'02\'00.;}{\levelnumbers\'01;}\rtlch\fcs1 \af0 \ltrch\fcs0 \fbias0 \fi-360\li720\jclisttab\tx720\lin720 }{\listlevel\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0
\levelstartat0\levelspace0\levelindent0{\leveltext\leveltemplateid-1816475770\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }{\listlevel\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0\levelstartat0\levelspace0\levelindent0
{\leveltext\leveltemplateid-715330988\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }{\listlevel\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0\levelstartat0\levelspace0\levelindent0{\leveltext\leveltemplateid1569232270
\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }{\listlevel\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0\levelstartat0\levelspace0\levelindent0{\leveltext\leveltemplateid-297370836\'00;}{\levelnumbers;}\rtlch\fcs1 \af0
\ltrch\fcs0 \jclisttab\tx360 }{\listlevel\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0\levelstartat0\levelspace0\levelindent0{\leveltext\leveltemplateid-346936770\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }{\listlevel
\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0\levelstartat0\levelspace0\levelindent0{\leveltext\leveltemplateid416698944\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }{\listlevel\levelnfc255\levelnfcn255\leveljc0
\leveljcn0\levelfollow0\levelstartat0\levelspace0\levelindent0{\leveltext\leveltemplateid-596467262\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }{\listlevel\levelnfc255\levelnfcn255\leveljc0\leveljcn0\levelfollow0\levelstartat0
\levelspace0\levelindent0{\leveltext\leveltemplateid11278156\'00;}{\levelnumbers;}\rtlch\fcs1 \af0 \ltrch\fcs0 \jclisttab\tx360 }{\listname ;}\listid1261259807}}{\*\listoverridetable{\listoverride\listid1261259807\listoverridecount0\ls1}
{\listoverride\listid634527506\listoverridecount0\ls2}{\listoverride\listid233053280\listoverridecount0\ls3}{\listoverride\listid243993609\listoverridecount0\ls4}{\listoverride\listid368384829\listoverridecount0\ls5}}{\*\rsidtbl \rsid1339617\rsid1586505
\rsid1600374\rsid1771507\rsid1986875\rsid2235853\rsid2296829\rsid2567226\rsid2701137\rsid3560132\rsid3671104\rsid3692728\rsid4980816\rsid5776876\rsid5975359\rsid6257560\rsid6570302\rsid7013593\rsid7235628\rsid7749673\rsid8087560\rsid8326885\rsid8672163
\rsid8675175\rsid9981679\rsid10440144\rsid10497064\rsid10908886\rsid12060716\rsid12261729\rsid12544729\rsid12806430\rsid13111076\rsid13909505\rsid15236432\rsid15609114\rsid15928529\rsid16077654}{\*\generator Microsoft Word 11.0.0000;}{\info
{\title 3proxy developer reference}{\author Vladimir Dubrovin}{\operator Vladimir Dubrovin}{\creatim\yr2007\mo11\dy23\hr19\min28}{\revtim\yr2008\mo1\dy22\hr19\min28}{\version8}{\edmins86}{\nofpages8}{\nofwords2396}{\nofchars13662}{\*\company Sandy}
{\nofcharsws16026}{\vern24611}{\*\password 00000000}}{\*\xmlnstbl {\xmlns1 http://schemas.microsoft.com/office/word/2003/wordml}{\xmlns2 urn:schemas-microsoft-com:office:smarttags}}
\paperw11906\paperh16838\margl1701\margr850\margt1134\margb1134\gutter0\ltrsect
\deftab708\widowctrl\ftnbj\aenddoc\donotembedsysfont1\donotembedlingdata0\grfdocevents0\validatexml1\showplaceholdtext0\ignoremixedcontent0\saveinvalidxml0\showxmlerrors1\noxlattoyen\expshrtn\noultrlspc\dntblnsbdb\nospaceforul\formshade\horzdoc\dgmargin
\dghspace180\dgvspace180\dghorigin1701\dgvorigin1134\dghshow1\dgvshow1
\jexpand\viewkind1\viewscale130\viewzk2\pgbrdrhead\pgbrdrfoot\splytwnine\ftnlytwnine\htmautsp\nolnhtadjtbl\useltbaln\alntblind\lytcalctblwd\lyttblrtgr\lnbrkrule\nobrkwrptbl\viewnobound1\snaptogridincell
\allowfieldendsel\wrppunct\asianbrkrule\rsidroot10497064\newtblstyruls\nogrowautofit \fet0{\*\wgrffmtfilter 013f}\ilfomacatclnup0\ltrpar \sectd \ltrsect\linex0\headery708\footery708\colsx708\endnhere\sectlinegrid360\sectdefaultcl\sftnbj {\*\pnseclvl1
\pnucrm\pnstart1\pnindent720\pnhang {\pntxta .}}{\*\pnseclvl2\pnucltr\pnstart1\pnindent720\pnhang {\pntxta .}}{\*\pnseclvl3\pndec\pnstart1\pnindent720\pnhang {\pntxta .}}{\*\pnseclvl4\pnlcltr\pnstart1\pnindent720\pnhang {\pntxta )}}{\*\pnseclvl5
\pndec\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl6\pnlcltr\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl7\pnlcrm\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl8\pnlcltr\pnstart1\pnindent720\pnhang
{\pntxtb (}{\pntxta )}}{\*\pnseclvl9\pnlcrm\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}\pard\plain \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \rtlch\fcs1 \af0\afs24\alang1025 \ltrch\fcs0
\fs24\lang1049\langfe1049\cgrid\langnp1049\langfenp1049 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13111076
\par }\pard \ltrpar\qc \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid2235853 {\rtlch\fcs1 \af0\afs32 \ltrch\fcs0 \fs32\lang1033\langfe1049\langnp1033\insrsid10497064\charrsid12261729 3proxy developer reference}{
\rtlch\fcs1 \af0\afs32 \ltrch\fcs0 \fs32\lang1033\langfe1049\langnp1033\insrsid10497064
\par }{\rtlch\fcs1 \af0\afs20 \ltrch\fcs0 \fs20\lang1033\langfe1049\langnp1033\insrsid2235853\charrsid12261729 $Id: devref.rtf,v 1.4 2008/01/24 08:44:57 vlad Exp $
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid10497064
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \b\lang1033\langfe1049\langnp1033\insrsid10497064\charrsid12060716 \hich\af0\dbch\af0\loch\f0 1.\tab}}\pard \ltrpar\ql \fi-360\li720\ri0\widctlpar
\jclisttab\tx720\wrapdefault\aspalpha\aspnum\faauto\ls4\adjustright\rin0\lin720\itap0\pararsid6570302 {\rtlch\fcs1 \af0 \ltrch\fcs0 \b\lang1033\langfe1049\langnp1033\insrsid10497064\charrsid12060716 Understanding Internal 3proxy structure
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid10497064 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid10497064
\par 3proxy is implemented as multithread application. Server model is implemented as \'93one connection \endash one thread\'94. It means, for every client connection new thre
ad is created. This model is effective enough under Windows, because it allows it avoid thread creation on asynchronous operations, yet under most POSIX systems this model can not be considered as most efficient. It\rquote
s planned for (very far in future) release to implement more efficient model, where single thread can serve few clients.
\par
\par
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid10497064 \hich\af0\dbch\af0\loch\f0 1.1\tab}}\pard \ltrpar\ql \fi-360\li360\ri0\widctlpar
\jclisttab\tx360\wrapdefault\aspalpha\aspnum\faauto\ls3\ilvl1\adjustright\rin0\lin360\itap0\pararsid6570302 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid10497064 main thread:
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid6570302 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6570302
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid10497064 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid10497064
3proxy begins with main thread. This thread parses configuration}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid4980816 file and starts main loop}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid10497064 . }{
\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8672163 During configuration file parsing }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid8672163\charrsid8672163 struct extaparam conf;}{\rtlch\fcs1 \af0
\ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8672163 structure is filled and service threads are started.
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6570302 Main loop cycle }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2701137 takes approximately 1 second and }{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid6570302 does these tasks:}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid10497064
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6570302 \hich\af0\dbch\af0\loch\f0 -\tab}}\pard \ltrpar\ql \fi-360\li420\ri0\widctlpar
\jclisttab\tx420\wrapdefault\aspalpha\aspnum\faauto\ls2\adjustright\rin0\lin420\itap0\pararsid6570302 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6570302 re-reads configuration}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid8672163 file}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6570302 , if necessary
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6570302 \hich\af0\dbch\af0\loch\f0 -\tab}performs scheduled tasks
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6570302 \hich\af0\dbch\af0\loch\f0 -\tab}monitors files (\lquote monitor}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid4980816 \rquote
command}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6570302 )}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2701137 , approx. once in a minute}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid6570302
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6570302 \hich\af0\dbch\af0\loch\f0 -\tab}rotates main logfile
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6570302 \hich\af0\dbch\af0\loch\f0 -\tab}dumps counters to }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2701137
file, approx. once in a minute}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6570302
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2701137 \hich\af0\dbch\af0\loch\f0 -\tab}}\pard \ltrpar\ql \fi-360\li420\ri0\widctlpar
\jclisttab\tx420\wrapdefault\aspalpha\aspnum\faauto\ls2\adjustright\rin0\lin420\itap0\pararsid2701137 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2701137 performs termination, if required
\par }\pard \ltrpar\ql \li60\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin60\itap0\pararsid8672163 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2701137 I}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8672163 t\rquote s guaranteed every configuration and schedule command is executed from the same thread.
\par Main thread is implemented in }{\rtlch\fcs1 \af0 \ltrch\fcs0 \b\lang1033\langfe1049\langnp1033\insrsid8672163\charrsid12544729 3proxy.c}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8672163
\par }\pard \ltrpar\ql \li60\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin60\itap0\pararsid6570302 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6570302
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8672163 \hich\af0\dbch\af0\loch\f0 1.2\tab}}\pard \ltrpar\ql \fi-360\li360\ri0\widctlpar
\jclisttab\tx360\wrapdefault\aspalpha\aspnum\faauto\ls3\ilvl1\adjustright\rin0\lin360\itap0\pararsid8672163 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8672163 service thread}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid6570302
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid8672163 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8672163
\par Service threads are started immediately, than service command (e.g. \lquote proxy\rquote or \lquote socks\rquote ) are found during configuration file parsing. Each command creates new thread. Thread does these tasks:
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8672163 \hich\af0\dbch\af0\loch\f0 -\tab}}\pard \ltrpar\ql \fi-360\li420\ri0\widctlpar
\jclisttab\tx420\wrapdefault\aspalpha\aspnum\faauto\ls2\adjustright\rin0\lin420\itap0\pararsid8672163 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8672163 parses service command arguments and fills \lquote }{\rtlch\fcs1 \af0
\ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid8672163\charrsid6257560 struct srvparam srv}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8672163 \rquote structure with service configuration and \lquote }{\rtlch\fcs1 \af0
\ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid8672163\charrsid6257560 struct clientparam defparam}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8672163 \rquote structure with default client configuration
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6257560 \hich\af0\dbch\af0\loch\f0 -\tab}}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6257560 initializes filters}{\rtlch\fcs1 \af0
\ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132 (filter_open)}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6257560\charrsid8672163
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6257560 \hich\af0\dbch\af0\loch\f0 -\tab}}\pard \ltrpar\ql \fi-360\li420\ri0\widctlpar
\jclisttab\tx420\wrapdefault\aspalpha\aspnum\faauto\ls2\adjustright\rin0\lin420\itap0\pararsid6257560 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6257560 creates }{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid2701137 and initializes }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6257560 listening service socket
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2701137 \hich\af0\dbch\af0\loch\f0 -\tab}}\pard \ltrpar\ql \fi-360\li420\ri0\widctlpar
\jclisttab\tx420\wrapdefault\aspalpha\aspnum\faauto\ls2\adjustright\rin0\lin420\itap0\pararsid3560132 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2701137 enters into service loop}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid3560132
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132 \hich\af0\dbch\af0\loch\f0 -\tab}terminates filters (filter_close)
\par }\pard \ltrpar\ql \li60\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin60\itap0\pararsid2701137 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2701137 service loop:
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2701137 \hich\af0\dbch\af0\loch\f0 -\tab}}\pard \ltrpar\ql \fi-360\li420\ri0\widctlpar
\jclisttab\tx420\wrapdefault\aspalpha\aspnum\faauto\ls2\adjustright\rin0\lin420\itap0\pararsid2701137 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2701137
checks for configuration reload (approximately every second), thread exits if configuration reloaded or 3proxy is in terminating state.
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2701137 \hich\af0\dbch\af0\loch\f0 -\tab}accepts client connection and creates \lquote }{\rtlch\fcs1 \af0 \ltrch\fcs0
\i\lang1033\langfe1049\langnp1033\insrsid2701137 struct clientparam new}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid2701137\charrsid6257560 param}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2701137
\rquote structure with client configuration
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132 \hich\af0\dbch\af0\loch\f0 -\tab}}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132
creates/checks client filters (filter_client)
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132 \hich\af0\dbch\af0\loch\f0 -\tab}creates client thread with newly created \lquote }{\rtlch\fcs1 \af0 \ltrch\fcs0
\i\lang1033\langfe1049\langnp1033\insrsid3560132 struct clientparam new}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid3560132\charrsid6257560 param}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132
\rquote
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid6570302 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid6570302
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5975359 service threads are implemented in }{\rtlch\fcs1 \af0 \ltrch\fcs0 \b\lang1033\langfe1049\langnp1033\insrsid7749673\charrsid12544729 proxymain.c}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid5975359\charrsid7749673
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5975359
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132 Please note: struct clientparam is freed and }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132\charrsid3560132 filter_clear}{\rtlch\fcs1 \af0
\ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132 is executed from different (client) thread.
\par
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132 \hich\af0\dbch\af0\loch\f0 1.3\tab}}\pard \ltrpar\ql \fi-360\li360\ri0\widctlpar
\jclisttab\tx360\wrapdefault\aspalpha\aspnum\faauto\ls3\ilvl1\adjustright\rin0\lin360\itap0\pararsid3560132 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132 client thread
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid7749673 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid7749673
\par Client threads are started from service thread. Client thread:
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid7749673 \hich\af0\dbch\af0\loch\f0 -\tab}}\pard \ltrpar\ql \fi-360\li420\ri0\widctlpar
\jclisttab\tx420\wrapdefault\aspalpha\aspnum\faauto\ls2\adjustright\rin0\lin420\itap0\pararsid7749673 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid7749673
reads client request (except portmappers) with authentication information and request headers (if any).
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 \hich\af0\dbch\af0\loch\f0 -\tab}}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 filters request (if any) with }{
\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876\charrsid5776876 filter_request}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid7749673
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 \hich\af0\dbch\af0\loch\f0 -\tab}}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 filters headers (if any) with }{
\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876\charrsid5776876 filter_header_cli}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 \hich\af0\dbch\af0\loch\f0 -\tab}performs authentication and authorization
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 \hich\af0\dbch\af0\loch\f0 -\tab}established connection with server
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 \hich\af0\dbch\af0\loch\f0 -\tab}sends request to server
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 \hich\af0\dbch\af0\loch\f0 -\tab}}\pard \ltrpar\ql \fi-360\li420\ri0\widctlpar
\jclisttab\tx420\wrapdefault\aspalpha\aspnum\faauto\ls2\adjustright\rin0\lin420\itap0\pararsid3560132 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 filters server headers (if any)}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid3560132
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 \hich\af0\dbch\af0\loch\f0 -\tab}}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 maps client end s
erver sockets to transmit data between client and server
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 \hich\af0\dbch\af0\loch\f0 -\tab}}\pard \ltrpar\ql \fi-360\li420\ri0\widctlpar
\jclisttab\tx420\wrapdefault\aspalpha\aspnum\faauto\ls2\adjustright\rin0\lin420\itap0\pararsid5776876 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 logs request. Global counters are also updated on this operation
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 \hich\af0\dbch\af0\loch\f0 -\tab}}\pard \ltrpar\ql \fi-360\li420\ri0\widctlpar
\jclisttab\tx420\wrapdefault\aspalpha\aspnum\faauto\ls2\adjustright\rin0\lin420\itap0\pararsid3560132 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 clears client filters (}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid5776876\charrsid5776876 filter_clear}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 )
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 \hich\af0\dbch\af0\loch\f0 -\tab}frees }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid5776876\charrsid5776876
struct clientparam}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 data
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid5776876 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid10908886 in some point client thread may loop to process few client requests from the same connection (e.g. HTTP \lquote established\rquote connection in \lquote proxy\rquote ).
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 Socket mapping does:
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 \hich\af0\dbch\af0\loch\f0 -\tab}}\pard \ltrpar\ql \fi-360\li420\ri0\widctlpar
\jclisttab\tx420\wrapdefault\aspalpha\aspnum\faauto\ls2\adjustright\rin0\lin420\itap0\pararsid5776876 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 caches data in internal client and server buffers
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 \hich\af0\dbch\af0\loch\f0 -\tab}delays data transmit to limit bandwidth
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 \hich\af0\dbch\af0\loch\f0 -\tab}performs data filtering (}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid5776876\charrsid5776876 filter_data_cli}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 / }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876\charrsid5776876
filter_data_srv}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid5776876 )
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid3560132 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3560132
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1586505 client threads are implemented in }{\rtlch\fcs1 \af0 \ltrch\fcs0 \b\lang1033\langfe1049\langnp1033\insrsid1586505\charrsid12544729 proxy.c}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid1586505 , }{\rtlch\fcs1 \af0 \ltrch\fcs0 \b\lang1033\langfe1049\langnp1033\insrsid1586505\charrsid12544729 socks.c}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1586505 , }{\rtlch\fcs1 \af0
\ltrch\fcs0 \b\lang1033\langfe1049\langnp1033\insrsid1586505\charrsid12544729 pop3p.c}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1586505 etc.
\par
\par {\listtext\pard\plain\ltrpar \rtlch\fcs1 \af0 \ltrch\fcs0 \b\lang1033\langfe1049\langnp1033\insrsid1586505\charrsid12060716 \hich\af0\dbch\af0\loch\f0 2.\tab}}\pard \ltrpar\ql \fi-360\li720\ri0\widctlpar
\jclisttab\tx720\wrapdefault\aspalpha\aspnum\faauto\ls4\adjustright\rin0\lin720\itap0\pararsid1586505 {\rtlch\fcs1 \af0 \ltrch\fcs0 \b\lang1033\langfe1049\langnp1033\insrsid1586505\charrsid12060716 Hacking into 3proxy code with plugins
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid3560132 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1586505
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\jclisttab\tx720\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid2296829 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2296829 2.1 }{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid1586505 What is 3proxy plugin
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid1586505 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1586505
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid10440144 3proxy plugin is any dynamic/shared library. There is no specific requirement for plugin, actually you can load any dynamic library with \lquote plugin\rquote
command. No linking with any libraries are required. However, to interoperate with 3proxy dynamic library must have an export function 3proxy may call to pass the structure with required information.}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid1586505
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid10440144\charrsid10440144 typedef int (*PLUGINFUNC) (struct pluginlink *pluginlink, int argc, char** argv);
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid10440144
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid10440144\charrsid10440144 struct pluginlink}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid10440144
is a structure with export information, explained later, argc and argv are argument counter and array of arguments of \'93plugin\'94 command. Plugin should report it\rquote
s status with integer return value. 0 is success, positive value indicates non-recoverable error, 3proxy do not parse rest of configuration and enters into termination state, negative value indicates recoverable value, 3proxy logs warning (if possible).}{
\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12544729 In case of C++, all 3proxy functions/structures must be extern \'93C\'94.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid10440144
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid15928529 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529 All 3proxy structures/functions descriptions are located in
}{\rtlch\fcs1 \af0 \ltrch\fcs0 \b\lang1033\langfe1049\langnp1033\insrsid15928529\charrsid15928529 structures.h}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529
\par }\pard \ltrpar\ql \li360\ri0\widctlpar\jclisttab\tx720\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin360\itap0\pararsid2296829 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2296829
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\jclisttab\tx720\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid2296829 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2296829 2.2 }{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid12544729 Understanding pluginlink structure
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid12544729 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12544729
\par Because there is no linking between 3proxy and plugin, all 3proxy functions and structures are passed with pluginlink structure. Pluginlink is actually a collection of pointers to 3proxy internal structures and functions. Because plug
inlink is constantly extending, you should see it\rquote s definitions in }{\rtlch\fcs1 \af0 \ltrch\fcs0 \b\lang1033\langfe1049\langnp1033\insrsid12544729\charrsid12544729 structures.h}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid12544729 .
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505 most important}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12544729 are:
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid13909505
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid12544729\charrsid8087560 struct symbol symbols;
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8087560 \'93symbols\'94
is a kind of name/value export table, made as a list. It can be used by plugins to exchange information and functions between plugins, e.g. to export functions from one plugin to another, where pluginlink is useless, because it\rquote s static. It
\rquote s quite simple:}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12544729
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8087560
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid8087560 {\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid8087560\charrsid8087560 struct symbol \{
\par \tab struct symbol *next;
\par \tab char * name;
\par \tab void * value;
\par \};
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8087560
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505 n}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8087560 ame \endash is a name of function or structure
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505 v}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8087560 alue \endash is it\rquote s value.
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8087560 u}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505 se}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8087560
pluginlink->fundbyname function to lookup, e.g.
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid8087560\charrsid13909505 anotherplugindata = pluginlink->findbyname(\'93anotherplugindata\'94);
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8087560 To export }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505 something from your plugin, add your structure to this list.}{\rtlch\fcs1 \af0
\ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8087560\charrsid8087560
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid12544729 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8087560\charrsid12544729
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid12544729\charrsid13909505 struct extparam *conf;
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12544729 pointer to conf structure, it holds all current 3proxy configuration
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12544729\charrsid12544729
\par }\pard \ltrpar\ql \li360\ri0\widctlpar\jclisttab\tx720\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin360\itap0\pararsid2296829 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2296829
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\jclisttab\tx720\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid2296829 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2296829 2.3 }{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid12544729 How to get control within plugin}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid10440144
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid12544729 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12544729
\par There are few points you can get control for your plugin, after it\rquote s loaded with \lquote plugin\rquote command.
\par
\par {\listtext\tab}}\pard \ltrpar\ql \li0\ri0\widctlpar\jclisttab\tx360\wrapdefault\aspalpha\aspnum\faauto\ls4\ilvl2\adjustright\rin0\lin0\itap0\pararsid13909505 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2296829 2.3.1 }{\rtlch\fcs1
\af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12544729 Adding configuration command processor with struct command structure
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid13909505 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505
\par A list of configuration file command, available from 3proxy.cfg is extendable. Each command is defined by }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid13909505\charrsid13909505 struct commands}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid13909505 :
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid13909505\charrsid13909505 struct commands \{
\par \tab struct commands *next;
\par \tab char * command;
\par \tab int (* handler)(int argc, unsigned char ** argv);
\par \tab int minargs;
\par \tab int maxargs;\tab
\par \};
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid13909505\charrsid13909505 struct commands *next}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505 - next element in list}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid13909505\charrsid13909505
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid13909505\charrsid13909505 char * command}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505 \endash command name
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid13909505\charrsid13909505 int (* handler)(i}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid13909505 nt argc, unsigned char ** argv)}{\rtlch\fcs1 \af0
\ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505 \endash command handler. It\rquote s called than \lquote command\rquote is found in configuration files, argc is a number of arguments, counting command itself, argv is array of arguments.
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid13909505\charrsid12060716 minargs}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505 \endash minimum number of arguments command support (>= 1)
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid12060716\charrsid12060716 maxargs}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12060716 \endash
maximum number of arguments command support, 0 means infinity.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505\charrsid13909505
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid16077654 Handler r}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3671104
eturn value of 0 indicates command is successfully processed. Positive return value indicates non-recoverable error, 3proxy enter}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid16077654 s}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid3671104 }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid16077654 termination state. Negative value indicate
s 3proxy to continue to process command list, it makes it possible to set few handlers for the same command.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3671104
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12060716 A list of the command is pointed by pluginlinks->}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12060716\charrsid12060716 commandhandlers}{\rtlch\fcs1
\af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12060716 ; you must insert you command after first one (do not replace pluginlink->}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12060716\charrsid12060716 commandhandlers}{
\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12060716 ). It\rquote s guaranteed at least 1 dummy command is always present.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12060716\charrsid12060716
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12060716
\par Example:
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid12060716\charrsid12060716 int mycommandhandler(int argc, unsigned char **argv);
\par struct commands mycommand;
\par
\par mycommand.command = \'93mycommand\'94;
\par mycommand.handler = mycommandhandler;
\par mycommand.intargs = 1;
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid12060716 {\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid12060716\charrsid12060716 mycommand.intargs = 2;
\par mycommand.next = pluginslinks->commandhandlers->next;
\par pluginslink->commandhandlers->next = &mycommand;
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12060716
\par Adds processor for \'93mycommand\'94 command with zero on one arguments.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12060716\charrsid13909505
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid13909505 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid13909505
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12060716 Adding configuration command is useful, if your plugin expects configuration data.
\par
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid3671104 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3671104
\par {\listtext\tab}}\pard \ltrpar\ql \li0\ri0\widctlpar\jclisttab\tx360\wrapdefault\aspalpha\aspnum\faauto\ls4\ilvl2\adjustright\rin0\lin0\itap0\pararsid3671104 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2296829 2.3.2 }{\rtlch\fcs1
\af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3671104 Adding authentication method with }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3671104\charrsid3671104 struct auth}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid3671104
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid3671104 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3671104
\par 3proxy supports authentication and authorization. Authentication process determines user account (for example by user
name and password), authorization checks, if user account has a right to access given resource and optionally establishes a connection, if required.
\par
\par \lquote auth\rquote command combines both authentication and authorization method. It\rquote s extandable with struct auth list:
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid3671104\charrsid16077654 struct auth \{
\par \tab struct auth *next;
\par \tab AUTHFUNC authenticate;
\par \tab AUTHFUNC authorize;
\par \tab char * desc;
\par \};
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3671104
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid3671104\charrsid16077654 char * desc}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3671104 \endash name of authentication/authorization method}{\rtlch\fcs1
\af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3671104\charrsid3671104
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid13909505 {\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid3671104\charrsid16077654 authenticate}{\rtlch\fcs1 \af0
\ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3671104 \endash name of authentication function}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12060716
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid3671104\charrsid16077654 authorize}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3671104 \endash name of authorization function
\par
\par pluginlink->}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3671104\charrsid3671104 authfuncs}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid3671104
points to list of authenticataction structures. Like above, new structure must be inserted after fiest one (or to the end of the list).
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid16077654
\par First, authentication is called, if authentication indicates OK status (return value 0), authorization is called. Normally, \lquote }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid16077654\charrsid16077654 checkACL}{\rtlch\fcs1 \af0
\ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid16077654 \rquote (pluginlink->checkACL) is called as authorization function to check user\rquote s request matches to standard allow/deny rules.
If for some reason you need to avoid this check, you should call pluginlink->alwaysauth to do some dirty job, like establishing outgoing connection.
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid16077654\charrsid4980816 typedef int (*AUTHFUNC)(struct clientparam * param);
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid16077654
\par is both authentication and authorization function. \lquote }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid16077654\charrsid16077654 struct clientparam}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid16077654
\rquote holds all information about client connection, including username (param->username) and password (param->password).
\par
\par Return value of 0 indicates successful authentication/authorization, 1}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1600374 and 3}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid16077654 \endash
authorization }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1600374 failed (access denied), use {\*\xmlopen\xmlns2{\factoidname metricconverter}{\xmlattr\xmlattrns0{\xmlattrname ProductID}{\xmlattrvalue 3 in}}}3 in{\*\xmlclose}
case you want to indicate access is explicitly denied and {\*\xmlopen\xmlns2{\factoidname metricconverter}{\xmlattr\xmlattrns0{\xmlattrname ProductID}{\xmlattrvalue 3 in}}}3 in{\*\xmlclose} case there is no matching rule. 4,5,6,7,8 \endash
authentication failed (e.g. username/password do not match). 4 indicates username }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12806430 does not present in request and }{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid1600374 must be requested, if possible. 5 indicates username }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12806430 found in request }{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid1600374 can not be found in user\rquote s database/list, 6,7,8 \endash username does not match password for different authentication types. 10 \endash user exceeded some limits, e.g. tr
affic. You may use some different code to indicate internal problems.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid16077654
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1600374
\par Example:
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid1600374\charrsid1600374 int myauthfunc(struct clientparam *param);
\par struct auth myauth;
\par
\par myauth.desc = \'93myauth\'94;
\par myauth.authenticate = myauthfunc;
\par myauth.authorize = pluginlink->checkACL;
\par myauth->next = pluginlink->authfuncs->next;
\par pluginlink->authfuncs->next = &myauth;
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1600374
\par Installs \'93myauthfunc\'94 as authentication function.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid7235628 There is no need to add \lquote auth\rquote command processor for new authentication type, it\rquote
s processed by standard \lquote auth\rquote command processor.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12806430
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid7235628
\par {\listtext\tab}}\pard \ltrpar\ql \li0\ri0\widctlpar\jclisttab\tx360\wrapdefault\aspalpha\aspnum\faauto\ls4\ilvl2\adjustright\rin0\lin0\itap0\pararsid12806430 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2296829 2.3.3 }{\rtlch\fcs1
\af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12806430 Adding scheduled functions
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid12806430 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12806430
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid4980816 Scheduled functions are described by this structure:
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid15928529\charrsid15236432 typedef enum \{NONE, MINUTELY, HOURLY, DAILY, WEEKLY, MONTHLY, ANNUALLY, NEVER\} ROTATION;
\par
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid4980816 {\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid4980816\charrsid15236432 struct schedule \{
\par \tab struct schedule *next;
\par \tab ROTATION type;
\par \tab void *data;
\par \tab int (*function)(void *);
\par \tab time_t start_time;
\par \};
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid12806430 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid4980816
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid15928529 {\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid15928529\charrsid15236432 int (*function)(void *)}{\rtlch\fcs1
\af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529 \endash scheduled function}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529\charrsid4980816
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid15928529\charrsid15236432 void *data}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529 \endash
this pointer will be passed as an argument to scheduled functions}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529\charrsid4980816
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid15928529\charrsid15236432 ROTATION type}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529 \endash
defines how often function is called (once in a minute, hour, etc).
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid15928529\charrsid15236432 start_time}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529 \endash time to begin using of scheduled function
\par
\par Scheduled functions are called every \lquote type\rquote interval after start_time and also on reloading configuration and going to termination state.
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15236432 Schedule function r}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529 eturn value of 1 means function must be
removed from the schedule. 3proxy doesn\rquote t free struct schedule.
\par
\par Schedule list can be empty. Pointer to schedule is pointed by }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid15928529\charrsid15236432 struct schedule ** schedule;}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid15928529 in pluginlink.
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15236432 Example:}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15236432
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid15236432\charrsid15236432 int myschedfunc(void * data);
\par struct schedule myschedule;
\par
\par myschedule.data = \'93somethinghere\'94;
\par myschedule.function = myschedfunc}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid15236432 ;}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid15236432\charrsid15236432
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid12806430 {\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid15236432\charrsid15236432 myschedule.type = MINUTELY;}{\rtlch\fcs1
\af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid15928529\charrsid15236432
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid15236432\charrsid15236432 myschedule.starttime = 0;
\par myschedule.next = *pluginlink->schedule;
\par *pluginlink->schedule = myschedule;
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15236432
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \ul\lang1033\langfe1049\langnp1033\insrsid15236432\charrsid15236432 NOTE:}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15236432 time_t is different for different compilers.
Make sure to compile plugin and 3proxy with same compiler.
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15928529
\par {\listtext\tab}}\pard \ltrpar\ql \li0\ri0\widctlpar\jclisttab\tx360\wrapdefault\aspalpha\aspnum\faauto\ls4\ilvl2\adjustright\rin0\lin0\itap0\pararsid4980816 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid4980816 2.3.4 Filters API
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid4980816 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid4980816
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15236432 3proxy has filters API, you can use, to process client request and data flowing through proxy. It should be noted, that currently 3proxy doesn\rquote
t provide filters with any useful data conversion, so, it\rquote s filter\rquote s task to find data in data flow. In case filter modifies some data, it\rquote s filter\rquote s task again to assure that everything\rquote s fine.}{\rtlch\fcs1 \af0
\ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1771507 If you know some filtering API like MILTER, you will find 3proxy filters very same.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15236432
\par
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid15236432 {\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid15236432\charrsid1771507 typedef enum \{
\par \tab PASS,
\par \tab CONTINUE,
\par \tab HANDLED,
\par \tab REJECT,
\par \tab REMOVE
\par \} FILTER_ACTION;
\par
\par typedef\tab void*\tab \tab FILTER_OPEN(void * idata, struct srvparam * param);
\par typedef\tab FILTER_ACTION \tab FILTER_CLIENT(void *fo, struct clientparam * param, void** fc);
\par typedef\tab FILTER_ACTION\tab FILTER_BUFFER(void *fc, struct clientparam * param, unsigned char ** buf_p, int * bufsize_p, int offset, int * length_p);
\par typedef\tab void\tab \tab FILTER_CLOSE(void *fo);
\par
\par struct filter \{
\par \tab struct filter * next;
\par \tab char * instance;
\par \tab void * data;
\par \tab FILTER_OPEN *filter_open;
\par \tab FILTER_CLIENT *filter_client;
\par \tab FILTER_BUFFER *filter_request;
\par \tab FILTER_BUFFER *filter_header_cli;
\par \tab FILTER_BUFFER *filter_header_srv;
\par \tab FILTER_BUFFER *filter_data_cli;
\par \tab FILTER_BUFFER *filter_data_srv;
\par \tab FILTER_CLOSE *filter_clear;
\par \tab FILTER_CLOSE *filter_close;
\par \};
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15236432
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid1771507 {\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid1771507\charrsid1771507 char * instance}{\rtlch\fcs1 \af0
\ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1771507 \endash is some instance identifier. You can use it to find required filter in the list. 3proxy itself doesn\rquote t use this field.}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid1771507\charrsid15236432
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid7013593
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid1771507\charrsid1771507 void * data}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1771507 \endash this parameter is passed to filter_open function.
\par The rest are filtering functions. Section 1 explains where and then each filter is called.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid7013593 data should not be NULL.}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid1771507
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid1771507\charrsid1986875 filter_open}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1771507 must always be defined, if you want filter to be ever used. It
\rquote s called then new service is created and is given \'93data\'94 from struct filter and struct srvparam (parsed service configuration). If filter_op
en for some filter returns NULL, filter will not be used for this service. Non-NULL return value will be used as \'93fo\'94 parameter for every call to filter_client.
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid1771507\charrsid1986875 filter_client}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1771507 }{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid1986875 is called upon client connect (before any data is sent/received). It\rquote s good plac
e to filter client by IP (and is not good place to filter it by hostname, because this operation takes a long time, 3proxy will not be able to accept new connection). fo is a data pointer received from filter_open, param \endash
newly created clientparam structu
re, fc is return parameter filter_open must initialize, it will be used as an argument to FILTER_BUFFER functions. PASS return value means this filter will be used for this client request. CONTINUE says to install filters. On different values client conne
ction is closed and no client thread is created.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1771507\charrsid15236432
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid15236432 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1771507
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid1986875 f}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid1986875\charrsid1771507 ilter_reques}{\rtlch\fcs1 \af0 \ltrch\fcs0
\i\lang1033\langfe1049\langnp1033\insrsid1986875 t, }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid1986875\charrsid1771507 filter_header_cli}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid1986875 , }{
\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid1986875\charrsid1771507 filter_header_srv}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid1986875 , }{\rtlch\fcs1 \af0 \ltrch\fcs0
\i\lang1033\langfe1049\langnp1033\insrsid1986875\charrsid1771507 filter_data_cli}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid1986875 , }{\rtlch\fcs1 \af0 \ltrch\fcs0
\i\lang1033\langfe1049\langnp1033\insrsid1986875\charrsid1771507 filter_data_srv}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid1986875 }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1986875
are used to process request and data r}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679 eceived from client and server.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid1986875\charrsid1986875
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid4980816 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15236432
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid9981679\charrsid1771507 char ** buf_p}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679 is a pointer to current buffer, }{\rtlch\fcs1 \af0 \ltrch\fcs0
\i\lang1033\langfe1049\langnp1033\insrsid9981679\charrsid1771507 int * bufsize_p}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679 is a pointer to it\rquote s size. In case you change some data and it doesn\rquote
t fit to current buffer, you may allocate new buffer (with pluginlink->myalloc), copy data from old buffer, free old buffer (with pluginlink->myfree) and set new values for *}{\rtlch\fcs1 \af0 \ltrch\fcs0
\i\lang1033\langfe1049\langnp1033\insrsid9981679\charrsid1771507 buf_p}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid9981679 }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679 and }{\rtlch\fcs1 \af0
\ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid9981679 *}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid9981679\charrsid1771507 bufsize_p}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679 .
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid9981679 int }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid9981679\charrsid1771507 * offset_p}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid9981679 offset of the new data in the buffer, }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid9981679\charrsid1771507 int * length_p}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid9981679 length of all data in the buffer. You should filter only (*length_p - *offset_p) characters starting from }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid9981679\charrsid9981679
(*buf_p + *offset_p)}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679 .}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679\charrsid9981679
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid9981679\charrsid1771507 filter_clear}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid9981679 }{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid9981679 is called for each successfule filter_client}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15609114 and should be used to free allocated resources}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid9981679\charrsid9981679
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid9981679\charrsid9981679 filter_close}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679 is called for each successful filter_open}{\rtlch\fcs1 \af0
\ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15609114 for the same reason}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679
\par
\par An example of filter API usage you can find in PCREPlugin (see plugins/}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679\charrsid9981679 PCREPlugin}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679 /
}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679\charrsid9981679 pcre_plugin.c}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid9981679 ).
\par
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \ul\lang1033\langfe1049\langnp1033\insrsid15609114\charrsid15609114 Note}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15609114 : if }{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid15609114\charrsid15609114 param->nooverwritefilter}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15609114
is set for FILTER_BUFFER functions, filter may change data in the buffer, but must not change data length. This flag may be set, if data size if already known and is sent to the client. }{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid15609114\charrsid15609114
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid15609114\charrsid9981679
\par {\listtext\tab}}\pard \ltrpar\ql \li0\ri0\widctlpar\jclisttab\tx360\wrapdefault\aspalpha\aspnum\faauto\ls4\ilvl2\adjustright\rin0\lin0\itap0\pararsid4980816 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid4980816 2.3.5
Replacing log functions, traffic counting functions, bandwidth limitation functions
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid4980816 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid4980816
\par }\pard \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid13909505 {\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8326885
Log, traffic and bandwidth function can be directly replaced in any over place. All functions may be replaced in conf (pluginlink->conf->logfunc, pluginlink->conf->bandlim
func, pluginlink->conf->trafcountfunc). In this case, these functions will be used for services started after the changes are made. }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2567226 l}{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid8326885 ogfunc may also be changed for }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2567226 struct s}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid8326885
rvparam (e.g. within filter_open)}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2567226 , bandlimfunc and trafcountfunc may be changed in struct clientparam for every client individually (e.g. within filter_client).}{\rtlch\fcs1
\af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid12806430
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2567226
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid2567226\charrsid2567226 typedef void (*LOGFUNC)(struct clientparam * param, const unsigned char * test);
\par typedef void (*TRAFCOUNTFUNC)(struct clientparam * param); }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid2567226
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid2567226\charrsid2567226 typedef unsigned (*BANDLIMFUNC)(struct clientparam * param, unsigned nbytesin, unsigned nbytesout);
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2567226
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid2567226\charrsid2567226 struct clientparam * param}{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid2567226 \endash }{\rtlch\fcs1 \af0 \ltrch\fcs0
\lang1033\langfe1049\langnp1033\insrsid2567226 information about client request}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2567226\charrsid2567226
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid2567226\charrsid2567226 char * text}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2567226 - text string (e.g. request)
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \i\lang1033\langfe1049\langnp1033\insrsid2567226\charrsid2567226 nbytesin, nbytesout}{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2567226 \endash
number of bytes received from / send to server. bandlimfunc returns delay in milliseconds.
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \lang1033\langfe1049\langnp1033\insrsid2567226\charrsid2567226
\par }}

259
doc/html/devel/devref.html
View File

@ -1,259 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Style-Type" content="text/css">
<title>3proxy developer reference</title>
<style type="text/css">
span.s1 {text-decoration: underline}
ol {list-style-type: none}
ol.level1 {counter-reset: h1}
ol.level1 > li::before {content: counter(h1) ". "; counter-increment: h1; font-weight: bold}
ol.level2 {counter-reset: h2}
ol.level2 > li::before {content: counter(h1) "." counter(h2) " "; counter-increment: h2}
ol.level3 {counter-reset: h3}
ol.level3 > li::before {content: counter(h1) "." counter(h2) "." counter(h3) " "; counter-increment: h3}
pre {margin: 0.5em 0; padding: 0.5em; background: #f5f5f5; border: 1px solid #ddd}
code {font-family: monospace}
</style>
</head>
<body>
<h2>3proxy developer reference</h2>
<ol class="level1">
<li><b>Understanding Internal 3proxy structure</b>
<p>3proxy is implemented as multithread application. Server model is implemented as "one connection one thread". It means, for every client connection new thread is created. This model is effective enough under Windows, because it allows it avoid thread creation on asynchronous operations, yet under most POSIX systems this model can not be considered as most efficient. It's planned for (very far in future) release to implement more efficient model, where single thread can serve few clients.</p>
<ol class="level2">
<li>main thread
<p>3proxy begins with main thread. This thread parses configuration file and starts main loop. During configuration file parsing <code>struct extaparam conf;</code> structure is filled and service threads are started.</p>
<p>Main loop cycle takes approximately 1 second and does these tasks:</p>
<ul>
<li>re-reads configuration file, if necessary</li>
<li>performs scheduled tasks</li>
<li>monitors files ('monitor' command), approx. once in a minute</li>
<li>rotates main logfile</li>
<li>dumps counters to file, approx. once in a minute</li>
<li>performs termination, if required</li>
</ul>
<p>It's guaranteed every configuration and schedule command is executed from the same thread.</p>
<p>Main thread is implemented in <b>3proxy.c</b></p>
</li>
<li>service thread
<p>Service threads are started immediately, than service command (e.g. 'proxy' or 'socks') are found during configuration file parsing. Each command creates new thread. Thread does these tasks:</p>
<ul>
<li>parses service command arguments and fills <code>struct srvparam srv</code> structure with service configuration and <code>struct clientparam defparam</code> structure with default client configuration</li>
<li>initializes filters (filter_open)</li>
<li>creates and initializes listening service socket</li>
<li>enters into service loop</li>
<li>terminates filters (filter_close)</li>
</ul>
<p>service loop:</p>
<ul>
<li>checks for configuration reload (approximately every second), thread exits if configuration reloaded or 3proxy is in terminating state.</li>
<li>accepts client connection and creates <code>struct clientparam newparam</code> structure with client configuration</li>
<li>creates/checks client filters (filter_client)</li>
<li>creates client thread with newly created <code>struct clientparam newparam</code></li>
</ul>
<p>service threads are implemented in <b>proxymain.c</b></p>
<p>Please note: struct clientparam is freed and filter_clear is executed from different (client) thread.</p>
</li>
<li>client thread
<p>Client threads are started from service thread. Client thread:</p>
<ul>
<li>reads client request (except portmappers) with authentication information and request headers (if any).</li>
<li>filters request (if any) with filter_request</li>
<li>filters headers (if any) with filter_header_cli</li>
<li>performs authentication and authorization</li>
<li>established connection with server</li>
<li>sends request to server</li>
<li>filters server headers (if any)</li>
<li>maps client end server sockets to transmit data between client and server</li>
<li>logs request. Global counters are also updated on this operation</li>
<li>clears client filters (filter_clear)</li>
<li>frees <code>struct clientparam</code> data</li>
</ul>
<p>in some point client thread may loop to process few client requests from the same connection (e.g. HTTP 'established' connection in 'proxy').</p>
<p>Socket mapping does:</p>
<ul>
<li>caches data in internal client and server buffers</li>
<li>delays data transmit to limit bandwidth</li>
<li>performs data filtering (filter_data_cli / filter_data_srv)</li>
</ul>
<p>client threads are implemented in <b>proxy.c</b>, <b>socks.c</b>, <b>pop3p.c</b> etc.</p>
</li>
</ol>
</li>
<li><b>Hacking into 3proxy code with plugins</b>
<ol class="level2">
<li>What is 3proxy plugin
<p>3proxy plugin is any dynamic/shared library. There is no specific requirement for plugin, actually you can load any dynamic library with 'plugin' command. No linking with any libraries are required. However, to interoperate with 3proxy dynamic library must have an export function 3proxy may call to pass the structure with required information.</p>
<pre><code>typedef int (*PLUGINFUNC) (struct pluginlink *pluginlink, int argc, char** argv);</code></pre>
<p><code>struct pluginlink</code> is a structure with export information, explained later, argc and argv are argument counter and array of arguments of "plugin" command. Plugin should report it's status with integer return value. 0 is success, positive value indicates non-recoverable error, 3proxy do not parse rest of configuration and enters into termination state, negative value indicates recoverable value, 3proxy logs warning (if possible). In case of C++, all 3proxy functions/structures must be extern "C".</p>
<p>All 3proxy structures/functions descriptions are located in <b>structures.h</b></p>
</li>
<li>Understanding pluginlink structure
<p>Because there is no linking between 3proxy and plugin, all 3proxy functions and structures are passed with pluginlink structure. Pluginlink is actually a collection of pointers to 3proxy internal structures and functions. Because pluginlink is constantly extending, you should see it's definitions in <b>structures.h</b>.</p>
<p>most important are:</p>
<pre><code>struct symbol symbols;</code></pre>
<p>"symbols" is a kind of name/value export table, made as a list. It can be used by plugins to exchange information and functions between plugins, e.g. to export functions from one plugin to another, where pluginlink is useless, because it's static. It's quite simple:</p>
<pre><code>struct symbol {
struct symbol *next;
char * name;
void * value;
};</code></pre>
<p><code>name</code> is a name of function or structure</p>
<p><code>value</code> is it's value.</p>
<p>use <code>pluginlink-&gt;findbyname</code> function to lookup, e.g.</p>
<pre><code>anotherplugindata = pluginlink-&gt;findbyname("anotherplugindata");</code></pre>
<p>To export something from your plugin, add your structure to this list.</p>
<pre><code>struct extparam *conf;</code></pre>
<p>pointer to conf structure, it holds all current 3proxy configuration</p>
</li>
<li>How to get control within plugin
<p>There are few points you can get control for your plugin, after it's loaded with 'plugin' command.</p>
<ol class="level3">
<li>Adding configuration command processor with struct command structure
<p>A list of configuration file command, available from 3proxy.cfg is extendable. Each command is defined by <code>struct commands</code>:</p>
<pre><code>struct commands {
struct commands *next;
char * command;
int (* handler)(int argc, unsigned char ** argv);
int minargs;
int maxargs;
};</code></pre>
<p><code>struct commands *next</code> - next element in list</p>
<p><code>char * command</code> command name</p>
<p><code>int (* handler)(int argc, unsigned char ** argv)</code> command handler. It's called than 'command' is found in configuration files, argc is a number of arguments, counting command itself, argv is array of arguments.</p>
<p><code>minargs</code> minimum number of arguments command support (&gt;= 1)</p>
<p><code>maxargs</code> maximum number of arguments command support, 0 means infinity.</p>
<p>Handler return value of 0 indicates command is successfully processed. Positive return value indicates non-recoverable error, 3proxy enters termination state. Negative value indicates 3proxy to continue to process command list, it makes it possible to set few handlers for the same command.</p>
<p>A list of the command is pointed by <code>pluginlink-&gt;commandhandlers</code>; you must insert you command after first one (do not replace <code>pluginlink-&gt;commandhandlers</code>). It's guaranteed at least 1 dummy command is always present.</p>
<p>Example:</p>
<pre><code>int mycommandhandler(int argc, unsigned char **argv);
struct commands mycommand;
mycommand.command = "mycommand";
mycommand.handler = mycommandhandler;
mycommand.intargs = 1;
mycommand.intargs = 2;
mycommand.next = pluginslinks-&gt;commandhandlers-&gt;next;
pluginslink-&gt;commandhandlers-&gt;next = &amp;mycommand;</code></pre>
<p>Adds processor for "mycommand" command with zero on one arguments.</p>
<p>Adding configuration command is useful, if your plugin expects configuration data.</p>
</li>
<li>Adding authentication method with struct auth
<p>3proxy supports authentication and authorization. Authentication process determines user account (for example by username and password), authorization checks, if user account has a right to access given resource and optionally establishes a connection, if required.</p>
<p>'auth' command combines both authentication and authorization method. It's extandable with struct auth list:</p>
<pre><code>struct auth {
struct auth *next;
AUTHFUNC authenticate;
AUTHFUNC authorize;
char * desc;
};</code></pre>
<p><code>char * desc</code> name of authentication/authorization method</p>
<p><code>authenticate</code> name of authentication function</p>
<p><code>authorize</code> name of authorization function</p>
<p><code>pluginlink-&gt;authfuncs</code> points to list of authenticataction structures. Like above, new structure must be inserted after fiest one (or to the end of the list).</p>
<p>First, authentication is called, if authentication indicates OK status (return value 0), authorization is called. Normally, 'checkACL' (<code>pluginlink-&gt;checkACL</code>) is called as authorization function to check user's request matches to standard allow/deny rules. If for some reason you need to avoid this check, you should call <code>pluginlink-&gt;alwaysauth</code> to do some dirty job, like establishing outgoing connection.</p>
<pre><code>typedef int (*AUTHFUNC)(struct clientparam * param);</code></pre>
<p>is both authentication and authorization function. <code>struct clientparam</code> holds all information about client connection, including username (<code>param-&gt;username</code>) and password (<code>param-&gt;password</code>).</p>
<p>Return value of 0 indicates successful authentication/authorization, 1 and 3 authorization failed (access denied), use 3 in case you want to indicate access is explicitly denied and 3 in case there is no matching rule. 4,5,6,7,8 authentication failed (e.g. username/password do not match). 4 indicates username does not present in request and must be requested, if possible. 5 indicates username found in request can not be found in user's database/list, 6,7,8 username does not match password for different authentication types. 10 user exceeded some limits, e.g. traffic. You may use some different code to indicate internal problems.</p>
<p>Example:</p>
<pre><code>int myauthfunc(struct clientparam *param);
struct auth myauth;
myauth.desc = "myauth";
myauth.authenticate = myauthfunc;
myauth.authorize = pluginlink-&gt;checkACL;
myauth-&gt;next = pluginlink-&gt;authfuncs-&gt;next;
pluginlink-&gt;authfuncs-&gt;next = &amp;myauth;</code></pre>
<p>Installs "myauthfunc" as authentication function. There is no need to add 'auth' command processor for new authentication type, it's processed by standard 'auth' command processor.</p>
</li>
<li>Adding scheduled functions
<p>Scheduled functions are described by this structure:</p>
<pre><code>typedef enum {NONE, MINUTELY, HOURLY, DAILY, WEEKLY, MONTHLY, ANNUALLY, NEVER} ROTATION;
struct schedule {
struct schedule *next;
ROTATION type;
void *data;
int (*function)(void *);
time_t start_time;
};</code></pre>
<p><code>int (*function)(void *)</code> scheduled function</p>
<p><code>void *data</code> this pointer will be passed as an argument to scheduled functions</p>
<p><code>ROTATION type</code> defines how often function is called (once in a minute, hour, etc).</p>
<p><code>start_time</code> time to begin using of scheduled function</p>
<p>Scheduled functions are called every 'type' interval after start_time and also on reloading configuration and going to termination state.</p>
<p>Schedule function return value of 1 means function must be removed from the schedule. 3proxy doesn't free struct schedule.</p>
<p>Schedule list can be empty. Pointer to schedule is pointed by <code>struct schedule ** schedule;</code> in pluginlink.</p>
<p>Example:</p>
<pre><code>int myschedfunc(void * data);
struct schedule myschedule;
myschedule.data = "somethinghere";
myschedule.function = myschedfunc;
myschedule.type = MINUTELY;
myschedule.starttime = 0;
myschedule.next = *pluginlink-&gt;schedule;
*pluginlink-&gt;schedule = myschedule;</code></pre>
<p><span class="s1">NOTE:</span> time_t is different for different compilers. Make sure to compile plugin and 3proxy with same compiler.</p>
</li>
<li>Filters API
<p>3proxy has filters API, you can use, to process client request and data flowing through proxy. It should be noted, that currently 3proxy doesn't provide filters with any useful data conversion, so, it's filter's task to find data in data flow. In case filter modifies some data, it's filter's task again to assure that everything's fine. If you know some filtering API like MILTER, you will find 3proxy filters very same.</p>
<pre><code>typedef enum {
PASS,
CONTINUE,
HANDLED,
REJECT,
REMOVE
} FILTER_ACTION;
typedef void* FILTER_OPEN(void * idata, struct srvparam * param);
typedef FILTER_ACTION FILTER_CLIENT(void *fo, struct clientparam * param, void** fc);
typedef FILTER_ACTION FILTER_BUFFER(void *fc, struct clientparam * param, unsigned char ** buf_p, int * bufsize_p, int offset, int * length_p);
typedef void FILTER_CLOSE(void *fo);
struct filter {
struct filter * next;
char * instance;
void * data;
FILTER_OPEN *filter_open;
FILTER_CLIENT *filter_client;
FILTER_BUFFER *filter_request;
FILTER_BUFFER *filter_header_cli;
FILTER_BUFFER *filter_header_srv;
FILTER_BUFFER *filter_data_cli;
FILTER_BUFFER *filter_data_srv;
FILTER_CLOSE *filter_clear;
FILTER_CLOSE *filter_close;
};</code></pre>
<p><code>char * instance</code> is some instance identifier. You can use it to find required filter in the list. 3proxy itself doesn't use this field.</p>
<p><code>void * data</code> this parameter is passed to filter_open function. The rest are filtering functions. Section 1 explains where and then each filter is called. data should not be NULL.</p>
<p><code>filter_open</code> must always be defined, if you want filter to be ever used. It's called then new service is created and is given "data" from struct filter and struct srvparam (parsed service configuration). If filter_open for some filter returns NULL, filter will not be used for this service. Non-NULL return value will be used as "fo" parameter for every call to filter_client.</p>
<p><code>filter_client</code> is called upon client connect (before any data is sent/received). It's good place to filter client by IP (and is not good place to filter it by hostname, because this operation takes a long time, 3proxy will not be able to accept new connection). fo is a data pointer received from filter_open, param newly created clientparam structure, fc is return parameter filter_open must initialize, it will be used as an argument to FILTER_BUFFER functions. PASS return value means this filter will be used for this client request. CONTINUE says to install filters. On different values client connection is closed and no client thread is created.</p>
<p><code>filter_request, filter_header_cli, filter_header_srv, filter_data_cli, filter_data_srv</code> are used to process request and data received from client and server.</p>
<p><code>char ** buf_p</code> is a pointer to current buffer, <code>int * bufsize_p</code> is a pointer to it's size. In case you change some data and it doesn't fit to current buffer, you may allocate new buffer (with <code>pluginlink-&gt;myalloc</code>), copy data from old buffer, free old buffer (with <code>pluginlink-&gt;myfree</code>) and set new values for <code>*buf_p</code> and <code>*bufsize_p</code>.</p>
<p><code>int offset</code> offset of the new data in the buffer, <code>int * length_p</code> length of all data in the buffer. You should filter only <code>(*length_p - *offset_p)</code> characters starting from <code>(*buf_p + *offset_p)</code>.</p>
<p><code>filter_clear</code> is called for each successfule filter_client and should be used to free allocated resources</p>
<p><code>filter_close</code> is called for each successful filter_open for the same reason</p>
<p>An example of filter API usage you can find in PCREPlugin (see plugins/PCREPlugin/pcre_plugin.c).</p>
<p><span class="s1">Note</span>: if <code>param-&gt;nooverwritefilter</code> is set for FILTER_BUFFER functions, filter may change data in the buffer, but must not change data length. This flag may be set, if data size if already known and is sent to the client.</p>
</li>
<li>Replacing log functions, traffic counting functions, bandwidth limitation functions
<p>Log, traffic and bandwidth function can be directly replaced in any over place. All functions may be replaced in conf (<code>pluginlink-&gt;conf-&gt;logfunc</code>, <code>pluginlink-&gt;conf-&gt;bandlimfunc</code>, <code>pluginlink-&gt;conf-&gt;trafcountfunc</code>). In this case, these functions will be used for services started after the changes are made. logfunc may also be changed for struct srvparam (e.g. within filter_open), bandlimfunc and trafcountfunc may be changed in struct clientparam for every client individually (e.g. within filter_client).</p>
<pre><code>typedef void (*LOGFUNC)(struct clientparam * param, const unsigned char * test);
typedef void (*TRAFCOUNTFUNC)(struct clientparam * param);
typedef unsigned (*BANDLIMFUNC)(struct clientparam * param, unsigned nbytesin, unsigned nbytesout);</code></pre>
<p><code>struct clientparam * param</code> information about client request</p>
<p><code>char * text</code> - text string (e.g. request)</p>
<p><code>nbytesin, nbytesout</code> number of bytes received from / send to server. bandlimfunc returns delay in milliseconds.</p>
</li>
</ol>
</li>
</ol>
</li>
</ol>
</body>
</html>

78
doc/html/howtoe.html
View File

@ -33,9 +33,8 @@
<li><a href="#NAMES">How to resolve names through a parent proxy</a></li>
<li><a href="#ISFTP">How to set up an FTP proxy</a></li>
<li><a href="#TLSPR">How to set up an SNI proxy (tlspr)</a></li>
<li><a href="#SSLPLUGIN">How to set up TLS/SSL (https proxy, mTLS)</a></li>
<li><a href="#CERTIFICATES">How to create CA and certificates for SSL</a></li>
<li><a href="#PCRE">How to use PCRE filtering (regular expressions)</a></li>
<li><a href="#SSLPLUGIN">How to set up TLS/SSL with SSLPlugin (https proxy, mTLS)</a></li>
<li><a href="#CERTIFICATES">How to create CA and certificates for SSLPlugin</a></li>
<li><A HREF="#AUTH">How to limit service access</A>
<li><A HREF="#USERS">How to create a user list</A>
<li><A HREF="#ACL">How to limit user access to resources</A>
@ -640,12 +639,9 @@ allow *
proxy
</pre>
</p>
<li><a name="SSLPLUGIN"><i>How to set up TLS/SSL (https proxy, mTLS)</i></a>
<li><a name="SSLPLUGIN"><i>How to set up TLS/SSL with SSLPlugin (https proxy, mTLS)</i></a>
<p>
Since version 0.9.7, SSL/TLS support is built into 3proxy when compiled with OpenSSL
(WITH_SSL). Previously available as SSLPlugin, the functionality is now integrated
into the main binary. The plugin line is no longer required.
SSL/TLS support can be used to:
SSLPlugin provides TLS/SSL support for 3proxy. It can be used to:
<ul>
<li>Create an https:// proxy (TLS-encrypted connection between client and proxy)</li>
<li>Implement MITM for TLS traffic inspection</li>
@ -658,6 +654,7 @@ SSL/TLS support can be used to:
<br>To create an https:// proxy, you need a server certificate and key. The certificate must not be self-signed
and should contain Subject Alternative Names (SAN) for the proxy hostname/IP.
</p><pre>
plugin /path/to/SSLPlugin.ld.so ssl_plugin
ssl_server_cert /etc/3proxy/certs/server.crt
ssl_server_key /etc/3proxy/certs/server.key
ssl_serv
@ -673,6 +670,7 @@ Configure clients to use https://proxy-host:3129/ as the proxy URL.
<b>Client certificate authentication (mTLS):</b>
<br>To require clients to authenticate with a certificate, use ssl_server_verify and provide the CA certificate:
</p><pre>
plugin /path/to/SSLPlugin.ld.so ssl_plugin
ssl_server_cert /etc/3proxy/certs/server.crt
ssl_server_key /etc/3proxy/certs/server.key
ssl_server_ca_file /etc/3proxy/certs/ca.crt
@ -687,6 +685,7 @@ Only clients with a valid certificate signed by the CA can connect.
<b>MITM for TLS traffic inspection:</b>
<br>To intercept and decrypt TLS traffic, you need a CA certificate to generate spoofed server certificates:
</p><pre>
plugin /path/to/SSLPlugin.ld.so ssl_plugin
ssl_server_ca_file /etc/3proxy/certs/ca.crt
ssl_server_ca_key /etc/3proxy/certs/ca.key
ssl_client_verify
@ -704,6 +703,7 @@ Without ssl_client_verify, the proxy is vulnerable to MITM attacks.
<b>TLS client (connect to upstream via TLS):</b>
<br>To connect to upstream servers via TLS with client certificate authentication:
</p><pre>
plugin /path/to/SSLPlugin.ld.so ssl_plugin
ssl_client_cert /etc/3proxy/certs/client.crt
ssl_client_key /etc/3proxy/certs/client.key
ssl_client_verify
@ -715,6 +715,7 @@ proxy -p3128
<b>Conditional TLS for parent proxy (ssl_client_mode 3):</b>
<br>With ssl_client_mode 3, TLS handshake to parent proxy is performed only if the parent type ends with 's' (secure types). This allows mixing secure and non-secure parent proxies in the same configuration:
</p><pre>
plugin /path/to/SSLPlugin.ld.so ssl_plugin
ssl_server_cert /etc/3proxy/certs/server.crt
ssl_server_key /etc/3proxy/certs/server.key
ssl_client_mode 3
@ -733,7 +734,7 @@ ssl_nocli
<p>
This creates an HTTPS proxy (ssl_serv) that accepts TLS connections from clients. For parent proxy connections, user1's traffic goes through an https parent with TLS encryption (secure type), while user2's traffic goes through a regular socks5 parent without TLS. Secure parent types include: tcps, https, connects, connect+s, socks4s, socks5s, socks4+s, socks5+s, pop3s, smtps, ftps.
</p>
<li><a name="CERTIFICATES"><i>How to create CA and certificates for SSL</i></a>
<li><a name="CERTIFICATES"><i>How to create CA and certificates for SSLPlugin</i></a>
<p>
<b>Creating a Certificate Authority (CA):</b>
<br>For MITM or mTLS, you need a CA. Generate a CA private key and certificate:
@ -848,65 +849,6 @@ openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key \
openssl pkcs12 -export -out client.p12 -passout pass: \
-inkey client.key -in client.crt -certfile ca.crt
</pre>
<li><a name="PCRE"><i>How to use PCRE filtering (regular expressions)</i></a>
<p>
Since version 0.9.7, PCRE (Perl Compatible Regular Expressions) filtering is built into
3proxy when compiled with PCRE2 support (WITH_PCRE). Previously available as PCREPlugin,
the functionality is now integrated into the main binary. The plugin line is no longer required.
</p>
<p>
PCRE filtering can be used to create matching and replacement rules with regular expressions
for client requests, client and server headers, and client and server data.
</p>
<p>
<b>Commands:</b>
</p><pre>
pcre TYPE FILTER_ACTION REGEXP [ACE]
pcre_rewrite TYPE FILTER_ACTION REGEXP REWRITE_EXPRESSION [ACE]
pcre_extend FILTER_ACTION [ACE]
pcre_options OPTION1 [...]
</pre>
<p>
<ul>
<li><b>TYPE</b> - type of filtered data (comma-delimited list):
<ul>
<li><b>request</b> - content of the client's request (e.g., HTTP GET request string)
<li><b>cliheader</b> - content of the client request headers
<li><b>srvheader</b> - content of the server's reply headers
<li><b>clidata</b> - data received from the client (e.g., HTTP POST data)
<li><b>srvdata</b> - data received from the server (e.g., HTML page)
</ul>
<li><b>FILTER_ACTION</b> - action on match:
<ul>
<li><b>allow</b> - allow this request without checking the rest of the rules
<li><b>deny</b> - deny this request without checking the rest of the rules
<li><b>dunno</b> - continue with the rest of the rules (useful with pcre_rewrite)
</ul>
<li><b>REGEXP</b> - PCRE (Perl) regular expression. Use * if no regexp matching is required.
<li><b>REWRITE_EXPRESSION</b> - substitution string. May contain Perl-style substrings
$1, $2, etc. $0 means the whole matched string. \r and \n may be used to insert new lines.
<li><b>ACE</b> - access control entry (user names, source IPs, destination IPs, ports, etc.),
identical to allow/deny/bandlimin commands. The regular expression is only matched if the ACL
matches the connection data.
</ul>
</p>
<p>
<b>Examples:</b>
</p><pre>
# Block requests containing specific keywords for certain users
pcre request deny "porn|sex" user1,user2,user3 192.168.0.0/16
# Block responses with specific content type
pcre srvheader deny "Content-type: application"
# Replace content in both directions (censorship)
pcre_rewrite clidata,srvdata dunno "porn|sex|pussy" "***" baduser
pcre_extend deny * 192.168.0.1/16
</pre>
<p>
<b>Note:</b> Regular expressions don't require authentication and cannot replace
authentication and/or allow/deny ACLs.
</p>
<li><A NAME="AUTH">How to limit service access</A>
<p>
First, always specify the internal interface to accept incoming connections with the

79
doc/html/howtor.html
View File

@ -33,9 +33,8 @@
<li><a href="#NAMES">Как разрешать имена на родительском прокси?</a></li>
<li><a href="#ISFTP">Как настроить FTP прокси?</a></li>
<li><a href="#TLSPR">Как настроить SNI proxy (tlspr)</a></li>
<li><a href="#SSLPLUGIN">Как настроить TLS/SSL (https прокси, mTLS)</a></li>
<li><a href="#CERTIFICATES">Как создать CA и сертификаты для SSL</a></li>
<li><a href="#PCRE">Как использовать PCRE-фильтрацию (регулярные выражения)</a></li>
<li><a href="#SSLPLUGIN">Как настроить TLS/SSL с помощью SSLPlugin (https прокси, mTLS)</a></li>
<li><a href="#CERTIFICATES">Как создать CA и сертификаты для SSLPlugin</a></li>
<li><a href="#AUTH">Как ограничить доступ к службе</a>
<li><a href="#USERS">Как создать список пользователей</a>
<li><a href="#ACL">Как ограничить доступ пользователей к ресурсам</a>
@ -649,12 +648,9 @@ proxy
</pre>
</p>
<li><a name="SSLPLUGIN"><i>Как настроить TLS/SSL (https прокси, mTLS)</i></a>
<li><a name="SSLPLUGIN"><i>Как настроить TLS/SSL с помощью SSLPlugin (https прокси, mTLS)</i></a>
<p>
Начиная с версии 0.9.7 поддержка TLS/SSL встроена в 3proxy при компиляции с OpenSSL
(WITH_SSL). Ранее доступная как SSLPlugin, функциональность теперь интегрирована
в основной бинарный файл. Строка plugin больше не нужна.
TLS/SSL может использоваться для:
SSLPlugin обеспечивает поддержку TLS/SSL для 3proxy. Он может использоваться для:
<ul>
<li>Создания https:// прокси (TLS-шифрованное соединение между клиентом и прокси)</li>
<li>Реализации MITM для инспекции TLS-трафика</li>
@ -667,6 +663,7 @@ TLS/SSL может использоваться для:
<br>Для создания https:// прокси требуется сертификат и ключ сервера. Сертификат не должен быть самоподписанным
и должен содержать альтернативные имена (SAN) для имени хоста/IP прокси.
</p><pre>
plugin /path/to/SSLPlugin.ld.so ssl_plugin
ssl_server_cert /etc/3proxy/certs/server.crt
ssl_server_key /etc/3proxy/certs/server.key
ssl_serv
@ -682,6 +679,7 @@ proxy -p3128
<b>Аутентификация по клиентскому сертификату (mTLS):</b>
<br>Чтобы требовать от клиентов аутентификацию по сертификату, используйте ssl_server_verify и укажите CA-сертификат:
</p><pre>
plugin /path/to/SSLPlugin.ld.so ssl_plugin
ssl_server_cert /etc/3proxy/certs/server.crt
ssl_server_key /etc/3proxy/certs/server.key
ssl_server_ca_file /etc/3proxy/certs/ca.crt
@ -696,6 +694,7 @@ proxy -p3129
<b>MITM для инспекции TLS-трафика:</b>
<br>Для перехвата и расшифровки TLS-трафика требуется CA-сертификат для генерации подделанных серверных сертификатов:
</p><pre>
plugin /path/to/SSLPlugin.ld.so ssl_plugin
ssl_server_ca_file /etc/3proxy/certs/ca.crt
ssl_server_ca_key /etc/3proxy/certs/ca.key
ssl_client_verify
@ -713,6 +712,7 @@ CA-сертификат должен быть доверенным для кли
<b>TLS-клиент (соединение с вышестоящим сервером через TLS):</b>
<br>Для соединения с вышестоящими серверами через TLS с аутентификацией по клиентскому сертификату:
</p><pre>
plugin /path/to/SSLPlugin.ld.so ssl_plugin
ssl_client_cert /etc/3proxy/certs/client.crt
ssl_client_key /etc/3proxy/certs/client.key
ssl_client_verify
@ -724,6 +724,7 @@ proxy -p3128
<b>Условное TLS для parent прокси (ssl_client_mode 3):</b>
<br>При ssl_client_mode 3 TLS-рукопожатие с родительским прокси выполняется только если тип parent прокси заканчивается на 's' (защищённые типы). Это позволяет смешивать защищённые и незащищённые родительские прокси в одной конфигурации:
</p><pre>
plugin /path/to/SSLPlugin.ld.so ssl_plugin
ssl_server_cert /etc/3proxy/certs/server.crt
ssl_server_key /etc/3proxy/certs/server.key
ssl_client_mode 3
@ -742,7 +743,7 @@ ssl_nocli
<p>
Создаётся HTTPS-прокси (ssl_serv), принимающий TLS-соединения от клиентов. Для соединений с родительским прокси трафик user1 идёт через https родитель с TLS-шифрованием (защищённый тип), а трафик user2 — через обычный socks5 родитель без TLS. Защищённые типы parent прокси: tcps, https, connects, connect+s, socks4s, socks5s, socks4+s, socks5+s, pop3s, smtps, ftps.
</p>
<li><a name="CERTIFICATES"><i>Как создать CA и сертификаты для SSL</i></a>
<li><a name="CERTIFICATES"><i>Как создать CA и сертификаты для SSLPlugin</i></a>
<p>
<b>Создание удостоверяющего центра (CA):</b>
<br>Для MITM или mTLS требуется CA. Сгенерируйте закрытый ключ CA и сертификат:
@ -858,66 +859,6 @@ openssl pkcs12 -export -out client.p12 -passout pass: \
-inkey client.key -in client.crt -certfile ca.crt
</pre>
<li><a name="PCRE"><i>Как использовать PCRE-фильтрацию (регулярные выражения)</i></a>
<p>
Начиная с версии 0.9.7 фильтрация PCRE встроена в 3proxy при компиляции с поддержкой
PCRE2 (WITH_PCRE). Ранее доступная как PCREPlugin, функциональность теперь интегрирована
в основной бинарный файл. Строка plugin больше не нужна.
</p>
<p>
PCRE-фильтрация может использоваться для создания правил поиска и замены с регулярными
выражениями для запросов клиентов, заголовков клиента и сервера, а также данных.
</p>
<p>
<b>Команды:</b>
</p><pre>
pcre TYPE FILTER_ACTION REGEXP [ACE]
pcre_rewrite TYPE FILTER_ACTION REGEXP REWRITE_EXPRESSION [ACE]
pcre_extend FILTER_ACTION [ACE]
pcre_options OPTION1 [...]
</pre>
<p>
<ul>
<li><b>TYPE</b> - тип фильтруемых данных (список через запятую):
<ul>
<li><b>request</b> - содержимое запроса клиента (например, строка HTTP GET-запроса)
<li><b>cliheader</b> - содержимое заголовков запроса клиента
<li><b>srvheader</b> - содержимое заголовков ответа сервера
<li><b>clidata</b> - данные полученные от клиента (например, данные POST-запроса)
<li><b>srvdata</b> - данные полученные от сервера (например, HTML-страница)
</ul>
<li><b>FILTER_ACTION</b> - действие при совпадении:
<ul>
<li><b>allow</b> - разрешить запрос без проверки остальных правил
<li><b>deny</b> - запретить запрос без проверки остальных правил
<li><b>dunno</b> - продолжить проверку правил (полезно для pcre_rewrite)
</ul>
<li><b>REGEXP</b> - регулярное выражение PCRE (Perl). Используйте * если проверка не требуется.
<li><b>REWRITE_EXPRESSION</b> - строка замены. Может содержать Perl-подстановки
$1, $2 и т.д. $0 - вся найденная подстрока. \r и \n для вставки новых строк.
<li><b>ACE</b> - элемент списка контроля доступа (имена пользователей, IP источника,
IP назначения, порты и т.д.), аналогичный командам allow/deny/bandlimin.
Регулярное выражение проверяется только при совпадении ACL с данными соединения.
</ul>
</p>
<p>
<b>Примеры:</b>
</p><pre>
# Блокировать запросы с определёнными ключевыми словами для некоторых пользователей
pcre request deny "porn|sex" user1,user2,user3 192.168.0.0/16
# Блокировать ответы с определённым content-type
pcre srvheader deny "Content-type: application"
# Замена содержимого в обоих направлениях (цензура)
pcre_rewrite clidata,srvdata dunno "porn|sex|pussy" "***" baduser
pcre_extend deny * 192.168.0.1/16
</pre>
<p>
<b>Примечание:</b> Регулярные выражения не требуют авторизации и не могут заменить
авторизацию и/или ACL allow/deny.
</p>
<li><a name="AUTH"><i>Как ограничить доступ к службе</i></a>
<p>
Во-первых, для ограничения доступа необходимо указать внутренний интерфейс,

4
doc/html/index.html
View File

@ -3,9 +3,7 @@
<a href="highload.html">Optimizing 3proxy for high loads</a><br>
<a href="howtoe.html">How To (English, very incomplete)</a><br>
<a href="howtor.html">How To (Russian)</a><br>
<a href="devref.html">Developer reference</a><br>
<h3>Man pages:</h3>
<br><A HREF="man8/3proxy_crypt.8.html">3proxy_crypt.8</A>
<br><A HREF="man8/3proxy.8.html">3proxy.8</A>
<br><A HREF="man8/ftppr.8.html">ftppr.8</A>
<br><A HREF="man8/pop3p.8.html">pop3p.8</A>
@ -15,5 +13,5 @@
<br><A HREF="man8/tcppm.8.html">tcppm.8</A>
<br><A HREF="man8/tlspr.8.html">tlspr.8</A>
<br><A HREF="man8/udppm.8.html">udppm.8</A>
<br><A HREF="man5/3proxy.cfg.5.html">3proxy.cfg.5</A>
<br><A HREF="man3/3proxy.cfg.3.html">3proxy.cfg.3</A>
</body></html>

904
doc/html/man5/3proxy.cfg.5.html → doc/html/man3/3proxy.cfg.3.html
View File

File diff suppressed because it is too large Load Diff

14
doc/html/man8/3proxy.8.html
View File

@ -15,6 +15,7 @@
<a href="#FILES">FILES</a><br>
<a href="#BUGS">BUGS</a><br>
<a href="#SEE ALSO">SEE ALSO</a><br>
<a href="#TRIVIA">TRIVIA</a><br>
<a href="#AUTHORS">AUTHORS</a><br>
<hr>
@ -194,18 +195,27 @@ to <b>3proxy@3proxy.org</b></p>
</h2>
<p style="margin-left:6%; margin-top: 1em">3proxy.cfg(5),
<p style="margin-left:6%; margin-top: 1em">3proxy.cfg(3),
proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8),
kill(1), syslogd(8), <br>
https://3proxy.org/</p>
<h2>TRIVIA
<a name="TRIVIA"></a>
</h2>
<p style="margin-left:6%; margin-top: 1em">3APA3A is
pronounced as ``zaraza&acute;&acute;.</p>
<h2>AUTHORS
<a name="AUTHORS"></a>
</h2>
<p style="margin-left:6%; margin-top: 1em">3proxy is
designed by Vladimir Dubrovin &lt;vlad@3proxy.org&gt;</p>
designed by Vladimir 3APA3A Dubrovin
(<i>3proxy@3proxy.org</i>)</p>
<hr>
</body>
</html>

167
doc/html/man8/3proxy_crypt.8.html
View File

@ -1,167 +0,0 @@
<!-- Creator : groff version 1.24.1 -->
<html>
<head>
</head>
<body>
<h1 align="center">3proxy_crypt</h1>
<a href="#NAME">NAME</a><br>
<a href="#SYNOPSIS">SYNOPSIS</a><br>
<a href="#DESCRIPTION">DESCRIPTION</a><br>
<a href="#OPTIONS">OPTIONS</a><br>
<a href="#EXAMPLE">EXAMPLE</a><br>
<a href="#NOTES">NOTES</a><br>
<a href="#BUGS">BUGS</a><br>
<a href="#SEE ALSO">SEE ALSO</a><br>
<a href="#AUTHORS">AUTHORS</a><br>
<hr>
<h2>NAME
<a name="NAME"></a>
</h2>
<p style="margin-left:6%; margin-top: 1em"><b>3proxy_crypt</b>
- utility to generate encrypted passwords for 3proxy</p>
<h2>SYNOPSIS
<a name="SYNOPSIS"></a>
</h2>
<p style="margin-left:6%; margin-top: 1em"><b>3proxy_crypt</b>
<i>password</i> <b><br>
3proxy_crypt</b> <i>salt password</i></p>
<h2>DESCRIPTION
<a name="DESCRIPTION"></a>
</h2>
<p style="margin-left:6%; margin-top: 1em"><i><b>3proxy_crypt</b></i>
is a utility to generate encrypted password hashes for use
with 3proxy configuration. Encrypted passwords allow the
system to avoid storing passwords in cleartext in
configuration files.</p>
<p style="margin-left:6%; margin-top: 1em">When invoked
with a single argument, it produces an NT password hash
(MD4-based, suitable for NTLM authentication). The output is
prefixed with <b>NT:</b>.</p>
<p style="margin-left:6%; margin-top: 1em">When invoked
with two arguments (salt and password), it produces a
BLAKE2b password hash. The salt length is limited to 64
characters. The output is prefixed with <b>CR:</b>.</p>
<p style="margin-left:6%; margin-top: 1em">The resulting
hash can be used in the 3proxy configuration file with the
<b>users</b> directive instead of a cleartext password.</p>
<h2>OPTIONS
<a name="OPTIONS"></a>
</h2>
<p style="margin-left:6%; margin-top: 1em"><i>password</i></p>
<p style="margin-left:15%;">Cleartext password to
encrypt.</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="6%"></td>
<td width="5%">
<p><i>salt</i></p></td>
<td width="4%"></td>
<td width="65%">
<p>Salt string for BLAKE2b hashing (max 64 characters).</p></td>
<td width="20%">
</td></tr>
</table>
<h2>EXAMPLE
<a name="EXAMPLE"></a>
</h2>
<p style="margin-left:6%; margin-top: 1em">Generate NT
password hash:</p>
<p style="margin-left:15%;">3proxy_crypt
MySecretPassword</p>
<p style="margin-left:6%;">Result:</p>
<p style="margin-left:15%;">NT:3F7E6D8D96E8E7A9B0C1D2E3F4A5B6C7</p>
<p style="margin-left:6%;">Generate BLAKE2b password hash
with salt:</p>
<p style="margin-left:15%;">3proxy_crypt MySalt
MySecretPassword</p>
<p style="margin-left:6%;">Result:</p>
<p style="margin-left:15%;">CR:$3$MySalt$...</p>
<p style="margin-left:6%;">Using in 3proxy.cfg:</p>
<p style="margin-left:15%;">users
user1:CR:$3$MySalt$...</p>
<h2>NOTES
<a name="NOTES"></a>
</h2>
<p style="margin-left:6%; margin-top: 1em">The NT hash uses
the RSA MD4 Message-Digest Algorithm. The BLAKE2b hash uses
the BLAKE2 cryptographic hash function.</p>
<p style="margin-left:6%; margin-top: 1em">When a password
hash is prefixed with <b>NT:</b> or <b>CR:</b>, 3proxy uses
the corresponding algorithm to verify passwords instead of
comparing cleartext strings.</p>
<h2>BUGS
<a name="BUGS"></a>
</h2>
<p style="margin-left:6%; margin-top: 1em">Report all bugs
to <b>3proxy@3proxy.org</b></p>
<h2>SEE ALSO
<a name="SEE ALSO"></a>
</h2>
<p style="margin-left:6%; margin-top: 1em">3proxy(8),
3proxy.cfg(5), <br>
https://3proxy.org/</p>
<h2>AUTHORS
<a name="AUTHORS"></a>
</h2>
<p style="margin-left:6%; margin-top: 1em">3proxy is
designed by Vladimir Dubrovin &lt;vlad@3proxy.org&gt;</p>
<hr>
</body>
</html>

43
doc/html/man8/ftppr.8.html
View File

@ -116,45 +116,23 @@ authentication.</p> </td></tr>
the interface the proxy should initiate connections from. By
default, the system will decide which address to use in
accordance with the routing table.</p></td></tr>
</table>
<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> before opening
the listening socket. The current namespace is saved and
restored immediately after binding, so outgoing connections
run in the original namespace unless <b>-ne</b> is also
given.</p>
<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> after the
listening socket has been bound (and after restoring from
<b>-ni</b> if applicable). Both options accept any namespace
file path (e.g. <i>/var/run/netns/myns</i> or
<i>/proc/PID/ns/net</i>) and require
<b>CAP_SYS_ADMIN</b>.</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<p><b>-i</b></p></td>
<p style="margin-top: 1em"><b>-i</b></p></td>
<td width="6%"></td>
<td width="85%">
<p>Internal address. IP address the proxy accepts
connections to. By default, connections to any interface are
accepted. It&acute;s usually unsafe. Unix domain sockets can
be specified with <i>-iunix:/path/to/socket</i> syntax
(e.g., -iunix:/var/run/ftppr.sock). On Linux, abstract
sockets use <i>-iunix:@socketname</i> syntax.</p></td></tr>
<p style="margin-top: 1em">Internal address. IP address the
proxy accepts connections to. By default, connections to any
interface are accepted. It&acute;s usually unsafe. Unix
domain sockets can be specified with
<i>-iunix:/path/to/socket</i> syntax (e.g.,
-iunix:/var/run/ftppr.sock). On Linux, abstract sockets use
<i>-iunix:@socketname</i> syntax.</p></td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
@ -220,7 +198,7 @@ with FTP proxy support, configure <i>internal_ip</i> and
FTP proxy support, use <i>internal_ip</i> and <i>port</i> as
the FTP server. The address of the real FTP server must be
configured as a part of the FTP username. The format for the
username is <i>username</i>@<i>server</i>, where
username is <i>username</i><b>@</b><i>server</i>, where
<i>server</i> is the address of the FTP server and
<i>username</i> is the user&acute;s login on this FTP
server. The login itself may contain an &acute;@&acute;
@ -251,7 +229,8 @@ https://3proxy.org/</p>
<p style="margin-left:6%; margin-top: 1em">3proxy is
designed by Vladimir Dubrovin &lt;vlad@3proxy.org&gt;</p>
designed by Vladimir 3APA3A Dubrovin
(<i>3proxy@3proxy.org</i>)</p>
<hr>
</body>
</html>

45
doc/html/man8/pop3p.8.html
View File

@ -116,45 +116,23 @@ authentication.</p> </td></tr>
the interface the proxy should initiate connections from. By
default, the system will decide which address to use in
accordance with the routing table.</p></td></tr>
</table>
<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> before opening
the listening socket. The current namespace is saved and
restored immediately after binding, so outgoing connections
run in the original namespace unless <b>-ne</b> is also
given.</p>
<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> after the
listening socket has been bound (and after restoring from
<b>-ni</b> if applicable). Both options accept any namespace
file path (e.g. <i>/var/run/netns/myns</i> or
<i>/proc/PID/ns/net</i>) and require
<b>CAP_SYS_ADMIN</b>.</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<p><b>-i</b></p></td>
<p style="margin-top: 1em"><b>-i</b></p></td>
<td width="6%"></td>
<td width="85%">
<p>Internal address. IP address the proxy accepts
connections to. By default, connections to any interface are
accepted. It&acute;s usually unsafe. Unix domain sockets can
be specified with <i>-iunix:/path/to/socket</i> syntax
(e.g., -iunix:/var/run/pop3p.sock). On Linux, abstract
sockets use <i>-iunix:@socketname</i> syntax.</p></td></tr>
<p style="margin-top: 1em">Internal address. IP address the
proxy accepts connections to. By default, connections to any
interface are accepted. It&acute;s usually unsafe. Unix
domain sockets can be specified with
<i>-iunix:/path/to/socket</i> syntax (e.g.,
-iunix:/var/run/pop3p.sock). On Linux, abstract sockets use
<i>-iunix:@socketname</i> syntax.</p></td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
@ -218,8 +196,8 @@ MUA (Mail User Agent) with POP3 support. Set the client to
use <i>internal_ip</i> and <i>port</i> as a POP3 server. The
address of the real POP3 server must be configured as a part
of the POP3 username. The format for the username is
<i>username</i>@<i>server</i>, where <i>server</i> is the
address of the POP3 server and <i>username</i> is the
<i>username</i><b>@</b><i>server</i>, where <i>server</i> is
the address of the POP3 server and <i>username</i> is the
user&acute;s login on this POP3 server. The login itself may
contain an &acute;@&acute; sign. Only cleartext
authentication is supported, because challenge-response
@ -251,7 +229,8 @@ https://3proxy.org/</p>
<p style="margin-left:6%; margin-top: 1em">3proxy is
designed by Vladimir Dubrovin &lt;vlad@3proxy.org&gt;</p>
designed by Vladimir 3APA3A Dubrovin
(<i>3proxy@3proxy.org</i>)</p>
<hr>
</body>
</html>

61
doc/html/man8/proxy.8.html
View File

@ -55,11 +55,11 @@ support.</p>
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-I</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -67,11 +67,11 @@ support.</p>
only.</p> </td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-d</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -79,11 +79,11 @@ only.</p> </td></tr>
console and run in the background.</p></td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-t</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -91,11 +91,11 @@ console and run in the background.</p></td></tr>
start/stop/accept error records.</p></td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-u</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -103,11 +103,11 @@ start/stop/accept error records.</p></td></tr>
authentication</p> </td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-e</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -115,45 +115,23 @@ authentication</p> </td></tr>
the interface the proxy should initiate connections from. By
default, the system will decide which address to use in
accordance with the routing table.</p></td></tr>
</table>
<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> before opening
the listening socket. The current namespace is saved and
restored immediately after binding, so outgoing connections
run in the original namespace unless <b>-ne</b> is also
given.</p>
<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> after the
listening socket has been bound (and after restoring from
<b>-ni</b> if applicable). Both options accept any namespace
file path (e.g. <i>/var/run/netns/myns</i> or
<i>/proc/PID/ns/net</i>) and require
<b>CAP_SYS_ADMIN</b>.</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="6%"></td>
<td width="4%">
<p><b>-i</b></p></td>
<p style="margin-top: 1em"><b>-i</b></p></td>
<td width="5%"></td>
<td width="85%">
<p>Internal address. IP address the proxy accepts
connections to. By default, connections to any interface are
accepted. It&acute;s usually unsafe. Unix domain sockets can
be specified with <i>-iunix:/path/to/socket</i> syntax
(e.g., -iunix:/var/run/proxy.sock). On Linux, abstract
sockets use <i>-iunix:@socketname</i> syntax.</p></td></tr>
<p style="margin-top: 1em">Internal address. IP address the
proxy accepts connections to. By default, connections to any
interface are accepted. It&acute;s usually unsafe. Unix
domain sockets can be specified with
<i>-iunix:/path/to/socket</i> syntax (e.g.,
-iunix:/var/run/proxy.sock). On Linux, abstract sockets use
<i>-iunix:@socketname</i> syntax.</p></td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="4%">
@ -256,7 +234,8 @@ https://3proxy.org/</p>
<p style="margin-left:6%; margin-top: 1em">3proxy is
designed by Vladimir Dubrovin &lt;vlad@3proxy.org&gt;</p>
designed by Vladimir 3APA3A Dubrovin
(<i>3proxy@3proxy.org</i>)</p>
<hr>
</body>
</html>

43
doc/html/man8/smtpp.8.html
View File

@ -116,45 +116,23 @@ authentication.</p> </td></tr>
the interface the proxy should initiate connections from. By
default, the system will decide which address to use in
accordance with the routing table.</p></td></tr>
</table>
<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> before opening
the listening socket. The current namespace is saved and
restored immediately after binding, so outgoing connections
run in the original namespace unless <b>-ne</b> is also
given.</p>
<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> after the
listening socket has been bound (and after restoring from
<b>-ni</b> if applicable). Both options accept any namespace
file path (e.g. <i>/var/run/netns/myns</i> or
<i>/proc/PID/ns/net</i>) and require
<b>CAP_SYS_ADMIN</b>.</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<p><b>-i</b></p></td>
<p style="margin-top: 1em"><b>-i</b></p></td>
<td width="6%"></td>
<td width="85%">
<p>Internal address. IP address the proxy accepts
connections to. By default, connections to any interface are
accepted. It&acute;s usually unsafe. Unix domain sockets can
be specified with <i>-iunix:/path/to/socket</i> syntax
(e.g., -iunix:/var/run/smtpp.sock). On Linux, abstract
sockets use <i>-iunix:@socketname</i> syntax.</p></td></tr>
<p style="margin-top: 1em">Internal address. IP address the
proxy accepts connections to. By default, connections to any
interface are accepted. It&acute;s usually unsafe. Unix
domain sockets can be specified with
<i>-iunix:/path/to/socket</i> syntax (e.g.,
-iunix:/var/run/smtpp.sock). On Linux, abstract sockets use
<i>-iunix:@socketname</i> syntax.</p></td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
@ -218,7 +196,7 @@ MUA (Mail User Agent) with SMTP authentication support. Set
the client to use <i>internal_ip</i> and <i>port</i> as an
SMTP server. The address of the real SMTP server must be
configured as a part of the SMTP username. The format for
the username is <i>username</i>@<i>server</i>, where
the username is <i>username</i><b>@</b><i>server</i>, where
<i>server</i> is the address of the SMTP server and
<i>username</i> is the user&acute;s login on this SMTP
server. The login itself may contain an &acute;@&acute;
@ -251,7 +229,8 @@ https://3proxy.org/</p>
<p style="margin-left:6%; margin-top: 1em">3proxy is
designed by Vladimir Dubrovin &lt;vlad@3proxy.org&gt;</p>
designed by Vladimir 3APA3A Dubrovin
(<i>3proxy@3proxy.org</i>)</p>
<hr>
</body>
</html>

59
doc/html/man8/socks.8.html
View File

@ -57,11 +57,11 @@ connections and UDP portmapping.</p>
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-I</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -69,11 +69,11 @@ connections and UDP portmapping.</p>
only.</p> </td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-d</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -81,11 +81,11 @@ only.</p> </td></tr>
console and run in the background.</p></td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-t</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -93,11 +93,11 @@ console and run in the background.</p></td></tr>
start/stop/accept error records.</p></td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-u</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -105,11 +105,11 @@ start/stop/accept error records.</p></td></tr>
authentication</p> </td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-e</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -118,44 +118,22 @@ the interface the proxy should initiate connections from.
External IP must be specified if you need incoming
connections. By default, the system will decide which
address to use in accordance with the routing table.</p></td></tr>
</table>
<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> before opening
the listening socket. The current namespace is saved and
restored immediately after binding, so outgoing connections
run in the original namespace unless <b>-ne</b> is also
given.</p>
<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> after the
listening socket has been bound (and after restoring from
<b>-ni</b> if applicable). Both options accept any namespace
file path (e.g. <i>/var/run/netns/myns</i> or
<i>/proc/PID/ns/net</i>) and require
<b>CAP_SYS_ADMIN</b>.</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="6%"></td>
<td width="4%">
<p><b>-Ne</b></p></td>
<p style="margin-top: 1em"><b>-Ne</b></p></td>
<td width="5%"></td>
<td width="85%">
<p>External NAT address 3proxy reports to client for
CONNECT/BIND. This is external address of NAT between 3proxy
and destination server. By default, the external address is
reported. It&rsquo;s only useful in the case of IP-IP NAT
and does not work with port translation.</p></td></tr>
<p style="margin-top: 1em">External NAT address 3proxy
reports to client for CONNECT/BIND. This is external address
of NAT between 3proxy and destination server. By default,
the external address is reported. It&rsquo;s only useful in
the case of IP-IP NAT and does not work with port
translation.</p> </td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="4%">
@ -269,7 +247,8 @@ https://3proxy.org/</p>
<p style="margin-left:6%; margin-top: 1em">3proxy is
designed by Vladimir Dubrovin &lt;vlad@3proxy.org&gt;</p>
designed by Vladimir 3APA3A Dubrovin
(<i>3proxy@3proxy.org</i>)</p>
<hr>
</body>
</html>

41
doc/html/man8/tcppm.8.html
View File

@ -104,45 +104,23 @@ start/stop/accept error records.</p></td></tr>
the interface the proxy should initiate connections from. By
default, the system will decide which address to use in
accordance with the routing table.</p></td></tr>
</table>
<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> before opening
the listening socket. The current namespace is saved and
restored immediately after binding, so outgoing connections
run in the original namespace unless <b>-ne</b> is also
given.</p>
<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> after the
listening socket has been bound (and after restoring from
<b>-ni</b> if applicable). Both options accept any namespace
file path (e.g. <i>/var/run/netns/myns</i> or
<i>/proc/PID/ns/net</i>) and require
<b>CAP_SYS_ADMIN</b>.</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<p><b>-i</b></p></td>
<p style="margin-top: 1em"><b>-i</b></p></td>
<td width="6%"></td>
<td width="85%">
<p>Internal address. IP address the proxy accepts
connections to. By default, connections to any interface are
accepted. It&acute;s usually unsafe. Unix domain sockets can
be specified with <i>-iunix:/path/to/socket</i> syntax
(e.g., -iunix:/var/run/tcppm.sock). On Linux, abstract
sockets use <i>-iunix:@socketname</i> syntax.</p></td></tr>
<p style="margin-top: 1em">Internal address. IP address the
proxy accepts connections to. By default, connections to any
interface are accepted. It&acute;s usually unsafe. Unix
domain sockets can be specified with
<i>-iunix:/path/to/socket</i> syntax (e.g.,
-iunix:/var/run/tcppm.sock). On Linux, abstract sockets use
<i>-iunix:@socketname</i> syntax.</p></td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
@ -234,7 +212,8 @@ https://3proxy.org/</p>
<p style="margin-left:6%; margin-top: 1em">3proxy is
designed by Vladimir Dubrovin &lt;vlad@3proxy.org&gt;</p>
designed by Vladimir 3APA3A Dubrovin
(<i>3proxy@3proxy.org</i>)</p>
<hr>
</body>
</html>

61
doc/html/man8/tlspr.8.html
View File

@ -60,11 +60,11 @@ plugin).</p>
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-I</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -72,11 +72,11 @@ plugin).</p>
only.</p> </td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-d</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -84,11 +84,11 @@ only.</p> </td></tr>
console and run in the background.</p></td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-t</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -96,11 +96,11 @@ console and run in the background.</p></td></tr>
start/stop/accept error records.</p></td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-u</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -108,11 +108,11 @@ start/stop/accept error records.</p></td></tr>
authentication</p> </td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<td width="4%">
<p style="margin-top: 1em"><b>-e</b></p></td>
<td width="6%"></td>
<td width="5%"></td>
<td width="85%">
@ -120,45 +120,23 @@ authentication</p> </td></tr>
the interface the proxy should initiate connections from. By
default, the system will decide which address to use in
accordance with the routing table.</p></td></tr>
</table>
<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> before opening
the listening socket. The current namespace is saved and
restored immediately after binding, so outgoing connections
run in the original namespace unless <b>-ne</b> is also
given.</p>
<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> after the
listening socket has been bound (and after restoring from
<b>-ni</b> if applicable). Both options accept any namespace
file path (e.g. <i>/var/run/netns/myns</i> or
<i>/proc/PID/ns/net</i>) and require
<b>CAP_SYS_ADMIN</b>.</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="6%"></td>
<td width="4%">
<p><b>-i</b></p></td>
<p style="margin-top: 1em"><b>-i</b></p></td>
<td width="5%"></td>
<td width="85%">
<p>Internal address. IP address the proxy accepts
connections to. By default, connections to any interface are
accepted. It&acute;s usually unsafe. Unix domain sockets can
be specified with <i>-iunix:/path/to/socket</i> syntax
(e.g., -iunix:/var/run/tlspr.sock). On Linux, abstract
sockets use <i>-iunix:@socketname</i> syntax.</p></td></tr>
<p style="margin-top: 1em">Internal address. IP address the
proxy accepts connections to. By default, connections to any
interface are accepted. It&acute;s usually unsafe. Unix
domain sockets can be specified with
<i>-iunix:/path/to/socket</i> syntax (e.g.,
-iunix:/var/run/tlspr.sock). On Linux, abstract sockets use
<i>-iunix:@socketname</i> syntax.</p></td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="4%">
@ -291,7 +269,8 @@ https://3proxy.org/</p>
<p style="margin-left:6%; margin-top: 1em">3proxy is
designed by Vladimir Dubrovin &lt;vlad@3proxy.org&gt;</p>
designed by Vladimir 3APA3A Dubrovin
(<i>3proxy@3proxy.org</i>)</p>
<hr>
</body>
</html>

34
doc/html/man8/udppm.8.html
View File

@ -104,42 +104,19 @@ start/stop/accept error records.</p></td></tr>
the interface the proxy should initiate datagrams from. By
default, the system will decide which address to use in
accordance with the routing table.</p></td></tr>
</table>
<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> before opening
the listening socket. The current namespace is saved and
restored immediately after binding, so outgoing connections
run in the original namespace unless <b>-ne</b> is also
given.</p>
<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
<p style="margin-left:15%;">(Linux only) Switch to the
network namespace identified by <i>PATH</i> after the
listening socket has been bound (and after restoring from
<b>-ni</b> if applicable). Both options accept any namespace
file path (e.g. <i>/var/run/netns/myns</i> or
<i>/proc/PID/ns/net</i>) and require
<b>CAP_SYS_ADMIN</b>.</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
<p><b>-i</b></p></td>
<p style="margin-top: 1em"><b>-i</b></p></td>
<td width="6%"></td>
<td width="85%">
<p>Internal address. IP address the proxy accepts datagrams
to. By default, connections to any interface are accepted.
It&acute;s usually unsafe.</p></td></tr>
<p style="margin-top: 1em">Internal address. IP address the
proxy accepts datagrams to. By default, connections to any
interface are accepted. It&acute;s usually unsafe.</p></td></tr>
<tr valign="top" align="left">
<td width="6%"></td>
<td width="3%">
@ -241,7 +218,8 @@ https://3proxy.org/</p>
<p style="margin-left:6%; margin-top: 1em">3proxy is
designed by Vladimir Dubrovin &lt;vlad@3proxy.org&gt;</p>
designed by Vladimir 3APA3A Dubrovin
(<i>3proxy@3proxy.org</i>)</p>
<hr>
</body>
</html>

17
doc/html/plugins/PCREPlugin.html
View File

@ -1,13 +1,10 @@
<h3>3proxy PCRE (Perl Compatible Regular Expressions) Filtering</h3>
<p><b>Note:</b> Since version 0.9.7, PCRE filtering is built into 3proxy and does not require
a separate plugin. All pcre_* commands are available directly when 3proxy is compiled with
PCRE2 support (WITH_PCRE). The plugin line is no longer needed.</p>
<h3>3proxy Perl Compatible Regular Expressions (PCRE) Plugin</h3>
<p>This filtering functionality can be used to create matching and replacement
This filtering plugin can be used to create matching and replacement
rules with regular expressions for client requests, client and
server headers, and client and server data. It adds 3 additional
configuration commands:</p>
configuration commands:
<pre>
pcre TYPE FILTER_ACTION REGEXP [ACE]
@ -81,10 +78,16 @@ authentication and/or allow/deny ACLs.
<h4>Example:</h4>
<pre>
plugin PCREPlugin.dll pcre_plugin
pcre request deny "porn|sex" user1,user2,user3 192.168.0.0/16
pcre srvheader deny "Content-type: application"
pcre_rewrite clidata,srvdata dunno "porn|sex|pussy" "***" baduser
pcre_extend deny * 192.168.0.1/16
</pre>
&copy; Vladimir Dubrovin, License: BSD style
<h4>Download:</h4>
<ul>
<li>Plugin is included in the 3proxy 0.6 binary and source distribution
<li>Example configuration (by Dennis Garber): <A HREF="NoPornLitest.cfg.txt">NoPornLitest.cfg</A>
</li></ul>

21
doc/html/plugins/PCREPlugin.ru.html
View File

@ -1,12 +1,8 @@
<h3>Фильтрация PCRE (Perl Compatible Regular Expressions) в 3proxy</h3>
<h3>Плагин регулярных выражений совместимых с Perl (PCRE) для 3proxy</h3>
<p><b>Примечание:</b> Начиная с версии 0.9.7 фильтрация PCRE встроена в 3proxy и не требует
отдельного плагина. Все команды pcre_* доступны напрямую при компиляции 3proxy с поддержкой
PCRE2 (WITH_PCRE). Строка plugin больше не нужна.</p>
<p>Фильтрующий плагин используется для создания правил поиска и замены
Фильтрующий плагин используется для создания правил поиска и замены
регулярных выражений в запросе, заголовков запроса и ответа и данных.
Добавляет поддержку 3х новых команд в файле конфигурации:</p>
Добавляет поддержку 3х новых команд в файле конфигурации:
<pre>
pcre TYPE FILTER_ACTION REGEXP [ACE]
@ -34,7 +30,7 @@ PCRE_UTF8,
PCRE_NO_AUTO_CAPTURE,
PCRE_NO_UTF8_CHECK,
PCRE_AUTO_CALLOUT,
PCRE_PARTIAL,
PCRE_PARTIAL,
PCRE_DFA_SHORTEST,
PCRE_DFA_RESTART,
PCRE_FIRSTLINE,
@ -62,7 +58,7 @@ PCRE_BSR_UNICODE
<li>FILTER_ACTION - действие при совпадении. Может принимать значение
<ul><li>allow - разрешить данный запрос без просмотра дальнейших правил
<li>deny - запретить данный запрос без просмотра дальнейших правил
<li>dunno - продолжить анализ правил (полезно для pcre_rewrite)
<li>dunno - продолжить анализ правил (полезно для pcre_rewrite)
</ul>
<li>REGEXP - регулярное выражение в формате PCRE (perl). Используйте * если не
требуется проерка регулярного выражения.
@ -80,10 +76,15 @@ PCRE_BSR_UNICODE
<h4>Пример:</h4>
<pre>
plugin PCREPlugin.dll pcre_plugin
pcre request deny "porn|sex" user1,user2,user3 192.168.0.0/16
pcre srvheader deny "Content-type: application"
pcre_rewrite clidata,srvdata dunno "porn|sex|pussy" "***" baduser
pcre_extend deny * 192.168.0.1/16
</pre>
&copy; Vladimir Dubrovin, License: BSD style
<h4>Загрузить:</h4>
<ul>
<li>Плагин включен в дистрибутив 3proxy 0.6
<li>Пример конфигурации (by Dennis Garber): <A HREF="NoPornLitest.cfg.txt">NoPornLitest.cfg</A>
</li></ul>

14
doc/html/plugins/SSLPlugin.html
View File

@ -1,11 +1,6 @@
<h3>3proxy SSL/TLS Support</h3>
<h3>3proxy SSL/TLS Plugin</h3>
<p><b>Note:</b> Since version 0.9.7, SSL/TLS support is built into 3proxy and does not require
a separate plugin. All ssl_* commands are available directly when 3proxy is compiled with
OpenSSL support (WITH_SSL). The plugin line is no longer needed.</p>
<p>SSL/TLS support can be used to transparently decrypt SSL/TLS data, provide TLS encryption
for proxy traffic, and authenticate using client certificates.</p>
This plugin can be used to transparently decrypt SSL/TLS data, provide TLS encryption for proxy traffic, and authenticate using client certificates.
<h4>For transparent certificate spoofing (MITM):</h4>
@ -60,6 +55,7 @@ Generated certificates are placed in the same path.
<h4>MITM example:</h4>
<pre>
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_server_ca_file /path/to/cafile
ssl_server_ca_key /path/to/cakey
ssl_mitm
@ -71,6 +67,7 @@ MITM's traffic with a spoofed certificate for the port 3128 proxy.
<h4>https:// proxy example:</h4>
<pre>
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_server_cert path_to_cert
ssl_server_key path_to_key
ssl_serv
@ -82,6 +79,7 @@ Creates an https:// proxy on port 33128 and an http:// proxy on port 3128
<h4>TLS client example (connect to upstream via TLS):</h4>
<pre>
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_client_cert /path/to/client.crt
ssl_client_key /path/to/client.key
ssl_client_verify
@ -93,6 +91,7 @@ Creates an HTTP proxy that connects to upstream servers via TLS with client cert
<h4>Conditional TLS for parent proxy (ssl_client_mode 3):</h4>
<pre>
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_server_cert /path/to/server.crt
ssl_server_key /path/to/key
ssl_client_mode 3
@ -112,6 +111,7 @@ Creates an HTTP proxy on port 3128 that uses TLS for client connections (ssl_ser
<h4>mTLS example (require client certificate):</h4>
<pre>
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_server_cert /path/to/server.crt
ssl_server_key /path/to/server.key
ssl_server_ca_file /path/to/ca.crt

13
doc/html/plugins/SSLPlugin.ru.html
View File

@ -1,10 +1,6 @@
<h3>3proxy SSL/TLS поддержка</h3>
<h3>3proxy SSL/TLS плагин</h3>
<p><b>Примечание:</b> Начиная с версии 0.9.7 поддержка SSL/TLS встроена в 3proxy и не требует
отдельного плагина. Все команды ssl_* доступны напрямую при компиляции 3proxy с поддержкой
OpenSSL (WITH_SSL). Строка plugin больше не нужна.</p>
<p>Плагин можно использовать для перехвата и дешифровки SSL/TLS трафика, для шифрования трафика прокси-сервера и аутентификации с помощью клиентских сертификатов.</p>
Плагин можно использовать для перехвата и дешифровки SSL/TLS трафика, для шифрования трафика прокси-сервера и аутентификации с помощью клиентских сертификатов.
<h4>Для прозрачного перехвата трафика (MITM):</h4>
@ -56,6 +52,7 @@ ssl_server_ca_key и ssl_server_key соответственно, если он
<h4>Пример MITM:</h4>
<pre>
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_server_ca_file /path/to/cafile
ssl_server_ca_key /path/to/cakey
ssl_mitm
@ -67,6 +64,7 @@ proxy -p3129
<h4>Пример конфигурации https:// прокси:</h4>
<pre>
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_server_cert path_to_cert
ssl_server_key path_to_key
ssl_serv
@ -78,6 +76,7 @@ proxy -p3128
<h4>Пример TLS-клиента (соединение к вышестоящему серверу через TLS):</h4>
<pre>
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_client_cert /path/to/client.crt
ssl_client_key /path/to/client.key
ssl_client_verify
@ -89,6 +88,7 @@ proxy -p3128
<h4>Условное TLS для parent прокси (ssl_client_mode 3):</h4>
<pre>
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_server_cert /path/to/server.crt
ssl_server_key /path/to/key
ssl_client_mode 3
@ -108,6 +108,7 @@ ssl_nocli
<h4>Пример mTLS (требование клиентского сертификата):</h4>
<pre>
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_server_cert /path/to/server.crt
ssl_server_key /path/to/server.key
ssl_server_ca_file /path/to/ca.crt

9
man/3proxy.8
View File

@ -1,4 +1,4 @@
.TH 3proxy "8" "May 2026" "3proxy 0.9" "Universal proxy server"
.TH 3proxy "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.SH NAME
.B 3proxy
\- 3[APA3A] tiny proxy server, or trivial proxy server, or free proxy
@ -140,9 +140,12 @@ configuration file
Report all bugs to
.BR 3proxy@3proxy.org
.SH SEE ALSO
3proxy.cfg(5), proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8),
3proxy.cfg(3), proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8),
kill(1), syslogd(8),
.br
https://3proxy.org/
.SH TRIVIA
3APA3A is pronounced as \`\`zaraza\'\'.
.SH AUTHORS
3proxy is designed by Vladimir Dubrovin <vlad@3proxy.org>
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )

748
man/3proxy.cfg.5 → man/3proxy.cfg.3
View File

File diff suppressed because it is too large Load Diff

80
man/3proxy_crypt.8
View File

@ -1,80 +0,0 @@
.TH 3proxy_crypt "8" "May 2026" "3proxy 0.9" "Universal proxy server"
.SH NAME
.B 3proxy_crypt
\- utility to generate encrypted passwords for 3proxy
.SH SYNOPSIS
.B 3proxy_crypt
.I password
.br
.B 3proxy_crypt
.I salt password
.SH DESCRIPTION
.B 3proxy_crypt
is a utility to generate encrypted password hashes for use with 3proxy
configuration. Encrypted passwords allow the system to avoid storing
passwords in cleartext in configuration files.
.PP
When invoked with a single argument, it produces an NT password hash
(MD4-based, suitable for NTLM authentication). The output is prefixed with
.BR NT: .
.PP
When invoked with two arguments (salt and password), it produces a BLAKE2b
password hash. The salt length is limited to 64 characters. The output is
prefixed with
.BR CR: .
.PP
The resulting hash can be used in the 3proxy configuration file with the
.B users
directive instead of a cleartext password.
.SH OPTIONS
.TP
.I password
Cleartext password to encrypt.
.TP
.I salt
Salt string for BLAKE2b hashing (max 64 characters).
.SH EXAMPLE
.TP
Generate NT password hash:
.RS
3proxy_crypt MySecretPassword
.RE
.TP
Result:
.RS
NT:3F7E6D8D96E8E7A9B0C1D2E3F4A5B6C7
.RE
.TP
Generate BLAKE2b password hash with salt:
.RS
3proxy_crypt MySalt MySecretPassword
.RE
.TP
Result:
.RS
CR:$3$MySalt$...
.RE
.TP
Using in 3proxy.cfg:
.RS
users user1:CR:$3$MySalt$...
.RE
.SH NOTES
The NT hash uses the RSA MD4 Message-Digest Algorithm. The BLAKE2b hash
uses the BLAKE2 cryptographic hash function.
.PP
When a password hash is prefixed with
.B NT:
or
.BR CR: ,
3proxy uses the corresponding algorithm to verify passwords instead of
comparing cleartext strings.
.SH BUGS
Report all bugs to
.BR 3proxy@3proxy.org
.SH SEE ALSO
3proxy(8), 3proxy.cfg(5),
.br
https://3proxy.org/
.SH AUTHORS
3proxy is designed by Vladimir Dubrovin <vlad@3proxy.org>

25
man/ftppr.8
View File

@ -1,4 +1,4 @@
.TH ftppr "8" "May 2026" "3proxy 0.9" "Universal proxy server"
.TH ftppr "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.SH NAME
.B ftppr
\- FTP proxy gateway service
@ -33,24 +33,6 @@ from.
By default, the system will decide which address to use in accordance
with the routing table.
.TP
.B \-ni\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
before opening the listening socket. The current namespace is saved and restored
immediately after binding, so outgoing connections run in the original namespace
unless
.B \-ne
is also given.
.TP
.B \-ne\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
after the listening socket has been bound (and after restoring from
.B \-ni
if applicable). Both options accept any namespace file path
(e.g.\& \fI/var/run/netns/myns\fR or \fI/proc/PID/ns/net\fR)
and require \fBCAP_SYS_ADMIN\fR.
.TP
.B -i
Internal address. IP address the proxy accepts connections to.
By default, connections to any interface are accepted. It\'s usually unsafe.
@ -91,7 +73,7 @@ and
.IR port
as the FTP server. The address of the real FTP server must be configured as a part of
the FTP username. The format for the username is
.IR username @ server ,
.IR username \fB@ server ,
where
.I server
is the address of the FTP server and
@ -106,4 +88,5 @@ Report all bugs to
.br
https://3proxy.org/
.SH AUTHORS
3proxy is designed by Vladimir Dubrovin <vlad@3proxy.org>
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )

25
man/pop3p.8
View File

@ -1,4 +1,4 @@
.TH pop3p "8" "May 2026" "3proxy 0.9" "Universal proxy server"
.TH pop3p "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.SH NAME
.B pop3p
\- POP3 proxy gateway service
@ -33,24 +33,6 @@ from.
By default, the system will decide which address to use in accordance
with the routing table.
.TP
.B \-ni\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
before opening the listening socket. The current namespace is saved and restored
immediately after binding, so outgoing connections run in the original namespace
unless
.B \-ne
is also given.
.TP
.B \-ne\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
after the listening socket has been bound (and after restoring from
.B \-ni
if applicable). Both options accept any namespace file path
(e.g.\& \fI/var/run/netns/myns\fR or \fI/proc/PID/ns/net\fR)
and require \fBCAP_SYS_ADMIN\fR.
.TP
.B -i
Internal address. IP address the proxy accepts connections to.
By default, connections to any interface are accepted. It\'s usually unsafe.
@ -85,7 +67,7 @@ and
.IR port
as a POP3 server. The address of the real POP3 server must be configured as a part of
the POP3 username. The format for the username is
.IR username @ server ,
.IR username \fB@ server ,
where
.I server
is the address of the POP3 server and
@ -102,4 +84,5 @@ Report all bugs to
.br
https://3proxy.org/
.SH AUTHORS
3proxy is designed by Vladimir Dubrovin <vlad@3proxy.org>
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )

23
man/proxy.8
View File

@ -1,4 +1,4 @@
.TH proxy "8" "May 2026" "3proxy 0.9" "Universal proxy server"
.TH proxy "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.SH NAME
.B proxy
\- HTTP proxy gateway service
@ -31,24 +31,6 @@ from.
By default, the system will decide which address to use in accordance
with the routing table.
.TP
.B \-ni\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
before opening the listening socket. The current namespace is saved and restored
immediately after binding, so outgoing connections run in the original namespace
unless
.B \-ne
is also given.
.TP
.B \-ne\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
after the listening socket has been bound (and after restoring from
.B \-ni
if applicable). Both options accept any namespace file path
(e.g.\& \fI/var/run/netns/myns\fR or \fI/proc/PID/ns/net\fR)
and require \fBCAP_SYS_ADMIN\fR.
.TP
.B -i
Internal address. IP address the proxy accepts connections to.
By default, connections to any interface are accepted. It\'s usually unsafe.
@ -97,4 +79,5 @@ Report all bugs to
.br
https://3proxy.org/
.SH AUTHORS
3proxy is designed by Vladimir Dubrovin <vlad@3proxy.org>
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )

25
man/smtpp.8
View File

@ -1,4 +1,4 @@
.TH smtpp "8" "May 2026" "3proxy 0.9" "Universal proxy server"
.TH smtpp "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.SH NAME
.B smtpp
\- SMTP proxy gateway service
@ -33,24 +33,6 @@ from.
By default, the system will decide which address to use in accordance
with the routing table.
.TP
.B \-ni\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
before opening the listening socket. The current namespace is saved and restored
immediately after binding, so outgoing connections run in the original namespace
unless
.B \-ne
is also given.
.TP
.B \-ne\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
after the listening socket has been bound (and after restoring from
.B \-ni
if applicable). Both options accept any namespace file path
(e.g.\& \fI/var/run/netns/myns\fR or \fI/proc/PID/ns/net\fR)
and require \fBCAP_SYS_ADMIN\fR.
.TP
.B -i
Internal address. IP address the proxy accepts connections to.
By default, connections to any interface are accepted. It\'s usually unsafe.
@ -86,7 +68,7 @@ and
.IR port
as an SMTP server. The address of the real SMTP server must be configured as a part of
the SMTP username. The format for the username is
.IR username @ server ,
.IR username \fB@ server ,
where
.I server
is the address of the SMTP server and
@ -103,4 +85,5 @@ Report all bugs to
.br
https://3proxy.org/
.SH AUTHORS
3proxy is designed by Vladimir Dubrovin <vlad@3proxy.org>
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )

23
man/socks.8
View File

@ -1,4 +1,4 @@
.TH socks "8" "May 2026" "3proxy 0.9" "Universal proxy server"
.TH socks "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.SH NAME
.B socks
\- SOCKS 4/4.5/5 gateway service
@ -33,24 +33,6 @@ from. External IP must be specified if you need incoming connections.
By default, the system will decide which address to use in accordance
with the routing table.
.TP
.B \-ni\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
before opening the listening socket. The current namespace is saved and restored
immediately after binding, so outgoing connections run in the original namespace
unless
.B \-ne
is also given.
.TP
.B \-ne\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
after the listening socket has been bound (and after restoring from
.B \-ni
if applicable). Both options accept any namespace file path
(e.g.\& \fI/var/run/netns/myns\fR or \fI/proc/PID/ns/net\fR)
and require \fBCAP_SYS_ADMIN\fR.
.TP
.B -Ne
External NAT address 3proxy reports to client for CONNECT/BIND.
This is external address of NAT between 3proxy and destination server.
@ -111,4 +93,5 @@ Report all bugs to
.br
https://3proxy.org/
.SH AUTHORS
3proxy is designed by Vladimir Dubrovin <vlad@3proxy.org>
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )

23
man/tcppm.8
View File

@ -1,4 +1,4 @@
.TH tcppm "8" "May 2026" "3proxy 0.9" "Universal proxy server"
.TH tcppm "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.SH NAME
.B tcppm
\- TCP port mapper
@ -28,24 +28,6 @@ from.
By default, the system will decide which address to use in accordance
with the routing table.
.TP
.B \-ni\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
before opening the listening socket. The current namespace is saved and restored
immediately after binding, so outgoing connections run in the original namespace
unless
.B \-ne
is also given.
.TP
.B \-ne\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
after the listening socket has been bound (and after restoring from
.B \-ni
if applicable). Both options accept any namespace file path
(e.g.\& \fI/var/run/netns/myns\fR or \fI/proc/PID/ns/net\fR)
and require \fBCAP_SYS_ADMIN\fR.
.TP
.B -i
Internal address. IP address the proxy accepts connections to.
By default, connections to any interface are accepted. It\'s usually unsafe.
@ -100,4 +82,5 @@ Report all bugs to
.br
https://3proxy.org/
.SH AUTHORS
3proxy is designed by Vladimir Dubrovin <vlad@3proxy.org>
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )

23
man/tlspr.8
View File

@ -1,4 +1,4 @@
.TH tlspr "8" "May 2026" "3proxy 0.9" "Universal proxy server"
.TH tlspr "8" "May 2024" "3proxy 0.9" "Universal proxy server"
.SH NAME
.B tlspr
\- SNI proxy gateway service
@ -33,24 +33,6 @@ from.
By default, the system will decide which address to use in accordance
with the routing table.
.TP
.B \-ni\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
before opening the listening socket. The current namespace is saved and restored
immediately after binding, so outgoing connections run in the original namespace
unless
.B \-ne
is also given.
.TP
.B \-ne\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
after the listening socket has been bound (and after restoring from
.B \-ni
if applicable). Both options accept any namespace file path
(e.g.\& \fI/var/run/netns/myns\fR or \fI/proc/PID/ns/net\fR)
and require \fBCAP_SYS_ADMIN\fR.
.TP
.B -i
Internal address. IP address the proxy accepts connections to.
By default, connections to any interface are accepted. It\'s usually unsafe.
@ -104,4 +86,5 @@ Report all bugs to
.br
https://3proxy.org/
.SH AUTHORS
3proxy is designed by Vladimir Dubrovin <vlad@3proxy.org>
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )

23
man/udppm.8
View File

@ -1,4 +1,4 @@
.TH udppm "8" "May 2026" "3proxy 0.9" "Universal proxy server"
.TH udppm "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.SH NAME
.B udppm
\- UDP port mapper
@ -28,24 +28,6 @@ from.
By default, the system will decide which address to use in accordance
with the routing table.
.TP
.B \-ni\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
before opening the listening socket. The current namespace is saved and restored
immediately after binding, so outgoing connections run in the original namespace
unless
.B \-ne
is also given.
.TP
.B \-ne\fIPATH\fR
(Linux only) Switch to the network namespace identified by
.I PATH
after the listening socket has been bound (and after restoring from
.B \-ni
if applicable). Both options accept any namespace file path
(e.g.\& \fI/var/run/netns/myns\fR or \fI/proc/PID/ns/net\fR)
and require \fBCAP_SYS_ADMIN\fR.
.TP
.B -i
Internal address. IP address the proxy accepts datagrams to.
By default, connections to any interface are accepted. It\'s usually unsafe.
@ -93,4 +75,5 @@ Report all bugs to
.br
https://3proxy.org/
.SH AUTHORS
3proxy is designed by Vladimir Dubrovin <vlad@3proxy.org>
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )

19
scripts/rh/3proxy.spec
View File

@ -1,5 +1,5 @@
Name: 3proxy
Version: 0.9.6
Version: 0.9.6.1
Release: 1%{?dist}
Summary: 3proxy tiny proxy server
License: GPL/LGPL/Apache/BSD
@ -32,15 +32,14 @@ make clean
%files
/bin/3proxy
/bin/ftppr
/bin/3proxy_crypt
/bin/3proxy_ftppr
/bin/3proxy_pop3p
/bin/3proxy_proxy
/bin/3proxy_smtpp
/bin/3proxy_socks
/bin/3proxy_tcppm
/bin/3proxy_tlspr
/bin/3proxy_udppm
/bin/pop3p
/bin/proxy
/bin/socks
/bin/tcppm
/bin/udppm
/bin/tlspr
%config(noreplace) /etc/3proxy/3proxy.cfg
/etc/3proxy/conf
/etc/init.d/3proxy
@ -50,7 +49,7 @@ make clean
%config(noreplace) /usr/local/3proxy/conf/bandlimiters
%config(noreplace) /usr/local/3proxy/conf/counters
/usr/local/3proxy/libexec/*.ld.so
/usr/share/man/man5/3proxy.cfg.5
/usr/share/man/man3/*
/usr/share/man/man8/*
/var/log/3proxy

84
src/3proxy.c
View File

@ -1,18 +1,12 @@
/*
3APA3A simplest proxy server
(c) 2002-2026 by Vladimir Dubrovin <vlad@3proxy.org>
(c) 2002-2021 by Vladimir Dubrovin <3proxy@3proxy.org>
please read License Agreement
*/
#include "proxy.h"
#ifdef WITH_SSL
void ssl_install(void);
#endif
#ifdef WITH_PCRE
void pcre_install(void);
#endif
#ifndef _WIN32
#include <sys/resource.h>
#ifndef NOPLUGINS
@ -71,10 +65,10 @@ void __stdcall CommandHandler( DWORD dwCommand )
conf.paused++;
Sleep(2000);
SetStatus( SERVICE_STOPPED, 0, 0 );
#ifdef WITH_ODBC
_3proxy_mutex_lock(&log_mutex);
#ifndef NOODBC
pthread_mutex_lock(&log_mutex);
close_sql();
_3proxy_mutex_unlock(&log_mutex);
pthread_mutex_unlock(&log_mutex);
#endif
break;
case SERVICE_CONTROL_PAUSE:
@ -124,6 +118,13 @@ void mysigpause (int sig){
void mysigterm (int sig){
conf.paused++;
usleep(999*SLEEPTIME);
usleep(999*SLEEPTIME);
#ifndef NOODBC
pthread_mutex_lock(&log_mutex);
close_sql();
pthread_mutex_unlock(&log_mutex);
#endif
conf.timetoexit = 1;
}
@ -140,10 +141,8 @@ int timechanged (time_t oldtime, time_t newtime, ROTATION lt){
struct tm tmold;
struct tm *tm;
tm = localtime(&oldtime);
if(!tm) return 0;
tmold = *tm;
tm = localtime(&newtime);
if(!tm) return 0;
switch(lt){
case MINUTELY:
if(tm->tm_min != tmold.tm_min)return 1;
@ -215,17 +214,17 @@ void dumpcounters(struct trafcount *tlin, int counterd){
cheader.updated = conf.time;
if(lseek(counterd, 0, SEEK_SET) >= 0 && write(counterd, &cheader, sizeof(struct counter_header))){}
lseek(counterd, 0, SEEK_SET);
if(write(counterd, &cheader, sizeof(struct counter_header))){}
for(tl=tlin; tl; tl = tl->next){
if(tl->number){
if(lseek(counterd,
lseek(counterd,
sizeof(struct counter_header) + (tl->number - 1) * sizeof(struct counter_record),
SEEK_SET) >= 0){
crecord.traf64 = tl->traf64;
crecord.cleared = tl->cleared;
crecord.updated = tl->updated;
if(write(counterd, &crecord, sizeof(struct counter_record))){}
}
SEEK_SET);
crecord.traf64 = tl->traf64;
crecord.cleared = tl->cleared;
crecord.updated = tl->updated;
if(write(counterd, &crecord, sizeof(struct counter_record))){}
}
if(tl->type!=NEVER && timechanged(tl->cleared, conf.time, tl->type)){
tl->cleared = conf.time;
@ -268,11 +267,9 @@ void cyclestep(void){
}
if(timechanged(basetime, conf.time, DAILY)) {
tm = localtime(&conf.time);
if(tm){
wday = (1 << tm->tm_wday);
tm->tm_hour = tm->tm_min = tm->tm_sec = 0;
basetime = mktime(tm);
}
wday = (1 << tm->tm_wday);
tm->tm_hour = tm->tm_min = tm->tm_sec = 0;
basetime = mktime(tm);
}
if(conf.logname) {
if(timechanged(conf.logtime, conf.time, conf.logtype)) {
@ -489,7 +486,7 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
}
#endif
#endif
conf.conffile = strdup((argc==2)?argv[1]:(char*)DEFAULTCONFIG);
conf.conffile = mystrdup((argc==2)?argv[1]:(char*)DEFAULTCONFIG);
if(conf.conffile && *conf.conffile != '-') {
fp = confopen();
#ifndef _WIN32
@ -511,37 +508,31 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
return 1;
}
_3proxy_mutex_init(&config_mutex);
_3proxy_mutex_init(&bandlim_mutex);
_3proxy_mutex_init(&connlim_mutex);
_3proxy_mutex_init(&tc_mutex);
_3proxy_mutex_init(&log_mutex);
pthread_mutex_init(&config_mutex, NULL);
pthread_mutex_init(&bandlim_mutex, NULL);
pthread_mutex_init(&connlim_mutex, NULL);
pthread_mutex_init(&hash_mutex, NULL);
pthread_mutex_init(&tc_mutex, NULL);
pthread_mutex_init(&pwl_mutex, NULL);
pthread_mutex_init(&log_mutex, NULL);
#ifndef NORADIUS
_3proxy_mutex_init(&rad_mutex);
pthread_mutex_init(&rad_mutex, NULL);
#endif
#ifdef _WIN32
conf.threadinit = CreateSemaphore(NULL, 1, 1, NULL);
if(!conf.threadinit){
fprintf(stderr, "semaphore init failed\n");
return 1;
}
if(!CreatePipe(&conf.threadinit[0], &conf.threadinit[1], NULL, 1)){
#else
_3proxy_mutex_init(&conf.threadinit);
#endif
#ifdef WITH_SSL
ssl_install();
#endif
#ifdef WITH_PCRE
pcre_install();
if(pipe(conf.threadinit)) {
#endif
fprintf(stderr, "CreatePipe failed\n");
return 1;
};
freeconf(&conf);
res = readconfig(fp);
conf.version++;
if(res) RETURN(res);
if(!writable){fclose(fp); fp = NULL;}
if(!writable)fclose(fp);
#ifdef _WIN32
@ -572,7 +563,6 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
CLEARRETURN:
if(fp && fp != stdin) {fclose(fp); fp = NULL;}
return 0;
}

173
src/3proxy_crypt.c
View File

@ -1,18 +1,15 @@
/*
3APA3A simplest proxy server
(c) 2002-2026 by Vladimir Dubrovin <vlad@3proxy.org>
(c) 2002-2021 by Vladimir Dubrovin <3proxy@3proxy.org>
please read License Agreement
*/
#ifndef WITHMAIN
#include "libs/md5.h"
#endif
#include "libs/md4.h"
#include "libs/blake2.h"
#ifdef WITH_SSL
#include <openssl/evp.h>
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/params.h>
#include <openssl/core_names.h>
#endif
#endif
#include <string.h>
#define MD5_SIZE 16
@ -27,12 +24,6 @@ void tohex(unsigned char *in, unsigned char *out, int len);
static unsigned char itoa64[] =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
#if defined(WITH_SSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_MD *md4_hash = NULL;
EVP_MD *md5_hash = NULL;
#endif
void
_crypt_to64(unsigned char *s, unsigned long v, int n)
{
@ -43,22 +34,13 @@ _crypt_to64(unsigned char *s, unsigned long v, int n)
}
#ifdef WITH_SSL
unsigned char * ntpwdhash (unsigned char *szHash, const unsigned char *szPassword, int ctohex)
{
unsigned char szUnicodePass[513];
unsigned int nPasswordLen;
EVP_MD_CTX *ctx;
unsigned int len=sizeof(szUnicodePass);
MD4_CTX ctx;
unsigned int i;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
const EVP_MD *md4 = md4_hash;
#else
const EVP_MD *md4 = EVP_md4();
#endif
if(md4 == NULL) return NULL;
/*
* NT passwords are unicode. Convert plain text password
* to unicode by inserting a zero every other byte
@ -71,23 +53,15 @@ unsigned char * ntpwdhash (unsigned char *szHash, const unsigned char *szPasswor
}
/* Encrypt Unicode password to a 16-byte MD4 hash */
ctx = EVP_MD_CTX_new();
if(!ctx) return NULL;
if(!EVP_DigestInit_ex(ctx, md4, NULL)){
EVP_MD_CTX_free(ctx);
return NULL;
}
EVP_DigestUpdate(ctx, szUnicodePass, (nPasswordLen<<1));
EVP_DigestFinal_ex(ctx, szUnicodePass, &len);
EVP_MD_CTX_free(ctx);
MD4Init(&ctx);
MD4Update(&ctx, szUnicodePass, (nPasswordLen<<1));
MD4Final(szUnicodePass, &ctx);
if (ctohex){
tohex(szUnicodePass, szHash, 16);
}
else memcpy(szHash, szUnicodePass, 16);
memset(szUnicodePass, 0, sizeof szUnicodePass);
return szHash;
}
#endif
unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsigned char *passwd){
@ -96,61 +70,38 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
unsigned char *magic;
unsigned char *p;
const unsigned char *sp;
unsigned char final[MD5_SIZE] = {0};
unsigned char final[MD5_SIZE];
int sl;
unsigned long l;
#if defined(WITH_SSL)
#ifndef WITHMAIN
if(salt[0] == '$' && salt[1] == '1' && salt[2] == '$' && (ep = (unsigned char *)strchr((char *)salt+3, '$'))) {
EVP_MD_CTX *ctx, *ctx1;
unsigned int len;
MD5_CTX ctx,ctx1;
int pl, i;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
const EVP_MD *md5 = md5_hash;
#else
const EVP_MD *md5 = EVP_md5();
#endif
if(md5 == NULL) {
*passwd = 0;
return NULL;
}
sp = salt +3;
sl = (int)(ep - sp);
magic = (unsigned char *)"$1$";
ctx = EVP_MD_CTX_new();
if(!ctx) {
*passwd = 0;
return NULL;
}
EVP_DigestInit_ex(ctx, md5, NULL);
MD5Init(&ctx);
/* The password first, since that is what is most unknown */
EVP_DigestUpdate(ctx,pw,strlen((char *)pw));
MD5Update(&ctx,pw,strlen((char *)pw));
/* Then our magic string */
EVP_DigestUpdate(ctx,magic,strlen((char *)magic));
MD5Update(&ctx,magic,strlen((char *)magic));
/* Then the raw salt */
EVP_DigestUpdate(ctx,sp,sl);
MD5Update(&ctx,sp,sl);
/* Then just as many unsigned characters of the MD5(pw,salt,pw) */
ctx1 = EVP_MD_CTX_new();
if(!ctx1) {
EVP_MD_CTX_free(ctx);
*passwd = 0;
return NULL;
}
EVP_DigestInit_ex(ctx1, md5, NULL);
EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
EVP_DigestUpdate(ctx1,sp,sl);
EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
EVP_DigestFinal_ex(ctx1,final,&len);
MD5Init(&ctx1);
MD5Update(&ctx1,pw,strlen((char *)pw));
MD5Update(&ctx1,sp,sl);
MD5Update(&ctx1,pw,strlen((char *)pw));
MD5Final(final,&ctx1);
for(pl = (int)strlen((char *)pw); pl > 0; pl -= MD5_SIZE)
EVP_DigestUpdate(ctx,final,pl>MD5_SIZE ? MD5_SIZE : pl);
MD5Update(&ctx,final,pl>MD5_SIZE ? MD5_SIZE : pl);
/* Don't leave anything around in vm they could use. */
memset(final,0,sizeof final);
@ -158,13 +109,12 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
/* Then something really weird... */
for (i = (int)strlen((char *)pw); i ; i >>= 1)
if(i&1)
EVP_DigestUpdate(ctx, final, 1);
MD5Update(&ctx, final, 1);
else
EVP_DigestUpdate(ctx, pw, 1);
MD5Update(&ctx, pw, 1);
EVP_DigestFinal_ex(ctx,final,&len);
EVP_MD_CTX_free(ctx);
MD5Final(final,&ctx);
/*
* and now, just to make sure things don't run too fast
@ -172,44 +122,37 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
* need 30 seconds to build a 1000 entry dictionary...
*/
for(i=0;i<1000;i++) {
EVP_MD_CTX_reset(ctx1);
EVP_DigestInit_ex(ctx1, md5, NULL);
MD5Init(&ctx1);
if(i & 1)
EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
MD5Update(&ctx1,pw,strlen((char *)pw));
else
EVP_DigestUpdate(ctx1,final,MD5_SIZE);
MD5Update(&ctx1,final,MD5_SIZE);
if(i % 3)
EVP_DigestUpdate(ctx1,sp,sl);
MD5Update(&ctx1,sp,sl);
if(i % 7)
EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
MD5Update(&ctx1,pw,strlen((char *)pw));
if(i & 1)
EVP_DigestUpdate(ctx1,final,MD5_SIZE);
MD5Update(&ctx1,final,MD5_SIZE);
else
EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
EVP_DigestFinal_ex(ctx1,final,&len);
MD5Update(&ctx1,pw,strlen((char *)pw));
MD5Final(final,&ctx1);
}
EVP_MD_CTX_free(ctx1);
/* Don't leave anything around in vm they could use. */
memset(final,0,sizeof final);
}
else
#endif
#endif
if(salt[0] == '$' && salt[1] == '3' && salt[2] == '$' && (ep = (unsigned char *)strchr((char *)salt+3, '$'))) {
sp = salt +3;
sl = (int)(ep - sp);
magic = (unsigned char *)"$3$";
{
blake2b_state S;
if(blake2b_init(&S, MD5_SIZE) != 0 ||
blake2b_update(&S, pw, strlen((char *)pw) + 1) != 0 ||
blake2b_update(&S, sp, sl) != 0 ||
blake2b_final(&S, final, MD5_SIZE) != 0) {
*passwd = 0;
return NULL;
}
}
blake2b(final, MD5_SIZE, pw, strlen((char *)pw), salt, strlen((char *)salt) );
}
else {
*passwd = 0;
@ -238,55 +181,31 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
}
#ifdef WITHMAIN
#if defined(WITH_SSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/provider.h>
#endif
#include <stdio.h>
int main(int argc, char* argv[]){
unsigned char buf1[128];
unsigned char buf2[128];
unsigned char buf[1024];
unsigned i;
if(argc < 2 || argc > 3) {
fprintf(stderr, "usage: \n"
#ifdef WITH_SSL
"\t%s <password>\n"
#endif
"\t%s <salt> <password>\n"
#ifdef WITH_SSL
"Performs NT crypt if no salt specified, BLAKE2 crypt with salt\n"
#else
"Performs BLAKE2 crypt with salt\n"
#endif
,
#ifdef WITH_SSL
"This software uses:\n"
" RSA Data Security, Inc. MD4 Message-Digest Algorithm\n"
" RSA Data Security, Inc. MD5 Message-Digest Algorithm\n",
argv[0],
#endif
argv[0]);
return 1;
}
#if defined(WITH_SSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
OSSL_PROVIDER_load(NULL, "legacy");
OSSL_PROVIDER_load(NULL, "default");
md4_hash = EVP_MD_fetch(NULL, "MD4", NULL);
if (md4_hash == NULL) {
fprintf(stderr, "Error fetching MD4\n");
}
#endif
if(argc == 2) {
#ifdef WITH_SSL
{ unsigned char *nt = ntpwdhash(buf1, (unsigned char *)argv[1], 1);
if(nt) printf("NT:%s\n", nt); }
#else
fprintf(stderr, "NT crypt not available (compiled without OpenSSL)\n");
#endif
printf("NT:%s\n", ntpwdhash(buf, (unsigned char *)argv[1], 1));
}
else {
unsigned char *cr;
i = (int)strlen((char *)argv[1]);
if (i > 64) argv[1][64] = 0;
sprintf((char *)buf1, "$3$%.64s$", argv[1]);
cr = mycrypt((unsigned char *)argv[2], buf1, buf2);
if(cr) printf("CR:%s\n", cr);
sprintf((char *)buf, "$3$%s$", argv[1]);
printf("CR:%s\n", mycrypt((unsigned char *)argv[2], buf, buf+256));
}
return 0;
}

108
src/Makefile.inc
View File

@ -2,14 +2,12 @@
# 3 proxy common Makefile
#
all: $(BUILDDIR)3proxy$(EXESUFFICS) $(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS) $(BUILDDIR)$(PREFIX)pop3p$(EXESUFFICS) $(BUILDDIR)$(PREFIX)smtpp$(EXESUFFICS) $(BUILDDIR)$(PREFIX)ftppr$(EXESUFFICS) $(BUILDDIR)$(PREFIX)tcppm$(EXESUFFICS) $(BUILDDIR)$(PREFIX)udppm$(EXESUFFICS) $(BUILDDIR)$(PREFIX)tlspr$(EXESUFFICS) $(BUILDDIR)$(PREFIX)socks$(EXESUFFICS) $(BUILDDIR)$(PREFIX)proxy$(EXESUFFICS) allplugins
all: $(BUILDDIR)3proxy$(EXESUFFICS) $(BUILDDIR)3proxy_crypt$(EXESUFFICS) $(BUILDDIR)pop3p$(EXESUFFICS) $(BUILDDIR)smtpp$(EXESUFFICS) $(BUILDDIR)ftppr$(EXESUFFICS) $(BUILDDIR)tcppm$(EXESUFFICS) $(BUILDDIR)tlspr$(EXESUFFICS) $(BUILDDIR)udppm$(EXESUFFICS) $(BUILDDIR)socks$(EXESUFFICS) $(BUILDDIR)proxy$(EXESUFFICS) allplugins
sockmap$(OBJSUFFICS): sockmap.c proxy.h structures.h
$(CC) $(CFLAGS) sockmap.c
udpsockmap$(OBJSUFFICS): udpsockmap.c proxy.h structures.h
$(CC) $(COUT)udpsockmap$(OBJSUFFICS) $(CFLAGS) udpsockmap.c
common$(OBJSUFFICS): common.c proxy.h structures.h
$(CC) $(CFLAGS) common.c
@ -22,64 +20,69 @@ base64$(OBJSUFFICS): base64.c
ftp$(OBJSUFFICS): ftp.c proxy.h structures.h
$(CC) $(CFLAGS) ftp.c
#$(COMPATLIBS):
# $(CC) $(CFLAGS) strncasecmp.c
sockgetchar$(OBJSUFFICS): sockgetchar.c proxy.h structures.h
$(CC) $(CFLAGS) sockgetchar.c
proxy$(OBJSUFFICS): proxy.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP $(DEFINEOPTION)ANONYMOUS $(DEFINEOPTION)NOUDPMAIN proxy.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP $(DEFINEOPTION)ANONYMOUS proxy.c
pop3p$(OBJSUFFICS): pop3p.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP $(DEFINEOPTION)NOUDPMAIN pop3p.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP pop3p.c
smtpp$(OBJSUFFICS): smtpp.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP $(DEFINEOPTION)NOUDPMAIN smtpp.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP smtpp.c
ftppr$(OBJSUFFICS): ftppr.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP $(DEFINEOPTION)NOUDPMAIN ftppr.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP ftppr.c
tcppm$(OBJSUFFICS): tcppm.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP $(DEFINEOPTION)NOUDPMAIN tcppm.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP tcppm.c
tlspr$(OBJSUFFICS): tlspr.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP tlspr.c
socks$(OBJSUFFICS): socks.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP socks.c
udppm$(OBJSUFFICS): udppm.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP udppm.c
tlspr$(OBJSUFFICS): tlspr.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP $(DEFINEOPTION)NOUDPMAIN tlspr.c
socks$(OBJSUFFICS): socks.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP $(DEFINEOPTION)NOUDPMAIN socks.c
3proxy$(OBJSUFFICS): 3proxy.c proxy.h structures.h
$(CC) $(CFLAGS) 3proxy.c
$(BUILDDIR)$(PREFIX)proxy$(EXESUFFICS): sockmap$(OBJSUFFICS) proxy$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)$(PREFIX)proxy$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) proxy$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)proxy$(EXESUFFICS): sockmap$(OBJSUFFICS) proxy$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)proxy$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) proxy$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)$(PREFIX)pop3p$(EXESUFFICS): sockmap$(OBJSUFFICS) pop3p$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)$(PREFIX)pop3p$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) pop3p$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)pop3p$(EXESUFFICS): sockmap$(OBJSUFFICS) pop3p$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)pop3p$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) pop3p$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)$(PREFIX)smtpp$(EXESUFFICS): sockmap$(OBJSUFFICS) smtpp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) base64$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)$(PREFIX)smtpp$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) smtpp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) base64$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)smtpp$(EXESUFFICS): sockmap$(OBJSUFFICS) smtpp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) base64$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)smtpp$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) smtpp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) base64$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)$(PREFIX)ftppr$(EXESUFFICS): sockmap$(OBJSUFFICS) ftppr$(OBJSUFFICS) ftp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)$(PREFIX)ftppr$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) ftppr$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)ftppr$(EXESUFFICS): sockmap$(OBJSUFFICS) ftppr$(OBJSUFFICS) ftp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)ftppr$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) ftppr$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)$(PREFIX)socks$(EXESUFFICS): sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) socks$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)$(PREFIX)socks$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) socks$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)socks$(EXESUFFICS): sockmap$(OBJSUFFICS) socks$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)socks$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) socks$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)$(PREFIX)tcppm$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tcppm$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)$(PREFIX)tcppm$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tcppm$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)tcppm$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tcppm$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)tcppm$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tcppm$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)$(PREFIX)udppm$(EXESUFFICS): sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) udppm$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) hash$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)$(PREFIX)udppm$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) udppm$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) hash$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)tlspr$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tlspr$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)tlspr$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tlspr$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)$(PREFIX)tlspr$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tlspr$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)$(PREFIX)tlspr$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tlspr$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)udppm$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) udppm$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)udppm$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) udppm$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
mainfunc$(OBJSUFFICS): proxy.h structures.h proxymain.c
$(CC) $(COUT)mainfunc$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)MODULEMAINFUNC=mainfunc proxymain.c
srvproxy$(OBJSUFFICS): proxy.c proxy.h structures.h
$(CC) $(COUT)srvproxy$(OBJSUFFICS) $(CFLAGS) proxy.c
@ -116,21 +119,9 @@ srvdnspr$(OBJSUFFICS): dnspr.c proxy.h structures.h
auth$(OBJSUFFICS): auth.c proxy.h structures.h
$(CC) $(COUT)auth$(OBJSUFFICS) $(CFLAGS) auth.c
acl$(OBJSUFFICS): acl.c proxy.h structures.h
$(CC) $(COUT)acl$(OBJSUFFICS) $(CFLAGS) acl.c
limiter$(OBJSUFFICS): limiter.c proxy.h structures.h
$(CC) $(COUT)limiter$(OBJSUFFICS) $(CFLAGS) limiter.c
redirect$(OBJSUFFICS): redirect.c proxy.h structures.h
$(CC) $(COUT)redirect$(OBJSUFFICS) $(CFLAGS) redirect.c
hash$(OBJSUFFICS): hash.c proxy.h structures.h
$(CC) $(COUT)hash$(OBJSUFFICS) $(CFLAGS) hash.c
hashtables$(OBJSUFFICS): hashtables.c proxy.h structures.h libs/blake2.h
$(CC) $(COUT)hashtables$(OBJSUFFICS) $(CFLAGS) hashtables.c
resolve$(OBJSUFFICS): resolve.c proxy.h structures.h
$(CC) $(COUT)resolve$(OBJSUFFICS) $(CFLAGS) resolve.c
@ -146,30 +137,27 @@ log$(OBJSUFFICS): log.c proxy.h structures.h
datatypes$(OBJSUFFICS): datatypes.c proxy.h structures.h
$(CC) $(COUT)datatypes$(OBJSUFFICS) $(CFLAGS) datatypes.c
3proxy_crypt$(OBJSUFFICS): 3proxy_crypt.c libs/blake2.h
3proxy_crypt$(OBJSUFFICS): 3proxy_crypt.c
$(CC) $(COUT)3proxy_crypt$(OBJSUFFICS) $(CFLAGS) 3proxy_crypt.c
3proxy_cryptmain$(OBJSUFFICS): 3proxy_crypt.c libs/blake2.h
3proxy_cryptmain$(OBJSUFFICS): 3proxy_crypt.c
$(CC) $(COUT)3proxy_cryptmain$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)WITHMAIN 3proxy_crypt.c
blake2$(OBJSUFFICS): libs/blake2b-ref.c
md4$(OBJSUFFICS): libs/md4.h libs/md4.c
$(CC) $(COUT)md4$(OBJSUFFICS) $(CFLAGS) libs/md4.c
md5$(OBJSUFFICS): libs/md5.h libs/md5.c
$(CC) $(COUT)md5$(OBJSUFFICS) $(CFLAGS) libs/md5.c
blake2$(OBJSUFFICS): libs/blake2.h libs/blake2-impl.h libs/blake2b-ref.c
$(CC) $(COUT)blake2$(OBJSUFFICS) $(CFLAGS) libs/blake2b-ref.c
$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS): blake2$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) base64$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS) $(LDFLAGS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)3proxy_crypt$(EXESUFFICS): md4$(OBJSUFFICS) blake2$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) base64$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)3proxy_crypt$(EXESUFFICS) $(LDFLAGS) md4$(OBJSUFFICS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS)
stringtable$(OBJSUFFICS): stringtable.c
$(CC) $(COUT)stringtable$(OBJSUFFICS) $(CFLAGS) stringtable.c
ssllib$(OBJSUFFICS): ssllib.c structures.h proxy.h ssl.h
$(CC) $(COUT)ssllib$(OBJSUFFICS) $(CFLAGS) ssllib.c
ssl$(OBJSUFFICS): ssl.c structures.h proxy.h ssl.h
$(CC) $(COUT)ssl$(OBJSUFFICS) $(CFLAGS) ssl.c
pcre$(OBJSUFFICS): pcre.c structures.h
$(CC) $(COUT)pcre$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)WITH_PCRE pcre.c
$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) blake2$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(VERSIONDEP)
$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(LIBS) $(PCRE_LIBS)
$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(VERSIONDEP)
$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS) md4$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)

169
src/acl.c
View File

@ -1,169 +0,0 @@
/*
3APA3A simplest proxy server
(c) 2002-2026 by Vladimir Dubrovin <vlad@3proxy.org>
please read License Agreement
*/
#include "proxy.h"
int IPInentry(struct sockaddr *sa, struct iplist *ipentry){
int addrlen;
unsigned char *ip, *ipf, *ipt;
if(!sa || ! ipentry || *SAFAMILY(sa) != ipentry->family) return 0;
ip = (unsigned char *)SAADDR(sa);
ipf = (unsigned char *)&ipentry->ip_from;
ipt = (unsigned char *)&ipentry->ip_to;
addrlen = SAADDRLEN(sa);
if(memcmp(ip,ipf,addrlen) < 0 || memcmp(ip,ipt,addrlen) > 0) return 0;
return 1;
}
int ACLmatches(struct ace* acentry, struct clientparam * param){
struct userlist * userentry;
struct iplist *ipentry;
struct portlist *portentry;
struct period *periodentry;
unsigned char * username;
struct hostname * hstentry=NULL;
int i;
int match = 0;
username = param->username?param->username:(unsigned char *)"-";
if(acentry->src) {
for(ipentry = acentry->src; ipentry; ipentry = ipentry->next)
if(IPInentry((struct sockaddr *)&param->sincr, ipentry)) {
break;
}
if(!ipentry) return 0;
}
if((acentry->dst && (!SAISNULL(&param->req) || param->operation==BIND)) || (acentry->dstnames && param->hostname)) {
for(ipentry = acentry->dst; ipentry; ipentry = ipentry->next)
if(IPInentry((struct sockaddr *)&param->req, ipentry)) {
break;
}
if(!ipentry) {
if(acentry->dstnames && param->hostname){
for(i=0; param->hostname[i]; i++){
param->hostname[i] = tolower(param->hostname[i]);
}
while(i > 5 && param->hostname[i-1] == '.') param->hostname[i-1] = 0;
for(hstentry = acentry->dstnames; hstentry; hstentry = hstentry->next){
int lname, lhost;
switch(hstentry->matchtype){
case 0:
#ifndef _WIN32
if(strcasestr((char *)param->hostname, (char *)hstentry->name)) match = 1;
#else
if(strstr((char *)param->hostname, (char *)hstentry->name)) match = 1;
#endif
break;
case 1:
if(!strncasecmp((char *)param->hostname, (char *)hstentry->name, strlen((char *)hstentry->name)))
match = 1;
break;
case 2:
lname = strlen((char *)hstentry->name);
lhost = strlen((char *)param->hostname);
if(lhost > lname){
if(!strncasecmp((char *)param->hostname + (lhost - lname),
(char *)hstentry->name,
lname))
match = 1;
}
break;
default:
if(!strcasecmp((char *)param->hostname, (char *)hstentry->name)) match = 1;
break;
}
if(match) break;
}
}
}
if(!ipentry && !hstentry) return 0;
}
if(acentry->ports && (*SAPORT(&param->req) || param->operation == BIND)) {
for (portentry = acentry->ports; portentry; portentry = portentry->next)
if(ntohs(*SAPORT(&param->req)) >= portentry->startport &&
ntohs(*SAPORT(&param->req)) <= portentry->endport) {
break;
}
if(!portentry) return 0;
}
if(acentry->wdays){
if(!(acentry -> wdays & wday)) return 0;
}
if(acentry->periods){
int start_time = (int)(param->time_start - basetime);
for(periodentry = acentry->periods; periodentry; periodentry = periodentry -> next)
if(start_time >= periodentry->fromtime && start_time < periodentry->totime){
break;
}
if(!periodentry) return 0;
}
if(acentry->users){
for(userentry = acentry->users; userentry; userentry = userentry->next)
if(!strcmp((char *)username, (char *)userentry->user)){
break;
}
if(!userentry) return 0;
}
if(acentry->operation) {
if((acentry->operation & param->operation) != param->operation){
return 0;
}
}
if(acentry->weight && (acentry->weight < param->weight)) return 0;
return 1;
}
int checkACL(struct clientparam * param){
struct ace* acentry;
if(!param->srv->acl) {
return 0;
}
for(acentry = param->srv->acl; acentry; acentry = acentry->next) {
if(ACLmatches(acentry, param)) {
param->nolog = acentry->nolog;
param->weight = acentry->weight;
if(acentry->action == 2) {
struct ace dup;
int res=60,i=0;
if(param->operation < 256 && !(param->operation & (CONNECT|UDPASSOC))){
continue;
}
if(param->redirected && acentry->chains && SAISNULL(&acentry->chains->addr) && !*SAPORT(&acentry->chains->addr)) {
continue;
}
if(param->remsock != INVALID_SOCKET && (param->operation != UDPASSOC || param->ctrlsocksrv != INVALID_SOCKET)) {
return 0;
}
for(; i < conf.parentretries; i++){
dup = *acentry;
res = handleredirect(param, &dup);
if(!res) break;
if(param->remsock != INVALID_SOCKET) param->srv->so._closesocket(param->sostate, param->remsock);
param->remsock = INVALID_SOCKET;
}
return res;
}
return acentry->action;
}
}
return 3;
}

825
src/auth.c
View File

@ -1,15 +1,683 @@
/*
3APA3A simplest proxy server
(c) 2002-2026 by Vladimir Dubrovin <vlad@3proxy.org>
(c) 2002-2021 by Vladimir Dubrovin <3proxy@3proxy.org>
please read License Agreement
*/
#include "proxy.h"
#include "libs/blake2.h"
void initbandlims(struct clientparam *param);
static FILTER_ACTION (*ext_ssl_parent)(struct clientparam * param) = NULL;
static FILTER_ACTION ssl_parent(struct clientparam * param){
if(ext_ssl_parent) return ext_ssl_parent(param);
ext_ssl_parent = pluginlink.findbyname("ssl_parent");
if(ext_ssl_parent) return ext_ssl_parent(param);
return REJECT;
}
int clientnegotiate(struct chain * redir, struct clientparam * param, struct sockaddr * addr, unsigned char * hostname){
unsigned char *buf;
unsigned char *username;
int res;
int len=0;
unsigned char * user, *pass;
user = redir->extuser;
pass = redir->extpass;
if (!param->srvbufsize){
param->srvbufsize = SRVBUFSIZE;
param->srvbuf = myalloc(param->srvbufsize);
if(!param->srvbuf) return 21;
}
buf = param->srvbuf;
username = buf + 2048;
if(user) {
if (*user == '*') {
if(!param->username) return 4;
user = param->username;
pass = param->password;
}
}
if(redir->secure){
res = ssl_parent(param);
if(res != PASS) return res;
}
switch(redir->type){
case R_TCP:
case R_HTTP:
return 0;
case R_CONNECT:
case R_CONNECTP:
{
len = sprintf((char *)buf, "CONNECT ");
if(redir->type == R_CONNECTP && hostname) {
char * needreplace;
needreplace = strchr((char *)hostname, ':');
if(needreplace) buf[len++] = '[';
len += sprintf((char *)buf + len, "%.256s", (char *)hostname);
if(needreplace) buf[len++] = ']';
}
else {
if(*SAFAMILY(addr) == AF_INET6) buf[len++] = '[';
len += myinet_ntop(*SAFAMILY(addr), SAADDR(addr), (char *)buf+len, 256);
if(*SAFAMILY(addr) == AF_INET6) buf[len++] = ']';
}
len += sprintf((char *)buf + len,
":%hu HTTP/1.0\r\nConnection: keep-alive\r\n", ntohs(*SAPORT(addr)));
if(user){
len += sprintf((char *)buf + len, "Proxy-Authorization: Basic ");
sprintf((char *)username, "%.128s:%.128s", user, pass?pass:(unsigned char *)"");
en64(username, buf+len, (int)strlen((char *)username));
len = (int)strlen((char *)buf);
len += sprintf((char *)buf + len, "\r\n");
}
len += sprintf((char *)buf + len, "\r\n");
if(socksend(param, param->remsock, buf, len, conf.timeouts[CHAIN_TO]) != (int)strlen((char *)buf))
return 31;
param->statssrv64+=len;
param->nwrites++;
if((res = sockgetlinebuf(param, SERVER,buf,13,'\n',conf.timeouts[CHAIN_TO])) < 13)
return 32;
if(buf[9] != '2') return 33;
while((res = sockgetlinebuf(param, SERVER,buf,1023,'\n', conf.timeouts[CHAIN_TO])) > 2);
if(res <= 0) return 34;
return 0;
}
case R_SOCKS4:
case R_SOCKS4P:
case R_SOCKS4B:
{
if(*SAFAMILY(addr) != AF_INET) return 44;
buf[0] = 4;
buf[1] = 1;
memcpy(buf+2, SAPORT(addr), 2);
if(redir->type == R_SOCKS4P && hostname) {
buf[4] = buf[5] = buf[6] = 0;
buf[7] = 3;
}
else memcpy(buf+4, SAADDR(addr), 4);
if(!user)user = (unsigned char *)"anonymous";
len = (int)strlen((char *)user) + 1;
memcpy(buf+8, user, len);
len += 8;
if(redir->type == R_SOCKS4P && hostname) {
int hostnamelen;
hostnamelen = (int)strlen((char *)hostname) + 1;
if(hostnamelen > 255) hostnamelen = 255;
memcpy(buf+len, hostname, hostnamelen);
len += hostnamelen;
}
if(socksend(param, param->remsock, buf, len, conf.timeouts[CHAIN_TO]) < len){
return 41;
}
param->statssrv64+=len;
param->nwrites++;
if((len = sockgetlinebuf(param, SERVER, buf, (redir->type == R_SOCKS4B)? 3:8, EOF, conf.timeouts[CHAIN_TO])) != ((redir->type == R_SOCKS4B)? 3:8)){
return 42;
}
if(buf[1] != 90) {
return 43;
}
}
return 0;
case R_SOCKS5:
case R_SOCKS5P:
case R_SOCKS5B:
{
int inbuf = 0;
buf[0] = 5;
buf[1] = 1;
buf[2] = user? 2 : 0;
if(socksend(param, param->remsock, buf, 3, conf.timeouts[CHAIN_TO]) != 3){
return 51;
}
param->statssrv64+=len;
param->nwrites++;
if(sockgetlinebuf(param, SERVER, buf, 2, EOF, conf.timeouts[CHAIN_TO]) != 2){
return 52;
}
if(buf[0] != 5) {
return 53;
}
if(buf[1] != 0 && !(buf[1] == 2 && user)){
return 54;
}
if(buf[1] == 2){
buf[inbuf++] = 1;
buf[inbuf] = (unsigned char)strlen((char *)user);
memcpy(buf+inbuf+1, user, buf[inbuf]);
inbuf += buf[inbuf] + 1;
buf[inbuf] = pass?(unsigned char)strlen((char *)pass):0;
if(pass)memcpy(buf+inbuf+1, pass, buf[inbuf]);
inbuf += buf[inbuf] + 1;
if(socksend(param, param->remsock, buf, inbuf, conf.timeouts[CHAIN_TO]) != inbuf){
return 51;
}
param->statssrv64+=inbuf;
param->nwrites++;
if(sockgetlinebuf(param, SERVER, buf, 2, EOF, 60) != 2){
return 55;
}
if(buf[0] != 1 || buf[1] != 0) {
return 56;
}
}
buf[0] = 5;
buf[1] = 1;
buf[2] = 0;
if(redir->type == R_SOCKS5P && hostname) {
buf[3] = 3;
len = (int)strlen((char *)hostname);
if(len > 255) len = 255;
buf[4] = len;
memcpy(buf + 5, hostname, len);
len += 5;
}
else {
len = 3;
buf[len++] = (*SAFAMILY(addr) == AF_INET)? 1 : 4;
memcpy(buf+len, SAADDR(addr), SAADDRLEN(addr));
len += SAADDRLEN(addr);
}
memcpy(buf+len, SAPORT(addr), 2);
len += 2;
if(socksend(param, param->remsock, buf, len, conf.timeouts[CHAIN_TO]) != len){
return 51;
}
param->statssrv64+=len;
param->nwrites++;
if(sockgetlinebuf(param, SERVER, buf, 4, EOF, conf.timeouts[CHAIN_TO]) != 4){
return 57;
}
if(buf[0] != 5) {
return 53;
}
if(buf[1] != 0) {
return 60 + (buf[1] % 10);
}
switch (buf[3]) {
case 1:
if (redir->type == R_SOCKS5B || sockgetlinebuf(param, SERVER, buf, 6, EOF, conf.timeouts[CHAIN_TO]) == 6)
break;
return 59;
case 3:
if (sockgetlinebuf(param, SERVER, buf, 1, EOF, conf.timeouts[CHAIN_TO]) != 1) return 59;
len = (unsigned char)buf[0];
if (sockgetlinebuf(param, SERVER, buf, len + 2, EOF, conf.timeouts[CHAIN_TO]) != len + 2) return 59;
break;
case 4:
if (sockgetlinebuf(param, SERVER, buf, 18, EOF, conf.timeouts[CHAIN_TO]) == 18)
break;
return 59;
default:
return 58;
}
return 0;
}
default:
return 30;
}
}
int handleredirect(struct clientparam * param, struct ace * acentry){
int connected = 0;
int weight = 1000;
int res;
int done = 0;
int ha = 0;
struct chain * cur;
struct chain * redir = NULL;
int r2;
if(param->remsock != INVALID_SOCKET) {
return 0;
}
if(SAISNULL(&param->req) || !*SAPORT(&param->req)) {
return 100;
}
r2 = (myrand(param, sizeof(struct clientparam))%1000);
for(cur = acentry->chains; cur; cur=cur->next){
if(((weight = weight - cur->weight) > r2)|| done) {
if(weight <= 0) {
weight += 1000;
done = 0;
r2 = (myrand(param, sizeof(struct clientparam))%1000);
}
continue;
}
param->redirected++;
done = 1;
if(weight <= 0) {
weight += 1000;
done = 0;
r2 = (myrand(param, sizeof(struct clientparam))%1000);
}
if(!connected){
if(cur->type == R_EXTIP){
param->sinsl = cur->addr;
if(SAISNULL(&param->sinsl) && (*SAFAMILY(&param->sincr) == AF_INET || *SAFAMILY(&param->sincr) == AF_INET6))param->sinsl = param->sincr;
#ifndef NOIPV6
else if(cur->cidr && *SAFAMILY(&param->sinsl) == AF_INET6){
uint16_t c;
int i;
for(i = 0; i < 8; i++){
if(i==4)myrand(&param->sincr, sizeof(param->sincr));
else if(i==6) myrand(&param->req, sizeof(param->req));
if(i*16 >= cur->cidr) ((uint16_t *)SAADDR(&param->sinsl))[i] |= rand();
else if ((i+1)*16 > cur->cidr){
c = rand();
c >>= (cur->cidr - (i*16));
c |= ntohs(((uint16_t *)SAADDR(&param->sinsl))[i]);
((uint16_t *)SAADDR(&param->sinsl))[i] = htons(c);
}
}
}
#endif
if(cur->next)continue;
return 0;
}
else if(SAISNULL(&cur->addr) && !*SAPORT(&cur->addr)){
int i;
if(cur->extuser){
if(param->extusername)
myfree(param->extusername);
param->extusername = (unsigned char *)mystrdup((char *)((*cur->extuser == '*' && param->username)? param->username : cur->extuser));
if(cur->extpass){
if(param->extpassword)
myfree(param->extpassword);
param->extpassword = (unsigned char *)mystrdup((char *)((*cur->extuser == '*' && param->password)?param->password : cur->extpass));
}
if(*cur->extuser == '*' && !param->username) return 4;
}
for(i=0; redirs[i].name; i++){
if(cur->type == redirs[i].redir) {
param->redirectfunc = redirs[i].func;
break;
}
}
if(cur->type == R_HA){
ha = 1;
}
if(cur->next)continue;
if(!ha) return 0;
}
else if(!*SAPORT(&cur->addr) && !SAISNULL(&cur->addr)) {
uint16_t port = *SAPORT(&param->sinsr);
param->sinsr = cur->addr;
*SAPORT(&param->sinsr) = port;
}
else if(SAISNULL(&cur->addr) && *SAPORT(&cur->addr)) *SAPORT(&param->sinsr) = *SAPORT(&cur->addr);
else {
param->sinsr = cur->addr;
}
if((res = alwaysauth(param))){
return (res >= 10)? res : 60+res;
}
if(ha) {
char buf[128];
int len;
len = sprintf(buf, "PROXY %s ",
*SAFAMILY(&param->sincr) == AF_INET6 ? "TCP6" : "TCP4");
len += myinet_ntop(*SAFAMILY(&param->sincr), SAADDR(&param->sincr), buf+len, sizeof(param->sincr));
buf[len++] = ' ';
len += myinet_ntop(*SAFAMILY(&param->sincl), SAADDR(&param->sincl), buf+len, sizeof(param->sincl));
len += sprintf(buf + len, " %hu %hu\r\n",
ntohs(*SAPORT(&param->sincr)),
ntohs(*SAPORT(&param->sincl))
);
if(socksend(param, param->remsock, (unsigned char *)buf, len, conf.timeouts[CHAIN_TO])!=len) return 39;
return 0;
}
}
else {
res = (redir)?clientnegotiate(redir, param, (struct sockaddr *)&cur->addr, cur->exthost):0;
if(res) return res;
}
redir = cur;
param->redirtype = redir->type;
if(redir->type == R_TCP || redir->type ==R_HTTP) {
if(cur->extuser){
if(*cur -> extuser == '*' && !param->username) return 4;
if(param->extusername)
myfree(param->extusername);
param->extusername = (unsigned char *)mystrdup((char *)((*cur->extuser == '*' && param->username)? param->username : cur->extuser));
if(cur->extpass){
if(param->extpassword)
myfree(param->extpassword);
param->extpassword = (unsigned char *)mystrdup((char *)((*cur->extuser == '*' && param->password)?param->password : cur->extpass));
}
}
if(redir->secure) return ssl_parent(param);
return 0;
}
connected = 1;
}
if(!connected || !redir) return 0;
return clientnegotiate(redir, param, (struct sockaddr *)&param->req, param->hostname);
}
int IPInentry(struct sockaddr *sa, struct iplist *ipentry){
int addrlen;
unsigned char *ip, *ipf, *ipt;
if(!sa || ! ipentry || *SAFAMILY(sa) != ipentry->family) return 0;
ip = (unsigned char *)SAADDR(sa);
ipf = (unsigned char *)&ipentry->ip_from;
ipt = (unsigned char *)&ipentry->ip_to;
addrlen = SAADDRLEN(sa);
if(memcmp(ip,ipf,addrlen) < 0 || memcmp(ip,ipt,addrlen) > 0) return 0;
return 1;
}
int ACLmatches(struct ace* acentry, struct clientparam * param){
struct userlist * userentry;
struct iplist *ipentry;
struct portlist *portentry;
struct period *periodentry;
unsigned char * username;
struct hostname * hstentry=NULL;
int i;
int match = 0;
username = param->username?param->username:(unsigned char *)"-";
if(acentry->src) {
for(ipentry = acentry->src; ipentry; ipentry = ipentry->next)
if(IPInentry((struct sockaddr *)&param->sincr, ipentry)) {
break;
}
if(!ipentry) return 0;
}
if((acentry->dst && (!SAISNULL(&param->req) || param->operation == UDPASSOC || param->operation==BIND)) || (acentry->dstnames && param->hostname)) {
for(ipentry = acentry->dst; ipentry; ipentry = ipentry->next)
if(IPInentry((struct sockaddr *)&param->req, ipentry)) {
break;
}
if(!ipentry) {
if(acentry->dstnames && param->hostname){
for(i=0; param->hostname[i]; i++){
param->hostname[i] = tolower(param->hostname[i]);
}
while(i > 5 && param->hostname[i-1] == '.') param->hostname[i-1] = 0;
for(hstentry = acentry->dstnames; hstentry; hstentry = hstentry->next){
int lname, lhost;
switch(hstentry->matchtype){
case 0:
#ifndef _WIN32
if(strcasestr((char *)param->hostname, (char *)hstentry->name)) match = 1;
#else
if(strstr((char *)param->hostname, (char *)hstentry->name)) match = 1;
#endif
break;
case 1:
if(!strncasecmp((char *)param->hostname, (char *)hstentry->name, strlen((char *)hstentry->name)))
match = 1;
break;
case 2:
lname = strlen((char *)hstentry->name);
lhost = strlen((char *)param->hostname);
if(lhost > lname){
if(!strncasecmp((char *)param->hostname + (lhost - lname),
(char *)hstentry->name,
lname))
match = 1;
}
break;
default:
if(!strcasecmp((char *)param->hostname, (char *)hstentry->name)) match = 1;
break;
}
if(match) break;
}
}
}
if(!ipentry && !hstentry) return 0;
}
if(acentry->ports && (*SAPORT(&param->req) || param->operation == UDPASSOC || param->operation == BIND)) {
for (portentry = acentry->ports; portentry; portentry = portentry->next)
if(ntohs(*SAPORT(&param->req)) >= portentry->startport &&
ntohs(*SAPORT(&param->req)) <= portentry->endport) {
break;
}
if(!portentry) return 0;
}
if(acentry->wdays){
if(!(acentry -> wdays & wday)) return 0;
}
if(acentry->periods){
int start_time = (int)(param->time_start - basetime);
for(periodentry = acentry->periods; periodentry; periodentry = periodentry -> next)
if(start_time >= periodentry->fromtime && start_time < periodentry->totime){
break;
}
if(!periodentry) return 0;
}
if(acentry->users){
for(userentry = acentry->users; userentry; userentry = userentry->next)
if(!strcmp((char *)username, (char *)userentry->user)){
break;
}
if(!userentry) return 0;
}
if(acentry->operation) {
if((acentry->operation & param->operation) != param->operation){
return 0;
}
}
if(acentry->weight && (acentry->weight < param->weight)) return 0;
return 1;
}
int startconnlims (struct clientparam *param){
struct connlim * ce;
time_t delta;
uint64_t rating;
int ret = 0;
param->connlim = 1;
pthread_mutex_lock(&connlim_mutex);
for(ce = conf.connlimiter; ce; ce = ce->next) {
if(ACLmatches(ce->ace, param)){
if(ce->ace->action == NOCONNLIM)break;
if(!ce->period){
if(ce->rate <= ce->rating) {
ret = 1;
break;
}
ce->rating++;
continue;
}
delta = conf.time - ce->basetime;
if(ce->period <= delta || ce->basetime > conf.time){
ce->basetime = conf.time;
ce->rating = 0x100000;
continue;
}
rating = delta? ((ce->rating * (ce->period - delta)) / ce->period) + 0x100000 : ce->rating + 0x100000;
if (rating > (ce->rate<<20)) {
ret = 2;
break;
}
ce->rating = rating;
ce->basetime = conf.time;
}
}
pthread_mutex_unlock(&connlim_mutex);
return ret;
}
void stopconnlims (struct clientparam *param){
struct connlim * ce;
pthread_mutex_lock(&connlim_mutex);
for(ce = conf.connlimiter; ce; ce = ce->next) {
if(ACLmatches(ce->ace, param)){
if(ce->ace->action == NOCONNLIM)break;
if(!ce->period && ce->rating){
ce->rating--;
continue;
}
}
}
pthread_mutex_unlock(&connlim_mutex);
}
static void initbandlims (struct clientparam *param){
struct bandlim * be;
int i;
param->bandlimfunc = NULL;
param->bandlims[0] = NULL;
param->bandlimsout[0] = NULL;
if(!conf.bandlimfunc || (!conf.bandlimiter && !conf.bandlimiterout)) return;
for(i=0, be = conf.bandlimiter; be && i<MAXBANDLIMS; be = be->next) {
if(ACLmatches(be->ace, param)){
if(be->ace->action == NOBANDLIM) {
break;
}
param->bandlims[i++] = be;
param->bandlimfunc = conf.bandlimfunc;
}
}
if(i<MAXBANDLIMS)param->bandlims[i] = NULL;
for(i=0, be = conf.bandlimiterout; be && i<MAXBANDLIMS; be = be->next) {
if(ACLmatches(be->ace, param)){
if(be->ace->action == NOBANDLIM) {
break;
}
param->bandlimsout[i++] = be;
param->bandlimfunc = conf.bandlimfunc;
}
}
if(i<MAXBANDLIMS)param->bandlimsout[i] = NULL;
param->bandlimver = conf.bandlimver;
}
unsigned bandlimitfunc(struct clientparam *param, unsigned nbytesin, unsigned nbytesout){
unsigned sleeptime = 0, nsleeptime;
time_t sec;
unsigned msec;
unsigned now;
int i;
#ifdef _WIN32
struct timeb tb;
ftime(&tb);
sec = (unsigned)tb.time;
msec = (unsigned)tb.millitm*1000;
#else
struct timeval tv;
gettimeofday(&tv, NULL);
sec = tv.tv_sec;
msec = tv.tv_usec;
#endif
if(!nbytesin && !nbytesout) return 0;
pthread_mutex_lock(&bandlim_mutex);
if(param->bandlimver != conf.bandlimver){
initbandlims(param);
param->bandlimver = conf.bandlimver;
}
for(i=0; nbytesin&& i<MAXBANDLIMS && param->bandlims[i]; i++){
if( !param->bandlims[i]->basetime ||
param->bandlims[i]->basetime > sec ||
param->bandlims[i]->basetime < (sec - 120)
)
{
param->bandlims[i]->basetime = sec;
param->bandlims[i]->nexttime = 0;
continue;
}
now = (unsigned)((sec - param->bandlims[i]->basetime) * 1000000) + msec;
nsleeptime = (param->bandlims[i]->nexttime > now)?
param->bandlims[i]->nexttime - now : 0;
sleeptime = (nsleeptime > sleeptime)? nsleeptime : sleeptime;
param->bandlims[i]->basetime = sec;
param->bandlims[i]->nexttime = msec + nsleeptime + (((uint64_t)nbytesin * 8 * 1000000) / param->bandlims[i]->rate);
}
for(i=0; nbytesout && i<MAXBANDLIMS && param->bandlimsout[i]; i++){
if( !param->bandlimsout[i]->basetime ||
param->bandlimsout[i]->basetime > sec ||
param->bandlimsout[i]->basetime < (sec - 120)
)
{
param->bandlimsout[i]->basetime = sec;
param->bandlimsout[i]->nexttime = 0;
continue;
}
now = (unsigned)((sec - param->bandlimsout[i]->basetime) * 1000000) + msec;
nsleeptime = (param->bandlimsout[i]->nexttime > now)?
param->bandlimsout[i]->nexttime - now : 0;
sleeptime = (nsleeptime > sleeptime)? nsleeptime : sleeptime;
param->bandlimsout[i]->basetime = sec;
param->bandlimsout[i]->nexttime = msec + nsleeptime + ((nbytesout > 512)? ((nbytesout+32)/64)*((64*8*1000000)/param->bandlimsout[i]->rate) : ((nbytesout+1)* (8*1000000))/param->bandlimsout[i]->rate);
}
pthread_mutex_unlock(&bandlim_mutex);
return sleeptime/1000;
}
void trafcountfunc(struct clientparam *param){
struct trafcount * tc;
int countout = 0;
pthread_mutex_lock(&tc_mutex);
for(tc = conf.trafcounter; tc; tc = tc->next) {
if(ACLmatches(tc->ace, param)){
if(tc->ace->action == NOCOUNTIN) {
countout = 1;
break;
}
if(tc->ace->action == NOCOUNTALL) break;
if(tc->ace->action != COUNTIN && tc->ace->action != COUNTALL) {
countout = 1;
continue;
}
tc->traf64 += param->statssrv64;
tc->updated = conf.time;
}
}
if(countout) for(tc = conf.trafcounter; tc; tc = tc->next) {
if(ACLmatches(tc->ace, param)){
if(tc->ace->action == NOCOUNTOUT || tc->ace->action == NOCOUNTALL) break;
if(tc->ace->action != COUNTOUT && tc->ace->action != COUNTALL ) {
continue;
}
tc->traf64 += param->statscli64;
tc->updated = conf.time;
}
}
pthread_mutex_unlock(&tc_mutex);
}
int alwaysauth(struct clientparam * param){
int res;
@ -21,13 +689,13 @@ int alwaysauth(struct clientparam * param){
res = doconnect(param);
if(!res){
if(conf.bandlimfunc && (conf.bandlimiter||conf.bandlimiterout)){
_3proxy_mutex_lock(&bandlim_mutex);
pthread_mutex_lock(&bandlim_mutex);
initbandlims(param);
_3proxy_mutex_unlock(&bandlim_mutex);
pthread_mutex_unlock(&bandlim_mutex);
}
if(conf.trafcountfunc && conf.trafcounter) {
_3proxy_mutex_lock(&tc_mutex);
pthread_mutex_lock(&tc_mutex);
for(tc = conf.trafcounter; tc; tc = tc->next) {
if(tc->disabled) continue;
if(ACLmatches(tc->ace, param)){
@ -41,11 +709,11 @@ int alwaysauth(struct clientparam * param){
if(tc->ace->action != COUNTALL) continue;
}
if(tc->traflim64 <= tc->traf64) {
_3proxy_mutex_unlock(&tc_mutex);
pthread_mutex_unlock(&tc_mutex);
return 10;
}
param->trafcountfunc = conf.trafcountfunc;
param->maxtrafin64 = tc->traflim64 - tc->traf64;
param->maxtrafin64 = tc->traflim64 - tc->traf64;
}
}
if(countout)for(tc = conf.trafcounter; tc; tc = tc->next) {
@ -56,24 +724,62 @@ int alwaysauth(struct clientparam * param){
continue;
}
if(tc->traflim64 <= tc->traf64) {
_3proxy_mutex_unlock(&tc_mutex);
pthread_mutex_unlock(&tc_mutex);
return 10;
}
param->trafcountfunc = conf.trafcountfunc;
param->maxtrafout64 = tc->traflim64 - tc->traf64;
param->maxtrafout64 = tc->traflim64 - tc->traf64;
}
}
_3proxy_mutex_unlock(&tc_mutex);
pthread_mutex_unlock(&tc_mutex);
}
}
return res;
}
int checkACL(struct clientparam * param){
struct ace* acentry;
if(!param->srv->acl) {
return 0;
}
for(acentry = param->srv->acl; acentry; acentry = acentry->next) {
if(ACLmatches(acentry, param)) {
param->nolog = acentry->nolog;
param->weight = acentry->weight;
if(acentry->action == 2) {
struct ace dup;
int res=60,i=0;
if(param->operation < 256 && !(param->operation & CONNECT)){
continue;
}
if(param->redirected && acentry->chains && SAISNULL(&acentry->chains->addr) && !*SAPORT(&acentry->chains->addr)) {
continue;
}
if(param->remsock != INVALID_SOCKET) {
return 0;
}
for(; i < conf.parentretries; i++){
dup = *acentry;
res = handleredirect(param, &dup);
if(!res) break;
if(param->remsock != INVALID_SOCKET) param->srv->so._closesocket(param->sostate, param->remsock);
param->remsock = INVALID_SOCKET;
}
return res;
}
return acentry->action;
}
}
return 3;
}
int cacheauth(struct clientparam * param){
struct authcache ac;
uint32_t ttl;
if(
((conf.authcachetype & 2) && !param->username) ||
((conf.authcachetype & 4) && !param->password) ||
@ -91,10 +797,10 @@ int cacheauth(struct clientparam * param){
)) {
return 10;
}
if(!(conf.authcachetype&2) && *ac.username){
if(param->username) free(param->username);
param->username = (unsigned char *)strdup((char *)ac.username);
if(param->username) myfree(param->username);
param->username = (unsigned char *)mystrdup((char *)ac.username);
}
if((conf.authcachetype & 32)){
memset(&param->sinsl, 0, sizeof(param->sinsl));
@ -118,11 +824,8 @@ int doauth(struct clientparam * param){
return res;
if(conf.authcachetype && authfuncs->authenticate && authfuncs->authenticate != cacheauth && param->username && (!(conf.authcachetype&4) || (!param->pwtype && param->password))){
struct authcache ac={.username=""};
if(param->username) {
strncpy((char *)ac.username, (char *)param->username, 64);
ac.username[63] = 0;
}
if(param->username) strncpy((char *)ac.username, (char *)param->username, 64);
if(*SAFAMILY(&param->sincr) == AF_INET
#ifndef NOIPv6
|| *SAFAMILY(&param->sincr) == AF_INET6
@ -131,7 +834,7 @@ int doauth(struct clientparam * param){
ac.sincr_family = *SAFAMILY(&param->sincr);
memcpy(ac.sincr_addr, SAADDR(&param->sincr), SAADDRLEN(&param->sincr));
}
if(*SAFAMILY(&param->sinsl) == AF_INET
#ifndef NOIPv6
|| *SAFAMILY(&param->sinsl) == AF_INET6
@ -151,7 +854,7 @@ int doauth(struct clientparam * param){
ret = alwaysauth(param);
if (param->afterauthfilters){
FILTER_ACTION action;
action = handleafterauthflt(param);
if(action != PASS) return 19;
}
@ -198,12 +901,12 @@ int dnsauth(struct clientparam * param){
else {
u = ntohl(*(uint32_t *)SAADDR(&param->sincr));
sprintf(buf, "%u.%u.%u.%u.in-addr.arpa",
sprintf(buf, "%u.%u.%u.%u.in-addr.arpa",
((u&0x000000FF)),
((u&0x0000FF00)>>8),
((u&0x00FF0000)>>16),
((u&0xFF000000)>>24));
}
if(!udpresolve(*SAFAMILY(&param->sincr), (unsigned char *)buf, (unsigned char *)addr, NULL, param, 1)) {
return 3;
@ -216,46 +919,46 @@ int dnsauth(struct clientparam * param){
}
int strongauth(struct clientparam * param){
static char dummy;
struct passwords * pwl;
unsigned char buf[256];
char pass[256] = {0};
if (!param->username) return 4;
if (!param->pwtype && param->password) {
if (pwl_table.ihashtable && hashresolv(&pwl_table, param->username, pass, NULL)) {
switch(pass[0]){
case CL: {
int pwlen = strlen((char *)param->password);
if(pwlen > 255) pwlen = 255;
if((unsigned)pwlen < pwl_table.recsize) {
if(!strncmp(pass + 1, (char *)param->password, pwl_table.recsize - 1)) return 0;
} else {
blake2b_state S;
unsigned hashsz;
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
memset(buf, 0, pwl_table.recsize - 1);
blake2b_init(&S, hashsz);
blake2b_update(&S, param->password, pwlen + 1);
blake2b_final(&S, buf, hashsz);
if(!memcmp(pass + 1, buf, pwl_table.recsize - 1)) return 0;
}
return 6;
}
case CR:
if (mycrypt(param->password, (unsigned char *)pass + 1, buf) &&
!strcmp(pass + 1, (char *)buf))
return 0;
else return 7;
#ifdef WITH_SSL
case NT:
if(ntpwdhash(buf, param->password, 1) && !strcmp(pass + 1, (char *)buf)) return 0;
else return 8;
#endif
default:
break;
}
if(!param->username) return 4;
pthread_mutex_lock(&pwl_mutex);
for(pwl = conf.pwl; pwl; pwl=pwl->next){
if(!strcmp((char *)pwl->user, (char *)param->username)) switch(pwl->pwtype) {
case CL:
if(!pwl->password || !*pwl->password){
break;
}
else if (!param->pwtype && param->password && !strcmp((char *)param->password, (char *)pwl->password)){
break;
}
pthread_mutex_unlock(&pwl_mutex);
return 6;
#ifndef NOCRYPT
case CR:
if(param->password && !param->pwtype && !strcmp((char *)pwl->password, (char *)mycrypt(param->password, pwl->password,buf))) {
break;
}
pthread_mutex_unlock(&pwl_mutex);
return 7;
case NT:
if(param->password && !param->pwtype && !memcmp(pwl->password, ntpwdhash(buf,param->password, 1), 32)) {
break;
}
pthread_mutex_unlock(&pwl_mutex);
return 8;
#endif
default:
pthread_mutex_unlock(&pwl_mutex);
return 999;
}
else continue;
pthread_mutex_unlock(&pwl_mutex);
return 0;
}
pthread_mutex_unlock(&pwl_mutex);
return 5;
}

53
src/authradius.c
View File

@ -1,6 +1,6 @@
/*
3APA3A simplest proxy server
(c) 2000-2026 by Vladimir Dubrovin <vlad@3proxy.org>
(c) 2000-2021 by Vladimir Dubrovin <3proxy@3proxy.org>
please read License Agreement
@ -8,7 +8,7 @@
#ifndef NORADIUS
#include "proxy.h"
#include <openssl/evp.h>
#include "libs/md5.h"
#define AUTH_VECTOR_LEN 16
#define MAX_STRING_LEN 254
@ -72,8 +72,6 @@
#define PW_ACCT_INPUT_PACKETS 47
#define PW_ACCT_OUTPUT_PACKETS 48
#define PW_ACCT_TERMINATE_CAUSE 49
#define PW_ACCT_INPUT_GIGAWORDS 52
#define PW_ACCT_OUTPUT_GIGAWORDS 53
#define PW_EVENT_TIMESTAMP 55
@ -168,7 +166,7 @@ static int ntry = 0;
int nradservers = 0;
char radiussecret[64]="";
_3proxy_mutex_t rad_mutex;
pthread_mutex_t rad_mutex;
void md5_calc(unsigned char *output, unsigned char *input,
unsigned int inputlen);
@ -185,25 +183,14 @@ char *strNcpy(char *dest, const char *src, int n)
return dest;
}
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
extern EVP_MD *md4_hash;
extern EVP_MD *md5_hash;
#endif
void md5_calc(unsigned char *output, unsigned char *input,
unsigned int inlen)
{
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
unsigned int len = 0;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_DigestInit_ex(ctx, md5_hash, NULL);
#else
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
#endif
EVP_DigestUpdate(ctx, input, inlen);
EVP_DigestFinal_ex(ctx, output, &len);
EVP_MD_CTX_free(ctx);
MD5_CTX context;
MD5Init(&context);
MD5Update(&context, input, inlen);
MD5Final(output, &context);
}
@ -281,7 +268,7 @@ void random_vector(uint8_t *vector, struct clientparam *param)
ntry = (int)basetime;
for (i = 0; i < (int)sizeof(random_vector_pool); i++) {
random_vector_pool[i] += myrand() & 0xff;
random_vector_pool[i] += myrand((void *) &param->msec_start, sizeof(param->msec_start)) & 0xff;
}
did_random = 1;
@ -340,11 +327,11 @@ int radsend(struct clientparam * param, int auth, int stop){
memset(&packet, 0, sizeof(packet));
_3proxy_mutex_lock(&rad_mutex);
pthread_mutex_lock(&rad_mutex);
if(auth)random_vector(packet.vector, param);
id = ((ntry++) & 0xff);
_3proxy_mutex_unlock(&rad_mutex);
pthread_mutex_unlock(&rad_mutex);
packet.code = auth?PW_AUTHENTICATION_REQUEST:PW_ACCOUNTING_REQUEST;
packet.id=id;
@ -377,7 +364,7 @@ int radsend(struct clientparam * param, int auth, int stop){
/* NAS-Port */
*ptr++ = PW_NAS_PORT_ID;
*ptr++ = 6;
(*(uint32_t *)ptr)=htonl(param->srv?(uint32_t)ntohs((*SAPORT(&param->srv->intsa))):0);
(*(uint32_t *)ptr)=htonl((uint32_t)ntohs((*SAPORT(&param->srv->intsa))));
ptr+=4;
total_length+=6;
@ -481,28 +468,12 @@ int radsend(struct clientparam * param, int auth, int stop){
(*(uint32_t *)ptr)=htonl((uint32_t)param->statssrv64);
ptr+=4;
total_length+=6;
/* Acct-Input-Gigawords */
if(param->statssrv64 > 0xFFFFFFFFULL){
*ptr++ = PW_ACCT_INPUT_GIGAWORDS;
*ptr++ = 6;
(*(uint32_t *)ptr)=htonl((uint32_t)(param->statssrv64 >> 32));
ptr+=4;
total_length+=6;
}
/* Acct-Output-Octets */
*ptr++ = PW_ACCT_OUTPUT_OCTETS;
*ptr++ = 6;
(*(uint32_t *)ptr)=htonl((uint32_t)param->statscli64);
ptr+=4;
total_length+=6;
/* Acct-Output-Gigawords */
if(param->statscli64 > 0xFFFFFFFFULL){
*ptr++ = PW_ACCT_OUTPUT_GIGAWORDS;
*ptr++ = 6;
(*(uint32_t *)ptr)=htonl((uint32_t)(param->statscli64 >> 32));
ptr+=4;
total_length+=6;
}
/* Acct-Input-Packets */
*ptr++ = PW_ACCT_INPUT_PACKETS;
*ptr++ = 6;

4
src/auto.c
View File

@ -1,6 +1,6 @@
/*
3APA3A simplest proxy server
(c) 2002-2026 by Vladimir Dubrovin <vlad@3proxy.org>
(c) 2002-2021 by Vladimir Dubrovin <3proxy@3proxy.org>
please read License Agreement
@ -13,7 +13,7 @@ void * autochild(struct clientparam* param) {
int len;
if(!param->clibuf){
if(!(param->clibuf = malloc(SRVBUFSIZE))) return 0;
if(!(param->clibuf = myalloc(SRVBUFSIZE))) return 0;
param->clibufsize = SRVBUFSIZE;
param->clioffset = param->cliinbuf = 0;
}

2
src/base64.c
View File

@ -1,5 +1,5 @@
/*
(c) 2002-2026 by Vladimir Dubrovin <vlad@3proxy.org>
(c) 2002-2021 by Vladimir Dubrovin <3proxy@3proxy.org>
please read License Agreement

144
src/common.c
View File

@ -1,6 +1,6 @@
/*
3APA3A simplest proxy server
(c) 2002-2026 by Vladimir Dubrovin <vlad@3proxy.org>
(c) 2002-2021 by Vladimir Dubrovin <3proxy@3proxy.org>
please read License Agreement
@ -13,25 +13,7 @@
char * copyright = COPYRIGHT;
#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
# define MYRAND_ARC4RANDOM 1
#elif defined(__GLIBC__) && ((__GLIBC__ > 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 36)))
# define MYRAND_ARC4RANDOM 1
#elif defined(__linux__)
# define MYRAND_GETRANDOM 1
# include <sys/random.h>
#elif defined(_WIN32)
# if defined(__WATCOMC__)
# define MYRAND_CRYPTGENRANDOM 1
# include <wincrypt.h>
# else
# define MYRAND_BCRYPTGENRANDOM 1
# include <bcrypt.h>
# pragma comment(lib, "bcrypt.lib")
# endif
#else
# define MYRAND_FALLBACK 1
#endif
int randomizer = 1;
@ -40,15 +22,10 @@ char * copyright = COPYRIGHT;
void daemonize(void){
pid_t pid = fork();
if(pid > 0) {
if(fork() > 0) {
usleep(SLEEPTIME);
_exit(0);
}
if(pid < 0) {
perror("fork()");
return;
}
setsid();
}
@ -56,6 +33,35 @@ char * copyright = COPYRIGHT;
unsigned char **stringtable = NULL;
#ifdef WITH_LINUX_FUTEX
int sys_futex(void *addr1, int op, int val1, struct timespec *timeout, void *addr2, int val3)
{
return syscall(SYS_futex, addr1, op, val1, timeout, addr2, val3);
}
int mutex_lock(int *val)
{
int c;
if ((c = __sync_val_compare_and_swap(val, 0, 1)) != 0)
do {
if(c == 2 || __sync_val_compare_and_swap(val, 1, 2) != 0)
sys_futex(val, FUTEX_WAIT_PRIVATE, 2, NULL, NULL, 0);
} while ((c = __sync_val_compare_and_swap(val, 0, 2)) != 0);
return 0;
}
int mutex_unlock(int *val)
{
if(__sync_fetch_and_sub (val, 1) != 1){
*val = 0;
sys_futex(val, FUTEX_WAKE_PRIVATE, 1, NULL, NULL, 0);
}
return 0;
}
#endif
#ifdef WITH_UN
void make_un(const unsigned char *path, struct sockaddr_un * sun){
memset(sun, 0, sizeof(*sun));
@ -133,11 +139,7 @@ int timeouts[12] = {
};
struct extparam conf = {
#ifdef _WIN32
.threadinit = NULL,
#else
.threadinit = 0,
#endif
.threadinit = {0, 0},
.timeouts = timeouts,
.acl = NULL,
.conffile = NULL,
@ -206,31 +208,18 @@ int numservers=0;
char* NULLADDR="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
uint32_t myrand(void){
#if defined(MYRAND_ARC4RANDOM)
return arc4random();
#elif defined(MYRAND_GETRANDOM)
uint32_t r = 0;
ssize_t n;
do {
n = getrandom(&r, sizeof(r), 0);
} while(n < 0 && errno == EINTR);
return r;
#elif defined(MYRAND_BCRYPTGENRANDOM)
uint32_t r = 0;
BCryptGenRandom(NULL, (PUCHAR)&r, sizeof(r), BCRYPT_USE_SYSTEM_PREFERRED_RNG);
return r;
#elif defined(MYRAND_CRYPTGENRANDOM)
uint32_t r = 0;
HCRYPTPROV prov;
if(CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT|CRYPT_SILENT)){
CryptGenRandom(prov, sizeof(r), (BYTE *)&r);
CryptReleaseContext(prov, 0);
int myrand(void * entropy, int len){
int i;
uint16_t init;
init = randomizer;
for(i=0; i < len/2; i++){
init ^= ((uint16_t *)entropy)[i];
}
return r;
#else
return ((uint32_t)rand() << 16) ^ (uint32_t)rand();
#endif
srand(rand()+init);
randomizer = rand();
return rand();
}
#ifndef WITH_POLL
@ -255,9 +244,6 @@ int
FD_ZERO(&writefd);
FD_ZERO(&oobfd);
for(i=0; i<nfds; i++){
#ifndef _WIN32
if(fds[i].fd >= FD_SETSIZE) continue;
#endif
if((fds[i].events&POLLIN))FD_SET(fds[i].fd, &readfd);
if((fds[i].events&POLLOUT))FD_SET(fds[i].fd, &writefd);
if((fds[i].events&POLLPRI))FD_SET(fds[i].fd, &oobfd);
@ -266,9 +252,6 @@ int
}
if((num = select(((int)(maxfd))+1, &readfd, &writefd, &oobfd, &tv)) < 1) return num;
for(i=0; i<nfds; i++){
#ifndef _WIN32
if(fds[i].fd >= FD_SETSIZE) continue;
#endif
if(FD_ISSET(fds[i].fd, &readfd)) fds[i].revents |= POLLIN;
if(FD_ISSET(fds[i].fd, &writefd)) fds[i].revents |= POLLOUT;
if(FD_ISSET(fds[i].fd, &oobfd)) fds[i].revents |= POLLPRI;
@ -498,8 +481,8 @@ int parsehostname(char *hostname, struct clientparam *param, uint16_t port){
*se = 0;
}
if(hostname != (char *)param->hostname){
if(param->hostname) free(param->hostname);
param->hostname = (unsigned char *)strdup(hostname + (se!=0));
if(param->hostname) myfree(param->hostname);
param->hostname = (unsigned char *)mystrdup(hostname + (se!=0));
}
if(sp){
port = atoi(sp+1);
@ -521,12 +504,12 @@ int parseusername(char *username, struct clientparam *param, int extpasswd){
*se = 0;
if(sp) *sp = 0;
if(*(sb+1)) {
if(param->password) free(param->password);
param->password = (unsigned char *)strdup(sb+1);
if(param->password) myfree(param->password);
param->password = (unsigned char *)mystrdup(sb+1);
}
if(*username) {
if(param->username) free(param->username);
param->username = (unsigned char *)strdup(username);
if(param->username) myfree(param->username);
param->username = (unsigned char *)mystrdup(username);
}
username = se+1;
}
@ -534,12 +517,12 @@ int parseusername(char *username, struct clientparam *param, int extpasswd){
if(!sp) sp = strchr(username, ':');
if(sp){
*sp = 0;
if(param->extpassword) free(param->extpassword);
param->extpassword = (unsigned char *) strdup(sp+1);
if(param->extpassword) myfree(param->extpassword);
param->extpassword = (unsigned char *) mystrdup(sp+1);
}
}
if(param->extusername) free(param->extusername);
param->extusername = (unsigned char *)strdup(username);
if(param->extusername) myfree(param->extusername);
param->extusername = (unsigned char *)mystrdup(username);
if(sb) *sb = ':';
if(se) *se = ':';
if(sp) *sp = ':';
@ -592,10 +575,9 @@ int doconnect(struct clientparam * param){
if (*SAFAMILY(&param->sincl) == *SAFAMILY(&param->req) && !memcmp(SAADDR(&param->sincl), SAADDR(&param->req), SAADDRLEN(&param->req)) &&
*SAPORT(&param->sincl) == *SAPORT(&param->req)) return 519;
if (param->operation == ADMIN || (( param->operation == DNSRESOLVE || param->operation == BIND || param->operation == UDPASSOC) && !param->redirected))
if (param->operation == ADMIN || param->operation == DNSRESOLVE || param->operation == BIND || param->operation == UDPASSOC)
return 0;
if (param->remsock != INVALID_SOCKET){
if(param->operation == UDPASSOC) return 0;
size = sizeof(param->sinsr);
if(param->srv->so._getpeername(param->sostate, param->remsock, (struct sockaddr *)&param->sinsr, &size)==-1) {return (14);}
}
@ -668,7 +650,7 @@ int doconnect(struct clientparam * param){
return 12;
}
if(param->operation >= 256 || (param->operation & CONNECT) || param->redirected){
if(param->operation >= 256 || (param->operation & CONNECT)){
if(connectwithpoll(param, param->remsock,(struct sockaddr *)&param->sinsr,SASIZE(&param->sinsr),conf.timeouts[CONNECT_TO])) {
return 13;
}
@ -682,6 +664,7 @@ int doconnect(struct clientparam * param){
action = handleconnectflt(param);
if(action != PASS) return 19;
}
return 0;
}
@ -697,7 +680,7 @@ int scanaddr(const unsigned char *s, uint32_t * ip, uint32_t * mask) {
RESOLVFUNC resolvfunc = NULL;
#ifndef _WIN32
_3proxy_mutex_t gethostbyname_mutex;
pthread_mutex_t gethostbyname_mutex;
int ghbn_init = 0;
#endif
@ -753,10 +736,10 @@ uint32_t getip(unsigned char *name){
#ifndef NOSTDRESOLVE
#if !defined(_WIN32) && !defined(GETHOSTBYNAME_R)
if(!ghbn_init){
_3proxy_mutex_init(&gethostbyname_mutex);
pthread_mutex_init(&gethostbyname_mutex, NULL);
ghbn_init++;
}
_3proxy_mutex_lock(&gethostbyname_mutex);
pthread_mutex_lock(&gethostbyname_mutex);
#endif
hp=gethostbyname((char *)name);
if (!hp && conf.demanddialprog) {
@ -765,7 +748,7 @@ uint32_t getip(unsigned char *name){
}
retval = hp?*(uint32_t *)hp->h_addr:0;
#if !defined(_WIN32) && !defined(GETHOSTBYNAME_R)
_3proxy_mutex_unlock(&gethostbyname_mutex);
pthread_mutex_unlock(&gethostbyname_mutex);
#endif
#ifdef GETHOSTBYNAME_R
#undef gethostbyname
@ -812,9 +795,7 @@ int afdetect(unsigned char *name){
uint32_t getip46(int family, unsigned char *name, struct sockaddr *sa){
#ifndef NOIPV6
int detect;
#ifndef NOSTDRESOLVE
struct addrinfo *ai, hint;
#endif
RESOLVFUNC tmpresolv;
if(!sa) return 0;
@ -834,6 +815,7 @@ uint32_t getip46(int family, unsigned char *name, struct sockaddr *sa){
return inet_pton(*SAFAMILY(sa), (char *)name, SAADDR(sa))>0? *SAFAMILY(sa) : 0;
}
if((tmpresolv = resolvfunc)){
int f = (family == 6 || family == 64)?AF_INET6:AF_INET;
*SAFAMILY(sa) = f;
@ -844,7 +826,6 @@ uint32_t getip46(int family, unsigned char *name, struct sockaddr *sa){
if(tmpresolv(f, name, SAADDR(sa))) return f;
return 0;
}
#ifndef NOSTDRESOLVE
memset(&hint, 0, sizeof(hint));
hint.ai_family = (family == 6 || family == 64)?AF_INET6:AF_INET;
if (getaddrinfo((char *)name, NULL, &hint, &ai)) {
@ -863,7 +844,6 @@ uint32_t getip46(int family, unsigned char *name, struct sockaddr *sa){
}
freeaddrinfo(ai);
}
#endif
return 0;
#endif
}

374
src/conf.c
View File

@ -1,19 +1,12 @@
/*
3APA3A simplest proxy server
(c) 2002-2026 by Vladimir Dubrovin <vlad@3proxy.org>
(c) 2002-2021 by Vladimir Dubrovin <3proxy@3proxy.org>
please read License Agreement
*/
#include "proxy.h"
#include "libs/blake2.h"
#ifdef WITH_SSL
void ssl_install(void);
#endif
#ifdef WITH_PCRE
void pcre_install(void);
#endif
#ifndef _WIN32
#include <sys/resource.h>
#include <pwd.h>
@ -27,10 +20,12 @@ void pcre_install(void);
#define DEFAULTCONFIG conf.stringtable[25]
#endif
_3proxy_mutex_t bandlim_mutex;
_3proxy_mutex_t connlim_mutex;
_3proxy_mutex_t tc_mutex;
_3proxy_mutex_t config_mutex;
pthread_mutex_t bandlim_mutex;
pthread_mutex_t connlim_mutex;
pthread_mutex_t tc_mutex;
pthread_mutex_t pwl_mutex;
pthread_mutex_t hash_mutex;
pthread_mutex_t config_mutex;
int haveerror = 0;
int linenum = 0;
@ -108,14 +103,6 @@ int getrotate(char c){
unsigned char * dologname (unsigned char *buf, unsigned char *name, const unsigned char *ext, ROTATION lt, time_t t) {
struct tm *ts;
static const char * const rot_fmt[] = {
[NONE] = "%s",
[ANNUALLY] = "%s.%04d",
[MONTHLY] = "%s.%04d.%02d",
[DAILY] = "%s.%04d.%02d.%02d",
[HOURLY] = "%s.%04d.%02d.%02d-%02d",
[MINUTELY] = "%s.%04d.%02d.%02d-%02d.%02d",
};
ts = localtime(&t);
if(strlen((char *)name) >= 4096){
@ -123,15 +110,37 @@ unsigned char * dologname (unsigned char *buf, unsigned char *name, const unsign
return buf;
}
if(strchr((char *)name, '%')){
dobuf2(NULL, buf, NULL, NULL, ts, (char *)name);
struct clientparam fakecli;
memset(&fakecli, 0, sizeof(fakecli));
dobuf2(&fakecli, buf, NULL, NULL, ts, (char *)name);
}
else if(lt == WEEKLY){
t = t - (ts->tm_wday * (60*60*24));
ts = localtime(&t);
sprintf((char *)buf, "%s.%04d.%02d.%02d", name, ts->tm_year+1900, ts->tm_mon+1, ts->tm_mday);
}
else if((unsigned)lt < sizeof(rot_fmt)/sizeof(rot_fmt[0]) && rot_fmt[lt]){
sprintf((char *)buf, rot_fmt[lt], name, ts->tm_year+1900, ts->tm_mon+1, ts->tm_mday, ts->tm_hour, ts->tm_min);
else switch(lt){
case NONE:
sprintf((char *)buf, "%s", name);
break;
case ANNUALLY:
sprintf((char *)buf, "%s.%04d", name, ts->tm_year+1900);
break;
case MONTHLY:
sprintf((char *)buf, "%s.%04d.%02d", name, ts->tm_year+1900, ts->tm_mon+1);
break;
case WEEKLY:
t = t - (ts->tm_wday * (60*60*24));
ts = localtime(&t);
sprintf((char *)buf, "%s.%04d.%02d.%02d", name, ts->tm_year+1900, ts->tm_mon+1, ts->tm_mday);
break;
case DAILY:
sprintf((char *)buf, "%s.%04d.%02d.%02d", name, ts->tm_year+1900, ts->tm_mon+1, ts->tm_mday);
break;
case HOURLY:
sprintf((char *)buf, "%s.%04d.%02d.%02d-%02d", name, ts->tm_year+1900, ts->tm_mon+1, ts->tm_mday, ts->tm_hour);
break;
case MINUTELY:
sprintf((char *)buf, "%s.%04d.%02d.%02d-%02d.%02d", name, ts->tm_year+1900, ts->tm_mon+1, ts->tm_mday, ts->tm_hour, ts->tm_min);
break;
default:
break;
}
if(ext){
strcat((char *)buf, ".");
@ -144,9 +153,10 @@ int start_proxy_thread(struct child * chp){
pthread_t thread;
#ifdef _WIN32
HANDLE h;
DWORD num;
#endif
char r[1];
_3proxy_sem_lock(conf.threadinit);
#ifdef _WIN32
#ifndef _WINCE
h = (HANDLE)_beginthreadex((LPSECURITY_ATTRIBUTES )NULL, 16384+conf.stacksize, (void *)startsrv, (void *) chp, (DWORD)0, &thread);
@ -161,8 +171,14 @@ int start_proxy_thread(struct child * chp){
pthread_create(&thread, &pa, startsrv, (void *)chp);
pthread_attr_destroy(&pa);
#endif
_3proxy_sem_lock(conf.threadinit);
_3proxy_sem_unlock(conf.threadinit);
#ifdef _WIN32
ReadFile(conf.threadinit[0], r, 1, &num, NULL);
#else
while(read(conf.threadinit[0], r, 1) !=1) if(errno != EINTR) {
fprintf(stderr, "pipe failed\n");
return 40;
}
#endif
if(haveerror) {
fprintf(stderr, "Service not started on line: %d%s\n", linenum, haveerror == 2? ": insufficient memory":"");
return(40);
@ -180,6 +196,7 @@ static int h_proxy(int argc, unsigned char ** argv){
childdef.port = 3128;
childdef.isudp = 0;
childdef.service = S_PROXY;
childdef.helpmessage = " -n - no NTLM support\n";
#ifdef NOIPV6
if(!resolvfunc || (resolvfunc == myresolver && !dns_table.poolsize)){
fprintf(stderr, "[line %d] Warning: no nserver/nscache configured, proxy may run very slow\n", linenum);
@ -212,6 +229,7 @@ static int h_proxy(int argc, unsigned char ** argv){
childdef.port = 1080;
childdef.isudp = 0;
childdef.service = S_SOCKS;
childdef.helpmessage = " -n - no NTLM support\n";
#ifdef NOIPV6
if(!resolvfunc || (resolvfunc == myresolver && !dns_table.poolsize)){
fprintf(stderr, "[line %d] Warning: no nserver/nscache configured, socks may run very slow\n", linenum);
@ -304,7 +322,7 @@ static int h_log(int argc, unsigned char ** argv){
notchanged = 1;
}
if(!notchanged && conf.logtarget){
free(conf.logtarget);
myfree(conf.logtarget);
conf.logtarget = NULL;
}
if(argc > 1) {
@ -312,7 +330,7 @@ static int h_log(int argc, unsigned char ** argv){
conf.logfunc = lognone;
return 0;
}
if(!notchanged) conf.logtarget = (unsigned char *)strdup((char *)argv[1]);
if(!notchanged) conf.logtarget = (unsigned char *)mystrdup((char *)argv[1]);
if(*argv[1]=='@'){
#ifndef _WIN32
conf.logfunc = logsyslog;
@ -320,14 +338,14 @@ static int h_log(int argc, unsigned char ** argv){
openlog((char *)conf.logtarget+1, LOG_PID, LOG_DAEMON);
#endif
}
#ifdef WITH_ODBC
#ifndef NOODBC
else if(*argv[1]=='&'){
conf.logfunc = logsql;
if(notchanged) return 0;
_3proxy_mutex_lock(&log_mutex);
pthread_mutex_lock(&log_mutex);
close_sql();
init_sql((char *)argv[1]+1);
_3proxy_mutex_unlock(&log_mutex);
pthread_mutex_unlock(&log_mutex);
}
#endif
#ifndef NORADIUS
@ -342,8 +360,8 @@ static int h_log(int argc, unsigned char ** argv){
conf.logfunc = logstdout;
if(notchanged) return 0;
conf.logtime = time(0);
if(conf.logname)free(conf.logname);
conf.logname = (unsigned char *)strdup((char *)argv[1]);
if(conf.logname)myfree(conf.logname);
conf.logname = (unsigned char *)mystrdup((char *)argv[1]);
if(conf.stdlog) conf.stdlog = freopen((char *)dologname (tmpbuf, conf.logname, NULL, conf.logtype, conf.logtime), "a", conf.stdlog);
else conf.stdlog = fopen((char *)dologname (tmpbuf, conf.logname, NULL, conf.logtype, conf.logtime), "a");
if(!conf.stdlog){
@ -384,8 +402,8 @@ static int h_daemon(int argc, unsigned char **argv){
}
static int h_config(int argc, unsigned char **argv){
if(conf.conffile)free(conf.conffile);
conf.conffile = strdup((char *)argv[1]);
if(conf.conffile)myfree(conf.conffile);
conf.conffile = mystrdup((char *)argv[1]);
if(!conf.conffile) return 21;
return 0;
}
@ -407,10 +425,10 @@ static int h_include(int argc, unsigned char **argv){
static int h_archiver(int argc, unsigned char **argv){
int j;
conf.archiver = malloc(argc * sizeof(char *));
conf.archiver = myalloc(argc * sizeof(char *));
if(conf.archiver) {
conf.archiverc = argc;
for(j = 0; j < conf.archiverc; j++) conf.archiver[j] = (unsigned char *)strdup((char *)argv[j]);
for(j = 0; j < conf.archiverc; j++) conf.archiver[j] = (unsigned char *)mystrdup((char *)argv[j]);
}
return 0;
}
@ -428,6 +446,18 @@ static int h_counter(int argc, unsigned char **argv){
fprintf(stderr, "Not a counter file %s, line %d\n", argv[1], linenum);
return 2;
}
#ifdef _TIME64_T_DEFINED
#ifdef _MAX__TIME64_T
#define MAX_COUNTER_TIME (_MAX__TIME64_T)
#elif defined (MAX__TIME64_T)
#define MAX_COUNTER_TIME (MAX__TIME64_T)
#else
#define MAX_COUNTER_TIME (0x793406fff)
#endif
#else
#define MAX_COUNTER_TIME ((sizeof(time_t)>4)?(time_t)0x793406fff:(time_t)0x7fffffff)
#endif
if(ch1.updated < 0 || ch1.updated >= MAX_COUNTER_TIME){
fprintf(stderr, "Invalid or corrupted counter file %s. Use countersutil utility to convert from older version\n", argv[1]);
return 3;
@ -436,8 +466,8 @@ static int h_counter(int argc, unsigned char **argv){
}
if(argc >=4) {
conf.countertype = getrotate(*argv[2]);
if(conf.counterfile) free(conf.counterfile);
conf.counterfile = strdup((char *)argv[3]);
if(conf.counterfile) myfree(conf.counterfile);
conf.counterfile = mystrdup((char *)argv[3]);
}
return 0;
}
@ -454,8 +484,8 @@ static int h_maxseg(int argc, unsigned char **argv){
static int h_logformat(int argc, unsigned char **argv){
unsigned char * old = conf.logformat;
conf.logformat = (unsigned char *)strdup((char *)argv[1]);
if(old) free(old);
conf.logformat = (unsigned char *)mystrdup((char *)argv[1]);
if(old) myfree(old);
return 0;
}
@ -484,7 +514,7 @@ static int h_auth(int argc, unsigned char **argv){
for(argc--; argc; argc--){
for(au = authfuncs; au; au=au->next){
if(!strcmp((char *)argv[argc], au->desc)){
newau = malloc(sizeof(struct auth));
newau = myalloc(sizeof(struct auth));
if(!newau) {
return 21;
}
@ -503,59 +533,46 @@ static int h_auth(int argc, unsigned char **argv){
}
static int h_users(int argc, unsigned char **argv){
static char dummy;
int j;
unsigned char *arg;
char *pw[2];
char pass[256];
int l;
int j;
unsigned char *arg;
struct passwords *pwl = NULL;
for (j = 1; j<argc; j++) {
if(!(pwl = myalloc(sizeof(struct passwords)))) {
return(21);
}
memset(pwl, 0, sizeof(struct passwords));
arg = (unsigned char *)strchr((char *)argv[j], ':');
if(!arg||!arg[1]||!arg[2]||arg[3]!=':') {
pwl->user = (unsigned char *)mystrdup((char *)argv[j]);
pwl->pwtype = SYS;
}
else {
*arg = 0;
pwl->user = (unsigned char *)mystrdup((char *)argv[j]);
if((arg[1] == 'C' && arg[2] == 'L' && (pwl->pwtype = CL)) ||
(arg[1] == 'C' && arg[2] == 'R' && (pwl->pwtype = CR)) ||
(arg[1] == 'N' && arg[2] == 'T' && (pwl->pwtype = NT)) ||
(arg[1] == 'L' && arg[2] == 'M' && (pwl->pwtype = LM))){
pwl->password = (unsigned char *)mystrdup((char *)arg+4);
}
else {
pwl->password = (unsigned char *) mystrdup((char *)arg + 1);
pwl->pwtype = UN;
}
if(!pwl->password) return 3;
}
if(!pwl->user) return 21;
pthread_mutex_lock(&pwl_mutex);
pwl->next = conf.pwl;
conf.pwl = pwl;
pthread_mutex_unlock(&pwl_mutex);
for (j = 1; j < argc; j++) {
arg = (unsigned char *)strchr((char *)argv[j], ':');
if (!arg) continue;
*arg = 0;
pw[0] = (char *)argv[j];
if (!pwl_table.ihashtable && inithashtable(&pwl_table, 16, 32, 1048576))
return 3;
memset(pass, 0, sizeof(pass));
if (arg[1] && arg[2] && arg[3] == ':') {
pw[1] = (char *)(arg + 4);
if (arg[1] == 'N' && arg[2] == 'T') {
#ifdef WITH_SSL
*pass = NT;
#else
continue;
#endif
}
else if (arg[1] == 'C' && arg[2] == 'R') {
*pass = CR;
}
else if (arg[1] == 'C' && arg[2] == 'L') {
*pass = CL;
} else {
continue;
}
} else {
*pass = CL;
pw[1] = (char *)(arg + 1);
}
l = strlen(pw[1]);
if(l > 255) l = 255;
if((unsigned)l >= pwl_table.recsize) {
blake2b_state S;
unsigned hashsz;
if(*pass != CL) continue;
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
blake2b_init(&S, hashsz);
blake2b_update(&S, pw[1], l + 1);
blake2b_final(&S, pass+1, hashsz);
} else {
memcpy(pass + 1, pw[1], l);
}
hashadd(&pwl_table, pw[0], pass, MAX_COUNTER_TIME);
}
return 0;
return 0;
}
static int h_maxconn(int argc, unsigned char **argv){
@ -580,7 +597,7 @@ static int h_maxconn(int argc, unsigned char **argv){
static int h_backlog(int argc, unsigned char **argv){
conf.backlog = atoi((char *)argv[1]);
if(conf.backlog < 0) {
if(conf.maxchild < 0) {
return(1);
}
return 0;
@ -686,8 +703,8 @@ static int h_nsrecord(int argc, unsigned char **argv){
}
static int h_dialer(int argc, unsigned char **argv){
if(conf.demanddialprog) free(conf.demanddialprog);
conf.demanddialprog = strdup((char *)argv[1]);
if(conf.demanddialprog) myfree(conf.demanddialprog);
conf.demanddialprog = mystrdup((char *)argv[1]);
return 0;
}
@ -716,14 +733,14 @@ static int h_pidfile(int argc, unsigned char **argv){
static int h_monitor(int argc, unsigned char **argv){
struct filemon * fm;
fm = malloc(sizeof (struct filemon));
fm = myalloc(sizeof (struct filemon));
if(!fm) return 21;
if(stat((char *)argv[1], &fm->sb)){
free(fm);
myfree(fm);
fprintf(stderr, "Warning: file %s doesn't exist on line %d\n", argv[1], linenum);
}
else {
fm->path = strdup((char *)argv[1]);
fm->path = mystrdup((char *)argv[1]);
if(!fm->path) return 21;
fm->next = conf.fmon;
conf.fmon = fm;
@ -768,7 +785,7 @@ static int h_parent(int argc, unsigned char **argv){
}
acl->action = 2;
chains = malloc(sizeof(struct chain));
chains = myalloc(sizeof(struct chain));
if(!chains){
return(21);
}
@ -776,7 +793,6 @@ static int h_parent(int argc, unsigned char **argv){
chains->weight = (unsigned)atoi((char *)argv[1]);
if(chains->weight == 0 || chains->weight >1000) {
fprintf(stderr, "Chaining error: bad chain weight %u line %d\n", chains->weight, linenum);
free(chains);
return(3);
}
for(i = 0; redirs[i].name ; i++){
@ -792,7 +808,6 @@ static int h_parent(int argc, unsigned char **argv){
}
if(!redirs[i].name) {
fprintf(stderr, "Chaining error: bad chain type (%s)\n", argv[2]);
free(chains);
return(4);
}
#ifdef WITH_UN
@ -803,25 +818,19 @@ static int h_parent(int argc, unsigned char **argv){
#endif
cidr = strchr((char *)argv[3], '/');
if(cidr) *cidr = 0;
if(!getip46(46, argv[3], (struct sockaddr *)&chains->addr)) {
free(chains);
return (5);
}
if(!getip46(46, argv[3], (struct sockaddr *)&chains->addr)) return (5);
#ifdef WITH_UN
}
#endif
chains->exthost = (unsigned char *)strdup((char *)argv[3]);
if(!chains->exthost) {
free(chains);
return 21;
}
chains->exthost = (unsigned char *)mystrdup((char *)argv[3]);
if(!chains->exthost) return 21;
if(cidr){
*cidr = '/';
chains->cidr = atoi(cidr + 1);
}
*SAPORT(&chains->addr) = htons((uint16_t)atoi((char *)argv[4]));
if(argc > 5) chains->extuser = (unsigned char *)strdup((char *)argv[5]);
if(argc > 6) chains->extpass = (unsigned char *)strdup((char *)argv[6]);
if(argc > 5) chains->extuser = (unsigned char *)mystrdup((char *)argv[5]);
if(argc > 6) chains->extpass = (unsigned char *)mystrdup((char *)argv[6]);
if(!acl->chains) {
acl->chains = chains;
}
@ -907,7 +916,7 @@ struct ace * make_ace (int argc, unsigned char ** argv){
struct hostname *hostnamel=NULL;
int res;
acl = malloc(sizeof(struct ace));
acl = myalloc(sizeof(struct ace));
if(!acl) return acl;
memset(acl, 0, sizeof(struct ace));
if(argc > 0 && strcmp("*", (char *)argv[0])) {
@ -915,10 +924,10 @@ struct ace * make_ace (int argc, unsigned char ** argv){
arg = (unsigned char *)strtok((char *)arg, ",");
if(arg) do {
if(!acl->users) {
acl->users = userl = malloc(sizeof(struct userlist));
acl->users = userl = myalloc(sizeof(struct userlist));
}
else {
userl->next = malloc(sizeof(struct userlist));
userl->next = myalloc(sizeof(struct userlist));
userl = userl -> next;
}
if(!userl) {
@ -926,7 +935,7 @@ struct ace * make_ace (int argc, unsigned char ** argv){
return(NULL);
}
memset(userl, 0, sizeof(struct userlist));
userl->user=(unsigned char*)strdup((char *)arg);
userl->user=(unsigned char*)mystrdup((char *)arg);
if(!userl->user) return NULL;
} while((arg = (unsigned char *)strtok((char *)NULL, ",")));
}
@ -934,10 +943,10 @@ struct ace * make_ace (int argc, unsigned char ** argv){
arg = (unsigned char *)strtok((char *)argv[1], ",");
if(arg) do {
if(!acl->src) {
acl->src = ipl = malloc(sizeof(struct iplist));
acl->src = ipl = myalloc(sizeof(struct iplist));
}
else {
ipl->next = malloc(sizeof(struct iplist));
ipl->next = myalloc(sizeof(struct iplist));
ipl = ipl -> next;
}
if(!ipl) {
@ -962,10 +971,10 @@ struct ace * make_ace (int argc, unsigned char ** argv){
if(scanipl(arg, &tmpip)){
if(!arglen) continue;
if(!acl->dstnames) {
acl->dstnames = hostnamel = malloc(sizeof(struct hostname));
acl->dstnames = hostnamel = myalloc(sizeof(struct hostname));
}
else {
hostnamel->next = malloc(sizeof(struct hostname));
hostnamel->next = myalloc(sizeof(struct hostname));
hostnamel = hostnamel -> next;
}
if(!hostnamel){
@ -985,7 +994,7 @@ struct ace * make_ace (int argc, unsigned char ** argv){
arglen--;
hostnamel->matchtype ^= MATCHBEGIN;
}
hostnamel->name = (unsigned char *) strdup( (char *)pattern);
hostnamel->name = (unsigned char *) mystrdup( (char *)pattern);
if(!hostnamel->name) {
fprintf(stderr, "No memory for ACL entry, line %d\n", linenum);
return(NULL);
@ -994,10 +1003,10 @@ struct ace * make_ace (int argc, unsigned char ** argv){
else {
if(!acl->dst) {
acl->dst = ipl = malloc(sizeof(struct iplist));
acl->dst = ipl = myalloc(sizeof(struct iplist));
}
else {
ipl->next = malloc(sizeof(struct iplist));
ipl->next = myalloc(sizeof(struct iplist));
ipl = ipl -> next;
}
if(!ipl) {
@ -1012,10 +1021,10 @@ struct ace * make_ace (int argc, unsigned char ** argv){
arg = (unsigned char *)strtok((char *)argv[3], ",");
if(arg) do {
if(!acl->ports) {
acl->ports = portl = malloc(sizeof(struct portlist));
acl->ports = portl = myalloc(sizeof(struct portlist));
}
else {
portl->next = malloc(sizeof(struct portlist));
portl->next = myalloc(sizeof(struct portlist));
portl = portl -> next;
}
if(!portl) {
@ -1141,7 +1150,7 @@ struct ace * make_ace (int argc, unsigned char ** argv){
t2 = (t2 * 60) + (arg[12] - '0') * 10 + (arg[13] - '0');
t2 = (t2 * 60) + (arg[15] - '0') * 10 + (arg[16] - '0');
if(t2 < t1) break;
sp = malloc(sizeof(struct period));
sp = myalloc(sizeof(struct period));
if(sp){
sp->fromtime = t1;
sp->totime = t2;
@ -1220,17 +1229,14 @@ static int h_ace(int argc, unsigned char **argv){
acl->action = res;
switch(acl->action){
case REDIRECT:
acl->chains = malloc(sizeof(struct chain));
acl->chains = myalloc(sizeof(struct chain));
if(!acl->chains) {
freeacl(acl);
return(21);
}
memset(acl->chains, 0, sizeof(struct chain));
acl->chains->type = R_HTTP;
if(!getip46(46, argv[1], (struct sockaddr *)&acl->chains->addr)) {
freeacl(acl);
return 5;
}
if(!getip46(46, argv[1], (struct sockaddr *)&acl->chains->addr)) return 5;
*SAPORT(&acl->chains->addr) = htons((uint16_t)atoi((char *)argv[2]));
acl->chains->weight = 1000;
case ALLOW:
@ -1247,7 +1253,7 @@ static int h_ace(int argc, unsigned char **argv){
break;
case CONNLIM:
case NOCONNLIM:
ncl = malloc(sizeof(struct connlim));
ncl = myalloc(sizeof(struct connlim));
if(!ncl) {
freeacl(acl);
return(21);
@ -1258,7 +1264,7 @@ static int h_ace(int argc, unsigned char **argv){
sscanf((char *)argv[1], "%u", &ncl->rate);
sscanf((char *)argv[2], "%u", &ncl->period);
}
_3proxy_mutex_lock(&connlim_mutex);
pthread_mutex_lock(&connlim_mutex);
if(!conf.connlimiter){
conf.connlimiter = ncl;
}
@ -1268,13 +1274,13 @@ static int h_ace(int argc, unsigned char **argv){
for(cli = conf.connlimiter; cli->next; cli = cli->next);
cli->next = ncl;
}
_3proxy_mutex_unlock(&connlim_mutex);
pthread_mutex_unlock(&connlim_mutex);
break;
case BANDLIM:
case NOBANDLIM:
nbl = malloc(sizeof(struct bandlim));
nbl = myalloc(sizeof(struct bandlim));
if(!nbl) {
freeacl(acl);
return(21);
@ -1284,13 +1290,13 @@ static int h_ace(int argc, unsigned char **argv){
if(acl->action == BANDLIM) {
sscanf((char *)argv[1], "%u", &nbl->rate);
if(nbl->rate < 300) {
free(nbl);
myfree(nbl);
freeacl(acl);
fprintf(stderr, "Wrong bandwidth specified, line %d\n", linenum);
return(4);
}
}
_3proxy_mutex_lock(&bandlim_mutex);
pthread_mutex_lock(&bandlim_mutex);
if(!strcmp((char *)argv[0], "bandlimin") || !strcmp((char *)argv[0], "nobandlimin")){
if(!conf.bandlimiter){
conf.bandlimiter = nbl;
@ -1314,7 +1320,7 @@ static int h_ace(int argc, unsigned char **argv){
}
}
conf.bandlimver++;
_3proxy_mutex_unlock(&bandlim_mutex);
pthread_mutex_unlock(&bandlim_mutex);
break;
case COUNTIN:
@ -1324,7 +1330,7 @@ static int h_ace(int argc, unsigned char **argv){
case COUNTALL:
case NOCOUNTALL:
if(!conf.trafcountfunc) conf.trafcountfunc = trafcountfunc;
tl = malloc(sizeof(struct trafcount));
tl = myalloc(sizeof(struct trafcount));
if(!tl) {
freeacl(acl);
return(21);
@ -1338,14 +1344,14 @@ static int h_ace(int argc, unsigned char **argv){
tl->comment = ( char *)argv[1];
while(isdigit(*tl->comment))tl->comment++;
if(*tl->comment== '/')tl->comment++;
tl->comment = strdup(tl->comment);
tl->comment = mystrdup(tl->comment);
sscanf((char *)argv[1], "%u", &tl->number);
sscanf((char *)argv[3], "%lu", &lim);
tl->type = getrotate(*argv[2]);
tl->traflim64 = ((uint64_t)lim)*(1024*1024);
if(!tl->traflim64) {
free(tl);
myfree(tl);
freeacl(acl);
fprintf(stderr, "Wrong traffic limit specified, line %d\n", linenum);
return(6);
@ -1366,7 +1372,7 @@ static int h_ace(int argc, unsigned char **argv){
}
}
}
_3proxy_mutex_lock(&tc_mutex);
pthread_mutex_lock(&tc_mutex);
if(!conf.trafcounter){
conf.trafcounter = tl;
}
@ -1376,7 +1382,7 @@ static int h_ace(int argc, unsigned char **argv){
for(ntl = conf.trafcounter; ntl->next; ntl = ntl->next);
ntl->next = tl;
}
_3proxy_mutex_unlock(&tc_mutex);
pthread_mutex_unlock(&tc_mutex);
}
return 0;
@ -1414,7 +1420,7 @@ static int h_radius(int argc, unsigned char **argv){
s++;
}
if( !getip46(46, argv[nradservers + 2], (struct sockaddr *)&radiuslist[nradservers].authaddr)) return 1;
if( s && !getip46(46, (unsigned char *)s, (struct sockaddr *)&radiuslist[nradservers].localaddr)) return 2;
if( s && !getip46(46, (unsigned char *)s+1, (struct sockaddr *)&radiuslist[nradservers].localaddr)) return 2;
if(!*SAPORT(&radiuslist[nradservers].authaddr))*SAPORT(&radiuslist[nradservers].authaddr) = htons(1812);
port = ntohs(*SAPORT(&radiuslist[nradservers].authaddr));
radiuslist[nradservers].logaddr = radiuslist[nradservers].authaddr;
@ -1452,16 +1458,6 @@ static int h_authcache(int argc, unsigned char **argv){
}
static int h_plugin(int argc, unsigned char **argv){
#ifdef WITH_SSL
if(argc >= 3 && !strcmp((char *)argv[2], "ssl_plugin")){
return 0;
}
#endif
#ifdef WITH_PCRE
if(argc >= 3 && !strcmp((char *)argv[2], "pcre_plugin")){
return 0;
}
#endif
#ifdef NOPLUGINS
return 999;
#else
@ -1582,7 +1578,7 @@ static int h_chroot(int argc, unsigned char **argv){
p--;
*p = 0;
}
chrootp = strdup((char *)argv[1]);
chrootp = mystrdup((char *)argv[1]);
if(!chrootp) return 21;
}
if (gid && setregid(gid,gid)) {
@ -1728,21 +1724,21 @@ int parsestr (unsigned char *str, unsigned char **argm, int nitems, unsigned cha
*str = 0;
space = 1;
if(incbegin){
if(argc) argc--;
if((fd = open((char *)incbegin+1, O_RDONLY)) < 0){
argc--;
if((fd = open((char *)incbegin+1, O_RDONLY)) <= 0){
fprintf(stderr, "Failed to open %s\n", incbegin+1);
return -1;
}
if((*bufsize - *inbuf) <STRINGBUF){
*bufsize += STRINGBUF;
if(!(buf = realloc(buf, *bufsize))){
if(!(buf = myrealloc(buf, *bufsize))){
fprintf(stderr, "Failed to allocate memory for %s\n", incbegin+1);
close(fd);
return -1;
}
}
len = 0;
if(argc > 0 && argm[argc]!=(incbegin+1)) {
if(argm[argc]!=(incbegin+1)) {
len = (int)strlen((char *)argm[argc]);
memmove(buf+*inbuf, argm[argc], len);
}
@ -1788,7 +1784,7 @@ int readconfig(FILE * fp){
struct commands * cm;
int res = 0;
if( !(buf = malloc(bufsize)) || ! (argv = malloc((NPARAMS + 1) * sizeof(unsigned char *))) ) {
if( !(buf = myalloc(bufsize)) || ! (argv = myalloc((NPARAMS + 1) * sizeof(unsigned char *))) ) {
fprintf(stderr, "No memory for configuration");
return(10);
}
@ -1835,8 +1831,8 @@ int readconfig(FILE * fp){
fprintf(stderr, "Unknown command: '%s' line %d\n", argv[0], linenum);
return(linenum);
}
free(buf);
free(argv);
myfree(buf);
myfree(argv);
return 0;
}
@ -1845,8 +1841,8 @@ int readconfig(FILE * fp){
void freepwl(struct passwords *pwl){
for(; pwl; pwl = (struct passwords *)itfree(pwl, pwl->next)){
if(pwl->user)free(pwl->user);
if(pwl->password)free(pwl->password);
if(pwl->user)myfree(pwl->user);
if(pwl->password)myfree(pwl->password);
}
}
@ -1856,6 +1852,7 @@ void freeconf(struct extparam *confp){
struct bandlim * blout;
struct connlim * cl;
struct trafcount * tc;
struct passwords *pw;
struct ace *acl;
struct filemon *fm;
int counterd, archiverc;
@ -1867,29 +1864,33 @@ void freeconf(struct extparam *confp){
_3proxy_mutex_lock(&tc_mutex);
pthread_mutex_lock(&tc_mutex);
confp->trafcountfunc = NULL;
tc = confp->trafcounter;
confp->trafcounter = NULL;
counterd = confp->counterd;
confp->counterd = -1;
confp->countertype = NONE;
_3proxy_mutex_unlock(&tc_mutex);
pthread_mutex_unlock(&tc_mutex);
_3proxy_mutex_lock(&bandlim_mutex);
pthread_mutex_lock(&bandlim_mutex);
bl = confp->bandlimiter;
blout = confp->bandlimiterout;
confp->bandlimiter = NULL;
confp->bandlimiterout = NULL;
confp->bandlimfunc = NULL;
confp->bandlimver++;
_3proxy_mutex_unlock(&bandlim_mutex);
_3proxy_mutex_lock(&connlim_mutex);
pthread_mutex_unlock(&bandlim_mutex);
pthread_mutex_lock(&connlim_mutex);
cl = confp->connlimiter;
confp->connlimiter = NULL;
_3proxy_mutex_unlock(&connlim_mutex);
pthread_mutex_unlock(&connlim_mutex);
pthread_mutex_lock(&pwl_mutex);
pw = confp->pwl;
confp->pwl = NULL;
pthread_mutex_unlock(&pwl_mutex);
destroyhashtable(&pwl_table);
confp->logfunc = lognone;
logformat = confp->logformat;
@ -1928,12 +1929,13 @@ void freeconf(struct extparam *confp){
}
if(tc)dumpcounters(tc,counterd);
for(; tc; tc = (struct trafcount *) itfree(tc, tc->next)){
if(tc->comment)free(tc->comment);
if(tc->comment)myfree(tc->comment);
freeacl(tc->ace);
}
freeacl(acl);
freepwl(pw);
for(; bl; bl = (struct bandlim *) itfree(bl, bl->next)) freeacl(bl->ace);
for(; blout; blout = (struct bandlim *) itfree(blout, blout->next))freeacl(blout->ace);
for(; cl; cl = (struct connlim *) itfree(cl, cl->next)) freeacl(cl->ace);
@ -1942,14 +1944,14 @@ void freeconf(struct extparam *confp){
close(counterd);
}
for(; fm; fm = (struct filemon *)itfree(fm, fm->next)){
if(fm->path) free(fm->path);
if(fm->path) myfree(fm->path);
}
if(logformat) {
free(logformat);
myfree(logformat);
}
if(archiver) {
for(i = 0; i < archiverc; i++) free(archiver[i]);
free(archiver);
for(i = 0; i < archiverc; i++) myfree(archiver[i]);
myfree(archiver);
}
havelog = 0;
}
@ -1958,13 +1960,7 @@ int reload (void){
FILE *fp;
int error = -2;
_3proxy_mutex_lock(&config_mutex);
#ifdef WITH_SSL
ssl_install();
#endif
#ifdef WITH_PCRE
pcre_install();
#endif
pthread_mutex_lock(&config_mutex);
conf.paused++;
freeconf(&conf);
conf.paused++;
@ -1978,6 +1974,6 @@ int reload (void){
}
if(!writable)fclose(fp);
}
_3proxy_mutex_unlock(&config_mutex);
pthread_mutex_unlock(&config_mutex);
return error;
}

414
src/datatypes.c
View File

@ -1,5 +1,5 @@
/*
(c) 2002-2026 by Vladimir Dubrovin <vlad@3proxy.org>
(c) 2002-2021 by Vladimir Dubrovin <3proxy@3proxy.org>
please read License Agreement
@ -96,7 +96,7 @@ static void pr_wdays(struct node *node, CBFUNC cbf, void*cb){
static void pr_time(struct node *node, CBFUNC cbf, void*cb){
char buf[16];
int t = *(int *)node;
(*cbf)(cb, buf, sprintf(buf, "%02d:%02d:%02d", (t/3600)%24, (t/60)%60, t%60));
}
@ -132,12 +132,6 @@ static void pr_string(struct node *node, CBFUNC cbf, void*cb){
else (*cbf)(cb, "(NULL)", 6);
}
static void pr_password(struct node *node, CBFUNC cbf, void*cb){
if(node->value && *(unsigned char *)node->value){
(*cbf)(cb, "********", 8);
}
}
static void pr_rotation(struct node *node, CBFUNC cbf, void*cb){
char * lstrings[] = {
"N", "C", "H", "D", "W", "M", "Y", "N"
@ -162,7 +156,7 @@ static void pr_operations(struct node *node, CBFUNC cbf, void*cb){
if(operation & HTTP){
if((operation & HTTP) == HTTP)
(*cbf)(cb, buf, sprintf(buf, "HTTP"));
else
else
(*cbf)(cb, buf, sprintf(buf, "%s%s%s%s%s%s%s%s%s",
(operation & HTTP_GET)? "HTTP_GET" : "",
((operation & HTTP_GET) && (operation & (HTTP_PUT|HTTP_POST|HTTP_HEAD|HTTP_OTHER)))? "," : "",
@ -245,18 +239,6 @@ static void pr_userlist(struct node *node, CBFUNC cbf, void*cb){
}
}
static void pr_hostname(struct node *node, CBFUNC cbf, void*cb){
struct hostname *hl = (struct hostname *)node->value;
if(!hl) {
(*cbf)(cb, "*", 1);
return;
}
for(; hl; hl = hl->next){
(*cbf)(cb, (char *)hl->name, (int)strlen((char *)hl->name));
if(hl->next)(*cbf)(cb, ",", 1);
}
}
int printiple(char *buf, struct iplist* ipl){
int addrlen = (ipl->family == AF_INET6)?16:4, i;
i = myinet_ntop(ipl->family, &ipl->ip_from, buf, addrlen);
@ -333,32 +315,18 @@ static void * ef_pwlist_type(struct node * node){
return "NT";
case LM:
return "LM";
case UN:
return "UN";
default:
return "UNKNOWN";
}
}
static void * ef_hostname_next(struct node * node){
return ((struct hostname *)node->value) -> next;
}
static void * ef_hostname_name(struct node * node){
return ((struct hostname *)node->value) -> name;
}
static void * ef_hostname_matchtype(struct node * node){
return &((struct hostname *)node->value) -> matchtype;
}
static void * ef_chain_next(struct node * node){
return ((struct chain *)node->value) -> next;
}
static void * ef_chain_type(struct node * node){
int i;
for(i=0; redirs[i].name; i++){
if(((struct chain *)node->value) -> type == redirs[i].redir) return redirs[i].name;
}
@ -381,18 +349,6 @@ static void * ef_chain_password(struct node * node){
return ((struct chain *)node->value) -> extpass;
}
static void * ef_chain_secure(struct node * node){
return &((struct chain *)node->value) -> secure;
}
static void * ef_chain_exthost(struct node * node){
return ((struct chain *)node->value) -> exthost;
}
static void * ef_chain_cidr(struct node * node){
return &((struct chain *)node->value) -> cidr;
}
static void * ef_ace_next(struct node * node){
return ((struct ace *)node->value) -> next;
}
@ -423,9 +379,6 @@ static void * ef_ace_dst(struct node * node){
return ((struct ace *)node->value) -> dst;
}
static void * ef_ace_dstnames(struct node * node){
return ((struct ace *)node->value) -> dstnames;
}
static void * ef_ace_ports(struct node * node){
return ((struct ace *)node->value) -> ports;
@ -443,13 +396,6 @@ static void * ef_ace_period(struct node * node){
return ((struct ace *)node->value) -> periods;
}
static void * ef_ace_weight(struct node * node){
return &((struct ace *)node->value) -> weight;
}
static void * ef_ace_nolog(struct node * node){
return &((struct ace *)node->value) -> nolog;
}
static void * ef_bandlimit_next(struct node * node){
return ((struct bandlim *)node->value) -> next;
@ -543,14 +489,6 @@ static void * ef_server_childcount(struct node * node){
return &((struct srvparam *)node->value) -> childcount;
}
static void * ef_server_maxchild(struct node * node){
return &((struct srvparam *)node->value) -> maxchild;
}
static void * ef_server_backlog(struct node * node){
return &((struct srvparam *)node->value) -> backlog;
}
static void * ef_server_log(struct node * node){
if(((struct srvparam *)node->value) -> logfunc == lognone) return "none";
#ifndef NORADIUS
@ -561,7 +499,7 @@ static void * ef_server_log(struct node * node){
#ifndef _WIN32
else if(((struct srvparam *)node->value) -> logfunc == logsyslog) return "syslog";
#endif
#ifdef WITH_ODBC
#ifndef NOODBC
else if(((struct srvparam *)node->value) -> logfunc == logsql) return "odbc";
#endif
return NULL;
@ -607,68 +545,16 @@ static void * ef_server_extsa6(struct node * node){
}
#endif
static void * ef_server_intNat(struct node * node){
return &((struct srvparam *)node->value) -> intNat;
}
static void * ef_server_extNat(struct node * node){
return &((struct srvparam *)node->value) -> extNat;
}
static void * ef_server_acl(struct node * node){
return ((struct srvparam *)node->value) -> acl;
}
static void * ef_server_singlepacket(struct node * node){
return &((struct srvparam *)node->value) -> s_option;
return &((struct srvparam *)node->value) -> singlepacket;
}
static void * ef_server_needuser(struct node * node){
return &((struct srvparam *)node->value) -> needuser;
}
static void * ef_server_transparent(struct node * node){
return &((struct srvparam *)node->value) -> transparent;
}
static void * ef_server_anonymous(struct node * node){
return &((struct srvparam *)node->value) -> anonymous;
}
static void * ef_server_requirecert(struct node * node){
return &((struct srvparam *)node->value) -> requirecert;
}
static void * ef_server_haproxy(struct node * node){
return &((struct srvparam *)node->value) -> haproxy;
}
static void * ef_server_authcachetype(struct node * node){
return &((struct srvparam *)node->value) -> authcachetype;
}
static void * ef_server_authcachetime(struct node * node){
return &((struct srvparam *)node->value) -> authcachetime;
}
static void * ef_server_gracetraf(struct node * node){
return &((struct srvparam *)node->value) -> gracetraf;
}
static void * ef_server_gracenum(struct node * node){
return &((struct srvparam *)node->value) -> gracenum;
}
static void * ef_server_gracedelay(struct node * node){
return &((struct srvparam *)node->value) -> gracedelay;
}
static void * ef_server_logdumpsrv(struct node * node){
return &((struct srvparam *)node->value) -> logdumpsrv;
}
static void * ef_server_logdumpcli(struct node * node){
return &((struct srvparam *)node->value) -> logdumpcli;
static void * ef_server_usentlm(struct node * node){
return &((struct srvparam *)node->value) -> usentlm;
}
static void * ef_server_starttime(struct node * node){
@ -688,12 +574,12 @@ static void * ef_client_type(struct node * node){
static void * ef_client_operation(struct node * node){
if(!((struct clientparam *)node->value) -> operation) return NULL;
return &((struct clientparam *)node->value) -> operation;
}
static void * ef_client_redirected(struct node * node){
return &((struct clientparam *)node->value) -> redirected;
}
static void * ef_client_hostname(struct node * node){
@ -732,26 +618,6 @@ static void * ef_client_pwtype(struct node * node){
return &((struct clientparam *)node->value) -> pwtype;
}
static void * ef_client_redirtype(struct node * node){
int i;
for(i=0; redirs[i].name; i++){
if(((struct clientparam *)node->value) -> redirtype == redirs[i].redir) return redirs[i].name;
}
return "";
}
static void * ef_client_weight(struct node * node){
return &((struct clientparam *)node->value) -> weight;
}
static void * ef_client_nolog(struct node * node){
return &((struct clientparam *)node->value) -> nolog;
}
static void * ef_client_transparent(struct node * node){
return &((struct clientparam *)node->value) -> transparent;
}
static void * ef_client_threadid(struct node * node){
return &((struct clientparam *)node->value) -> threadid;
}
@ -785,179 +651,155 @@ static void * ef_period_next(struct node * node){
}
static struct property prop_portlist[] = {
{"start", ef_portlist_start, TYPE_PORT, "port range start"},
{"end", ef_portlist_end, TYPE_PORT, "port range end"},
{"next", ef_portlist_next, TYPE_PORTLIST, "next"}
{prop_portlist + 1, "start", ef_portlist_start, TYPE_PORT, "port range start"},
{prop_portlist + 2, "end", ef_portlist_end, TYPE_PORT, "port range end"},
{NULL, "next", ef_portlist_next, TYPE_PORTLIST, "next"}
};
static struct property prop_userlist[] = {
{"user", ef_userlist_user, TYPE_STRING, "user name"},
{"next", ef_userlist_next, TYPE_USERLIST, "next"}
};
static struct property prop_hostname[] = {
{"name", ef_hostname_name, TYPE_STRING, "hostname pattern"},
{"matchtype", ef_hostname_matchtype, TYPE_INTEGER, "match type"},
{"next", ef_hostname_next, TYPE_HOSTNAME, "next"}
{prop_userlist+1, "user", ef_userlist_user, TYPE_STRING, "user name"},
{NULL, "next", ef_userlist_next, TYPE_USERLIST, "next"}
};
static struct property prop_pwlist[] = {
{"user", ef_pwlist_user, TYPE_STRING, "user name"},
{"password", ef_pwlist_password, TYPE_PASSWORD, "password string"},
{"type", ef_pwlist_type, TYPE_STRING, "password type"},
{"next", ef_pwlist_next, TYPE_PWLIST, "next"}
{prop_pwlist + 1, "user", ef_pwlist_user, TYPE_STRING, "user name"},
{prop_pwlist + 2, "password", ef_pwlist_password, TYPE_STRING, "password string"},
{prop_pwlist + 3, "type", ef_pwlist_type, TYPE_STRING, "password type"},
{NULL, "next", ef_pwlist_next, TYPE_PWLIST, "next"}
};
static struct property prop_chain[] = {
{"addr", ef_chain_addr, TYPE_SA, "parent address"},
{"type", ef_chain_type, TYPE_STRING, "parent type"},
{"weight", ef_chain_weight, TYPE_SHORT, "parent weight 0-1000"},
{"user", ef_chain_user, TYPE_STRING, "parent login"},
{"password", ef_chain_password, TYPE_PASSWORD, "parent password"},
{"secure", ef_chain_secure, TYPE_INTEGER, "secure mode"},
{"exthost", ef_chain_exthost, TYPE_STRING, "external hostname"},
{"cidr", ef_chain_cidr, TYPE_SHORT, "CIDR"},
{"next", ef_chain_next, TYPE_CHAIN, "next"}
{prop_chain + 1, "addr", ef_chain_addr, TYPE_SA, "parent address"},
{prop_chain + 2, "type", ef_chain_type, TYPE_STRING, "parent type"},
{prop_chain + 3, "weight", ef_chain_weight, TYPE_SHORT, "parent weight 0-1000"},
{prop_chain + 4, "user", ef_chain_user, TYPE_STRING, "parent login"},
{prop_chain + 5, "password", ef_chain_password, TYPE_STRING, "parent password"},
{NULL, "next", ef_chain_next, TYPE_CHAIN, "next"}
};
static struct property prop_period[] = {
{"fromtime", ef_period_fromtime, TYPE_TIME, "from time" },
{"totime", ef_period_totime, TYPE_TIME, "to time" },
{"next", ef_period_next, TYPE_PERIOD, "next"}
{prop_period + 1, "fromtime", ef_period_fromtime, TYPE_TIME, "from time" },
{prop_period + 2, "totime", ef_period_totime, TYPE_TIME, "to time" },
{NULL, "next", ef_period_next, TYPE_PERIOD, "next"}
};
static struct property prop_ace[] = {
{"type", ef_ace_type, TYPE_STRING, "ace action"},
{"operations", ef_ace_operations, TYPE_OPERATIONS, "request type"},
{"users", ef_ace_users, TYPE_USERLIST, "list of users"},
{"src", ef_ace_src, TYPE_IPLIST, "list of source ips"},
{"dst", ef_ace_dst, TYPE_IPLIST, "list of destination ips"},
{"dstnames", ef_ace_dstnames, TYPE_HOSTNAME, "list of destination hostnames"},
{"ports", ef_ace_ports, TYPE_PORTLIST, "list of destination ports"},
{"chain", ef_ace_chain, TYPE_CHAIN, "redirect to parent(s)"},
{"wdays", ef_ace_weekdays, TYPE_WEEKDAYS, "days of week"},
{"periods", ef_ace_period, TYPE_PERIOD, "time of the day"},
{"weight", ef_ace_weight, TYPE_INTEGER, "ace weight"},
{"nolog", ef_ace_nolog, TYPE_INTEGER, "do not log"},
{"next", ef_ace_next, TYPE_ACE, "next"}
{prop_ace + 1, "type", ef_ace_type, TYPE_STRING, "ace action"},
{prop_ace + 2, "operations", ef_ace_operations, TYPE_OPERATIONS, "request type"},
{prop_ace + 3, "users", ef_ace_users, TYPE_USERLIST, "list of users"},
{prop_ace + 4, "src", ef_ace_src, TYPE_IPLIST, "list of source ips"},
{prop_ace + 5, "dst", ef_ace_dst, TYPE_IPLIST, "list of destination ips"},
{prop_ace + 6, "ports", ef_ace_ports, TYPE_PORTLIST, "list of destination ports"},
{prop_ace + 7, "chain", ef_ace_chain, TYPE_CHAIN, "redirect to parent(s)"},
{prop_ace + 8, "wdays", ef_ace_weekdays, TYPE_WEEKDAYS, "days of week"},
{prop_ace + 9, "periods", ef_ace_period, TYPE_PERIOD, "time of the day"},
{NULL, "next", ef_ace_next, TYPE_ACE, "next"}
};
static struct property prop_bandlimit[] = {
{"ace", ef_bandlimit_ace, TYPE_ACE, "acl to apply"},
{"rate", ef_bandlimit_rate, TYPE_UNSIGNED, "max allowed bandwidth"},
{"next", ef_bandlimit_next, TYPE_BANDLIMIT, "next"}
{prop_bandlimit + 1, "ace", ef_bandlimit_ace, TYPE_ACE, "acl to apply"},
{prop_bandlimit + 2, "rate", ef_bandlimit_rate, TYPE_UNSIGNED, "max allowed bandwidth"},
{NULL, "next", ef_bandlimit_next, TYPE_BANDLIMIT, "next"}
};
static struct property prop_trafcounter[] = {
{"disabled", ef_trafcounter_disabled, TYPE_INTEGER, "counter status"},
{"ace", ef_trafcounter_ace, TYPE_ACE, "traffic to count"},
{"number", ef_trafcounter_number, TYPE_UNSIGNED, "counter number"},
{"type", ef_trafcounter_type, TYPE_ROTATION, "rotation type"},
{"traffic", ef_trafcounter_traffic64, TYPE_UNSIGNED64, "counter value"},
{"limit", ef_trafcounter_limit64, TYPE_UNSIGNED64, "counter limit"},
{"cleared", ef_trafcounter_cleared, TYPE_DATETIME, "last rotated"},
{"updated", ef_trafcounter_updated, TYPE_DATETIME, "last updated"},
{"comment", ef_trafcounter_comment, TYPE_STRING, "counter comment"},
{"next", ef_trafcounter_next, TYPE_TRAFCOUNTER, "next"}
{prop_trafcounter + 1, "disabled", ef_trafcounter_disabled, TYPE_INTEGER, "counter status"},
{prop_trafcounter + 2, "ace", ef_trafcounter_ace, TYPE_ACE, "traffic to count"},
{prop_trafcounter + 3, "number", ef_trafcounter_number, TYPE_UNSIGNED, "counter number"},
{prop_trafcounter + 4, "type", ef_trafcounter_type, TYPE_ROTATION, "rotation type"},
{prop_trafcounter + 5, "traffic", ef_trafcounter_traffic64, TYPE_UNSIGNED64, "counter value"},
{prop_trafcounter + 6, "limit", ef_trafcounter_limit64, TYPE_UNSIGNED64, "counter limit"},
{prop_trafcounter + 7, "cleared", ef_trafcounter_cleared, TYPE_DATETIME, "last rotated"},
{prop_trafcounter + 8, "updated", ef_trafcounter_updated, TYPE_DATETIME, "last updated"},
{prop_trafcounter + 9, "comment", ef_trafcounter_comment, TYPE_STRING, "counter comment"},
{NULL, "next", ef_trafcounter_next, TYPE_TRAFCOUNTER}
};
/*
*/
static struct property prop_server[] = {
{"servicetype", ef_server_type, TYPE_STRING, "type of the service/client"},
{"target", ef_server_target, TYPE_STRING, "portmapper target ip"},
{"targetport", ef_server_targetport, TYPE_PORT, "portmapper target port"},
{"starttime", ef_server_starttime, TYPE_DATETIME, "service started seconds"},
{"auth", ef_server_auth, TYPE_STRING, "service authentication type"},
{"acl", ef_server_acl, TYPE_ACE, "access control list"},
{"singlepacket", ef_server_singlepacket, TYPE_INTEGER, "is single packet redirection"},
{"log", ef_server_log, TYPE_STRING, "type of logging"},
{"logtarget", ef_server_logtarget, TYPE_STRING, "log target options"},
{"logformat", ef_server_logformat, TYPE_STRING, "logging format string"},
{"nonprintable", ef_server_nonprintable, TYPE_STRING, "non printable characters"},
{"replacement", ef_server_replacement, TYPE_CHAR, "replacement character"},
{"childcount", ef_server_childcount, TYPE_INTEGER, "number of servers connected"},
{"maxchild", ef_server_maxchild, TYPE_INTEGER, "max concurrent connections"},
{"backlog", ef_server_backlog, TYPE_INTEGER, "listen backlog"},
{"needuser", ef_server_needuser, TYPE_INTEGER, "require user authentication"},
{"transparent", ef_server_transparent, TYPE_INTEGER, "transparent proxy"},
{"anonymous", ef_server_anonymous, TYPE_INTEGER, "anonymous mode"},
{"requirecert", ef_server_requirecert, TYPE_INTEGER, "require client certificate"},
{"haproxy", ef_server_haproxy, TYPE_INTEGER, "HAProxy protocol"},
{"authcachetype", ef_server_authcachetype, TYPE_UNSIGNED, "authentication cache type"},
{"authcachetime", ef_server_authcachetime, TYPE_UNSIGNED, "authentication cache time"},
{"gracetraf", ef_server_gracetraf, TYPE_INTEGER, "grace traffic"},
{"gracenum", ef_server_gracenum, TYPE_INTEGER, "grace number"},
{"gracedelay", ef_server_gracedelay, TYPE_INTEGER, "grace delay"},
{"logdumpsrv", ef_server_logdumpsrv, TYPE_UNSIGNED, "log dump server traffic"},
{"logdumpcli", ef_server_logdumpcli, TYPE_UNSIGNED, "log dump client traffic"},
{"intsa", ef_server_intsa, TYPE_SA, "ip address of internal interface"},
{"extsa", ef_server_extsa, TYPE_SA, "ip address of external interface"},
{"intnat", ef_server_intNat, TYPE_SA, "internal NAT address"},
{"extnat", ef_server_extNat, TYPE_SA, "external NAT address"},
{prop_server + 1, "servicetype", ef_server_type, TYPE_STRING, "type of the service/client"},
{prop_server + 2, "target", ef_server_target, TYPE_STRING, "portmapper target ip"},
{prop_server + 3, "targetport", ef_server_targetport, TYPE_PORT, "portmapper target port"},
{prop_server + 4, "starttime", ef_server_starttime, TYPE_DATETIME, "service started seconds"},
{prop_server + 5, "auth", ef_server_auth, TYPE_STRING, "service authentication type"},
{prop_server + 6, "acl", ef_server_acl, TYPE_ACE, "access control list"},
{prop_server + 7, "singlepacket", ef_server_singlepacket, TYPE_INTEGER, "is single packet redirection"},
{prop_server + 8, "usentlm", ef_server_usentlm, TYPE_INTEGER, "allow NTLM authentication"},
{prop_server + 9, "log", ef_server_log, TYPE_STRING, "type of logging"},
{prop_server + 10, "logtarget", ef_server_logtarget, TYPE_STRING, "log target options"},
{prop_server + 11, "logformat", ef_server_logformat, TYPE_STRING, "logging format string"},
{prop_server + 12, "nonprintable", ef_server_nonprintable, TYPE_STRING, "non printable characters"},
{prop_server + 13, "replacement", ef_server_replacement, TYPE_CHAR, "replacement character"},
{prop_server + 14, "childcount", ef_server_childcount, TYPE_INTEGER, "number of servers connected"},
{prop_server + 15, "intsa", ef_server_intsa, TYPE_SA, "ip address of internal interface"},
{prop_server + 16, "extsa", ef_server_extsa, TYPE_SA, "ip address of external interface"},
#ifndef NOIPV6
{"extsa6", ef_server_extsa6, TYPE_SA, "ipv6 address of external interface"},
{prop_server + 17, "extsa6", ef_server_extsa6, TYPE_SA, "ipv6 address of external interface"},
{prop_server + 18, "child", ef_server_child, TYPE_CLIENT, "connected clients"},
#else
{prop_server + 17, "child", ef_server_child, TYPE_CLIENT, "connected clients"},
#endif
{"child", ef_server_child, TYPE_CLIENT, "connected clients"},
{"next", ef_server_next, TYPE_SERVER, "next"}
{NULL, "next", ef_server_next, TYPE_SERVER, "next"}
};
static struct property prop_client[] = {
{"servicetype", ef_client_type, TYPE_STRING, "type of the client"},
{"threadid", ef_client_threadid, TYPE_UNSIGNED64, "process thread id"},
{"starttime", ef_client_starttime, TYPE_DATETIME, "client started seconds"},
{"starttime_msec", ef_client_starttime_msec, TYPE_UNSIGNED, "client started milliseconds"},
{"redirected", ef_client_redirected, TYPE_INTEGER, "number of redirections"},
{"operation", ef_client_operation, TYPE_OPERATIONS, "action requested by client"},
{"hostname", ef_client_hostname, TYPE_STRING, "name of the requested host"},
{"extusername", ef_client_extusername, TYPE_STRING, "username for requested host"},
{"extpassword", ef_client_extpassword, TYPE_PASSWORD, "password for requested host"},
{"username", ef_client_username, TYPE_STRING, "client username"},
{"password", ef_client_password, TYPE_PASSWORD, "client password"},
{"clisa", ef_client_clisa, TYPE_SA, "client sa"},
{"srvsa", ef_client_srvsa, TYPE_SA, "target server sa"},
{"reqsa", ef_client_reqsa, TYPE_SA, "requested server sa"},
{"bytesin", ef_client_bytesin64, TYPE_UNSIGNED64, "bytes from server to client"},
{"bytesout", ef_client_bytesout64, TYPE_UNSIGNED64, "bytes from client to server"},
{"maxtrafin", ef_client_maxtrafin64, TYPE_UNSIGNED64, "maximum traffic allowed for download"},
{"maxtrafout", ef_client_maxtrafout64, TYPE_UNSIGNED64, "maximum traffic allowed for upload"},
{"pwtype", ef_client_pwtype, TYPE_INTEGER, "type of client password"},
{"redirtype", ef_client_redirtype, TYPE_STRING, "redirection type"},
{"weight", ef_client_weight, TYPE_INTEGER, "weight"},
{"nolog", ef_client_nolog, TYPE_INTEGER, "do not log"},
{"transparent", ef_client_transparent, TYPE_INTEGER, "transparent proxy"},
{"clisock", ef_client_clisock, TYPE_INTEGER, "client socket"},
{"remsock", ef_client_remsock, TYPE_INTEGER, "remote socket"},
{"next", ef_client_next, TYPE_CLIENT, "next"}
{prop_client + 1, "servicetype", ef_client_type, TYPE_STRING, "type of the client"},
{prop_client + 2, "threadid", ef_client_threadid, TYPE_UNSIGNED64, "process thread id"},
{prop_client + 3, "starttime", ef_client_starttime, TYPE_DATETIME, "client started seconds"},
{prop_client + 4, "starttime_msec", ef_client_starttime_msec, TYPE_UNSIGNED, "client started milliseconds"},
{prop_client + 5, "redirected", ef_client_redirected, TYPE_INTEGER, "number of redirections"},
{prop_client + 6, "operation", ef_client_operation, TYPE_OPERATIONS, "action requested by client"},
{prop_client + 7, "hostname", ef_client_hostname, TYPE_STRING, "name of the requested host"},
{prop_client + 8, "extusername", ef_client_extusername, TYPE_STRING, "username for requested host"},
{prop_client + 9, "extpassword", ef_client_extpassword, TYPE_STRING, "password for requested host"},
{prop_client + 10, "username", ef_client_username, TYPE_STRING, "client username"},
{prop_client + 11, "password", ef_client_password, TYPE_STRING, "client password"},
{prop_client + 12, "clisa", ef_client_clisa, TYPE_SA, "client sa"},
{prop_client + 13, "srvsa", ef_client_srvsa, TYPE_SA, "target server sa"},
{prop_client + 14, "reqsa", ef_client_reqsa, TYPE_SA, "requested server sa"},
{prop_client + 15, "bytesin", ef_client_bytesin64, TYPE_UNSIGNED64, "bytes from server to client"},
{prop_client + 16, "bytesout", ef_client_bytesout64, TYPE_UNSIGNED64, "bytes from client to server"},
{prop_client + 17, "maxtrafin", ef_client_maxtrafin64, TYPE_UNSIGNED64, "maximum traffic allowed for download"},
{prop_client + 18, "maxtrafout", ef_client_maxtrafout64, TYPE_UNSIGNED64, "maximum traffic allowed for upload"},
{prop_client + 19, "pwtype", ef_client_pwtype, TYPE_INTEGER, "type of client password"},
{prop_client + 20, "clisock", ef_client_clisock, TYPE_INTEGER, "client socket"},
{prop_client + 21, "remsock", ef_client_remsock, TYPE_INTEGER, "remote socket"},
{NULL, "next", ef_client_next, TYPE_CLIENT, "next"}
};
struct datatype datatypes[64] = {
{"integer", NULL, pr_integer, NULL, 0},
{"short", NULL, pr_short, NULL, 0},
{"char", NULL, pr_char, NULL, 0},
{"unsigned", NULL, pr_unsigned, NULL, 0},
{"unsigned64", NULL, pr_unsigned64, NULL, 0},
{"traffic", NULL, pr_traffic, NULL, 0},
{"port", NULL, pr_port, NULL, 0},
{"ip", NULL, pr_ip, NULL, 0},
{"sa", NULL, pr_sa, NULL, 0},
{"cidr", NULL, pr_cidr, NULL, 0},
{"string", NULL, pr_string, NULL, 0},
{"datetime", NULL, pr_datetime, NULL, 0},
{"operations", NULL, pr_operations, NULL, 0},
{"rotation", NULL, pr_rotation, NULL, 0},
{"portlist", ef_portlist_next, pr_portlist, prop_portlist, sizeof(prop_portlist)/sizeof(struct property)},
{"iplist", ef_iplist_next, pr_iplist, NULL, 0},
{"userlist", ef_userlist_next, pr_userlist, prop_userlist, sizeof(prop_userlist)/sizeof(struct property)},
{"pwlist", ef_pwlist_next, NULL, prop_pwlist, sizeof(prop_pwlist)/sizeof(struct property)},
{"chain", ef_chain_next, NULL, prop_chain, sizeof(prop_chain)/sizeof(struct property)},
{"ace", ef_ace_next, NULL, prop_ace, sizeof(prop_ace)/sizeof(struct property)},
{"bandlimit", ef_bandlimit_next, NULL, prop_bandlimit, sizeof(prop_bandlimit)/sizeof(struct property)},
{"trafcounter", ef_trafcounter_next, NULL, prop_trafcounter, sizeof(prop_trafcounter)/sizeof(struct property)},
{"client", ef_client_next, NULL, prop_client, sizeof(prop_client)/sizeof(struct property)},
{"weekdays", NULL, pr_wdays, NULL, 0},
{"time", NULL, pr_time, NULL, 0},
{"period", ef_period_next, NULL, prop_period, sizeof(prop_period)/sizeof(struct property)},
{"server", ef_server_next, NULL, prop_server, sizeof(prop_server)/sizeof(struct property)},
{"password", NULL, pr_password, NULL, 0},
{"hostname", ef_hostname_next, pr_hostname, prop_hostname, sizeof(prop_hostname)/sizeof(struct property)}
{"integer", NULL, pr_integer, NULL},
{"short", NULL, pr_short, NULL},
{"char", NULL, pr_char, NULL},
{"unsigned", NULL, pr_unsigned, NULL},
{"unsigned64", NULL, pr_unsigned64, NULL},
{"traffic", NULL, pr_traffic, NULL},
{"port", NULL, pr_port, NULL},
{"ip", NULL, pr_ip, NULL},
{"sa", NULL, pr_sa, NULL},
{"cidr", NULL, pr_cidr, NULL},
{"string", NULL, pr_string, NULL},
{"datetime", NULL, pr_datetime, NULL},
{"operations", NULL, pr_operations, NULL},
{"rotation", NULL, pr_rotation, NULL},
{"portlist", ef_portlist_next, pr_portlist, prop_portlist},
{"iplist", ef_iplist_next, pr_iplist, NULL},
{"userlist", ef_userlist_next, pr_userlist, prop_userlist},
{"pwlist", ef_pwlist_next, NULL, prop_pwlist},
{"chain", ef_chain_next, NULL, prop_chain},
{"ace", ef_ace_next, NULL, prop_ace},
{"bandlimit", ef_bandlimit_next, NULL, prop_bandlimit},
{"trafcounter", ef_trafcounter_next, NULL, prop_trafcounter},
{"client", ef_client_next, NULL, prop_client},
{"weekdays", NULL, pr_wdays, NULL},
{"time", NULL, pr_time, NULL},
{"period", ef_period_next, NULL, prop_period},
{"server", ef_server_next, NULL, prop_server}
};

Some files were not shown because too many files have changed in this diff Show More