bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2025-04-26 06:02:08 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: bughz:master
Branches Tags
bughz:master
bughz:workflow-test
bughz:devel
bughz:0.8
bughz:0.7
bughz:0.9.5
bughz:0.9.4
bughz:0.9.3
bughz:0.9.2
bughz:0.9.1
bughz:0.9.0
bughz:0.9.0-rc
bughz:0.8.13
bughz:0.8.12
bughz:0.8.11
bughz:0.8.10
bughz:0.8.9
bughz:3proxy-0.8.8
bughz:0.8.8
bughz:3proxy-0.8.7
bughz:3proxy-0.8.6
bughz:3proxy-0.8.5
bughz:3proxy-0.8.4
bughz:3proxy-0.8.3
bughz:3proxy-0.8.2
bughz:3proxy-0.7.1.4
bughz:3proxy-0.8.1
bughz:3proxy-0.8.0
bughz:3proxy-0.8-pre
bughz:3proxy-0.7.1.3
bughz:3proxy-0.7.1.2
bughz:v0.7.1.2
bughz:v0.7.1.1
bughz:v0.7.1
bughz:v0.7
..
compare: bughz:3proxy-0.8.1
Branches Tags
bughz:master
bughz:workflow-test
bughz:devel
bughz:0.8
bughz:0.7
bughz:0.9.5
bughz:0.9.4
bughz:0.9.3
bughz:0.9.2
bughz:0.9.1
bughz:0.9.0
bughz:0.9.0-rc
bughz:0.8.13
bughz:0.8.12
bughz:0.8.11
bughz:0.8.10
bughz:0.8.9
bughz:3proxy-0.8.8
bughz:0.8.8
bughz:3proxy-0.8.7
bughz:3proxy-0.8.6
bughz:3proxy-0.8.5
bughz:3proxy-0.8.4
bughz:3proxy-0.8.3
bughz:3proxy-0.8.2
bughz:3proxy-0.7.1.4
bughz:3proxy-0.8.1
bughz:3proxy-0.8.0
bughz:3proxy-0.8-pre
bughz:3proxy-0.7.1.3
bughz:3proxy-0.7.1.2
bughz:v0.7.1.2
bughz:v0.7.1.1
bughz:v0.7.1
bughz:v0.7

No commits in common. "master" and "3proxy-0.8.1" have entirely different histories.
master ... 3proxy-0.8

186 changed files with 26433 additions and 37843 deletions
Show Stats Expand all files Collapse all files

50
.github/workflows/c-cpp.yml vendored
View File

@ -1,50 +0,0 @@
name: C/C++ CI
on:
push:
branches: [ "master" ]
paths: [ '**.c', '**.h', 'Makefile.**', '.github/configs', '.github/workflows/c-cpp.yml' ]
pull_request:
branches: [ "master" ]
paths: [ '**.c', '**.h', 'Makefile.**', '.github/configs', '.github/workflows/c-cpp.yml' ]
jobs:
ci:
name: "${{ matrix.target }}"
strategy:
matrix:
target:
- ubuntu-latest
- ubuntu-24.04-arm
- macos-15
- windows-2022
runs-on: ${{ matrix.target }}
steps:
- uses: actions/checkout@v4
# - name: configure
# run: ./configure
- name: ln Linux
if: ${{ startsWith(matrix.target, 'ubuntu') }}
run: ln -s Makefile.Linux Makefile
- name: ln Mac
if: ${{ startsWith(matrix.target, 'macos') }}
run: ln -s Makefile.FreeBSD Makefile
- name: ln Windows
if: ${{ startsWith(matrix.target, 'windows') }}
run: copy Makefile.win Makefile
- name: dirs Windows
if: ${{ startsWith(matrix.target, 'windows') }}
run: cmd /C 'echo LIBS := -L "c:/program files/openssl/lib" $(LIBS) >>Makefile.win && echo CFLAGS := -I "c:/program files/openssl/include" $(CFLAGS) >>Makefile.win && type Makefile.win'
- name: SSLPlugin Linux
if: ${{ startsWith(matrix.target, 'ubuntu') }}
run: 'echo PLUGINS := $(PLUGINS) SSLPlugin >>Makefile & echo LIBS := $(LIBS) -lcrypto -lssl >>Makefile'
- name: make
run: make
- name: mkdir
if: ${{ startsWith(matrix.target, 'ubuntu') }}
run: mkdir ~/3proxy
- name: make install
if: ${{ startsWith(matrix.target, 'ubuntu') }}
run: make DESTDIR=~/3proxy install
- name: make clean
run: make clean

45
.gitignore vendored
View File

@ -5,23 +5,7 @@
*.pydevproject
.project
.metadata
*.exe
*.dll
*.exp
*.lib
*.key
*.pem
*.so
bin/3proxy
bin/proxy
bin/socks
bin/tcppm
bin/udppm
bin/pop3p
bin/smtpp
bin/ftppr
bin/mycrypt
bin/tlspr
bin/
bin64/
dll/
tmp/
@ -31,32 +15,17 @@ tmp/
*.swp
*.o
*.idb
*.err
res
src/res
version.c
version
version.sh
buildlinux.sh
3proxy.res
src/3proxy
src/proxy
src/socks
src/tcppm
src/udppm
src/pop3p
src/smtpp
src/ftppr
src/icqpr
src/mycrypt
src/dighosts
*.ld.so
*.dSYM
doc/html/man3/
doc/html/man8/
doc/html/index.html
*.var
verfile.sh
/Makefile
Makefile
Changelog
res
copytgz.sh
*~.nib
local.properties
@ -95,6 +64,7 @@ local.properties
[Rr]elease/
x64/
build/
[Bb]in/
[Oo]bj/
# MSTest test Results
@ -187,6 +157,7 @@ csx
AppPackages/
# Others
sql/
*.Cache
ClientBin/
[Ss]tyle[Cc]op.*

0
src/3proxy.ico → 3proxy.ico
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 32 KiB

31
3proxy.rc Normal file
View File

@ -0,0 +1,31 @@
#include "src/version.h"
LANGUAGE 0x09, 0x01
VS_VERSION_INFO VERSIONINFO
FILEVERSION 0,8,0,0
PRODUCTVERSION 0,8,0,0
FILETYPE 0x1L
FILESUBTYPE 0x0L
BEGIN
BLOCK "StringFileInfo"
BEGIN
BLOCK "000004b0"
BEGIN
VALUE "Comments", "3proxy - tiny proxy server, http://3proxy.ru/"
VALUE "CompanyName", "Vladimir Dubrovin"
VALUE "FileDescription", "3proxy - tiny proxy server"
VALUE "FileVersion", VERSION "-" BUILDDATE
VALUE "InternalName", "3proxy"
VALUE "LegalCopyright", "Copyright (C) 2002-2014 Vladimir Dubrovin"
VALUE "OriginalFilename", "3proxy.exe"
VALUE "ProductName", "3proxy - tiny proxy server"
VALUE "ProductVersion", VERSION
END
END
BLOCK "VarFileInfo"
BEGIN
VALUE "Translation", 0x0, 1200
END
END
0 ICON DISCARDABLE "3proxy.ico"

55
Dockerfile.full
View File

@ -1,55 +0,0 @@
# 3proxy.full is fully functional 3proxy build based on busibox:glibc
#
#to build:
# docker build -f Dockerfile.full -t 3proxy.full .
#to run:
# by default 3proxy uses safe chroot environment with chroot to /usr/local/3proxy with uid/gid 65535/65535 and expects
# configuration file to be placed in /usr/local/etc/3proxy.
# Paths in configuration file must be relative to /usr/local/3proxy, that is use /logs instead of
# /usr/local/3proxy/logs. nserver in chroot is required for DNS resolution. An example:
#
# echo nserver 8.8.8.8 >/path/to/local/config/directory/3proxy.cfg
# echo proxy -p3129 >>/path/to/local/config/directory/3proxy.cfg
# docker run -p 3129:3129 -v /path/to/local/config/directory:/usr/local/3proxy/conf -name 3proxy.full 3proxy.full
#
# /path/to/local/config/directory in this example must conrain 3proxy.cfg
# if you need 3proxy to be executed without chroot with root permissions, replace /etc/3proxy/3proxy.cfg by e.g. mounting config
# dir to /etc/3proxy ot by providing config file /etc/3proxy/3proxy.cfg
# docker run -p 3129:3129 -v /path/to/local/config/directory:/etc/3proxy -name 3proxy.full 3proxy.full
#
# use "log" without pathname in config to log to stdout.
# plugins are located in /usr/local/3proxy/libexec (/libexec for chroot config).
FROM gcc AS buildenv
COPY . 3proxy
RUN cd 3proxy &&\
echo "">> Makefile.Linux &&\
echo PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin SSLPlugin>>Makefile.Linux &&\
echo LIBS = -l:libcrypto.a -l:libssl.a -ldl >>Makefile.Linux &&\
make -f Makefile.Linux &&\
strip bin/3proxy &&\
strip bin/StringsPlugin.ld.so &&\
strip bin/TrafficPlugin.ld.so &&\
strip bin/PCREPlugin.ld.so &&\
strip bin/TransparentPlugin.ld.so &&\
strip bin/SSLPlugin.ld.so &&\
mkdir /usr/local/lib/3proxy &&\
cp "/lib/`gcc -dumpmachine`"/libdl.so.* /usr/local/lib/3proxy/
FROM busybox:glibc
COPY --from=buildenv /usr/local/lib/3proxy/libdl.so.* /lib/
COPY --from=buildenv 3proxy/bin/3proxy /bin/
COPY --from=buildenv 3proxy/bin/*.ld.so /usr/local/3proxy/libexec/
RUN mkdir /usr/local/3proxy/logs &&\
mkdir /usr/local/3proxy/conf &&\
chown -R 65535:65535 /usr/local/3proxy &&\
chmod -R 550 /usr/local/3proxy &&\
chmod 750 /usr/local/3proxy/logs &&\
chmod -R 555 /usr/local/3proxy/libexec &&\
chown -R root /usr/local/3proxy/libexec &&\
mkdir /etc/3proxy/ &&\
echo chroot /usr/local/3proxy 65535 65535 >/etc/3proxy/3proxy.cfg &&\
echo include /conf/3proxy.cfg >>/etc/3proxy/3proxy.cfg &&\
chmod 440 /etc/3proxy/3proxy.cfg
CMD ["/bin/3proxy", "/etc/3proxy/3proxy.cfg"]

41
Dockerfile.minimal
View File

@ -1,41 +0,0 @@
# dockerfile for "interactive" minimal 3proxy execution, no configuration mounting is required, configuration
# is accepted from stdin. Use "end" command to indicate the end of configuration. Use "log" for stdout logging.
#
# This is busybox based docker with only 3proxy static executable and empty non-writable "run" directory.
#
# "plugin" is not supported
#
# Build:
#
# docker build -f Dockerfile.minimal -t 3proxy.minimal .
#
# Run example:
#
# docker run -i -p 3129:3129 --name 3proxy 3proxy.minimal
#or
# docker start -i 3proxy
#<chroot run 65535 65535
#<nserver 8.8.8.8
#<nscache 65535
#<log
#<proxy -p3129
#<end
#
# use "chroot run 65536 65536" in config for safe chroot environment. nserver is required for DNS resolutions in chroot.
FROM gcc AS buildenv
COPY . 3proxy
RUN cd 3proxy &&\
echo "">>Makefile.Linux &&\
echo LDFLAGS = -fPIC -O2 -fno-strict-aliasing -pthread >>Makefile.Linux &&\
echo PLUGINS = >>Makefile.Linux &&\
echo LIBS = >>Makefile.Linux &&\
echo CFLAGS = -g -fPIC -O2 -fno-strict-aliasing -c -pthread -DWITHSPLICE -D_GNU_SOURCE -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER -DNOPLUGINS >>Makefile.Linux &&\
make -f Makefile.Linux &&\
strip bin/3proxy
FROM busybox:glibc
COPY --from=buildenv 3proxy/bin/3proxy /bin/3proxy
RUN mkdir /run && chmod 555 /run
CMD ["/bin/3proxy"]

49
Makefile.FreeBSD
View File

@ -1,49 +0,0 @@
#
# 3 proxy Makefile for GCC/Unix
#
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR = ../bin/
CC ?= cc
CFLAGS += -c -fno-strict-aliasing -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
COUT = -o
LN ?= ${CC}
LDFLAGS += -pthread -fno-strict-aliasing
# -lpthreads may be reuiured on some platforms instead of -pthreads
# -ldl or -lld may be required for some platforms
DCFLAGS = -fPIC
DLFLAGS = -shared
DLSUFFICS = .so
LIBS =
LIBSPREFIX = -l
LIBSSUFFIX =
LNOUT = -o
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -perm +111 -delete) || true
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.FreeBSD
PLUGINS = StringsPlugin TrafficPlugin PCREPlugin PamAuth TransparentPlugin
include Makefile.inc
install: all
if [ ! -d "/usr/local/3proxy/bin" ]; then mkdir -p /usr/local/3proxy/bin/; fi
install bin/3proxy /usr/local/3proxy/bin/3proxy
install bin/mycrypt /usr/local/3proxy/bin/mycrypt
install scripts/add3proxyuser.sh /usr/local/3proxy/bin/
if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then /usr/local/3proxy/3proxy.cfg already exists ; else install scripts/3proxy.cfg /usr/local/etc/3proxy/; fi
if [ ! -d /var/log/3proxy/ ]; then mkdir /var/log/3proxy/; fi
touch /usr/local/3proxy/passwd
touch /usr/local/3proxy/counters
touch /usr/local/3proxy/bandlimiters
echo Run /usr/local/3proxy/bin/add3proxyuser.sh to add \'admin\' user
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done

106
Makefile.Linux
View File

@ -4,38 +4,31 @@
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# remove -DNOODBC from CFLAGS and add -lodbc to LIBS to compile with ODBC
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR = ../bin/
BUILDDIR =
CC = gcc
CFLAGS = -g -fPIC -O2 -fno-strict-aliasing -c -pthread -DWITHSPLICE -D_GNU_SOURCE -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER
CFLAGS = -g -O2 -c -pthread -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
COUT = -o
LN = $(CC)
DCFLAGS =
LDFLAGS = -fPIC -O2 -fno-strict-aliasing -pthread
LN = gcc
DCFLAGS = -fpic
LDFLAGS = -O2 -pthread
DLFLAGS = -shared
DLSUFFICS = .ld.so
# -lpthreads may be reuqired on some platforms instead of -pthreads
LIBSPREFIX = -l
LIBSSUFFIX =
LIBS = -lcrypto -lssl -ldl
LNOUT = -o
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.Linux
# PamAuth requires libpam, you may require pam-devel package to be installed
# SSLPlugin requires -lcrypto -lssl
#LIBS = -lcrypto -lssl -ldl
LIBS = -ldl
#PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
include Makefile.inc
@ -43,77 +36,54 @@ allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done
DESTDIR =
prefix =
prefix = /usr/local
exec_prefix = $(prefix)
man_prefix = /usr/share
chroot_prefix = /usr/local
man_prefix = $(prefix)/share
INSTALL = /usr/bin/install
INSTALL_BIN = $(INSTALL) -m 755
INSTALL_DATA = $(INSTALL) -m 644
INSTALL_OBJS = bin/3proxy \
bin/ftppr \
bin/mycrypt \
bin/pop3p \
bin/proxy \
bin/socks \
bin/tcppm \
bin/udppm \
bin/tlspr
INSTALL_OBJS = src/3proxy \
src/dighosts \
src/ftppr \
src/mycrypt \
src/pop3p \
src/proxy \
src/socks \
src/tcppm \
src/udppm
INSTALL_CFG = scripts/3proxy.cfg.chroot
INSTALL_CFG_OBJS = scripts/3proxy.cfg \
scripts/add3proxyuser.sh
INSTALL_CFG_DEST = config
INSTALL_CFG_OBJS2 = counters bandlimiters
INSTALL_CFG_OBJS2 = passwd counters bandlimiters
INSTALL_INITD_SCRIPT = scripts/init.d/3proxy.sh
INSTALL_SYSTEMD_SCRIPT = scripts/3proxy.service
CHROOTDIR = $(DESTDIR)$(chroot_prefix)/3proxy
CHROOTREL = ../..$(chroot_prefix)/3proxy
MANDIR1 = $(DESTDIR)$(man_prefix)/man/man1
MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3
MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8
BINDIR = $(DESTDIR)$(exec_prefix)/bin
ETCDIR = $(DESTDIR)/etc/3proxy
INITDDIR = $(DESTDIR)/etc/init.d
RUNBASE = $(DESTDIR)/var/run
RUNDIR = $(RUNBASE)/3proxy
LOGBASE = $(DESTDIR)/var/log
LOGDIR = $(LOGBASE)/3proxy
INSTALL_CFG_DEST = $(ETCDIR)/conf
SYSTEMDDIR = $(DESTDIR)/usr/lib/systemd/system/
ETCDIR = $(DESTDIR)$(prefix)/etc/3proxy
install-bin:
$(INSTALL_BIN) -d $(BINDIR)
$(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR)
$(INSTALL_BIN) -s bin/*.ld.so $(CHROOTDIR)/libexec
chmod -R a-w $(CHROOTDIR)/libexec
install-etc-dir:
$(INSTALL_BIN) -d $(ETCDIR)
install-chroot-dir:
$(INSTALL_BIN) -d $(CHROOTDIR)
$(INSTALL_BIN) -d $(CHROOTDIR)/conf
$(INSTALL_BIN) -d $(CHROOTDIR)/logs
$(INSTALL_BIN) -d $(CHROOTDIR)/count
$(INSTALL_BIN) -d $(CHROOTDIR)/libexec
chmod -R o-rwx $(CHROOTDIR)
install-etc-default-config:
if [ ! -d $(INSTALL_CFG_DEST) ]; then \
ln -s $(CHROOTREL)/conf $(INSTALL_CFG_DEST); \
$(INSTALL_BIN) $(INSTALL_CFG) $(ETCDIR)/3proxy.cfg; \
$(INSTALL_BIN) $(INSTALL_CFG_OBJS) $(INSTALL_CFG_DEST); \
if [ -f $(ETCDIR)/$(INSTALL_CFG_DEST) ]; then \
: ; \
else \
$(INSTALL_DATA) $(INSTALL_CFG_OBJS) $(ETCDIR)/$(INSTALL_CFG_DEST) \
fi
install-etc: install-etc-dir install-etc-default-config
install-etc: install-etc-dir
for file in $(INSTALL_CFG_OBJS2); \
do \
touch $(INSTALL_CFG_DEST)/$$file; chmod 0600 $(INSTALL_CFG_DEST)/$$file; \
touch $(ETCDIR)/$$file; chmod 0600 $(ETCDIR)/$$file; \
done;
install-man:
@ -122,23 +92,5 @@ install-man:
$(INSTALL_DATA) man/*.3 $(MANDIR3)
$(INSTALL_DATA) man/*.8 $(MANDIR8)
install-init:
$(INSTALL_BIN) -d $(INITDDIR)
$(INSTALL_BIN) $(INSTALL_INITD_SCRIPT) $(INITDDIR)/3proxy
$(INSTALL_BIN) -d $(SYSTEMDDIR)
$(INSTALL_DATA) $(INSTALL_SYSTEMD_SCRIPT) $(SYSTEMDDIR)
install: install-bin install-etc install-man
install-run:
$(INSTALL_BIN) -d $(RUNDIR)
install-log:
$(INSTALL_BIN) -d $(LOGBASE)
@if [ ! -d $(LOGDIR) ]; then \
ln -s $(CHROOTREL)/logs $(LOGDIR);\
fi
install: install-chroot-dir install-bin install-etc install-log install-man install-run install-init
@if [ "$(DESTDIR)" = "" ]; then \
sh scripts/debian/preinst; \
sh scripts/debian/postinst; \
fi

11
Makefile.Solaris
View File

@ -7,29 +7,26 @@
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR = ../bin/
BUILDDIR =
CC = cc
CFLAGS = -xO3 -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
COUT = -o ./
LN = $(CC)
LN = cc
LDFLAGS = -xO3
DCFLAGS = -fPIC
DCFLAGS = -fpic
DLFLAGS = -shared
DLSUFFICS = .ld.so
LIBS = -lpthread -lsocket -lnsl -lresolv -ldl
LIBSPREFIX = -l
LIBSSUFFIX =
LNOUT = -o ./
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.Solaris
PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
PLUGINS = StringsPlugin TrafficPlugin PCREPlugin
include Makefile.inc

11
Makefile.Solaris-gcc
View File

@ -8,25 +8,22 @@
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR = ../bin/
BUILDDIR =
CC = gcc
CFLAGS = -O2 -fno-strict-aliasing -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
CFLAGS = -O3 -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
COUT = -o ./
LN = $(CC)
LN = gcc
LDFLAGS = -O3
DCFLAGS = -fPIC
DCFLAGS = -fpic
DLFLAGS = -shared
DLSUFFICS = .ld.so
LIBS = -lpthread -lsocket -lnsl -lresolv -ldl
LIBSPREFIX = -l
LIBSSUFFIX =
LNOUT = -o ./
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.Solaris-gcc

34
Makefile.ccc Normal file
View File

@ -0,0 +1,34 @@
#
# 3 proxy Makefile for Compaq C Compiler
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR =
CC = ccc
CFLAGS = -O2 -c -pthread -D_THREAD_SAFE -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -WITH_POLL
COUT = -o
LN = ccc
LDFLAGS = -O2 -pthread
DCFLAGS = -fpic
DLFLAGS = -shared
DLSUFFICS = .ld.so
LIBS =
LNOUT = -o
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.ccc
PLUGINS = StringsPlugin TrafficPlugin PCREPlugin
include Makefile.inc
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done

7
Makefile.inc
View File

@ -3,11 +3,10 @@
#
all:
@$(TYPECOMMAND) $(MAKEFILE) > src/Makefile.var
$(TYPECOMMAND) $(MAKEFILE) > src/Makefile.var
@cd src && $(MAKE)
clean:
@cd src && $(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES) && cd ..
@$(AFTERCLEAN)
@$(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES)
@cd src && $(MAKE) clean

46
Makefile.llvm
View File

@ -1,46 +0,0 @@
#
# 3 proxy Makefile for GCC/windows
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support
BUILDDIR = ../bin/
CC = clang
CFLAGS = -O2 -fno-strict-aliasing -c -pthread -DWITH_STD_MALLOC -DWITH_WSAPOLL
COUT = -o
LN = $(CC)
LDFLAGS = -O2 -fno-strict-aliasing -s
DLFLAGS = -shared
DLSUFFICS = .dll
LIBS = -lws2_32 -lodbc32 -ladvapi32 -luser32 -lcrypto -lssl
LIBSPREFIX = -l
LIBSSUFFIX =
LNOUT = -o
EXESUFFICS = .exe
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *.tmp
REMOVECOMMAND = rm -f
AFTERCLEAN = find src/ -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.llvm
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin SSLPlugin
VERFILE := 3proxy.res $(VERFILE)
VERSION := $(VERSION)
VERSIONDEP := 3proxy.res $(VERSIONDEP)
BUILDDATE := $(BUILDDATE)
AFTERCLEAN = (find . -type f -name "*.o" -delete && find . -type f -name "*.res" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
include Makefile.inc
3proxy.res:
llvm-rc 3proxy.rc
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done

23
Makefile.msvc
View File

@ -8,37 +8,34 @@
BUILDDIR = ../bin/
CC = cl
CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "WITH_SSL" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c
COUT = /Fo
LN = link
LDFLAGS = /nologo /subsystem:console /incremental:no /machine:I386
LDFLAGS = /nologo /subsystem:console /incremental:no /machine:I386
DLFLAGS = /DLL
DLSUFFICS = .dll
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib libcrypto.lib libssl.lib
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libeay32MT.lib ssleay32MT.lib
LIBSOLD = libeay32MT.lib ssleay32MT.lib
LIBSPREFIX =
LIBSSUFFIX = .lib
LIBEXT = .lib
LNOUT = /out:
EXESUFFICS = .exe
OBJSUFFICS = .obj
DEFINEOPTION = /D
COMPFILES = *.pch *.idb
REMOVECOMMAND = del
REMOVECOMMAND = del 2>NUL >NUL
TYPECOMMAND = type
COMPATLIBS =
MAKEFILE = Makefile.msvc
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
VERFILE = 3proxy.res $(VERFILE)
VERSION = $(VERSION)
VERSIONDEP = 3proxy.res $(VERSIONDEP)
BUILDDATE = $(BUILDDATE)
AFTERCLEAN = if exist src\*.res (del src\*.res) && if exist src\*.err (del src\*.err)
VERFILE = $(VERFILE)
include Makefile.inc
3proxy.res:
rc 3proxy.rc
../3proxy.res:
rc /fo../3proxy.res ../3proxy.rc
3proxyres.obj: ../3proxy.res
cvtres /out:3proxyres.obj /MACHINE:I386 ../3proxy.res
allplugins:
for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)

23
Makefile.msvc64
View File

@ -8,16 +8,14 @@
BUILDDIR = ../bin64/
CC = cl
CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_SSL" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c
COUT = /Fo
LN = link
LDFLAGS = /nologo /subsystem:console /incremental:no /machine:x64
DLFLAGS = /DLL
DLSUFFICS = .dll
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib libcrypto.lib libssl.lib
LIBSOLD = libeay32.lib ssleay32.lib
LIBSPREFIX =
LIBSSUFFIX = .lib
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libeay32MT.lib ssleay32MT.lib
LIBSOLD = libeay32MT.lib ssleay32MT.lib
LIBEXT = .lib
LNOUT = /out:
EXESUFFICS = .exe
@ -27,15 +25,20 @@ COMPFILES = *.pch *.idb
REMOVECOMMAND = del 2>NUL >NUL
TYPECOMMAND = type
COMPATLIBS =
VERFILE = 3proxy.res $(VERFILE)
VERSIONDEP = 3proxy.res $(VERSIONDEP)
MAKEFILE = Makefile.msvc64
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
AFTERCLEAN = del src\*.res
VERFILE = $(VERFILE)
#../3proxy.res:
# rc /fo../3proxy.res ../3proxy.rc
#3proxyres.obj: ../3proxy.res
# cvtres /out:3proxyres.obj /MACHINE:X64 ../3proxy.res
include Makefile.inc
3proxy.res:
rc 3proxy.rc
../3proxy.res:
rc /fo../3proxy.res ../3proxy.rc
3proxyres.obj: ../3proxy.res
cvtres /out:3proxyres.obj /machine:x64 ../3proxy.res

48
Makefile.msvcARM64
View File

@ -1,48 +0,0 @@
#
# 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
BUILDDIR = ../bin64/
CC = cl
CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "WITH_SSL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
COUT = /Fo
LN = link
LDFLAGS = /nologo /subsystem:console /incremental:no /machine:arm64
DLFLAGS = /DLL
DLSUFFICS = .dll
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libcrypto.lib libssl.lib
LIBSOLD =
LIBSPREFIX =
LIBSSUFFIX = .lib
LIBEXT = .lib
LNOUT = /out:
EXESUFFICS = .exe
OBJSUFFICS = .obj
DEFINEOPTION = /D
COMPFILES = *.pch *.idb
REMOVECOMMAND = del 2>NUL >NUL
TYPECOMMAND = type
COMPATLIBS =
MAKEFILE = Makefile.msvcARM64
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
VERFILE = 3proxy.res $(VERFILE)
VERSIONDEP = 3proxy.res $(VERSIONDEP)
AFTERCLEAN = del src\*.res
include Makefile.inc
3proxy.res:
rc 3proxy.rc
3proxyres.obj: ../3proxy.res
cvtres /out:3proxyres.obj /machine:x64 ../3proxy.res
allplugins:
for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)

2
Makefile.msvcCE
View File

@ -8,7 +8,7 @@
BUILDDIR = ../bin/
CC = cl
CFLAGS = /DARM /D "NOODBC" /nologo /MT /W3 /Wp64 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "_WINCE" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c
CFLAGS = /DARM /D "NOODBC" /nologo /MT /W3 /Wp64 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "_WINCE" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c
COUT = /Fo
LN = link
LDFLAGS = /nologo /subsystem:console /incremental:no

102
Makefile.openwrt-mips
View File

@ -1,102 +0,0 @@
#
# 3 proxy Makefile for GCC/Linux/Cygwin
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# remove -DNOODBC from CFLAGS and add -lodbc to LIBS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR = ../bin/
CC = mips-openwrt-linux-gcc
CFLAGS = -g -O2 -fno-strict-aliasing -c -pthread -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER
COUT = -o
LN = $(CC)
DCFLAGS = -fPIC
LDFLAGS = -O2 -fno-strict-aliasing -pthread -s
DLFLAGS = -shared
DLSUFFICS = .ld.so
# -lpthreads may be reuqired on some platforms instead of -pthreads
LIBSPREFIX = -l
LIBSSUFFIX =
LNOUT = -o
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.openwrt-mips
# PamAuth requires libpam, you may require pam-devel package to be installed
# SSLPlugin requires -lcrypto -lssl
#LIBS = -lcrypto -lssl -ldl
LIBS = -ldl
#PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
include Makefile.inc
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done
DESTDIR =
prefix = /usr/local
exec_prefix = $(prefix)
man_prefix = $(prefix)/share
INSTALL = /usr/bin/install
INSTALL_BIN = $(INSTALL) -m 755
INSTALL_DATA = $(INSTALL) -m 644
INSTALL_OBJS = src/3proxy \
src/ftppr \
src/mycrypt \
src/pop3p \
src/proxy \
src/socks \
src/tcppm \
src/udppm
INSTALL_CFG_OBJS = scripts/3proxy.cfg \
scripts/add3proxyuser.sh
INSTALL_CFG_DEST = config
INSTALL_CFG_OBJS2 = passwd counters bandlimiters
MANDIR1 = $(DESTDIR)$(man_prefix)/man/man1
MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3
MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8
BINDIR = $(DESTDIR)$(exec_prefix)/bin
ETCDIR = $(DESTDIR)$(prefix)/etc/3proxy
install-bin:
$(INSTALL_BIN) -d $(BINDIR)
$(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR)
install-etc-dir:
$(INSTALL_BIN) -d $(ETCDIR)
install-etc-default-config:
if [ -f $(ETCDIR)/$(INSTALL_CFG_DEST) ]; then \
: ; \
else \
$(INSTALL_DATA) $(INSTALL_CFG_OBJS) $(ETCDIR)/$(INSTALL_CFG_DEST) \
fi
install-etc: install-etc-dir
for file in $(INSTALL_CFG_OBJS2); \
do \
touch $(ETCDIR)/$$file; chmod 0600 $(ETCDIR)/$$file; \
done;
install-man:
$(INSTALL_BIN) -d $(MANDIR3)
$(INSTALL_BIN) -d $(MANDIR8)
$(INSTALL_DATA) man/*.3 $(MANDIR3)
$(INSTALL_DATA) man/*.8 $(MANDIR8)
install: install-bin install-etc install-man

19
Makefile.unix
View File

@ -7,40 +7,37 @@
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR = ../bin/
BUILDDIR =
CC = gcc
# you may need -L/usr/pkg/lib for older NetBSD versions
CFLAGS = -g -O2 -fno-strict-aliasing -c -pthread -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
CFLAGS = -g -O2 -c -pthread -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
COUT = -o
LN = $(CC)
LDFLAGS = -O2 -fno-strict-aliasing -pthread
LN = gcc
LDFLAGS = -O2 -pthread
# -lpthreads may be reuqired on some platforms instead of -pthreads
# -ldl or -lld may be required for some platforms
DCFLAGS = -fPIC
DCFLAGS = -fpic
DLFLAGS = -shared
DLSUFFICS = .ld.so
LIBS =
LIBSPREFIX = -l
LIBSSUFFIX =
LNOUT = -o
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.unix
PLUGINS = StringsPlugin TrafficPlugin PCREPlugin PamAuth TransparentPlugin
PLUGINS = StringsPlugin TrafficPlugin PCREPlugin
include Makefile.inc
install: all
if [ ! -d /usr/local/etc/3proxy/bin ]; then mkdir -p /usr/local/etc/3proxy/bin/; fi
install bin/3proxy /usr/local/etc/3proxy/bin/3proxy
install bin/mycrypt /usr/local/etc/3proxy/bin/mycrypt
install src/3proxy /usr/local/etc/3proxy/bin/3proxy
install src/mycrypt /usr/local/etc/3proxy/bin/mycrypt
install scripts/rc.d/proxy.sh /usr/local/etc/rc.d/proxy.sh
install scripts/add3proxyuser.sh /usr/local/etc/3proxy/bin/
if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then

17
Makefile.unix-install
View File

@ -6,14 +6,15 @@ man_prefix = $(prefix)/share
INSTALL = /usr/bin/install
INSTALL_BIN = $(INSTALL) -m 755
INSTALL_DATA = $(INSTALL) -m 644
INSTALL_OBJS = bin/3proxy \
bin/ftppr \
bin/mycrypt \
bin/pop3p \
bin/proxy \
bin/socks \
bin/tcppm \
bin/udppm \
INSTALL_OBJS = src/3proxy \
src/dighosts \
src/ftppr \
src/mycrypt \
src/pop3p \
src/proxy \
src/socks \
src/tcppm \
src/udppm \
scripts/add3proxyuser.sh
INSTALL_CFG_OBJS = scripts/3proxy.cfg

72
Makefile.watcom
View File

@ -1,72 +0,0 @@
#
# 3 proxy Makefile for Open Watcom 2
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
BUILDDIR = ../bin/
CC = cl
CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NOODBC" /D "NORADIUS" /D"WATCOM" /D "MSVC" /D "WITH_STD_MALLOC" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /c $(VERSION) $(BUILDDATE)
COUT = /Fo
LN = link
LDFLAGS = /nologo /subsystem:console /incremental:no
DLFLAGS = /DLL
DLSUFFICS = .dll
LIBS = ws2_32.lib advapi32.lib user32.lib kernel32.lib
LIBSOLD = libeay32MT.lib ssleay32MT.lib
LIBSPREFIX =
LIBSSUFFIX = .lib
LIBEXT = .lib
LNOUT = /out:
EXESUFFICS = .exe
OBJSUFFICS = .obj
DEFINEOPTION = /D
COMPFILES = *.pch *.idb *.err
REMOVECOMMAND = del 2>NUL >NUL
TYPECOMMAND = type
COMPATLIBS =
MAKEFILE = Makefile.watcom
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
VERFILE = $(VERFILE)
VERSION = $(VERSION)
VERSIONDEP = 3proxy.res $(VERSIONDEP)
BUILDDATE = $(BUILDDATE)
include Makefile.inc
3proxy.res:
rc 3proxy.rc
allplugins:
copy Makefile plugins\utf8tocp1251
copy Makefile.var plugins\utf8tocp1251
cd plugins\utf8tocp1251
nmake
del *.obj *.idb
cd ../../
copy Makefile plugins\WindowsAuthentication
copy Makefile.var plugins\WindowsAuthentication
cd plugins\WindowsAuthentication
nmake
del *.obj *.idb
cd ../../
copy Makefile plugins\TrafficPlugin
copy Makefile.var plugins\TrafficPlugin
cd plugins\TrafficPlugin
nmake
del *.obj *.idb
cd ../../
copy Makefile plugins\StringsPlugin
copy Makefile.var plugins\StringsPlugin
cd plugins\StringsPlugin
nmake
del *.obj *.idb
cd ../../
copy Makefile plugins\PCREPlugin
copy Makefile.var plugins\PCREPlugin
cd plugins\PCREPlugin
nmake
del *.obj *.idb
cd ../../

21
Makefile.win
View File

@ -10,15 +10,13 @@
BUILDDIR = ../bin/
CC = gcc
CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DWITH_WSAPOLL
CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOIPV6
COUT = -o
LN = gcc
LDFLAGS = -O2 -s -mthreads
LDFLAGS = -O2 -s -mthreads
DLFLAGS = -shared
DLSUFFICS = .dll
LIBS = -lws2_32 -lodbc32 -ladvapi32 -luser32 -lcrypto -lssl
LIBSPREFIX = -l
LIBSSUFFIX =
LIBS = -lws2_32 -lodbc32 -ladvapi32
LNOUT = -o
EXESUFFICS = .exe
OBJSUFFICS = .o
@ -28,18 +26,9 @@ REMOVECOMMAND = rm -f
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.win
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin SSLPLugin
VERFILE := 3proxyres.o $(VERFILE)
VERSION := $(VERSION)
VERSIONDEP := 3proxyres.o $(VERSIONDEP)
BUILDDATE := $(BUILDDATE)
AFTERCLEAN = (find . -type f -name "*.o" -delete && find . -type f -name "*.res" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
include Makefile.inc
3proxyres.o:
windres 3proxy.rc -o 3proxyres.o
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; rm *.o ; cd ../.. ; done

2
Makefile.winCE
View File

@ -10,7 +10,7 @@
BUILDDIR = ../bin/
CC = /opt/cegcc/arm-wince-cegcc/bin/gcc
CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOODBC -D_WINCE -D_WIN32 -DNORADIUS -D__USE_W32_SOCKETS
CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOODBC -D_WINCE -D_WIN32 -D__USE_W32_SOCKETS
COUT = -o
LN = /opt/cegcc/arm-wince-cegcc/bin/gcc
LDFLAGS = -O2 -s -mthreads

205
README
View File

@ -1,194 +1,24 @@
# 3APA3A 3proxy tiny proxy server
(c) 2002-2025 by Vladimir '3APA3A' Dubrovin <3proxy@3proxy.org>
/*
3APA3A 3proxy tiny proxy server
(c) 2002-2016 by Vladimir '3APA3A' Dubrovin <3proxy@3proxy.ru>
please read License Agreement
*/
Branches:
Master (stable) branch - 3proxy 0.9
Devel branch - 3proxy 10 (don't use it)
* Download
Binaries and sources for released (master) versions (Windows, Linux):
https://github.com/z3APA3A/3proxy/releases
Docker images:
https://hub.docker.com/repository/docker/3proxy/3proxy
Archive of old versions: https://github.com/z3APA3A/3proxy-archive
* Documentation
Documentation (man pages and HTML) available with download, on https://3proxy.org/
and in github wiki https://github.com/3proxy/3proxy/wiki
* Windows installation
3proxy --install
installs and starts proxy as Windows service
(config file should be located in the same directory)
3proxy --remove
removes the service (should be stopped before via
'net stop 3proxy').
* To build in Linux
install git and build-essential packages, use
git clone https://github.com/z3apa3a/3proxy
cd 3proxy
ln -s Makefile.Linux Makefile
make
sudo make install
Default configuration (for Linux/Unix):
3proxy uses 2 configuration files:
/etc/3proxy/3proxy.cfg (before-chroot). This configuration file is executed before chroot and should not be modified.
/usr/local/3proxy/conf/3proxy.cfg symlinked from /etc/3proxy/conf/3proxy.cfg (after-chroot) is a main configuration file. Modify this file, if required.
All paths in /usr/local/3proxy/conf/3proxy.cfg are relative to chroot directory (/usr/local/3proxy). For future versions it's planned to move
3proxy chroot direcory to /var.
Log files are created in /usr/local/3proxy/logs symlinked from /var/log/3proxy.
By default, socks is started on 0.0.0.0:1080 and proxy on 0.0.0.0:3128 with basic auth, no users are added by default.
use /etc/3proxy/conf/add3proxyuser.sh script to add users.
usage: /etc/3proxy/conf/add3proxyuser.sh username password [day_limit] [bandwidth]
day_limit - traffic limit in MB per day
bandwidth - bandwith in bits per second 1048576 = 1Mbps
or modify /etc/3proxy/conf/ files directly.
* For MacOS X / FreeBSD / *BSD
git clone https://github.com/z3apa3a/3proxy
cd 3proxy
ln -s Makefile.FreeBSD Makefile
make
(binaries are in bin/ directory)
Features:
1. General
+ IPv6 support for incoming and outgoing connection,
can be used as a proxy between IPv4 and IPv6 networks
in either direction.
+ HTTP/1.1 Proxy with keep-alive client and server support,
transparent proxy support.
+ HTTPS (CONNECT) proxy (compatible with HTTP/2 / SPDY)
+ Anonymous and random client IP emulation for HTTP proxy mode
+ FTP over HTTP support.
+ DNS caching with built-in resolver
+ DNS proxy
+ DNS over TCP support, redirecting DNS traffic via parent
proxy
+ SOCKSv4/4.5 Proxy
+ SOCKSv5 Proxy
+ SOCKSv5 UDP and BIND support (fully compatible with
SocksCAP/FreeCAP for UDP)
+ Transparent SOCKS redirection for HTTP, POP3, FTP, SMTP
+ SNI proxy (based on TLS hostname)
+ TLS (SSL) server - may be used as https:// type proxy
+ POP3 Proxy
+ FTP proxy
+ TCP port mapper (port forwarding)
+ UDP port mapper (port forwarding)
+ SMTP proxy
+ Threaded application (no child process).
+ Web administration and statistics
+ Plugins for functionality extension
+ Native 32/64 bit application
2. Proxy chaining and network connections
+ Can be used as a bridge between client and different proxy type
(e.g. convert incoming HTTP proxy request from client to SOCKSv5
request to parent server).
+ Connect back proxy support to bypass firewalls
+ Parent proxy support for any type of incoming connection
+ Username/password authentication for parent proxy(s).
+ HTTPS/SOCKS4/SOCKS5 and ip/port redirection parent support
+ Random parent selection
+ Chain building (multihop proxing)
+ Load balancing between few network connections by choosing network
interface
3. Logging
+ tuneable log format compatible with any log parser
+ stdout logging
+ file logging
+ syslog logging (Unix)
+ ODBC logging
+ RADIUS accounting
+ log file rotation
+ automatic log file processing with external archiver (for files)
+ Character filtering for log files
+ different log files for different servces are supported
4. Access control
+ ACL-driven Access control by username, source IP,
destination IP/hostname, destination port and destination action
(POST, PUT, GET, etc), weekday and daytime.
+ ACL-driven (user/source/destination/protocol/weekday/daytime or
combined) bandwith limitation for incoming and (!)outgoing trafic.
+ ACL-driven traffic limitation per day, week or month for incoming and
outgoing traffic
+ Connection limitation and ratelimting
+ User authentication by username / password
+ RADIUS Authentication and Authorization
+ User authentication by DNS hostname
+ Authentication cache with possibility to limit user to single IP address
+ Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP
+ Cleartext or encrypted (crypt/MD5 or NT) passwords.
+ Connection redirection
+ Access control by requested action (CONNECT/BIND,
HTTP GET/POST/PUT/HEAD/OTHER).
+ All access control entries now support weekday and time limitations
+ Hostnames and * templates are supported instead of IP address
5. Extensions
+ Regular expression filtering (with PCRE) via PCREPlugin
+ Authentication with Windows username/password (cleartext only)
+ SSL/TLS decryptions with certificate spoofing
+ Transparent redirection support for Linux and *BSD
6. Configuration
+ support for configuration files
+ support for includes in configuration files
+ interface binding
+ socket options
+ running as daemon process
+ utility for automated networks list building
+ configuration reload on any file change
Unix
+ support for chroot
+ support for setgid
+ support for setuid
+ support for signals (SIGUSR1 to reload configuration)
Windows
+ support --install as service
+ support --remove as service
+ support for service START, STOP, PAUSE and CONTINUE commands (on
PAUSE no new connection accepted, but active connections still in
progress, on CONTINUE configuration is reloaded)
Windows 95/98/ME
+ support --install as service
+ support --remove as service
6. Compilation
+ MSVC (static)
+ OpenWatcom (static)
+ Intel Windows Compiler (msvcrt.dll)
+ Windows/gcc (msvcrt.dll)
+ Cygwin/gcc (cygwin.dll)
+ Unix/gcc
+ Unix/ccc
+ Solaris
+ Mac OS X, iPhone OS
+ Linux and derivered systems
+ Lite version for Windows 95/98/NT/2000/XP/2003
+ 32 bit and 64 bit versions for Windows Vista and above, Windows 2008 server and above
Please read doc/html/index.html and man pages.
3proxy Combined proxy server may be used as
Windows 95/98/NT/2000/XP/2003/Vista
executable or service (supports installation and removal).
It uses config file to read it's configuration (see
3proxy.cfg.sample for details).
--install installs and starts proxy as NT/2000/XP service
(config file should be located in the same directory)
--remove removes the service (should be stopped before via
net stop 3proxy).
3proxy.exe is all-in-one, it doesn't require all others .exe
to work.
See 3proxy.cfg.sample for examples, see man 3proxy.cfg
proxy HTTP proxy server, binds to port 3128
ftppr FTP proxy server, binds to port 21
socks SOCKS 4/5 proxy server, binds to port 1080
@ -198,17 +28,19 @@ pop3p POP3 proxy server, binds to port 110. You must specify
POP3 username as username@target.host.ip[:port]
port is 110 by default.
Exmple: in Username configuration for you e-mail reader
set someuser@pop.example.org, to obtains mail for someuser
set someuser@pop.somehost.ru, to obtains mail for someuser
from pop.somehost.ru via proxy.
smtpp SMTP proxy server, binds to port 25. You must specify
SMTP username as username@target.host.ip[:port]
port is 25 by default.
Exmple: in Username configuration for you e-mail reader
set someuser@mail.example.org, to send mail as someuser
set someuser@mail.somehost.ru, to send mail as someuser
via mail.somehost.ru via proxy.
icqpr ICQ/AIM proxy. Maps some TCP port to TCP port of ICQ
server and performs packets translation. Example:
icqpr 5190 login.icq.com 5190
tcppm TCP port mapping. Maps some TCP port on local machine to
TCP port on remote host.
tlspr TLS proxy (SNI proxy) - sniffs hostname from TLS handshake
udppm UDP port mapping. Maps some UDP port on local machine to
UDP port on remote machine. Only one user simulationeously
can use UDP mapping, so it cann't be used for public service
@ -222,10 +54,11 @@ mycrypt Program to obtain crypted password fro cleartext. Supports
produces NT password
mycrypt salt password
produces MD5/crypt password with salt "salt".
dighosts Utility for building networks list from web page.
Run utility with --help option for command line reference.
Latest version is available from https://3proxy.org/
Latest version is available from http://3proxy.ru/
Want to donate the project? https://3proxy.org/donations/
Want to donate the project? http://3proxy.ru/donations/

1
RELEASE
View File

@ -1 +0,0 @@
0.9.5

106
Release.notes Normal file
View File

@ -0,0 +1,106 @@
08/04/2014 3[APA3A]tiny proxy 0.7
Features:
1. General
+ HTTP/1.1 Proxy with keep-alive client and server support,
transparent proxy support.
+ Anonymous and random client emulation HTTP proxy mode
+ FTP over HTTP support.
+ DNS caching with built-in resolver
+ HTTPS (CONNECT) proxy
+ SOCKSv4/4.5 Proxy
+ SOCKSv5 Proxy
+ UDP and bind support for SOCKSv5 (fully compatible with
SocksCAP/FreeCAP for UDP)
+ Transparent SOCKS redirection for HTTP, POP3, FTP, SMTP, ICQ
+ POP3 Proxy
+ FTP proxy
+ DNS proxy
+ TCP port mapper
+ UDP port mapper
+ SMTP proxy
+ ICQ/AOL proxy
+ MSN proxy
+ Threaded application (no child process).
+ Web administration and statistics
+ Plugins for functionality extension
+ Native 64 bit application for 64 bit OS, including 64-bit editions of
Windows XP, Vista, 2003, 2008.
2. Proxy chaining and network connections
+ Parent proxy support for any type of incoming connection
+ Username/password authentication for parent proxy(s).
+ HTTPS/SOCKS4/SOCKS5 and redirection parent support
+ Random parent selection
+ Chain building (multihop proxing)
+ Load balancing between few network connections by choosing network
interface
3. Logging
+ turnable log format compatible with any log parser
+ stdout logging
+ file logging
+ syslog logging (Unix)
+ ODBC logging (Windows and Unix)
+ log file rotation (hourly, daily, weekly, monthly)
+ automatic log file comperssion with external archiver (for files)
+ automatic removal of older log files
+ Character filtering for log files
+ different log files for different servces are supported
4. Access control
+ ACL-driven (user/source/destination/protocol/weekday/daytime or
combined) bandwith limitation for incoming and (!)outgoing trafic.
+ ACL-driven (user/source/destination/protocol/weekday/daytime or
combined) traffic limitation per day, week or month for incoming and
(!) outgoing traffic
+ User authorization by NetBIOS messanger name
+ Access control by username, source IP, destination IP, destination
port and destination action (POST, PUT, GET, etc), weekday and daytime.
+ Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP
+ Cleartext or encrypted (crypt/MD5 or NT) passwords.
+ Connection redirection
+ Access control by requested action (CONNECT/BIND,
HTTP GET/POST/PUT/HEAD/OTHER).
+ NTLM (v1 only) authentication for HTTP proxy access
+ All access control entries now support weekday and time limitations
+ Hostnames and * templates are supported instead of IP address
5. Extensions
+ Regular expression filtering (with PCRE) via PCREPlugin
currently HTTP traffic only for URLs, HTTP headers and HTTP data.
+ Authentication with Windows username/password (cleartext only!)
6. Configuration
+ support for configuration files
+ support for includes in configuration files
+ interface binding
+ running as daemon process
+ utility for automated networks list building
+ configuration reload on any file change
Unix
+ support for chroot
+ support for setgid
+ support for setuid
+ support for signals
Windows NT/2K/XP/2K3
+ support --install as service
+ support --remove as service
+ support for service START, STOP, PAUSE and CONTINUE commands (on
PAUSE no new connection accepted, but active connections still in
progress, on CONTINUE configuration is reloaded)
Windows 95/98/ME
+ support --install as service
+ support --remove as service
6. Compilation
+ MSVC (static)
+ Intel Windows Compiler (msvcrt.dll)
+ Windows/gcc (msvcrt.dll)
+ Cygwin/gcc (cygwin.dll)
+ Unix/gcc
+ Unix/ccc
+ Solaris
+ Mac OS X, iPhone OS
Planned for future (0.8) release:
- SSL handling / SSL decryption by certificate spoofing
- NAT support under *nix
- Addon antiviral, HTTP cache filters modules, authentication
modules for different protocols (RADIUS, PAM etc).

2
authors
View File

@ -1 +1 @@
(c) 2002-2025 by Vladimir '3APA3A' Dubrovin <vlad@3proxy.org>
(c) 2002-2014 by Vladimir '3APA3A' Dubrovin <3proxy@3proxy.ru>

2
bin/.gitignore vendored
View File

@ -1,2 +0,0 @@
*.cfg
*.old

2
cfg/3proxy.cfg.sample
View File

@ -37,7 +37,7 @@ users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"
service
# service is required under NT if you want 3proxy to start as service
#log /var/log/3proxy/log D
#log /usr/local/etc/3proxy/logs/3proxy.log D
log c:\3proxy\logs\3proxy.log D
# log allows to specify log file location and rotation, D means logfile
# is created daily

53
cfg/sql/3proxy.cfg.sample
View File

@ -1,53 +0,0 @@
# By Mark Dreuband
nserver 10.1.2.1
nscache 65536
# we can grab wpad file from provider and feed it to dighosts
# to build list of free networks
# system "c:\3proxy\dighosts.exe -m http://wpad.security.nnov.ru/wpad.dat c:\3proxy\freenetworks.net"
service
internal 192.168.1.1
external 10.1.1.1
dnspr
log &3proxylog,root
#log c:\3proxy\logs\proxy.log D
#logformat "Linsert into log (timestamp, username, service, clientip, remoteip, remoteport, bytesin, bytesout,request,error) values (
#logformat "%t '%U' '%N' '%C' '%R' %r %I %O '%T' %E"
logformat "-\'+_Linsert into log (time, bytesin, bytesout, username, url, host, port, service) values ('%Y-%m-%d %H:%M:%S', %I, %O, '%U', '%T', '%n', %r, '%N');"
archiver zip c:\3proxy\zip.exe -m -qq %A %F
rotate 50
auth strong
users temp:CL:password root:CL:password
# access free networks directly
allow * * $c:\3proxy\freenetworks.net
# redirect web traffic for non-free networks to provider's proxy
allow * * * 80
parent 1000 http 10.1.2.5 3128
# allow rest of traffic
allow *
proxy
flush
auth iponly
allow *
pop3p
tcppm 25 mail.security.nnov.ru 25
flush
# redirect port 80 traffic via SOCKS server to local HTTP proxy to
# have URLs logged
allow * * * 80
parent 1000 http 0.0.0.0 0
allow *
socks
#daemon

56
cfg/sql/create.sql
View File

@ -1,56 +0,0 @@
# Connection: localhost
# Host: 127.0.0.1
# Saved: 2004-04-09 18:53:52
#
# Host: 127.0.0.1
# Database: 3proxy
# Table: 'log'
#
CREATE TABLE `log` (
`time` datetime NOT NULL default '0000-00-00 00:00:00',
`bytesin` int(11) NOT NULL default '0',
`bytesout` int(11) NOT NULL default '0',
`username` varchar(20) NOT NULL default '',
`service` varchar(7) NOT NULL default '',
`host` varchar(100) NOT NULL default '',
`port` int(11) NOT NULL default '0',
`url` varchar(255) NOT NULL default ''
) TYPE=MyISAM;
CREATE TABLE `services` (
`startport` int(11) NOT NULL default '0',
`endport` int(11) NOT NULL default '0',
`service` varchar(100) NOT NULL default '',
`description` varchar(100) NOT NULL default ''
) TYPE=MyISAM;
CREATE TABLE `timelimit` (
`datefrom` datetime NOT NULL default '0000-00-00 00:00:00',
`dateto` datetime NOT NULL default '0000-00-00 00:00:00'
) TYPE=MyISAM;
INSERT INTO services (80, 80, NULL, 'Access to Web Server');
INSERT INTO services (443, 443, NULL, 'Secure Access to Web Server');
INSERT INTO services (3128, 3128, NULL, 'Access to Web server via external Proxy');
INSERT INTO services (1080, 1080, NULL, 'Access to external SOCKS server');
INSERT INTO services (5190, 5190, NULL, 'Access to ICQ');
INSERT INTO services (6666, 6668, NULL, 'Access to IRC');
INSERT INTO services (119, 119, NULL, 'Access to news server');
INSERT INTO services (25, 25, NULL, 'Sent Mail');
INSERT INTO services (0, 0, 'POP3P', 'Received Mail');
INSERT INTO services (0, 0, 'SMTPP', 'Sent Mail');
INSERT INTO services (0, 0, 'TCPPM', 'Access to external server via TCP');
INSERT INTO services (0, 0, 'UDPPM', 'Access to external server via UDP');
INSERT INTO services (0, 0, 'PROXY', 'Access to external server via Proxy');
INSERT INTO services (0, 0, 'FTPPR', 'Access to external server via FTP Proxy');
INSERT INTO services (0, 0, 'ICQPR', 'Access to external server via ICQ Proxy');
INSERT INTO services (0, 0, 'SOCKS4', 'Access to external server via Socks v4');
INSERT INTO services (0, 0, 'SOCKS5', 'Access to external server via Socks v5');
INSERT INTO services (0, 0, 'DNSPR', 'Name resolution');
INSERT INTO services (0, 0, NULL, 'Unknown');

BIN
cfg/sql/report.xls
View File

Binary file not shown.

6
contrib/www3proxy/isqlodbc/Makefile.inc Normal file
View File

@ -0,0 +1,6 @@
all: isqlodbc$(EXESUFFICS)
clean:
@$(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES)
isqlodbc$(EXESUFFICS): isqlodbc$(OBJSUFFICS)
$(LN) $(LNOUT)isqlodbc$(EXESUFFICS) $(LDFLAGS) $(VERFILE) isqlodbc$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)

15
contrib/www3proxy/isqlodbc/Makefile.unix Normal file
View File

@ -0,0 +1,15 @@
CC = gcc
CFLAGS = -I /usr/local/include -DUNIX
COUT = -o
LN = gcc
LDFLAGS =
LIBS =-L /usr/local/lib -lodbc
LNOUT = -o
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
COMPATLIBS =
include Makefile.inc

15
contrib/www3proxy/isqlodbc/Makefile.win Normal file
View File

@ -0,0 +1,15 @@
CC = gcc
CFLAGS = -DWIN32
COUT = -o
LN = gcc
LDFLAGS =
LIBS = -lodbc32
LNOUT = -o
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
COMPATLIBS =
include Makefile.inc

191
contrib/www3proxy/isqlodbc/isqlodbc.c Normal file
View File

@ -0,0 +1,191 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef WIN32
#include <io.h>
#include <windows.h>
#endif
#ifdef UNIX
#include <sqltypes.h>
#endif
#include <sql.h>
#include <sqlext.h>
#define BUF_LENGTH 65000
/* environment variable */
SQLHENV env=NULL;
SQLHDBC dbc=NULL;
SQLHSTMT stmt=NULL;
SQLHSTMT cstmt=NULL;
unsigned char *dsn;
unsigned char *user;
unsigned char *pass;
RETCODE retcod;
/*description a columns of result of request */
SQLSMALLINT ColumnCount;
unsigned int ColNumber;
unsigned char ColName[SQL_MAX_COLUMN_NAME_LEN];
unsigned int Length;
unsigned int Type;
unsigned int Size;
unsigned int Digits;
unsigned int Nullable;
unsigned char data_buf[BUF_LENGTH];
unsigned long OutData;
/* function print error message*/
void PrintError(HENV env,HDBC dbc,HSTMT stmt,RETCODE retcod)
{
SQLINTEGER nError;
SQLSMALLINT TextLength;
unsigned char BufErrMsg[SQL_MAX_MESSAGE_LENGTH+1];
unsigned char SqlState[128];
SQLError(env,dbc,stmt,SqlState,&nError,BufErrMsg,512, &TextLength);
printf("%s\n" ,BufErrMsg);
}
void sqlquery(SQLHDBC dbc,SQLHSTMT stmt, unsigned char *strquery)
{
retcod=SQLAllocStmt(dbc, &stmt);
retcod=SQLExecDirect(stmt,strquery,SQL_NTS);
if(retcod!=SQL_SUCCESS)
{ PrintError(env,dbc,stmt,retcod);}
SQLNumResultCols(stmt,&ColumnCount);
while(SQLFetch(stmt)==SQL_SUCCESS)
{
for(ColNumber=1; ColNumber<=ColumnCount ; ColNumber++)
{
SQLGetData(stmt,ColNumber,SQL_CHAR,data_buf,BUF_LENGTH,&OutData);
printf("%s|",data_buf);
}
printf("\n",data_buf);
strcpy(data_buf,"");
}
SQLFreeStmt( stmt, SQL_DROP );
}
/* isqlodbc dsn[[,user][,pass]] ["SQLCMD"] */
int main(int argc, char *argv[])
{
unsigned char qbuf[64000];
unsigned char *ptr=NULL;
/* Allocate environment and database connection handles */
retcod=SQLAllocEnv( &env );
if(retcod!=SQL_SUCCESS)
{
PrintError(env,dbc,stmt,retcod);
SQLFreeEnv(env);
return (-1);
}
retcod = SQLAllocConnect( env, &dbc );
if(retcod!=SQL_SUCCESS)
{
PrintError(env,dbc,stmt,retcod);
SQLFreeConnect( dbc );
return (-1);
}
if(argc > 1 )
{
/* parsing command line and get parametrs */
dsn = strtok(argv[1],",");
user = strtok(NULL, ",");
pass = strtok(NULL, ",");
/* Connect from DSN */
retcod=SQLConnect(dbc,dsn,SQL_NTS,user,SQL_NTS,pass,SQL_NTS);
if(retcod!=SQL_SUCCESS)
{ PrintError(env,dbc,stmt,retcod); }
else
{
if (argc > 2)
{
/*sql cmd from command line*/
sqlquery(dbc,stmt,argv[2]);
}
else
{
/*sql cmd from stdin */
if( isatty(0) ){ printf(".tables - list table\n.q - exit\nsql>"); }
while(fgets(qbuf,63000,stdin) != NULL )
{
ptr=strrchr(qbuf,';');
if (ptr!=NULL)
{
sqlquery(dbc,stmt,qbuf);
}
else
{
/*cmd exit*/
if (strstr(qbuf,".q")){ break; };
/*cmd table list*/
if (strstr(qbuf,".tables"))
{
retcod=SQLAllocStmt(dbc, &stmt);
if(retcod!=SQL_SUCCESS){ PrintError(env,dbc,stmt,retcod); }
else
{
retcod=SQLTables(stmt,NULL,0,NULL,0,NULL,0,NULL,0);
if(retcod !=SQL_SUCCESS) { PrintError(env,dbc,stmt,retcod);}
while(SQLFetch(stmt)==SQL_SUCCESS)
{
SQLGetData(stmt,3,SQL_CHAR,data_buf,BUF_LENGTH,&OutData);
printf("%s|",data_buf);
/*list columns */
retcod=SQLAllocStmt(dbc, &cstmt);
retcod=SQLColumns(cstmt,NULL,0,NULL,0,data_buf,strlen(data_buf),NULL,0);
if(retcod !=SQL_SUCCESS) { PrintError(env,dbc,stmt,retcod);}
else
{
printf("create table %s (",data_buf);
while(SQLFetch(cstmt)==SQL_SUCCESS)
{
SQLGetData(cstmt,4,SQL_CHAR,data_buf,BUF_LENGTH,&OutData);
printf("%s ",data_buf);
SQLGetData(cstmt,6,SQL_CHAR,data_buf,BUF_LENGTH,&OutData);
printf("%s, ",data_buf);
}
printf(");\n");
SQLFreeStmt( cstmt, SQL_DROP );
}/*end list columns*/
}/*end while SQLFetch */
SQLFreeStmt( stmt, SQL_DROP );
}
}/*end if (strstr(qbuf,".tables")) */
} /*end else cmd*/
if( isatty(0) ){ printf("sql>"); }
} /*end while*/
}
}
SQLDisconnect(dbc);
} /* if (argc > 2) */
else
{
printf("isqlodbc dsn[[,user][,pass]] [\"SQLCMD\"]\n");
}
SQLFreeConnect( dbc );
SQLFreeEnv( env );
return 0;
}

22
contrib/www3proxy/log.sql Normal file
View File

@ -0,0 +1,22 @@
create table log (ldate date,ltime time,username char (30),userip char (16),bytein integer (10),byteout integer (10),service char (8), host char(255), hostport integer (10), url char (255) );
create index idate on log (ldate);
create index iusername on log (username);
create index iuserip on log (userip);
create index ihost on log (host);
create table services (port integer(10),service char(100),description char (100));
INSERT INTO services values (80,'PROXY', 'Access to Web Server');
INSERT INTO services values (21,'PROXY', 'Access to Ftp Server via HTTP proxy');
INSERT INTO services values (5190,'PROXY', 'Access to ICQ via HTTP proxy');
INSERT INTO services values (0, 'POP3P', 'Received Mail via POP3');
INSERT INTO services values (0,'FTPPR', 'Access to Ftp server via FTP proxy');
INSERT INTO services values (0,'SOCKS4', 'Access to external server via Socks v4');
INSERT INTO services values (0,'SOCKS5', 'Access to external server via Socks v5');
INSERT INTO services values (0,'TCPPM', 'Access to external server via TCP mapping');
INSERT INTO services values (0,'UDPPM', 'Access to external server via UDP mapping');
INSERT INTO services values (0, 0, NULL, 'Unknown');

63
contrib/www3proxy/readme.ru Normal file
View File

@ -0,0 +1,63 @@
------------------------------ KOI8-R ------------------------------------
Этот архив содержит набор CGI cкриптов и программ для получения
статистики работы пользователей прокси сервера "3proxy", посредством анализа
лога расположенного в ODBC источнике(базе), через Web интерфейс.
stat.awk - основной CGI скрипт (Для его испольнения под Win9X/2000 необходима
программа awk.exe ,в linux/freebsd она как правило входит в сиситему
по умолчанию).
isqlodbc - программа для выполнения SQL запросов к базам ODBC
(вызывается из stat.awk). компилируется gcc и работает как в
win9X/2000 так и в linux/freebsd. (Так же может
использоваться независимо от stat.awk как отдельная
программа..)
log.sql - SQL скрипт создания базы для лога сервера.
awk.exe - awk интерпретатор под Win9X/2000.
Настройка скриптов статистики .
Для работы вам потребуется:
1) любой http сервер подерживающий CGI
2) odbc менеджер (под win32 ) или iodbc менеджер (под unix)
любая база данных например : sqlite, mysql, postgress или любые другие
имеющие ODBC драйвера.(Как настраивать iODBC под linux/freebsd смотрите в
файле iodbc.txt в каталоге /doc/ru архива 3proxy.)
Шаг настройки N1:
Создаем базу данных и DSN для хранения лога. ( в нашем случае DSN будет
называться "sqlite".) далее выполняя скрипт log.sql создаем необходимые
таблицы и индексы:
isqlodbc sqlite < log.sql
Шаг настройки N2:
Устанавливаем DSN и формат таблицы с логом в файле 3proxy.cfg следующего вида:
-----------
# create table log (
# ldate date,
# ltime time,
# username char (30),
# userip char (16),
# bytein integer (10),
# byteout integer (10),
# service char (8),
# host char(255),
# hostport integer (10),
# url char (255)
# );
log &sqlite
logformat "Linsert into log values ('%Y-%m-%d','%H:%M:%S','%U','%C','%I','%O','%N','%n','%r','%T');"
-----------
Шаг настройки N3:
Копируем файлы isqlodbc и stat.awk в каталог с CGI скриптами http сервера
и меняем в stat.awk путь вызова и DSN на свои значения , например:
isql="./isqlodbc.exe sqlite "
Шаг настройки N4:
Пробуем вызвать скрипт из web браузера , например
http://localhost/cgi/stat.awk?
------------------------------ KOI8-R ------------------------------------

129
contrib/www3proxy/stat.awk Normal file
View File

@ -0,0 +1,129 @@
#!/usr/bin/awk -f
BEGIN {
scriptname = ENVIRON["SCRIPT_NAME"]
#for win32
isql=".\\isqlodbc.exe sqlite "
#for unix
#isql="./isqlodbc sqlite "
print "Content-Type: text/html; charset=koi8-r \n\n"
print "<HTML>\n<BODY>\n";
# query parse
query_str = ENVIRON["QUERY_STRING"]
n = split(query_str, querys, "&")
for (i=1; i<=n; i++)
{
split(querys[i], data, "=")
qr[data[1]] = data[2]
}
printf "<FORM METHOD=PUT action=\"" scriptname "?rep=1\">"
printf "datefrom:<INPUT name=\"datefrom\" value=\"2004-06-01\"> "
printf "dateto:<INPUT name=\"dateto\" value=\"2004-07-30\"> <br>"
printf "<INPUT type=\"radio\" name=\"userid\" value=\"username\" checked> LOGIN user <br>"
printf "<INPUT type=\"radio\" name=\"userid\" value=\"userip\"> IP user <br>"
printf "<INPUT type=\"hidden\" name=\"rep\" value=\"user\">"
printf "<INPUT type=\"submit\" value=\"Report\">"
printf "</FORM>"
#printf "query_str=%s\n<br>",query_str
#print qr["rep"]
if(qr["rep"]=="user")
{
cmd = isql " \"select " qr["userid"] ",sum(bytein),sum(byteout),sum(bytein+byteout) from log \
where ldate > '" qr["datefrom"] "' AND ldate < '" qr["dateto"] \
"' group by " qr["userid"] " order by sum(bytein+byteout) desc;\""
printf " <table WIDTH=100%% BORDER=1><tr><td><b>user</b></td> <td><b>bytein</b></td> <td><b>byteout</b> </td> <td> <b>bytesum</b></td></tr>"
while( (cmd|getline result)>0)
{
split(result, rt, "|")
printf "<tr> <td><a href=\"%s?rep=host&datefrom=%s&dateto=%s&userid=%s&selectid=%s\"> %s <\/a></td><td>%d</td><td>%d</td><td>%d</td></tr>",
scriptname,qr["datefrom"],qr["dateto"],qr["userid"],rt[1],rt[1],rt[2],rt[3],rt[4]
totalbytein=totalbytein+rt[2];
totalbyteout=totalbyteout+rt[3];
totalbytesum=totalbytesum+rt[4];
}
printf "<tr> <td><br>Total users</td> <td><br>%d</td> <td><br>%d</td> \
<td><br>%d</td></tr> </table> ",totalbytein,totalbyteout, totalbytesum
close(cmd)
}
if(qr["rep"]=="host")
{
cmd = isql "\"select sum(bytein+byteout), sum(bytein), sum(byteout),host from log \
where ldate > '" qr["datefrom"] "' AND ldate < '"qr["dateto"] \
"' AND " qr["userid"] " = '" qr["selectid"] \
"' group by host order by sum(bytein+byteout) desc;\""
printf "<center><b>Detail statistic for user: %s</b></center>",qr["selectid"]
printf " <table WIDTH=100%% BORDER=1> <tr><td><b>sum byte</b></td> <td><b>bytein</b></td> <td><b>byteout</b></td><td><b>host</b></td></tr>"
while( (cmd|getline result)>0)
{
split(result, rt, "|")
printf "<tr><td>%d</td><td>%d</td><td>%d</td><td>%s</td></tr>",rt[1],rt[2],rt[3],rt[4]
totalbytein=totalbytein+rt[1];
totalbyteout=totalbyteout+rt[2];
totalbytesum=totalbytesum+rt[3];
}
printf "<tr> <td><br>%d</td> <td><br>%d</td> \
<td><br>%d</td><td><br>Total host</td></tr> </table> ",totalbytein,totalbyteout, totalbytesum
printf " </table> "
close(cmd)
}
printf " </BODY> </HTML>";
} # end BEGIN
# decode urlencoded string
function decode(text, hex, i, hextab, decoded, len, c, c1, c2, code) {
split("0 1 2 3 4 5 6 7 8 9 a b c d e f", hex, " ")
for (i=0; i<16; i++) hextab[hex[i+1]] = i
# urldecode function from Heiner Steven
# http://www.shelldorado.com/scripts/cmds/urldecode
# decode %xx to ASCII char
decoded = ""
i = 1
len = length(text)
while ( i <= len ) {
c = substr (text, i, 1)
if ( c == "%" )
{
if ( i+2 <= len )
{
c1 = tolower(substr(text, i+1, 1))
c2 = tolower(substr(text, i+2, 1))
if ( hextab [c1] != "" || hextab [c2] != "" ) {
if ( (c1 >= 2 && (c1 != 7 && c2 != "F")) || (c1 == 0 && c2 ~ "[9acd]") )
{
code = 0 + hextab [c1] * 16 + hextab [c2] + 0
c = sprintf ("%c", code)
}
else { c = " " }
i = i + 2
}
}
} else if ( c == "+" ) { # special handling: "+" means " "
c = " "
}
decoded = decoded c
++i
}
# change linebreaks to \n
gsub(/\r\n/, "\n", decoded)
# remove last linebreak
sub(/[\n\r]*$/,"",decoded)
return decoded
}

185
contrib/www3proxy/stat.pl Normal file
View File

@ -0,0 +1,185 @@
#!/usr/bin/perl
eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
if $running_under_some_shell;
# this emulates #! processing on NIH machines.
# (remove #! line above if indigestible)
eval '$'.$1.'$2;' while $ARGV[0] =~ /^([A-Za-z_0-9]+=)(.*)/ && shift;
# process any FOO=bar switches
$[ = 1; # set array base to 1
$, = ' '; # set output field separator
$\ = "\n"; # set output record separator
$scriptname = $ENVIRON{'SCRIPT_NAME'};
#for win32
$isql = ".\\isqlodbc.exe sqlite ";
#for unix
#isql="./isqlodbc sqlite "
print "Content-Type: text/html; charset=koi8-r \n\n";
print "<HTML>\n<BODY>\n";
# query parse
$query_str = $ENVIRON{'QUERY_STRING'};
$n = (@querys = split(/&/, $query_str, 9999));
for ($i = 1; $i <= $n; $i++) {
@data = split(/=/, $querys[$i], 9999);
$qr{$data[1]} = $data[2];
}
printf "<FORM METHOD=PUT action=\"" . $scriptname . "?rep=1\">";
printf "datefrom:<INPUT name=\"datefrom\" value=\"2004-06-01\"> ";
printf "dateto:<INPUT name=\"dateto\" value=\"2004-07-30\"> <br>";
printf
"<INPUT type=\"radio\" name=\"userid\" value=\"username\" checked> LOGIN user <br>";
printf
"<INPUT type=\"radio\" name=\"userid\" value=\"userip\"> IP user <br>";
printf "<INPUT type=\"hidden\" name=\"rep\" value=\"user\">";
printf "<INPUT type=\"submit\" value=\"Report\">";
printf '</FORM>';
#printf "query_str=%s\n<br>",query_str
#print qr["rep"]
if ($qr{'rep'} eq 'user') {
$cmd = $isql . " \"select " . $qr{'userid'} .
",sum(bytein),sum(byteout),sum(bytein+byteout) from log where ldate > '"
. $qr{'datefrom'} . "' AND ldate < '" . $qr{'dateto'} . "' group by " .
$qr{'userid'} . " order by sum(bytein+byteout) desc;\"";
printf
' <table WIDTH=100%% BORDER=1><tr><td><b>user</b></td> <td><b>bytein</b></td> <td><b>byteout</b> </td> <td> <b>bytesum</b></td></tr>';
while ((($result = &Getline3($cmd, '|'),$getline_ok)) > 0) {
@rt = split(/\|/, $result, 9999);
printf
"<tr> <td><a href=\"%s?rep=host&datefrom=%s&dateto=%s&userid=%s&selectid=%s\"> %s <\\/a></td><td>%d</td><td>%d</td><td>%d</td></tr>",
$scriptname, $qr{'datefrom'}, $qr{'dateto'}, $qr{'userid'}, $rt[1],
$rt[1], $rt[2], $rt[3], $rt[4];
$totalbytein = $totalbytein + $rt[2];
$totalbyteout = $totalbyteout + $rt[3];
$totalbytesum = $totalbytesum + $rt[4];
}
printf
'<tr> <td><br>Total users</td> <td><br>%d</td> <td><br>%d</td> <td><br>%d</td></tr> </table> ',
$totalbytein, $totalbyteout, $totalbytesum;
delete $opened{$cmd} && close($cmd);
}
if ($qr{'rep'} eq 'host') {
$cmd = $isql .
"\"select sum(bytein+byteout), sum(bytein), sum(byteout),host from log where ldate > '"
. $qr{'datefrom'} . "' AND ldate < '" . $qr{'dateto'} . "' AND " .
$qr{'userid'} . " = '" . $qr{'selectid'} .
"' group by host order by sum(bytein+byteout) desc;\"";
printf '<center><b>Detail statistic for user: %s</b></center>',
$qr{'selectid'};
printf
' <table WIDTH=100%% BORDER=1> <tr><td><b>sum byte</b></td> <td><b>bytein</b></td> <td><b>byteout</b></td><td><b>host</b></td></tr>';
while ((($result = &Getline3($cmd, '|'),$getline_ok)) > 0) {
@rt = split(/\|/, $result, 9999);
printf '<tr><td>%d</td><td>%d</td><td>%d</td><td>%s</td></tr>',
$rt[1], $rt[2], $rt[3], $rt[4];
$totalbytein = $totalbytein + $rt[1];
$totalbyteout = $totalbyteout + $rt[2];
$totalbytesum = $totalbytesum + $rt[3];
}
printf
'<tr> <td><br>%d</td> <td><br>%d</td> <td><br>%d</td><td><br>Total host</td></tr> </table> ',
$totalbytein, $totalbyteout, $totalbytesum;
printf ' </table> ';
delete $opened{$cmd} && close($cmd);
}
printf ' </BODY> </HTML>';
# end BEGIN
# decode urlencoded string
sub decode {
local($text, *Hex, $i, *hextab, $decoded, $len, $c, $c1, $c2, $code) = @_;
@Hex = split(' ', '0 1 2 3 4 5 6 7 8 9 a b c d e f', 9999);
for ($i = 0; $i < 16; $i++) {
$hextab{$Hex[$i + 1]} = $i;
# urldecode function from Heiner Steven
# http://www.shelldorado.com/scripts/cmds/urldecode
# decode %xx to ASCII char
;
}
$decoded = '';
$i = 1;
$len = length($text);
while ($i <= $len) { #???
$c = substr($text, $i, 1);
if ($c eq '%') {
if ($i + 2 <= $len) {
$c1 = &tolower(substr($text, $i + 1, 1));
$c2 = &tolower(substr($text, $i + 2, 1));
if ($hextab{$c1} ne '' || $hextab{$c2} ne '') {
if (($c1 >= 2 && ($c1 != 7 && $c2 ne 'F')) ||
($c1 == 0 && $c2 =~ '[9acd]')) {
$code = 0 + $hextab{$c1} * 16 + $hextab{$c2} + 0;
$c = sprintf('%c', $code);
}
else {
$c = ' ';
}
$i = $i + 2;
}
}
}
elsif ($c eq '+') {
# special handling: "+" means " "
$c = ' ';
}
$decoded = $decoded . $c;
++$i;
}
# change linebreaks to \n
$decoded =~ s/\r\n/\n/g;
# remove last linebreak
$decoded =~ s/[\n\r]*$//;
$decoded;
}
sub Getline3 {
&Pick('',@_);
local($_);
if ($getline_ok = (($_ = <$fh>) ne '')) {
;
}
$_;
}
sub Pick {
local($mode,$name,$pipe) = @_;
$fh = $name;
open($name,$mode.$name.$pipe) unless $opened{$name}++;
}

20
copying
View File

@ -1,8 +1,12 @@
3proxy 0.9 Public License Agreement
3proxy 0.7 Public License Agreement
(c) 2000-2025 by 3APA3A (3APA3A@3proxy.ru)
(c) 2000-2025 by 3proxy.org (https://3proxy.org/)
(c) 2000-2025 by Vladimir Dubrovin (vlad@3proxy.org)
(c) 2000-2014 by 3APA3A (3APA3A@security.nnov.ru)
(c) 2000-2014 by SecurityVulns.com (http://3proxy.ru/)
(c) 2000-2014 by Vladimir Dubrovin (vlad@sandy.ru)
This software uses:
RSA Data Security, Inc. MD4 Message-Digest Algorithm
RSA Data Security, Inc. MD5 Message-Digest Algorithm
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
@ -35,23 +39,23 @@ are met (BSD style license):
Instead of this license, you can also use and redistribute this software under
terms of compatible license, including:
1. Apache License, Version 2.0 or (at your option) any later version
1. Apache License, Version 2.0
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
http://www.apache.org/licenses/LICENSE-2.0
2. GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
You may obtain a copy of the License at
https://www.gnu.org/licenses/gpl.txt
http://www.gnu.org/licenses/gpl.txt
3. GNU Lesser General Public License as published by the
Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
You may obtain a copy of the License at
https://www.gnu.org/licenses/lgpl.txt
http://www.gnu.org/licenses/lgpl.txt

10
debian/3proxy.manpages vendored
View File

@ -1,10 +0,0 @@
man/3proxy.8
man/3proxy.cfg.3
man/ftppr.8
man/tlspr.8
man/pop3p.8
man/proxy.8
man/smtpp.8
man/socks.8
man/tcppm.8
man/udppm.8

18
debian/changelog vendored
View File

@ -1,18 +0,0 @@
3proxy (0.9.3-210629140419) buster; urgency=medium
*3proxy 0.9.3 build
-- z3APA3A <3apa3a@3proxy.org> Thu, 01 Jul 2021 19:48:44 +0300
3proxy (0.9.3-1) buster; urgency=medium
*3proxy 0.9.3 initial build
-- z3APA3A <3apa3a@3proxy.org> Thu, 03 Dec 2020 21:13:58 +0300
3proxy (0.9.2-1) buster; urgency=medium
*3proxy 0.9.2 initial build
-- z3APA3A <3apa3a@3proxy.org> Thu, 19 Nov 2020 19:19:19 +0300

1
debian/compat vendored
View File

@ -1 +0,0 @@
9

4
debian/conffiles vendored
View File

@ -1,4 +0,0 @@
/usr/local/3proxy/conf/3proxy.cfg
/usr/local/3proxy/conf/add3proxyuser.sh
/usr/local/3proxy/conf/bandlimiters
/usr/local/3proxy/conf/counters

18
debian/control vendored
View File

@ -1,18 +0,0 @@
Source: 3proxy
Maintainer: z3APA3A <3apa3a@3proxy.org>
Section: net
Priority: optional
Standards-Version: 4.0.0
Build-Depends: debhelper (>=10)
Homepage: https://3proxy.org/
Vcs-Git: https://github.com/z3APA3A/3proxy
Vcs-Browser: https://github.com/z3APA3A/3proxy
Package: 3proxy
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: tiny free proxy server
3Proxy tiny free proxy server is really tiny freeware proxy servers set.
It includes HTTP proxy with HTTPS and FTP support, SOCKSv4/SOCKSv4.5/SOCKSv5 proxy (socks/socks.exe), POP3 proxy, SMTP proxy, FTP proxy, caching DNS proxy, TCP and UDP portmappers.
You can use every proxy as a standalone program (socks, proxy, tcppm, udppm, pop3p) or use combined program (3proxy). Combined proxy additionally supports features like access control, bandwidth limiting, limiting daily/weekly/monthly traffic amount, proxy chaining, log rotation, syslog and ODBC logging, etc.
It's created to be small, simple and yet very functional.

20
debian/copyright vendored
View File

@ -1,20 +0,0 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: 3proxy
Upstream-Contact: 3proxy@3proxy.org
Source: https://3proxy.org/
Files: *
Copyright: 2000-2020 3APA3A, Vladimir Dubrovin, 3proxy.org
License: BSD-3-clause or Apache or GPL-2+ or LGPL-2+
Files: src/libs/md*.*
Copyright: 1990,1991,1992 RSA Data Security, Inc
License: public-domain
Files: src/libs/regex.*
Copyright: Henry Spencer
License: public-domain
Files: src/libs/smbdes.c
Copyright: Andrew Tridgell 1998
License: GPL-2+

43
debian/postinst vendored
View File

@ -1,43 +0,0 @@
if [ ! -f /usr/local/3proxy/conf/passwd ]; then \
touch /usr/local/3proxy/conf/passwd;\
fi
chown -R proxy:proxy /usr/local/3proxy
chmod 550 /usr/local/3proxy/
chmod 550 /usr/local/3proxy/conf/
chmod 440 /usr/local/3proxy/conf/*
if /bin/systemctl >/dev/null 2>&1; then \
/usr/sbin/update-rc.d 3proxy disable || true; \
/usr/sbin/chkconfig 3proxy off || true; \
/bin/systemctl enable 3proxy.service; \
elif [ -x /usr/sbin/update-rc.d ]; then \
/usr/sbin/update-rc.d 3proxy defaults; \
/usr/sbin/update-rc.d 3proxy enable; \
elif [ -x /usr/sbin/chkconfig ]; then \
/usr/sbin/chkconfig 3proxy on; \
fi
echo ""
echo 3proxy installed.
if /bin/systemctl >/dev/null 2>&1; then \
/bin/systemctl stop 3proxy.service \
/bin/systemctl start 3proxy.service \
echo use ;\
echo " "systemctl start 3proxy.service ;\
echo to start proxy ;\
echo " "systemctl stop 3proxy.service ;\
echo to stop proxy ;\
elif [ -x /usr/sbin/service ]; then \
/usr/sbin/service 3proxy stop || true;\
/usr/sbin/service 3proxy start || true;\
echo " "service 3proxy start ;\
echo to start proxy ;\
echo " "service 3proxy stop ;\
echo to stop proxy ;\
fi
echo " "/usr/local/3proxy/conf/add3proxyuser.sh
echo to add users
echo ""
echo Default config uses Google\'s DNS.
echo It\'s recommended to use provider supplied DNS or install local recursor, e.g. pdns-recursor.
echo Configure preferred DNS in /usr/local/3proxy/conf/3proxy.cfg.
echo run \'/usr/local/3proxy/conf/add3proxyuser.sh admin password\' to configure \'admin\' user

4
debian/preinst vendored
View File

@ -1,4 +0,0 @@
if [ -x /usr/sbin/useradd ]; then \
/usr/bin/getent group proxy >/dev/null || (/usr/sbin/groupadd -f -r proxy || true); \
/usr/bin/getent passwd proxy >/dev/null || (/usr/sbin/useradd -Mr -s /bin/false -g proxy -c 3proxy proxy || true); \
fi

16
debian/rules vendored
View File

@ -1,16 +0,0 @@
#!/usr/bin/make -f
%:
dh $@
override_dh_auto_build:
ln -s Makefile.Linux Makefile || true
dh_auto_build
override_dh_auto_clean:
find src/ -type f -name "*.o" -delete
find src/ -type f -name "Makefile.var" -delete
find bin/ -type f -executable -delete
rm -f Makefile
override_dh_usrlocal:

1
debian/source/format vendored
View File

@ -1 +0,0 @@
3.0 (quilt)

155
doc/html/faqe.html
View File

@ -1,2 +1,155 @@
<h3>Why ... doesn't work?</h3>
<H2><A href="hotoe.html">See HowTo:</a></H2>
<p><i>Q: Why does nothing work?</i></p>
A: Valid configuration file is required.
<p><i>Q: Why restrictions (redirections, limits, etc) do not work?</i></p>
A: Most probable reasons: 'auth none' or no auth is used. For any ACL based feature one of 'iponly', 'nbname' or 'strong' auths required. Sequence of commands may be invalid. Commands are executed one-by-one and 'proxy', 'tcppm', 'socks' or another service commands must follow valid configuration. Invalid sequence of ACLs. First matching ACL is used (except of internal redirections, see below). If ACL contains at least one records last record is assumed to be 'deny *'.
<p><i>Q: Why doesn't 3proxy work as service under Windows?</i></p>
Possible reasons:
<ul>
<li>'service' command absents in configuration file. Command is required for
3proxy.exe to behave as system service in 3proxy 0.5.2 and prior.
<li>there are relative paths in configuration file for included files,
log files, etc. Always use absolute paths. For example
$"c:\3proxy\networks.local" instead of $networks.local. For debugging remove
'service' and 'daemon', log to stdout an try to execute 3proxy from command
line from some different directory (for example from disk root).
<li>SYSTEM account doesn't have access to executable file, configuration files,
log files, etc.
<li>configuration files is not located in default path (3proxy.cfg in same
location with 3proxy.exe). For alternative configuration file location use
<pre>
3proxy --install full_path_to_configuration_file
</pre>
<li>user has no rights to install or start service
<li>service is already installed and/or started
</ul>
<p><A NAME="INTEXT"><i>Q: Why doesn't internal and external commands work as expected</i></A></li></p>
A: Check your expectations first.
Both internal and external IPs are IPs of the host running 3proxy itself.
This configuration option is usefull in situation 3proxy is running on the
border host with 2 (or more) connections: e.g. LAN and WAN with different IPs
<pre>
LAN connection +-------------+ Internet connection
LAN <-------------->| 3proxy host |<-------------------> INTERNET
^+-------------+^
| |
Internal IP External IP
</pre>
If 3proxy is used on the host with single connection, both internal and
external are usually same IP.
<br>Internal should exist and be UP on the moment 3proxy is started and
should never be disconnected/DOWN. If this interface is periodically
disconnected (e.g. direct link between 2 hosts), do not specify internal
address or use 0.0.0.0 instead. In this case, if you have 2 or more
interfaces you must use firewall (preferably) or 3proxy ACLs to avoid open
proxy situation.
<br>
External IP (if specified) must exist in the momet 3proxy
serves client request. If external interface is no specified (or 0.0.0.0),
system select external IP. It may be possible to access resources of internal
network, to prevent this use ACLs. In addition, SOCKSv5 will not support BIND
operation, required for incoming connections (this operation is quite rarely
implemented in SOCKSv5 clients and usually is not required). In case of
dynamic address, do not specify external or use external 0.0.0.0 or, if
external address is required, create a script to determine current external
IP and save it to file, and use external "$path_to_file" with "monitor" command
to automatically reload configuration on address change.
<p><i>Q: Why doesn't ODBC loggind work?</i></p>
A: Check you use system DSN.
Check SQL request is valid.
The best way to check is to make file or stdout logging, get SQL request from log file or console and execute this request manually.
<p><i>Q: Why doesn't APOP/CRAM-MD5 authentication work with POP3 proxy?</i></p>
A: Any Challenge-response authentication require challenge to be transmitted from server. Pop3p doesn't know which server to use before authentication, it makes it impossible to obtain challenge. You can encrypt your POP3 communications with TLS (i.e. stunnel) or IPSec.
<h3>Redirection to local proxy</h3>
<p><i>Q: What is it for?</i></p>
A: To have control based on request and to have URLs and another protocol specific parameters to be logged.
<p><i>Q: What are restrictions?</i></p>
A: It's hard to redirect services for non-default ports; Internet Explorer supports only SOCKSv4 with no password authentication (Internet Explorer sends username, but not password), for SOCKSv5 only cleartext password authentication is supported.
<p><i>Q: What are advantages?</i></p>
A: You need only to setup SOCKS proxy in browser settings. You can use socksifier, i.e. FreeCAP or SocksCAP with application which is not proxy aware.
<p><i>Q: How to setup?</i></p>
A: You should specify parent proxy with IP of 0.0.0.0 and port 0. Examples:
<pre>
auth iponly
allow * * * 80,8080-8088
parent 1000 http 0.0.0.0 0
allow * * * 80,8080-8088
#redirect ports 80 and 8080-8088 to local HTTP proxy
#Second allow is required, because ACLs are checked
#twice: first time by socks and second by http proxy.
allow * * * 21,2121
parent 1000 ftp 0.0.0.0 0
allow * * * 21,2121
#redirect ports 21 and 2121 to local
#ftp proxy
allow *
#allow rest of connections directly
socks
#now let socks server to start
</pre>
<p><i>Q: How it affects different ACL rules?</i></p>
A: After local redirections rules are applied again to protocol-level request. Redirection rule itself is skipped. It makes it possible to redirect request again on the external proxy depending on request itself.
<pre>
allow * * * 80,8080-8088
parent 1000 http 0.0.0.0 0
#redirect http traffic to internal proxy
allow * * $c:\3proxy\local.nets 80,8080-8088
#allow direct access to local.nets networks
allow * * * 80,8080-8088
parent 1000 http proxy.sandy.ru 3128
#use parent caching proxy for rest of the networks
allow *
#allow direct connections for rest of socks
#requests
</pre>
<h3>Can I ...?</h3>
<p><i>Q: Is it possible to resolve names through parent proxy?</i></p>
A: Yes, use 'proxy', 'connect+', 'socks4+' or 'socks5+' as parent proxy type.
3proxy itself requires name resolutions for ACL checks, so, if it's impossible
to resolve names from 3proxy host, use
<pre>
fakeresolve
</pre>
command. Fakeresolve resolves any name to 127.0.0.2.
<p><i>Q: Can I use 3proxy as FTP proxy?</i></p>
A: There are two kinds of FTP proxy supported: FTP over HTTP support (known as FTP proxy inside Internet Explorer, Mozilla and another browsers) and real FTP proxy (usable in Far and different FTP clients). Both are supported in 3proxy: first one as a part of HTTP 'proxy' and second one as 'ftppr'.
<p><i>Q: Can I bind any 3proxy service to non-default port?</i></p>
A: proxy -p8080
<h3>Why so ...?</h3>
<p><i>Q: Why traffic accounting is incomplete? It differs for what my provider (or another accounting application) shows to me?</i></p>
A: 3proxy accounts protocol level traffic. Provider counts channel or IP-level traffic with network and transport headers. In additions, 3proxy doesn't counts DNS resolutions, pings, floods, scans, etc. It makes approx. 10% of difference. That's why you should have 15% reserve if you use 3proxy to limit your traffic. If difference with your provider is significantly above 10% you should look for traffic avoiding proxy server, for example connections through NAT, traffic originated from the host with proxy installed, traffic from server applications, etc.
<p><i>Q: Why configuration is so difficult and non-intuitive?</i></p>
A: Configuration format is created in a way it's easy to parse and matches to internal 3proxy structures. In addition, there are some older things left for compatibility to be cleaned in 3proxy release. And last, I think it's easy and intuitive.
<p><i>Q: Why the code is so difficult and non-intuitive?</i></p>
A: First, I'm not programmer. Second, 3proxy was 'proof of concept' in reply for some conference post. Request was to write proxy server in 100 lines of code. First version of 3proxy had less, with HTTP and SOCKS support and portmappers. Third, there are peoples who want to use 3proxy code in trojans. I don't want to help them. Fourth, the aim is to support different platforms. It's well known - the worse code is, the better it compiles.
<p><i>Q: Why do you use insecure strcpy, sprintf, etc?</i></p>
A: Why not? I try to use insecure function in secure manner. You're welcome to look for vulnerabilities.

282
doc/html/faqr.html
View File

@ -1,2 +1,280 @@
<H2><A href="hotoe.html">См. HowTo</a></H2>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
3APA3A 3proxy tiny proxy server Frequently Asked Questions (FAQ)
<ul>
<li><a href="#TROUBLE">Почему не работает...</a></li>
<ul>
<li><a href="#NOTHING">Q: Почему ничего не работает?</a></li>
<li><a href="#LIMITS">Q: Почему не работают ограничения доступа (перенаправления, ограничения по скорости, трафику и т.д.)?</a></li>
<li><a href="#SERVICE">Q: Почему 3proxy не запускается как служба?</a></li>
<li><a href="#INTEXT">Q: Почему не получается указать internal и external?</a></li>
<li><a href="#ODBC">Q: Почему не работает ведение журналов в ODBC?</a></li>
<li><a href="#CHAP">Q: Почему не поддерживаются APOP и CRAM-MD5 в POP3 прокси?</a></li>
</ul>
<li><a href="#SOCKSREDIR">Перенаправление socks соединений в локальный прокси</a></li>
<ul>
<li><a href="#REDIR">Q: Для чего это надо?</a></li>
<li><a href="#REDIRLIMIT">Q: Какие недостатки?</a></li>
<li><a href="#REDIRADV">Q: Какие преимущества?</a></li>
<li><a href="#REDIRHOW">Q: Как настраивается?</a></li>
<li><a href="#REDIINTER">Q: Как взаимодействует с другими правилами в ACL?</a></li>
</ul>
<li><a href="#ISIT">А есть ли...</a></li>
<ul>
<li><a href="#NAMES">Можно ли разрешать имена на родительском прокси?</a></li>
<li><a href="#ISFTP">Существует ли сейчас поддержка FTP прокси в продукте?</a></li>
<li><a href="#PORT">Каким образом можно прибиндить сервисы на свой порт, к примеру, HTTP прокси к 8080, а не 3128 как по-умолчанию?</a></li>
<li><a href="#BANDLIM">Как ограничить ширину канала?</a></li>
</ul>
<li><a href="#BRRR">Почему так криво...</a></li>
<ul>
<li><a href="#TRAF">Почему так криво считается трафик? Не совпадает с ...</a></li>
<li><a href="#CONFIG">Почему такая кривая конфигурация и ничерта не понятно?</a></li>
<li><a href="#CODE">Почему так криво написан код?</a>
<li><a href="#UNSAFE">Почему так много strcpy, sprintf и т.д., это ж дыры!</a>
</ul>
</ul>
<hr>
<li><b><a name="TROUBLE">Почему не работает...<a></b></li>
<ul>
<li><a name="NOTHING"><i>Q: Почему ничего не работает?</i></a></li>
<p>
<i>A:</i> Потому что для работы нужен правильный файл конфигурации.
</p>
<li><a name="LIMITS"><i>Q: Почему не работают ограничения доступа (перенаправления, ограничения по скорости,
трафику и т.д.)?</i></a></li>
<p>
<i>A:</i> Обычные ошибки - использование auth none (для работы любых
функций, основанных на ACL, требуется auth iponly, nbname или strong),
нарушение порядка ввода команд (команды выполняются последовательно,
запуск сервиса proxy, socks, tcppm и т.д. должен осуществляться после
того, как указана его конфигурация), неправильный порядок записей в ACL
(записи просматриваются последовательно до первой, удовлетворяющей
критериям). Если в ACL имеется хотя бы одна запись, то считается, что
последняя запись в ACL - это неявная deny *.
</p>
<li><a name="SERVICE"><i>Q: Почему 3proxy не запускается как служба?</i></a></li>
<p>
<i>A:</i> Наиболее вероятные причины:
<ul>
<li>Отсутствие команды service в файле конфигурации - команда необходима в 3proxy 0.5.2 и более ранних, чтобы 3proxy вел себя как системная служба Windows
<li>Использование относительных (неполных) путей файлов в файле конфигурации
При использовании файлов журналов, файлов вставок ($filename) используйте
полные пути, например, $"c:\3proxy\include files\networks.local". Тоже самое
относится к файлам журналов и любым другим.
Для отладки лучше запускать 3proxy с ведением журнала на стандартный вывод.
Не забудьте в таком случае отключить daemon и service в файле конфигурации.
Для чистоты эксперимента запускать 3proxy из коммандной строки в таком случае
следует, находясь в другой папке.
<li>Отсутствие у системной записи прав на доступ к исполняемому файлу, каким-либо файлам конфигурации, журнала и т.п.
<li>Отсутствие файла конфигурации по стандартному расположению -
3proxy.cfg в одном каталоге с исполняемым файлом. Если файл расположен по
другому пути, необходимо использовать команду
<pre>
3proxy --install path_to_configuration_file</pre>
<li>Отсутствие у пользователя прав на установку или запуск службы
<li>Служба уже установлена или запущена
</ul>
</p>
<li><a name="INTEXT"><i>Q: Почему не получается указать internal и external?</i></a></li></li>
<p>
<i>A:</i> Убедитесь, что выправильно понимаете что такое internal и external адреса.
Оба адреса - это адреса, принадлежищие хосту, на котором установлен 3proxy.
Эта опция конфигурации необходима в классической ситуации, когда 3proxy
установлен на граничном компьютере с двумя (или более) подключениями:
<pre>
LAN connection +-------------+ Internet connection
LAN <-------------->| 3proxy host |<-------------------> INTERNET
^+-------------+^
| |
Internal IP External IP</pre>
Если 3proxy работает на хосте с одним интерфейсом, то его адрес будет и
internal и external.
<br>Интерфейс с адресом internal должен существовать и быть рабочим на момент
запуска 3proxy, и не должен отключаться. Если internal интерфейс
периодически отключается, то не следует его указывать, или можно указать адрес
0.0.0.0. При этом прокси будет принимать запросы на всех интерфейсах, поэтому
при наличии нескольких интерфейсов для ограничения доступа следует использовать
фаервол или хотя бы ACL.
</p>
<p>
Интерфейс с адресом external, если он указан, должен быть рабочим на момент
получения запроса клиента. При отсутствии external или адресе 0.0.0.0 внешний
адрес будет выбираться системой при установке соединения. При этом, может быть
возможность доступа через прокси к ресурсам локальной сети, поэтому для
предотвращения несанкционированного доступа следует использовать ACL. Кроме
того, могут быть проблемы с приемом входящих соединений через SOCKSv5
(SOCKSv5 используется в клиентах исключительно редко).
В случае, если адрес динамический, можно либо не
указывать external, либо использовать адрес 0.0.0.0, либо, если необходима
поддержка входящих соединений в SOCKSv5, использовать скрипт,
который будет получать текущий адрес и сохранять его в файл, который будет
отслуживаться через команду monitor.
</p>
<li><a name="ODBC"><i>Q: Почему не работает ведение журналов в ODBC?</i></a></li>
<p>
<i>A:</i> Убедитесь, что используется системный, а не
пользовательский DSN. Убедитесь, что выполняется правильный SQL запрос. Наиболее
распространенная проблема связана с отсутствием кавычек или неправильным
форматом данных. Самый простой способ - сделать ведение журнала в файл или
на стандартный вывод, просмотреть выдаваемые SQL запросы и попробовать
дать такой запрос вручную.
</p>
<li><a name="CHAP"><i>Q: Почему не поддерживаются APOP и CRAM-MD5 в POP3 прокси?</i></a></li>
<p>
<i>A:</i> Любая challenge-response аутентификация, к которым относятся APOP
и CRAM-MD5, требует, чтобы со стороны сервера был передан уникальный challenge.
До начала аутентификации POP3 прокси не знает, к какому серверу следует
подключаться для получения Challenge, поэтому challenge-response в принципе
невозможен. Защитить соединение можно с помощью TLS (например, stunnel) или
IPSec.
</p>
</ul>
<hr>
<li><b><a name="SOCKSREDIR">Перенаправление socks соединений в локальный прокси</a></b></li>
<ul>
<li><a name="REDIR"><i>Q: Для чего это надо?</i></a></li>
<p>
<i>A:</i> Чтобы иметь в логах URL запросов, если пользователь SOCKS пользуется
Web, FTP или POP3.
</p>
<li><a name="REDIRLIMIT"><i>Q: Какие недостатки?</i></a></li>
<p>
<i>A:</i> Перенапраление невозможно для web-серверов или FTP, висящих на
нестандартных портах, для SOCKSv4 не поддрживается авторизация с
паролем (IE поддерживает только SOCKSv4), но при этом IE передает
имя пользователя по SOCKSv4 (имя, с которым пользователь вошел в систему).
Для SOCKSv5 не поддерживается NTLM авторизация, пароли передаются в открытом
тексте.
</p>
<li><a name="REDIRADV"><i>Q: Какие преимущества?</i></a></li>
<p>
<i>A:</i> Достаточно в настройках IE только указать адрес SOCKS прокси. В
больших сетях можно для этого использовать WPAD (автоматическое
обнаружение прокси). В 3proxy достаточно запускать только одну службу
(socks). Если используется только Internet Explorer, то можно
автоматически получать имя пользователя в логах, не запрашивая
логин/пароль.
</p>
<li><a name="REDIRHOW"><i>Q: Как настраивается?</i></a></li>
<p>
<i>A:</i> Указывается parent http proxy со специальным адресом 0.0.0.0 и портом
0. Пример:
<pre>
allow * * * 80,8080-8088
parent 1000 http 0.0.0.0 0
allow * * * 80,8080-8088
#перенаправить соединения по портам 80 и 8080-8088 в локальный
#http прокси. Вторая команда allow необходима, т.к. контроль доступа
#осуществляется 2 раза - на уровне socks и на уровне HTTP прокси
allow * * * 21,2121
parent 1000 ftp 0.0.0.0 0
allow * * * 21,2121
#перенаправить соединения по портам 21 и 2121 в локальный
#ftp прокси
allow *
#пустить все соединения напрямую
socks</pre>
</p>
<li><a name="REDIINTER"><i>Q: Как взаимодействует с другими правилами в ACL?</i></a></li>
<p>
<i>A:</i> После внутреннего перенаправления правила рассматриваются еще раз за
исключением самого правила с перенаправлением (т.е. обработка правил не
прекращается). Это позволяет сделать дальнейшие перенаправления на
внешний прокси. По этой же причине локальное перенаправление не должно
быть последним правилом (т.е. должно быть еще хотя бы правило allow,
чтобы разрешить внешние соединения через HTTP прокси).
Например,
<pre>
allow * * * 80,8080-8088
parent 1000 http 0.0.0.0 0
#перенаправить во внутренний прокси
allow * * $c:\3proxy\local.nets 80,8080-8088
#разрешить прямой web-доступ к сетям из local.nets
allow * * * 80,8080-8088
parent 1000 http proxy.sandy.ru 3128
#все остальные веб-запросы перенаправить на внешний прокси-сервер
allow *
#разрешить socks-запросы по другим портам</pre>
</p>
</ul>
<hr>
<li><b><a name="ISIT">А есть ли...</a></b></li>
<ul>
<li><a name="NAMES"><i>Q: Можно ли разрешать имена на родительском прокси?</i></a></li>
<p>
<i>A:</i> Можно. Для этого надо использовать тип родительского прокси http,
connect+, socks4+ и socks5+. Однако, при это надо помнить, что самому 3proxy
требуется разрешение имени для управления ACL. Поэтому, если с прокси-хоста
не работают разрешения имени, необходимо в конфигурации дать команду
<pre>
fakeresolve</pre>
которая разрешает любое имя в адрес 127.0.0.2.
</p>
<li><a name="ISFTP"><i>Q: Существует ли сейчас поддержка FTP прокси в продукте?</i></a></li>
<p>
Есть поддержка как FTP через HTTP (то, что называется FTP прокси в Internet
Explorer, Netscape, Opera) так и настоящего FTP прокси (то, что называется
FTP proxy в FAR и FTP клиентах).
</p>
<li><a name="PORT"><i>Q: Каким образом можно прибиндить сервисы на свой порт, к примеру, HTTP прокси к 8080, а не 3128 как по-умолчанию?</i></a></li>
<p>
А:
<pre>
proxy -p8080</pre>
</p>
<li><a name="BANDLIM"><i>Q: Как ограничить ширину канала?</i></a></li>
<p>
<i>A:</i> Читайте HowTo <a href="http://3proxy.ru/howtor.asp#BANDLIM">http://3proxy.ru/howtor.asp#BANDLIM</a>
</p>
</ul>
<hr>
<li><b><a name="BRRR">Почему так криво...</a></b></li>
<ul>
<li><a name="TRAF"><i>Q: Почему так криво считается трафик? Не совпадает с ...</i></a></li>
<p>
<i>A:</i> Следует учитывать, что 3proxy считает трафик только на прикладном уровне и
только проходящий через прокси-сервер. Провайдеры и другие средства учета
трафика считают трафик на сетевом уровне, что уже дает расхождение порядка 10%
за счет информации из заголовков пакетов. Кроме того, часть трафика, как
минимум DNS-разрешения, различный флудовый трафик и т.д. идут мимо прокси.
Уровень "шумового" трафика в Internet сейчас составляет порядка 50KB/день на
каждый реальный IP адрес, но может сильно варьироваться в зависимости от сети,
наличия открытых портов, реакции на ping-запросы и текущего уровня вирусной
активности. По этим причинам, если 3proxy используется чтобы не "выжрать"
трафик, выделенный провайдером, всегда следует делать некий запас порядка
15%.
</p>
<p>
Если на одной с 3proxy машине имеются какие-либо сервисы или
работает пользователь, то их трафик не проходит через proxy-сервер и так же
не будет учтен. Если где-то есть NAT, то клиенты, выходящие через NAT мимо
прокси, так же останутся неучтенными. Если расхождение с провайдером превышает
10% - нужно искать причину именно в этом.
</p>
<li><a name="CONFIG"><i>Q: Почему такая кривая конфигурация и ничерта не понятно?</i></a></li>
<p>
<i>A:</i> Есть несколько причин. Во-первых, до выхода релиза (т.е. версии 1.0) я буду изо
всех сил добиваться совместимости конфигурации между версиями. Во-вторых,
конфигурация сделана так, чтобы ее можно было легко разбирать программно.
В-третьих, все там понятно. При желании. Если знать как все работает.
</p>
<li><a name="CODE"><i>Q: Почему так криво написан код?</i></a></li>
<p>
<i>A:</i> Есть несколько причин. Во-первых, я не программист. Во-вторых, 3proxy изначально
писался на коленке (в отет на &quot;слабо&quot; в одной из конференций). Никто
не мог предположить, что им кто-то реально будет пользоваться. В-третьих, у многих
возникает желание разобраться в коде 3proxy чтобы внедрить его в какой-нибудь
троян. Очень не хочется облегчать эту задачу. В-четвертых, мне надо добиться
компиляции кода в как можно большем числе систем. Замечено, что чем кривее код в
C, тем он лучше переносится.
</p>
<li><a name="UNSAFE"><i>Q: Почему так много strcpy, sprintf и т.д., это ж дыры!</i></a><li>
<p>
<i>A:</i> Есть несколько причин. Во-первых, несмотря на дурной тон использования этих
функций, они наиболее совместимы между разными системами и компиляторами.
Во-вторых, само по себе их использование не означает присутствие дыры, если их
параметры должным образом контролируются. Найдете дыру - обязательно сообщите.
В третьих, может быть я уберу их перед конечным релизом, чтобы никого не
пугать.
</p>
</ul>

300
doc/html/highload.html
View File

@ -1,300 +0,0 @@
<h3>Optimizing 3proxy for high load</h3>
<p>Precaution 1: 3proxy was not initially developed for high load and is positioned as a SOHO product, the main reason is "one connection - one thread" model 3proxy uses. 3proxy is known to work with above 200,000 connections under proper configuration, but use it in production environment under high loads at your own risk and do not expect too much.
<p>Precaution 2: This documentation is incomplete and is not sufficient. High loads may require very specific system tuning including, but not limited to specific or cusomized kernels, builds, settings, sysctls, options, etc. All this is not covered by this documentation.
<h4>Configuring 'maxconn'</h4>
A number of simulatineous connections per service is limited by 'maxconn' option.
Default maxconn value since 3proxy 0.8 is 500. You may want to set 'maxconn'
to higher value. Under this configuration:
<pre>
maxconn 1000
proxy -p3129
proxy -p3128
socks
</pre>
maxconn for every service is 1000, and there are 3 services running
(2 proxy and 1 socks), so, for all services there can be up to 3000
simulatineous connections to 3proxy.
<p>Avoid setting 'maxconn' to arbitrary high value, it should be carefully
choosen to protect system and proxy from resources exhaution. Setting maxconn
above resources available can lead to denial of service conditions.
<h4>Understanding resources requirements</h4>
Each running service require:
<ul>
<li>1*thread (process)
<li>1*socket (file descriptor)
<li>1 stack memory segment + some heap memory, ~64K-128K depending on the system
</ul>
Each connected client require:
<ul>
<li>1*thread (process)
<li>2*socket (file descriptor). For FTP 4 sockets are required.
<br>Under linux since 0.9 splice() is used. It's much more effective, but requires
<br>2*socket (file descriptor) + 2*pipe (file descriptors) = 4 file descriptors.
<br>For FTP 4 sockets and 2 pipes are required with splice().
<br>Up to 128K (up to 256K in the case of splice()) of kernel buffers memory. This is theoretical maximum, actual numbers depend on connection quality and traffic amount.
<br>1 additional socket (file descriptor) during name resolution for non-cached names
<br>1 additional socket during authentication or logging for RADIUS authentication or logging.
<li>1*ephemeral port (3*ephemeral ports for FTP connection).
<li>1 stack memory segment of ~32K-128K depending on the system + at least 16K and up to few MB (for 'proxy' and 'ftppr') of heap memory. If you are short of memory, prefer 'socks' to 'proxy' and 'ftppr'.
<li>a lot of system buffers, specially in the case of slow network connections.
</ul>
Also, additional resources like system buffers are required for network activity.
<h4>Setting ulimits</h4>
Hard and soft ulimits must be set above calculated requirements. Under Linux, you can
check limits of running process with
<pre>
cat /proc/PID/limits
</pre>
where PID is a pid of the process.
Validate ulimits match your expectation, especially if you run 3proxy under dedicated account
by adding e.g.
<pre>
system "ulimit -Ha >>/tmp/3proxy.ulim.hard"
system "ulimit -Sa >>/tmp/3proxy.ulim.soft"
</pre>
in the beginning (before first service started) and the end of config file.
Make both hard restart (that is kill and start 3proxy process) and soft restart
by sending SIGUSR1 to 3proxy process, check ulimits recorded to files match your
expecation. In systemd based distros (e.g. latest Debian / Ubuntu) changing limits.conf
is not enough, limits must be ajusted in systemd configuration, e.g. by setting
<pre>
DefaultLimitDATA=infinity
DefaultLimitSTACK=infinity
DefaultLimitCORE=infinity
DefaultLimitRSS=infinity
DefaultLimitNOFILE=102400
DefaultLimitAS=infinity
DefaultLimitNPROC=10240
DefaultLimitMEMLOCK=infinity
</pre>
in user.conf / system.conf
<h4>Extending system limitation</h4>
Check manuals / documentation for your system limitations e.g. system-wide limit for number of open files
(fs.file-max in Linux). You may need to change sysctls or even rebuild the kernel from source.
<p>
To help with socket-based system-dependant settings, since 0.9-devel 3proxy supports different
socket options which can be set via -ol option for listening socket, -oc for proxy-to-client
socket and -os for proxy-to-server socket. Example:
<pre>
proxy -olSO_REUSEADDR,SO_REUSEPORT -ocTCP_TIMESTAMPS,TCP_NODELAY -osTCP_NODELAY
</pre>
available options are system dependant.
<h4>Using 3proxy in virtual environment</h4>
If 3proxy is used in VPS environment, there can be additional limitations.
For example, kernel resources / system CPU usage / IOCTLs can be limited in a different way, and this can become a bottleneck.
Since 0.9 devel, 3proxy uses splice() by default on Linux, splice() prevents network traffic from being copied from
kernel space to 3proxy process and generally increases throughput, epecially in the case of high volume traffic. It especially
true for virtual environment (it can improve thoughput up to 10 times) unless there are additional kernel limitations.
Since some work is moved to kernel, it requires up to 2 times more kernel resources in terms of CPU, memory and IOCTLs.
If your hosting additionally limits kernel resources (you can see it as nearly 100% CPU usage without any real CPU activity for
any application which performs IOCTLS), use -s0 option to disable splice() usage for given service e.g.
<pre>
socks -s0
</pre>
<h4>Extending ephemeral port range</h4>
Check ephemeral port range for your system and extend it to the number of the
ports required.
Ephimeral range is always limited to maximum number of ports (64K). To extend the
number of outgoing connections above this limit, extending ephemeral port range
is not enough, you need additional actions:
<ol>
<li> Configure multiple outgoing IPs
<li> Make sure 3proxy is configured to use different outgoing IP by either setting
external IP via RADIUS
<pre>
radius secret 1.2.3.4
auth radius
proxy
</pre>
or by using multiple services with different external
interfaces, example:
<pre>
allow user1,user11,user111
proxy -p1111 -e1.1.1.1
flush
allow user2,user22,user222
proxy -p2222 -e2.2.2.2
flush
allow user3,user33,user333
proxy -p3333 -e3.3.3.3
flush
allow user4,user44,user444
proxy -p4444 -e4.4.4.4
flush
</pre>
or via "parent extip" rotation,
e.g.
<pre>
allow user1,user11,user111
parent 1000 extip 1.1.1.1 0
allow user2,user22,user222
parent 1000 extip 2.2.2.2 0
allow user3,user33,user333
parent 1000 extip 3.3.3.3 0
allow user4,user44,user444
parent 1000 extip 4.4.4.4 0
proxy
</pre>
or
<pre>
allow *
parent 250 extip 1.1.1.1 0
parent 250 extip 2.2.2.2 0
parent 250 extip 3.3.3.3 0
parent 250 extip 4.4.4.4 0
socks
</pre>
<pre>
</pre>
Under latest Linux version you can also start multiple services with different
external addresses on the single port with SO_REUSEPORT on listening socket to
evenly distribute incoming connections between outgoing interfaces:
<pre>
socks -olSO_REUSEPORT -p3128 -e 1.1.1.1
socks -olSO_REUSEPORT -p3128 -e 2.2.2.2
socks -olSO_REUSEPORT -p3128 -e 3.3.3.3
socks -olSO_REUSEPORT -p3128 -e 4.4.4.4
</pre>
for Web browsing last two examples are not recommended, because same client can get
different external address for different requests, you should choose external
interface with user-based rules instead.
<li> You may need additional system dependant actions to use same port on different IPs,
usually by adding SO_REUSEADDR (SO_PORT_SCALABILITY for Windows) socket option to
external socket. This option can be set (since 0.9 devel) with -os option:
<pre>
proxy -p3128 -e1.2.3.4 -osSO_REUSEADDR
</pre>
Behavior for SO_REUSEADDR and SO_REUSEPORT is different between different system,
even between different kernel versions and can lead to unexpected results.
Specifics is described <a href="https://stackoverflow.com/questions/14388706/socket-options-so-reuseaddr-and-so-reuseport-how-do-they-differ-do-they-mean-t">here</a>.
Use this options only if actually required and if you fully understand possible
consiquences. E.g. SO_REUSEPORT can help to establish more connections than the
number of the client port available, but it can also lead to situation connections
are randomely fail due to ip+port pairs collision if remote or local system
doesn't support this trick.
</ol>
<h4>Setting stacksize</h4>
'stacksize' is a size added to all stack allocations and can be both positive and
negative. Stack is required in functions call. 3proxy itself doesn't require large
stack, but it can be required if some
purely-written libc, 3rd party libraries or system functions called. There is known\
dirty code in Unix ODBC
implementations, build-in DNS resolvers, especially in the case of IPv6 and large
number of interfaces. Under most 64-bit system extending stacksize will lead
to additional memory space usage, but do not require actual commited memory,
so you can inrease stacksize to relatively large value (e.g. 1024000) without
the need to add additional phisical memory,
but it's system/libc dependant and requires additional testing under your
installation. Don't forget about memory related ulimts.
<p>For 32-bit systems address space can be a bottlneck you should consider. If
you're short of address space you can try to use negative stack size.
<h4>Known system issues</h4>
There are known race condition issues in Linux / glibc resolver. The probability
of race condition arises under configuration with IPv6, large number of interfaces
or IP addresses or resolvers configured. In this case, install local recursor and
use 3proxy built-in resolver (nserver / nscache / nscache6).
<h4>Do not use public resolvers</h4>
Public resolvers like ones from Google have ratelimits. For large number of
requests install local caching recursor (ISC bind named, PowerDNS recursor, etc).
<h4>Avoid large lists</h4>
Currently, 3proxy is not optimized to use large ACLs, user lists, etc. All lists
are processed lineary. In devel version you can use RADIUS authentication to avoid
user lists and ACLs in 3proxy itself. Also, RADIUS allows to easily set outgoing IP
on per-user basis or more sophisicated logics.
RADIUS is a new beta feature, test it before using in production.
<h4>Avoid changing configuration too often</h4>
Every configuration reload requires additional resources. Do not do frequent
changes, like users addition/deletaion via connfiguration, use alternative
authentication methods instead, like RADIUS.
<h4>Consider using 'noforce'</h4>
'force' behaviour (default) re-authenticates all connections after
configuration reload, it may be resource consuming on large number of
connections. Consider adding 'noforce' command before services started
to prevent connections reauthentication.
<h4>Do not monitor configuration files directly</h4>
Using configuration file directly in 'monitor' can lead to race condition where
configuration is reloaded while file is being written.
To avoid race conditions:
<ol>
<li> Update config files only if there is no lock file
<li> Create lock file then 3proxy configuration is updated, e.g. with
"touch /some/path/3proxy/3proxy.lck". If you generate config files
asynchronously, e.g. by user's request via web, you should consider
implementing existance checking and file creation as atomic operation.
<li>add
<pre>
system "rm /some/path/3proxy/3proxy.lck"
</pre>
at the end of config file to remove it after configuration is successfully loaded
<li> Use a dedicated version file to monitor, e.g.
<pre>
monitor "/some/path/3proxy/3proxy.ver"
</pre>
<li> After config is updated, change version file for 3proxy to reload configuration,
e.g. with "touch /some/path/3proxy/3proxy.ver".
</ol>
<h4>Use TCP_NODELAY to speed-up connections with small amount of data</h4>
If most requests require exchange with a small amount of data in a both ways
without the need for bandwidth, e.g. messengers or small web request,
you can eliminate Nagle's algorithm delay with TCP_NODELAY flag. Usage example:
<pre>
proxy -osTCP_NODELAY -ocTCP_NODELAY
</pre>
sets TCP_NODELAY for client (oc) and server (os) connections.
<p>Do not use TCP_NODELAY on slow connections with high delays and then
connection bandwidth is a bottleneck.
<h4>Use splice to speedup large data amount transfers</h4>
splice() allows to copy data between connections without copying to process
addres space. It can speedup proxy on high bandwidth connections, if most
connections require large data transfers. Splice is enabled by default on Linux
since 0.9, "-s0" disables splice usage. Example:
<pre>
proxy -s0
</pre>
Splice is only available on Linux. Splice requires more system buffers and file descriptors,
and produces more IOCTLs but reduces process memory and overall CPU usage.
Disable splice if there is a lot of short-living connections with no bandwidth
requirements.
<p>Use splice only on high-speed connections (e.g. 10GBE), if processor, memory speed or
system bus are bottlenecks.
<p>TCP_NODELAY and splice are not contrary to each over and should be combined on
high-speed connections.
<h4>Add grace delay to reduce system calls<h4>
<pre>proxy -g8000,3,10</pre>
First parameter is average read size we want to keep, second parameter is
minimal number of packets in the same direction to apply algorythm,
last value is delay added after polling and prior to reading data.
An example above adds 10 millisecond delay before reading data if average
polling size is below 8000 bytes and 3 read operations are made in the same
direction. It's specially usefule with splice. <pre>logdump 1 1</pre> is useful
to see how grace delays work, choose delay value to avoid filling the read
pipe/buffer (typically 64K) but keep the request sizes close to chosen average
on large file upload/download.

261
doc/html/howtoe.html
View File

@ -8,6 +8,7 @@
<li><A HREF="#INTL">How to compile 3proxy with Intel C Compiler under Windows</A>
<li><A HREF="#GCCWIN">How to compile 3proxy with GCC under Windows</A>
<li><A HREF="#GCCUNIX">How to compile 3proxy with GCC under Unix/Linux</A>
<li><A HREF="#CCCUNIX">How to compile 3proxy with Compaq C Compiler under Unix/Linux</A>
</ul>
<li><A HREF="#INSTALL">Proxy server installation and removal</A>
<ul>
@ -17,32 +18,20 @@
</ul>
<li><A HREF="#SERVER">Server configuration</A>
<ul>
<li><a href="#NOTHING">How to make 3proxy start</a></li>
<li><a href="#LIMITS">How to make limitation (access, bandwidth, traffic, connections) work</a></li>
<li><a href="#SERVICE">How to make 3proxy to run as a service</a></li>
<li><a href="#INTEXT">How to understand internal and external</a></li>
<li><a href="#ODBC">How to make ODBC logging work?</a></li>
<li><a href="#IPV6">How to make IPv6 work</a></li>
<li><a href="#CRASH">How to fix 3proxy crashes</a></li>
<li><A HREF="#SAMPLE">Where to find configuration example</A>
<li><A HREF="#SAMPLE">Where to find configuration example</A>
<li><A HREF="#LOGGING">How to set up logging</A>
<li><A HREF="#LOGFORMAT">How to setup logging format</A>
<li><A HREF="#LOGANALIZERS">How to use log analizers with 3proxy</A>
<li><A HREF="#LAUNCH">How to start any of proxy services (HTTP, SOCKS etc)</A>
<li><a href="#BIND">How to bind service to specific interface or port</a>
<li><a href="#NAMES">How to resolve names through a parent proxy</a></li>
<li><a href="#ISFTP">How to setup FTP proxy</a></li>
<li><a href="#TLSPR">How to setup SNI proxy (tlspr)</a></li>
<li><A HREF="#BIND">How to bind service to specific interface and port?</A>
<li><A HREF="#AUTH">How to limit service access</A>
<li><A HREF="#USERS">How to create user list</A>
<li><A HREF="#ACL">How to limit user access to resources</A>
<li><A HREF="#REDIR">How to manage redirections</A>
<li><a href="#SOCKSREDIR">How to manage local redirections</a>
<li><A HREF="#ROUNDROBIN">How to balance traffic between few external channgels?</A>
<li><A HREF="#CHAIN">How to manage proxy chains</A>
<li><A HREF="#BANDLIM">How to limit bandwidth</A>
<li><A HREF="#TRAFLIM">How to limit traffic amount</A>
<li><a href="#TRAF">How to fix incorrect traffic accounting</a>
<li><A HREF="#NETLIST">How to build network lists</A>
<li><a href="#NSCACHING">How to configure name resolution and DNS caching</a>
<li><a href="#IPV6">How to use IPv6</a>
@ -95,6 +84,12 @@ shouldn't have problems under different Solaris, BSD or linux compatible systems
For different systems you may be required to patch Makefile or even source codes.
If you want to use ODBC support, make sure to install ODBC for unix, remove -DNOODBC
option from makefile compiler options and add ODBC library to linker variable.
</p>
</ul>
<hr>
<li><A NAME="CCCUNIX">How to compile 3proxy with Compaq C Compiler under Unix/Linux</A></li>
<p>
See <A HREF="#GCCUNIX">How to compile 3proxy with GCC under Unix/Linux</A>, use Makefile.ccc instead of Makefile.unix.
</p>
</ul>
<hr>
@ -169,83 +164,6 @@ Add 3proxy to system startup scripts.
<li><A NAME="SERVER">Server configuration</A>
<p>
<ul>
<li><a name="NOTHING">How to make 3proxy start</a>
<p>Valid configuration file is required.
<li><a name="IMITS">How to make limitation (access, bandwidth, traffic, connections) work</a>
<p> Most probable reasons for non-working limitations: 'auth none' or no auth is used. For any ACL based feature one of 'iponly', 'nbname' or 'strong' auths required. Sequence of commands may be invalid. Commands are executed one-by-one and 'proxy', 'tcppm', 'socks' or another service commands must follow valid configuration. Invalid sequence of ACLs. First matching ACL is used (except of internal redirections, see below). If ACL contains at least one records last record is assumed to be 'deny *'.
<li><a name="SERVICE">How to make 3proxy to run as a service</a>
<p>Possible reasons for 3proxy starts manually but fails to start as a service:
<ul>
<li>there are relative paths in configuration file for included files,
log files, etc. Always use absolute paths. For example
$"c:\3proxy\networks.local" instead of $networks.local. For debugging remove
'service' and 'daemon', log to stdout an try to execute 3proxy from command
line from some different directory (for example from disk root).
<li>SYSTEM account doesn't have access to executable file, configuration files,
log files, etc.
<li>configuration files is not located in default path (3proxy.cfg in same
location with 3proxy.exe). For alternative configuration file location use
<pre>
3proxy --install full_path_to_configuration_file
</pre>
<li>user has no rights to install or start service
<li>service is already installed and/or started
</ul>
<p><A NAME="INTEXT">How to understant internal and external</A>
<p>
Both internal and external IPs are IPs of the host running 3proxy itself.
This configuration option is usefull in situation 3proxy is running on the
border host with 2 (or more) connections: e.g. LAN and WAN with different IPs
<pre>
LAN connection +-------------+ Internet connection
LAN <-------------->| 3proxy host |<-------------------> INTERNET
^+-------------+^
| |
Internal IP External IP
</pre>
If 3proxy is used on the host with single connection, both internal and
external are usually same IP.
<br>Internal should exist and be UP on the moment 3proxy is started and
should never be disconnected/DOWN. If this interface is periodically
disconnected (e.g. direct link between 2 hosts), do not specify internal
address or use 0.0.0.0 instead. In this case, if you have 2 or more
interfaces you must use firewall (preferably) or 3proxy ACLs to avoid open
proxy situation.
<br>
External IP (if specified) must exist in the momet 3proxy
serves client request. If external interface is no specified (or 0.0.0.0),
system select external IP. It may be possible to access resources of internal
network, to prevent this use ACLs. In addition, SOCKSv5 will not support BIND
operation, required for incoming connections (this operation is quite rarely
implemented in SOCKSv5 clients and usually is not required). In case of
dynamic address, do not specify external or use external 0.0.0.0 or, if
external address is required, create a script to determine current external
IP and save it to file, and use external "$path_to_file" with "monitor" command
to automatically reload configuration on address change.
<li><a name="ODBC">How to make ODBC logging work?</a>
<p>
Check you use system DSN.
Check SQL request is valid.
The best way to check is to make file or stdout logging, get SQL request from log file or console and execute this request manually.
Under Unix, you may also want to adjust 'stacksize' parameter.
<li><a name="IPV6">How to make IPv6 work</a>
<p> Proxy can not access destination directly over IPv6 if client requests IPv4 address.
To access IPv6 destination, either IPv6 address or hostname must be used in request.
Best solution is to enable option to resolve hostnames via proxy on client side.
<li><a name="CRASH">How to fix 3proxy crashes</a>
<p> default stacksize may be insufficient, if some non-default plugins
are used (e.g. PAM and ODBC on Linux) or if compiled on some platforms with
invalid system defined values (few versionds of FreeBSD on amd64).
Problem can be resolved with 'stacksize' command or '-S' option starting 3proxy 0.8.4.
<li><A NAME="SAMPLE">Where to find configuration example</A>
<p>
Server configuration example 3proxy.cfg.sample is in any 3proxy distribution.
@ -301,7 +219,7 @@ sets rotation type. LOGTYPE may be:
<li>W, weekly
<li>D, daily
<li>H, hourly
<li>C, minutely
<li>, minutely
</ul>
<pre>
rotate NUMBER
@ -362,17 +280,17 @@ logformat "L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
</pre>
generates something like
<p><font face="courier">
1042454727.0296 SOCK4.1080 000 3APA3A 127.0.0.1:4739 195.122.226.28:4739 505 18735 1 GET http://3proxy.org/ HTTP/1.1
1042454727.0296 SOCK4.1080 000 3APA3A 127.0.0.1:4739 195.122.226.28:4739 505 18735 1 GET http://3proxy.ru/ HTTP/1.1
</font>
<br>(no line breaks)
</p>
<p>
If ODBC used, logformat should specify SQL command,
to insert record into log, for example
<p><pre>
logformat "-\'+_GINSERT INTO proxystat VALUES (%t, '%c', '%U', %I)"</pre>
<p><font face="courier">
logformat "GINSERT INTO proxystat VALUES (%t, '%c', '%U', %I)"
</font>
<br>(no line breaks)
<br>-\'+_ instructs to replace characters \ and ' with _
</p>
<li><A NAME="LOGANALIZERS">How to use log analizers with 3proxy</A>
<p>
@ -464,53 +382,6 @@ proxy -p8080 -i192.168.1.1
proxy -p8080 -i192.168.2.1
</pre>
</p>
<li><a name="NAMES">How to resolve names through a parent proxy</a></li>
<p>
<i>A:</i> Use one of proxy, connect+, socks4+ or socks5+ as a parent type. 3proxy
itself still performs a name resolution, it's required e.g. to ACLs matching.
So, if no name resolution must be performed by 3proxy itself add a command
<pre>
fakeresolve</pre>
this command resolves any name to 127.0.0.2 address.
</p>
<li><a name="ISFTP"><i>How to setup FTP proxy</i></a></li>
<p>
There is FTP over HTTP (what is called FTP proxy in browsers) and FTP over FTP ¯à®ªá¨
(what is called FTP proxy in file managers and FTP clients). For browsers, there is no need to start additional
proxy service, 'proxy' supports FTP over HTTP, configure 'proxy' port as an FTP proxy. For ftp clients and file
managers use ftppr. FTP proxy supports both active and passive mode with client, but always use passive mode with FTP servers.
</p>
<li><a name="TLSPR"><i>How to setup SNI proxy (tlspr)</i></a></li>
<p>
SNI proxy can be used to transparently redirect any TLS traffic with external router or local redirection rules. It can also be used
to extract hostnames from TLS to use in ACLs in combination with SOCKS or HTTP(s) proxy and/or Transparent plugin. It can also be used to require TLS or mTLS between services. TLS hadshake contains no
port information, if tlspr is used as a standalone service, destination port may be either detected with Transparent plugin or configured with -P option (default 443).
</p><p>
-c option is used to specify level of TLS check:
</p><pre>
0 (default) - allow non-TLS traffic
1 - require TLS, only check client HELLO packet
2 - require TLS, check both client and server HELLO
3 - require TLS, check server send certificate (not compatible with TLS 1.3)
4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
</pre>
<p>
configuration examples:
1. port 1443 may be used to redirect traffic to destination port 143). SNI is used to find destination host
<pre>
tlspr -p1443 -P443 -c1
</pre>
2. used as parent tls to detect destination hostname from TLS in socks
<pre>
allow * * * 80
parent 1000 http 0.0.0.0 0
allow * * * * CONNECT
parent 1000 tls 0.0.0.0 0
deny * * some.not.allowed.host
allow *
socks
</pre>
</p>
<li><A NAME="AUTH">How to limit service access</A>
<p>
First, always specify internal interface to accept incoming connection with
@ -590,12 +461,7 @@ proxy -n
</p>
Please note, that caching affects security. Never use caching for access to
critical resources, such as web administration.
<p>authcache can be used to bind user's sessions to ip with 'limit' option, with
<pre>
autchcache ip,user,pass,limit 120
auth cache strong</pre>
user will not be able to use more than a single IP during cache time (120 sec).
</p>
<li><A NAME="USERS">How to create user list</A>
<p>
Userslist is created with 'users' command.
@ -647,7 +513,7 @@ allow &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&
'flush' command is used to finish with existing ACL and to start new one.
It's required to have different ACLs for different services.
'allow' is used to allow connection and 'deny' to deny connection. 'allow'
command can be extended by 'parent' command to manage redirections (see <A href="#REDIR">How to manage redirections</A>)). If ACL
command can be extended by 'parent' command to manage redirections (see <A NAME="REDIR">How to manage redirections</A>)). If ACL
is empty it allow everything. If ACL is not empty, first matching ACL entry
is searched for user request and ACL action (allow or deny) performed. If
no matching record found, connection is denied and user will be asked to
@ -736,60 +602,6 @@ no need to run these services expicitly. Local redirections are usefull if
you want to see and control via ACLs protocol specific parameters, e.g.
filenames requests thorugh FTP while clients are using SOCKS.
</p>
<li><a name="SOCKSREDIR">Š ª ã¯à ¢«ïâì «®ª «ì­ë¬¨ ¯¥à¥­ ¯à ¢«¥­¨ï¬¨</a>
<p>
<p><i>Q: What is it for?</i></p>
A: To have control based on request and to have URLs and another protocol specific parameters to be logged.
<p><i>Q: What are restrictions?</i></p>
A: It's hard to redirect services for non-default ports; Internet Explorer supports only SOCKSv4 with no password authentication (Internet Explorer sends username, but not password), for SOCKSv5 only cleartext password authentication is supported.
<p><i>Q: What are advantages?</i></p>
A: You need only to setup SOCKS proxy in browser settings. You can use socksifier, i.e. FreeCAP or SocksCAP with application which is not proxy aware.
<p><i>Q: How to setup?</i></p>
A: You should specify parent proxy with IP of 0.0.0.0 and port 0. Examples:
<pre>
auth iponly
allow * * * 80,8080-8088
parent 1000 http 0.0.0.0 0
allow * * * 80,8080-8088
#redirect ports 80 and 8080-8088 to local HTTP proxy
#Second allow is required, because ACLs are checked
#twice: first time by socks and second by http proxy.
allow * * * 21,2121
parent 1000 ftp 0.0.0.0 0
allow * * * 21,2121
#redirect ports 21 and 2121 to local
#ftp proxy
allow *
#allow rest of connections directly
socks
#now let socks server to start
</pre>
<p><i>Q: How it affects different ACL rules</i></p>
A: After local redirections rules are applied again to protocol-level request. Redirection rule itself is skipped. It makes it possible to redirect request again on the external proxy depending on request itself.
<pre>
allow * * * 80,8080-8088
parent 1000 http 0.0.0.0 0
#redirect http traffic to internal proxy
allow * * $c:\3proxy\local.nets 80,8080-8088
#allow direct access to local.nets networks
allow * * * 80,8080-8088
parent 1000 http proxy.3proxy.org 3128
#use parent caching proxy for rest of the networks
allow *
#allow direct connections for rest of socks
#requests
</pre>
<li><A NAME="ROUNDROBIN">How to balance traffic between few external channgels?</A>
<p>
Proxy itself doesn't manage network level routing. The only way to control
@ -905,9 +717,30 @@ reportpath specifies location of text reports, type parameter of 'counter'
command controls how often text reports are created. amount is amount of
allowed traffic in Megabytes (MB). nocountin allows you to set exclusions.
</p>
<li><a name="TRAF"><i>How to fix incorrect traffic accounting</i></a>
<p>3proxy accounts protocol level traffic. Provider counts channel or IP-level traffic with network and transport headers. In additions, 3proxy doesn't counts DNS resolutions, pings, floods, scans, etc. It makes approx. 10% of difference. That's why you should have 15% reserve if you use 3proxy to limit your traffic. If difference with your provider is significantly above 10% you should look for traffic avoiding proxy server, for example connections through NAT, traffic originated from the host with proxy installed, traffic from server applications, etc.
<li><A NAME="NETLIST">How to build network lists</A>
<p>Networks or users lists are often very huge. 3proxy doesn't currently
supports user groups, but ones can be created by the means of include files.
You can store comma-delimited lists of networks or users in the separate
file and use $ macro to insert this list into 3proxy.cfg.
3proxy comes with 'dighosts'
utility. This utility helps to grab the list of the network from HTTP page.
It may be usefull to e.g. obtain a regullary updated list of local networks
from ISP's server. A network list can be either in form of NETWORK MASK,
e.g. 192.168.1.0 255.255.255.0 or NETWORK/LENGTH, e.g. 192.168.1.0/24. You can
launch dighosts from 3proxy.cfg to be executed on every 3proxy startup or
configuration reload:
<pre>
system "dighosts http://provider/network.html local.networks"
allow * * $local.networks
allow *
parent 1000 proxy.provider 3128 *
proxy
flush
</pre>
In this example we obtain list of local networks from provider's page to
local.networks file, allow direct access to these networks and redirect all
connection to external networks to provider's proxy.
</p>
<li><a name="NSCACHING"><i>How to configure name resolution and DNS caching</i></a>
<p>
For name resolution and caching use commands nserver, nscache / nscache6 and nsrecord.
@ -979,7 +812,7 @@ allowed traffic in Megabytes (MB). nocountin allows you to set exclusions.
<li><A NAME="NEWVERSION">How to obtain latest 3proxy version</A>
<p>
Latest version of 3proxy may be obtained
<A HREF="https://3proxy.org/">here</A>.
<A HREF="http://3proxy.ru/">here</A>.
New version may have changes and incompatibilities with previous one in files
format or commands. Please, read CHANGELOG file and another documentation
before installing new version.
@ -1032,16 +865,6 @@ You can control 3proxy service via "Services" administration ot via "net" comman
<li>50-69 - SOCKS5 PROXY REDIRECTION ERRORS
<li>70-79 PARENT PROXY CONNECTION ERRORS (identical to 1x)
<li>90-99 - established connection errors
<li>since 0.9
<li>90 - unexpected system error (should not happen)
<li>91 - unexpected poll error (should not happen)
<li>92 - connection terminated by timeout (see timeouts)
<li>93 - connection terminated by ratelimit-related timeout or due to errors limit
<li>94 - connection termination by server or client with unsent data
<li>95 - dirty connection termination by client (or networking issue)
<li>96 - dirty connection termination by server (or networking issue)
<li>97 - dirty connection termination by both client and server (probably networking issue)
<li>prior to 0.9:
<li>90 - socket error or connection broken
<li>91 - TCP/IP common failure
<li>92 - connection timed out
@ -1065,7 +888,7 @@ You can control 3proxy service via "Services" administration ot via "net" comman
<hr>
<li><A NAME="QUEST">How To ask quiestion not in How To?</A>
<p>
Ask it in <A HREF="https://github.com/z3APA3A/3proxy/issues">Github</A>.
Ask it in <A HREF="http://3proxy.ru/board4.html">3proxy forum</A>.
Don't try to ask something before reading this document.
</ul>

335
doc/html/howtor.html
View File

@ -1,5 +1,5 @@
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
3APA3A 3proxy tiny proxy server HowTo
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<br>В стадии разработки
<ul>
<li><a href="#COMPILE">Компиляция</a>
@ -18,35 +18,25 @@
</ul>
<li><a href="#SERVER">Конфигурация сервера</a>
<ul>
<li><a href="#NOTHING">Как заставить 3proxy запускаться</a></li>
<li><a href="#LIMITS">Как заставить ограничения (по ширине канала, трафику, ACL и. т.п.) работать</a></li>
<li><a href="#SERVICE">Как заставить 3proxy запускаться как службу</a></li>
<li><a href="#INTEXT">Как разобраться с internal и external</a></li>
<li><a href="#ODBC">Как починить ведение журналов в ODBC?</a></li>
<li><a href="#IPV6">Как заставить IPv6 работать</a></li>
<li><a href="#CRASH">Как сделать чтобы 3proxy не крешился</a></li>
<li><a href="#SAMPLE">Как посмотреть пример файла конфигурации</a>
<li><a href="#LOGGING">Как настроить ведение журнала</a>
<li><a href="#LOGFORMAT">Как настроить формат журнала</a>
<li><a href="#LOGANALIZERS">Как использовать лог-анализаторы с 3proxy</a>
<li><a href="#LAUNCH">Как запустить конкретную службу (HTTP, SOCKS и т.д)</a>
<li><a href="#BIND">Как повесить службу на определенный интерфейс или порт</a>
<li><a href="#NAMES">Как разрешать имена на родительском прокси?</a></li>
<li><a href="#ISFTP">Как настроить FTP прокси?</a></li>
<li><a href="#TLSPR">Как настроить SNI proxy (tlspr)</a></li>
<li><a href="#AUTH">Как ограничить доступ к службе</a>
<li><a href="#USERS">Как создать список пользователей</a>
<li><a href="#ACL">Как ограничить доступ пользователей к ресурсам</a>
<li><a href="#REDIR">Как управлять перенаправлениями</a>
<li><a href="#SOCKSREDIR">Как управлять локальными перенаправлениями</a>
<li><a href="#ROUNDROBIN">Как организовать балансировку между несколькими каналами</a>
<li><a href="#CHAIN">Как составлять цепочки прокси</a>
<li><a href="#BANDLIM">Как ограничивать скорости приема</a>
<li><a href="#TRAFLIM">Как ограничивать объем принимаемого трафика</a>
<li><a href="#TRAF">Как пофиксить некорректный подсчет трафика</a></li>
<li><a href="#NETLIST">Как строить списки сетей</a>
<li><a href="#NSCACHING">Как управлять разрешением имен и кэшированием DNS</a>
<li><a href="#IPV6">Как использовать IPv6</a>
<li><a href="#CONNBACK">Как использовать connect back</a>
<li><a href="#DEMANDDIAL">Как устанавливать соединение по требованию</a>
</ul>
<li><a href="#CLIENT">Конфигурация и настройка клиентов</a>
<ul>
@ -182,101 +172,6 @@
<li><a name="SERVER"><b>Конфигурация сервера</b></a>
<p>
<ul>
<li><a name="NOTHING">Как заставить прокси работать</a></li>
<p>
Для работы требуется корректный файл конфигурации. Если прокси не запускается, значит в конфигурации есть ошибка.
</p>
<li><a name="LIMITS">Как заставить работать ограничения (контроль доступа, ограничения ширины канала, счетчики и т.п.)</a></li>
<p>
<i>A:</i> Обычные ошибки - использование auth none (для работы любых
функций, основанных на ACL, требуется auth iponly, nbname или strong),
нарушение порядка ввода команд (команды выполняются последовательно,
запуск сервиса proxy, socks, tcppm и т.д. должен осуществляться после
того, как указана его конфигурация), неправильный порядок записей в ACL
(записи просматриваются последовательно до первой, удовлетворяющей
критериям). Если в ACL имеется хотя бы одна запись, то считается, что
последняя запись в ACL - это неявная deny *.
</p>
<li><a name="SERVICE">Как починить запуск 3proxy службой</a></li>
<p>
Чаще всего 3proxy не запускается службой (но запускается вручную) по одной из следующих причин:
<ul>
<li>Использование относительных (неполных) путей файлов в файле конфигурации
При использовании файлов журналов, файлов вставок ($filename) используйте
полные пути, например, $"c:\3proxy\include files\networks.local". Тоже самое
относится к файлам журналов и любым другим.
Для отладки лучше запускать 3proxy с ведением журнала на стандартный вывод.
Не забудьте в таком случае отключить daemon и service в файле конфигурации.
Для чистоты эксперимента запускать 3proxy из коммандной строки в таком случае
следует, находясь в другой папке.
<li>Отсутствие у системной записи прав на доступ к исполняемому файлу, каким-либо файлам конфигурации, журнала и т.п.
<li>Отсутствие файла конфигурации по стандартному расположению -
3proxy.cfg в одном каталоге с исполняемым файлом. Если файл расположен по
другому пути, необходимо использовать команду
<pre>
3proxy --install path_to_configuration_file</pre>
<li>Отсутствие у пользователя прав на установку или запуск службы
<li>Служба уже установлена или запущена
</ul>
</p>
<li><a name="INTEXT">Как разобраться с internal и external</a></li></li>
<p>
Убедитесь, что выправильно понимаете что такое internal и external адреса.
Оба адреса - это адреса, принадлежищие хосту, на котором установлен 3proxy.
Эта опция конфигурации необходима в классической ситуации, когда 3proxy
установлен на граничном компьютере с двумя (или более) подключениями:
<pre>
LAN connection +-------------+ Internet connection
LAN <-------------->| 3proxy host |<-------------------> INTERNET
^+-------------+^
| |
Internal IP External IP</pre>
Если 3proxy работает на хосте с одним интерфейсом, то его адрес будет и
internal и external.
<br>Интерфейс с адресом internal должен существовать и быть рабочим на момент
запуска 3proxy, и не должен отключаться. Если internal интерфейс
периодически отключается, то не следует его указывать, или можно указать адрес
0.0.0.0. При этом прокси будет принимать запросы на всех интерфейсах, поэтому
при наличии нескольких интерфейсов для ограничения доступа следует использовать
фаервол или хотя бы ACL.
</p>
<p>
Интерфейс с адресом external, если он указан, должен быть рабочим на момент
получения запроса клиента. При отсутствии external или адресе 0.0.0.0 внешний
адрес будет выбираться системой при установке соединения. При этом, может быть
возможность доступа через прокси к ресурсам локальной сети, поэтому для
предотвращения несанкционированного доступа следует использовать ACL. Кроме
того, могут быть проблемы с приемом входящих соединений через SOCKSv5
(SOCKSv5 используется в клиентах исключительно редко).
В случае, если адрес динамический, можно либо не
указывать external, либо использовать адрес 0.0.0.0, либо, если необходима
поддержка входящих соединений в SOCKSv5, использовать скрипт,
который будет получать текущий адрес и сохранять его в файл, который будет
отслуживаться через команду monitor.
</p>
<li><a name="ODBC">Как починить ведение журналов в ODBC</a></li>
<p>
Убедитесь, что используется системный, а не
пользовательский DSN. Убедитесь, что выполняется правильный SQL запрос. Наиболее
распространенная проблема связана с отсутствием кавычек или неправильным
форматом данных. Самый простой способ - сделать ведение журнала в файл или
на стандартный вывод, просмотреть выдаваемые SQL запросы и попробовать
дать такой запрос вручную.
</p>
<li><a name="IPv6">Как починить IPv6</a></li>
<p>
Прокси не может обращаться напрямую к IPv6 сети если в запросе от клиента
указан IPv4. В запросе от клиента должен быть IPv6 адрес или имя хоста, чаще
всего это решается включением опции разрешения имен через прокси-сервер на стороне
клиента.
</p>
<li><a name="CRASH">Как починить падения 3proxy</a></li>
<p>
Возможно, недостаточен размер стека потока по-умолчанию, это может
быть при использовани каких-либо сторонних плагинов (PAM, ODBC) или на
некоторых платформах (некоторые версии FreeBSD на amd64). Можно решить
проблему с помощью опции 'stacksize' или '-S', поддерживаемых в 0.8.4 и выше.
</p>
<li><a name="SAMPLE"><i>Как посмотреть пример файла конфигурации</i></a>
<p>
Пример файла конфигурации 3proxy.cfg.sample поставляется с любым дистрибутивом
@ -330,7 +225,7 @@
<li>W, еженедельная ротация
<li>D, ежедневная ротация
<li>H, ежечасная ротация
<li>C, ежеминутная ротация
<li>С, ежеминутная ротация
</ul>
<pre>
rotate NUMBER</pre>
@ -409,9 +304,7 @@
При использовании ODBC, logformat должен задавать формат SQL команды,
которую необходимо дать для внесения записи в журнал, например:
<pre>
logformat "-\'+_GINSERT INTO proxystat VALUES (%t, '%c', '%U', %I)"</pre>
префикс -\'+_ указывает, что символы \ и ' следует заменить на _ .
logformat "GINSERT INTO proxystat VALUES (%t, '%c', '%U', %I)"</pre>
</p>
<li><a name="LOGANALIZERS"><i>Как использовать лог-анализаторы с 3proxy</i></a>
<p>
@ -491,59 +384,6 @@
<pre>
proxy -p8080 -i192.168.1.1
proxy -p8080 -i192.168.2.1</pre>
<li><a name="NAMES"><i>Как разрешать имена на родительском прокси?</i></a></li>
<p>
<i>A:</i> Для этого надо использовать тип родительского прокси http,
connect+, socks4+ и socks5+. Однако, при это надо помнить, что самому 3proxy
требуется разрешение имени для управления ACL. Поэтому, если с прокси-хоста
не работают разрешения имени, необходимо в конфигурации дать команду
<pre>
fakeresolve</pre>
которая разрешает любое имя в адрес 127.0.0.2.
</p>
<li><a name="ISFTP"><i>Как настроить FTP прокси?</i></a></li>
<p>
Есть поддержка как FTP через HTTP (то, что называется FTP прокси в браузерах) так и настоящего FTP прокси (то, что называется
FTP proxy в командных оболочках и FTP клиентах). В браузерах в качестве FTP прокси следует прописывать порт службы proxy,
т.е. FTP организован
через http прокси, дополнительного прокси поднимать не надо. Для FTP-клиентов необходимо поднять ftppr. FTP прокси всегда работает
с FTP сервером в пассивном режиме.
</p>
<li><a name="TLSPR"><i>Как настроить SNI proxy (tlspr)</i></a></li>
<p>
SNI proxy может быть использовать для транспарентного перенаправления любого TLS трафика (например HTTPS) на внешнем маршрутизаторе
или локальными правилами. Так же можно использовать его для извлечения имени хоста из TLS хендшейка с целью логгирования или использования в ACL.
Еще одна задача которую может решать модуль - требование наличия TLS или mTLS (mutual TLS).
Если tlspr используется как отдельный сервис без исползования плагина Transparent, то необходимо задать порт назначения через опцию -T (по умолчанию 443),
т.к. TLS хендшейк не содержит информации о порте назначения.
</p><p>
-c контролирует уровень требования к TLS:
</p><pre>
0 (по умолчанию) - пропустить трафик без TLS
1 - требовать TLS, проверять наличие client HELLO
2 - требовать TLS, проверять наличие client и server HELLO
3 - требовать TLS, проверять наличие серверного сертификата (не совместим с TLS 1.3+)
4 - требовать взаимный (mutual) TLS, проверять что сервер запрашивает сертификат и клиент его отправляет (не совместим с TLS 1.3+)
</pre>
<p>
примеры конфигурации:
1. Порт 1443 можно использовать для перенаправления в него HTTPS трафика по порту 443 (например с внешнего маршрутизатора)
<pre>
tlspr -p1443 -P443 -c1
</pre>
2. tlspr используется как родительский прокси в SOCKS чтобы обнаруживать реальный hostname назначения (даже если запрашивается подклюение по IP адресу)
<pre>
allow * * * 80
parent 1000 http 0.0.0.0 0
allow * * * * CONNECT
parent 1000 tls 0.0.0.0 0
deny * * some.not.allowed.host
allow *
socks
</pre>
</p>
<li><a name="AUTH"><i>Как ограничить доступ к службе</i></a>
<p>
Во-первых, для ограничения доступа необходимо указать внутренний интерфейс,
@ -627,13 +467,6 @@ socks
использовать кэширование для доступа к критичным ресурсам, в частности к
интерфейсу администрирования.
</p>
<p>authcache так же может использоваться для привязки сессий пользователя к ip с
с помощью опции limit
<pre>
autchcache ip,user,pass,limit 120
auth cache strong</pre>
запретит пользователю использовать более одного адреса в течении времени кеширования.
</p>
<li><a name="USERS"><i>Как создать список пользователей</i></a>
<p>
Список пользователей задается с помощью команды users.
@ -772,74 +605,6 @@ socks
того, чтобы видеть в логах записи о посещаемых пользвоателем ресурсах и
загружаемых файлах даже в том случае, если он подключается через SOCKS.
</p>
<li><a name="SOCKSREDIR">Как управлять локальными перенаправлениями</a>
<p>
<ul>
<li><a name="REDIR"><i>Q: Для чего это надо?</i></a></li>
<p>
<i>A:</i> Чтобы иметь в логах URL запросов, если пользователь SOCKS пользуется
Web, FTP или POP3.
</p>
<li><a name="REDIRLIMIT"><i>Q: Какие недостатки?</i></a></li>
<p>
<i>A:</i> Перенапраление невозможно для web-серверов или FTP, висящих на
нестандартных портах, для SOCKSv4 не поддрживается авторизация с
паролем (IE поддерживает только SOCKSv4), но при этом IE передает
имя пользователя по SOCKSv4 (имя, с которым пользователь вошел в систему).
Для SOCKSv5 не поддерживается NTLM авторизация, пароли передаются в открытом
тексте.
</p>
<li><a name="REDIRADV"><i>Q: Какие преимущества?</i></a></li>
<p>
<i>A:</i> Достаточно в настройках IE только указать адрес SOCKS прокси. В
больших сетях можно для этого использовать WPAD (автоматическое
обнаружение прокси). В 3proxy достаточно запускать только одну службу
(socks). Если используется только Internet Explorer, то можно
автоматически получать имя пользователя в логах, не запрашивая
логин/пароль.
</p>
<li><a name="REDIRHOW"><i>Q: Как настраивается?</i></a></li>
<p>
<i>A:</i> Указывается parent http proxy со специальным адресом 0.0.0.0 и портом
0. Пример:
<pre>
allow * * * 80,8080-8088
parent 1000 http 0.0.0.0 0
allow * * * 80,8080-8088
#перенаправить соединения по портам 80 и 8080-8088 в локальный
#http прокси. Вторая команда allow необходима, т.к. контроль доступа
#осуществляется 2 раза - на уровне socks и на уровне HTTP прокси
allow * * * 21,2121
parent 1000 ftp 0.0.0.0 0
allow * * * 21,2121
#перенаправить соединения по портам 21 и 2121 в локальный
#ftp прокси
allow *
#пустить все соединения напрямую
socks</pre>
</p>
<li><a name="REDIINTER"><i>Q: Как взаимодействует с другими правилами в ACL?</i></a></li>
<p>
<i>A:</i> После внутреннего перенаправления правила рассматриваются еще раз за
исключением самого правила с перенаправлением (т.е. обработка правил не
прекращается). Это позволяет сделать дальнейшие перенаправления на
внешний прокси. По этой же причине локальное перенаправление не должно
быть последним правилом (т.е. должно быть еще хотя бы правило allow,
чтобы разрешить внешние соединения через HTTP прокси).
Например,
<pre>
allow * * * 80,8080-8088
parent 1000 http 0.0.0.0 0
#перенаправить во внутренний прокси
allow * * $c:\3proxy\local.nets 80,8080-8088
#разрешить прямой web-доступ к сетям из local.nets
allow * * * 80,8080-8088
parent 1000 http proxy.3proxy.ru 3128
#все остальные веб-запросы перенаправить на внешний прокси-сервер
allow *
#разрешить socks-запросы по другим портам</pre>
</p>
</ul>
<li><a name="ROUNDROBIN"><i>Как организовать балансировку между несоклькими каналами</i></a>
<p>
Сам по себе прокси не может управлять маршрутизацией пакетов сетевого уровня.
@ -968,26 +733,33 @@ socks
<br>
amount - объем трафика на указанный период в мегабайтах.
</p>
<li><a name="TRAF">Как пофиксить некорректный подсчет трафика</a>
<li><a name="NETLIST"><i>Как строить списки сетей</i></a>
<p>
Следует учитывать, что 3proxy считает трафик только на прикладном уровне и
только проходящий через прокси-сервер. Провайдеры и другие средства учета
трафика считают трафик на сетевом уровне, что уже дает расхождение порядка 10%
за счет информации из заголовков пакетов. Кроме того, часть трафика, как
минимум DNS-разрешения, различный флудовый трафик и т.д. идут мимо прокси.
Уровень "шумового" трафика в Internet сейчас составляет порядка 50KB/день на
каждый реальный IP адрес, но может сильно варьироваться в зависимости от сети,
наличия открытых портов, реакции на ping-запросы и текущего уровня вирусной
активности. По этим причинам, если 3proxy используется чтобы не "выжрать"
трафик, выделенный провайдером, всегда следует делать некий запас порядка
15%.
</p>
<p>
Если на одной с 3proxy машине имеются какие-либо сервисы или
работает пользователь, то их трафик не проходит через proxy-сервер и так же
не будет учтен. Если где-то есть NAT, то клиенты, выходящие через NAT мимо
прокси, так же останутся неучтенными. Если расхождение с провайдером превышает
10% - нужно искать причину именно в этом.
Очень часто списки сетей и пользователей бывают достаточно громоздкими.
3proxy не поддерживает создание групп, но позволяет включение файлов. Это
означает, что для удобства администрирования выгодно хранить списки
пользователей и списки сетей в отдельных файлах и при необходимости дать
пользователю доступ к тому или иному ресурсу, править файл со списком
пользователей или сетей вместо того, чтобы править сам файл 3proxy.cfg. В файле
3proxy.cfg файл со списком можно включить с помощью макроса $.
Поскольку в 3proxy есть ограничения на максимальный размер элемента
конфигурации, большие списки следует разбивать на несколько файлов и
использовать несколько записей списка контроля доступом.
В комплекте с 3proxy поставляется утилита dighosts, которая позволяет построить
список сетей по странице Web. Утилита осуществляет поиск адресов на Web-странице
в формате АДРЕС МАСКА или АДРЕС/ДЛИНА. Утилиту dighosts можно вызвать во время
старта 3proxy, используя команду system. Например:
<pre>
system "dighosts http://provider/network.html local.networks"
allow * * $local.networks
allow *
parent 1000 proxy.provider 3128 *
proxy
flush</pre>
В данном случае в файле local.networks генерируется список локальных сетей по
странице networklist.html. Далее используется список контроля доступа для того,
чтобы разрешить локальному прокси-серверу доступ к локальным сетям напрямую,
а все остальные запросы перенаправить на прокси-сервер провайдера.
</p>
<li><a name="NSCACHING"><i>Как управлять разрешением имен и кэшированием DNS</i></a>
<p>
@ -1011,7 +783,7 @@ socks
...
deny * * 127.0.0.2</pre>
добавляет статическую запись в кэш. Статические записи так же влияют на разрешение через dnspr если не указана опция -s. Начиная с версии 0.8 для dnspr могут быть сконфигурированы родительские прокси.</p>
<li><a name="IPV6"><i>Как использовать IPv6</i></a>
<li><a name="IPv6"><i>Как использовать IPv6</i></a>
<p>
IPv6 поддерживается с версии 0.8. Обратите внимание, что в некоторых видах прокси (например SOCKSv4)
IPv6 не поддерживает на уровне протокола. В SOCKSv5 есть поддержка IPv6 с помощью отдельного вида
@ -1046,6 +818,19 @@ socks
tcppm -R0.0.0.0:1234 3128 1.1.1.1 3128</pre>
В настройках браузера указывается host.dyndns.example.org:3128.
</p>
<li><a name="DEMANDDIAL"><i>Как устанавливать соединение по требованию</i></a>
<p>
Команда dialer задает программу, которая будет запускаться при
невозможности разрешить имя компьютера, например:
<pre>
dialer "rasdial PROVIDER"</pre>
(описание rasdial можно найти на сервере поддержки Microsoft).
Есть два аспекта: невозможность разрешения имени еще не свидетельствует
об отсутствии соединения (это должна учитывать вызываемая программа),
при использовании nscache имя может разрешиться при отсутствии
соединения. В таких случаях полезно запрашивать заведомо несуществующий
ресурс, например, http://dial.right.now/.
</p>
</ul>
<hr>
<li><a name="CLIENT"><b>Конфигурация клиентов</b></a>
@ -1102,9 +887,9 @@ socks
прокси-серверы для доступа к разным ресурсам. Эта возможность разбирается в
статьях
<br>Microsoft: Q296591 A Description of the Automatic Discovery Feature
<br><a href="https://support.microsoft.com/default.aspx?scid=kb;EN-US;296591">http://support.microsoft.com/default.aspx?scid=kb;EN-US;296591</a>
<br><a href="http://support.microsoft.com/default.aspx?scid=kb;EN-US;296591">http://support.microsoft.com/default.aspx?scid=kb;EN-US;296591</a>
<br>Netscape: Navigator Proxy Auto-Config File Format
<br><a href="https://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html">http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html</a>
<br><a href="http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html">http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html</a>
<li><a name="FTP"><i>Как настраивать FTP клиент</i></a>
<p>
Настройка FTP клиента для работы через SOCKS прокси не отличается от настройки
@ -1160,14 +945,20 @@ socks
</p>
<li><a name="CAP"><i>Как использовать 3proxy с программой, не поддерживающей работу с прокси-сервером</i></a>
<p>
Можно использовать любую программу-редиректор. 3proxy поддерживает исходящие
Можно использовать любую программу-редиректор, например,
<a href="http://www.socks.permeo.com">SocksCAP</a> или
<a href="http://www.freecap.ru">FreeCAP</a>. 3proxy поддерживает исходящие
и обратные TCP и UDP соединения, но редиректоры могут иметь свои ограничения,
кроме того, некоторые плохо написаные приложения не поддаются "соксификации".
Если программе требуется обращаться к небольшому набору серверов
(например, игровых), то проблему можно решить с помощью портмаппинга.
<li><a name="GAMES"><i>Как использовать 3proxy с играми</i></a>
<p>
Если по каким-то причинам соксификатор не работает или недоступен,
Оптимальный варинт - использовать соксификатор (<a href="#CAP">Как использовать
3proxy с программой, не поддерживающей работу с прокси-сервером</a>).
<a href="http://www.freecap.ru/">FreeCap 3.13 </a> проверен с играми на движке
Unreal (включая Unreal Tournament), Half-Life (включая Counter-Strike) и
другими. Если по каким-то причинам соксификатор не работает или недоступен,
то необходимо использовать отображения портов (обычно игры,
кроме mood-подобных, работают по протоколу UDP, надо использовать udppm).
Нужно иметь ввиду, что для udppm требуется отдельный маппинг для каждого
@ -1192,7 +983,7 @@ socks
<li><a name="NEWVERSION"><i>Где взять свежую версию</i></a>
<p>
Свежую версию всегда можно взять
<a href="https://3proxy.ru/">здесь</a>. Обратите внимание,
<a href="http://3proxy.ru/">здесь</a>. Обратите внимание,
что в новой версии может измениться порядок лицензирования или команды
конфигурации, поэтому прежде чем устанавливать новую версии программы
обязательно ознакомьтесь с документацией.
@ -1246,18 +1037,6 @@ socks
<li>50-69 - ошибки перенаправления SOCKS5
<li>70-79 ошибки установки родительского соединения, аналогичны 1x
<li>90-99 - ошибки разрыва соединения
<li>с версии 0.9
<li>90 - неожиданная системная ошибка (не должно происходить)
<li>91 - ошибка poll (не должно происходить)
<li>92 - соединение прервано по таймауту на сетевую операцию (см. timeouts)
<li>93 - соединение прервано по таймауту связанному с рейтлимитом или из-за превышения числа ошибок
<li>94 - клиент или сервер закрыли соединение или произошла сетевая ошибка, остались неотправленные данные
<li>95 - клиент "грязно" закрыл соединение или сетевая ошибка
<li>96 - сервер "грязно" закрыл соединение или сетевая ошибка
<li>97 - клиент и сервер "грязно" закрыли соединение или сетевая ошибка
<li>98 - исчерпан лимит данных сервера (не должно быть в журнале)
<li>99 - исчерпан лимит данных клиента (не должно быть в журнале)
<li>до версии 0.9
<li>90 - ошибка сокета или соединение неожиданно прервано
<li>91 - общий сбой стека TCP/IP
<li>92 - соединение прервано по таймауту
@ -1281,7 +1060,7 @@ socks
<hr>
<li><a name="QUEST"><b>Как задать вопрос, которого нет в HowTo</b></a>
<p>
Задайте его на <a href="https://github.com/z3APA3A/3proxy/issues">Github</a>.
Задайте его на <a href="http://3proxy.ru/board3.html">форуме</a>.
Только не пытайтесь задавать какие-либо вопросы, если вы просто не поняли этот
HowTo.
</ul>

17
doc/html/index.html
View File

@ -1,17 +0,0 @@
<html><title>3proxy documentation</title><body><h2>3proxy documentation</h2>
<a href="securityen.html">Security recommendations</a><br>
<a href="highload.html">Optimizing 3proxy for high loads</a><br>
<a href="howtoe.html">How To (English, very incomplete)</a><br>
<a href="howtor.html">How To (Russian)</a><br>
<h3>Man pages:</h>
<br><A HREF="man8/3proxy.8.html">3proxy.8</A>
<br><A HREF="man8/ftppr.8.html">ftppr.8</A>
<br><A HREF="man8/pop3p.8.html">pop3p.8</A>
<br><A HREF="man8/proxy.8.html">proxy.8</A>
<br><A HREF="man8/smtpp.8.html">smtpp.8</A>
<br><A HREF="man8/socks.8.html">socks.8</A>
<br><A HREF="man8/tcppm.8.html">tcppm.8</A>
<br><A HREF="man8/tlspr.8.html">tlspr.8</A>
<br><A HREF="man8/udppm.8.html">udppm.8</A>
<br><A HREF="man3/3proxy.cfg.3.html">3proxy.cfg.3</A>
</body></html>

66
doc/html/plugins/SSLPlugin.html
View File

@ -1,64 +1,34 @@
<h3>3proxy SSL/TLS plugin</h3>
Plugin can be used to transparently decypher SSL/TLS data and TLS encryption for proxy traffic.
Plugin can be used to transparently decypher SSL/TLS data. Plugin should never be used in production environment due to
potential securiy reasons.
<h4>For transparent certificate spoofing:</h4>
<br>ssl_mitm - spoof certificates for services started below. Usage without ssl_client_verify is insecure.
<pre>
ssl_certcache PATH_TO_CACHE
ssl_mitm
ssl_nomitm
</pre>
ssl_certcache - path to certificates cache. For transparent spoofing cache must contain 3 files: 3proxy.pem - public
self-signed certificates, 3proxy.key - key for public certificates, server.key - this key will be used to generates
spoofed certificates.
Generated certificates will be placed to the same path.
<br>ssl_mitm - spoof certificates for services started below
<br>ssl_nomitm - do not spoof certificates for services started below
<h4>To protect traffic to server (https:// proxy) - since 0.9.5 version</h4>
ssl_serv - require TLS connection for services below
<br>ssl_noserv - do not require TLS connection for services below
Parameters:
<br>ssl_server_cert /path/to/cert - Server certificate (should not be selfsigned and must contain Alternative name) for ssl_serv
<br>ssl_server_key /path/to/key - Server ceritifacte key for ssl_server_cert or generated mitm certificate
<br>ssl_client_ciphersuites ciphersuites_list - TLS client ciphers for TLS 1.3, e.g. ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
<br>ssl_server_ciphersuites ciphersuites_list - TLS server ciphers for TLS 1.3
<br>ssl_client_cipher_list ciphersuites_list - TLS client ciphers for TLS 1.2 and below , e.g. ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
<br>ssl_server_cipher_list ciphersuites_list - TLS server ciphers for TLS 1.2 and below
<br>ssl_client_min_proto_version tls_version - TLS client min TLS version (e.g. TLSv1.2)
<br>ssl_server_min_proto_version tls_version - TLS server min TLS version (e.g. TLSv1.2)
<br>ssl_client_max_proto_version tls_version - TLS client max TLS version (e.g. TLSv1.2)
<br>ssl_server_max_proto_version tls_version - TLS server max TLS version (e.g. TLSv1.2)
<br>ssl_client_verify - verify certificate for upstream server in TLS client functionality (used with ssl_mitm)
<br>ssl_client_no_verify - do not verify certificate for upstream server in TLS client functionality (default)
<br>ssl_server_ca_file /path/to/cafile - CA certificate file for mitm
<br>ssl_server_ca_key /path/to/cakey - key for ssl_server_ca_file mitm CA
<br>ssl_client_ca_file, ssl_client_ca_dir, ssl_client_ca_store - locations for root CAs used with ssl_client_verify for TLS client
<br>ssl_certcache /path/to/cache/ - location for generated mitm certificates cache, optional, if ssl_server_ca_file / ssl_server_ca_key are configured.
Cache may contain 3 files: 3proxy.pem - public
self-signed certificates (used if ssl_server_ca_file is not configured),
3proxy.key - key for public certificates, used if ssl_server_ca_keyserver.key is not configured, server.key - this key is used if ssl_server_key is not configured to generates
spoofed certificates. If server.key is absent, 3proxy.key is used to generate certificates.
Generated certificates are placed to the same path.
<h4>mitm example:</h4>
<h4>Example:</h4>
<pre>
plugin /path/to/SslPlugin.dll ssl_plugin
ssl_server_ca_file /path/to/cafile
ssl_server_ca_key /path/to/cakey
ssl_certcache /path/to/cache/
ssl_mitm
proxy -p3128
ssl_nomitm
proxy -p3129
</pre>
mitm's traffic with spoofed ceritifacate for port 3128 proxy.
<h4>https:// proxy example:</h4>
<pre>
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_server_cert path_to_cert
ssl_server_key path_to_key
ssl_serv
proxy -p33128
ssl_noserv
proxy -p3128
</pre>
creates https:// proxy on 33128 and http:// proxy on 3128
<h4>Download:</h4>
<ul>
<li>Plugin included into 3proxy 0.8
</ul>
&copy; Vladimir Dubrovin, License: BSD style

67
doc/html/plugins/SSLPlugin.ru.html
View File

@ -1,61 +1,32 @@
<h3>3proxy SSL/TLS плагин</h3>
<h3>Плагин SSL/TLS для 3proxy</h3>
Плагин можно использовать для перехвата и дешифровки SSL/TLS трафика и для шифрования трафика прокси-сервера
<h4>Для транспаретной перехватки трафика (mitm):</h4>
<br>ssl_mitm - подменять сертификаты для сервисов стартованных ниже. Не безопасно использовать без ssl_client_verify.
<br>ssl_nomitm - не подменять сертификаты для сервисов стартованных ниже.
Плагин используется для транспарентной дешифровки SSL-трафика с подменой сертификата.
Плагин не должен использоваться в рабочем окружении, т.к. его использование дает возможность обхода проверок SSL.
<h4>Для защиты трафика прокси-сервера (например https:// proxy) - начиная с 0.9.5</h4>
ssl_serv - включает TLS для соединений к сервисам ниже
<br>ssl_noserv - отключает TLS для соединений к сервисам ниже
<pre>
ssl_certcache PATH_TO_CACHE
ssl_mitm
ssl_nomitm
</pre>
ssl_certcache - путь к кэшу сертификатов. Для транспорентной подмены сертификатов в кэше должно находиться 3 файла: 3proxy.pem - публичный
самоподписанный сертификат, 3proxy.key - ключ от этого сертификата, server.key - ключ с которым будут генерироваться подменные сертификаты.
Сгенерированные сертификаты будут помещаться в этот же каталог.
<br>ssl_mitm - подменять сертитфикаты для запущенных ниже сервисов
<br>ssl_nomitm - не подменять сертитфикаты для запущенных ниже сервисов
Параметры:
<br>ssl_server_cert /path/to/cert - сертификат сервера, не должен быть самоподписаным, имя CN должно содержаться в альтернативных именах - используется для ssl_serv
<br>ssl_server_key /path/to/key - ключ сертификата сервера для ssl_server_cert или сгенерированного сертификата ssl_mitm
<br>ssl_client_ciphersuites ciphersuites_list - наборы шифрова TLS для TLS 1.3, пример ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
<br>ssl_server_ciphersuites ciphersuites_list - наборы шифрова TLS для TLS 1.3
<br>ssl_client_cipher_list ciphersuites_list - наборы шифрова TLS для TLS 1.2 и ниже, пример ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
<br>ssl_server_cipher_list ciphersuites_list - наборы шифрова TLS для TLS 1.2 и ниже
<br>ssl_client_min_proto_version tls_version - минимальная версия TLS клиента (например ssl_client_min_proto_version TLSv1.2)
<br>ssl_server_min_proto_version tls_version - минимальная версия TLS сервера
<br>ssl_client_max_proto_version tls_version - максимальная версия TLS клиента
<br>ssl_server_max_proto_version tls_version - максимальная версия TLS сервера
<br>ssl_client_verify - проверять сертификат сервера назначения (используется с ssl_mitm)
<br>ssl_client_no_verify - не проверять сертификат сервера назначения
<br>ssl_server_ca_file /path/to/cafile - CA сертификат для ssl_mitm
<br>ssl_server_ca_key /path/to/cakey - ключ CA сертификата ssl_server_ca_file mitm
<br>ssl_client_ca_file, ssl_client_ca_dir, ssl_client_ca_store - расположения корневых сертификатов ssl_client_verify
<br>ssl_certcache /path/to/cache/ - расположение кеша сгенерированных сертификатов ssl_mitm. Кеш может содержать
файлы 3proxy.pem, 3proxy.key server.key, которые используются как ssl_server_ca_file,
ssl_server_ca_key и ssl_server_key соответственно если они не заданы. Если server.key не задан,
3proxy.key используется для генерации серверного сертификата.
<h4>Пример mitm:</h4>
<h4>Пример:</h4>
<pre>
plugin /path/to/SslPlugin.dll ssl_plugin
ssl_server_ca_file /path/to/cafile
ssl_server_ca_key /path/to/cakey
ssl_certcache /path/to/cache/
ssl_mitm
proxy -p3128
ssl_nomitm
proxy -p3129
</pre>
Перехватывается трафик в прокси на порту 3128
<h4>Пример конфигурации https:// прокси (curl -x https://...):</h4>
<pre>
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_server_cert path_to_cert
ssl_server_key path_to_key
ssl_serv
proxy -p33128
ssl_noserv
proxy -p3128
</pre>
На порту 33128 создается https:// прокси (не путать с CONNECT прокси aka HTTPS over HTTP прокси), на порту 3128
создается http:// прокси (может пропуска в т.ч. и HTTPS коннекты)
&copy; Vladimir Dubrovin, License: BSD style
<h4>Загрузить:</h4>
<ul>
<li>Плагин включен в дистрибутив 3proxy 0.8
</ul>

4
doc/html/plugins/StringsPlugin.html
View File

@ -2,10 +2,10 @@
<h3>3proxy strings substitution plugin</h3>
May be used to make interface more pretty or to translate proxy server
messages to different language. All messages are taken from proxy.c and
moved to external text file (e.g. rus.3ps). On the moment of
moved to external text file (e.g. rus-win1251.3ps). On the moment of
writing there are 15 sections. Sections are delimited with "[end]".
<h4>Example:</h4>
<pre>plugin "StringsPlugin.dll" start c:\3proxy\bin\rus.3ps
<pre>plugin "StringsPlugin.dll" start c:\3proxy\bin\rus-win1251.3ps
</pre>
<h4>Download:</h4>

2
doc/html/plugins/StringsPlugin.ru.html
View File

@ -1,4 +1,4 @@
<h3>Плагин подмены строк 3proxy</h3>
<h3>Плагин подмены строк 3proxy</h3>
Используется, в частности, для руссификации сообщений выдаваемых 3proxy.
Для корректной работы требуется 0.6 версия 3proxy.

2
doc/html/plugins/TrafficPlugin.ru.html
View File

@ -1,4 +1,4 @@
<h3>Плагин коррекции траффика 3proxy</h3>
<h3>Плагин коррекции траффика 3proxy</h3>
Как известно, 3proxy считает траффик не сетевой, а прикладной.
Обычно прикладной траффик немного меньше (примерно на 10%) чем сетевой,
однако в некоторых случаях, например когда пользователи сети играют в

31
doc/html/plugins/TransparentPlugin.html
View File

@ -1,31 +0,0 @@
<h3>3proxy TransparentPlugin plugin (Linux/BSD only)</h3>
Plugin can turn 3proxy into transparent proxy for virtually any TCP-based protocol
and use all 3proxy features - redirections, parent proxies, ACLs, traffic limitations,
etc. TransparentPlugin plugin takes destination IP:port from Linux and uses this
information as a target IP in proxy. An example of usage:
<pre>
plugin /path/to/TransparentPlugin.ld.so transparent_plugin
log /path/to/log
auth iponly
allow * * * 80
parent 1000 http 0.0.0.0 0
allow *
parent 1000 socks5 SOCKS5_IP SOCKS5_PORT USER PASSWORD
transparent
tcppm -iLOCAL_IP 12345 127.0.0.1 11111
notransparent
proxy
</pre>
Now, any TCP traffic transparently redirected to port 12345 will be routed via
parent SOCKSv5 proxy and logged, all URLs for web requests are visible in logs.
Paremeters '127.0.0.1 11111' in this case are not used and are overwritten by
destination IP:port for each transparent connection.
<h4>Download:</h4>
<ul>
<li>Plugin included into 3proxy 0.8
</ul>
&copy; Vladimir Dubrovin, License: BSD style

33
doc/html/plugins/TransparentPlugin.ru.html
View File

@ -1,33 +0,0 @@
<h3>Плагин TransparentPlugin 3proxy (только для Linux/BSD)</h3>
Плагин превращает 3proxy в транспарентный прокси для практически любых TCP-соединений
и позволяет прозрачно для клиентов использовать весь фунционал прокси - редиректоры,
родительские прокси, ACLи, ограничения трафика. TransparentPlugin получает IP:port
назначения от Linux и использует эту информацию в качестве конечного адреса назначения.
<br>
Пример использования:
<pre>
plugin /path/to/TransparentPlugin.ld.so transparent_plugin
log /path/to/log
auth iponly
allow * * * 80
parent 1000 http 0.0.0.0 0
allow *
parent 1000 socks5 SOCKS5_IP SOCKS5_PORT USER PASSWORD
transparent
tcppm -iLOCAL_IP 12345 127.0.0.1 11111
notransparent
proxy
</pre>
Теперь любые TCP-соединения транспарентно перенаправленные в локальный порт 12345
будут прологгированы и перенаправлены в родительский SOCKSv5 proxy, при этом для
HTTP-запросов по порту TCP/80 будут видны параметры HTTP-запроса.
Параметры '127.0.0.1 11111' в данном случае не оказывают влияния, т.к.
будут перезаписываться IP и портом назначения для каждого TCP-соединения соответственно.
<h4>Загрузить:</h4>
<ul>
<li>Плагин включен в дистрибутив 3proxy 0.8
</ul>
&copy; Vladimir Dubrovin, License: BSD style

2
doc/html/plugins/WindowsAuthentication.ru.html
View File

@ -1,4 +1,4 @@
<h3>Плагин аутентификации Windows для 3proxy</h3>
<h3>Плагин аутентификации Windows для 3proxy</h3>
Поддерживается только аутентификация открытым текстом в домене или на локальной машине Windows.
<h4>Использование</h4>
<ol>

8163
doc/ru/3proxy_for_dummies.rtf
View File

File diff suppressed because one or more lines are too long

8
man/3proxy.8
View File

@ -1,4 +1,4 @@
.TH 3proxy "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.TH 3proxy "8" "January 2016" "3proxy 0.8" "Universal proxy server"
.SH NAME
.B 3proxy
\- 3[APA3A] tiny proxy server, or trivial proxy server, or free proxy
@ -138,14 +138,14 @@ wget to automate this task.
configuration file
.SH BUGS
Report all bugs to
.BR 3proxy@3proxy.org
.BR 3proxy@3proxy.ru
.SH SEE ALSO
3proxy.cfg(3), proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8),
kill(1), syslogd(8),
.br
https://3proxy.org/
http://3proxy.ru/
.SH TRIVIA
3APA3A is pronounced as \`\`zaraza\'\'.
.SH AUTHORS
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )
.RI ( 3proxy@3proxy.ru )

537
man/3proxy.cfg.3
View File

@ -1,7 +1,7 @@
.TH 3proxy.cfg "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.TH 3proxy.cfg "3" "January 2016" "3proxy 0.8" "Universal proxy server"
.SH NAME
.B 3proxy.cfg
3proxy configuration file
\- 3proxy configuration file
.SH DESCRIPTION
Common structure:
.br
@ -25,7 +25,7 @@ ignored. <LF>s are ignored. <CR> is end of command.
Quotation character is " (double quote). Quotation must be used to quote
spaces or another special characters. To use quotation character inside
quotation character must be dubbed (BASIC convention). For example to use
HELLO "WORLD" as an argument you should use it as "HELLO ""WORLD""".
HELLO "WORLD" as an argument you should use it as "HELLO ""WORLD"""\.
Good practice is to quote any argument you use.
.br
@ -33,7 +33,7 @@ Good practice is to quote any argument you use.
.br
You can include file by using $FILENAME macro (replace FILENAME with a path
to file, for example $/usr/local/etc/3proxy/conf.incl or
$"c:\\\\Program Files\\3proxy\\include.cfg" Quotation is
$"c:\\Program Files\\3proxy\\include.cfg" Quotation is
required in last example because path contains space character.
For included file <CR> (end of line characters) is treated as space character
(arguments delimiter instead of end of command delimiter).
@ -44,105 +44,95 @@ Recursion is not allowed.
.br
Next commands start gateway services:
.br
.br
.B proxy
.B proxy
[options]
.br
.B socks
.B socks
[options]
.br
.B pop3p
.B pop3p
[options]
.br
.B ftppr
.B ftppr
[options]
.br
.B admin
.B admin
[options]
.br
.B dnspr
.B dnspr
[options]
.br
.B tcppm
.B tcppm
[options]
<SRCPORT> <DSTADDR> <DSTPORT>
.br
.B udppm
.B udppm
[options]
<SRCPORT> <DSTADDR> <DSTPORT>
.br
Descriptions:
.br
.B proxy
HTTP/HTTPS proxy (default port 3128)
\- HTTP/HTTPS proxy (default port 3128)
.br
.B socks
SOCKS 4/4.5/5 proxy (default port 1080)
.br
.B tlspr
SNI proxy (destination address is taken from TLS handshake), may be used to redirect any TLS-based traffic
.br
.B auto
Proxy with protocol autoselection between proxy / socks / tlspr
\- SOCKS 4/4.5/5 proxy (default port 1080)
.br
.B pop3p
POP3 proxy (default port 110)
.br
.B smtpp
SMTP proxy (default port 25)
\- POP3 proxy (default port 110)
.br
.B ftppr
FTP proxy (default port 21)
\- FTP proxy (default port 21)
.br
.B admin
Web interface (default port 80)
\- Web interface (default port 80)
.br
.B dnspr
caching DNS proxy (default port 53)
\- caching DNS proxy (default port 53)
.br
.B tcppm
TCP portmapper
\- TCP portmapper
.br
.B udppm
UDP portmapper
\- UDP portmapper
.br
Options:
.br
.B -pNUMBER
change default server port to NUMBER
.br
.B -n
disable NTLM authentication (required if passwords are stored in Unix crypt format).
disable NTLM authentication (required if passwords are stored in Unix crypt format.
.br
.B -n1
enable NTLMv1 authentication.
.br
.B -g(GRACE_TRAFF,GRACE_NUM,GRACE_DELAY)
delay GRACE_DELAY milliseconds before polling if average polling size below GRACE_TRAFF bytes and GRACE_NUM read operations in single directions are detected within 1 second. Useful to minimize polling
.B -s
(for admin) secure, allow only secure operations, currently only traffic counters
view without ability to reset.
(for admin) - secure, allow only secure operations (currently only traffic counters
view without ability to reset).
.br
(for dnspr) simple, do not use resolver and 3proxy cache, always use external DNS server.
(for dnspr) - simple, do not use 'resolver' and 3proxy cache, always use external DNS server.
.br
(for udppm) singlepacket, expect only one packet from both client and server
(for udppm) - singlepacket, expect only one packet from both client and server
.br
.B -u
Never ask for username/password
.br
.B -u2
(for socks) require username/password in authentication methods
(socks) require username/password in authentication methods
.br
.B -a
(for proxy) anonymous proxy (no information about client reported)
(for proxy) - anonymous proxy (no information about client reported)
.br
.B -a1
(for proxy) anonymous proxy (random client information reported)
(for proxy) - anonymous proxy (random client information reported)
.br
.B -a2
(for proxy) generate Via: and X-Forwared-For: instead of Forwarded:
(for proxy) - generate Via: and X-Forwared-For: instead of Forwarded:
.br
.B -6
Only resolve IPv6 addresses. IPv4 addresses are packed in IPv6 in IPV6_V6ONLY compatible way.
@ -161,28 +151,6 @@ listen on given local HOST:port for incoming connections instead of making remot
.br
.B -rHOST:port
connect to given remote HOST:port instead of listening local connection on -p or default port. Can be used with another 3proxy service running -R option for connect back functionality. Most commonly used with proxy or socks. HOST can be given as IP or hostname, useful in case of dynamic DNS.
.br
.B -ocOPTIONS, -osOPTIONS, -olOPTIONS, -orOPTIONS, -oROPTIONS
options for proxy-to-client (oc), proxy-to-server (os), proxy listening (ol), connect back client (or), connect back listening (oR) sockets.
Options like TCP_CORK, TCP_NODELAY, TCP_DEFER_ACCEPT, TCP_QUICKACK, TCP_TIMESTAMPS, USE_TCP_FASTOPEN, SO_REUSEADDR, SO_REUSEPORT, SO_PORT_SCALABILITY, SO_REUSE_UNICASTPORT, SO_KEEPALIVE, SO_DONTROUTE may be supported depending on OS.
.br
.B -DiINTERFACE, -DeINTERFACE
bind internal interface / external inteface to given INTERFACE (e.g. eth0) if SO_BINDTODEVICE supported by system. You may need to run as root or to have CAP_NET_RAW capability in order to bind to interface, depending on system, so this option may require root privileges and can be incompatible with some configuraton commands like chroot and setuid (and daemon if setcap is used).
.br
.B -e
External address. IP address of interface proxy should initiate connections
from. External IP must be specified if you need incoming connections.
By default system will deside which address to use in accordance
with routing table.
.br
.B -i
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted.
.br
.B -N
(for socks) External NAT address 3proxy reports to client for BIND and UDPASSOC
By default external address is reported. It's only useful in the case
of IP-IP NAT (will not work for PAT)
.br
Also, all options mentioned for
.BR proxy (8)
@ -232,9 +200,8 @@ proxy on a client with FTP proxy support. Username format is one of
.B writable
.br
ReOpens configuration file for write access via Web interface,
and rereads it. Usually should be first command on config file
but in combination with config
it can be used anywhere to open
and re-reads it. Usually should be first command on config file
but in combination with "config" it can be used anywhere to open
alternate config file. Think twice before using it.
.br
@ -248,28 +215,26 @@ alternate config file. Think twice before using it.
.br
sets logfile for all gateways
.br
@ (for Unix) use syslog, filename is used as ident name
@ - (for Unix) use syslog, filename is used as ident name
.br
& use ODBC, filename consists of comma-delimited datasource,username,password (username and password are optional)
.br
radius - use RADIUS for logging
& - use ODBC, filename consists of comma-delimited datasource,username,password (username and password are optional)
.br
LOGTYPE is one of:
.br
M Monthly
M - Monthly
.br
W Weekly (starting from Sunday)
W - Weekly (starting from Sunday)
.br
D Daily
D - Daily
.br
H Hourly
H - Hourly
.br
if logfile is not specified logging goes to stdout. You can specify individual logging options for gateway by using -l
option in gateway configuration.
if logfile is not specified logging goes to stdout. You can specify individual logging options for gateway by using
-l option in gateway configuration.
.br
log command supports same format specifications for filename template
as "logformat" (if filename contains \'%\' sign it\'s believed to be template).
As with "logformat" filename must begin with \'L\' or \'G\' to specify Local or
"log" command supports same format specifications for filename template
as "logformat" (if filename contains '%' sign it's believed to be template).
As with "logformat" filename must begin with 'L' or 'G' to specify Local or
Grinwitch time zone for all time-based format specificators.
.br
@ -292,73 +257,71 @@ with space and all time based elemnts are in local time zone.
You can use:
.br
%y Year in 2 digit format
%y - Year in 2 digit format
.br
%Y Year in 4 digit format
%Y - Year in 4 digit format
.br
%m Month number
%m - Month number
.br
%o Month abbriviature
%o - Month abbriviature
.br
%d Day
%d - Day
.br
%H Hour
%H - Hour
.br
%M Minute
%M - Minute
.br
%S Second
%S - Second
.br
%t Timstamp (in seconds since 01-Jan-1970)
%t - Timstamp (in seconds since 01-Jan-1970)
.br
%. milliseconds
%. - milliseconds
.br
%z timeZone (from Grinvitch)
%z - timeZone (from Grinvitch)
.br
%D request duration (in milliseconds)
%D - request duration (in milliseconds)
.br
%b average send rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
%b - average send rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
.br
%B average receive rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
%B - average receive rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
.br
%U Username
%U - Username
.br
%N service Name
%N - service Name
.br
%p service Port
%p - service Port
.br
%E Error code
%E - Error code
.br
%C Client IP
%C - Client IP
.br
%c Client port
%c - Client port
.br
%R Remote IP
%R - Remote IP
.br
%r Remote port
%r - Remote port
.br
%i Internal IP used to accept client connection
%e - External IP used to establish connection
.br
%e External IP used to establish connection
%Q - Requested IP
.br
%Q Requested IP
%q - Requested port
.br
%q Requested port
%n - requested hostname
.br
%n requested hostname
%I - bytes In
.br
%I bytes In
%O - bytes Out
.br
%O bytes Out
%h - Hops (redirections) count
.br
%h Hops (redirections) count
%T - service specific Text
.br
%T service specific Text
%N1-N2T - (N1 and N2 are positive numbers) - log only fields from N1 thorugh N2 of service specific text
.br
%N1-N2T (N1 and N2 are positive numbers) log only fields from N1 thorugh N2 of service specific text
in case of ODBC logging logformat specifies SQL statement, for exmample:
.br
in the case of ODBC logging logformat specifies SQL statement, for exmample:
.br
logformat "-\'+_Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values (\'%d-%m-%Y %H:%M:%S\', \'%U\', \'%N\', %I, %O, \'%T\')"
logformat "-'+_Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values ('%d-%m-%Y %H:%M:%S', '%U', '%N', %I, %O, '%T')"
.br
.B logdump
@ -379,59 +342,36 @@ can use %A as produced archive name and %F as filename.
.br
.B timeouts
<BYTE_SHORT> <BYTE_LONG> <STRING_SHORT> <STRING_LONG> <CONNECTION_SHORT> <CONNECTION_LONG> <DNS> <CHAIN> <CONNECT> <CONNECTBACK>
<BYTE_SHORT> <BYTE_LONG> <STRING_SHORT> <STRING_LONG> <CONNECTION_SHORT> <CONNECTION_LONG> <DNS> <CHAIN>
.br
Sets timeout values, defaults 1, 5, 30, 60, 180, 1800, 15, 60, 15, 5.
Sets timeout values
.br
BYTE_SHORT short timeout for single byte, is usually used for receiving single byte from stream.
BYTE_SHORT - short timeout for single byte, is usually used for receiving single byte from stream.
.br
BYTE_LONG long timeout for single byte, is usually used for receiving first byte in frame (for example first byte in socks request).
BYTE_LONG - long timeout for single byte, is usually used for receiving first byte in frame (for example first byte in socks request).
.br
STRING_SHORT short timeout, for character string within stream (for example to wait between 2 HTTP headers)
STRING_SHORT - short timeout, for character string within stream (for example to wait between 2 HTTP headers)
.br
STRING_LONG long timeout, for first string in stream (for example to wait for HTTP request).
STRING_LONG - long timeout, for first string in stream (for example to wait for HTTP request).
.br
CONNECTION_SHORT inactivity timeout for short connections (HTTP, POP3, etc).
CONNECTION_SHORT - inactivity timeout for short connections (HTTP, POP3, etc).
.br
CONNECTION_LONG inactivity timeout for long connection (SOCKS, portmappers, etc).
CONNECTION_LONG - inactivity timeout for long connection (SOCKS, portmappers, etc).
.br
DNS timeout for DNS request before requesting next server
DNS - timeout for DNS request before requesting next server
.br
CHAIN timeout for reading data from chained connection
CHAIN - timeout for reading data from chained connection
.br
default timeouts 1 5 30 60 180 1800 15 60 15 5
.br
.B radius
<NAS_SECRET> <radius_server_1[:port][/local_address_1]> <radius_server_2[:port][/local_address_2]>
.br
Configures RADIUS servers to be used for logging and authentication (log and auth types
must be set to radius). port and local address to use with given server may be specified.
.br
Attributes within request: User-Name, Password: (username and password if presented by client),
Service Type: Authenticate-Only,
NAS-Port-Type: NAS-Port-Virtual,
NAS-Port-ID: (proxy service port, e.g. 1080),
NAS-IPv6-Address / NAS-IP-Address: (proxy interface accessed by client),
NAS-Identifier: (text identifing proxy, e.g. PROXY or SOCKSv5),
Framed-IPv6-Address / Framed-IP-Address: (IP address of the client),
Called-Station-ID: (requested Hostname, if presents),
Login-Service: (type of request, e.g. 1001 - SOCKS CONNECT, 1010 - HTTP GET, 1013 - HTTP CONNECT),
Login-TCP-Port: (requested port),
Login-IPv6-Host / Login-IP-Host: (requested IP).
.br
Supported reply attributes for authentication:
Framed-IP-Address / Framed-IPv6-Address (IP to assign to user), Reply-Message.
Use authcache to speedup authentication. RADIUS feature is currently experimental.
.br
.B nserver
<ipaddr>[:port][/tcp]
.br
Nameserver to use for name resolutions. If none specified
system routines for name resolution is
used. Optional port number may be specified.
If optional /tcp is added to IP address, name resolution is
Nameserver to use for name resolutions. If none specified
or name server fails system routines for name resolution will be
used. It's better to specify nserver because gethostbyname() may
be thread unsafe. Optional port number may be specified.
If optional /tcp is added to IP address, name resolution will be
performed over TCP.
.br
@ -464,7 +404,7 @@ redirected to parent proxy with http, socks4+, connect+ or socks5+.
.B dialer
<progname>
.br
Execute progname if external name can\'t be resolved.
Execute progname if external name can't be resolved.
Hint: if you use nscache, dialer may not work, because names will
be resolved through cache. In this case you can use something like
http://dial.right.now/ from browser to set up connection.
@ -483,26 +423,16 @@ gateways. Since 0.8 version, IPv6 address may be used.
<ipaddr>
.br
sets ip address of external interface. This IP address will be source
address for all connections made by proxy. Alternatively you can use -e
option to specify individual address for gateway. Since 0.8 version
address for all connections made by proxy. Alternatively you can use
-e option to specify individual address for gateway. Since 0.8 version
External or -e can be given twice: once with IPv4 and once with IPv6 address.
.br
.B maxconn
<number>
.br
sets maximum number of simulationeous connections to each service
started after this command on network level. Default is 100.
.br
To limit clients, use connlim instead. maxconn will silently ignore
new connections, while connlim will report back to the client that
the connection limit has been reached.
.br
.B backlog
.br
sets the listening socket backlog of new connections. Default is
1 + maxconn/8. Maximum value is capped by kernel tunable somaxconn.
sets maximum number of simulationeous connections to each services
started after this command. Default is 100.
.br
.B service
@ -515,8 +445,8 @@ to reinstall service.
.br
.B daemon
.br
Should be specified to close console. Do not use \'daemon\' with \'service\'.
At least under FreeBSD \'daemon\' should preceed any proxy service
Should be specified to close console. Do not use 'daemon' with 'service'.
At least under FreeBSD 'daemon' should preceed any proxy service
and log commands to avoid sockets problem. Always place it in the beginning
of the configuration file.
@ -526,41 +456,39 @@ of the configuration file.
.br
Type of user authorization. Currently supported:
.br
none - no authentication or authorization required.
none - no authentication or authorization required.
.br
Note: is auth is none any ip based limitation, redirection, etc will not work.
This is default authentication type
.br
iponly - authentication by access control list with username ignored.
iponly - authentication by access control list with username ignored.
Appropriate for most cases
.br
useronly - authentication by username without checking for any password with
useronly - authentication by username without checking for any password with
authorization by ACLs. Useful for e.g. SOCKSv4 proxy and icqpr (icqpr set UIN /
AOL screen name as a username)
.br
dnsname - authentication by DNS hostnname with authorization by ACLs.
dnsname - authentication by DNS hostnname with authorization by ACLs.
DNS hostname is resolved via PTR (reverse) record and validated (resolved
name must resolve to same IP address). It\'s recommended to use authcache by
name must resolve to same IP address). It's recommended to use authcache by
ip for this authentication.
NB: there is no any password check, name may be spoofed.
.br
strong - username/password authentication required. It will work with
strong - username/password authentication required. It will work with
SOCKSv5, FTP, POP3 and HTTP proxy.
.br
cache - cached authentication, may be used with \'authcache\'.
.br
radius - authentication with RADIUS.
cache - cached authentication, may be used with 'authcache'.
.br
Plugins may add additional authentication types.
.br
It's possible to use few authentication types in the same commands. E.g.
.br
It\'s possible to use few authentication types in the same commands. E.g.
auth iponly strong
.br
auth iponly strong
.br
In this case \'strong\' authentication will be used only in case resource
access can not be performed with \'iponly\' authentication, that is username is
required in ACL. It\'s usefull to protect access to some resources with
In this case 'strong' authentication will be used only in case resource
access can not be performed with 'iponly' authentication, that is username is
required in ACL. It's usefull to protect access to some resources with
password allowing passwordless access to another resources, or to use
IP-based authentication for dedicated laptops and request username/password for
shared ones.
@ -572,23 +500,17 @@ shared ones.
Cache authentication information to given amount of time (cachetime) in seconds.
Cahtype is one of:
.br
ip - after successful authentication all connections during caching time
ip - after successful authentication all connections during caching time
from same IP are assigned to the same user, username is not requested.
.br
ip,user username is requested and all connections from the same IP are
ip,user username is requested and all connections from the same IP are
assigned to the same user without actual authentication.
.br
user - same as above, but IP is not checked.
user - same as above, but IP is not checked.
.br
user,password - both username and password are checked against cached ones.
user,password - both username and password are checked against cached ones.
.br
limit - limit user to use only one ip, \'ip\' and \'user\' are required
.br
acl - only use cached auth if user access service with same ACL
.br
ext - cache external IP
.br
Use auth type \'cache\' for cached authentication
Use auth type 'cache' for cached authentication
.br
.B allow
@ -602,13 +524,13 @@ Use auth type \'cache\' for cached authentication
Access control entries. All lists are comma-separated, no spaces are
allowed. Usernames are case sensitive (if used with authtype nbname
username must be in uppercase). Source and target lists may contain
IP addresses (W.X.Y.Z), ranges A.B.C.D - W.X.Y.Z (since 0.8) or CIDRs (W.X.Y.Z/L).
Since 0.6, targetlist may also contain host names,
instead of addresses. It\'s possible to use wildmask in
the begginning and in the the end of hostname, e.g. *badsite.com or *badcontent*.
Hostname is only checked if hostname presents in request.
Targetportlist may contain ports (X) or port ranges lists (X-Y). For any field *
sign means ANY. If access list is empty it\'s assumed to be
IP addresses (W.X.Y.Z), ranges A.B.C.D - W.X.Y.Z (since 0.8) or CIDRs
(W.X.Y.Z/L). Since 0.6, targetlist may also contain host names,
instead of addresses. It's possible to use wildmask in
the begginning and in the the end of hostname, e.g. *badsite.com or
*badcontent*. Hostname is only checked if hostname presents in request.
Targetportlist may contain ports (X) or port ranges lists (X-Y). For any field
* sign means "ANY" If access list is empty it's assumed to be
.br
allow *
.br
@ -616,59 +538,56 @@ sign means ANY. If access list is empty it\'s assumed to be
.br
deny *
.br
You may want explicitly add deny * to the end of access list to prevent
HTTP proxy from requesting user\'s password.
You may want explicitly add "deny *" to the end of access list to prevent
HTTP proxy from requesting user's password.
Access lists are checked after user have requested any resource.
If you want 3proxy to reject connections from specific addresses
immediately without any conditions you should either bind proxy
to appropriate interface only or to use ip filters.
.br
Operation is one of:
.br
Operation is one of:
CONNECT - establish outgoing TCP connection
.br
CONNECT establish outgoing TCP connection
BIND - bind TCP port for listening
.br
BIND bind TCP port for listening
UDPASSOC - make UDP association
.br
UDPASSOC make UDP association
ICMPASSOC - make ICMP association (for future use)
.br
ICMPASSOC make ICMP association (for future use)
HTTP_GET - HTTP GET request
.br
HTTP_GET HTTP GET request
HTTP_PUT - HTTP PUT request
.br
HTTP_PUT HTTP PUT request
HTTP_POST - HTTP POST request
.br
HTTP_POST HTTP POST request
HTTP_HEAD - HTTP HEAD request
.br
HTTP_HEAD HTTP HEAD request
HTTP_CONNECT - HTTP CONNECT request
.br
HTTP_CONNECT HTTP CONNECT request
HTTP_OTHER - over HTTP request
.br
HTTP_OTHER over HTTP request
HTTP - matches any HTTP request except HTTP_CONNECT
.br
HTTP matches any HTTP request except HTTP_CONNECT
HTTPS - same as HTTP_CONNECT
.br
HTTPS same as HTTP_CONNECT
FTP_GET - FTP get request
.br
FTP_GET FTP get request
FTP_PUT - FTP put request
.br
FTP_PUT FTP put request
FTP_LIST - FTP list request
.br
FTP_LIST FTP list request
.br
FTP_DATA FTP data connection. Note: FTP_DATA requires access to dynamic
FTP_DATA - FTP data connection. Note: FTP_DATA requires access to dynamic
non-ptivileged (1024-65535) ports on remote side.
.br
FTP matches any FTP/FTP Data request
FTP - matches any FTP/FTP Data request
.br
ADMIN access to administration interface
ADMIN - access to administration interface
.br
Weeksdays are week days numbers or periods, 0 or 7 means Sunday, 1 is Monday, 1-5 means Monday through Friday.
.br
Timeperiodlists is a list of time
Weeksdays are week days numbers or periods, 0 or 7 means Sunday, 1 is Monday, 1-5 means Monday through Friday. Timeperiodlists is a list of time
periods in HH:MM:SS-HH:MM:SS format. For example, 00:00:00-08:00:00,17:00:00-24:00:00 lists non-working hours.
.br
.B parent
<weight> <type> <ip> <port> <username> <password>
@ -703,52 +622,51 @@ connections. These 2 proxies form 1 group (summarized weight is 1000).
.br
creates chain of 3 proxies: 192.168.10.1, 192.168.20.1 and third
is (192.168.30.1 with probability of 0.3 or 192.168.40.1
with probability of 0.7) for outgoing web connections. Chains are only applied to new connections, pipelined (keep-alive) requests in the same connection use the same chain.
with probability of 0.7) for outgoing web connections.
.br
type is one of:
.br
extip does not actully redirect request, it sets external address for this request to <ip>. It can be chained with another parent types. It's usefaul to set external IP based on ACL or make it random.
tcp - simply redirect connection. TCP is always last in chain.
.br
tcp simply redirect connection. TCP is always last in chain. This type of proxy is a simple TCP redirection, it does not support parent authentication.
http - redirect to HTTP proxy. HTTP is always last chain.
.br
http redirect to HTTP proxy. HTTP is always the last chain. It should only be used with http (proxy) service,
if used with different service, it works as tcp redirection.
pop3 - redirect to POP3 proxy (only local redirection is supported, can not be
used for chaining)
.br
pop3 redirect to POP3 proxy (only local redirection is supported, can only be used as a first hop in chaining)
ftp - redirect to FTP proxy (only local redirection is supported, can not be
used for chaining)
.br
ftp redirect to FTP proxy (only local redirection is supported, can only be used as a first hop in chaining)
connect - parent is HTTP CONNECT method proxy
.br
connect parent is HTTP CONNECT method proxy
connect+ - parent is HTTP CONNECT proxy with name resolution
.br
connect+ parent is HTTP CONNECT proxy with name resolution (hostname is used instead of IP if available)
socks4 - parent is SOCKSv4 proxy
.br
socks4 parent is SOCKSv4 proxy
socks4+ - parent is SOCKSv4 proxy with name resolution (SOCKSv4a)
.br
socks4+ parent is SOCKSv4 proxy with name resolution (SOCKSv4a)
socks5 - parent is SOCKSv5 proxy
.br
socks5 parent is SOCKSv5 proxy
socks5+ - parent is SOCKSv5 proxy with name resolution
.br
socks5+ parent is SOCKSv5 proxy with name resolution
.br
socks4b parent is SOCKS4b (broken SOCKSv4 implementation with shortened
socks4b - parent is SOCKS4b (broken SOCKSv4 implementation with shortened
server reply. I never saw this kind ofservers byt they say there are).
Normally you should not use this option. Do not mess this option with
SOCKSv4a (socks4+).
.br
socks5b parent is SOCKS5b (broken SOCKSv5 implementation with shortened
socks5b - parent is SOCKS5b (broken SOCKSv5 implementation with shortened
server reply. I think you will never find it useful). Never use this option
unless you know exactly you need it.
.br
admin redirect request to local \'admin\' service (with -s parameter).
admin - redirect request to local 'admin' service (with -s parameter).
.br
Use "+" proxy only with "fakeresolve" option
.br
IP and port are ip addres and port of parent proxy server.
If IP is zero, ip is taken from original request, only port is changed.
If port is zero, it\'s taken from original request, only IP is changed.
If both IP and port are zero - it\'s a special case of local redirection,
If port is zero, it's taken from original request, only IP is changed.
If both IP and port are zero - it's a special case of local redirection,
it works only with
.B socks
proxy. In case of local redirection request is redirected to different service,
@ -763,14 +681,14 @@ locally redurects to
.B proxy
.B admin
locally redirects to admin -s service.
.br
Main purpose of local redirections is to have requested resource
(URL or POP3 username) logged and protocol-specific filters to be applied.
In case of local redirection ACLs are revied twice: first, by SOCKS proxy up to \'parent\'
command and then with gateway service connection is
redirected (HTTP, FTP or POP3) after \'parent\' command. It means,
additional \'allow\' command is required for redirected requests, for
In case of local redirection ACLs are revied twice: first, by SOCKS proxy up to
'parent' command and then with gateway service connection is
redirected (HTTP, FTP or POP3) after 'parent' command. It means,
additional 'allow' command is required for redirected requests, for
example:
.br
allow * * * 80
@ -786,10 +704,11 @@ local HTTP proxy parses requests and allows only GET and POST requests.
.br
parent 1000 http 1.2.3.4 0
.br
Changes external address for given connection to 1.2.3.4 (an equivalent to -e1.2.3.4)
Changes external address for given connection to 1.2.3.4
(an equivalent to -e1.2.3.4)
.br
Optional username and password are used to authenticate on parent
proxy. Username of \'*\' means username must be supplied by user.
proxy. Username of '*' means username must be supplied by user.
.br
@ -815,42 +734,27 @@ nolog
.br
Weight may be used for different purposes.
.br
.B force
.br
.B noforce
.br
If force is specified for service, configuration reload will require all current
sessions of this service to be re-authenticated. If ACL is changed or user account
is removed, old connections which do not match current are closed.
noforce allows to keep previously authenticated connections.
.br
.B bandlimin
<rate> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
.B nobandlimin
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
.B bandlimout
<rate> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
.B nobandlimout
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
bandlim sets bandwith limitation filter to <rate> bps (bits per second)
If you want to specife bytes per second - multiply your value to 8.
(if you want to specife bytes per second - multiply your value to 8).
bandlim rules act in a same manner as allow/deny rules except
one thing: bandwidth limiting is applied to all services, not to some
specific service.
bandlimin and nobandlimin applies to incoming traffic
bandlimout and nobandlimout applies to outgoing traffic
If tou want to ratelimit your clients with IPs 192.168.10.16/30 (4
If tou want to ratelimit your clients with ip's 192.168.10.16/30 (4
addresses) to 57600 bps you have to specify 4 rules like
.br
bandlimin 57600 * 192.168.10.16
@ -872,71 +776,31 @@ if you want, for example, to limit all speed ecept access to POP3 you can use
.br
before the rest of bandlim rules.
.br
.B connlim
<rate> <period> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
.B noconnlim
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
connlim sets connections rate limit per time period for traffic
pattern controlled by ACL. Period is in seconds. If period is 0,
connlim limits a number of parallel connections.
.br
connlim 100 60 * 127.0.0.1
.br
allows 100 connections per minute for 127.0.0.1.
.br
connlim 20 0 * 127.0.0.1
.br
allows 20 simulationeous connections for 127.0.0.1.
.br
Like with bandlimin, if individual limit is required per client, separate
rule mustbe added for every client. Like with nobanlimin, noconnlim adds an
exception.
.br
.B counter
<filename> <reporttype> <repotname>
.br
.B countin
<number> <type> <limit> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
.B nocountin
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
.B countout
<number> <type> <limit> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
.B nocountout
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
.B countall
<number> <type> <limit> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
.B nocountall
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
counter, countin, nocountin, countout, noucountout, countall,
nocountall commands are used to set traffic limit
counter, countin, nocountin, countout, noucountout commands are
used to set traffic limit
in MB for period of time (day, week or month). Filename is a path
to a special file where traffic information is permanently stored.
number is sequential number of record in this file. If number is 0
this counter is not preserved in counter file (that is
if proxy restarted all counters with 0 are flushed) overwise it
should be unique sequential number which points to position of
the couter within the file.
no traffic information on this counter is saved in file (that is
if proxy restarted all information is loosed) overwise it should be
unique sequential number.
Type specifies a type of counter. Type is one of:
.br
H - counter is resetted hourly
@ -962,13 +826,13 @@ username[:pwtype:password] ...
.br
pwtype is one of:
.br
none (empty) - use system authentication
none (empty) - use system authentication
.br
CL - password is cleartext
CL - password is cleartext
.br
CR - password is crypt-style password
CR - password is crypt-style password
.br
NT - password is NT password (in hex)
NT - password is NT password (in hex)
.br
example:
.br
@ -1023,36 +887,21 @@ configuration within one minute. Any number of files may be monitored.
.B setuid
<uid>
.br
calls setuid(uid), uid can be numeric or since 0.9 username. Unix only. Warning: under some Linux
kernels setuid() works for current thread only. It makes it impossible to suid
calls setuid(uid), uid must be numeric. Unix only. Warning: under some Linux
kernels setuid() works onle for current thread. It makes it impossible to suid
for all threads.
.br
.B setgid
<gid>
.br
calls setgid(gid), gid can be numeric or since 0.9 groupname. Unix only.
calls setgid(gid), gid must be numeric. Unix only.
.br
.B chroot
<path> [<uid>] [<gid>]
<path>
.br
calls chroot(path) and sets gid/uid. Unix only. uid/gid supported since 0.9, can be numeric or username/groupname
.br
.B stacksize
<value_to_add_to_default_stack_size>
.br
Change default size for threads stack. May be required in some situation,
e.g. with non-default plugins, on on some platforms (some FreeBSD version
may require adjusting stack size due to invalid defined value in system
header files, this value is also oftent reqruied to be changed for ODBC and
PAM support on Linux. If you experience 3proxy
crash on request processing, try to set some positive value. You may start with
stacksize 65536
and then find the minimal value for service to work. If you experience
memory shortage, you can try to experiment with negative values.
calls chroot(path). Unix only.
.SH PLUGINS
.br
@ -1076,13 +925,13 @@ corruption and/or Content-Length chaging. Default is 1MB (1048576).
.SH BUGS
Report all bugs to
.BR 3proxy@3proxy.org
.BR 3proxy@3proxy.ru
.SH SEE ALSO
3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8), syslogd(8),
.br
https://3proxy.org/
http://3proxy.ru/
.SH TRIVIA
3APA3A is pronounced as \`\`zaraza\'\'.
.SH AUTHORS
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )
.RI ( 3proxy@3proxy.ru )

12
man/ftppr.8
View File

@ -1,4 +1,4 @@
.TH ftppr "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.TH ftppr "8" "January 2016" "3proxy 0.8" "Universal proxy server"
.SH NAME
.B ftppr
\- FTP proxy gateway service
@ -51,10 +51,6 @@ is specified logging is to file. Under Unix, if
preceeds
.IR logfile ,
syslog is used for logging.
.TP
.B -S
Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
crashes.
.SH CLIENTS
You can use any FTP client, regardless of FTP proxy support. For client with
FTP proxy support configure
@ -77,11 +73,11 @@ is user\'s login on this FTP server. Login itself may contain \'@\' sign.
Only cleartext authentication is currently supported.
.SH BUGS
Report all bugs to
.BR 3proxy@3proxy.org
.BR 3proxy@3proxy.ru
.SH SEE ALSO
3proxy(8), proxy(8), pop3p(8), socks(8), tcppm(8), udppm(8), syslogd(8),
.br
https://3proxy.org/
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )
.RI ( 3proxy@3proxy.ru )

76
man/icqpr.8 Normal file
View File

@ -0,0 +1,76 @@
.TH icqpr "8" "January 2016" "3proxy 0.8" "Universal proxy server"
.SH NAME
.B icqpr
\- ICQ (AOL OSCAR) proxy
.SH SYNOPSIS
.BR "icqpr " [ -d ]
.IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
.IB \fR[ -i internal_ip\fR]
.IB \fR[ -e external_ip\fR]
.I local_port remote_host remote_port
.SH DESCRIPTION
.B icqpr
forwards ICQ connections from local to remote ICQ host. Most usual is
.B icqpr 5190 login.icq.com 5190
Also, icqpr adds UIN / AOL screen name as a username. It makes it possible
to control user's access to ICQ/AOL by UIN/screen name (use
.B auth useronly
in 3proxy).
.SH OPTIONS
.TP
.B -I
Inetd mode. Standalone service only.
.TP
.B -d
Daemonise. Detach service from console and run in the background.
.TP
.B -t
Be silenT. Do not log start/stop/accept error records.
.TP
.B -e
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
.TP
.B -i
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It\'s usually unsafe.
.TP
.B -l
Log. By default logging is to stdout. If
.I logfile
is specified logging is to file. Under Unix, if
.RI \' @ \'
preceeds
.IR logfile ,
syslog is used for logging.
.SH ARGUMENTS
.TP
.I local_port
- port icqpr accepts connection
.TP
.I remote_host
- IP address of the host connection is forwarded to
.TP
.I remote_port
- remote port connection is forwarded to
.SH CLIENTS
You can use any ICQ/AOL client where server address configuration is supported
or spoof login server name (e.g. login.icq.com) with IP address of proxy server
via DNS record or hosts file. Transparent redirection is also possible. Use
.I internal_ip
and
.I local_port
as a destination in client application. Connection is forwarded to
.IR remote_host : remote_port
.SH BUGS
Report all bugs to
.BR 3proxy@3proxy.ru
.SH SEE ALSO
3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), udppm(8), syslogd(8),
.br
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.ru )

12
man/pop3p.8
View File

@ -1,4 +1,4 @@
.TH pop3p "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.TH pop3p "8" "January 2016" "3proxy 0.8" "Universal proxy server"
.SH NAME
.B pop3p
\- POP3 proxy gateway service
@ -51,10 +51,6 @@ is specified logging is to file. Under Unix, if
preceeds
.IR logfile ,
syslog is used for logging.
.TP
.B -S
Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
crashes.
.SH CLIENTS
You can use any MUA (Mail User Agent) with POP3 support. Set client to use
.I internal_ip
@ -73,11 +69,11 @@ authentication (APOP, CRAM-MD5, etc) requires challenge from server before
we know which server to connect.
.SH BUGS
Report all bugs to
.BR 3proxy@3proxy.org
.BR 3proxy@3proxy.ru
.SH SEE ALSO
3proxy(8), ftppr(8), proxy(8), socks(8), tcppm(8), udppm(8), syslogd(8),
.br
https://3proxy.org/
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )
.RI ( 3proxy@3proxy.ru )

12
man/proxy.8
View File

@ -1,4 +1,4 @@
.TH proxy "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.TH proxy "8" "January 2016" "3proxy 0.8" "Universal proxy server"
.SH NAME
.B proxy
\- HTTP proxy gateway service
@ -52,10 +52,6 @@ is specified logging is to file. Under Unix, if
preceeds
.IR logfile ,
syslog is used for logging.
.TP
.B -S
Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
crashes.
.SH CLIENTS
You should use client with HTTP proxy support or configure router to redirect
HTTP traffic to proxy (transparent proxy). Configure client to connect to
@ -68,11 +64,11 @@ limit clients, use
instead.
.SH BUGS
Report all bugs to
.BR 3proxy@3proxy.org
.BR 3proxy@3proxy.ru
.SH SEE ALSO
3proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8), syslogd(8),
.br
https://3proxy.org/
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )
.RI ( 3proxy@3proxy.ru )

12
man/smtpp.8
View File

@ -1,4 +1,4 @@
.TH smtpp "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.TH smtpp "8" "January 2016" "3proxy 0.8" "Universal proxy server"
.SH NAME
.B smtpp
\- SMTP proxy gateway service
@ -51,10 +51,6 @@ is specified logging is to file. Under Unix, if
preceeds
.IR logfile ,
syslog is used for logging.
.TP
.B -S
Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
crashes.
.SH CLIENTS
You can use any MUA (Mail User Agent) with SMTP authentication support.
Set client to use
@ -74,11 +70,11 @@ authentication (CRAM-MD5, SPA, etc) requires challenge from server before
we know which server to connect.
.SH BUGS
Report all bugs to
.BR 3proxy@3proxy.org
.BR 3proxy@3proxy.ru
.SH SEE ALSO
3proxy(8), ftppr(8), proxy(8), socks(8), tcppm(8), udppm(8), syslogd(8),
.br
https://3proxy.org/
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )
.RI ( 3proxy@3proxy.ru )

17
man/socks.8
View File

@ -1,4 +1,4 @@
.TH socks "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.TH socks "8" "January 2016" "3proxy 0.8" "Universal proxy server"
.SH NAME
.B socks
\- SOCKS 4/4.5/5 gateway service
@ -33,11 +33,6 @@ from. External IP must be specified if you need incoming connections.
By default system will deside which address to use in accordance
with routing table.
.TP
.B -N
External NAT address 3proxy reports to client for BIND and UDPASSOC
By default external address is reported. It's only useful in the case
of IP-IP NAT (will not work for PAT)
.TP
.B -i
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It\'s usually unsafe.
@ -53,10 +48,6 @@ is specified logging is to file. Under Unix, if
preceeds
.IR logfile ,
syslog is used for logging.
.TP
.B -S
Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
crashes.
.SH CLIENTS
You should use client with SOCKS support or use some socksification support
(for example
@ -74,11 +65,11 @@ sufficient privileges). If you need to control access use
instead.
.SH BUGS
Report all bugs to
.BR 3proxy@3proxy.org
.BR 3proxy@3proxy.ru
.SH SEE ALSO
3proxy(8), proxy(8), ftppr(8), pop3p(8), tcppm(8), udppm(8), syslogd(8),
.br
https://3proxy.org/
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )
.RI ( 3proxy@3proxy.ru )

12
man/tcppm.8
View File

@ -1,4 +1,4 @@
.TH tcppm "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.TH tcppm "8" "January 2016" "3proxy 0.8" "Universal proxy server"
.SH NAME
.B tcppm
\- TCP port mapper
@ -40,10 +40,6 @@ is specified logging is to file. Under Unix, if
preceeds
.IR logfile ,
syslog is used for logging.
.TP
.B -S
Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
crashes.
.SH ARGUMENTS
.TP
.I local_port
@ -63,11 +59,11 @@ as a destination in client application. Connection is forwarded to
.IR remote_host : remote_port
.SH BUGS
Report all bugs to
.BR 3proxy@3proxy.org
.BR 3proxy@3proxy.ru
.SH SEE ALSO
3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), udppm(8), syslogd(8),
.br
https://3proxy.org/
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )
.RI ( 3proxy@3proxy.ru )

86
man/tlspr.8
View File

@ -1,86 +0,0 @@
.TH tlspr "8" "May 2024" "3proxy 0.9" "Universal proxy server"
.SH NAME
.B tlspr
\- SNI proxy gateway service
.SH SYNOPSIS
.BR "tlspr " [ -d ][ -a ]
.IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
.IB \fR[ -p listening_port\fR]
.IB \fR[ -P destination_port\fR]
.IB \fR[ -c tls_check_level\fR]
.IB \fR[ -i internal_ip\fR]
.IB \fR[ -e external_ip\fR]
.SH DESCRIPTION
.B proxy
is SNI gateway service (destination host is taken from TLS handshake). Destination port must be specified via -P option (or it may be detected with Transparent plugin).
.SH OPTIONS
.TP
.B -I
Inetd mode. Standalone service only.
.TP
.B -d
Daemonise. Detach service from console and run in the background.
.TP
.B -t
Be silenT. Do not log start/stop/accept error records.
.TP
.B -u
Never ask for username authentication
.TP
.B -e
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
.TP
.B -i
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It\'s usually unsafe.
.TP
.B -a
Anonymous. Hide information about client.
.TP
.B -a1
Anonymous. Show fake information about client.
.TP
.B -p
listening_port. Port proxy listens for incoming connections. Default is 1443.
.TP
.B -P
destination_port. Port to establish outgoing connections. One is required unless Transparent plugin is not used because TLS handshake does not contain port information. Default is 443.
.TP
.B -c
TLS_CHECK_LEVEL. 0 (default) - allow non-TLS traffic to pass, 1 - require TLS, only check client HELLO packet, 2 - require TLS, check both client and server HELLO, 3 - require TLS, check server send certificate (not compatible with TLS 1.3), 4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
.TP
.B -l
Log. By default logging is to stdout. If
.I logfile
is specified logging is to file. Under Unix, if
.RI \' @ \'
preceeds
.IR logfile ,
syslog is used for logging.
.TP
.B -S
Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
crashes.
.SH CLIENTS
You should use client with HTTP proxy support or configure router to redirect
HTTP traffic to proxy (transparent proxy). Configure client to connect to
.I internal_ip
and
.IR port .
HTTPS support allows to use almost any TCP based protocol. If you need to
limit clients, use
.BR 3proxy (8)
instead.
.SH BUGS
Report all bugs to
.BR 3proxy@3proxy.org
.SH SEE ALSO
3proxy(8), ftppr(8), proxy(8), socks(8), pop3p(8), smtpp(8), tcppm(8), udppm(8), syslogd(8),
.br
https://3proxy.org/
.SH AUTHORS
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )

12
man/udppm.8
View File

@ -1,4 +1,4 @@
.TH udppm "8" "January 2019" "3proxy 0.9" "Universal proxy server"
.TH udppm "8" "January 2016" "3proxy 0.8" "Universal proxy server"
.SH NAME
.B udppm
\- UDP port mapper
@ -46,10 +46,6 @@ Single packet. By default only one client can use udppm service, but
if -s is specified only one packet will be forwarded between client and server.
It allows to share service between multiple clients for single packet services
(for example name lookups).
.TP
.B -S
Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
crashes.
.SH ARGUMENTS
.TP
.I local_port
@ -69,11 +65,11 @@ as a destination in client application. All datagrams are forwarded to
.IR remote_host : remote_port
.SH BUGS
Report all bugs to
.BR 3proxy@3proxy.org
.BR 3proxy@3proxy.ru
.SH SEE ALSO
3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), udppm(8), syslogd(8),
.br
https://3proxy.org/
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by Vladimir 3APA3A Dubrovin
.RI ( 3proxy@3proxy.org )
.RI ( 3proxy@3proxy.ru )

256
rus.3ps
View File

@ -1,256 +0,0 @@
[--admin--]
HTTP/1.0 401 Authentication Required\n
WWW-Authenticate: Basic realm="proxy", encoding="utf-8"\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>401 Authentication Required</title></head>\n
<body><h2>401 Authentication Required</h2>
<h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource<br><hr>
Доступ запрещен администратором или Вы ввели неправильное имя/пароль.
</h3></body></html>\n
[end]
HTTP/1.0 200 OK\n
Connection: close\n
Expires: Thu, 01 Dec 1994 16:00:00 GMT\n
Cache-Control: no-cache\n
Content-type: text/html; charset=utf-8\n
\n
<http><head><title>%s Страница конфигурации</title></head>\n
<table width='100%%' border='0'>\n
<tr><td width='150' valign='top'>\n
<h2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</h2>\n
<A HREF='/C'>Счетчики</A><br><br>\n
<A HREF='/R'>Перезагрузка конфигурации сервера</A><br><br>\n
<A HREF='/S'>Запущенные сервисы</A><br><br>\n
<A HREF='/F'>Настройка сервера</A>\n
</td><td>
<h2>%s %s Конфигурация</h2>
[end]
HTTP/1.0 200 OK\n
Connection: close\n
Cache-Control: no-cache\n
Content-type: text/xml; charset=utf-8 \n
\n
<?xml version="1.0"?>\n
<?xml-stylesheet href="/SX" type="text/css"?>\n
<services>\n
<description>Текущие запущенные сервисы и подключившиеся клиенты</description>\n
[end]
</services>\n
[end]
HTTP/1.0 200 OK\n
Connection: close\n
Cache-Control: no-cache\n
Content-type: text/css\n
\n
services {\n
display: block;\n
margin: 10px auto 10px auto;\n
width: 80%;\n
background: black;\n"
font-family: sans-serif;\n
font-size: small;\n
color: silver;\n
}\n
item {\n
display: block;\n
margin-bottom: 10px;\n
border: 2px solid #CCC;\n
padding: 10px;\n
spacing: 2px;\n
}\n
parameter {\n
display: block;\n
padding: 2px;\n
margin-top: 10px;\n
border: 1px solid grey;\n
background: #EEE;\n
color: black;\n
}\n
name {\n
display: inline;\n
float: left;\n
margin-right: 5px;\n
font-weight: bold;\n
}\n
type {\n
display: inline;\n
font-size: x-small;\n
margin-right: 5px;\n
color: #666;\n
white-space: nowrap;\n
font-style: italic;\n
}\n
description {\n
display: inline;\n
margin-right: 5px;\n
white-space: nowrap;\n
}\n
value {\n
display: block;\n
margin-right: 5px;\n
}\n
[end]
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />\n
<pre><font size='-2'><b>
(c)3APA3A, Владимир Дубровин и <A href='https://3proxy.ru/'>3proxy.ru</A>\n
</b></font>\n
</td></tr></table></body></html>
[end]
<h3>Счетчики</h3>\n
<table border = '1'>\n
<tr align='center'><td>Описание</td><td>Активный</td>
<td>Пользователи</td><td>Адрес источника</td><td>Адрес назначения</td>
<td>Порты</td>
<td>Лимит</td><td>Ед.</td><td>Значение</td>
<td>Дата сброса</td><td>Дата обновения</td><td>Номер</td></tr>\n
[end]
</table>\n
[end]
[/--admin--]
[--proxy--]
HTTP/1.0 400 Bad Request\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>400 Bad Request</title></head>\n
<body><h2>400 Bad Request</h2>
<h2>400 Ошибка: Неправильный запрос.</h2>
</body>
</html>\n
[end]
HTTP/1.0 502 Bad Gateway\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>502 Bad Gateway</title></head>\n
<body><h2>502 Bad Gateway</h2><h3>Host Not Found or connection failed <br><hr>
Ошибка: Удалённый сервер не найден или не удалось связаться с ним.</h3>
</body></html>\n
[end]
HTTP/1.0 503 Service Unavailable\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>503 Service Unavailable</title></head>\n
<body><h2>503 Service Unavailable</h2><h3>You have exceeded your traffic limit <br><hr>
Вы превысили свой лимит трафика.
</h3></body></html>\n
[end]
HTTP/1.0 503 Service Unavailable\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>503 Service Unavailable</title></head>\n
<body><h2>503 Service Unavailable</h2><h3>Recursion detected<br><hr>
Ошибка: Сервис не доступен, обнаружена рекурсия
</h3></body></html>\n
[end]
HTTP/1.0 501 Not Implemented\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>501 Not Implemented</title></head>\n
<body><h2>501 Not Implemented</h2><h3>Required action is not supported by proxy server <br><hr>
Ошибка: Действие не поддерживается в данном proxy сервере
</h3></body></html>\n
[end]
HTTP/1.0 502 Bad Gateway\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>502 Bad Gateway</title></head>\n
<body><h2>502 Bad Gateway</h2><h3>Failed to connect parent proxy <br><hr>
Ошибка: Невозможно соединиться c вышестоящим proxy сервером
</h3></body></html>\n",
[end]
HTTP/1.0 500 Internal Error\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>500 Internal Error</title></head>\n
<body><h2>500 Internal Error</h2><h3>Internal proxy error during processing your request <br><hr>
Ошибка: Возникла внутренняя ошибка proxy сервера при обработке вашего запроса
</h3></body></html>\n
[end]
HTTP/1.0 407 Proxy Authentication Required\n
Proxy-Authenticate: Basic realm="proxy", encoding="utf-8"\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>407 Proxy Authentication Required</title></head>\n
<body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource.<br><hr>
Доступ запрещен администратором или Вы ввели неправильное имя/пароль.
</h3></body></html>\n
[end]
HTTP/1.0 200 Connection established\n\n
[end]
HTTP/1.0 200 Connection established\n
Content-Type: text/html\n\n
[end]
HTTP/1.0 404 Not Found\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>404 Not Found</title></head>\n
<body><h2>404 Not Found</h2><h3>File not found <br><hr>
Файл не найден
</h3></body></html>\n
[end]
HTTP/1.0 403 Forbidden\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>403 Access Denied</title></head>\n
<body><h2>403 Access Denied</h2><h3>Access control list denies you to access this resource.<br><hr>
Доступ к данному ресурсу запрещен списком доступа на proxy сервер.
Если Вы считаете, что это ошибка обратитесь к администратору
</h3></body></html>\n
[end]
HTTP/1.0 407 Proxy Authentication Required\n
Proxy-Authenticate: NTLM\n
Proxy-Authenticate: basic realm="proxy", encoding="utf-8"\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>407 Proxy Authentication Required</title></head>\n
<body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource.<br><hr>
Доступ запрещен администратором или Вы ввели неправильное имя/пароль.
</h3></body></html>\n
[end]
HTTP/1.0 407 Proxy Authentication Required\n
Connection: keep-alive\n
Content-Length: 0\n
Proxy-Authenticate: NTLM
[end]
HTTP/1.0 403 Forbidden\n
Connection: close\n
Content-type: text/html; charset=us-ascii\n
\n
<pre>
[end]
HTTP/1.0 503 Service Unavailable\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>503 Service Unavailable</title></head>\n
<body><h2>503 Service Unavailable</h2><h3>Your request violates configured policy<br><hr>
Запрос не сответствует сконфигурированной политике.
</h3></body></html>\n
[end]
HTTP/1.0 401 Authentication Required\n
WWW-Authenticate: basic realm="FTP Server", encoding="utf-8"\n
Connection: close\n
Content-type: text/html; charset=utf-8\n
\n
<html><head><title>401 FTP Server requires authentication</title></head>\n
<body><h2>401 FTP Server requires authentication</h2><h3>This FTP server rejects anonymous access<br><hr>
Этот FTP сервер отвергает анонимный доступ.
</h3></body></html>\n
[end]
HTTP/1.1 100 Continue\n
\n
[end]
[/--proxy--]

985
scripts/3proxy-linux-install.sh
View File

@ -1,985 +0,0 @@
#!/bin/bash
# 3proxy build and install script for Debian Linux
# Release 2.0 at 29.12.2016
# (с) Evgeniy Solovyev
# mail-to: eugen-soloviov@yandex.ru
ScriptPath=""
Src3proxyDirPath=""
ScriptName=""
ScriptFullName=""
SourceRoot=""
ResourcesData=""
ProxyVersion=""
LasestProxyVersion=""
LasestProxyVersionLink=""
UseSudo=0
PacketFiles=""
NeedSourceUpdate=0
main()
{
local msgNewVersion
local msgInsertYorN
VarsInit
LoadResources
CheckRunConditions
if [ $UseSudo == 1 ]
then
sudo bash "${0}"
exit $?
fi
CheckLocation
GetLasestVersionInfo
SourceDownloadOrUpdate
cd "${SourceRoot}"
Build3Proxy
BinInstall
ManInstall
CreateLogDir
CopyConfig
SetInit
Pack3proxyFiles
}
VarsInit()
{
cd `dirname $0`
ScriptPath="${PWD}"
ScriptName=`basename $0`
ScriptFullName="${ScriptPath}/${ScriptName}"
}
CheckLocation()
{
Src3proxyDirPath="${ScriptPath}"
if echo ${ScriptPath} | grep -e "/scripts$"
then
if [ -e "../src/version.h" ]
then
ProxyVersion=`cat "../src/version.h" | awk '/VERSION/ { gsub("\"", "\n"); print; exit }' | grep "3proxy"`
cd ../
SourceRoot="${PWD}"
cd ../
Src3proxyDirPath="${PWD}"
cd "${ScriptPath}"
fi
fi
}
GetLasestVersionInfo()
{
local Githublink
local msg
Githublink=`wget https://github.com/3proxy/3proxy/releases/latest -O /dev/stdout |
awk '/<a.+href=.+\.tar\.gz/ { gsub("\"", "\n"); print; exit }' |
grep -e ".tar.gz"`
if [ $? != 0 ]
then
msg=`GetResource "msgInternetConnectionError"`
echo -e "${msg}"
exit 255
fi
LasestProxyVersionLink="https://github.com${Githublink}"
LasestProxyVersion=`basename "${Githublink}" | awk 'gsub(".tar.gz", "") { print "3proxy-" $0 }'`
}
CheckRunConditions()
{
local UserName
local answer
local msg
local msgContinueWork
local msgInsertYorN
UserName=`whoami`
if [ $UID != 0 ]
then
if [ `CheckPacketInstall "sudo"` == 0 ]
then
msg=`GetResource "msgSudoNotInstalled"`
echo -e "${msg}"
exit 255
fi
UseSudo=1
if [ -z `cat /etc/group | grep -e "^sudo" | grep "${UserName}"` ]
then
msg=`GetResource "msgUserNotMemberOfSudoGroup"`
echo -e "${msg}"
exit 255
fi
if [ `env | grep -e ^http_proxy` != "" ]
then
msg=`GetResource "msgSystemUseProxy"`
echo -e "${msg}"
msgContinueWork=`GetResource "msgDoYouWishContinue"`
msgInsertYorN=`GetResource "msgPleaseInsertYorN"`
while true; do
read -s -n1 -p "${msgContinueWork}" answer
case $answer in
[Yy]* ) echo -ne "\n";break;;
[Nn]* ) echo -ne "\n"; sleep 0; exit 0;;
* ) echo -e "${msgInsertYorN}";;
esac
done
fi
fi
}
DonwnloadSource()
{
if [ ! -e "${Src3proxyDirPath}/${LasestProxyVersion}.tar.gz" ]
then
wget "${LasestProxyVersionLink}" -O "${Src3proxyDirPath}/${LasestProxyVersion}.tar.gz"
fi
ProxyVersion="${LasestProxyVersion}"
}
UnpackSource()
{
if [ ! -d "${Src3proxyDirPath}/${LasestProxyVersion}" ]
then
tar -xvf "${Src3proxyDirPath}/${LasestProxyVersion}.tar.gz" -C "${Src3proxyDirPath}"
fi
SourceRoot="${Src3proxyDirPath}/${LasestProxyVersion}"
}
SourceDownloadOrUpdate()
{
if [ -z "${ProxyVersion}" ]
then
NeedSourceUpdate=1
else
if [ "${ProxyVersion}" != "${LasestProxyVersion}" ]
then
msgNewVersion=`GetResource "msgNewVersion"`
msgInsertYorN=`GetResource "msgPleaseInsertYorN"`
echo -ne "\a"
while true; do
read -s -n1 -p "${msgNewVersion}" answer
case $answer in
[Yy]* ) echo -ne "\n"; NeedSourceUpdate=1; sleep 0; break;;
[Nn]* ) echo -ne "\n"; NeedSourceUpdate=0; sleep 0; break;;
* ) echo -e "${msgInsertYorN}";;
esac
done
fi
fi
if [ $NeedSourceUpdate == 1 ]
then
DonwnloadSource
UnpackSource
fi
}
Build3Proxy()
{
local msg
if [ `CheckPacketInstall "build-essential"` == 0 ]
then
apt-get -y install build-essential
fi
if [ `CheckPacketInstall "build-essential"` == 0 ]
then
msg=`GetResource "msgBuildEssentialNotInstalled"`
echo -e "${msg}"
exit 255
fi
make -f Makefile.Linux
}
BinInstall()
{
local binlist
local liblist
if [! -d bin]
then
mkdir bin
fi
cd bin
binlist=`ls -l --time-style="+%d.%m.%Y %H:%m" | awk '$1 ~ /x$/ && $1 ~ /^[^d]/ && $8 !~ /\.so$/ { print $8 }'`
for file in $binlist
do
cp -vf "${file}" /usr/bin
PacketFiles=`echo -e "${PacketFiles}\n/usr/bin/${file}"`
done
liblist=`ls -l --time-style="+%d.%m.%Y %H:%m" | awk '$1 ~ /x$/ && $1 ~ /^[^d]/ && $8 ~ /\.so$/ { print $8 }'`
for file in $liblist
do
cp -vf "${file}" /usr/lib
PacketFiles=`echo -e "${PacketFiles}\n/usr/lib/${file}"`
done
cd ..
}
ManInstall()
{
local man3list
local man8list
cd man
man3list=`ls -l --time-style="+%d.%m.%Y %H:%m" | awk '$8 ~ /\.3$/ { print $8 }'`
gzip -vfk $man3list
man3list=`echo "${man3list}" | awk '{ print $1 ".gz" }'`
for file in $man3list
do
mv -vf "${file}" /usr/share/man/man3
PacketFiles="${PacketFiles}\n/usr/share/man/man3/${file}"
done
man8list=`ls -l --time-style="+%d.%m.%Y %H:%m" | awk '$8 ~ /\.8$/ { print $8 }'`
gzip -vfk $man8list
man8list=`echo "${man8list}" | awk '{ print $1 ".gz" }'`
for file in $man8list
do
mv -vf "${file}" /usr/share/man/man8
PacketFiles=`echo -e "${PacketFiles}\n/usr/share/man/man8/${file}"`
done
cd ..
}
CreateLogDir()
{
local LogDir
LogDir="/var/log/3proxy"
if [ ! -d "${LogDir}" ]
then
mkdir "${LogDir}"
fi
chown nobody:nogroup "${LogDir}"
chmod 775 "${LogDir}"
PacketFiles="${PacketFiles}\n${LogDir}"
}
CopyConfig()
{
local ConfigDir
ConfigDir="/etc/3proxy"
if [ ! -d "${ConfigDir}" ]
then
mkdir "${ConfigDir}"
fi
LoadGlobalResource "ConfigFile" > "${ConfigDir}/3proxy.cfg"
PacketFiles=`echo -e "${PacketFiles}\n${ConfigDir}/3proxy.cfg"`
}
SetInit()
{
LoadGlobalResource "InitScript" > "/etc/init.d/3proxy"
chown root:root "/etc/init.d/3proxy"
chmod 755 "/etc/init.d/3proxy"
PacketFiles=`echo -e "${PacketFiles}\n/etc/init.d/3proxy"`
update-rc.d 3proxy defaults
}
Pack3proxyFiles()
{
local CPU_Arc
CPU_Arc=`uname -m`
cd ../
tar -czPpvf "${ProxyVersion}-${CPU_Arc}.tar.gz" $PacketFiles
}
LoadResources()
{
local StartRow
local EndRow
local LngLabel
local msgResourceErr="\aError! Script could not find resources!"
if env | grep -q 'LANG=ru_RU.UTF-8'
then
LngLabel="RU"
#LngLabel="EN"
else
LngLabel="EN"
fi
StartRow=`cat "${ScriptFullName}" | awk "/^#Resources_${LngLabel}/ { print NR; exit}"`
if [ -z "${StartRow}" ]
then
echo -e "${msgResourceErr}"
exit 255
fi
EndRow=`cat "${ScriptFullName}" | awk "NR > ${StartRow} && /^#Resources_${LngLabel}_end/ { print NR; exit}"`
if [ -z "${EndRow}" ]
then
echo -e "${msgResourceErr}"
exit 255
fi
ResourcesData=`cat "${ScriptFullName}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'`
}
# $1 - Name of Resource
GetResource()
{
local StartRow
local EndRow
local msgResourceErr="\aError! Script could not find resource \"${1}\"!"
StartRow=`echo "${ResourcesData}" | awk "/^#Resource=${1}/ { print NR; exit}"`
if [ -z "${StartRow}" ]
then
echo -e "${msgResourceErr}" > /dev/stderr
exit 255
fi
EndRow=`echo "${ResourcesData}" | awk "NR > ${StartRow} && /^#endResource=${1}/ { print NR; exit}"`
if [ -z "${EndRow}" ]
then
echo -e "${msgResourceErr}" > /dev/stderr
exit 255
fi
echo "${ResourcesData}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'
}
# $1 - Name of Resource
LoadGlobalResource()
{
local StartRow
local EndRow
local LngLabel
local msgResourceErr="\aError! Script could not find resource \"${1}\"!"
StartRow=`cat "${ScriptFullName}" | awk "/^#Resource=${1}/ { print NR; exit}"`
if [ -z "${StartRow}" ]
then
echo -e "${msgResourceErr}" > /dev/stderr
exit 255
fi
EndRow=`cat "${ScriptFullName}" | awk "NR > ${StartRow} && /^#endResource=${1}/ { print NR; exit}"`
if [ -z "${EndRow}" ]
then
echo -e "${msgResourceErr}" > /dev/stderr
exit 255
fi
cat "${ScriptFullName}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'
}
CheckPacketInstall()
{
if [ `dpkg -l ${1} 2>&1 | wc -l` -le 1 ]
then
echo 0
return
fi
if [ `dpkg -l ${1} | grep -e ^un | wc -l` == 1 ]
then
echo 0
return
fi
echo 1
}
main
exit 0
#Resources_EN
#Resource=msgSudoNotInstalled
\aThe script is running under the account a non-privileged user.
"Sudo" package is not installed in the system.
The script can not continue, as the execution of operations,
requiring rights "root" - is not possible!
Please run the script under the account "root",
or install and configure "sudo" package!
#endResource=msgSudoNotInstalled
#Resource=msgUserNotMemberOfSudoGroup
\aThe script is running under account a non-privileged user.
The account of the current user is not included in the "sudo" group!
The script can not continue, as the execution of operations,
requiring rights "root" - is not possible!
Please run the script under the account "root",
or configure "sudo" package!
#endResource=msgUserNotMemberOfSudoGroup
#Resource=msgSystemUseProxy
\aAttention! The operating system uses proxy-server.
For correctly work of package manager "apt"
in the file "/etc/sudoers" should be present line:
Defaults env_keep = "http_proxy https_proxy"
#endResource=msgSystemUseProxy
#Resource=msgDoYouWishContinue
Do you wish to the script continued executing? (y/n):
#endResource=msgDoYouWishContinue
#Resource=msgPleaseInsertYorN
\a\nPlease insert "y" or "n"!
#endResource=msgPleaseInsertYorN
#Resource=msgInternetConnectionError
\aError downloading "https://github.com/z3APA3A/3proxy/releases/latest"!
Please check the settings of the Internet connection.
#endResource=msgInternetConnectionError
#Resource=msgNewVersion
The new version of "3proxy" detected, do you want download it?
#endResource=msgNewVersion
#Resource=msgBuildEssentialNotInstalled
\aPackage "build-essential" was not installed.
The installation can not be continued!
#endResource=msgBuildEssentialNotInstalled
#Resources_EN_end
#Resources_RU
#Resource=msgSudoNotInstalled
\aСкрипт запущен под учётной записью обычного пользователя.
В системе не установлен пакет "sudo".
Скрипт не может продолжить работу, так как выполнение операций,
требующих прав "root" - не представляется возможным!
Пожалуйста, запустите скрипт под учётной записью "root",
либо установите и настройте пакет "sudo"!
#endResource=msgSudoNotInstalled
#Resource=msgUserNotMemberOfSudoGroup
\aСкрипт запущен под учётной записью обычного пользователя.
Учётная запись текущего пользователя не включена в группу "sudo"!
Скрипт не может продолжить работу, так как выполнение операций,
требующих прав "root" - не представляется возможным!
Пожалуйста, запустите скрипт под учётной записью "root",
либо настройте пакет "sudo"!
#endResource=msgUserNotMemberOfSudoGroup
#Resource=msgSystemUseProxy
\aВнимание! В системе используется прокси-сервер.
Чтобы менеджер пакетов "apt" работал корректно,
в файле "/etc/sudoers" должна присутствовать строка:
Defaults env_keep = "http_proxy https_proxy"
#endResource=msgSystemUseProxy
#Resource=msgDoYouWishContinue
Хотите чтобы скрипт дальше продолжил работу? (y/n):
#endResource=msgDoYouWishContinue
#Resource=msgPleaseInsertYorN
\a\nПожалуйста введите "y" или "n"!
#endResource=msgPleaseInsertYorN
#Resource=msgInternetConnectionError
\aОшибка закачки "https://github.com/z3APA3A/3proxy/releases/latest"!
Пожалуйста, проверьте настройки интернет соединения.
#endResource=msgInternetConnectionError
#Resource=msgNewVersion
Обнаружена новая версия "3proxy", скачать её (y/n)?
#endResource=msgNewVersion
#Resource=msgBuildEssentialNotInstalled
\aПакет "build-essential" не был установлен.
Дальнейшая установка не может быть продолжена!
#endResource=msgBuildEssentialNotInstalled
#Resources_RU_end
#Resource=ConfigFile
noconfig
# If in this file have line "noconfig", then 3proxy not to be runned!
# For usung this configuration file 3proxy you must to delete
# or comment out the line with "noconfig".
daemon
# Parameter "daemon" - means run 3proxy as daemon
pidfile /tmp/3proxy.pid
# PID file location
# This parameter must have the same value as
# the variable "PidFile" in the script "/etc/init.d/3proxy"
# Configuration file location
config /etc/3proxy/3proxy.cfg
internal 127.0.0.1
# Internal is address of interface proxy will listen for incoming requests
# 127.0.0.1 means only localhost will be able to use this proxy. This is
# address you should specify for clients as proxy IP.
# You MAY use 0.0.0.0 but you shouldn't, because it's a chance for you to
# have open proxy in your network in this case.
external 192.168.0.1
# External is address 3proxy uses for outgoing connections. 0.0.0.0 means any
# interface. Using 0.0.0.0 is not good because it allows to connect to 127.0.0.1
# DNS IP addresses
nserver 8.8.8.8
nserver 8.8.4.4
# DNS cache size
nscache 65536
# Timeouts settings
timeouts 1 5 30 60 180 1800 15 60
# log file location
log /var/log/3proxy/3proxy.log D
# log file format
logformat "L%C - %U [%d-%o-%Y %H:%M:%S %z] ""%T"" %E %I %O %N/%R:%r"
archiver gz /usr/bin/gzip %F
# If archiver specified log file will be compressed after closing.
# you should specify extension, path to archiver and command line, %A will be
# substituted with archive file name, %f - with original file name.
# Original file will not be removed, so archiver should care about it.
rotate 30
# We will keep last 30 log files
proxy -p3128
# Run http/https proxy on port 3128
auth none
# No authentication is requires
setgid 65534
setuid 65534
# Run 3proxy under account "nobody" with group "nobody"
#endResource=ConfigFile
#Resource=InitScript
#!/bin/sh
#
# 3proxy daemon control script
#
### BEGIN INIT INFO
# Provides: 3proxy
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Should-Start: $named
# Should-Stop: $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: 3proxy HTTP Proxy
### END INIT INFO
ScriptName="3proxy"
ScriptFullName="/etc/init.d/3proxy"
ConfigFile="/etc/3proxy/3proxy.cfg"
LogDir="/var/log/3proxy"
PidFile="/tmp/3proxy.pid"
ResourcesData=""
main()
{
LoadResources
if [ ! -d "${LogDir}" ]
then
mkdir -p "${LogDir}";
fi
case "$1" in
start) Start ;;
stop) Stop ;;
restart) Stop; Start ;;
status) Status ;;
*) ShowHelp;;
esac
}
Start()
{
local msg
local ProxyPID
if [ ! -f "${ConfigFile}" ]
then
msg=`GetResource "msgConfigFileNotFound"`
printf "${msg}" "${ConfigFile}"
return
fi
if cat "${ConfigFile}" | grep -qe "^noconfig"
then
msg=`GetResource "msgNoconfigDetected"`
printf "${msg}" "${ConfigFile}"
return
fi
ProxyPID=`Get3proxyPID`
if [ ! -z "${ProxyPID}" ]
then
msg=`GetResource "msg3proxyAlreadyRunning"`
printf "${msg}" "${ProxyPID}"
return
fi
3proxy "${ConfigFile}"
sleep 1
ProxyPID=`Get3proxyPID`
if [ ! -f "${PidFile}" ]
then
msg=`GetResource "msg3proxyStartProblems"`
printf "${msg}"
return
fi
if [ `cat "${PidFile}"` != "${ProxyPID}" ]
then
msg=`GetResource "msg3proxyStartProblems"`
printf "${msg}"
return
fi
msg=`GetResource "msg3proxyStartedSuccessfully"`
printf "${msg}" `date +%d-%m-%Y" "%H:%M:%S` "${ProxyPID}"
}
Stop()
{
local msg
local ProxyPID
ProxyPID=`Get3proxyPID`
if [ -f "${PidFile}" ]
then
if [ `cat "${PidFile}"` = "${ProxyPID}" ]
then
kill -9 "${ProxyPID}"
rm -f "${PidFile}"
msg=`GetResource "msg3proxyStoppedSuccessfully"`
printf "${msg}" `date +%d-%m-%Y" "%H:%M:%S`
return
fi
fi
if [ -z "${ProxyPID}" ]
then
msg=`GetResource "msg3proxyProxyNotDetected"`
printf "${msg}"
return
fi
pkill -o 3proxy
msg=`GetResource "msg3proxyStoppedByKillall"`
printf "${msg}" `date +%d-%m-%Y" "%H:%M:%S` "${PidFile}"
}
Status()
{
local msg
local ProxyPID
if [ -f "${PidFile}" ]
then
msg=`GetResource "msgPidFileExists"`
printf "${msg}" "${PidFile}" `cat "${PidFile}"`
else
msg=`GetResource "msgPidFileNotExists"`
printf "${msg}" "${PidFile}"
fi
ProxyPID=`Get3proxyPID`
if [ ! -z "${ProxyPID}" ]
then
msg=`GetResource "msg3proxyProcessDetected"`
printf "${msg}"
ps -ef | awk '$8 ~ /^3proxy/ { print "User: " $1 "\tPID: " $2 }'
else
msg=`GetResource "msg3proxyProcessNotDetected"`
printf "${msg}"
fi
}
ShowHelp()
{
local msg
msg=`GetResource "msg3proxyHelp"`
printf "${msg}" "${ScriptFullName}" "${ScriptName}"
}
Get3proxyPID()
{
ps -ef | awk '$8 ~ /^3proxy/ { print $2; exit }'
}
LoadResources()
{
local StartRow
local EndRow
local LngLabel
local msgResourceErr="\aError! Script could not find resources!"
if env | grep -q 'LANG=ru_RU.UTF-8'
then
LngLabel="RU"
else
LngLabel="EN"
fi
StartRow=`cat "${ScriptFullName}" | awk "/^#Resources_${LngLabel}/ { print NR; exit}"`
if [ -z "${StartRow}" ]
then
echo -e "${msgResourceErr}"
exit 255
fi
EndRow=`cat "${ScriptFullName}" | awk "NR > ${StartRow} && /^#Resources_${LngLabel}_end/ { print NR; exit}"`
if [ -z "${EndRow}" ]
then
echo -e "${msgResourceErr}"
exit 255
fi
ResourcesData=`cat "${ScriptFullName}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'`
}
# $1 - Name of Resource
GetResource()
{
local StartRow
local EndRow
local msgResourceErr="\aError! Script could not find resource \"${1}\"!"
StartRow=`echo "${ResourcesData}" | awk "/^#Resource=${1}/ { print NR; exit}"`
if [ -z "${StartRow}" ]
then
echo -e "${msgResourceErr}" > /dev/stderr
exit 255
fi
EndRow=`echo "${ResourcesData}" | awk "NR > ${StartRow} && /^#endResource=${1}/ { print NR; exit}"`
if [ -z "${EndRow}" ]
then
echo -e "${msgResourceErr}" > /dev/stderr
exit 255
fi
echo "${ResourcesData}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'
}
main $@
exit 0;
#Resources_EN
#Resource=msg3proxyHelp
Usage:
\t%s {start|stop|restart}
or
\tservice %s {start|stop|restart|status}\\n
#endResource=msg3proxyHelp
#Resource=msgConfigFileNotFound
\a3proxy configuration file - "%s" is not found!\\n
#endResource=msgConfigFileNotFound
#Resource=msgNoconfigDetected
Parameter "noconfig" found in 3proxy configuration file -
"% s" !
To run 3proxy this parameter should be disabled.\\n
#endResource=msgNoconfigDetected
#Resource=msg3proxyAlreadyRunning
\a3proxy already running PID: %s\\n
#endResource=msg3proxyAlreadyRunning
#Resource=msg3proxyStartProblems
With the start of 3proxy, something is wrong!
Use: service 3proxy status\\n
#endResource=msg3proxyStartProblems
#Resource=msg3proxyStartedSuccessfully
[ %s %s ] 3proxy started successfully! PID: %s\\n
#endResource=msg3proxyStartedSuccessfully
#Resource=msg3proxyStoppedSuccessfully
[ %s %s ] 3proxy stopped successfully!\\n
#endResource=msg3proxyStoppedSuccessfully
#Resource=msg3proxyProxyNotDetected
Process "3proxy" is not detected!\\n
#endResource=msg3proxyProxyNotDetected
#Resource=msg3proxyStoppedByKillall
[ %s %s ] Command "pkill -o 3proxy" was executed,
because process number was not stored in "%s",
but in fact 3proxy was runned!\\n
#endResource=msg3proxyStoppedByKillall
#Resource=msgPidFileExists
File "%s" exists. It contains the PID: %s\\n
#endResource=msgPidFileExists
#Resource=msgPidFileNotExists
File "%s" not found, that is, PID 3proxy was not stored!\\n
#endResource=msgPidFileNotExists
#Resource=msg3proxyProcessDetected
Process 3proxy detected:\\n
#endResource=msg3proxyProcessDetected
#Resource=msg3proxyProcessNotDetected
Processes of 3proxy is not found!\\n
#endResource=msg3proxyProcessNotDetected
#Resources_EN_end
#Resources_RU
#Resource=msg3proxyHelp
Используйте:
\t%s {start|stop|restart}
или
\tservice %s {start|stop|restart|status}\\n
#endResource=msg3proxyHelp
#Resource=msgConfigFileNotFound
\aФайл конфигурации 3proxy - "%s", не найден!\\n
#endResource=msgConfigFileNotFound
#Resource=msgNoconfigDetected
\aОбнаружен параметр "noconfig" в файле конфигурации 3proxy -
"%s" !
Для запуска 3proxy этот параметр нужно отключить.\\n
#endResource=msgNoconfigDetected
#Resource=msg3proxyAlreadyRunning
\a3proxy уже запущен PID: %s\\n
#endResource=msg3proxyAlreadyRunning
#Resource=msg3proxyStartProblems
\aСо стартом 3proxy, что-то не так!
Используйте: service 3proxy status\\n
#endResource=msg3proxyStartProblems
#Resource=msg3proxyStartedSuccessfully
[ %s %s ] 3proxy успешно стартовал! PID: %s\\n
#endResource=msg3proxyStartedSuccessfully
#Resource=msg3proxyStoppedSuccessfully
[ %s %s ] 3proxy успешно остановлен!\\n
#endResource=msg3proxyStoppedSuccessfully
#Resource=msg3proxyProxyNotDetected
Процесс "3proxy" не обнаружен!\\n
#endResource=msg3proxyProxyNotDetected
#Resource=msg3proxyStoppedByKillall
[ %s %s ] Выполнена команда "pkill -o 3proxy",
т.к. номер процесса не записан в "%s",
но по факту 3proxy рабатал!\\n
#endResource=msg3proxyStoppedByKillall
#Resource=msgPidFileExists
Файл "%s" есть. Он содержит PID: %s\\n
#endResource=msgPidFileExists
#Resource=msgPidFileNotExists
Файл "%s" не найден, т.е. PID 3proxy не был сохранён!\\n
#endResource=msgPidFileNotExists
#Resource=msg3proxyProcessDetected
Обнаружен процесс 3proxy:\\n
#endResource=msg3proxyProcessDetected
#Resource=msg3proxyProcessNotDetected
Процессов 3proxy не обнаружено!\\n
#endResource=msg3proxyProcessNotDetected
#Resources_RU_end
#endResource=InitScript

25
scripts/3proxy.cfg
View File

@ -1,18 +1,23 @@
#!/usr/local/etc/3proxy/bin/3proxy
daemon
pidfile /usr/local/etc/3proxy/3proxy.pid
nscache 65536
nserver 8.8.8.8
nserver 8.8.4.4
nserver 127.0.0.1
config /conf/3proxy.cfg
monitor /conf/3proxy.cfg
config /usr/local/etc/3proxy/3proxy.cfg
monitor /usr/local/etc/3proxy/3proxy.cfg
monitor /usr/local/etc/3proxy/counters
monitor /usr/local/etc/3proxy/passwd
monitor /usr/local/etc/3proxy/bandlimiters
log /logs/3proxy-%y%m%d.log D
log /usr/local/etc/3proxy/log/log D
rotate 60
counter /count/3proxy.3cf
counter /usr/local/etc/3proxy/3proxy.3cf
users $/conf/passwd
users $/usr/local/etc/3proxy/passwd
include /conf/counters
include /conf/bandlimiters
include /usr/local/etc/3proxy/counters
include /usr/local/etc/3proxy/bandlimiters
auth strong
deny * * 127.0.0.1
@ -23,3 +28,5 @@ flush
allow admin
admin -p8080

4
scripts/3proxy.cfg.chroot
View File

@ -1,4 +0,0 @@
#!/bin/3proxy
#daemon
chroot /usr/local/3proxy proxy proxy
include /conf/3proxy.cfg

19
scripts/3proxy.service
View File

@ -1,19 +0,0 @@
[Unit]
Description=3proxy tiny proxy server
Documentation=man:3proxy(1)
After=network.target
[Service]
Environment=CONFIGFILE=/etc/3proxy/3proxy.cfg
ExecStart=/bin/3proxy ${CONFIGFILE}
ExecReload=/bin/kill -SIGUSR1 $MAINPID
KillMode=process
Restart=on-failure
RestartSec=60s
LimitNOFILE=65536
LimitNPROC=32768
RuntimeDirectory=3proxy
[Install]
WantedBy=multi-user.target
Alias=3proxy.service

13
scripts/add3proxyuser.sh
View File

@ -1,15 +1,10 @@
#!/bin/sh
if [ $4 ]; then
echo bandlimin $4 $1 >> /etc/3proxy/conf/bandlimiters
fi
if [ $3 ]; then
echo countin \"`wc -l /etc/3proxy/conf/counters|awk '{print $1}'`/$1\" D $3 $1 >> /etc/3proxy/conf/counters
fi
if [ $2 ]; then
echo $1:`/bin/mycrypt $$ $2` >> /etc/3proxy/conf/passwd
echo $1:`/usr/local/etc/3proxy/bin/mycrypt $$ $2` >> /usr/local/etc/3proxy/passwd
echo countin \"`wc -l /usr/local/etc/3proxy/counters|awk '{print $1}'`/$1\" D $3 $1 >> /usr/local/etc/3proxy/counters
echo bandlimin $4 $1 >> /usr/local/etc/3proxy/bandlimiters
else
echo usage: $0 username password [day_limit] [bandwidth]
echo usage: $0 username password day_limit bandwidth
echo " "day_limit - traffic limit in MB per day
echo " "bandwidth - bandwith in bits per second 1048576 = 1Mbps
fi

10
scripts/debian/3proxy.manpages
View File

@ -1,10 +0,0 @@
man/3proxy.8
man/3proxy.cfg.3
man/ftppr.8
man/pop3p.8
man/tlspr.8
man/proxy.8
man/smtpp.8
man/socks.8
man/tcppm.8
man/udppm.8

24
scripts/debian/changelog
View File

@ -1,24 +0,0 @@
3proxy (0.9.5-1) buster; urgency=medium
*3proxy 0.9.5 initial build
-- z3APA3A <3apa3a@3proxy.org> Sun, 09 Mar 2025 15:55:48 +0300
3proxy (0.9.4-1) buster; urgency=medium
*3proxy 0.9.4 initial build
-- z3APA3A <3apa3a@3proxy.org> Fri, 02 Jul 2021 00:47:00 +0300
3proxy (0.9.3-1) buster; urgency=medium
*3proxy 0.9.3 initial build
-- z3APA3A <3apa3a@3proxy.org> Thu, 03 Dec 2020 21:13:58 +0300
3proxy (0.9.2-1) buster; urgency=medium
*3proxy 0.9.2 initial build
-- z3APA3A <3apa3a@3proxy.org> Thu, 19 Nov 2020 19:19:19 +0300

1
scripts/debian/compat
View File

@ -1 +0,0 @@
9

4
scripts/debian/conffiles
View File

@ -1,4 +0,0 @@
/usr/local/3proxy/conf/3proxy.cfg
/usr/local/3proxy/conf/add3proxyuser.sh
/usr/local/3proxy/conf/bandlimiters
/usr/local/3proxy/conf/counters

18
scripts/debian/control
View File

@ -1,18 +0,0 @@
Source: 3proxy
Maintainer: z3APA3A <3apa3a@3proxy.org>
Section: net
Priority: optional
Standards-Version: 4.0.0
Build-Depends: debhelper (>=10)
Homepage: https://3proxy.org/
Vcs-Git: https://github.com/z3APA3A/3proxy
Vcs-Browser: https://github.com/z3APA3A/3proxy
Package: 3proxy
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: tiny free proxy server
3Proxy tiny free proxy server is really tiny freeware proxy servers set.
It includes HTTP proxy with HTTPS and FTP support, SOCKSv4/SOCKSv4.5/SOCKSv5 proxy (socks/socks.exe), POP3 proxy, SMTP proxy, FTP proxy, caching DNS proxy, TCP and UDP portmappers.
You can use every proxy as a standalone program (socks, proxy, tcppm, udppm, pop3p) or use combined program (3proxy). Combined proxy additionally supports features like access control, bandwidth limiting, limiting daily/weekly/monthly traffic amount, proxy chaining, log rotation, syslog and ODBC logging, etc.
It's created to be small, simple and yet very functional.

20
scripts/debian/copyright
View File

@ -1,20 +0,0 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: 3proxy
Upstream-Contact: 3proxy@3proxy.org
Source: https://3proxy.org/
Files: *
Copyright: 2000-2020 3APA3A, Vladimir Dubrovin, 3proxy.org
License: BSD-3-clause or Apache or GPL-2+ or LGPL-2+
Files: src/libs/md*.*
Copyright: 1990,1991,1992 RSA Data Security, Inc
License: public-domain
Files: src/libs/regex.*
Copyright: Henry Spencer
License: public-domain
Files: src/libs/smbdes.c
Copyright: Andrew Tridgell 1998
License: GPL-2+

43
scripts/debian/postinst
View File

@ -1,43 +0,0 @@
if [ ! -f /usr/local/3proxy/conf/passwd ]; then \
touch /usr/local/3proxy/conf/passwd;\
fi
chown -R proxy:proxy /usr/local/3proxy
chmod 550 /usr/local/3proxy/
chmod 550 /usr/local/3proxy/conf/
chmod 440 /usr/local/3proxy/conf/*
if /bin/systemctl >/dev/null 2>&1; then \
/usr/sbin/update-rc.d 3proxy disable || true; \
/usr/sbin/chkconfig 3proxy off || true; \
/bin/systemctl enable 3proxy.service; \
elif [ -x /usr/sbin/update-rc.d ]; then \
/usr/sbin/update-rc.d 3proxy defaults; \
/usr/sbin/update-rc.d 3proxy enable; \
elif [ -x /usr/sbin/chkconfig ]; then \
/usr/sbin/chkconfig 3proxy on; \
fi
echo ""
echo 3proxy installed.
if /bin/systemctl >/dev/null 2>&1; then \
/bin/systemctl stop 3proxy.service \
/bin/systemctl start 3proxy.service \
echo use ;\
echo " "systemctl start 3proxy.service ;\
echo to start proxy ;\
echo " "systemctl stop 3proxy.service ;\
echo to stop proxy ;\
elif [ -x /usr/sbin/service ]; then \
/usr/sbin/service 3proxy stop || true;\
/usr/sbin/service 3proxy start || true;\
echo " "service 3proxy start ;\
echo to start proxy ;\
echo " "service 3proxy stop ;\
echo to stop proxy ;\
fi
echo " "/usr/local/3proxy/conf/add3proxyuser.sh
echo to add users
echo ""
echo Default config uses Google\'s DNS.
echo It\'s recommended to use provider supplied DNS or install local recursor, e.g. pdns-recursor.
echo Configure preferred DNS in /usr/local/3proxy/conf/3proxy.cfg.
echo run \'/usr/local/3proxy/conf/add3proxyuser.sh admin password\' to configure \'admin\' user

4
scripts/debian/preinst
View File

@ -1,4 +0,0 @@
if [ -x /usr/sbin/useradd ]; then \
/usr/bin/getent group proxy >/dev/null || (/usr/sbin/groupadd -f -r proxy || true); \
/usr/bin/getent passwd proxy >/dev/null || (/usr/sbin/useradd -Mr -s /bin/false -g proxy -c 3proxy proxy || true); \
fi

16
scripts/debian/rules
View File

@ -1,16 +0,0 @@
#!/usr/bin/make -f
%:
dh $@
override_dh_auto_build:
ln -s Makefile.Linux Makefile || true
dh_auto_build
override_dh_auto_clean:
find src/ -type f -name "*.o" -delete
find src/ -type f -name "Makefile.var" -delete
find bin/ -type f -executable -delete
rm -f Makefile
override_dh_usrlocal:

1
scripts/debian/source/format
View File

@ -1 +0,0 @@
3.0 (quilt)

56
scripts/init.d/3proxy.sh
View File

@ -1,56 +0,0 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: 3proxy
# Required-Start:
# Required-Stop:
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start/stop 3proxy
# Description: Start/stop 3proxy, tiny proxy server
### END INIT INFO
# chkconfig: 2345 20 80
# description: 3proxy tiny proxy server
case "$1" in
start)
echo Starting 3Proxy
/bin/mkdir -p /var/run/3proxy
/bin/3proxy /etc/3proxy/3proxy.cfg &
RETVAL=$?
echo
[ $RETVAL ]
;;
stop)
echo Stopping 3Proxy
if [ -f /var/run/3proxy/3proxy.pid ]; then
/bin/kill `cat /var/run/3proxy/3proxy.pid`
else
/usr/bin/killall 3proxy
fi
RETVAL=$?
echo
[ $RETVAL ]
;;
restart|reload)
echo Reloading 3Proxy
if [ -f /var/run/3proxy/3proxy.pid ]; then
/bin/kill -s USR1 `cat /var/run/3proxy/3proxy.pid`
else
/usr/bin/killall -s USR1 3proxy
fi
;;
*)
echo Usage: $0 "{start|stop|restart}"
exit 1
esac
exit 0

5
scripts/install-unix.sh
View File

@ -3,8 +3,8 @@ cd ..
cp Makefile.unix Makefile
make
if [ ! -d /usr/local/etc/3proxy/bin ]; then mkdir -p /usr/local/etc/3proxy/bin/; fi
install bin/3proxy /usr/local/bin/3proxy
install bin/mycrypt /usr/local/bin/mycrypt
install src/3proxy /usr/local/etc/3proxy/bin/3proxy
install src/mycrypt /usr/local/etc/3proxy/bin/mycrypt
install scripts/rc.d/proxy.sh /usr/local/etc/rc.d/proxy.sh
install scripts/add3proxyuser.sh /usr/local/etc/3proxy/bin/
if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then
@ -19,4 +19,3 @@ else
touch /usr/local/etc/3proxy/bandlimiters
echo Run /usr/local/etc/3proxy/bin/add3proxyuser.sh to add \'admin\' user
fi

48
scripts/rc.d/proxy.sh Normal file
View File

@ -0,0 +1,48 @@
#!/bin/sh
#
# chkconfig: 2345 20 80
# description: 3proxy tiny proxy server
#
#
#
#
case "$1" in
start)
echo Starting 3Proxy
/usr/local/etc/3proxy/bin/3proxy /usr/local/etc/3proxy/3proxy.cfg
RETVAL=$?
echo
[ $RETVAL ]
;;
stop)
echo Stopping 3Proxy
if [ /usr/local/etc/3proxy/3proxy.pid ]; then
/bin/kill `cat /usr/local/etc/3proxy/3proxy.pid`
else
/usr/bin/killall 3proxy
fi
RETVAL=$?
echo
[ $RETVAL ]
;;
restart|reload)
echo Reloading 3Proxy
if [ /usr/local/etc/3proxy/3proxy.pid ]; then
/bin/kill -s USR1 `cat /usr/local/etc/3proxy/3proxy.pid`
else
/usr/bin/killall -s USR1 3proxy
fi
;;
*)
echo Usage: $0 "{start|stop|restart}"
exit 1
esac
exit 0

127
scripts/rh/3proxy.spec
View File

@ -1,127 +0,0 @@
Name: 3proxy
Version: 0.9.5
Release: 1
Summary: 3proxy tiny proxy server
License: GPL/LGPL/Apache/BSD
URL: https://3proxy.org/
Vendor: 3proxy.org 3proxy@3proxy.org
Prefix: %{_prefix}
Packager: z3APA3A
Source: https://github.com/%{packager}/%{name}/archive/%{version}.tar.gz
%description
3proxy is lightweight yet powerful proxy server
%prep
%setup -q -n %{name}-%{version}
ln -s Makefile.Linux Makefile
%build
make
%install
make DESTDIR=%buildroot install
%clean
make clean
%files
/bin/3proxy
/bin/ftppr
/bin/mycrypt
/bin/pop3p
/bin/proxy
/bin/socks
/bin/tcppm
/bin/udppm
/bin/tlspr
%config(noreplace) /etc/3proxy/3proxy.cfg
/etc/3proxy/conf
/etc/init.d/3proxy
/usr/lib/systemd/system/3proxy.service
%config(noreplace) /usr/local/3proxy/conf/3proxy.cfg
%config(noreplace) /usr/local/3proxy/conf/add3proxyuser.sh
%config(noreplace) /usr/local/3proxy/conf/bandlimiters
%config(noreplace) /usr/local/3proxy/conf/counters
/usr/local/3proxy/libexec/PCREPlugin.ld.so
/usr/local/3proxy/libexec/StringsPlugin.ld.so
/usr/local/3proxy/libexec/TrafficPlugin.ld.so
/usr/local/3proxy/libexec/TransparentPlugin.ld.so
%if "%{_arch}" == "arm"
/usr/share/man/man3/3proxy.cfg.3
/usr/share/man/man8/3proxy.8
/usr/share/man/man8/ftppr.8
/usr/share/man/man8/pop3p.8
/usr/share/man/man8/proxy.8
/usr/share/man/man8/smtpp.8
/usr/share/man/man8/socks.8
/usr/share/man/man8/tcppm.8
/usr/share/man/man8/udppm.8
/usr/share/man/man8/tlspr.8
%else
/usr/share/man/man3/3proxy.cfg.3.gz
/usr/share/man/man8/3proxy.8.gz
/usr/share/man/man8/ftppr.8.gz
/usr/share/man/man8/pop3p.8.gz
/usr/share/man/man8/proxy.8.gz
/usr/share/man/man8/smtpp.8.gz
/usr/share/man/man8/socks.8.gz
/usr/share/man/man8/tcppm.8.gz
/usr/share/man/man8/udppm.8.gz
/usr/share/man/man8/tlspr.8.gz
%endif
/var/log/3proxy
%doc doc/*
%pre
if [ -x /usr/sbin/useradd ]; then \
/usr/bin/getent group proxy >/dev/null || (/usr/sbin/groupadd -f -r proxy || true); \
/usr/bin/getent passwd proxy >/dev/null || (/usr/sbin/useradd -Mr -s /bin/false -g proxy -c 3proxy proxy || true); \
fi
%post
if [ ! -f /usr/local/3proxy/conf/passwd ]; then \
touch /usr/local/3proxy/conf/passwd;\
fi
chown -R proxy:proxy /usr/local/3proxy
chmod 550 /usr/local/3proxy/
chmod 550 /usr/local/3proxy/conf/
chmod 440 /usr/local/3proxy/conf/*
if /bin/systemctl >/dev/null 2>&1; then \
/usr/sbin/update-rc.d 3proxy disable || true; \
/usr/sbin/chkconfig 3proxy off || true; \
/bin/systemctl enable 3proxy.service; \
elif [ -x /usr/sbin/update-rc.d ]; then \
/usr/sbin/update-rc.d 3proxy defaults; \
/usr/sbin/update-rc.d 3proxy enable; \
elif [ -x /usr/sbin/chkconfig ]; then \
/usr/sbin/chkconfig 3proxy on; \
fi
echo ""
echo 3proxy installed.
if /bin/systemctl >/dev/null 2>&1; then \
/bin/systemctl stop 3proxy.service \
/bin/systemctl start 3proxy.service \
echo use ;\
echo " "systemctl start 3proxy.service ;\
echo to start proxy ;\
echo " "systemctl stop 3proxy.service ;\
echo to stop proxy ;\
elif [ -x /usr/sbin/service ]; then \
/usr/sbin/service 3proxy stop || true;\
/usr/sbin/service 3proxy start || true;\
echo " "service 3proxy start ;\
echo to start proxy ;\
echo " "service 3proxy stop ;\
echo to stop proxy ;\
fi
echo " "/usr/local/3proxy/conf/add3proxyuser.sh
echo to add users
echo ""
echo Default config uses Google\'s DNS.
echo It\'s recommended to use provider supplied DNS or install local recursor, e.g. pdns-recursor.
echo Configure preferred DNS in /usr/local/3proxy/conf/3proxy.cfg.
echo run \'/usr/local/3proxy/conf/add3proxyuser.sh admin password\' to configure \'admin\' user

60
src/3proxy.c
View File

@ -1,6 +1,6 @@
/*
3APA3A simpliest proxy server
(c) 2002-2021 by Vladimir Dubrovin <3proxy@3proxy.org>
(c) 2002-2008 by ZARAZA <3APA3A@security.nnov.ru>
please read License Agreement
@ -12,11 +12,6 @@
#ifndef NOPLUGINS
#include <dlfcn.h>
#endif
#else
#ifdef WITH_SSL
#include <openssl/applink.c>
#endif
#endif
#ifndef DEFAULTCONFIG
@ -64,8 +59,8 @@ void __stdcall CommandHandler( DWORD dwCommand )
case SERVICE_CONTROL_STOP:
case SERVICE_CONTROL_SHUTDOWN:
SetStatus( SERVICE_STOP_PENDING, 0, 1 );
conf.timetoexit = 1;
conf.paused++;
conf.timetoexit = 1;
Sleep(2000);
SetStatus( SERVICE_STOPPED, 0, 0 );
#ifndef NOODBC
@ -92,7 +87,7 @@ void __stdcall CommandHandler( DWORD dwCommand )
void __stdcall ServiceMain(int argc, unsigned char* argv[] )
{
hSrv = RegisterServiceCtrlHandler((LPCSTR)conf.stringtable[1], (LPHANDLER_FUNCTION)CommandHandler);
hSrv = RegisterServiceCtrlHandler(conf.stringtable[1], (LPHANDLER_FUNCTION)CommandHandler);
if( hSrv == 0 ) return;
SetStatus( SERVICE_START_PENDING, 0, 1 );
@ -144,7 +139,7 @@ int timechanged (time_t oldtime, time_t newtime, ROTATION lt){
struct tm tmold;
struct tm *tm;
tm = localtime(&oldtime);
tmold = *tm;
memcpy(&tmold, tm, sizeof(tmold));
tm = localtime(&newtime);
switch(lt){
case MINUTELY:
@ -197,7 +192,6 @@ void doschedule(void){
void dumpcounters(struct trafcount *tlin, int counterd){
unsigned char tmpbuf[8192];
struct trafcount *tl;
if(counterd >= 0 && tlin) {
@ -240,7 +234,6 @@ void dumpcounters(struct trafcount *tlin, int counterd){
void cyclestep(void){
struct tm *tm;
time_t minutecounter;
unsigned char tmpbuf[8192];
minutecounter = time(0);
for(;;){
@ -276,8 +269,16 @@ void cyclestep(void){
}
if(conf.logname) {
if(timechanged(conf.logtime, conf.time, conf.logtype)) {
if(conf.stdlog) conf.stdlog = freopen((char *)dologname (tmpbuf, conf.logname, NULL, conf.logtype, conf.time), "a", conf.stdlog);
else conf.stdlog = fopen((char *)dologname (tmpbuf, conf.logname, NULL, conf.logtype, conf.time), "a");
FILE *fp;
fp = fopen((char *)dologname (tmpbuf, conf.logname, NULL, conf.logtype, conf.time), "a");
if (fp) {
pthread_mutex_lock(&log_mutex);
fclose(conf.stdlog);
conf.stdlog = fp;
pthread_mutex_unlock(&log_mutex);
}
fseek(stdout, 0L, SEEK_END);
usleep(SLEEPTIME);
conf.logtime = conf.time;
if(conf.logtype != NONE && conf.rotate) {
int t;
@ -361,7 +362,6 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
#ifdef _WIN32
unsigned char * arg;
WSADATA wd;
unsigned char tmpbuf[8192];
WSAStartup(MAKEWORD( 1, 1 ), &wd);
osv.dwOSVersionInfoSize = sizeof(osv);
@ -394,7 +394,7 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
"By clicking Yes you confirm you read and accepted License Agreement.\n"
"You can use Administration/Services to control %s service.",
conf.stringtable[1], conf.stringtable[2]);
if(MessageBox(NULL, (LPCSTR)tmpbuf, (LPCSTR)conf.stringtable[2], MB_YESNO|MB_ICONASTERISK) != IDYES) return 1;
if(MessageBox(NULL, (char *)tmpbuf, conf.stringtable[2], MB_YESNO|MB_ICONASTERISK) != IDYES) return 1;
*tmpbuf = '\"';
@ -415,7 +415,7 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
perror("Failed to open Service Manager");
RETURN(101);
}
if (!(sch = CreateService(sch, (LPCSTR)conf.stringtable[1], (LPCSTR)conf.stringtable[2], GENERIC_EXECUTE, SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_IGNORE, (char *)tmpbuf, NULL, NULL, NULL, NULL, NULL))){
if (!(sch = CreateService(sch, conf.stringtable[1], conf.stringtable[2], GENERIC_EXECUTE, SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_IGNORE, (char *)tmpbuf, NULL, NULL, NULL, NULL, NULL))){
perror("Failed to create service");
RETURN(103);
}
@ -436,10 +436,10 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
RETURN(104);
}
if(RegSetValueEx( runsrv,
(LPCSTR)conf.stringtable[1],
conf.stringtable[1],
0,
REG_EXPAND_SZ,
(BYTE *)tmpbuf,
(char *)tmpbuf,
(int)strlen((char *)tmpbuf)+1)!=ERROR_SUCCESS){
perror("Failed to set registry value");
RETURN(105);
@ -457,7 +457,7 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
perror("Failed to open Service Manager\n");
RETURN(106);
}
if (!(sch = OpenService(sch, (LPCSTR)conf.stringtable[1], DELETE))){
if (!(sch = OpenService(sch, conf.stringtable[1], DELETE))){
perror("Failed to open service");
RETURN(107);
}
@ -476,7 +476,7 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
perror("Failed to open registry");
RETURN(109);
}
if(RegDeleteValue(runsrv, (LPCSTR)conf.stringtable[1]) != ERROR_SUCCESS){
if(RegDeleteValue(runsrv, conf.stringtable[1]) != ERROR_SUCCESS){
perror("Failed to clear registry");
RETURN(110);
}
@ -505,34 +505,22 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
#else
fprintf(stderr, "\n if conffile is missing, configuration is expected from stdin\n");
#endif
fprintf(stderr, "available socket options:\n\t%s\n", printopts("\n\t"));
fprintf(stderr, "\n%s %s\n%s\n", conf.stringtable[2], conf.stringtable[3], copyright);
return 1;
}
pthread_mutex_init(&log_mutex, NULL);
logmutexinit = 1;
pthread_mutex_init(&config_mutex, NULL);
pthread_mutex_init(&bandlim_mutex, NULL);
pthread_mutex_init(&connlim_mutex, NULL);
pthread_mutex_init(&hash_mutex, NULL);
pthread_mutex_init(&tc_mutex, NULL);
pthread_mutex_init(&pwl_mutex, NULL);
pthread_mutex_init(&log_mutex, NULL);
#ifndef NORADIUS
pthread_mutex_init(&rad_mutex, NULL);
#endif
#ifdef _WIN32
if(!CreatePipe(&conf.threadinit[0], &conf.threadinit[1], NULL, 1)){
#else
if(pipe(conf.threadinit)) {
#endif
fprintf(stderr, "CreatePipe failed\n");
return 1;
};
freeconf(&conf);
res = readconfig(fp);
conf.version++;
if(res) RETURN(res);
if(!writable)fclose(fp);
@ -543,7 +531,7 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
if(service){
SERVICE_TABLE_ENTRY ste[] =
{
{ (LPSTR)conf.stringtable[1], (LPSERVICE_MAIN_FUNCTION)ServiceMain},
{ conf.stringtable[1], (LPSERVICE_MAIN_FUNCTION)ServiceMain},
{ NULL, NULL }
};
if(!StartServiceCtrlDispatcher( ste ))cyclestep();

29
src/3proxy.rc
View File

@ -1,29 +0,0 @@
#include "version.h"
1 VERSIONINFO
FILEVERSION MAJOR3PROXY,SUBMAJOR3PROXY,MINOR3PROXY,SUBMINOR3PROXY
PRODUCTVERSION MAJOR3PROXY,SUBMAJOR3PROXY,MINOR3PROXY,SUBMINOR3PROXY
FILETYPE 1
FILESUBTYPE 0x0L
BEGIN
BLOCK "StringFileInfo"
BEGIN
BLOCK "040904E4"
BEGIN
VALUE "Comments", "3proxy - tiny proxy server, https://3proxy.org/\0"
VALUE "CompanyName", "Vladimir Dubrovin\0"
VALUE "FileDescription", "3proxy - tiny proxy server\0"
VALUE "FileVersion", RELEASE3PROXY
VALUE "InternalName", "3proxy\0"
VALUE "LegalCopyright", "Copyright (C) 2002-" YEAR3PROXY " Vladimir Dubrovin\0"
VALUE "OriginalFilename", "3proxy.exe\0"
VALUE "ProductName", "3proxy\0"
VALUE "ProductVersion", RELEASE3PROXY
END
END
BLOCK "VarFileInfo"
BEGIN
VALUE "Translation", 0x0, 1200
END
END
0 ICON DISCARDABLE "3proxy.ico"

80
src/Makefile.inc
View File

@ -2,7 +2,12 @@
# 3 proxy common Makefile
#
all: $(BUILDDIR)3proxy$(EXESUFFICS) $(BUILDDIR)mycrypt$(EXESUFFICS) $(BUILDDIR)pop3p$(EXESUFFICS) $(BUILDDIR)smtpp$(EXESUFFICS) $(BUILDDIR)ftppr$(EXESUFFICS) $(BUILDDIR)tcppm$(EXESUFFICS) $(BUILDDIR)tlspr$(EXESUFFICS) $(BUILDDIR)udppm$(EXESUFFICS) $(BUILDDIR)socks$(EXESUFFICS) $(BUILDDIR)proxy$(EXESUFFICS) allplugins
all: pre $(BUILDDIR)3proxy$(EXESUFFICS) $(BUILDDIR)mycrypt$(EXESUFFICS) $(BUILDDIR)dighosts$(EXESUFFICS) $(BUILDDIR)pop3p$(EXESUFFICS) $(BUILDDIR)smtpp$(EXESUFFICS) $(BUILDDIR)ftppr$(EXESUFFICS) $(BUILDDIR)tcppm$(EXESUFFICS) $(BUILDDIR)icqpr$(EXESUFFICS) $(BUILDDIR)udppm$(EXESUFFICS) $(BUILDDIR)socks$(EXESUFFICS) $(BUILDDIR)proxy$(EXESUFFICS) allplugins
pre:
-cd .. && $(TYPECOMMAND) copying
$(PREMAKE)
sockmap$(OBJSUFFICS): sockmap.c proxy.h structures.h
@ -11,6 +16,9 @@ sockmap$(OBJSUFFICS): sockmap.c proxy.h structures.h
common$(OBJSUFFICS): common.c proxy.h structures.h
$(CC) $(CFLAGS) common.c
myalloc$(OBJSUFFICS): myalloc.c proxy.h structures.h
$(CC) $(CFLAGS) myalloc.c
plugins$(OBJSUFFICS): plugins.c proxy.h structures.h
$(CC) $(CFLAGS) plugins.c
@ -41,9 +49,8 @@ ftppr$(OBJSUFFICS): ftppr.c proxy.h structures.h proxymain.c
tcppm$(OBJSUFFICS): tcppm.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP tcppm.c
tlspr$(OBJSUFFICS): tlspr.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP tlspr.c
icqpr$(OBJSUFFICS): icqpr.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP icqpr.c
socks$(OBJSUFFICS): socks.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP socks.c
@ -54,29 +61,29 @@ udppm$(OBJSUFFICS): udppm.c proxy.h structures.h proxymain.c
3proxy$(OBJSUFFICS): 3proxy.c proxy.h structures.h
$(CC) $(CFLAGS) 3proxy.c
$(BUILDDIR)proxy$(EXESUFFICS): sockmap$(OBJSUFFICS) proxy$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)proxy$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) proxy$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)proxy$(EXESUFFICS): sockmap$(OBJSUFFICS) proxy$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) proxy$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)pop3p$(EXESUFFICS): sockmap$(OBJSUFFICS) pop3p$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)pop3p$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) pop3p$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)pop3p$(EXESUFFICS): sockmap$(OBJSUFFICS) pop3p$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)pop3p$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) pop3p$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)smtpp$(EXESUFFICS): sockmap$(OBJSUFFICS) smtpp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) base64$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)smtpp$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) smtpp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) base64$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)smtpp$(EXESUFFICS): sockmap$(OBJSUFFICS) smtpp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) base64$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)smtpp$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) smtpp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) base64$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)ftppr$(EXESUFFICS): sockmap$(OBJSUFFICS) ftppr$(OBJSUFFICS) ftp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)ftppr$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) ftppr$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)ftppr$(EXESUFFICS): sockmap$(OBJSUFFICS) ftppr$(OBJSUFFICS) ftp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)ftppr$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) ftppr$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)socks$(EXESUFFICS): sockmap$(OBJSUFFICS) socks$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)socks$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) socks$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)socks$(EXESUFFICS): sockmap$(OBJSUFFICS) socks$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)socks$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) socks$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)tcppm$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tcppm$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)tcppm$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tcppm$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)tcppm$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tcppm$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)tcppm$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tcppm$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)tlspr$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tlspr$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)tlspr$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tlspr$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)icqpr$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) icqpr$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)icqpr$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) icqpr$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)udppm$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) udppm$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)udppm$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) udppm$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)udppm$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) udppm$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)udppm$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) udppm$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
mainfunc$(OBJSUFFICS): proxy.h structures.h proxymain.c
$(CC) $(COUT)mainfunc$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)MODULEMAINFUNC=mainfunc proxymain.c
@ -98,11 +105,8 @@ srvftppr$(OBJSUFFICS): ftppr.c proxy.h structures.h
srvtcppm$(OBJSUFFICS): tcppm.c proxy.h structures.h
$(CC) $(COUT)srvtcppm$(OBJSUFFICS) $(CFLAGS) tcppm.c
srvtlspr$(OBJSUFFICS): tlspr.c proxy.h structures.h
$(CC) $(COUT)srvtlspr$(OBJSUFFICS) $(CFLAGS) tlspr.c
srvauto$(OBJSUFFICS): auto.c proxy.h structures.h
$(CC) $(COUT)srvauto$(OBJSUFFICS) $(CFLAGS) auto.c
srvicqpr$(OBJSUFFICS): icqpr.c proxy.h structures.h
$(CC) $(COUT)srvicqpr$(OBJSUFFICS) $(CFLAGS) icqpr.c
srvsocks$(OBJSUFFICS): socks.c proxy.h structures.h
$(CC) $(COUT)srvsocks$(OBJSUFFICS) $(CFLAGS) socks.c
@ -119,37 +123,45 @@ srvdnspr$(OBJSUFFICS): dnspr.c proxy.h structures.h
auth$(OBJSUFFICS): auth.c proxy.h structures.h
$(CC) $(COUT)auth$(OBJSUFFICS) $(CFLAGS) auth.c
authradius$(OBJSUFFICS): authradius.c proxy.h structures.h
$(CC) $(COUT)authradius$(OBJSUFFICS) $(CFLAGS) authradius.c
conf$(OBJSUFFICS): conf.c proxy.h structures.h
$(CC) $(COUT)conf$(OBJSUFFICS) $(CFLAGS) conf.c
log$(OBJSUFFICS): log.c proxy.h structures.h
$(CC) $(COUT)log$(OBJSUFFICS) $(CFLAGS) log.c
datatypes$(OBJSUFFICS): datatypes.c proxy.h structures.h
$(CC) $(COUT)datatypes$(OBJSUFFICS) $(CFLAGS) datatypes.c
mycrypt$(OBJSUFFICS): mycrypt.c
$(CC) $(COUT)mycrypt$(OBJSUFFICS) $(CFLAGS) mycrypt.c
dighosts$(OBJSUFFICS): dighosts.c
$(CC) $(COUT)dighosts$(OBJSUFFICS) $(CFLAGS) dighosts.c
$(BUILDDIR)dighosts$(EXESUFFICS): dighosts$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)dighosts$(EXESUFFICS) $(LDFLAGS) $(VERFILE) dighosts$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
mycryptmain$(OBJSUFFICS): mycrypt.c
$(CC) $(COUT)mycryptmain$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)WITHMAIN mycrypt.c
$(BUILDDIR)mycrypt$(EXESUFFICS): md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycryptmain$(OBJSUFFICS) base64$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)mycrypt$(EXESUFFICS) $(LDFLAGS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) base64$(OBJSUFFICS) mycryptmain$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)mycrypt$(EXESUFFICS) $(VERFILE) $(LDFLAGS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) base64$(OBJSUFFICS) mycryptmain$(OBJSUFFICS)
md4$(OBJSUFFICS): libs/md4.h libs/md4.c
$(CC) $(COUT)md4$(OBJSUFFICS) $(CFLAGS) libs/md4.c
smbdes$(OBJSUFFICS): libs/smbdes.c
$(CC) $(COUT)smbdes$(OBJSUFFICS) $(CFLAGS) libs/smbdes.c
md5$(OBJSUFFICS): libs/md5.h libs/md5.c
$(CC) $(COUT)md5$(OBJSUFFICS) $(CFLAGS) libs/md5.c
ntlm$(OBJSUFFICS): ntlm.c
$(CC) $(COUT)ntlm$(OBJSUFFICS) $(CFLAGS) ntlm.c
stringtable$(OBJSUFFICS): stringtable.c
$(CC) $(COUT)stringtable$(OBJSUFFICS) $(CFLAGS) stringtable.c
$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycrypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(VERSIONDEP)
$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) mycrypt$(OBJSUFFICS) md5$(OBJSUFFICS) md4$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvicqpr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycrypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvicqpr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) mycrypt$(OBJSUFFICS) md5$(OBJSUFFICS) md4$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
clean:
@$(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES)

Some files were not shown because too many files have changed in this diff Show More