Avoid sleep on service thread sync

Added:
-H option - expect HAProxy proxy v1 header, e.g. `proxy -H`

parent ha type - send HAProxy proxy v1 header (must be last in redirection), e.g.

allow *
parent 1000 ha
parent 1000 proxy 1.2.3.4 3128
socks

.github/workflows/c-cpp.yml

@@ -0,0 +1,50 @@
+name: C/C++ CI
+
+on:
+  push:
+    branches: [ "master" ]
+    paths: [ '**.c', '**.h', 'Makefile.**', '.github/configs', '.github/workflows/c-cpp.yml' ]
+  pull_request:
+    branches: [ "master" ]
+    paths: [ '**.c', '**.h', 'Makefile.**', '.github/configs', '.github/workflows/c-cpp.yml' ]
+
+jobs:
+  ci:
+    name: "${{ matrix.target }}"
+    strategy:
+      matrix:
+        target:
+          - ubuntu-latest
+          - ubuntu-24.04-arm
+          - macos-15
+          - windows-2022
+    runs-on: ${{ matrix.target }}
+    steps:
+    - uses: actions/checkout@v4
+#    - name: configure
+#      run: ./configure
+    - name: ln Linux
+      if: ${{ startsWith(matrix.target, 'ubuntu') }}
+      run: ln -s Makefile.Linux Makefile
+    - name: ln Mac
+      if: ${{ startsWith(matrix.target, 'macos') }}
+      run: ln -s Makefile.FreeBSD Makefile
+    - name: ln Windows
+      if: ${{ startsWith(matrix.target, 'windows') }}
+      run: copy Makefile.win Makefile
+    - name: dirs Windows
+      if: ${{ startsWith(matrix.target, 'windows') }}
+      run: cmd /C 'echo LIBS := -L "c:/program files/openssl/lib" $(LIBS) >>Makefile.win && echo CFLAGS := -I "c:/program files/openssl/include" $(CFLAGS) >>Makefile.win && type Makefile.win'
+    - name: SSLPlugin Linux
+      if: ${{ startsWith(matrix.target, 'ubuntu') }}
+      run: 'echo PLUGINS := $(PLUGINS) SSLPlugin >>Makefile & echo LIBS := $(LIBS) -lcrypto -lssl >>Makefile'
+    - name: make
+      run: make
+    - name: mkdir
+      if: ${{ startsWith(matrix.target, 'ubuntu') }}
+      run: mkdir ~/3proxy
+    - name: make install
+      if: ${{ startsWith(matrix.target, 'ubuntu') }}
+      run: make DESTDIR=~/3proxy install
+    - name: make clean
+      run: make clean

.gitignore

@@ -5,7 +5,23 @@
 *.pydevproject
 .project
 .metadata
-bin/
+*.exe
+*.dll
+*.exp
+*.lib
+*.key
+*.pem
+*.so
+bin/3proxy
+bin/proxy
+bin/socks
+bin/tcppm
+bin/udppm
+bin/pop3p
+bin/smtpp
+bin/ftppr
+bin/mycrypt
+bin/tlspr
 bin64/
 dll/
 tmp/
@@ -15,16 +31,32 @@ tmp/
 *.swp
 *.o
 *.idb
-src/res
+*.err
+res
 version.c
+version
+version.sh
+buildlinux.sh
 3proxy.res
+
+src/3proxy
+src/proxy
+src/socks
+src/tcppm
+src/udppm
+src/pop3p
+src/smtpp
+src/ftppr
+src/icqpr
+src/mycrypt
+src/dighosts
+*.ld.so
+*.dSYM
 doc/html/man3/
 doc/html/man8/
-doc/html/index.html
 *.var
 verfile.sh
-Makefile
-Changelog
+/Makefile
 copytgz.sh
 *~.nib
 local.properties
@@ -63,7 +95,6 @@ local.properties
 [Rr]elease/
 x64/
 build/
-[Bb]in/
 [Oo]bj/
 
 # MSTest test Results
@@ -156,7 +187,6 @@ csx
 AppPackages/
 
 # Others
-sql/
 *.Cache
 ClientBin/
 [Ss]tyle[Cc]op.*

3proxy.rc

@@ -1,31 +0,0 @@
-#include "src/version.h"
-
-LANGUAGE 0x09, 0x01
-
-VS_VERSION_INFO VERSIONINFO
- FILEVERSION 0,7,0,0
- PRODUCTVERSION 0,7,0,0
- FILETYPE 0x1L
- FILESUBTYPE 0x0L
-BEGIN
-    BLOCK "StringFileInfo"
-    BEGIN
-        BLOCK "000004b0"
-        BEGIN
-            VALUE "Comments", "3proxy - tiny proxy server, http://3proxy.ru/"
-            VALUE "CompanyName", "Vladimir Dubrovin"
-            VALUE "FileDescription", "3proxy - tiny proxy server"
-            VALUE "FileVersion", VERSION "-" BUILDDATE
-            VALUE "InternalName", "3proxy"
-            VALUE "LegalCopyright", "Copyright (C) 2002-2014 Vladimir Dubrovin"
-            VALUE "OriginalFilename", "3proxy.exe"
-            VALUE "ProductName", "3proxy - tiny proxy server"
-            VALUE "ProductVersion", VERSION
-        END
-    END
-    BLOCK "VarFileInfo"
-    BEGIN
-        VALUE "Translation", 0x0, 1200
-    END
-END
-0 ICON    DISCARDABLE     "3proxy.ico"

Dockerfile.full

@@ -0,0 +1,55 @@
+# 3proxy.full is fully functional 3proxy build based on busibox:glibc
+#
+#to  build:
+# docker build -f Dockerfile.full -t 3proxy.full .
+#to run:
+# by default 3proxy uses safe chroot environment with chroot to /usr/local/3proxy with uid/gid 65535/65535 and expects
+# configuration file to be placed in /usr/local/etc/3proxy.
+# Paths in configuration file must be relative to /usr/local/3proxy, that is use /logs instead of 
+# /usr/local/3proxy/logs. nserver in chroot is required for DNS resolution. An example:
+#
+# echo nserver 8.8.8.8 >/path/to/local/config/directory/3proxy.cfg
+# echo proxy -p3129 >>/path/to/local/config/directory/3proxy.cfg
+# docker run -p 3129:3129 -v /path/to/local/config/directory:/usr/local/3proxy/conf -name 3proxy.full 3proxy.full
+#
+# /path/to/local/config/directory in this example must conrain 3proxy.cfg
+# if you need 3proxy to be executed without chroot with root permissions, replace /etc/3proxy/3proxy.cfg by e.g. mounting config
+# dir to /etc/3proxy ot by providing config file /etc/3proxy/3proxy.cfg
+# docker run -p 3129:3129 -v /path/to/local/config/directory:/etc/3proxy -name 3proxy.full 3proxy.full
+#
+# use "log" without pathname in config to log to stdout.
+# plugins are located in /usr/local/3proxy/libexec (/libexec for chroot config).
+
+
+FROM gcc AS buildenv
+COPY . 3proxy
+RUN cd 3proxy &&\
+ echo "">> Makefile.Linux &&\
+ echo PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin SSLPlugin>>Makefile.Linux &&\
+ echo LIBS = -l:libcrypto.a -l:libssl.a -ldl >>Makefile.Linux &&\
+ make -f Makefile.Linux &&\
+ strip bin/3proxy &&\
+ strip bin/StringsPlugin.ld.so &&\
+ strip bin/TrafficPlugin.ld.so &&\
+ strip bin/PCREPlugin.ld.so &&\
+ strip bin/TransparentPlugin.ld.so &&\
+ strip bin/SSLPlugin.ld.so &&\
+ mkdir /usr/local/lib/3proxy &&\
+ cp "/lib/`gcc -dumpmachine`"/libdl.so.* /usr/local/lib/3proxy/
+
+FROM busybox:glibc
+COPY --from=buildenv /usr/local/lib/3proxy/libdl.so.* /lib/
+COPY --from=buildenv 3proxy/bin/3proxy /bin/
+COPY --from=buildenv 3proxy/bin/*.ld.so /usr/local/3proxy/libexec/
+RUN mkdir /usr/local/3proxy/logs &&\
+ mkdir /usr/local/3proxy/conf &&\
+ chown -R 65535:65535 /usr/local/3proxy &&\
+ chmod -R 550  /usr/local/3proxy &&\
+ chmod 750  /usr/local/3proxy/logs &&\
+ chmod -R 555 /usr/local/3proxy/libexec &&\
+ chown -R root /usr/local/3proxy/libexec &&\
+ mkdir /etc/3proxy/ &&\
+ echo chroot /usr/local/3proxy 65535 65535 >/etc/3proxy/3proxy.cfg &&\
+ echo include /conf/3proxy.cfg >>/etc/3proxy/3proxy.cfg &&\
+ chmod 440  /etc/3proxy/3proxy.cfg
+CMD ["/bin/3proxy", "/etc/3proxy/3proxy.cfg"]

Dockerfile.minimal

@@ -0,0 +1,41 @@
+# dockerfile for "interactive" minimal 3proxy execution, no configuration mounting is required, configuration
+# is accepted from stdin. Use "end" command to indicate the end of configuration. Use "log" for stdout logging.
+#
+# This is busybox based docker with only 3proxy static executable and empty non-writable "run" directory.
+#
+# "plugin" is not supported
+#
+# Build:
+#
+# docker build -f Dockerfile.minimal -t 3proxy.minimal .
+#
+# Run example:
+#
+# docker run -i -p 3129:3129 --name 3proxy 3proxy.minimal  
+#or
+# docker start -i 3proxy
+#<chroot run 65535 65535
+#<nserver 8.8.8.8
+#<nscache 65535
+#<log
+#<proxy -p3129
+#<end
+#
+# use "chroot run 65536 65536" in config for safe chroot environment. nserver is required for DNS resolutions in chroot.
+
+
+FROM gcc AS buildenv
+COPY . 3proxy
+RUN cd 3proxy &&\
+ echo "">>Makefile.Linux &&\
+ echo LDFLAGS = -fPIC -O2 -fno-strict-aliasing -pthread >>Makefile.Linux &&\
+ echo PLUGINS = >>Makefile.Linux &&\
+ echo LIBS = >>Makefile.Linux &&\
+ echo CFLAGS = -g  -fPIC -O2 -fno-strict-aliasing -c -pthread -DWITHSPLICE -D_GNU_SOURCE -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER -DNOPLUGINS >>Makefile.Linux &&\
+ make -f Makefile.Linux &&\
+ strip bin/3proxy
+ 
+FROM busybox:glibc
+COPY --from=buildenv 3proxy/bin/3proxy /bin/3proxy
+RUN mkdir /run && chmod 555 /run
+CMD ["/bin/3proxy"]

Makefile.FreeBSD

@@ -0,0 +1,49 @@
+#
+# 3 proxy Makefile for GCC/Unix
+#
+# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
+# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
+
+BUILDDIR = ../bin/
+CC ?= cc
+
+CFLAGS += -c -fno-strict-aliasing -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
+COUT = -o 
+LN ?= ${CC}
+LDFLAGS += -pthread -fno-strict-aliasing 
+# -lpthreads may be reuiured on some platforms instead of -pthreads
+# -ldl or -lld may be required for some platforms
+DCFLAGS = -fPIC
+DLFLAGS = -shared
+DLSUFFICS = .so
+LIBS =
+LIBSPREFIX = -l
+LIBSSUFFIX = 
+LNOUT = -o 
+EXESUFFICS =
+OBJSUFFICS = .o
+DEFINEOPTION = -D
+COMPFILES = *~
+REMOVECOMMAND = rm -f
+AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -perm +111 -delete) || true
+TYPECOMMAND = cat
+COMPATLIBS =
+MAKEFILE = Makefile.FreeBSD
+PLUGINS = StringsPlugin TrafficPlugin PCREPlugin PamAuth TransparentPlugin
+
+include Makefile.inc
+
+install: all
+	if [ ! -d "/usr/local/3proxy/bin" ]; then mkdir -p /usr/local/3proxy/bin/; fi
+	install bin/3proxy /usr/local/3proxy/bin/3proxy
+	install bin/mycrypt /usr/local/3proxy/bin/mycrypt
+	install scripts/add3proxyuser.sh /usr/local/3proxy/bin/
+	if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then /usr/local/3proxy/3proxy.cfg already exists ; else install scripts/3proxy.cfg /usr/local/etc/3proxy/; fi
+	if [ ! -d /var/log/3proxy/ ]; then mkdir /var/log/3proxy/; fi
+	touch /usr/local/3proxy/passwd
+	touch /usr/local/3proxy/counters
+	touch /usr/local/3proxy/bandlimiters
+	echo Run /usr/local/3proxy/bin/add3proxyuser.sh to add \'admin\' user
+
+allplugins:
+	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;	cd ../.. ; done

Makefile.Linux

@@ -1,38 +1,40 @@
-#$Id: Makefile.Linux,v 1.24 2014-04-07 20:34:57 vlad Exp $
 #
 # 3 proxy Makefile for GCC/Linux/Cygwin
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
-# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
+# remove -DNOODBC from CFLAGS and add -lodbc to LIBS to compile with ODBC
 # library support. Add -DSAFESQL for poorely written ODBC library / drivers.
 
-BUILDDIR =
+BUILDDIR = ../bin/
 CC = gcc
 
-CFLAGS = -Wall -g -O2 -c -pthread -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
+CFLAGS = -g  -fPIC -O2 -fno-strict-aliasing -c -pthread -DWITHSPLICE -D_GNU_SOURCE -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER
 COUT = -o 
-LN = gcc
-DCFLAGS = -fpic
-LDFLAGS = -Wall -O2 -pthread
+LN = $(CC)
+DCFLAGS = 
+LDFLAGS = -fPIC -O2 -fno-strict-aliasing -pthread
 DLFLAGS = -shared
 DLSUFFICS = .ld.so
 # -lpthreads may be reuqired on some platforms instead of -pthreads
-#LIBS = -lcrypto -lssl -ldl 
-# libcrypto and libssl are required for SSLPlugin
-LIBS = -ldl 
+LIBSPREFIX = -l
+LIBSSUFFIX = 
 LNOUT = -o 
 EXESUFFICS =
 OBJSUFFICS = .o
 DEFINEOPTION = -D
 COMPFILES = *~
 REMOVECOMMAND = rm -f
+AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.Linux
-#PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
-# SSLPlugin is not built by default because of external dependencies
+# PamAuth requires libpam, you may require pam-devel package to be installed
+# SSLPlugin requires  -lcrypto -lssl
+#LIBS = -lcrypto -lssl -ldl 
+LIBS = -ldl 
+#PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
 PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
 
 include Makefile.inc
@@ -41,55 +43,77 @@ allplugins:
 	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;	cd ../.. ; done
 
 DESTDIR		=
-prefix		= /usr/local
+prefix		= 
 exec_prefix	= $(prefix)
-man_prefix	= $(prefix)/share
+man_prefix	= /usr/share
+chroot_prefix	= /usr/local
 
 INSTALL		= /usr/bin/install
 INSTALL_BIN	= $(INSTALL) -m 755
 INSTALL_DATA	= $(INSTALL) -m 644
-INSTALL_OBJS	= src/3proxy \
-		  src/countersutil \
-		  src/dighosts \
-		  src/ftppr \
-		  src/mycrypt \
-		  src/pop3p \
-		  src/proxy \
-		  src/socks \
-		  src/tcppm \
-		  src/udppm
+INSTALL_OBJS	= bin/3proxy \
+		  bin/ftppr \
+		  bin/mycrypt \
+		  bin/pop3p \
+		  bin/proxy \
+		  bin/socks \
+		  bin/tcppm \
+		  bin/udppm \
+		  bin/tlspr
 		  
 
+INSTALL_CFG	 = scripts/3proxy.cfg.chroot
 INSTALL_CFG_OBJS = scripts/3proxy.cfg \
 		   scripts/add3proxyuser.sh
-INSTALL_CFG_DEST = config
 
-INSTALL_CFG_OBJS2 = passwd counters bandlimiters
+INSTALL_CFG_OBJS2 = counters bandlimiters
 
+INSTALL_INITD_SCRIPT = scripts/init.d/3proxy.sh
+INSTALL_SYSTEMD_SCRIPT = scripts/3proxy.service
+
+CHROOTDIR	= $(DESTDIR)$(chroot_prefix)/3proxy
+CHROOTREL	= ../..$(chroot_prefix)/3proxy
 MANDIR1		= $(DESTDIR)$(man_prefix)/man/man1
 MANDIR3		= $(DESTDIR)$(man_prefix)/man/man3
 MANDIR8		= $(DESTDIR)$(man_prefix)/man/man8
 BINDIR		= $(DESTDIR)$(exec_prefix)/bin
-ETCDIR		= $(DESTDIR)$(prefix)/etc/3proxy
+ETCDIR		= $(DESTDIR)/etc/3proxy
+INITDDIR	= $(DESTDIR)/etc/init.d
+RUNBASE		= $(DESTDIR)/var/run
+RUNDIR		= $(RUNBASE)/3proxy
+LOGBASE		= $(DESTDIR)/var/log
+LOGDIR		= $(LOGBASE)/3proxy
+INSTALL_CFG_DEST = $(ETCDIR)/conf
+SYSTEMDDIR	= $(DESTDIR)/usr/lib/systemd/system/
 
 install-bin:
 	$(INSTALL_BIN) -d $(BINDIR)
 	$(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR)
+	$(INSTALL_BIN) -s bin/*.ld.so $(CHROOTDIR)/libexec
+	chmod -R a-w $(CHROOTDIR)/libexec
 
 install-etc-dir:
 	$(INSTALL_BIN) -d $(ETCDIR)
 
+install-chroot-dir:
+	$(INSTALL_BIN) -d $(CHROOTDIR)
+	$(INSTALL_BIN) -d $(CHROOTDIR)/conf
+	$(INSTALL_BIN) -d $(CHROOTDIR)/logs
+	$(INSTALL_BIN) -d $(CHROOTDIR)/count
+	$(INSTALL_BIN) -d $(CHROOTDIR)/libexec
+	chmod -R o-rwx $(CHROOTDIR)
+
 install-etc-default-config:
-	if [ -f $(ETCDIR)/$(INSTALL_CFG_DEST) ]; then \
-	   : ; \
-	else \
-	   $(INSTALL_DATA) $(INSTALL_CFG_OBJS) $(ETCDIR)/$(INSTALL_CFG_DEST) \
+	if [ ! -d $(INSTALL_CFG_DEST) ]; then \
+	   ln -s $(CHROOTREL)/conf $(INSTALL_CFG_DEST); \
+	   $(INSTALL_BIN) $(INSTALL_CFG) $(ETCDIR)/3proxy.cfg; \
+	   $(INSTALL_BIN) $(INSTALL_CFG_OBJS) $(INSTALL_CFG_DEST); \
 	fi
 
-install-etc: install-etc-dir
+install-etc: install-etc-dir install-etc-default-config
 	for file in $(INSTALL_CFG_OBJS2); \
 	do \
-	  touch $(ETCDIR)/$$file; chmod 0600 $(ETCDIR)/$$file; \
+	  touch $(INSTALL_CFG_DEST)/$$file; chmod 0600 $(INSTALL_CFG_DEST)/$$file; \
 	done;
 
 install-man:
@@ -98,5 +122,23 @@ install-man:
 	$(INSTALL_DATA) man/*.3 $(MANDIR3)
 	$(INSTALL_DATA) man/*.8 $(MANDIR8)
 
-install: install-bin install-etc install-man
+install-init:
+	$(INSTALL_BIN) -d $(INITDDIR)
+	$(INSTALL_BIN) $(INSTALL_INITD_SCRIPT) $(INITDDIR)/3proxy
+	$(INSTALL_BIN) -d $(SYSTEMDDIR)
+	$(INSTALL_DATA) $(INSTALL_SYSTEMD_SCRIPT) $(SYSTEMDDIR)
 
+install-run:
+	$(INSTALL_BIN) -d $(RUNDIR)
+
+install-log:
+	$(INSTALL_BIN) -d $(LOGBASE)
+	@if [ ! -d $(LOGDIR) ]; then \
+	 ln -s $(CHROOTREL)/logs $(LOGDIR);\
+	fi
+
+install: install-chroot-dir install-bin install-etc install-log install-man install-run install-init
+	@if [ "$(DESTDIR)" = "" ]; then \
+	 sh scripts/debian/preinst; \
+	 sh scripts/debian/postinst; \
+	fi

Makefile.Solaris

@@ -1,4 +1,3 @@
-#$Id: Makefile.Solaris,v 1.18 2008/09/30 13:58:44 vlad Exp $
 #
 # 3 proxy Makefile for Solaris/SunCC
 #
@@ -8,26 +7,29 @@
 # remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
 # library support. Add -DSAFESQL for poorely written ODBC library / drivers.
 
-BUILDDIR =
+BUILDDIR = ../bin/
 CC = cc
 CFLAGS = -xO3 -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
 COUT = -o ./
-LN = cc
+LN = $(CC)
 LDFLAGS = -xO3
-DCFLAGS = -fpic
+DCFLAGS = -fPIC
 DLFLAGS = -shared
 DLSUFFICS = .ld.so
 LIBS = -lpthread -lsocket -lnsl -lresolv -ldl
+LIBSPREFIX = -l
+LIBSSUFFIX = 
 LNOUT = -o ./
 EXESUFFICS =
 OBJSUFFICS = .o
 DEFINEOPTION = -D
 COMPFILES = *~
 REMOVECOMMAND = rm -f
+AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.Solaris
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin
+PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
 
 include Makefile.inc
 

Makefile.Solaris-gcc

@@ -1,4 +1,3 @@
-#$Id: Makefile.Solaris-gcc,v 1.14 2008/09/30 13:58:44 vlad Exp $
 #
 # 3 proxy Makefile for Solaris/gcc
 #
@@ -9,22 +8,25 @@
 # library support. Add -DSAFESQL for poorely written ODBC library / drivers.
 
 
-BUILDDIR =
+BUILDDIR = ../bin/
 CC = gcc
-CFLAGS = -O3 -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
+CFLAGS = -O2 -fno-strict-aliasing -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
 COUT = -o ./
-LN = gcc
+LN = $(CC)
 LDFLAGS = -O3
-DCFLAGS = -fpic
+DCFLAGS = -fPIC
 DLFLAGS = -shared
 DLSUFFICS = .ld.so
 LIBS = -lpthread -lsocket -lnsl -lresolv -ldl
+LIBSPREFIX = -l
+LIBSSUFFIX = 
 LNOUT = -o ./
 EXESUFFICS =
 OBJSUFFICS = .o
 DEFINEOPTION = -D
 COMPFILES = *~
 REMOVECOMMAND = rm -f
+AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.Solaris-gcc

Makefile.ccc

@@ -1,35 +0,0 @@
-#$Id: Makefile.ccc,v 1.12 2007/04/10 16:29:25 vlad Exp $
-#
-# 3 proxy Makefile for Compaq C Compiler
-#
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
-#
-# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
-# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
-
-BUILDDIR =
-CC = ccc
-CFLAGS = -Wall -O2 -c -pthread -D_THREAD_SAFE -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -WITH_POLL
-COUT = -o 
-LN = ccc
-LDFLAGS = -Wall -O2 -pthread
-DCFLAGS = -fpic
-DLFLAGS = -shared
-DLSUFFICS = .ld.so
-LIBS =
-LNOUT = -o 
-EXESUFFICS =
-OBJSUFFICS = .o
-DEFINEOPTION = -D
-COMPFILES = *~
-REMOVECOMMAND = rm -f
-TYPECOMMAND = cat
-COMPATLIBS =
-MAKEFILE = Makefile.ccc
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin
-
-include Makefile.inc
-
-allplugins:
-	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;	cd ../.. ; done

Makefile.debug

@@ -1,4 +1,3 @@
-#$Id: Makefile.debug,v 1.7 2007/04/18 05:33:19 vlad Exp $
 #
 # 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
 #

Makefile.inc

@@ -1,13 +1,13 @@
-#$Id: Makefile.inc,v 1.3 2007/01/23 16:00:26 vlad Exp $
 #
 # 3 proxy common Makefile
 #
 
 all:
-	$(TYPECOMMAND) $(MAKEFILE) > src/Makefile.var
+	@$(TYPECOMMAND) $(MAKEFILE) > src/Makefile.var
 	@cd src && $(MAKE)
 
 clean:
-	@$(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES)
-	@cd src && $(MAKE) clean
+	@cd src && $(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES) && cd ..
+	@$(AFTERCLEAN)
+	
 

Makefile.intl

@@ -1,4 +1,3 @@
-#$Id: Makefile.intl,v 1.8 2007/07/21 18:47:00 vlad Exp $
 #
 # 3 proxy Makefile for Intel C compiler for Windows (for both make and nmake)
 #

Makefile.llvm

@@ -0,0 +1,46 @@
+#
+# 3 proxy Makefile for GCC/windows
+#
+# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
+# libraries
+#
+# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
+# library support
+
+
+BUILDDIR = ../bin/
+CC = clang
+CFLAGS = -O2 -fno-strict-aliasing -c -pthread -DWITH_STD_MALLOC -DWITH_WSAPOLL
+COUT = -o 
+LN = $(CC)
+LDFLAGS = -O2 -fno-strict-aliasing -s
+DLFLAGS = -shared
+DLSUFFICS = .dll
+LIBS = -lws2_32 -lodbc32 -ladvapi32 -luser32 -lcrypto -lssl
+LIBSPREFIX = -l
+LIBSSUFFIX = 
+LNOUT = -o 
+EXESUFFICS = .exe
+OBJSUFFICS = .o
+DEFINEOPTION = -D
+COMPFILES = *.tmp
+REMOVECOMMAND = rm -f
+AFTERCLEAN = find src/ -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete
+TYPECOMMAND = cat
+COMPATLIBS =
+MAKEFILE = Makefile.llvm
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin SSLPlugin
+VERFILE := 3proxy.res $(VERFILE)
+VERSION := $(VERSION)
+VERSIONDEP := 3proxy.res $(VERSIONDEP)
+BUILDDATE := $(BUILDDATE)
+AFTERCLEAN = (find . -type f -name "*.o" -delete && find . -type f -name "*.res" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
+
+include Makefile.inc
+
+3proxy.res:
+	llvm-rc 3proxy.rc
+
+allplugins:
+	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;	cd ../.. ; done
+

Makefile.msvc

@@ -1,4 +1,3 @@
-#$Id: Makefile.msvc,v 1.17 2010-11-11 14:44:11 v.dubrovin Exp $
 #
 # 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
 #
@@ -9,34 +8,37 @@
 
 BUILDDIR = ../bin/
 CC = cl
-CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c
+CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "WITH_SSL" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
 COUT = /Fo
 LN = link
-LDFLAGS = /nologo /subsystem:console /incremental:no /machine:I386
+LDFLAGS =  /nologo /subsystem:console /incremental:no /machine:I386
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib 
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib  libcrypto.lib libssl.lib
 LIBSOLD = libeay32MT.lib ssleay32MT.lib
+LIBSPREFIX = 
+LIBSSUFFIX = .lib
 LIBEXT = .lib                                                                                               
 LNOUT = /out:
 EXESUFFICS = .exe
 OBJSUFFICS = .obj
 DEFINEOPTION = /D 
 COMPFILES = *.pch *.idb
-REMOVECOMMAND = del 2>NUL >NUL
+REMOVECOMMAND = del
 TYPECOMMAND = type
 COMPATLIBS =
 MAKEFILE = Makefile.msvc
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin lastFripper FilePlugin
-VERFILE = 3proxyres.obj $(VERFILE)
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
+VERFILE = 3proxy.res $(VERFILE)
+VERSION = $(VERSION)
+VERSIONDEP = 3proxy.res $(VERSIONDEP)
+BUILDDATE = $(BUILDDATE)
+AFTERCLEAN = if exist src\*.res (del src\*.res) && if exist src\*.err (del src\*.err)
 
 include Makefile.inc
 
-../3proxy.res:
-	rc /fo../3proxy.res ../3proxy.rc
-
-3proxyres.obj: ../3proxy.res
-	cvtres /out:3proxyres.obj /MACHINE:X86 ../3proxy.res
+3proxy.res:
+	rc 3proxy.rc
 
 allplugins:
 	for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)

Makefile.msvc64

@@ -1,4 +1,3 @@
-#$Id: Makefile.msvc64,v 1.14 2007/07/21 18:47:05 vlad Exp $
 #
 # 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
 #
@@ -9,14 +8,16 @@
 
 BUILDDIR = ../bin64/
 CC = cl
-CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c
+CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_SSL" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
 COUT = /Fo
 LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no /machine:x64
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib 
-LIBSOLD = libeay32MT.lib ssleay32MT.lib
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib libcrypto.lib libssl.lib
+LIBSOLD = libeay32.lib ssleay32.lib
+LIBSPREFIX = 
+LIBSSUFFIX = .lib
 LIBEXT = .lib
 LNOUT = /out:
 EXESUFFICS = .exe
@@ -26,17 +27,19 @@ COMPFILES = *.pch *.idb
 REMOVECOMMAND = del 2>NUL >NUL
 TYPECOMMAND = type
 COMPATLIBS =
-MAKEFILE = Makefile.msvc64
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
-VERFILE = 3proxyres.obj $(VERFILE)
+VERFILE = 3proxy.res $(VERFILE)
+VERSIONDEP = 3proxy.res $(VERSIONDEP)
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
+AFTERCLEAN = del src\*.res
 
 include Makefile.inc
 
-../3proxy.res:
-	rc /fo../3proxy.res ../3proxy.rc
+3proxy.res:
+	rc 3proxy.rc
 
 3proxyres.obj: ../3proxy.res
-	cvtres /out:3proxyres.obj /MACHINE:X64 ../3proxy.res
+	cvtres /out:3proxyres.obj /machine:x64 ../3proxy.res
+
 
 allplugins:
 	for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)

Makefile.msvcARM64

@@ -0,0 +1,48 @@
+#
+# 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
+#
+# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
+# libraries
+#
+# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
+
+BUILDDIR = ../bin64/
+CC = cl
+CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "WITH_SSL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
+COUT = /Fo
+LN = link
+LDFLAGS = /nologo /subsystem:console /incremental:no /machine:arm64
+DLFLAGS = /DLL
+DLSUFFICS = .dll
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libcrypto.lib libssl.lib
+LIBSOLD =
+LIBSPREFIX = 
+LIBSSUFFIX = .lib
+LIBEXT = .lib
+LNOUT = /out:
+EXESUFFICS = .exe
+OBJSUFFICS = .obj
+DEFINEOPTION = /D 
+COMPFILES = *.pch *.idb
+REMOVECOMMAND = del 2>NUL >NUL
+TYPECOMMAND = type
+COMPATLIBS =
+MAKEFILE = Makefile.msvcARM64
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
+VERFILE = 3proxy.res $(VERFILE)
+VERSIONDEP = 3proxy.res $(VERSIONDEP)
+AFTERCLEAN = del src\*.res
+
+
+include Makefile.inc
+
+3proxy.res:
+	rc 3proxy.rc
+
+3proxyres.obj: ../3proxy.res
+	cvtres /out:3proxyres.obj /machine:x64 ../3proxy.res
+
+
+allplugins:
+	for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)
+

Makefile.msvcCE

@@ -1,4 +1,3 @@
-#$Id: Makefile.msvc,v 1.14 2007/07/21 18:47:02 vlad Exp $
 #
 # 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
 #
@@ -9,7 +8,7 @@
 
 BUILDDIR = ../bin/
 CC = cl
-CFLAGS = /DARM /D "NOODBC" /nologo /MT /W3 /Wp64 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "_WINCE" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c
+CFLAGS = /DARM /D "NOODBC" /nologo /MT /W3 /Wp64 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "_WINCE" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c
 COUT = /Fo
 LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no

Makefile.openwrt-mips

@@ -0,0 +1,102 @@
+#
+# 3 proxy Makefile for GCC/Linux/Cygwin
+#
+# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
+# libraries
+#
+# remove -DNOODBC from CFLAGS and add -lodbc to LIBS to compile with ODBC
+# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
+
+BUILDDIR = ../bin/
+CC = mips-openwrt-linux-gcc
+
+CFLAGS = -g -O2 -fno-strict-aliasing -c -pthread -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER
+COUT = -o 
+LN = $(CC)
+DCFLAGS = -fPIC
+LDFLAGS = -O2 -fno-strict-aliasing -pthread -s
+DLFLAGS = -shared
+DLSUFFICS = .ld.so
+# -lpthreads may be reuqired on some platforms instead of -pthreads
+LIBSPREFIX = -l
+LIBSSUFFIX = 
+LNOUT = -o 
+EXESUFFICS =
+OBJSUFFICS = .o
+DEFINEOPTION = -D
+COMPFILES = *~
+REMOVECOMMAND = rm -f
+AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
+TYPECOMMAND = cat
+COMPATLIBS =
+MAKEFILE = Makefile.openwrt-mips
+# PamAuth requires libpam, you may require pam-devel package to be installed
+# SSLPlugin requires  -lcrypto -lssl
+#LIBS = -lcrypto -lssl -ldl 
+LIBS = -ldl 
+#PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
+PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
+
+include Makefile.inc
+
+allplugins:
+	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;	cd ../.. ; done
+
+DESTDIR		=
+prefix		= /usr/local
+exec_prefix	= $(prefix)
+man_prefix	= $(prefix)/share
+
+INSTALL		= /usr/bin/install
+INSTALL_BIN	= $(INSTALL) -m 755
+INSTALL_DATA	= $(INSTALL) -m 644
+INSTALL_OBJS	= src/3proxy \
+		  src/ftppr \
+		  src/mycrypt \
+		  src/pop3p \
+		  src/proxy \
+		  src/socks \
+		  src/tcppm \
+		  src/udppm
+		  
+
+INSTALL_CFG_OBJS = scripts/3proxy.cfg \
+		   scripts/add3proxyuser.sh
+INSTALL_CFG_DEST = config
+
+INSTALL_CFG_OBJS2 = passwd counters bandlimiters
+
+MANDIR1		= $(DESTDIR)$(man_prefix)/man/man1
+MANDIR3		= $(DESTDIR)$(man_prefix)/man/man3
+MANDIR8		= $(DESTDIR)$(man_prefix)/man/man8
+BINDIR		= $(DESTDIR)$(exec_prefix)/bin
+ETCDIR		= $(DESTDIR)$(prefix)/etc/3proxy
+
+install-bin:
+	$(INSTALL_BIN) -d $(BINDIR)
+	$(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR)
+
+install-etc-dir:
+	$(INSTALL_BIN) -d $(ETCDIR)
+
+install-etc-default-config:
+	if [ -f $(ETCDIR)/$(INSTALL_CFG_DEST) ]; then \
+	   : ; \
+	else \
+	   $(INSTALL_DATA) $(INSTALL_CFG_OBJS) $(ETCDIR)/$(INSTALL_CFG_DEST) \
+	fi
+
+install-etc: install-etc-dir
+	for file in $(INSTALL_CFG_OBJS2); \
+	do \
+	  touch $(ETCDIR)/$$file; chmod 0600 $(ETCDIR)/$$file; \
+	done;
+
+install-man:
+	$(INSTALL_BIN) -d $(MANDIR3)
+	$(INSTALL_BIN) -d $(MANDIR8)
+	$(INSTALL_DATA) man/*.3 $(MANDIR3)
+	$(INSTALL_DATA) man/*.8 $(MANDIR8)
+
+install: install-bin install-etc install-man
+

Makefile.unix

@@ -1,4 +1,3 @@
-#$Id: Makefile.unix,v 1.20 2007/04/10 16:29:25 vlad Exp $
 #
 # 3 proxy Makefile for GCC/Unix
 #
@@ -8,37 +7,40 @@
 # remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
 # library support. Add -DSAFESQL for poorely written ODBC library / drivers.
 
-BUILDDIR =
+BUILDDIR = ../bin/
 CC = gcc
 
 # you may need -L/usr/pkg/lib for older NetBSD versions
-CFLAGS = -Wall -g -O2 -c -pthread -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
+CFLAGS = -g -O2 -fno-strict-aliasing -c -pthread -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
 COUT = -o 
-LN = gcc
-LDFLAGS = -Wall -O2 -pthread
+LN = $(CC)
+LDFLAGS = -O2 -fno-strict-aliasing -pthread
 # -lpthreads may be reuqired on some platforms instead of -pthreads
 # -ldl or -lld may be required for some platforms
-DCFLAGS = -fpic
+DCFLAGS = -fPIC
 DLFLAGS = -shared
 DLSUFFICS = .ld.so
 LIBS =
+LIBSPREFIX = -l
+LIBSSUFFIX = 
 LNOUT = -o 
 EXESUFFICS =
 OBJSUFFICS = .o
 DEFINEOPTION = -D
 COMPFILES = *~
 REMOVECOMMAND = rm -f
+AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.unix
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin
+PLUGINS = StringsPlugin TrafficPlugin PCREPlugin PamAuth TransparentPlugin
 
 include Makefile.inc
 
 install: all
 	if [ ! -d /usr/local/etc/3proxy/bin ]; then mkdir -p /usr/local/etc/3proxy/bin/; fi
-	install src/3proxy /usr/local/etc/3proxy/bin/3proxy
-	install src/mycrypt /usr/local/etc/3proxy/bin/mycrypt
+	install bin/3proxy /usr/local/etc/3proxy/bin/3proxy
+	install bin/mycrypt /usr/local/etc/3proxy/bin/mycrypt
 	install scripts/rc.d/proxy.sh /usr/local/etc/rc.d/proxy.sh
 	install scripts/add3proxyuser.sh /usr/local/etc/3proxy/bin/
 	if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then

Makefile.unix-install

@@ -6,16 +6,14 @@ man_prefix	= $(prefix)/share
 INSTALL		= /usr/bin/install
 INSTALL_BIN	= $(INSTALL) -m 755
 INSTALL_DATA	= $(INSTALL) -m 644
-INSTALL_OBJS	= src/3proxy \
-		  src/countersutil \
-		  src/dighosts \
-		  src/ftppr \
-		  src/mycrypt \
-		  src/pop3p \
-		  src/proxy \
-		  src/socks \
-		  src/tcppm \
-		  src/udppm \
+INSTALL_OBJS	= bin/3proxy \
+		  bin/ftppr \
+		  bin/mycrypt \
+		  bin/pop3p \
+		  bin/proxy \
+		  bin/socks \
+		  bin/tcppm \
+		  bin/udppm \
 		  scripts/add3proxyuser.sh
 
 INSTALL_CFG_OBJS = scripts/3proxy.cfg

Makefile.watcom

@@ -0,0 +1,72 @@
+#
+# 3 proxy Makefile for Open Watcom 2
+#
+# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
+# libraries
+#
+# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
+
+BUILDDIR = ../bin/
+CC = cl
+CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NOODBC" /D "NORADIUS" /D"WATCOM" /D "MSVC" /D "WITH_STD_MALLOC" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /c $(VERSION) $(BUILDDATE)
+COUT = /Fo
+LN = link
+LDFLAGS = /nologo /subsystem:console /incremental:no 
+DLFLAGS = /DLL
+DLSUFFICS = .dll
+LIBS = ws2_32.lib advapi32.lib user32.lib kernel32.lib
+LIBSOLD = libeay32MT.lib ssleay32MT.lib
+LIBSPREFIX = 
+LIBSSUFFIX = .lib
+LIBEXT = .lib                                                                                               
+LNOUT = /out:
+EXESUFFICS = .exe
+OBJSUFFICS = .obj
+DEFINEOPTION = /D 
+COMPFILES = *.pch *.idb *.err
+REMOVECOMMAND = del 2>NUL >NUL
+TYPECOMMAND = type
+COMPATLIBS =
+MAKEFILE = Makefile.watcom
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
+VERFILE = $(VERFILE)
+VERSION = $(VERSION)
+VERSIONDEP = 3proxy.res $(VERSIONDEP)
+BUILDDATE = $(BUILDDATE)
+
+include Makefile.inc
+
+3proxy.res:
+	rc 3proxy.rc
+
+allplugins:
+	copy Makefile plugins\utf8tocp1251
+	copy Makefile.var plugins\utf8tocp1251
+	cd plugins\utf8tocp1251
+	nmake
+	del *.obj *.idb
+	cd ../../
+	copy Makefile plugins\WindowsAuthentication
+	copy Makefile.var plugins\WindowsAuthentication
+	cd plugins\WindowsAuthentication
+	nmake
+	del *.obj *.idb
+	cd ../../
+	copy Makefile plugins\TrafficPlugin
+	copy Makefile.var plugins\TrafficPlugin
+	cd plugins\TrafficPlugin
+	nmake
+	del *.obj *.idb
+	cd ../../
+	copy Makefile plugins\StringsPlugin
+	copy Makefile.var plugins\StringsPlugin
+	cd plugins\StringsPlugin
+	nmake
+	del *.obj *.idb
+	cd ../../
+	copy Makefile plugins\PCREPlugin
+	copy Makefile.var plugins\PCREPlugin
+	cd plugins\PCREPlugin
+	nmake
+	del *.obj *.idb
+	cd ../../

Makefile.win

@@ -1,4 +1,3 @@
-#$Id: Makefile.win,v 1.9 2007/08/20 15:26:27 vlad Exp $
 #
 # 3 proxy Makefile for GCC/windows
 #
@@ -11,13 +10,15 @@
 
 BUILDDIR = ../bin/
 CC = gcc
-CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC
+CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DWITH_WSAPOLL 
 COUT = -o 
 LN = gcc
-LDFLAGS = -O2 -s  -mthreads
+LDFLAGS = -O2 -s -mthreads
 DLFLAGS = -shared
 DLSUFFICS = .dll
-LIBS = -lws2_32 -lodbc32 -ladvapi32
+LIBS = -lws2_32 -lodbc32 -ladvapi32 -luser32 -lcrypto -lssl
+LIBSPREFIX = -l
+LIBSSUFFIX = 
 LNOUT = -o 
 EXESUFFICS = .exe
 OBJSUFFICS = .o
@@ -27,9 +28,18 @@ REMOVECOMMAND = rm -f
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.win
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin SSLPLugin
+VERFILE := 3proxyres.o $(VERFILE)
+VERSION := $(VERSION)
+VERSIONDEP := 3proxyres.o $(VERSIONDEP)
+BUILDDATE := $(BUILDDATE)
+AFTERCLEAN = (find . -type f -name "*.o" -delete && find . -type f -name "*.res" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
 
 include Makefile.inc
 
+3proxyres.o:
+	windres 3proxy.rc -o 3proxyres.o
+
 allplugins:
-	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;  rm *.o ; cd ../.. ; done
+	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;	cd ../.. ; done
+

Makefile.winCE

@@ -1,4 +1,3 @@
-#$Id: Makefile.win,v 1.9 2007/08/20 15:26:27 vlad Exp $
 #
 # 3 proxy Makefile for GCC/windows
 #
@@ -11,10 +10,10 @@
 
 BUILDDIR = ../bin/
 CC = /opt/cegcc/arm-wince-cegcc/bin/gcc
-CFLAGS = -Wall -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOODBC -D_WINCE -D_WIN32 -D__USE_W32_SOCKETS
+CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOODBC -D_WINCE -D_WIN32 -DNORADIUS -D__USE_W32_SOCKETS
 COUT = -o 
 LN = /opt/cegcc/arm-wince-cegcc/bin/gcc
-LDFLAGS = -Wall -O2 -s -mthreads
+LDFLAGS = -O2 -s -mthreads
 DLFLAGS = -shared
 DLSUFFICS = .dll
 LIBS = -lws2

README

@@ -1,24 +1,194 @@
-/*
-   3APA3A 3proxy tiny proxy server
-   (c) 2002-2014 by Vladimir '3APA3A' Dubrovin <3proxy@3proxy.ru>
+# 3APA3A 3proxy tiny proxy server
+(c) 2002-2025 by Vladimir '3APA3A' Dubrovin <3proxy@3proxy.org>
 
-   please read License Agreement
-*/
 
-Please read doc/html/index.html and man pages.
+Branches:
+Master (stable) branch - 3proxy 0.9 
+Devel branch - 3proxy 10 (don't use it)
+
+
+* Download
+	Binaries and sources for released (master) versions (Windows, Linux):
+	https://github.com/z3APA3A/3proxy/releases
+
+	Docker images:
+	https://hub.docker.com/repository/docker/3proxy/3proxy
+	Archive of old versions: https://github.com/z3APA3A/3proxy-archive
+
+* Documentation
+	Documentation (man pages and HTML) available with download, on https://3proxy.org/
+	and in github wiki https://github.com/3proxy/3proxy/wiki
+
+* Windows installation
+
+3proxy --install 
+	
+	installs and starts proxy as Windows service
+	(config file should be located in the same directory)
+
+3proxy --remove 
+
+	removes the service (should be stopped before via
+	'net stop 3proxy').
+
+* To build in Linux
+
+install git and build-essential packages, use
+
+git clone https://github.com/z3apa3a/3proxy
+cd 3proxy
+ln -s Makefile.Linux Makefile
+make
+sudo make install
+
+Default configuration (for Linux/Unix):
+3proxy uses 2 configuration files:
+/etc/3proxy/3proxy.cfg (before-chroot). This configuration file is executed before chroot and should not be modified.
+/usr/local/3proxy/conf/3proxy.cfg symlinked from /etc/3proxy/conf/3proxy.cfg (after-chroot) is a main configuration file. Modify this file, if required.
+All paths in /usr/local/3proxy/conf/3proxy.cfg are relative to chroot directory (/usr/local/3proxy). For future versions it's planned to move
+3proxy chroot direcory to /var.
+Log files are created in /usr/local/3proxy/logs symlinked from /var/log/3proxy.
+By default, socks is started on 0.0.0.0:1080 and proxy on 0.0.0.0:3128 with basic auth, no users are added by default.
+
+use /etc/3proxy/conf/add3proxyuser.sh script to add users.
+
+usage: /etc/3proxy/conf/add3proxyuser.sh username password [day_limit] [bandwidth]
+        day_limit - traffic limit in MB per day
+        bandwidth - bandwith in bits per second 1048576 = 1Mbps
+
+or modify /etc/3proxy/conf/ files directly.
+
+* For MacOS X / FreeBSD / *BSD
+
+git clone https://github.com/z3apa3a/3proxy
+cd 3proxy
+ln -s Makefile.FreeBSD Makefile
+make
+
+(binaries are in bin/ directory)
+
+ Features:
+  1. General
+	+ IPv6 support for incoming and outgoing connection,
+	  can be used as a proxy between IPv4 and IPv6 networks
+	  in either direction.
+	+ HTTP/1.1 Proxy with keep-alive client and server support,
+          transparent proxy support.
+	+ HTTPS (CONNECT) proxy (compatible with HTTP/2 / SPDY)
+	+ Anonymous and random client IP emulation for HTTP proxy mode
+	+ FTP over HTTP support.
+	+ DNS caching with built-in resolver
+	+ DNS proxy
+	+ DNS over TCP support, redirecting DNS traffic via parent
+	  proxy
+	+ SOCKSv4/4.5 Proxy
+	+ SOCKSv5 Proxy
+	+ SOCKSv5 UDP and BIND support (fully compatible with
+	  SocksCAP/FreeCAP for UDP)
+	+ Transparent SOCKS redirection for HTTP, POP3, FTP, SMTP
+	+ SNI proxy (based on TLS hostname)
+	+ TLS (SSL) server - may be used as https:// type proxy
+	+ POP3 Proxy
+	+ FTP proxy
+	+ TCP port mapper (port forwarding)
+	+ UDP port mapper (port forwarding)
+	+ SMTP proxy
+	+ Threaded application (no child process).
+	+ Web administration and statistics
+	+ Plugins for functionality extension
+	+ Native 32/64 bit application
+  2. Proxy chaining and network connections
+	+ Can be used as a bridge between client and different proxy type
+	  (e.g. convert incoming HTTP proxy request from client to SOCKSv5
+	  request to parent server).
+	+ Connect back proxy support to bypass firewalls
+	+ Parent proxy support for any type of incoming connection
+	+ Username/password authentication for parent proxy(s).
+	+ HTTPS/SOCKS4/SOCKS5 and ip/port redirection parent support
+	+ Random parent selection
+	+ Chain building (multihop proxing)
+	+ Load balancing between few network connections by choosing network
+	  interface
+  3. Logging
+	+ tuneable log format compatible with any log parser
+	+ stdout logging
+	+ file logging
+	+ syslog logging (Unix)
+	+ ODBC logging
+	+ RADIUS accounting
+	+ log file rotation
+	+ automatic log file processing with external archiver (for files)
+	+ Character filtering for log files
+	+ different log files for different servces are supported
+  4. Access control
+	+ ACL-driven Access control by username, source IP,
+	destination IP/hostname, destination port and destination action
+	(POST, PUT, GET, etc), weekday and daytime.
+	+ ACL-driven (user/source/destination/protocol/weekday/daytime or
+	combined) bandwith limitation for incoming and (!)outgoing trafic.
+	+ ACL-driven traffic limitation per day, week or month for incoming and
+	outgoing traffic
+	+ Connection limitation and ratelimting
+	+ User authentication by username / password
+	+ RADIUS Authentication and Authorization
+	+ User authentication by DNS hostname
+	+ Authentication cache with possibility to limit user to single IP address
+	+ Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP
+	+ Cleartext or encrypted (crypt/MD5 or NT) passwords.
+	+ Connection redirection
+	+ Access control by requested action (CONNECT/BIND, 
+	  HTTP GET/POST/PUT/HEAD/OTHER).
+	+ All access control entries now support weekday and time limitations
+	+ Hostnames and * templates are supported instead of IP address
+  5. Extensions
+	+ Regular expression filtering (with PCRE) via PCREPlugin
+	+ Authentication with Windows username/password (cleartext only)
+	+ SSL/TLS decryptions with certificate spoofing
+	+ Transparent redirection support for Linux and *BSD
+  6. Configuration
+	+ support for configuration files
+	+ support for includes in configuration files
+	+ interface binding
+	+ socket options
+	+ running as daemon process
+	+ utility for automated networks list building
+	+ configuration reload on any file change
+     Unix
+	+ support for chroot
+	+ support for setgid
+	+ support for setuid
+	+ support for signals (SIGUSR1 to reload configuration)
+     Windows
+	+ support --install as service
+	+ support --remove as service
+	+ support for service START, STOP, PAUSE and CONTINUE commands (on
+	PAUSE no new connection accepted, but active connections still in
+	progress, on CONTINUE configuration is reloaded)
+     Windows 95/98/ME
+	+ support --install as service
+	+ support --remove as service
+  6. Compilation
+	+ MSVC (static)
+	+ OpenWatcom (static)
+	+ Intel Windows Compiler (msvcrt.dll)
+	+ Windows/gcc (msvcrt.dll)
+	+ Cygwin/gcc (cygwin.dll)
+	+ Unix/gcc
+	+ Unix/ccc
+	+ Solaris
+	+ Mac OS X, iPhone OS
+	+ Linux and derivered systems
+	+ Lite version for Windows 95/98/NT/2000/XP/2003
+	+ 32 bit and 64 bit versions for Windows Vista and above, Windows 2008 server and above 
 
 3proxy    	Combined proxy server may be used as
-		Windows 95/98/NT/2000/XP/2003/Vista
 		executable or service (supports installation and removal).
 		It uses config file to read it's configuration (see
 		3proxy.cfg.sample for details).
-		--install installs and starts proxy as NT/2000/XP service
-		(config file should be located in the same directory)
-		--remove removes the service (should be stopped before via
-		net stop 3proxy).
 		3proxy.exe is all-in-one, it doesn't require all others .exe
 		to work.
 		See 3proxy.cfg.sample for examples, see man 3proxy.cfg
+
 proxy    	HTTP proxy server, binds to port 3128
 ftppr    	FTP proxy server, binds to port 21
 socks    	SOCKS 4/5 proxy server, binds to port 1080
@@ -28,20 +198,17 @@ pop3p    	POP3 proxy server, binds to port 110. You must specify
 		POP3 username as username@target.host.ip[:port]
 		port is 110 by default.
 		Exmple: in Username configuration for you e-mail reader
-		set someuser@pop.somehost.ru, to obtains mail for someuser
+		set someuser@pop.example.org, to obtains mail for someuser
 		from pop.somehost.ru via proxy.
 smtpp    	SMTP proxy server, binds to port 25. You must specify
 		SMTP username as username@target.host.ip[:port]
 		port is 25 by default.
 		Exmple: in Username configuration for you e-mail reader
-		set someuser@mail.somehost.ru, to send mail as someuser
+		set someuser@mail.example.org, to send mail as someuser
 		via mail.somehost.ru via proxy.
-icqpr    	ICQ/AIM proxy. Maps some TCP port to TCP port of ICQ
-		server and performs packets translation. Example:
-		icqpr 5190 login.icq.com 5190
-msnpr		MSN proxy (beta)
 tcppm    	TCP port mapping. Maps some TCP port on local machine to
 		TCP port on remote host.
+tlspr    	TLS proxy (SNI proxy) - sniffs hostname from TLS handshake
 udppm    	UDP port mapping. Maps some UDP port on local machine to
 		UDP port on remote machine. Only one user simulationeously
 		can use UDP mapping, so it cann't be used for public service
@@ -55,10 +222,10 @@ mycrypt    	Program to obtain crypted password fro cleartext. Supports
 		produces NT password
 			mycrypt salt password
 		produces MD5/crypt password with salt "salt".
-dighosts    	Utility for building networks list from web page.
-countersutil	Utility to manage counters file
 
 
 Run utility with --help option for command line reference.
 
-Latest version is available from http://3proxy.ru/
+Latest version is available from https://3proxy.org/
+
+Want to donate the project? https://3proxy.org/donations/

RELEASE

@@ -0,0 +1 @@
+0.9.5

Release.notes

@@ -1,107 +0,0 @@
-08/04/2014 3[APA3A]tiny proxy 0.7
-
- Features:
-  1. General
-	+ HTTP/1.1 Proxy with keep-alive client and server support,
-          transparent proxy support.
-	+ Anonymous and random client emulation HTTP proxy mode
-	+ FTP over HTTP support.
-	+ DNS caching with built-in resolver
-	+ HTTPS (CONNECT) proxy
-	+ SOCKSv4/4.5 Proxy
-	+ SOCKSv5 Proxy
-	+ UDP and bind support for SOCKSv5 (fully compatible with
-	  SocksCAP/FreeCAP for UDP)
-	+ Transparent SOCKS redirection for HTTP, POP3, FTP, SMTP, ICQ
-	+ POP3 Proxy
-	+ FTP proxy
-	+ DNS proxy
-	+ TCP port mapper
-	+ UDP port mapper
-	+ SMTP proxy
-	+ ICQ/AOL proxy
-	+ MSN proxy
-	+ Threaded application (no child process).
-	+ Web administration and statistics
-	+ Plugins for functionality extension
-	+ Native 64 bit application for 64 bit OS, including 64-bit editions of
-	  Windows XP, Vista, 2003, 2008.
-  2. Proxy chaining and network connections
-	+ Parent proxy support for any type of incoming connection
-	+ Username/password authentication for parent proxy(s).
-	+ HTTPS/SOCKS4/SOCKS5 and redirection parent support
-	+ Random parent selection
-	+ Chain building (multihop proxing)
-	+ Load balancing between few network connections by choosing network
-	  interface
-  3. Logging
-	+ turnable log format compatible with any log parser
-	+ stdout logging
-	+ file logging
-	+ syslog logging (Unix)
-	+ ODBC logging (Windows and Unix)
-	+ log file rotation (hourly, daily, weekly, monthly)
-	+ automatic log file comperssion with external archiver (for files)
-	+ automatic removal of older log files
-	+ Character filtering for log files
-	+ different log files for different servces are supported
-  4. Access control
-	+ ACL-driven (user/source/destination/protocol/weekday/daytime or
-	combined) bandwith limitation for incoming and (!)outgoing trafic.
-	+ ACL-driven (user/source/destination/protocol/weekday/daytime or
-	combined) traffic limitation per day, week or month for incoming and
-	  (!) outgoing traffic
-	+ User authorization by NetBIOS messanger name
-	+ Access control by username, source IP, destination IP, destination
-	port and destination action (POST, PUT, GET, etc), weekday and daytime.
-	+ Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP
-	+ Cleartext or encrypted (crypt/MD5 or NT) passwords.
-	+ Connection redirection
-	+ Access control by requested action (CONNECT/BIND, 
-	  HTTP GET/POST/PUT/HEAD/OTHER).
-	+ NTLM (v1 only) authentication for HTTP proxy access
-	+ All access control entries now support weekday and time limitations
-	+ Hostnames and * templates are supported instead of IP address
-  5. Extensions
-	+ Regular expression filtering (with PCRE) via PCREPlugin
-	  currently HTTP traffic only for URLs, HTTP headers and HTTP data.
-	+ Authentication with Windows username/password (cleartext only!)
-  6. Configuration
-	+ support for configuration files
-	+ support for includes in configuration files
-	+ interface binding
-	+ running as daemon process
-	+ utility for automated networks list building
-	+ configuration reload on any file change
-     Unix
-	+ support for chroot
-	+ support for setgid
-	+ support for setuid
-	+ support for signals
-     Windows NT/2K/XP/2K3
-	+ support --install as service
-	+ support --remove as service
-	+ support for service START, STOP, PAUSE and CONTINUE commands (on
-	PAUSE no new connection accepted, but active connections still in
-	progress, on CONTINUE configuration is reloaded)
-     Windows 95/98/ME
-	+ support --install as service
-	+ support --remove as service
-  6. Compilation
-	+ MSVC (static)
-	+ Intel Windows Compiler (msvcrt.dll)
-	+ Windows/gcc (msvcrt.dll)
-	+ Cygwin/gcc (cygwin.dll)
-	+ Unix/gcc
-	+ Unix/ccc
-	+ Solaris
-	+ Mac OS X, iPhone OS
-
-
- Planned for future (0.8) release:
-   - SSL handling / SSL decryption by certificate spoofing
-   - NAT support under *nix
-   - Addon antiviral, HTTP cache filters modules, authentication
-     modules for different protocols (RADIUS, PAM etc).
-
-$Id: Release.notes,v 1.9 2014-04-07 21:24:42 vlad Exp $

authors

@@ -1 +1 @@
-(c) 2002-2014 by Vladimir '3APA3A' Dubrovin <3proxy@3proxy.ru>
+(c) 2002-2025 by Vladimir '3APA3A' Dubrovin <vlad@3proxy.org>

bin/.gitignore

@@ -0,0 +1,2 @@
+*.cfg
+*.old

cfg/0.scenario.txt

@@ -15,4 +15,3 @@ on the provider's Web server.
 Provider has proxy server 10.1.2.5. Traffic from proxy server is not free, but
 is cheaper than traffic from non-free networks.
 
-$Id: 0.scenario.txt,v 1.2 2004/07/23 13:33:39 vlad Exp $

cfg/3proxy.cfg.sample

@@ -37,7 +37,7 @@ users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"
 service
 # service is required under NT if you want 3proxy to start as service
 
-#log /usr/local/etc/3proxy/logs/3proxy.log D
+#log /var/log/3proxy/log D
 log c:\3proxy\logs\3proxy.log D
 # log allows to specify log file location and rotation, D means logfile
 # is created daily
@@ -199,4 +199,3 @@ admin
 # now we needn't any root rights. We can chroot and setgid/setuid.
 
 
-###$Id: 3proxy.cfg.sample,v 1.7 2006/11/18 14:37:06 vlad Exp $#######

cfg/counters.sample

@@ -50,4 +50,3 @@ internal 127.0.0.1
 allow user1
 admin
 
-#$Id: counters.sample,v 1.2 2004/07/23 13:33:39 vlad Exp $

cfg/sql/3proxy.cfg.sample

@@ -0,0 +1,53 @@
+# By Mark Dreuband
+nserver 10.1.2.1
+nscache 65536
+
+# we can grab wpad file from provider and feed it to dighosts
+# to build list of free networks
+# system "c:\3proxy\dighosts.exe -m http://wpad.security.nnov.ru/wpad.dat c:\3proxy\freenetworks.net"
+
+service
+
+internal 192.168.1.1
+external 10.1.1.1
+
+dnspr
+
+log &3proxylog,root
+#log c:\3proxy\logs\proxy.log D
+#logformat "Linsert into log (timestamp, username, service, clientip, remoteip, remoteport, bytesin, bytesout,request,error) values (
+#logformat "%t '%U' '%N' '%C' '%R' %r %I %O '%T' %E"
+logformat "-\'+_Linsert into log (time, bytesin, bytesout, username, url, host, port, service) values ('%Y-%m-%d %H:%M:%S', %I, %O, '%U', '%T', '%n', %r, '%N');"
+archiver zip c:\3proxy\zip.exe -m -qq %A %F
+rotate 50
+
+
+auth strong
+users temp:CL:password root:CL:password
+
+# access free networks directly
+allow * * $c:\3proxy\freenetworks.net
+# redirect web traffic for non-free networks to provider's proxy
+allow * * * 80
+parent 1000 http 10.1.2.5 3128 
+# allow rest of traffic
+allow *
+proxy
+
+flush
+
+auth iponly
+allow *
+pop3p
+tcppm 25 mail.security.nnov.ru 25
+
+flush
+# redirect port 80 traffic via SOCKS server to local HTTP proxy to
+# have URLs logged
+allow  * * * 80
+parent 1000 http 0.0.0.0 0
+allow *
+socks
+
+#daemon
+

cfg/sql/create.sql

@@ -0,0 +1,56 @@
+# Connection: localhost
+# Host: 127.0.0.1
+# Saved: 2004-04-09 18:53:52
+# 
+# Host: 127.0.0.1
+# Database: 3proxy
+# Table: 'log'
+# 
+CREATE TABLE `log` (
+  `time` datetime NOT NULL default '0000-00-00 00:00:00',
+  `bytesin` int(11) NOT NULL default '0',
+  `bytesout` int(11) NOT NULL default '0',
+  `username` varchar(20) NOT NULL default '',
+  `service` varchar(7) NOT NULL default '',
+  `host` varchar(100) NOT NULL default '',
+  `port` int(11) NOT NULL default '0',
+  `url` varchar(255) NOT NULL default ''
+) TYPE=MyISAM; 
+
+CREATE TABLE `services` (
+  `startport` int(11) NOT NULL default '0',
+  `endport` int(11) NOT NULL default '0',
+  `service` varchar(100) NOT NULL default '',
+  `description` varchar(100) NOT NULL default ''
+) TYPE=MyISAM; 
+
+CREATE TABLE `timelimit` (
+  `datefrom` datetime NOT NULL default '0000-00-00 00:00:00',
+  `dateto` datetime NOT NULL default '0000-00-00 00:00:00'
+) TYPE=MyISAM; 
+
+INSERT INTO services (80, 80, NULL, 'Access to Web Server');
+
+INSERT INTO services (443, 443, NULL, 'Secure Access to Web Server');
+
+INSERT INTO services (3128, 3128, NULL, 'Access to Web server via external Proxy');
+INSERT INTO services (1080, 1080, NULL, 'Access to external SOCKS server');
+INSERT INTO services (5190, 5190, NULL, 'Access to ICQ');
+INSERT INTO services (6666, 6668, NULL, 'Access to IRC');
+
+INSERT INTO services (119, 119, NULL, 'Access to news server');
+INSERT INTO services (25, 25, NULL, 'Sent Mail');
+
+INSERT INTO services (0, 0, 'POP3P', 'Received Mail');
+INSERT INTO services (0, 0, 'SMTPP', 'Sent Mail');
+INSERT INTO services (0, 0, 'TCPPM', 'Access to external server via TCP');
+INSERT INTO services (0, 0, 'UDPPM', 'Access to external server via UDP');
+INSERT INTO services (0, 0, 'PROXY', 'Access to external server via Proxy');
+INSERT INTO services (0, 0, 'FTPPR', 'Access to external server via FTP Proxy');
+INSERT INTO services (0, 0, 'ICQPR', 'Access to external server via ICQ Proxy');
+INSERT INTO services (0, 0, 'SOCKS4', 'Access to external server via Socks v4');
+INSERT INTO services (0, 0, 'SOCKS5', 'Access to external server via Socks v5');
+INSERT INTO services (0, 0, 'DNSPR', 'Name resolution');
+INSERT INTO services (0, 0, NULL, 'Unknown');
+
+

contrib/www3proxy/isqlodbc/Makefile.inc

@@ -1,6 +0,0 @@
-all:	  isqlodbc$(EXESUFFICS) 
-clean:
-	@$(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES)
-
-isqlodbc$(EXESUFFICS): isqlodbc$(OBJSUFFICS) 
-	$(LN) $(LNOUT)isqlodbc$(EXESUFFICS) $(LDFLAGS) $(VERFILE) isqlodbc$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)

contrib/www3proxy/isqlodbc/Makefile.unix

@@ -1,15 +0,0 @@
-CC = gcc
-CFLAGS = -I /usr/local/include  -DUNIX
-COUT = -o 
-LN = gcc
-LDFLAGS =  
-LIBS =-L /usr/local/lib -lodbc
-LNOUT = -o 
-EXESUFFICS =
-OBJSUFFICS = .o
-DEFINEOPTION = -D
-COMPFILES = *~
-REMOVECOMMAND = rm -f
-COMPATLIBS =
-
-include Makefile.inc

contrib/www3proxy/isqlodbc/Makefile.win

@@ -1,15 +0,0 @@
-CC = gcc
-CFLAGS = -DWIN32
-COUT = -o 
-LN = gcc
-LDFLAGS =  
-LIBS = -lodbc32
-LNOUT = -o 
-EXESUFFICS =
-OBJSUFFICS = .o
-DEFINEOPTION = -D
-COMPFILES = *~
-REMOVECOMMAND = rm -f
-COMPATLIBS =
-
-include Makefile.inc

contrib/www3proxy/isqlodbc/isqlodbc.c

@@ -1,191 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef WIN32
-#include <io.h>
-#include <windows.h>
-#endif
-#ifdef UNIX
-#include <sqltypes.h>
-#endif
-#include <sql.h>
-#include <sqlext.h>
-
-
-
-#define  BUF_LENGTH 65000
-
-/* environment variable */
-SQLHENV    env=NULL;
-SQLHDBC    dbc=NULL;
-SQLHSTMT   stmt=NULL;
-SQLHSTMT   cstmt=NULL;
-unsigned  char *dsn;
-unsigned  char *user;
-unsigned  char *pass;
-
-RETCODE    retcod;
-
-/*description a columns of result of request */
-SQLSMALLINT      ColumnCount;
-unsigned int     ColNumber;
-unsigned char    ColName[SQL_MAX_COLUMN_NAME_LEN];
-unsigned int     Length;
-unsigned int     Type;
-unsigned int     Size;
-unsigned int     Digits;
-unsigned int     Nullable;
-
-
-unsigned char    data_buf[BUF_LENGTH];
-unsigned long    OutData;
-
-/* function print error message*/
-void PrintError(HENV env,HDBC dbc,HSTMT stmt,RETCODE retcod)
-{
- SQLINTEGER nError;
- SQLSMALLINT  TextLength;
- unsigned char    BufErrMsg[SQL_MAX_MESSAGE_LENGTH+1];
- unsigned char    SqlState[128];
-
- SQLError(env,dbc,stmt,SqlState,&nError,BufErrMsg,512, &TextLength);
- printf("%s\n" ,BufErrMsg);
-}
-
-void sqlquery(SQLHDBC dbc,SQLHSTMT stmt, unsigned char *strquery)
-{
- retcod=SQLAllocStmt(dbc, &stmt);
-
- retcod=SQLExecDirect(stmt,strquery,SQL_NTS);
- if(retcod!=SQL_SUCCESS)
-   { PrintError(env,dbc,stmt,retcod);}
-
-    SQLNumResultCols(stmt,&ColumnCount);
-
-    while(SQLFetch(stmt)==SQL_SUCCESS)
-     {
-      for(ColNumber=1; ColNumber<=ColumnCount ; ColNumber++)
-       {
-        SQLGetData(stmt,ColNumber,SQL_CHAR,data_buf,BUF_LENGTH,&OutData);
-        printf("%s|",data_buf);
-       }
-       printf("\n",data_buf);
-       strcpy(data_buf,"");
-     }
- SQLFreeStmt( stmt, SQL_DROP );
-}
-
-/* isqlodbc dsn[[,user][,pass]] ["SQLCMD"] */
-int main(int argc, char *argv[])
-{
- unsigned char qbuf[64000];
- unsigned char *ptr=NULL;
-
- /* Allocate environment and database connection  handles */
- retcod=SQLAllocEnv( &env );
- if(retcod!=SQL_SUCCESS)
-  {
-   PrintError(env,dbc,stmt,retcod);
-   SQLFreeEnv(env);
-   return (-1);
-  }
- retcod = SQLAllocConnect( env, &dbc );
- if(retcod!=SQL_SUCCESS)
-  {
-   PrintError(env,dbc,stmt,retcod);
-   SQLFreeConnect( dbc );
-   return (-1);
-  }
- 
- 
- if(argc > 1 )
- {
-  /* parsing command line and get parametrs */
-  dsn = strtok(argv[1],",");
-  user = strtok(NULL, ",");
-  pass = strtok(NULL, ",");
-
-  /* Connect from DSN */
-  retcod=SQLConnect(dbc,dsn,SQL_NTS,user,SQL_NTS,pass,SQL_NTS);
-
-  if(retcod!=SQL_SUCCESS)
-     { PrintError(env,dbc,stmt,retcod); }
-    else
-     {
-      if (argc > 2)
-       {
-        /*sql cmd from command line*/
-        sqlquery(dbc,stmt,argv[2]);
-       }
-      else
-       {
-         /*sql cmd from stdin */
-         if( isatty(0) ){ printf(".tables - list table\n.q - exit\nsql>"); }
-         while(fgets(qbuf,63000,stdin) != NULL )
-         {
-          ptr=strrchr(qbuf,';');
-          if (ptr!=NULL)
-           {
-            sqlquery(dbc,stmt,qbuf);
-           }
-          else
-           {
-            /*cmd exit*/
-            if (strstr(qbuf,".q")){ break; };
-
-            /*cmd table list*/
-            if (strstr(qbuf,".tables")) 
-             {
-              retcod=SQLAllocStmt(dbc, &stmt);
-              if(retcod!=SQL_SUCCESS){ PrintError(env,dbc,stmt,retcod); }
-              else
-               {
-                retcod=SQLTables(stmt,NULL,0,NULL,0,NULL,0,NULL,0);
-                if(retcod !=SQL_SUCCESS) { PrintError(env,dbc,stmt,retcod);}
-                while(SQLFetch(stmt)==SQL_SUCCESS)
-                 {
-                   SQLGetData(stmt,3,SQL_CHAR,data_buf,BUF_LENGTH,&OutData);
-                   printf("%s|",data_buf);
-
-                   /*list columns */
-                   retcod=SQLAllocStmt(dbc, &cstmt);
-                   retcod=SQLColumns(cstmt,NULL,0,NULL,0,data_buf,strlen(data_buf),NULL,0);
-
-                   if(retcod !=SQL_SUCCESS) { PrintError(env,dbc,stmt,retcod);}
-                   else
-                   {
-                     printf("create table %s (",data_buf);
-                     while(SQLFetch(cstmt)==SQL_SUCCESS)
-                      {
-                       SQLGetData(cstmt,4,SQL_CHAR,data_buf,BUF_LENGTH,&OutData);
-                       printf("%s ",data_buf);
-                       SQLGetData(cstmt,6,SQL_CHAR,data_buf,BUF_LENGTH,&OutData);
-                       printf("%s, ",data_buf);
-                      }
-                     printf(");\n");
-                     SQLFreeStmt( cstmt, SQL_DROP );
-                   }/*end list columns*/
-               
-                 }/*end while SQLFetch */
-                SQLFreeStmt( stmt, SQL_DROP );
-               }
-
-             }/*end if (strstr(qbuf,".tables")) */
-
-
-           } /*end else cmd*/
-          if( isatty(0) ){ printf("sql>"); }
-         } /*end while*/
-       }
-     }
-  SQLDisconnect(dbc);
- } /* if (argc > 2) */
- else
- {
-  printf("isqlodbc dsn[[,user][,pass]] [\"SQLCMD\"]\n");
- }
-
- SQLFreeConnect( dbc );
- SQLFreeEnv( env );
- return 0;
-}

contrib/www3proxy/log.sql

@@ -1,22 +0,0 @@
-
-create table log (ldate date,ltime time,username char (30),userip char (16),bytein integer (10),byteout integer (10),service char (8), host char(255), hostport integer (10), url char (255) );
-
-create index idate on log (ldate);
-create index iusername on log (username);
-create index iuserip on log (userip);
-create index ihost on log (host);
-
-create table services (port integer(10),service char(100),description char (100)); 
-
-INSERT INTO services values (80,'PROXY', 'Access to Web Server');
-INSERT INTO services values (21,'PROXY', 'Access to Ftp Server via HTTP proxy');
-INSERT INTO services values (5190,'PROXY', 'Access to ICQ via HTTP proxy');
-INSERT INTO services values (0, 'POP3P', 'Received Mail via POP3');
-INSERT INTO services values (0,'FTPPR', 'Access to Ftp server via FTP proxy');
-INSERT INTO services values (0,'SOCKS4', 'Access to external server via Socks v4');
-INSERT INTO services values (0,'SOCKS5', 'Access to external server via Socks v5');
-INSERT INTO services values (0,'TCPPM', 'Access to external server via TCP mapping');
-INSERT INTO services values (0,'UDPPM', 'Access to external server via UDP mapping');
-INSERT INTO services values (0, 0, NULL, 'Unknown');
-
-

contrib/www3proxy/readme.ru

@@ -1,63 +0,0 @@
------------------------------- KOI8-R ------------------------------------
-  Этот архив содержит набор CGI cкриптов и программ для получения 
-статистики работы пользователей прокси сервера "3proxy", посредством анализа
-лога расположенного в ODBC источнике(базе), через Web интерфейс.                      
-
-stat.awk - основной CGI скрипт (Для его испольнения под Win9X/2000 необходима 
-           программа awk.exe ,в linux/freebsd она как правило входит в сиситему
-           по умолчанию).    
-isqlodbc - программа для выполнения SQL запросов к базам ODBC 
-           (вызывается из stat.awk). компилируется gcc и работает как в 
-           win9X/2000 так и в linux/freebsd. (Так же может 
-           использоваться независимо от stat.awk как отдельная 
-           программа..)
-log.sql  - SQL скрипт создания базы для лога сервера.           
-awk.exe  - awk интерпретатор  под Win9X/2000.  
-
-                        Настройка скриптов статистики .
-
-Для работы вам потребуется:
-1) любой http сервер подерживающий CGI
-2) odbc менеджер (под win32 ) или iodbc менеджер (под unix)
-   любая база данных например : sqlite, mysql, postgress или любые другие 
-   имеющие ODBC драйвера.(Как настраивать iODBC под linux/freebsd смотрите в
-   файле iodbc.txt в  каталоге /doc/ru архива 3proxy.)
-
- Шаг настройки N1:
-Создаем базу данных и DSN для хранения лога. ( в нашем случае DSN будет 
-называться "sqlite".) далее выполняя скрипт log.sql создаем необходимые 
-таблицы и индексы:
-
-isqlodbc sqlite < log.sql
-
- Шаг настройки N2:
-Устанавливаем DSN и формат таблицы с логом в файле 3proxy.cfg следующего вида:
------------
-# create table log (
-#    ldate date,
-#    ltime time,
-#    username char (30),
-#    userip char (16),
-#    bytein integer (10),
-#    byteout integer (10),
-#    service char (8),
-#    host char(255),
-#    hostport integer (10),
-#    url char (255)
-#   );
-
-log &sqlite
-logformat "Linsert into log values ('%Y-%m-%d','%H:%M:%S','%U','%C','%I','%O','%N','%n','%r','%T');"
------------
-
- Шаг настройки N3:
-Копируем файлы isqlodbc и stat.awk в каталог с CGI скриптами http сервера 
-и меняем в stat.awk путь вызова и DSN на свои значения , например:
-isql="./isqlodbc.exe sqlite " 
-
- Шаг настройки N4:
-Пробуем вызвать скрипт из web браузера , например 
-
-http://localhost/cgi/stat.awk?
-
------------------------------- KOI8-R ------------------------------------

contrib/www3proxy/stat.awk

@@ -1,129 +0,0 @@
-#!/usr/bin/awk -f 
-BEGIN { 
-  scriptname = ENVIRON["SCRIPT_NAME"]
-  #for win32
-  isql=".\\isqlodbc.exe sqlite " 
-
-  #for unix
-  #isql="./isqlodbc sqlite " 
-
-
-  print "Content-Type: text/html; charset=koi8-r \n\n"
-  print "<HTML>\n<BODY>\n";
-
-  # query parse
-  query_str = ENVIRON["QUERY_STRING"]
-  n = split(query_str, querys, "&")
-  for (i=1; i<=n; i++) 
-   {
-    split(querys[i], data, "=")
-    qr[data[1]] = data[2]
-   }
-
-  printf "<FORM METHOD=PUT action=\"" scriptname "?rep=1\">"
-  printf "datefrom:<INPUT name=\"datefrom\" value=\"2004-06-01\"> "
-  printf "dateto:<INPUT name=\"dateto\" value=\"2004-07-30\"> <br>"
-  printf "<INPUT type=\"radio\" name=\"userid\" value=\"username\" checked> LOGIN user <br>"
-  printf "<INPUT type=\"radio\" name=\"userid\" value=\"userip\"> IP user  <br>"
-  printf "<INPUT type=\"hidden\" name=\"rep\" value=\"user\">"  
-  printf "<INPUT type=\"submit\" value=\"Report\">"
-  printf "</FORM>"
- 
-   
-  #printf "query_str=%s\n<br>",query_str
-  #print  qr["rep"]
-
-  if(qr["rep"]=="user")
-   {
-    cmd = isql " \"select " qr["userid"] ",sum(bytein),sum(byteout),sum(bytein+byteout) from log \
-        where ldate > '" qr["datefrom"] "'  AND ldate < '" qr["dateto"] \
-        "' group by " qr["userid"] " order by sum(bytein+byteout) desc;\""
-    printf " <table WIDTH=100%%  BORDER=1><tr><td><b>user</b></td> <td><b>bytein</b></td> <td><b>byteout</b> </td> <td> <b>bytesum</b></td></tr>"
-    while( (cmd|getline result)>0)
-     { 
-      split(result, rt, "|")
-      printf "<tr> <td><a href=\"%s?rep=host&datefrom=%s&dateto=%s&userid=%s&selectid=%s\"> %s <\/a></td><td>%d</td><td>%d</td><td>%d</td></tr>",
-      scriptname,qr["datefrom"],qr["dateto"],qr["userid"],rt[1],rt[1],rt[2],rt[3],rt[4]
-      totalbytein=totalbytein+rt[2];
-      totalbyteout=totalbyteout+rt[3];
-      totalbytesum=totalbytesum+rt[4];
-     } 
-    printf "<tr> <td><br>Total users</td> <td><br>%d</td> <td><br>%d</td> \
-    <td><br>%d</td></tr> </table> ",totalbytein,totalbyteout, totalbytesum
-    close(cmd)
-   }
-
-
-  if(qr["rep"]=="host")
-   {
-    cmd = isql "\"select sum(bytein+byteout), sum(bytein), sum(byteout),host from log \
-        where ldate > '" qr["datefrom"] "' AND ldate < '"qr["dateto"] \
-        "' AND " qr["userid"] " = '" qr["selectid"] \
-        "' group by host order by sum(bytein+byteout) desc;\"" 
-
-    printf "<center><b>Detail statistic for user: %s</b></center>",qr["selectid"]
-    printf " <table WIDTH=100%%  BORDER=1> <tr><td><b>sum byte</b></td> <td><b>bytein</b></td> <td><b>byteout</b></td><td><b>host</b></td></tr>"
-    while( (cmd|getline result)>0)
-     { 
-      split(result, rt, "|")
-      printf "<tr><td>%d</td><td>%d</td><td>%d</td><td>%s</td></tr>",rt[1],rt[2],rt[3],rt[4] 
-      totalbytein=totalbytein+rt[1];
-      totalbyteout=totalbyteout+rt[2];
-      totalbytesum=totalbytesum+rt[3];
-
-     }
-    printf "<tr> <td><br>%d</td> <td><br>%d</td> \
-    <td><br>%d</td><td><br>Total host</td></tr> </table> ",totalbytein,totalbyteout, totalbytesum
-    printf " </table> "
-    close(cmd)
-    
-   }
-
-  printf " </BODY> </HTML>";
-} # end BEGIN 
-
-
-# decode urlencoded string
-function decode(text,   hex, i, hextab, decoded, len, c, c1, c2, code) {
-    
-    split("0 1 2 3 4 5 6 7 8 9 a b c d e f", hex, " ")
-    for (i=0; i<16; i++) hextab[hex[i+1]] = i
-
-    # urldecode function from Heiner Steven
-    # http://www.shelldorado.com/scripts/cmds/urldecode
-
-    # decode %xx to ASCII char 
-    decoded = ""
-    i = 1
-    len = length(text)
-    
-    while ( i <= len ) {
-        c = substr (text, i, 1)
-        if ( c == "%" ) 
-             {
-           if ( i+2 <= len ) 
-                {
-              c1 = tolower(substr(text, i+1, 1))
-          c2 = tolower(substr(text, i+2, 1))
-          if ( hextab [c1] != "" || hextab [c2] != "" ) {
-          if ( (c1 >= 2 && (c1 != 7 && c2 != "F")) || (c1 == 0 && c2 ~ "[9acd]") )
-                   {
-             code = 0 + hextab [c1] * 16 + hextab [c2] + 0
-             c = sprintf ("%c", code)
-           } 
-                  else { c = " " }
-          i = i + 2
-        }
-         }
-        } else if ( c == "+" ) {    # special handling: "+" means " "
-            c = " "
-        }
-        decoded = decoded c
-        ++i
-    }
-    # change linebreaks to \n
-    gsub(/\r\n/, "\n", decoded)
-    # remove last linebreak
-    sub(/[\n\r]*$/,"",decoded)
-    return decoded
-}

contrib/www3proxy/stat.pl

@@ -1,185 +0,0 @@
-#!/usr/bin/perl
-eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
-    if $running_under_some_shell;
-			# this emulates #! processing on NIH machines.
-			# (remove #! line above if indigestible)
-
-eval '$'.$1.'$2;' while $ARGV[0] =~ /^([A-Za-z_0-9]+=)(.*)/ && shift;
-			# process any FOO=bar switches
-
-$[ = 1;			# set array base to 1
-$, = ' ';		# set output field separator
-$\ = "\n";		# set output record separator
-
-$scriptname = $ENVIRON{'SCRIPT_NAME'};
-#for win32
-$isql = ".\\isqlodbc.exe sqlite ";
-
-#for unix
-#isql="./isqlodbc sqlite " 
-
-print "Content-Type: text/html; charset=koi8-r \n\n";
-print "<HTML>\n<BODY>\n";
-
-# query parse
-$query_str = $ENVIRON{'QUERY_STRING'};
-$n = (@querys = split(/&/, $query_str, 9999));
-for ($i = 1; $i <= $n; $i++) {
-    @data = split(/=/, $querys[$i], 9999);
-    $qr{$data[1]} = $data[2];
-}
-
-printf "<FORM METHOD=PUT action=\"" . $scriptname . "?rep=1\">";
-printf "datefrom:<INPUT name=\"datefrom\" value=\"2004-06-01\"> ";
-printf "dateto:<INPUT name=\"dateto\" value=\"2004-07-30\"> <br>";
-printf
-
-  "<INPUT type=\"radio\" name=\"userid\" value=\"username\" checked> LOGIN user <br>";
-printf
-
-  "<INPUT type=\"radio\" name=\"userid\" value=\"userip\"> IP user  <br>";
-printf "<INPUT type=\"hidden\" name=\"rep\" value=\"user\">";
-printf "<INPUT type=\"submit\" value=\"Report\">";
-printf '</FORM>';
-
-#printf "query_str=%s\n<br>",query_str
-#print  qr["rep"]
-
-if ($qr{'rep'} eq 'user') {
-    $cmd = $isql . " \"select " . $qr{'userid'} .
-
-      ",sum(bytein),sum(byteout),sum(bytein+byteout) from log         where ldate > '"
-
-      . $qr{'datefrom'} . "'  AND ldate < '" . $qr{'dateto'} . "' group by " .
-
-      $qr{'userid'} . " order by sum(bytein+byteout) desc;\"";
-    printf
-
-      ' <table WIDTH=100%%  BORDER=1><tr><td><b>user</b></td> <td><b>bytein</b></td> <td><b>byteout</b> </td> <td> <b>bytesum</b></td></tr>';
-    while ((($result = &Getline3($cmd, '|'),$getline_ok)) > 0) {
-	@rt = split(/\|/, $result, 9999);
-	printf
-
-	  "<tr> <td><a href=\"%s?rep=host&datefrom=%s&dateto=%s&userid=%s&selectid=%s\"> %s <\\/a></td><td>%d</td><td>%d</td><td>%d</td></tr>",
-
-	  
-	$scriptname, $qr{'datefrom'}, $qr{'dateto'}, $qr{'userid'}, $rt[1],
-
-	  $rt[1], $rt[2], $rt[3], $rt[4];
-	$totalbytein = $totalbytein + $rt[2];
-	$totalbyteout = $totalbyteout + $rt[3];
-	$totalbytesum = $totalbytesum + $rt[4];
-    }
-    printf
-
-      '<tr> <td><br>Total users</td> <td><br>%d</td> <td><br>%d</td>     <td><br>%d</td></tr> </table> ',
-
-      $totalbytein, $totalbyteout, $totalbytesum;
-    delete $opened{$cmd} && close($cmd);
-}
-
-if ($qr{'rep'} eq 'host') {
-    $cmd = $isql .
-
-      "\"select sum(bytein+byteout), sum(bytein), sum(byteout),host from log         where ldate > '"
-
-      . $qr{'datefrom'} . "' AND ldate < '" . $qr{'dateto'} . "' AND " .
-
-      $qr{'userid'} . " = '" . $qr{'selectid'} .
-
-      "' group by host order by sum(bytein+byteout) desc;\"";
-
-    printf '<center><b>Detail statistic for user: %s</b></center>',
-
-      $qr{'selectid'};
-    printf
-
-      ' <table WIDTH=100%%  BORDER=1> <tr><td><b>sum byte</b></td> <td><b>bytein</b></td> <td><b>byteout</b></td><td><b>host</b></td></tr>';
-    while ((($result = &Getline3($cmd, '|'),$getline_ok)) > 0) {
-	@rt = split(/\|/, $result, 9999);
-	printf '<tr><td>%d</td><td>%d</td><td>%d</td><td>%s</td></tr>',
-
-	  $rt[1], $rt[2], $rt[3], $rt[4];
-	$totalbytein = $totalbytein + $rt[1];
-	$totalbyteout = $totalbyteout + $rt[2];
-	$totalbytesum = $totalbytesum + $rt[3];
-    }
-    printf
-
-      '<tr> <td><br>%d</td> <td><br>%d</td>     <td><br>%d</td><td><br>Total host</td></tr> </table> ',
-
-      $totalbytein, $totalbyteout, $totalbytesum;
-    printf ' </table> ';
-    delete $opened{$cmd} && close($cmd);
-}
-
-printf ' </BODY> </HTML>';
-
-# end BEGIN 
-
-# decode urlencoded string
-
-sub decode {
-    local($text, *Hex, $i, *hextab, $decoded, $len, $c, $c1, $c2, $code) = @_;
-    @Hex = split(' ', '0 1 2 3 4 5 6 7 8 9 a b c d e f', 9999);
-    for ($i = 0; $i < 16; $i++) {
-	$hextab{$Hex[$i + 1]} = $i;
-
-	# urldecode function from Heiner Steven
-	# http://www.shelldorado.com/scripts/cmds/urldecode
-
-	# decode %xx to ASCII char 
-	;
-    }
-    $decoded = '';
-    $i = 1;
-    $len = length($text);
-
-    while ($i <= $len) {	#???
-	$c = substr($text, $i, 1);
-	if ($c eq '%') {
-	    if ($i + 2 <= $len) {
-		$c1 = &tolower(substr($text, $i + 1, 1));
-		$c2 = &tolower(substr($text, $i + 2, 1));
-		if ($hextab{$c1} ne '' || $hextab{$c2} ne '') {
-		    if (($c1 >= 2 && ($c1 != 7 && $c2 ne 'F')) ||
-
-		      ($c1 == 0 && $c2 =~ '[9acd]')) {
-			$code = 0 + $hextab{$c1} * 16 + $hextab{$c2} + 0;
-			$c = sprintf('%c', $code);
-		    }
-		    else {
-			$c = ' ';
-		    }
-		    $i = $i + 2;
-		}
-	    }
-	}
-	elsif ($c eq '+') {
-	    # special handling: "+" means " "
-	    $c = ' ';
-	}
-	$decoded = $decoded . $c;
-	++$i;
-    }
-    # change linebreaks to \n
-    $decoded =~ s/\r\n/\n/g;
-    # remove last linebreak
-    $decoded =~ s/[\n\r]*$//;
-    $decoded;
-}
-
-sub Getline3 {
-    &Pick('',@_);
-    local($_);
-    if ($getline_ok = (($_ = <$fh>) ne '')) {
-	;
-    }
-    $_;
-}
-
-sub Pick {
-    local($mode,$name,$pipe) = @_;
-    $fh = $name;
-    open($name,$mode.$name.$pipe) unless $opened{$name}++;
-}

copying

@@ -1,12 +1,8 @@
-3proxy 0.7 Public License Agreement
+3proxy 0.9 Public License Agreement
 
-(c) 2000-2014 by 3APA3A (3APA3A@security.nnov.ru)
-(c) 2000-2014 by SecurityVulns.com (http://3proxy.ru/)
-(c) 2000-2014 by Vladimir Dubrovin (vlad@sandy.ru)
-
-This software uses:
-  RSA Data Security, Inc. MD4 Message-Digest Algorithm
-  RSA Data Security, Inc. MD5 Message-Digest Algorithm
+(c) 2000-2025 by 3APA3A (3APA3A@3proxy.ru)
+(c) 2000-2025 by 3proxy.org (https://3proxy.org/)
+(c) 2000-2025 by Vladimir Dubrovin (vlad@3proxy.org)
 
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
@@ -39,24 +35,23 @@ are met (BSD style license):
 Instead of this license, you can also use and redistribute this software under
 terms of compatible license, including:
 
-1. Apache License, Version 2.0
+1. Apache License, Version 2.0 or (at your option) any later version
    You may obtain a copy of the License at
 
-	http://www.apache.org/licenses/LICENSE-2.0
+	https://www.apache.org/licenses/LICENSE-2.0
 
 2. GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
    You may obtain a copy of the License at
 
-	http://www.gnu.org/licenses/gpl.txt
+	https://www.gnu.org/licenses/gpl.txt
 
 3. GNU Lesser General Public License as published by the
    Free Software Foundation; either version 2.1 of the License, or
    (at your option) any later version.
    You may obtain a copy of the License at
 
-	http://www.gnu.org/licenses/lgpl.txt
+	https://www.gnu.org/licenses/lgpl.txt
 
 
-$Id: License,v 1.3 2007/04/05 11:59:47 vlad Exp $

debian/3proxy.manpages

@@ -0,0 +1,10 @@
+man/3proxy.8
+man/3proxy.cfg.3
+man/ftppr.8
+man/tlspr.8
+man/pop3p.8
+man/proxy.8
+man/smtpp.8
+man/socks.8
+man/tcppm.8
+man/udppm.8

debian/changelog

@@ -0,0 +1,18 @@
+3proxy (0.9.3-210629140419) buster; urgency=medium
+ 
+  *3proxy 0.9.3 build
+ 
+ -- z3APA3A <3apa3a@3proxy.org>  Thu, 01 Jul 2021 19:48:44 +0300
+
+3proxy (0.9.3-1) buster; urgency=medium
+
+  *3proxy 0.9.3 initial build
+
+ -- z3APA3A <3apa3a@3proxy.org>  Thu, 03 Dec 2020 21:13:58 +0300
+
+3proxy (0.9.2-1) buster; urgency=medium
+
+  *3proxy 0.9.2 initial build
+
+ -- z3APA3A <3apa3a@3proxy.org>  Thu, 19 Nov 2020 19:19:19 +0300
+

debian/compat

@@ -0,0 +1 @@
+9

debian/conffiles

@@ -0,0 +1,4 @@
+/usr/local/3proxy/conf/3proxy.cfg
+/usr/local/3proxy/conf/add3proxyuser.sh
+/usr/local/3proxy/conf/bandlimiters
+/usr/local/3proxy/conf/counters

debian/control

@@ -0,0 +1,18 @@
+Source: 3proxy
+Maintainer: z3APA3A <3apa3a@3proxy.org>
+Section: net
+Priority: optional
+Standards-Version: 4.0.0
+Build-Depends: debhelper (>=10)
+Homepage: https://3proxy.org/
+Vcs-Git: https://github.com/z3APA3A/3proxy
+Vcs-Browser: https://github.com/z3APA3A/3proxy
+
+Package: 3proxy
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: tiny free proxy server
+ 3Proxy tiny free proxy server is really tiny freeware proxy servers set. 
+ It includes HTTP proxy with HTTPS and FTP support, SOCKSv4/SOCKSv4.5/SOCKSv5 proxy (socks/socks.exe), POP3 proxy, SMTP proxy, FTP proxy, caching DNS proxy, TCP and UDP portmappers.
+ You can use every proxy as a standalone program (socks, proxy, tcppm, udppm, pop3p) or use combined program (3proxy). Combined proxy additionally supports features like access control, bandwidth limiting, limiting daily/weekly/monthly traffic amount, proxy chaining, log rotation, syslog and ODBC logging, etc.
+ It's created to be small, simple and yet very functional. 

debian/copyright

@@ -0,0 +1,20 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: 3proxy
+Upstream-Contact: 3proxy@3proxy.org
+Source: https://3proxy.org/
+
+Files: *
+Copyright: 2000-2020 3APA3A, Vladimir Dubrovin, 3proxy.org
+License: BSD-3-clause or Apache or GPL-2+ or LGPL-2+
+
+Files: src/libs/md*.*
+Copyright: 1990,1991,1992  RSA Data Security, Inc
+License: public-domain
+
+Files: src/libs/regex.*
+Copyright: Henry Spencer
+License: public-domain
+
+Files: src/libs/smbdes.c
+Copyright: Andrew Tridgell 1998
+License: GPL-2+

debian/postinst

@@ -0,0 +1,43 @@
+if [ ! -f /usr/local/3proxy/conf/passwd ]; then \
+ touch /usr/local/3proxy/conf/passwd;\
+fi
+chown -R proxy:proxy /usr/local/3proxy
+chmod 550  /usr/local/3proxy/
+chmod 550  /usr/local/3proxy/conf/
+chmod 440  /usr/local/3proxy/conf/*
+if /bin/systemctl >/dev/null 2>&1; then \
+ /usr/sbin/update-rc.d 3proxy disable || true; \
+ /usr/sbin/chkconfig 3proxy off || true; \
+ /bin/systemctl enable 3proxy.service; \
+elif [ -x /usr/sbin/update-rc.d ]; then \
+ /usr/sbin/update-rc.d 3proxy defaults; \
+ /usr/sbin/update-rc.d 3proxy enable; \
+elif [ -x /usr/sbin/chkconfig ]; then \
+ /usr/sbin/chkconfig 3proxy on; \
+fi
+
+echo ""
+echo 3proxy installed.
+if /bin/systemctl >/dev/null 2>&1; then \
+ /bin/systemctl stop 3proxy.service \
+ /bin/systemctl start 3proxy.service \
+ echo use ;\
+ echo "  "systemctl start 3proxy.service ;\
+ echo to start proxy ;\
+ echo "  "systemctl stop 3proxy.service ;\
+ echo to stop proxy ;\
+elif [ -x /usr/sbin/service ]; then \
+ /usr/sbin/service 3proxy stop  || true;\
+ /usr/sbin/service 3proxy start  || true;\
+ echo "  "service 3proxy start ;\
+ echo to start proxy ;\
+ echo "  "service 3proxy stop ;\
+ echo to stop proxy ;\
+fi
+echo "  "/usr/local/3proxy/conf/add3proxyuser.sh
+echo to add users
+echo ""
+echo Default config uses Google\'s DNS.
+echo It\'s recommended to use provider supplied DNS or install local recursor, e.g. pdns-recursor.
+echo Configure preferred DNS in /usr/local/3proxy/conf/3proxy.cfg.
+echo run \'/usr/local/3proxy/conf/add3proxyuser.sh admin password\' to configure \'admin\' user

debian/preinst

@@ -0,0 +1,4 @@
+if [ -x /usr/sbin/useradd ]; then \
+ /usr/bin/getent group proxy >/dev/null || (/usr/sbin/groupadd -f -r proxy || true); \
+ /usr/bin/getent passwd proxy >/dev/null || (/usr/sbin/useradd -Mr -s /bin/false -g proxy -c 3proxy proxy || true); \
+fi

debian/rules

@@ -0,0 +1,16 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
+
+override_dh_auto_build:
+	ln -s Makefile.Linux Makefile || true
+	dh_auto_build
+
+override_dh_auto_clean:
+	find src/ -type f -name "*.o" -delete
+	find src/ -type f -name "Makefile.var" -delete
+	find bin/ -type f -executable -delete
+	rm -f Makefile
+
+override_dh_usrlocal:

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

doc/html/faqe.html

@@ -1,158 +1,2 @@
-<h3>Why ... doesn't work?</h3>
 
-<p><i>Q: Why does nothing work?</i></p>
-A: Valid configuration file is required.
-
-<p><i>Q: Why restrictions (redirections, limits, etc) do not work?</i></p>
-A: Most probable reasons: 'auth none' or no auth is used. For any ACL based feature one of 'iponly', 'nbname' or 'strong' auths required. Sequence of commands may be invalid. Commands are executed one-by-one and 'proxy', 'tcppm', 'socks' or another service commands must follow valid configuration. Invalid sequence of ACLs. First matching ACL is used (except of internal redirections, see below). If ACL contains at least one records last record is assumed to be 'deny *'.
-
-<p><i>Q: Why doesn't 3proxy work as service under Windows?</i></p>
-Possible reasons:
-<ul>
-<li>'service' command absents in configuration file. Command is required for
-3proxy.exe to behave as system service in 3proxy 0.5.2 and prior.
-<li>there are relative paths in configuration file for included files,
-log files, etc. Always use absolute paths. For example
-$"c:\3proxy\networks.local" instead of  $networks.local. For debugging remove
-'service' and 'daemon', log to stdout an try to execute 3proxy from command
-line from some different directory (for example from disk root).
-<li>SYSTEM account doesn't have access to executable file, configuration files,
-log files, etc.
-<li>configuration files is not located in default path (3proxy.cfg in same
-location with 3proxy.exe). For alternative configuration file location use
-<pre>
-3proxy --install full_path_to_configuration_file
-</pre>
-<li>user has no rights to install or start service
-<li>service is already installed and/or started
-
-</ul>
-
-<p><A NAME="INTEXT"><i>Q: Why doesn't internal and external commands work as expected</i></A></li></p>
-A: Check your expectations first.
-Both internal and external IPs are IPs of the host running 3proxy itself.
-This configuration option is usefull in situation 3proxy is running on the
-border host with 2 (or more) connections: e.g. LAN and WAN with different IPs
-<pre>
-     LAN connection +-------------+ Internet connection
-LAN <-------------->| 3proxy host |<-------------------> INTERNET
-                   ^+-------------+^
-	           |               |
-              Internal IP       External IP
-</pre>
-If 3proxy is used on the host with single connection, both internal and
-external are usually same IP.
-<br>Internal should exist and be UP on the moment 3proxy is started and
-should never be disconnected/DOWN. If this interface is periodically
-disconnected (e.g. direct link between 2 hosts), do not specify internal
-address or use 0.0.0.0 instead. In this case, if you have 2 or more
-interfaces you must use firewall (preferably) or 3proxy ACLs to avoid open
-proxy situation. 
-<br>
-External IP (if specified) must exist in the momet 3proxy
-serves client request. If external interface is no specified (or 0.0.0.0),
-system select external IP. It may be possible to access resources of internal
-network, to prevent this use ACLs. In addition, SOCKSv5 will not support BIND
-operation, required for incoming connections (this operation is quite rarely
-implemented in SOCKSv5 clients and usually is not required). In case of
-dynamic address, do not specify external or use external 0.0.0.0 or, if
-external address is required, create a script to determine current external
-IP and save it to file, and use external "$path_to_file" with "monitor" command
-to automatically reload configuration on address change.
-
-<p><i>Q: Why doesn't ODBC loggind work?</i></p>
-A: Check you use system DSN. 
-Check SQL request is valid. 
-The best way to check is to make file or stdout logging, get SQL request from log file or console and execute this request manually.
-
-<p><i>Q: Why doesn't APOP/CRAM-MD5 authentication work with POP3 proxy?</i></p>
-A: Any Challenge-response authentication require challenge to be transmitted from server. Pop3p doesn't know which server to use before authentication, it makes it impossible to obtain challenge. You can encrypt your POP3 communications with TLS (i.e. stunnel) or IPSec.
-
-<h3>Redirection to local proxy</h3>
-
-<p><i>Q: What is it for?</i></p>
-A: To have control based on request and to have URLs and another protocol specific parameters to be logged.
-
-<p><i>Q: What are restrictions?</i></p>
-A: It's hard to redirect services for non-default ports; Internet Explorer supports only SOCKSv4 with no password authentication (Internet Explorer sends username, but not password), for SOCKSv5 only cleartext password authentication is supported.
-
-<p><i>Q: What are advantages?</i></p>
-A: You need only to setup SOCKS proxy in browser settings. You can use socksifier, i.e. FreeCAP or SocksCAP with application which is not proxy aware.
-
-<p><i>Q: How to setup?</i></p>
-A: You should specify parent proxy with IP of 0.0.0.0 and port 0. Examples:
-<pre>
-auth iponly
-allow * * * 80,8080-8088
-parent 1000 http 0.0.0.0 0
-allow * * * 80,8080-8088
-#redirect ports 80 and 8080-8088 to local HTTP proxy
-#Second allow is required, because ACLs are checked
-#twice: first time by socks and second by http proxy.
-
-allow * * * 21,2121
-parent 1000 ftp 0.0.0.0 0
-allow * * * 21,2121
-#redirect ports 21 and 2121 to local 
-#ftp proxy
-
-
-allow *
-#allow rest of connections directly
-
-socks
-#now let socks server to start
-</pre>
-
-<p><i>Q: How it affects different ACL rules?</i></p>
-A: After local redirections rules are applied again to protocol-level request. Redirection rule itself is skipped. It makes it possible to redirect request again on the external proxy depending on request itself.
-<pre>
-allow * * * 80,8080-8088
-parent 1000 http 0.0.0.0 0
-#redirect http traffic to internal proxy
-
-allow * * $c:\3proxy\local.nets 80,8080-8088
-#allow direct access to local.nets networks
-allow * * * 80,8080-8088
-parent 1000 http proxy.sandy.ru 3128
-#use parent caching proxy for rest of the networks
-
-allow *
-#allow direct connections for rest of socks
-#requests
-</pre>
-
-<h3>Can I ...?</h3>
-
-<p><i>Q: Is it possible to resolve names through parent proxy?</i></p>
-A: Yes, use 'proxy', 'connect+', 'socks4+' or 'socks5+' as parent proxy type.
-3proxy itself requires name resolutions for ACL checks, so, if it's impossible
-to resolve names from 3proxy host, use
-<pre>
-fakeresolve
-</pre>
-command. Fakeresolve resolves any name to 127.0.0.2.
-
-
-<p><i>Q: Can I use 3proxy as FTP proxy?</i></p>
-A: There are two kinds of FTP proxy supported: FTP over HTTP support (known as FTP proxy inside Internet Explorer, Mozilla and another browsers) and real FTP proxy (usable in Far and different FTP clients). Both are supported in 3proxy: first one as a part of HTTP 'proxy' and second one as 'ftppr'.
-
-<p><i>Q: Can I bind any 3proxy service to non-default port?</i></p>
-A: proxy -p8080
-
-<h3>Why so ...?</h3>
-
-<p><i>Q: Why traffic accounting is incomplete? It differs for what my provider (or another accounting application) shows to me?</i></p>
-A: 3proxy accounts protocol level traffic. Provider counts channel or IP-level traffic with network and transport headers. In additions, 3proxy doesn't counts DNS resolutions, pings, floods, scans, etc. It makes approx. 10% of difference. That's why you should have 15% reserve if you use 3proxy to limit your traffic. If difference with your provider is significantly above 10% you should look for traffic avoiding proxy server, for example connections through NAT, traffic originated from the host with proxy installed, traffic from server applications, etc.
-
-<p><i>Q: Why configuration is so difficult and non-intuitive?</i></p>
-A: Configuration format is created in a way it's easy to parse and matches to internal 3proxy structures. In addition, there are some older things left for compatibility to be cleaned in 3proxy release. And last, I think it's easy and intuitive.
-
-<p><i>Q: Why the code is so difficult and non-intuitive?</i></p>
-A: First, I'm not programmer. Second, 3proxy was 'proof of concept' in reply for some conference post. Request was to write proxy server in 100 lines of code. First version of 3proxy had less, with HTTP and SOCKS support and portmappers. Third, there are peoples who want to use 3proxy code in trojans. I don't want to help them.  Fourth, the aim is to support different platforms. It's well known - the worse code is, the better it compiles.
-
-<p><i>Q: Why do you use insecure strcpy, sprintf, etc?</i></p>
-A: Why not? I try to use insecure function in secure manner. You're welcome to look for vulnerabilities.
-<pre>
-$Id: faqe.html,v 1.10 2007/07/31 08:42:38 vlad Exp $
-</pre>
+<H2><A href="hotoe.html">See HowTo:</a></H2>

doc/html/faqr.html

@@ -1,283 +1,2 @@
-<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
-3APA3A 3proxy tiny proxy server Frequently Asked Questions (FAQ)
-<ul>
-  <li><a href="#TROUBLE">Почему не работает...</a></li>
-  <ul>
-    <li><a href="#NOTHING">Q: Почему ничего не работает?</a></li>
-    <li><a href="#LIMITS">Q: Почему не работают ограничения доступа (перенаправления, ограничения по скорости, трафику и т.д.)?</a></li>
-    <li><a href="#SERVICE">Q: Почему 3proxy не запускается как служба?</a></li>
-    <li><a href="#INTEXT">Q: Почему не получается указать internal и external?</a></li>
-    <li><a href="#ODBC">Q: Почему не работает ведение журналов в ODBC?</a></li>
-    <li><a href="#CHAP">Q: Почему не поддерживаются APOP и CRAM-MD5 в POP3 прокси?</a></li>
-  </ul>
-  <li><a href="#SOCKSREDIR">Перенаправление socks соединений в локальный прокси</a></li>
-  <ul>
-    <li><a href="#REDIR">Q: Для чего это надо?</a></li>
-    <li><a href="#REDIRLIMIT">Q: Какие недостатки?</a></li>
-    <li><a href="#REDIRADV">Q: Какие преимущества?</a></li>
-    <li><a href="#REDIRHOW">Q: Как настраивается?</a></li>
-    <li><a href="#REDIINTER">Q: Как взаимодействует с другими правилами в ACL?</a></li>
-  </ul>
-  <li><a href="#ISIT">А есть ли...</a></li>
-  <ul>
-    <li><a href="#NAMES">Можно ли разрешать имена на родительском прокси?</a></li>
-    <li><a href="#ISFTP">Существует ли сейчас поддержка FTP прокси в продукте?</a></li>
-    <li><a href="#PORT">Каким образом можно прибиндить сервисы на свой порт, к примеру, HTTP прокси к 8080, а не 3128 как по-умолчанию?</a></li>
-    <li><a href="#BANDLIM">Как ограничить ширину канала?</a></li>
-  </ul>
-  <li><a href="#BRRR">Почему так криво...</a></li>
-  <ul>
-    <li><a href="#TRAF">Почему так криво считается трафик? Не совпадает с ...</a></li>
-    <li><a href="#CONFIG">Почему такая кривая конфигурация и ничерта не понятно?</a></li>
-    <li><a href="#CODE">Почему так криво написан код?</a>
-    <li><a href="#UNSAFE">Почему так много strcpy, sprintf и т.д., это ж дыры!</a>
-  </ul>
-</ul>
-<hr>
-<li><b><a name="TROUBLE">Почему не работает...<a></b></li>
-<ul>
-  <li><a name="NOTHING"><i>Q: Почему ничего не работает?</i></a></li>
-  <p>
-  <i>A:</i> Потому что для работы нужен правильный файл конфигурации.
-  </p>
-  <li><a name="LIMITS"><i>Q: Почему не работают ограничения доступа (перенаправления, ограничения по скорости,
-  трафику и т.д.)?</i></a></li>
-  <p>
-  <i>A:</i> Обычные ошибки - использование auth none (для работы любых
-  функций, основанных на ACL, требуется auth iponly, nbname или strong),
-  нарушение порядка ввода команд (команды выполняются последовательно,
-  запуск сервиса proxy, socks, tcppm и т.д. должен осуществляться после
-  того, как указана его конфигурация), неправильный порядок записей в ACL
-  (записи просматриваются последовательно до первой, удовлетворяющей
-  критериям). Если в ACL имеется хотя бы одна запись, то считается, что
-  последняя запись в ACL - это неявная deny *.
-  </p>
-  <li><a name="SERVICE"><i>Q: Почему 3proxy не запускается как служба?</i></a></li>
-  <p>
-  <i>A:</i> Наиболее вероятные причины:
-  <ul>
-    <li>Отсутствие команды service в файле конфигурации - команда необходима в 3proxy 0.5.2 и более ранних, чтобы 3proxy вел себя как системная служба Windows
-    <li>Использование относительных (неполных) путей файлов в файле конфигурации
-    При использовании файлов журналов, файлов вставок ($filename) используйте
-    полные пути, например, $"c:\3proxy\include files\networks.local". Тоже самое
-    относится к файлам журналов и любым другим.
-    Для отладки лучше запускать 3proxy с ведением журнала на стандартный вывод.
-    Не забудьте в таком случае отключить daemon и service в файле конфигурации.
-    Для чистоты эксперимента запускать 3proxy из коммандной строки в таком случае
-    следует, находясь в другой папке.
-    <li>Отсутствие у системной записи прав на доступ к исполняемому файлу, каким-либо файлам конфигурации, журнала и т.п.
-    <li>Отсутствие файла конфигурации по стандартному расположению -
-    3proxy.cfg в одном каталоге с исполняемым файлом. Если файл расположен по
-    другому пути, необходимо использовать команду
-    <pre>
-    3proxy --install path_to_configuration_file</pre>
-    <li>Отсутствие у пользователя прав на установку или запуск службы
-    <li>Служба уже установлена или запущена
-  </ul>
-  </p>
-  <li><a name="INTEXT"><i>Q: Почему не получается указать internal и external?</i></a></li></li>
-  <p>
-  <i>A:</i> Убедитесь, что выправильно понимаете что такое internal и external адреса.
-  Оба адреса - это адреса, принадлежищие хосту, на котором установлен 3proxy.
-  Эта опция конфигурации необходима в классической ситуации, когда 3proxy
-  установлен на граничном компьютере с двумя (или более) подключениями:
-  <pre>
-       LAN connection +-------------+ Internet connection
-  LAN <-------------->| 3proxy host |<-------------------> INTERNET
-                     ^+-------------+^
-                     |               |
-               Internal IP      External IP</pre>
-  Если 3proxy работает на хосте с одним интерфейсом, то его адрес будет и
-  internal и external.
-  <br>Интерфейс с адресом internal должен существовать и быть рабочим на момент
-  запуска 3proxy, и не должен отключаться. Если internal интерфейс
-  периодически отключается, то не следует его указывать, или можно указать адрес
-  0.0.0.0. При этом прокси будет принимать запросы на всех интерфейсах, поэтому
-  при наличии нескольких интерфейсов для ограничения доступа следует использовать
-  фаервол или хотя бы ACL.
-  </p>
-  <p>
-  Интерфейс с адресом external, если он указан, должен быть рабочим на момент
-  получения запроса клиента. При отсутствии external или адресе 0.0.0.0 внешний
-  адрес будет выбираться системой при установке соединения. При этом, может быть
-  возможность доступа через прокси к ресурсам локальной сети, поэтому для
-  предотвращения несанкционированного доступа следует использовать ACL. Кроме
-  того, могут быть проблемы с приемом входящих соединений через SOCKSv5
-  (SOCKSv5 используется в клиентах исключительно редко).
-  В случае, если адрес динамический, можно либо не
-  указывать external, либо использовать адрес 0.0.0.0, либо, если необходима
-  поддержка входящих соединений в SOCKSv5, использовать скрипт,
-  который будет получать текущий адрес и сохранять его в файл, который будет
-  отслуживаться через команду monitor.
-  </p>
-  <li><a name="ODBC"><i>Q: Почему не работает ведение журналов в ODBC?</i></a></li>
-  <p>
-  <i>A:</i> Убедитесь, что используется системный, а не
-  пользовательский DSN. Убедитесь, что выполняется правильный SQL запрос. Наиболее
-  распространенная проблема связана с отсутствием кавычек или неправильным
-  форматом данных. Самый простой способ - сделать ведение журнала в файл или
-  на стандартный вывод, просмотреть выдаваемые SQL запросы и попробовать
-  дать такой запрос вручную.
-  </p> 
-  <li><a name="CHAP"><i>Q: Почему не поддерживаются APOP и CRAM-MD5 в POP3 прокси?</i></a></li>
-  <p>
-  <i>A:</i> Любая challenge-response аутентификация, к которым относятся APOP
-  и CRAM-MD5, требует, чтобы со стороны сервера был передан уникальный challenge.
-  До начала аутентификации POP3 прокси не знает, к какому серверу следует
-  подключаться для получения Challenge, поэтому challenge-response в принципе
-  невозможен. Защитить соединение можно с помощью TLS (например, stunnel) или
-  IPSec.
-  </p>
-</ul>
-<hr>
-<li><b><a name="SOCKSREDIR">Перенаправление socks соединений в локальный прокси</a></b></li>
-<ul>
-  <li><a name="REDIR"><i>Q: Для чего это надо?</i></a></li>
-  <p>
-  <i>A:</i> Чтобы иметь в логах URL запросов, если пользователь SOCKS пользуется
-  Web, FTP или POP3.
-  </p>
-  <li><a name="REDIRLIMIT"><i>Q: Какие недостатки?</i></a></li>
-  <p>
-  <i>A:</i> Перенапраление невозможно для web-серверов или FTP, висящих на
-  нестандартных портах, для SOCKSv4 не поддрживается авторизация с
-  паролем (IE поддерживает только SOCKSv4), но при этом IE передает
-  имя пользователя по SOCKSv4 (имя, с которым пользователь вошел в систему).
-  Для SOCKSv5 не поддерживается NTLM авторизация, пароли передаются в открытом
-  тексте.
-  </p>
-  <li><a name="REDIRADV"><i>Q: Какие преимущества?</i></a></li>
-  <p>
-  <i>A:</i> Достаточно в настройках IE только указать адрес SOCKS прокси. В
-  больших сетях можно для этого использовать WPAD (автоматическое
-  обнаружение прокси). В 3proxy достаточно запускать только одну службу
-  (socks). Если используется только Internet Explorer, то можно
-  автоматически получать имя пользователя в логах, не запрашивая
-  логин/пароль.
-  </p>
-  <li><a name="REDIRHOW"><i>Q: Как настраивается?</i></a></li>
-  <p>
-  <i>A:</i> Указывается parent http proxy со специальным адресом 0.0.0.0 и портом
-  0. Пример:
-  <pre>
-  allow * * * 80,8080-8088
-  parent 1000 http 0.0.0.0 0
-  allow * * * 80,8080-8088
-  #перенаправить соединения по портам 80 и 8080-8088 в локальный
-  #http прокси. Вторая команда allow необходима, т.к. контроль доступа
-  #осуществляется 2 раза - на уровне socks и на уровне HTTP прокси
-  allow * * * 21,2121
-  parent 1000 ftp 0.0.0.0 0
-  allow * * * 21,2121
-  #перенаправить соединения по портам 21 и 2121 в локальный
-  #ftp прокси
-  allow *
-  #пустить все соединения напрямую
-  socks</pre>
-  </p>
-  <li><a name="REDIINTER"><i>Q: Как взаимодействует с другими правилами в ACL?</i></a></li>
-  <p>
-  <i>A:</i> После внутреннего перенаправления правила рассматриваются еще раз за
-  исключением самого правила с перенаправлением (т.е. обработка правил не
-  прекращается). Это позволяет сделать дальнейшие перенаправления на
-  внешний прокси. По этой же причине локальное перенаправление не должно
-  быть последним правилом (т.е. должно быть еще хотя бы правило allow,
-  чтобы разрешить внешние соединения через HTTP прокси).
-  Например,
-  <pre>
-  allow * * * 80,8080-8088
-  parent 1000 http 0.0.0.0 0
-  #перенаправить во внутренний прокси
-  allow * * $c:\3proxy\local.nets 80,8080-8088
-  #разрешить прямой web-доступ к сетям из local.nets
-  allow * * * 80,8080-8088
-  parent 1000 http proxy.sandy.ru 3128
-  #все остальные веб-запросы перенаправить на внешний прокси-сервер
-  allow *
-  #разрешить socks-запросы по другим портам</pre>
-  </p>
-</ul>
-<hr>
-<li><b><a name="ISIT">А есть ли...</a></b></li>
-<ul>
-  <li><a name="NAMES"><i>Q: Можно ли разрешать имена на родительском прокси?</i></a></li>
-  <p>
-  <i>A:</i> Можно. Для этого надо использовать тип родительского прокси http,
-  connect+, socks4+ и socks5+. Однако, при это надо помнить, что самому 3proxy
-  требуется разрешение имени для управления ACL. Поэтому, если с прокси-хоста
-  не работают разрешения имени, необходимо в конфигурации дать команду
-  <pre>
-  fakeresolve</pre>
-  которая разрешает любое имя в адрес 127.0.0.2.
-  </p>
-  <li><a name="ISFTP"><i>Q: Существует ли сейчас поддержка FTP прокси в продукте?</i></a></li>
-  <p>
-  Есть поддержка как FTP через HTTP (то, что называется FTP прокси в Internet
-  Explorer, Netscape, Opera) так и настоящего FTP прокси (то, что называется
-  FTP proxy в FAR и FTP клиентах).
-  </p>
-  <li><a name="PORT"><i>Q: Каким образом можно прибиндить сервисы на свой порт, к примеру, HTTP прокси к 8080, а не 3128 как по-умолчанию?</i></a></li>
-  <p>
-  А:
-  <pre>
-  proxy -p8080</pre>
-  </p>
-  <li><a name="BANDLIM"><i>Q: Как ограничить ширину канала?</i></a></li>
-  <p>
-  <i>A:</i> Читайте HowTo <a href="http://3proxy.ru/howtor.asp#BANDLIM">http://3proxy.ru/howtor.asp#BANDLIM</a>
-  </p>
-</ul>
-<hr>
-<li><b><a name="BRRR">Почему так криво...</a></b></li>
-<ul>
-  <li><a name="TRAF"><i>Q: Почему так криво считается трафик? Не совпадает с ...</i></a></li>
-  <p>
-  <i>A:</i> Следует учитывать, что 3proxy считает трафик только на прикладном уровне и
-  только проходящий через прокси-сервер. Провайдеры и другие средства учета
-  трафика считают трафик на сетевом уровне, что уже дает расхождение порядка 10%
-  за счет информации из заголовков пакетов. Кроме того, часть трафика, как
-  минимум DNS-разрешения, различный флудовый трафик и т.д. идут мимо прокси.
-  Уровень "шумового" трафика в Internet сейчас составляет порядка 50KB/день на
-  каждый реальный IP адрес, но может сильно варьироваться в зависимости от сети,
-  наличия открытых портов, реакции на ping-запросы и текущего уровня вирусной
-  активности. По этим причинам, если 3proxy используется чтобы не "выжрать"
-  трафик, выделенный провайдером, всегда следует делать некий запас порядка
-  15%.
-  </p>
-  <p>
-  Если на одной с 3proxy машине имеются какие-либо сервисы или
-  работает пользователь, то их трафик не проходит через proxy-сервер и так же
-  не будет учтен. Если где-то есть NAT, то клиенты, выходящие через NAT мимо
-  прокси, так же останутся неучтенными. Если расхождение с провайдером превышает
-  10% - нужно искать причину именно в этом.
-  </p>
-  <li><a name="CONFIG"><i>Q: Почему такая кривая конфигурация и ничерта не понятно?</i></a></li>
-  <p>
-  <i>A:</i> Есть несколько причин. Во-первых, до выхода релиза (т.е. версии 1.0) я буду изо
-  всех сил добиваться совместимости конфигурации между версиями. Во-вторых,
-  конфигурация сделана так, чтобы ее можно было легко разбирать программно.
-  В-третьих, все там понятно. При желании. Если знать как все работает.
-  </p>
-  <li><a name="CODE"><i>Q: Почему так криво написан код?</i></a></li>
-  <p>
-  <i>A:</i> Есть несколько причин. Во-первых, я не программист. Во-вторых, 3proxy изначально
-  писался на коленке (в отет на &quot;слабо&quot; в одной из конференций). Никто
-  не мог предположить, что им кто-то реально будет пользоваться. В-третьих, у многих
-  возникает желание разобраться в коде 3proxy чтобы внедрить его в какой-нибудь
-  троян. Очень не хочется облегчать эту задачу. В-четвертых, мне надо добиться
-  компиляции кода в как можно большем числе систем. Замечено, что чем кривее код в
-  C, тем он лучше переносится.
-  </p>
-  <li><a name="UNSAFE"><i>Q: Почему так много strcpy, sprintf и т.д., это ж дыры!</i></a><li>
-  <p>
-  <i>A:</i> Есть несколько причин. Во-первых, несмотря на дурной тон использования этих
-  функций, они наиболее совместимы между разными системами и компиляторами.
-  Во-вторых, само по себе их использование не означает присутствие дыры, если их
-  параметры должным образом контролируются. Найдете дыру - обязательно сообщите.
-  В третьих, может быть я уберу их перед конечным релизом, чтобы никого не
-  пугать.
-  </p>
-</ul>
-<pre>
-$Id: faqr.html,v 1.28 2007/09/25 09:47:13 vlad Exp $
-</pre>
+
+<H2><A href="hotoe.html">См. HowTo</a></H2>

doc/html/highload.html

@@ -0,0 +1,300 @@
+<h3>Optimizing 3proxy for high load</h3>
+<p>Precaution 1: 3proxy was not initially developed for high load and is positioned as a SOHO product, the main reason is "one connection - one thread" model 3proxy uses. 3proxy is known to work with above 200,000 connections under proper configuration, but use it in production environment under high loads at your own risk and do not expect too much.
+<p>Precaution 2: This documentation is incomplete and is not sufficient. High loads may require very specific system tuning including, but not limited to specific or cusomized kernels, builds, settings, sysctls, options, etc. All this is not covered by this documentation.
+
+<h4>Configuring 'maxconn'</h4>
+
+A number of simulatineous connections per service is limited by 'maxconn' option.
+Default maxconn value since 3proxy 0.8 is 500. You may want to set 'maxconn'
+to higher value. Under this configuration:
+<pre>
+maxconn 1000
+proxy -p3129
+proxy -p3128
+socks
+</pre>
+maxconn for every service is 1000, and there are 3 services running
+(2 proxy and 1 socks), so, for all services there can be up to 3000
+simulatineous connections to 3proxy.
+<p>Avoid setting 'maxconn' to arbitrary high value, it should be carefully
+choosen to protect system and proxy from resources exhaution. Setting maxconn
+above resources available can lead to denial of service conditions.
+<h4>Understanding resources requirements</h4>
+Each running service require:
+<ul>
+<li>1*thread (process)
+<li>1*socket (file descriptor)
+<li>1 stack memory segment + some heap memory, ~64K-128K depending on the system
+</ul>
+Each connected client require:
+<ul>
+<li>1*thread (process)
+<li>2*socket (file descriptor). For FTP 4 sockets are required. 
+<br>Under linux since 0.9 splice() is used. It's much more effective, but requires
+<br>2*socket (file descriptor) + 2*pipe (file descriptors) = 4 file descriptors.
+<br>For FTP 4 sockets and 2 pipes are required with splice().
+<br>Up to 128K (up to 256K in the case of splice()) of kernel buffers memory. This is theoretical maximum, actual numbers depend on connection quality and traffic amount.
+<br>1 additional socket (file descriptor) during name resolution for non-cached names
+<br>1 additional socket during authentication or logging for RADIUS authentication or logging.
+<li>1*ephemeral port (3*ephemeral ports for FTP connection).
+<li>1 stack memory segment of ~32K-128K depending on the system + at least 16K and up to few MB (for 'proxy' and 'ftppr') of heap memory. If you are short of memory, prefer 'socks' to 'proxy' and 'ftppr'.
+<li>a lot of system buffers, specially in the case of slow network connections.
+</ul>
+Also, additional resources like system buffers are required for network activity.
+
+<h4>Setting ulimits</h4>
+
+Hard and soft ulimits must be set above calculated requirements. Under Linux, you can
+check limits of running process with
+<pre>
+cat /proc/PID/limits
+</pre>
+where PID is a pid of the process. 
+Validate ulimits match your expectation, especially if you run 3proxy under dedicated account
+by adding e.g.
+<pre>
+system "ulimit -Ha >>/tmp/3proxy.ulim.hard"
+system "ulimit -Sa >>/tmp/3proxy.ulim.soft"
+</pre>
+in the beginning (before first service started) and the end of config file.
+Make both hard restart (that is kill and start 3proxy process) and soft restart
+by sending SIGUSR1 to 3proxy process, check ulimits recorded to files match your
+expecation. In systemd based distros (e.g. latest Debian / Ubuntu) changing limits.conf
+is not enough, limits must be ajusted in systemd configuration, e.g. by setting
+<pre>
+DefaultLimitDATA=infinity
+DefaultLimitSTACK=infinity
+DefaultLimitCORE=infinity
+DefaultLimitRSS=infinity
+DefaultLimitNOFILE=102400
+DefaultLimitAS=infinity
+DefaultLimitNPROC=10240
+DefaultLimitMEMLOCK=infinity
+</pre>
+in user.conf / system.conf
+
+<h4>Extending system limitation</h4>
+
+Check manuals / documentation for your system limitations e.g. system-wide limit for number of open files
+(fs.file-max in Linux). You may need to change sysctls or even rebuild the kernel from source.
+<p>
+To help with socket-based system-dependant settings, since 0.9-devel 3proxy supports different
+socket options which can be set via -ol option for listening socket, -oc for proxy-to-client
+socket and -os for proxy-to-server socket. Example:
+<pre>
+proxy -olSO_REUSEADDR,SO_REUSEPORT -ocTCP_TIMESTAMPS,TCP_NODELAY -osTCP_NODELAY
+</pre>
+available options are system dependant.
+
+<h4>Using 3proxy in virtual environment</h4>
+
+If 3proxy is used in VPS environment, there can be additional limitations. 
+For example, kernel resources / system CPU usage / IOCTLs can be limited in a different way, and this can become a bottleneck. 
+Since 0.9 devel, 3proxy uses splice() by default on Linux, splice() prevents network traffic from being copied from
+kernel space to 3proxy process and generally increases throughput, epecially in the case of high volume traffic. It especially
+true for virtual environment (it can improve thoughput up to 10 times) unless there are additional kernel limitations.
+Since some work is moved to kernel, it requires up to 2 times more kernel resources in terms of CPU, memory and IOCTLs.
+If your hosting additionally limits kernel resources (you can see it as nearly 100% CPU usage without any real CPU activity for
+any application which performs IOCTLS), use -s0 option to disable splice() usage for given service e.g.
+<pre> 
+socks -s0
+</pre>
+
+<h4>Extending ephemeral port range</h4>
+
+Check ephemeral port range for your system and extend it to the number of the
+ports required.
+Ephimeral range is always limited to maximum number of ports (64K). To extend the
+number of outgoing connections above this limit, extending ephemeral port range
+is not enough, you need additional actions:
+<ol>
+<li> Configure multiple outgoing IPs
+<li> Make sure 3proxy is configured to use different outgoing IP by either setting
+external IP via RADIUS
+<pre>
+radius secret 1.2.3.4
+auth radius
+proxy
+</pre>
+or by using multiple services with different external
+interfaces, example:
+<pre>
+allow user1,user11,user111
+proxy -p1111 -e1.1.1.1
+flush
+allow user2,user22,user222
+proxy -p2222 -e2.2.2.2
+flush
+allow user3,user33,user333
+proxy -p3333 -e3.3.3.3
+flush
+allow user4,user44,user444
+proxy -p4444 -e4.4.4.4
+flush
+</pre>
+or via "parent extip" rotation,
+e.g.
+<pre>
+allow user1,user11,user111
+parent 1000 extip 1.1.1.1 0
+allow user2,user22,user222
+parent 1000 extip 2.2.2.2 0
+allow user3,user33,user333
+parent 1000 extip 3.3.3.3 0
+allow user4,user44,user444
+parent 1000 extip 4.4.4.4 0
+proxy
+</pre>
+or
+<pre>
+allow *
+parent 250 extip 1.1.1.1 0
+parent 250 extip 2.2.2.2 0
+parent 250 extip 3.3.3.3 0
+parent 250 extip 4.4.4.4 0
+socks
+</pre>
+<pre>
+</pre>
+Under latest Linux version you can also start multiple services with different
+external addresses on the single port with SO_REUSEPORT on listening socket to
+evenly distribute incoming connections between outgoing interfaces:
+<pre>
+socks -olSO_REUSEPORT -p3128 -e 1.1.1.1
+socks -olSO_REUSEPORT -p3128 -e 2.2.2.2
+socks -olSO_REUSEPORT -p3128 -e 3.3.3.3
+socks -olSO_REUSEPORT -p3128 -e 4.4.4.4
+</pre>
+for Web browsing last two examples are not recommended, because same client can get
+different external address for different requests, you should choose external
+interface with user-based rules instead.
+<li> You may need additional system dependant actions to use same port on different IPs,
+usually by adding SO_REUSEADDR (SO_PORT_SCALABILITY for Windows) socket option to
+external socket. This option can be set (since 0.9 devel) with -os option:
+<pre>
+proxy -p3128 -e1.2.3.4 -osSO_REUSEADDR
+</pre>
+Behavior for SO_REUSEADDR and SO_REUSEPORT is different between different system,
+even between different kernel versions and can lead to unexpected results.
+Specifics is described <a href="https://stackoverflow.com/questions/14388706/socket-options-so-reuseaddr-and-so-reuseport-how-do-they-differ-do-they-mean-t">here</a>.
+Use this options only if actually required and if you fully understand possible
+consiquences. E.g. SO_REUSEPORT can help to establish more connections than the
+number of the client port available, but it can also lead to situation connections
+are randomely fail due to ip+port pairs collision if remote or local system 
+doesn't support this trick.
+</ol>
+
+<h4>Setting stacksize</h4>
+
+'stacksize' is a size added to all stack allocations and can be both positive and
+negative. Stack is required in functions call. 3proxy itself doesn't require large
+stack, but it can be required if some
+purely-written libc, 3rd party libraries or system functions called. There is known\
+dirty code in Unix ODBC
+implementations, build-in DNS resolvers, especially in the case of IPv6 and large
+number of interfaces. Under most 64-bit system extending stacksize will lead
+to additional memory space usage, but do not require actual commited memory,
+so you can inrease stacksize to relatively large value (e.g. 1024000) without
+the need to add additional phisical memory,
+but it's system/libc dependant and requires additional testing under your
+installation. Don't forget about memory related ulimts.
+<p>For 32-bit systems address space can be a bottlneck you should consider. If
+you're short of address space you can try to use negative stack size.
+
+<h4>Known system issues</h4>
+
+There are known race condition issues in Linux / glibc resolver. The probability
+of race condition arises under configuration with IPv6, large number of interfaces
+or IP addresses or resolvers configured. In this case, install local recursor and
+use 3proxy built-in resolver (nserver / nscache / nscache6).
+<h4>Do not use public resolvers</h4>
+Public resolvers like ones from Google have ratelimits. For large number of
+requests install local caching recursor (ISC bind named, PowerDNS recursor, etc).
+
+<h4>Avoid large lists</h4>
+
+Currently, 3proxy is not optimized to use large ACLs, user lists, etc. All lists
+are processed lineary. In devel version you can use RADIUS authentication to avoid
+user lists and ACLs in 3proxy itself. Also, RADIUS allows to easily set outgoing IP
+on per-user basis or more sophisicated logics.
+RADIUS is a new beta feature, test it before using in production.
+
+<h4>Avoid changing configuration too often</h4>
+
+Every configuration reload requires additional resources. Do not do frequent
+changes, like users addition/deletaion via connfiguration, use alternative
+authentication methods instead, like RADIUS.
+
+<h4>Consider using 'noforce'</h4>
+
+'force' behaviour (default) re-authenticates all connections after
+configuration reload, it may be resource consuming on large number of
+connections. Consider adding 'noforce' command before services started
+to prevent connections reauthentication.
+
+<h4>Do not monitor configuration files directly</h4>
+
+Using configuration file directly in 'monitor' can lead to race condition where
+configuration is reloaded while file is being written.
+To avoid race conditions:
+<ol>
+<li> Update config files only if there is no lock file
+<li> Create lock file then 3proxy configuration is updated, e.g. with
+"touch /some/path/3proxy/3proxy.lck". If you generate config files
+asynchronously, e.g. by user's request via web, you should consider
+implementing existance checking and file creation as atomic operation.
+<li>add
+<pre>
+system "rm /some/path/3proxy/3proxy.lck"
+</pre>
+at the end of config file to remove it after configuration is successfully loaded
+<li> Use a dedicated version file to monitor, e.g.
+<pre>
+monitor "/some/path/3proxy/3proxy.ver"
+</pre>
+<li> After config is updated, change version file for 3proxy to reload configuration,
+e.g. with "touch /some/path/3proxy/3proxy.ver".
+</ol>
+
+<h4>Use TCP_NODELAY to speed-up connections with small amount of data</h4>
+
+If most requests require exchange with a small amount of data in a both ways
+without the need for bandwidth, e.g. messengers or small web request,
+you can eliminate Nagle's algorithm delay with TCP_NODELAY flag. Usage example:
+<pre>
+proxy -osTCP_NODELAY -ocTCP_NODELAY
+</pre>
+sets TCP_NODELAY for client (oc) and server (os) connections.
+<p>Do not use TCP_NODELAY on slow connections with high delays and then
+connection bandwidth is a bottleneck.
+
+<h4>Use splice to speedup large data amount transfers</h4>
+
+splice() allows to copy data between connections without copying to process
+addres space. It can speedup proxy on high bandwidth connections, if most
+connections require large data transfers. Splice is enabled by default on Linux
+since 0.9, "-s0" disables splice usage. Example:
+<pre>
+proxy -s0
+</pre>
+Splice is only available on Linux. Splice requires more system buffers and file descriptors,
+and produces more IOCTLs but reduces process memory and overall CPU usage.
+Disable splice if there is a lot of short-living connections with no bandwidth
+requirements.
+<p>Use splice only on high-speed connections (e.g. 10GBE), if processor, memory speed or
+system bus are bottlenecks.
+<p>TCP_NODELAY and splice are not contrary to each over and should be combined on
+high-speed connections.
+
+<h4>Add grace delay to reduce system calls<h4>
+
+<pre>proxy -g8000,3,10</pre>
+First parameter is average read size we want to keep, second parameter is
+minimal number of packets in the same direction to apply algorythm,
+last value is delay added after polling and prior to reading data.
+An example above adds 10 millisecond delay before reading data if average
+polling size is below 8000 bytes and 3 read operations are made in the same
+direction. It's specially usefule with splice. <pre>logdump 1 1</pre> is useful
+to see how grace delays work, choose delay value to avoid filling the read
+pipe/buffer (typically 64K) but keep the request sizes close to chosen average
+on large file upload/download.

doc/html/howtoe.html

@@ -8,7 +8,6 @@
 		<li><A HREF="#INTL">How to compile 3proxy with Intel C Compiler under Windows</A>
 		<li><A HREF="#GCCWIN">How to compile 3proxy with GCC under Windows</A>
 		<li><A HREF="#GCCUNIX">How to compile 3proxy with GCC under Unix/Linux</A>
-		<li><A HREF="#CCCUNIX">How to compile 3proxy with Compaq C Compiler under Unix/Linux</A>
 	</ul>
 	<li><A HREF="#INSTALL">Proxy server installation and removal</A>
 	<ul>
@@ -18,21 +17,36 @@
 	</ul>
 	<li><A HREF="#SERVER">Server configuration</A>
 	<ul>
-		<li><A HREF="#SAMPLE">Where to find configuration example</A>
+  <li><a href="#NOTHING">How to make 3proxy start</a></li>
+    <li><a href="#LIMITS">How to make limitation (access, bandwidth, traffic, connections) work</a></li>
+    <li><a href="#SERVICE">How to make 3proxy to run as a service</a></li>
+    <li><a href="#INTEXT">How to understand internal and external</a></li>
+    <li><a href="#ODBC">How to make ODBC logging work?</a></li>
+    <li><a href="#IPV6">How to make IPv6 work</a></li>
+    <li><a href="#CRASH">How to fix 3proxy crashes</a></li>
+  		<li><A HREF="#SAMPLE">Where to find configuration example</A>
 		<li><A HREF="#LOGGING">How to set up logging</A>
 		<li><A HREF="#LOGFORMAT">How to setup logging format</A>
 		<li><A HREF="#LOGANALIZERS">How to use log analizers with 3proxy</A>
 		<li><A HREF="#LAUNCH">How to start any of proxy services (HTTP, SOCKS etc)</A>
-		<li><A HREF="#BIND">How to bind service to specific interface and port?</A>
+		<li><a href="#BIND">How to bind service to specific interface or port</a>
+		<li><a href="#NAMES">How to resolve names through a parent proxy</a></li>
+		<li><a href="#ISFTP">How to setup FTP proxy</a></li>
+		<li><a href="#TLSPR">How to setup SNI proxy (tlspr)</a></li>
 		<li><A HREF="#AUTH">How to limit service access</A>
 		<li><A HREF="#USERS">How to create user list</A>
 		<li><A HREF="#ACL">How to limit user access to resources</A>
 		<li><A HREF="#REDIR">How to manage redirections</A>
+		<li><a href="#SOCKSREDIR">How to manage local redirections</a>
 		<li><A HREF="#ROUNDROBIN">How to balance traffic between few external channgels?</A>
 		<li><A HREF="#CHAIN">How to manage proxy chains</A>
 		<li><A HREF="#BANDLIM">How to limit bandwidth</A>
 		<li><A HREF="#TRAFLIM">How to limit traffic amount</A>
+		<li><a href="#TRAF">How to fix incorrect traffic accounting</a>
 		<li><A HREF="#NETLIST">How to build network lists</A>
+		<li><a href="#NSCACHING">How to configure name resolution and DNS caching</a>
+		<li><a href="#IPV6">How to use IPv6</a>
+		<li><a href="#CONNBACK">How to use connect back</a>
 	</ul>
 	<li><A HREF="#CLIENT">Client configuration</A>
 	<li><A HREF="#ADMIN">Administering and information analisys</A>
@@ -81,12 +95,6 @@ shouldn't have problems under different Solaris, BSD or linux compatible systems
 For different systems you may be required to patch Makefile or even source codes.
 If you want to use ODBC support, make sure to install ODBC for unix, remove -DNOODBC
 option from makefile compiler options and add ODBC library to linker variable.
-</p>
-	</ul>
-<hr>
-		<li><A NAME="CCCUNIX">How to compile 3proxy with Compaq C Compiler under Unix/Linux</A></li>
-<p>
-See <A HREF="#GCCUNIX">How to compile 3proxy with GCC under Unix/Linux</A>, use Makefile.ccc instead of Makefile.unix.
 </p>
 	</ul>
 <hr>
@@ -161,6 +169,83 @@ Add 3proxy to system startup scripts.
 	<li><A NAME="SERVER">Server configuration</A>
 <p>
 	<ul>
+  <li><a name="NOTHING">How to make 3proxy start</a>
+<p>Valid configuration file is required.
+
+    <li><a name="IMITS">How to make limitation (access, bandwidth, traffic, connections) work</a>
+<p> Most probable reasons for non-working limitations: 'auth none' or no auth is used. For any ACL based feature one of 'iponly', 'nbname' or 'strong' auths required. Sequence of commands may be invalid. Commands are executed one-by-one and 'proxy', 'tcppm', 'socks' or another service commands must follow valid configuration. Invalid sequence of ACLs. First matching ACL is used (except of internal redirections, see below). If ACL contains at least one records last record is assumed to be 'deny *'.
+
+    <li><a name="SERVICE">How to make 3proxy to run as a service</a>
+<p>Possible reasons for 3proxy starts manually but fails to start as a service:
+<ul>
+<li>there are relative paths in configuration file for included files,
+log files, etc. Always use absolute paths. For example
+$"c:\3proxy\networks.local" instead of  $networks.local. For debugging remove
+'service' and 'daemon', log to stdout an try to execute 3proxy from command
+line from some different directory (for example from disk root).
+<li>SYSTEM account doesn't have access to executable file, configuration files,
+log files, etc.
+<li>configuration files is not located in default path (3proxy.cfg in same
+location with 3proxy.exe). For alternative configuration file location use
+<pre>
+3proxy --install full_path_to_configuration_file
+</pre>
+<li>user has no rights to install or start service
+<li>service is already installed and/or started
+
+</ul>
+
+<p><A NAME="INTEXT">How to understant internal and external</A>
+<p>
+Both internal and external IPs are IPs of the host running 3proxy itself.
+This configuration option is usefull in situation 3proxy is running on the
+border host with 2 (or more) connections: e.g. LAN and WAN with different IPs
+<pre>
+     LAN connection +-------------+ Internet connection
+LAN <-------------->| 3proxy host |<-------------------> INTERNET
+                   ^+-------------+^
+	           |               |
+              Internal IP       External IP
+</pre>
+If 3proxy is used on the host with single connection, both internal and
+external are usually same IP.
+<br>Internal should exist and be UP on the moment 3proxy is started and
+should never be disconnected/DOWN. If this interface is periodically
+disconnected (e.g. direct link between 2 hosts), do not specify internal
+address or use 0.0.0.0 instead. In this case, if you have 2 or more
+interfaces you must use firewall (preferably) or 3proxy ACLs to avoid open
+proxy situation. 
+<br>
+External IP (if specified) must exist in the momet 3proxy
+serves client request. If external interface is no specified (or 0.0.0.0),
+system select external IP. It may be possible to access resources of internal
+network, to prevent this use ACLs. In addition, SOCKSv5 will not support BIND
+operation, required for incoming connections (this operation is quite rarely
+implemented in SOCKSv5 clients and usually is not required). In case of
+dynamic address, do not specify external or use external 0.0.0.0 or, if
+external address is required, create a script to determine current external
+IP and save it to file, and use external "$path_to_file" with "monitor" command
+to automatically reload configuration on address change.
+
+    <li><a name="ODBC">How to make ODBC logging work?</a>
+<p>
+Check you use system DSN. 
+Check SQL request is valid. 
+The best way to check is to make file or stdout logging, get SQL request from log file or console and execute this request manually.
+Under Unix, you may also want to adjust 'stacksize' parameter.
+
+    <li><a name="IPV6">How to make IPv6 work</a>
+<p> Proxy can not access destination directly over IPv6 if client requests IPv4 address.
+To access IPv6 destination, either IPv6 address or hostname  must be used in request.
+Best solution is to enable option to resolve hostnames via proxy on client side.
+
+    <li><a name="CRASH">How to fix 3proxy crashes</a>
+<p> default stacksize may be insufficient, if some non-default plugins
+  are used (e.g. PAM and ODBC on Linux) or if compiled on some platforms with
+  invalid system defined values (few versionds of FreeBSD on amd64).
+  Problem can be resolved with 'stacksize' command or '-S' option starting 3proxy 0.8.4.
+
+
 		<li><A NAME="SAMPLE">Where to find configuration example</A>
 <p>
 Server configuration example 3proxy.cfg.sample is in any 3proxy distribution.
@@ -216,7 +301,7 @@ sets rotation type. LOGTYPE may be:
 	<li>W, weekly
 	<li>D, daily
 	<li>H, hourly
-	<li>‘, minutely
+	<li>C, minutely
 </ul>
 <pre>
 	rotate NUMBER
@@ -277,17 +362,17 @@ logformat "L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
 </pre>
 	generates something like
 <p><font face="courier">
-1042454727.0296 SOCK4.1080 000 3APA3A 127.0.0.1:4739 195.122.226.28:4739 505 18735 1 GET http://3proxy.ru/ HTTP/1.1
+1042454727.0296 SOCK4.1080 000 3APA3A 127.0.0.1:4739 195.122.226.28:4739 505 18735 1 GET http://3proxy.org/ HTTP/1.1
 </font>
 <br>(no line breaks)
 </p>
 <p>
 	If ODBC used, logformat should specify SQL command,
 	to insert record into log, for example
-<p><font face="courier">
-logformat "GINSERT INTO proxystat  VALUES (%t, '%c', '%U', %I)"
-</font>
+<p><pre>
+logformat "-\'+_GINSERT INTO proxystat  VALUES (%t, '%c', '%U', %I)"</pre>
 <br>(no line breaks)
+<br>-\'+_ instructs to replace characters \ and ' with _
 </p>
 		<li><A NAME="LOGANALIZERS">How to use log analizers with 3proxy</A>
 <p>
@@ -379,6 +464,53 @@ proxy -p8080 -i192.168.1.1
 proxy -p8080 -i192.168.2.1
 </pre>
 </p>
+  <li><a name="NAMES">How to resolve names through a parent proxy</a></li>
+  <p>
+  <i>A:</i> Use one of proxy, connect+, socks4+ or socks5+ as a parent type. 3proxy
+  itself still performs a name resolution, it's required e.g. to ACLs matching.
+  So, if no name resolution must be performed by 3proxy itself add a command
+  <pre>
+  fakeresolve</pre>
+  this command resolves any name to 127.0.0.2 address.
+  </p>
+  <li><a name="ISFTP"><i>How to setup FTP proxy</i></a></li>
+  <p>
+  There is FTP over HTTP (what is called FTP proxy in browsers) and FTP over FTP ¯à®ªá¨
+  (what is called FTP proxy in file managers and FTP clients). For browsers, there is no need to start additional
+  proxy service, 'proxy' supports FTP over HTTP, configure 'proxy' port as an FTP proxy. For ftp clients and file
+  managers use ftppr. FTP proxy supports both active and passive mode with client, but always use passive mode with FTP servers.
+  </p>
+  <li><a name="TLSPR"><i>How to setup SNI proxy (tlspr)</i></a></li>
+  <p>
+    SNI proxy can be used to transparently redirect any TLS traffic with external router or local redirection rules. It can also be used
+    to extract hostnames from TLS to use in ACLs in combination with SOCKS or HTTP(s) proxy and/or Transparent plugin. It can also be used to require TLS or mTLS between services. TLS hadshake contains no
+    port information, if tlspr is used as a standalone service, destination port may be either detected with Transparent plugin or configured with -P option (default 443).
+  </p><p>    
+    -c option is used  to specify level of TLS check:    
+</p><pre>
+0 (default) - allow non-TLS traffic
+1 - require TLS, only check client HELLO packet
+2 - require TLS, check both client and server HELLO
+3 - require TLS, check server send certificate (not compatible with TLS 1.3)
+4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)    
+</pre>
+<p>
+configuration examples:
+1. port 1443 may be used to redirect traffic to destination port 143). SNI is used to find destination host
+<pre>
+tlspr -p1443 -P443 -c1
+</pre>
+2. used as parent tls to detect destination hostname from TLS in socks
+<pre>
+allow * * * 80
+parent 1000 http 0.0.0.0 0
+allow * * * * CONNECT
+parent 1000 tls 0.0.0.0 0
+deny * * some.not.allowed.host
+allow *
+socks
+</pre>
+  </p>
 		<li><A NAME="AUTH">How to limit service access</A>
 <p>
 First, always specify internal interface to accept incoming connection with
@@ -458,7 +590,12 @@ proxy -n
 </p>
 Please note, that caching affects security. Never use caching for access to
 critical resources, such as web administration.
-
+  <p>authcache can be used to bind user's sessions to ip with 'limit' option, with
+  <pre>
+  autchcache ip,user,pass,limit 120
+  auth cache strong</pre>
+  user will not be able to use more than a single IP during cache time (120 sec).
+  </p>
 		<li><A NAME="USERS">How to create user list</A>
 <p>
 Userslist is created with 'users' command.
@@ -510,7 +647,7 @@ allow &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&
 'flush' command is used to finish with existing ACL and to start new one.
 It's required to have different ACLs for different services.
 'allow' is used to allow connection and 'deny' to deny connection. 'allow'
-command can be extended by 'parent' command to manage redirections (see <A NAME="REDIR">How to manage redirections</A>)). If ACL
+command can be extended by 'parent' command to manage redirections (see <A href="#REDIR">How to manage redirections</A>)). If ACL
 is empty it allow everything. If ACL is not empty, first matching ACL entry
 is searched for user request and ACL action (allow or deny) performed. If
 no matching record found, connection is denied and user will be asked to
@@ -599,6 +736,60 @@ no need to run these services expicitly. Local redirections are usefull if
 you want to see and control via ACLs protocol specific parameters, e.g.
 filenames requests thorugh FTP while clients are using SOCKS.
 </p>
+    <li><a name="SOCKSREDIR">Š ª ã¯à ¢«ïâì «®ª «ì­ë¬¨ ¯¥à¥­ ¯à ¢«¥­¨ï¬¨</a>
+<p>
+<p><i>Q: What is it for?</i></p>
+A: To have control based on request and to have URLs and another protocol specific parameters to be logged.
+
+<p><i>Q: What are restrictions?</i></p>
+A: It's hard to redirect services for non-default ports; Internet Explorer supports only SOCKSv4 with no password authentication (Internet Explorer sends username, but not password), for SOCKSv5 only cleartext password authentication is supported.
+
+<p><i>Q: What are advantages?</i></p>
+A: You need only to setup SOCKS proxy in browser settings. You can use socksifier, i.e. FreeCAP or SocksCAP with application which is not proxy aware.
+
+<p><i>Q: How to setup?</i></p>
+A: You should specify parent proxy with IP of 0.0.0.0 and port 0. Examples:
+<pre>
+auth iponly
+allow * * * 80,8080-8088
+parent 1000 http 0.0.0.0 0
+allow * * * 80,8080-8088
+#redirect ports 80 and 8080-8088 to local HTTP proxy
+#Second allow is required, because ACLs are checked
+#twice: first time by socks and second by http proxy.
+
+allow * * * 21,2121
+parent 1000 ftp 0.0.0.0 0
+allow * * * 21,2121
+#redirect ports 21 and 2121 to local 
+#ftp proxy
+
+
+allow *
+#allow rest of connections directly
+
+socks
+#now let socks server to start
+</pre>
+
+<p><i>Q: How it affects different ACL rules</i></p>
+A: After local redirections rules are applied again to protocol-level request. Redirection rule itself is skipped. It makes it possible to redirect request again on the external proxy depending on request itself.
+<pre>
+allow * * * 80,8080-8088
+parent 1000 http 0.0.0.0 0
+#redirect http traffic to internal proxy
+
+allow * * $c:\3proxy\local.nets 80,8080-8088
+#allow direct access to local.nets networks
+allow * * * 80,8080-8088
+parent 1000 http proxy.3proxy.org 3128
+#use parent caching proxy for rest of the networks
+
+allow *
+#allow direct connections for rest of socks
+#requests
+</pre>
+
 		<li><A NAME="ROUNDROBIN">How to balance traffic between few external channgels?</A>
 <p>
 Proxy itself doesn't manage network level routing. The only way to control
@@ -714,30 +905,68 @@ reportpath specifies location of text reports, type parameter of 'counter'
 command controls how often text reports are created. amount is amount of
 allowed traffic in Megabytes (MB). nocountin allows you to set exclusions.
 </p>
-		<li><A NAME="NETLIST">How to build network lists</A>
-<p>Networks or users lists are often very huge. 3proxy doesn't currently
-supports user groups, but ones can be created by the means of include files.
-You can store comma-delimited lists of networks or users in the separate
-file and use $ macro to insert this list into 3proxy.cfg.
-3proxy comes with 'dighosts'
-utility. This utility helps to grab the list of the network from HTTP page.
-It may be usefull to e.g. obtain a regullary updated list of local networks
-from ISP's server. A network list can be either in form of NETWORK MASK,
-e.g. 192.168.1.0 255.255.255.0 or NETWORK/LENGTH, e.g. 192.168.1.0/24. You can
-launch dighosts from 3proxy.cfg to be executed on every 3proxy startup or
-configuration reload:
-<pre>
-system "dighosts http://provider/network.html local.networks"
-allow * * $local.networks
-allow *
-parent 1000 proxy.provider 3128 *
-proxy
-flush
-</pre>
-In this example we obtain list of local networks from provider's page to
-local.networks file, allow direct access to these networks and redirect all
-connection to external networks to provider's proxy.
+  <li><a name="TRAF"><i>How to fix incorrect traffic accounting</i></a>
+
+  <p>3proxy accounts protocol level traffic. Provider counts channel or IP-level traffic with network and transport headers. In additions, 3proxy doesn't counts DNS resolutions, pings, floods, scans, etc. It makes approx. 10% of difference. That's why you should have 15% reserve if you use 3proxy to limit your traffic. If difference with your provider is significantly above 10% you should look for traffic avoiding proxy server, for example connections through NAT, traffic originated from the host with proxy installed, traffic from server applications, etc.
+  <li><a name="NSCACHING"><i>How to configure name resolution and DNS caching</i></a>
+  <p>
+  For name resolution and caching use commands nserver, nscache / nscache6 and nsrecord.
+  <pre>
+  nserver 192.168.1.2
+  nserver 192.168.1.3:5353/tcp</pre>
+  sets DNS resolvers. 192.168.1.3 will be used via TCP/5353 (instead of default UDP/53)
+  only if 192.168.1.2 fails. Up to 5 nservers may be specified.
+  If no nserver is configured, default system name resolution functions are used.
+  <pre>
+  nscache 65535
+  nscache6 65535</pre>
+  sets name cache size for IPv4 and IPv6. Name cache must be large enouth, if presents.
+  name cache is only used if nserver is configured.
+  <pre>
+  nsrecord server.mycompany.example.com 192.168.1.1
+  nsrecord www.porno.com 127.0.0.2
+  ...
+  deny * * 127.0.0.2</pre>
+  adds static nsrecords. Also, static nsrecords are used for dnspr, unless -s option is specified.
+  Since 0.8 version, parent proxy may be configured for dnspr.
 </p>
+  <li><a name="IPV6"><i>How to use IPv6</i></a>
+  <p>
+  IPv6 is supported since 0.8. Please note, some proxy protolos, e.g. SOCKSv4,
+  do not  support IPv6. SOCKSv5 supports IPv6 with special request type (must be
+  implemented by client).
+  <br>
+  3proxy supports proxying from IPv4 and IPv6 networks to IPv4,
+  IPv6 and mixed networks. IPv6 address may be used in
+  internal, external, parent commands, ACLs, -i and -e options,etc.
+  external command and -e options may be given twice for each service - once with IPv4
+  and once with IPv6 address. internal can be given only once, to bind to all IPv4 and
+  IPv6 addresses use [0:0:0:0:0:0:0:0] or [::]. 
+  <br>
+  Any service may be configured with -4, -46, -64, -6 options to specify decied
+  priority for name to IPv4/IPv6 address resolution (IPv4 only, IPv4 priority,
+  IPv6 priority, IPv6 only).
+  </p>	
+  <li><a name="CONNBACK"><i>How to use connect back</i></a>
+  <p>
+  In example, users needs access from external network to proxy server located
+  on the host 192.168.1.2. This host can not be accessed from external network,
+  but it has access to external network with with external address 1.1.1.1.
+  Also, user has access to the host 2.2.2.2 (IP address may be dynamic) with
+  hostname host.dyndns.example.org via external network. User needs 2 instances
+  of 3proxy, first one on the host 192.168.1.2 with config
+  <pre>
+  users user:CL:password
+  auth strong
+  allow user
+  proxy -rhost.dyndns.example.org:1234</pre>
+  second one on the host.dyndns.example.org (2.2.2.2) with config
+  <pre>
+  auth iponly
+  allow * * 1.1.1.1
+  tcppm -R0.0.0.0:1234 3128 1.1.1.1 3128</pre>
+  For browser settings proxy is host.dyndns.example.org:3128.
+  </p>	
 	</ul>
 
 <hr>
@@ -750,7 +979,7 @@ connection to external networks to provider's proxy.
 		<li><A NAME="NEWVERSION">How to obtain latest 3proxy version</A>
 <p>
 Latest version of 3proxy may be obtained
-<A HREF="http://3proxy.ru/">here</A>.
+<A HREF="https://3proxy.org/">here</A>.
 New version may have changes and incompatibilities with previous one in files
 format or commands. Please, read CHANGELOG file and another documentation
 before installing new version.
@@ -803,6 +1032,16 @@ You can control 3proxy service via "Services" administration ot via "net" comman
 		<li>50-69 - SOCKS5 PROXY REDIRECTION ERRORS
 		<li>70-79 PARENT PROXY CONNECTION ERRORS (identical to 1x)
 		<li>90-99 - established connection errors
+<li>since 0.9
+    <li>90 - unexpected system error (should not happen)
+    <li>91 - unexpected poll error (should not happen)
+    <li>92 - connection terminated by timeout (see timeouts)
+    <li>93 - connection terminated by ratelimit-related timeout or due to errors limit
+    <li>94 - connection termination by server or client with unsent data
+    <li>95 - dirty connection termination by client (or networking issue)
+    <li>96 - dirty connection termination by server (or networking issue)
+    <li>97 - dirty connection termination by both client and server (probably networking issue)
+<li>prior to 0.9:
 		<li>90 - socket error or connection broken
 		<li>91 - TCP/IP common failure
 		<li>92 - connection timed out
@@ -826,10 +1065,9 @@ You can control 3proxy service via "Services" administration ot via "net" comman
 <hr>
 	<li><A NAME="QUEST">How To ask quiestion not in How To?</A>
 <p>
-	Ask it in <A HREF="http://3proxy.ru/board4.html">3proxy forum</A>.
+	Ask it in <A HREF="https://github.com/z3APA3A/3proxy/issues">Github</A>.
 	Don't try to ask something before reading this document.
  </ul>
 
 </ul>
 
-<pre>$Id: howtoe.html,v 1.41 2009/02/02 10:04:49 vlad Exp $</pre>

doc/html/index.html

@@ -0,0 +1,17 @@
+<html><title>3proxy documentation</title><body><h2>3proxy documentation</h2> 
+<a href="securityen.html">Security recommendations</a><br> 
+<a href="highload.html">Optimizing 3proxy for high loads</a><br> 
+<a href="howtoe.html">How To (English, very incomplete)</a><br> 
+<a href="howtor.html">How To (Russian)</a><br> 
+<h3>Man pages:</h> 
+<br><A HREF="man8/3proxy.8.html">3proxy.8</A> 
+<br><A HREF="man8/ftppr.8.html">ftppr.8</A> 
+<br><A HREF="man8/pop3p.8.html">pop3p.8</A> 
+<br><A HREF="man8/proxy.8.html">proxy.8</A> 
+<br><A HREF="man8/smtpp.8.html">smtpp.8</A> 
+<br><A HREF="man8/socks.8.html">socks.8</A> 
+<br><A HREF="man8/tcppm.8.html">tcppm.8</A> 
+<br><A HREF="man8/tlspr.8.html">tlspr.8</A> 
+<br><A HREF="man8/udppm.8.html">udppm.8</A> 
+<br><A HREF="man3/3proxy.cfg.3.html">3proxy.cfg.3</A> 
+</body></html> 

doc/html/plugins/PCREPlugin.html

@@ -0,0 +1,94 @@
+
+<h3>3proxy Perl Compatible Regular Expressions (PCRE) plugin</h3>
+
+This filtering plugin can be used to create matching and replace
+rules with regular expressions for client's request, client and
+servers header and client and server data. It adds 3 additional
+configuration commands:
+
+<pre>
+pcre TYPE FILTER_ACTION REGEXP [ACE]
+pcre_rewrite TYPE FILTER_ACTION REGEXP REWRITE_EXPRESSION [ACE]
+pcre_extend FILTER_ACTION [ACE]
+pcre_options OPTION1 [...]
+</pre>
+pcre - allows to apply some rule for matching
+<br>pcre_rewrite - in addition to 'pcre' allows to substitute substrings
+<br>pcre_extend - extends ACL of the last pcre or pcre_rewrite comand by
+adding additional ACE (like with allow/deny configuration commands).
+<br>pcre_options - allows to set matching options. Awailable options are:
+PCRE_CASELESS,
+PCRE_MULTILINE,
+PCRE_DOTALL,
+PCRE_EXTENDED,
+PCRE_ANCHORED,
+PCRE_DOLLAR_ENDONLY,
+PCRE_EXTRA,
+PCRE_NOTBOL,
+PCRE_NOTEOL,
+PCRE_UNGREEDY,
+PCRE_NOTEMPTY,
+PCRE_UTF8,
+PCRE_NO_AUTO_CAPTURE,
+PCRE_NO_UTF8_CHECK,
+PCRE_AUTO_CALLOUT,
+PCRE_PARTIAL,     
+PCRE_DFA_SHORTEST,
+PCRE_DFA_RESTART,
+PCRE_FIRSTLINE,
+PCRE_DUPNAMES,
+PCRE_NEWLINE_CR,
+PCRE_NEWLINE_LF,
+PCRE_NEWLINE_CRLF,
+PCRE_NEWLINE_ANY,
+PCRE_NEWLINE_ANYCRLF,
+PCRE_BSR_ANYCRLF,
+PCRE_BSR_UNICODE
+
+<ul>
+<li>TYPE - type of filtered data. May contain one or more
+(comma delimited list) values:
+ <ul>
+ <li>request - content of client's request e.g. HTTP GET request string.
+(known problem: changing request string doesn't change IP of the host to connect)
+ <li>cliheader - content of client request headers,  e.g. HTTP request header.
+ <li>srvheader - content of server's reply headers, e.g. HTTP status and headers.
+ <li>clidata - data received from client, e.g. HTTP POST request data
+ <li>srvdata - data received from server, e.g. HTML page
+ </ul>
+<li>FILTER_ACTION - action on match
+ <ul>allow - allow this request without checking rest of the given type
+of the rules
+ <li>deny - deny this request without checking rest of the rules
+ <li>dunno - continue with the rest of rules (useful with pcre_rewrite) 
+ </ul>
+<li>REGEXP - PCRE (perl) regular expression. Use * if no regexp matching
+required.
+<li>REWRITE_EXPRESSION - substitution string. May contain perl-style
+substrings
+(not tested) $1, $2. $0 - means whole matched string. \r and \n may be used
+to insert new strings, string may be empty ("").
+<li>ACE - access control entry (user names, source IPs, destination IPs,
+ports, etc), absolutely identical to allow/deny/bandlimin commands.
+Regular expression is only matched if ACL matches connection data.
+Warning:
+reqular expression doesn't require authentication and can not replace
+authentication and/or allow/deny ACLs.
+</ul>
+
+
+<h4>Example:</h4>
+<pre>
+plugin PCREPlugin.dll pcre_plugin
+pcre request deny "porn|sex" user1,user2,user3 192.168.0.0/16
+pcre srvheader deny "Content-type: application"
+pcre_rewrite clidata,srvdata dunno "porn|sex|pussy" "***" baduser
+pcre_extend deny * 192.168.0.1/16
+</pre>
+
+<h4>Download:</h4>
+<ul>
+ <li>Plugin is included into 3proxy 0.6 binary and source distribution
+ <li>Example configuration (by Dennis Garber): <A HREF="NoPornLitest.cfg.txt">NoPornLitest.cfg</A>
+</ul>
+

doc/html/plugins/PCREPlugin.ru.html

@@ -0,0 +1,90 @@
+<h3>Плагин регулярных выражений совместимых с Perl (PCRE) для 3proxy</h3>
+
+Фильтрующий плагин используется для создания правил поиска и замены
+регулярных выражений в запросе, заголовков запроса и ответа и данных.
+Добавляет поддержку 3х новых команд в файле конфигурации:
+
+<pre>
+pcre TYPE FILTER_ACTION REGEXP [ACE]
+pcre_rewrite TYPE FILTER_ACTION REGEXP REWRITE_EXPRESSION [ACE]
+pcre_extend FILTER_ACTION [ACE]
+pcre_options OPTION1 [...]
+</pre>
+pcre - позволяет искать совпадения
+<br>pcre_rewrite - дополнительно позволяет производить замену подстрок
+<br>pcre_extend - расширяет ACL последней команды pcre или pcre_rewrite путем
+добавления еще одной ACE (аналогично списку правил allow/deny).
+<br>pcre_options - позволяет устанавливать опции поиска, доступны следующие опции:
+PCRE_CASELESS,
+PCRE_MULTILINE,
+PCRE_DOTALL,
+PCRE_EXTENDED,
+PCRE_ANCHORED,
+PCRE_DOLLAR_ENDONLY,
+PCRE_EXTRA,
+PCRE_NOTBOL,
+PCRE_NOTEOL,
+PCRE_UNGREEDY,
+PCRE_NOTEMPTY,
+PCRE_UTF8,
+PCRE_NO_AUTO_CAPTURE,
+PCRE_NO_UTF8_CHECK,
+PCRE_AUTO_CALLOUT,
+PCRE_PARTIAL,     
+PCRE_DFA_SHORTEST,
+PCRE_DFA_RESTART,
+PCRE_FIRSTLINE,
+PCRE_DUPNAMES,
+PCRE_NEWLINE_CR,
+PCRE_NEWLINE_LF,
+PCRE_NEWLINE_CRLF,
+PCRE_NEWLINE_ANY,
+PCRE_NEWLINE_ANYCRLF,
+PCRE_BSR_ANYCRLF,
+PCRE_BSR_UNICODE
+
+
+<ul>
+<li>TYPE - тип фильтруемых данных. Может содержать одно или
+несколько (список через запятую) значений:
+ <ul>
+ <li>request - содержимое запроса клиента (например строка HTTP GET-запроса).
+(в настоящий момент изменение запроса не приводит к изменению адреса запрашиваемого хоста)
+ <li>cliheader - содержимое заголовков запроса клиента, например заголовки HTTP
+ <li>srvheader - содержимое заголовков ответа сервера, например заголовки HTTP
+ <li>clidata - данные полученные от клиента, например данные POST-запроса
+ <li>srvdata - данные полученные от сервера, например содержимое HTML-страницы
+ </ul>
+<li>FILTER_ACTION - действие при совпадении. Может принимать значение
+ <ul>allow - разрешить данный запрос без просмотра дальнейших правил
+ <li>deny - запретить данный запрос без просмотра дальнейших правил
+ <li>dunno - продолжить анализ правил (полезно для pcre_rewrite) 
+ </ul>
+<li>REGEXP - регулярное выражение в формате PCRE (perl). Используйте * если не
+требуется проерка регулярного выражения.
+<li>REWRITE_EXPRESSION - строка замены. Может содержать макроподстановки
+(не тестировалось) $1, $2 и т.д. аналогично perl. $0 - полная найденная
+подстрока. В строке замены можно использовать сочетания \r, \n для вставки
+новых строк. Строка может быть пустой ("").
+<li>ACE - Список контроля доступа (имя пользователя, IP источника, IP назначения, порт и т.д.),
+полностью аналогичный ACE в командах allow, deny, bandlimin и т.п. Регулярное
+выражение проверяется только при совпадении ACE с запросом. ВНИМАНИЕ:
+использование регулярных выражений не требует авторизации и не заменяет ее.
+Авторизацию необходимо конфигурировать отдельно.
+</ul>
+
+
+<h4>Пример:</h4>
+<pre>
+plugin PCREPlugin.dll pcre_plugin
+pcre request deny "porn|sex" user1,user2,user3 192.168.0.0/16
+pcre srvheader deny "Content-type: application"
+pcre_rewrite clidata,srvdata dunno "porn|sex|pussy" "***" baduser
+pcre_extend deny * 192.168.0.1/16
+</pre>
+
+<h4>Загрузить:</h4>
+<ul>
+ <li>Плагин включен в дистрибутив 3proxy 0.6
+ <li>Пример конфигурации (by Dennis Garber): <A HREF="NoPornLitest.cfg.txt">NoPornLitest.cfg</A>
+</ul>

doc/html/plugins/SSLPlugin.html

@@ -0,0 +1,64 @@
+<h3>3proxy SSL/TLS plugin</h3>
+
+Plugin can be used to transparently decypher SSL/TLS data and TLS encryption for  proxy traffic.
+
+
+
+<h4>For transparent certificate spoofing:</h4>
+
+<br>ssl_mitm - spoof certificates for services started below. Usage without ssl_client_verify is insecure.
+<br>ssl_nomitm - do not spoof certificates for services started below
+
+<h4>To protect traffic to server (https:// proxy) - since 0.9.5 version</h4>
+ssl_serv - require TLS connection for services below
+<br>ssl_noserv - do not require TLS connection for services below
+
+Parameters:
+<br>ssl_server_cert /path/to/cert - Server certificate (should not be selfsigned and must contain Alternative name) for ssl_serv
+<br>ssl_server_key /path/to/key - Server ceritifacte key for ssl_server_cert or generated mitm certificate
+<br>ssl_client_ciphersuites ciphersuites_list - TLS client ciphers for TLS 1.3, e.g. ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
+<br>ssl_server_ciphersuites ciphersuites_list - TLS server ciphers for TLS 1.3
+<br>ssl_client_cipher_list ciphersuites_list - TLS client ciphers for TLS 1.2 and below , e.g. ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+<br>ssl_server_cipher_list ciphersuites_list - TLS server ciphers for TLS 1.2 and below
+<br>ssl_client_min_proto_version tls_version - TLS client min TLS version (e.g. TLSv1.2)
+<br>ssl_server_min_proto_version tls_version - TLS server min TLS version (e.g. TLSv1.2)
+<br>ssl_client_max_proto_version tls_version - TLS client max TLS version (e.g. TLSv1.2)
+<br>ssl_server_max_proto_version tls_version - TLS server max TLS version (e.g. TLSv1.2)
+<br>ssl_client_verify - verify certificate for upstream server in TLS client functionality (used with ssl_mitm)
+<br>ssl_client_no_verify - do not verify certificate for upstream server in TLS client functionality (default)
+<br>ssl_server_ca_file /path/to/cafile - CA certificate file for mitm
+<br>ssl_server_ca_key /path/to/cakey - key for ssl_server_ca_file mitm CA
+<br>ssl_client_ca_file, ssl_client_ca_dir, ssl_client_ca_store - locations for root CAs used with ssl_client_verify for TLS client
+<br>ssl_certcache /path/to/cache/ - location for generated mitm certificates cache, optional, if ssl_server_ca_file / ssl_server_ca_key are configured.
+Cache may contain 3 files: 3proxy.pem - public
+self-signed certificates (used if ssl_server_ca_file is not configured), 
+3proxy.key - key for public certificates, used if ssl_server_ca_keyserver.key is not configured, server.key - this key is used if ssl_server_key is not configured to generates
+spoofed certificates. If server.key is absent, 3proxy.key is used to generate certificates.
+Generated certificates are placed to the same path.
+
+
+<h4>mitm example:</h4>
+<pre>
+plugin /path/to/SslPlugin.dll ssl_plugin
+ssl_server_ca_file /path/to/cafile
+ssl_server_ca_key /path/to/cakey
+ssl_mitm
+proxy -p3128
+ssl_nomitm
+proxy -p3129
+</pre>
+mitm's traffic with spoofed ceritifacate for port 3128 proxy.
+
+<h4>https:// proxy example:</h4>
+<pre>
+plugin /path/to/SSLPlugin.so ssl_plugin
+ssl_server_cert path_to_cert
+ssl_server_key path_to_key
+ssl_serv
+proxy -p33128
+ssl_noserv
+proxy -p3128
+</pre>
+creates https:// proxy on 33128 and http:// proxy on 3128
+
+&copy; Vladimir Dubrovin, License: BSD style

doc/html/plugins/SSLPlugin.ru.html

@@ -0,0 +1,61 @@
+<h3>3proxy SSL/TLS плагин</h3>
+
+Плагин можно использовать для перехвата и дешифровки SSL/TLS трафика и для шифрования трафика прокси-сервера
+
+<h4>Для транспаретной перехватки трафика (mitm):</h4>
+
+<br>ssl_mitm - подменять сертификаты для сервисов стартованных ниже. Не безопасно использовать без ssl_client_verify.
+<br>ssl_nomitm - не подменять сертификаты для сервисов стартованных ниже.
+
+
+<h4>Для защиты трафика прокси-сервера (например https:// proxy) - начиная с 0.9.5</h4>
+ssl_serv - включает TLS для соединений к сервисам ниже
+<br>ssl_noserv - отключает TLS для соединений к сервисам ниже
+
+Параметры:
+<br>ssl_server_cert /path/to/cert - сертификат сервера, не должен быть самоподписаным, имя CN должно содержаться в альтернативных именах - используется для ssl_serv
+<br>ssl_server_key /path/to/key - ключ сертификата сервера для ssl_server_cert или сгенерированного сертификата ssl_mitm
+<br>ssl_client_ciphersuites ciphersuites_list - наборы шифрова TLS для TLS 1.3, пример ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
+<br>ssl_server_ciphersuites ciphersuites_list - наборы шифрова TLS для TLS 1.3
+<br>ssl_client_cipher_list ciphersuites_list - наборы шифрова TLS для TLS 1.2 и ниже, пример ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+<br>ssl_server_cipher_list ciphersuites_list - наборы шифрова TLS для TLS 1.2 и ниже
+<br>ssl_client_min_proto_version tls_version - минимальная версия TLS клиента (например ssl_client_min_proto_version TLSv1.2)
+<br>ssl_server_min_proto_version tls_version - минимальная версия TLS сервера
+<br>ssl_client_max_proto_version tls_version - максимальная версия TLS клиента
+<br>ssl_server_max_proto_version tls_version - максимальная версия TLS сервера
+<br>ssl_client_verify - проверять сертификат сервера назначения (используется с ssl_mitm)
+<br>ssl_client_no_verify - не проверять сертификат сервера назначения
+<br>ssl_server_ca_file /path/to/cafile - CA сертификат для ssl_mitm
+<br>ssl_server_ca_key /path/to/cakey - ключ CA сертификата  ssl_server_ca_file mitm
+<br>ssl_client_ca_file, ssl_client_ca_dir, ssl_client_ca_store - расположения корневых сертификатов ssl_client_verify
+<br>ssl_certcache /path/to/cache/ - расположение кеша сгенерированных сертификатов ssl_mitm. Кеш может содержать
+файлы 3proxy.pem, 3proxy.key server.key, которые используются как ssl_server_ca_file,
+ssl_server_ca_key и ssl_server_key соответственно если они не заданы. Если server.key не задан,
+3proxy.key используется для генерации серверного сертификата.
+
+<h4>Пример mitm:</h4>
+<pre>
+plugin /path/to/SslPlugin.dll ssl_plugin
+ssl_server_ca_file /path/to/cafile
+ssl_server_ca_key /path/to/cakey
+ssl_mitm
+proxy -p3128
+ssl_nomitm
+proxy -p3129
+</pre>
+Перехватывается трафик в прокси на порту 3128
+
+<h4>Пример конфигурации https:// прокси (curl -x https://...):</h4>
+<pre>
+plugin /path/to/SSLPlugin.so ssl_plugin
+ssl_server_cert path_to_cert
+ssl_server_key path_to_key
+ssl_serv
+proxy -p33128
+ssl_noserv
+proxy -p3128
+</pre>
+На порту 33128 создается https:// прокси (не путать с CONNECT прокси aka HTTPS over HTTP прокси), на порту 3128
+создается http:// прокси (может пропуска в т.ч. и HTTPS коннекты)
+
+&copy; Vladimir Dubrovin, License: BSD style

doc/html/plugins/StringsPlugin.html

@@ -0,0 +1,16 @@
+
+<h3>3proxy strings substitution plugin</h3>
+May be used to make interface more pretty or to translate proxy server
+messages to different language. All messages are taken from proxy.c and
+moved to external text file (e.g. rus.3ps). On the moment of
+writing there are 15 sections. Sections are delimited with "[end]".
+<h4>Example:</h4>
+<pre>plugin "StringsPlugin.dll" start c:\3proxy\bin\rus.3ps
+</pre>
+
+<h4>Download:</h4>
+<ul>
+ <li>Plugin is included into 3proxy 0.6 binary and source distribution
+</li></ul>
+
+©Kirill Lopuchov

doc/html/plugins/StringsPlugin.ru.html

@@ -0,0 +1,18 @@
+<h3>Плагин подмены строк 3proxy</h3>
+
+Используется, в частности, для руссификации сообщений выдаваемых 3proxy.
+Для корректной работы требуется 0.6 версия 3proxy. 
+Все сообщения были взяты из proxy.c
+и вынесенны в отдельный файл. Пример файла rus-win1251.3ps.
+Всего 15 секций на момент написания плагина в файле rus-win1251.3ps  каждая секция отделяется строкой "[end]"
+новая строка определяется строкой "\n" 
+
+<h4>Пример:</h4>
+<pre>
+plugin "StringsPlugin.dll" start c:\3proxy\bin\rus-win1251.3ps
+</pre>
+
+<h4>Загрузить:</h4>
+<ul>
+ <li>Плагин включен в дистрибутив 3proxy 0.6
+</ul>

doc/html/plugins/TrafficPlugin.html

@@ -0,0 +1,52 @@
+<h3>3proxy traffic correction plugin</h3>
+3proxy logs and counts traffic on application level, while provider usually does
+it on network or link level. It's significant if you use 3proxy for billing,
+especially in case where network packets are small, e.g. network games.
+<p>
+This plugin attempts to correct 3proxy computations to approximate network or
+link level traffic by using either fixed coefficients by port number or
+attempting to predict number and sizes of network packets.
+</p><h4>Usage:</h4>
+<ol>
+ <li>Extract TrafficPlugin.dll to the same folder with 3proxy executable.
+ </li><li>Start plugin in 3proxy.cfg with 
+<pre>plugin TrafficPlugin.dll start
+</pre>
+ </li><li>Add correction rules:
+<br>
+FOR FIXED COEFFICIENTS MODE:
+<pre>trafcorrect m &lt;service&gt; &lt;target port&gt; &lt;coefficient&gt;
+</pre>
+where &lt;service&gt; - one of proxy, socks4, socks45, socks5, tcppm, udppm, pop3p, * matches "any".
+<br> &lt;target port&gt; - target port, * matches any
+<br> &lt;coefficient&gt; - coefficient to multiply traffic for this port.
+<br>
+FOR PACKET HEADER PREDICTION MODE
+<pre>trafcorrect p &lt;service&gt; &lt;tcp/udp&gt; &lt;target port&gt; [empty packet size]
+</pre>
+tcp ot udp - transport level protocol to apply rule
+<br>
+empty packet size - average size of "empty" packet, that is sum of average network/transport headers.
+You can use network sniffer, such is Ethereal to discover it. Usually packet size
+is 42 for UDP and 
+<br>Modes can be mixed.
+<br>Plugin creates a list of rules, first matching rule will be applied.
+</li></ol>
+For any mode plugin approximates traffic, logged or counted amount is not exact.
+<h4>Example:</h4>
+<pre>plugin "TrafficPlugin.dll" start
+trafcorrect m socks5 6112 4.5
+trafcorrect m socks5 * 1.1
+</pre>
+wrong usage:
+<pre>trafcorrect m socks5 * 1.1
+trafcorrect m socks5 6112 4.5
+</pre>
+second rule will never be applied.
+<h4>Download:</h4>
+<ul>
+ <li>Plugin is included into 3proxy 0.6 binary and source distribution
+</li></ul>
+
+©Maslov Michael aka Flexx(rus)
+	

doc/html/plugins/TrafficPlugin.ru.html

@@ -0,0 +1,69 @@
+<h3>Плагин коррекции траффика 3proxy</h3>
+Как известно, 3proxy считает траффик не сетевой, а прикладной.
+Обычно прикладной траффик немного меньше (примерно на 10%) чем сетевой,
+однако в некоторых случаях, например когда пользователи сети играют в
+игры, сетевой траффик может превысить прикладной в 4-5 раз. Это довольно неприятно,
+так как получается, что они за это не платят.
+<p>
+Происходит это потому, что в каждом посланом пакете есть заголовок+данные. Заголовок
+весит порядка 50-60 байт а количество данных может меняться от 15-20 байт (что характерно для игр)
+до 800-900 байт (у IE). Также количество данных в пакете зависит от загрузки сети,
+удалённости сервера и прочих причин.
+<p>
+Данный плагин может исправить такую ситуацию. Он может умножать счётчик траффика
+при окончании соединения на некоторый коэффициент либо добавлять к данным размеры заголовков пакетов,
+которые прошли по сети.
+<h4>Использование</h4>
+<ol>
+ <li>Извлечь TrafficPlugin.dll в каталог с 3proxy.exe
+ <li>Стартовать плагин в 3proxy.cfg
+<pre>
+plugin TrafficPlugin.dll start
+</pre>
+ <li>Добавить правила:
+<br>
+ДЛЯ РЕЖИМА ДОМНОЖЕНИЯ ТРАФФИКА НА ЧИСЛО:
+<pre>
+trafcorrect m &lt;сервис&gt; &lt;исходящий порт&gt; &lt;коэффициент&gt;
+</pre>
+где: &lt;сервис&gt; может быть proxy, socks4, socks45, socks5, tcppm, udppm, pop3p
+           если сервис указан неверно то считается, что это может быть любой сервис.
+	   можно использовать *, тогда правило будет считаться для любого сервиса.
+<br>     &lt;исходящий порт&gt; - порт, к которому подключается прокси сервер. * - любой
+	 &lt;коэффициент&gt; - число на каоторое домнажается траффик. Обязательный параметр.
+	 Должен быть от больше 0 и меньше 100
+<br>
+ДЛЯ РЕЖИМА С УЧЁТОМ РАЗМЕРА ЗАГОЛОВКОВ ПАКЕТОВ:
+<pre>
+trafcorrect p &lt;сервис&gt; &lt;tcp/udp&gt; &lt;исходящий порт&gt; [размер пустого пакета]
+</pre>
+	 &lt;tcp/udp&gt; - протокол, по которому осуществляется соединение.
+	 [размер пакета] - средний размер пустого пакета. Можно определить захватив
+данные при помощи такой утилиты как Ethereal. Параметр необязателен. Если отсутствует,
+то размер пакета будет считаться равным 66 байт.
+<br>Режимы можно смешивать.
+Следует учитывать, что плугин создаёт список всех правил изменения траффика.
+Когда происходит окончание соединения выполняется первое подходящее правило.
+</ol>
+Подсчет трафика в любом режиме не является точным, это некоторая аппроксимация
+позволяющаяподсчитать трафик с точностью до нескольких процентов.
+
+<h4>Пример:</h4>
+<pre>
+plugin "TrafficPlugin.dll" start
+trafcorrect m socks5 6112 4.5
+trafcorrect m socks5 * 1.1
+</pre>
+следующее неверно:
+<pre>
+plugin "TrafficPlugin.dll" start
+trafcorrect m socks5 * 1.1
+trafcorrect m socks5 6112 4.5
+</pre>
+Вторая строчка выполнена никогда не будет, т.к. правило 1 содержит *.
+
+
+<h4>Загрузить:</h4>
+<ul>
+ <li>Плагин включен в дистрибутив 3proxy 0.6
+</ul>

doc/html/plugins/TransparentPlugin.html

@@ -0,0 +1,31 @@
+<h3>3proxy TransparentPlugin plugin (Linux/BSD only)</h3>
+
+Plugin can turn 3proxy into transparent proxy for virtually any TCP-based protocol
+and use all 3proxy features - redirections, parent proxies, ACLs, traffic limitations,
+etc. TransparentPlugin plugin takes destination IP:port from Linux and uses this
+information as a target IP in proxy. An example of usage:
+
+<pre>
+plugin /path/to/TransparentPlugin.ld.so transparent_plugin
+log /path/to/log
+auth iponly
+allow * * * 80
+parent 1000 http 0.0.0.0 0
+allow *
+parent 1000 socks5 SOCKS5_IP SOCKS5_PORT USER PASSWORD
+transparent
+tcppm -iLOCAL_IP 12345 127.0.0.1 11111
+notransparent
+proxy
+</pre>
+Now, any TCP traffic transparently redirected to port 12345 will be routed via
+parent SOCKSv5 proxy and logged, all URLs for web requests are visible in logs.
+Paremeters '127.0.0.1 11111' in this case are not used and are overwritten by
+destination IP:port for each transparent connection.
+
+<h4>Download:</h4>
+<ul>
+ <li>Plugin included into 3proxy 0.8
+</ul>
+
+&copy; Vladimir Dubrovin, License: BSD style

doc/html/plugins/TransparentPlugin.ru.html

@@ -0,0 +1,33 @@
+<h3>Плагин TransparentPlugin 3proxy (только для Linux/BSD)</h3>
+
+Плагин превращает 3proxy в транспарентный прокси для практически любых TCP-соединений
+и позволяет прозрачно для клиентов использовать весь фунционал прокси - редиректоры,
+родительские прокси, ACLи, ограничения трафика. TransparentPlugin получает IP:port
+назначения от Linux  и использует эту информацию в качестве конечного адреса назначения.
+<br>
+Пример использования:
+
+<pre>
+plugin /path/to/TransparentPlugin.ld.so transparent_plugin
+log /path/to/log
+auth iponly
+allow * * * 80
+parent 1000 http 0.0.0.0 0
+allow *
+parent 1000 socks5 SOCKS5_IP SOCKS5_PORT USER PASSWORD
+transparent
+tcppm -iLOCAL_IP 12345 127.0.0.1 11111
+notransparent
+proxy
+</pre>
+Теперь любые TCP-соединения транспарентно перенаправленные в локальный порт 12345 
+будут прологгированы и перенаправлены в родительский SOCKSv5 proxy, при этом для
+HTTP-запросов по порту TCP/80 будут видны параметры HTTP-запроса.
+Параметры '127.0.0.1 11111' в данном случае не оказывают влияния, т.к.
+будут перезаписываться IP и портом назначения для каждого TCP-соединения соответственно.
+<h4>Загрузить:</h4>
+<ul>
+ <li>Плагин включен в дистрибутив 3proxy 0.8
+</ul>
+
+&copy; Vladimir Dubrovin, License: BSD style

doc/html/plugins/WindowsAuthentication.html

@@ -0,0 +1,33 @@
+
+<h3>3proxy Windows Authentication plugin</h3>
+Support for cleartext authentication against Windows domain or local Windows account.
+<h4>Usage:</h4>
+<ol>
+ <li>Extract WindowsAuthentication.dll to the same folder with 3proxy executable.
+ <li>Create 3ProxyAllowedGroup - Windows system group allowed to use proxy.
+ You can choose different group name. Group can be either local or
+ Active Directory. Every account allowed to use 3proxy must be included in this
+ group either directly or through group nesting.
+ <li>Configure plugin with 'plugin' command in 3proxy.cfg, e.g.:
+<pre><code>
+plugin &quot;WindowsAuthentication.dll&quot; WindowsAuthentication &quot;3ProxyAllowedGroup&quot;
+</code></pre>
+<br>WindowsAuthentication.dll - location of DLL, if DLL is located in different folder
+from 3proxy.exe you must specify complete path to DLL here. 3ProxyAllowedGroup - Windows
+system group allowed to use 3proxy.
+After plugin is loaded, 'windows' authentication type is supported.
+
+ <li>Configure 'auth windows' for services that require Windows authentication.
+ <li>It's recommended you also configure authentication caching (see 'authcache'),
+ to prevent excessive workload for domain controller. Example:
+<pre>
+ authcache user,pass 900
+ auth cache windows
+</pre>
+
+ <li>NTLM authentication is not currently supported for plugins, you should use proxy -n key to disable it.
+</ol>
+<h4>Download:</h4>
+<ul>
+ <li>Plugin is included into 3proxy 0.6 binary and source distribution
+</ul>

doc/html/plugins/WindowsAuthentication.ru.html

@@ -0,0 +1,35 @@
+<h3>Плагин аутентификации Windows для 3proxy</h3>
+Поддерживается только аутентификация открытым текстом в домене или на локальной машине Windows.
+<h4>Использование</h4>
+<ol>
+ <li>Извлечь WindowsAuthentication.dll в каталог с 3proxy.exe
+ <li>Создать 3ProxyAllowedGroup - системная группа Windows, которой разрешено использование прокси. Ее необходимо создать (можно
+использовать группу с другим именем, см. ниже). Учетные записи пользователей, которым разрешен доступ к прокси
+должны быть включены в группу непосредственно или посредством включения их групп. Группа может быть как локальной, так и в
+ActiveDirectory.
+ <li>В файле конфигурации загрузить dll с помощью команды plugin:
+<br>plugin &quot;WindowsAuthentication.dll&quot; WindowsAuthentication &quot;3ProxyAllowedGroup&quot;
+<br>Если DLL находится в другом каталоге, то вместо &quot;WindowsAuthentication.dll&quot;
+необходимо указать полный путь к DLL. 3ProxyAllowedGroup - название системной группы,
+которой разрешен доступ к прокси.
+ <li>Плагин добавляет новый тип аутентификации - windows. Т.е. для использования
+ Windows-аутентификации надо дать команду
+<pre>
+auth windows
+</pre>
+ <li>Не рекомендуется использовать данный плагин без кэширования
+ аутентификации (authcache), т.к. это приведет к увеличению нагрузки на
+ сервер/контроллер домена. Пример:
+<pre>
+ authcache user,pass 900
+ auth cache windows
+</pre>
+
+ <li>В настоящее время не поддерживается NTLM-аутентификация для плагинов,
+поэтому необходимо запускать proxy с ключиком -n.
+</ol>
+<h4>Загрузить:</h4>
+<ul>
+ <li>Плагин включен в дистрибутив 3proxy 0.6
+</ul>
+

doc/html/securityen.html

@@ -1,10 +1,10 @@
 <h3>3proxy security considirations</h3>
 </ul>
-<ol>
+<ul>
 <li>Never install 3proxy suid. If you need it to run suid write some
 wrapper with fixed configuration file.
 <li>Make configuration file only available to account 3proxy starts with.
-<li>Under Windows NT/2000/XP/2003 if 3proxy is used as service create new
+<li>Under Windows if 3proxy is used as service create new
 unprivileged local account without "logon locally" right. Assign this account
 to 3proxy service.
 <li>Under unix use chroot to jail 3proxy (make sure files included in
@@ -20,9 +20,8 @@ authentication method is currently available.
 <li>Always limit connections to internal network and localhost (to 127.0.0.1 and
 all interfaces) with ACLs. Be carefull, because BIND command in SOCKS requies
 BIND method with external interface IP address to be allowed.
-<li> Always use nserver and nscache under Unix, overwise DoS attack is possible
+<li> Before 3proxy 0.8 always use nserver and nscache under Unix, overwise DoS attack is possible
 with unreachable DNS server (because gethostbyname will block over threads).
-<li>Remember, that 'nbname' authentication is not reliable and can be spoofed.
 <li>Keep logs in secure location, because some confidential information from
 user's request can be logged.
 <li>Use -xyz+A character filtering sequences for 'logformat', especially with
@@ -31,7 +30,6 @@ ODBC logging to prevent SQL and log record injections.
 <li>Participate in code audit :)
 </ol>
  
-</ol>
+</ul>
 <p>
 
-<pre>$Id: securityen.html,v 1.4 2007/05/07 09:16:51 vlad Exp $</pre>

doc/ru/example1.txt

@@ -96,4 +96,3 @@ setuid 65534
 đĎÓĚĹ ÔĎÇĎ ËÁË ÍŮ ÓĎÚÄÁĚÉ ËĎÎĆÉÇŐŇÁĂÉĎÎÎŮĘ ĆÁĘĚ ÓĹŇ×ĹŇÁ, ÚÁĐŐÓËÁĹÍ 3proxy ËĎÍÁÎÄĎĘ:
 /usr/local/3proxy/3proxy /usr/local/3proxy/3proxy.cfg
 
-$Id: example1.txt,v 1.7 2007/04/20 19:58:42 vlad Exp $

doc/ru/iodbc.txt

@@ -98,4 +98,3 @@ LIBS = -L /usr/local/lib -lodbc
 make clean
 make -f Makefile.unix
 
-$Id: iodbc.txt,v 1.3 2006/02/08 17:59:07 vlad Exp $

man/3proxy.8

@@ -1,4 +1,4 @@
-.TH 3proxy "8" "July 2009" "3proxy 0.7" "Universal proxy server"
+.TH 3proxy "8" "January 2019" "3proxy 0.9" "Universal proxy server"
 .SH NAME
 .B 3proxy
 \- 3[APA3A] tiny proxy server, or trivial proxy server, or free proxy
@@ -138,16 +138,14 @@ wget to automate this task.
 configuration file
 .SH BUGS
 Report all bugs to
-.BR 3proxy@security.nnov.ru
+.BR 3proxy@3proxy.org
 .SH SEE ALSO
 3proxy.cfg(3), proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8),
 kill(1), syslogd(8),
 .br
-http://3proxy.ru/
+https://3proxy.org/
 .SH TRIVIA
 3APA3A is pronounced as \`\`zaraza\'\'.
 .SH AUTHORS
-3proxy is designed by 3APA3A
-.RI ( 3APA3A@security.nnov.ru ),
-Vladimir Dubrovin
-.RI ( vlad@sandy.ru )
+3proxy is designed by Vladimir 3APA3A Dubrovin
+.RI ( 3proxy@3proxy.org )

man/ftppr.8

@@ -1,4 +1,4 @@
-.TH ftppr "8" "July 2009" "3proxy 0.7" "Universal proxy server"
+.TH ftppr "8" "January 2019" "3proxy 0.9" "Universal proxy server"
 .SH NAME
 .B ftppr
 \- FTP proxy gateway service
@@ -51,6 +51,10 @@ is specified logging is to file. Under Unix, if
 preceeds
 .IR logfile ,
 syslog is used for logging.
+.TP
+.B -S
+Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
+crashes.
 .SH CLIENTS
 You can use any FTP client, regardless of FTP proxy support. For client with
 FTP proxy support configure
@@ -73,13 +77,11 @@ is user\'s login on this FTP server. Login itself may contain \'@\' sign.
 Only cleartext authentication is currently supported.
 .SH BUGS
 Report all bugs to
-.BR 3proxy@security.nnov.ru
+.BR 3proxy@3proxy.org
 .SH SEE ALSO
 3proxy(8), proxy(8), pop3p(8), socks(8), tcppm(8), udppm(8), syslogd(8),
 .br
-http://3proxy.ru/
+https://3proxy.org/
 .SH AUTHORS
-3proxy is designed by 3APA3A
-.RI ( 3APA3A@security.nnov.ru ),
-Vladimir Dubrovin
-.RI ( vlad@sandy.ru )
+3proxy is designed by Vladimir 3APA3A Dubrovin
+.RI ( 3proxy@3proxy.org )

man/icqpr.8

@@ -1,78 +0,0 @@
-.TH icqpr "8" "July 2009" "3proxy 0.7" "Universal proxy server"
-.SH NAME
-.B icqpr
-\- ICQ (AOL OSCAR) proxy
-.SH SYNOPSIS
-.BR "icqpr " [ -d ]
-.IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
-.IB \fR[ -i internal_ip\fR]
-.IB \fR[ -e external_ip\fR]
-.I local_port remote_host remote_port
-.SH DESCRIPTION
-.B icqpr
-forwards ICQ connections from local to remote ICQ host. Most usual is
-.B icqpr 5190 login.icq.com 5190
-Also, icqpr adds UIN / AOL screen name as a username. It makes it possible
-to control user's access to ICQ/AOL by UIN/screen name (use
-.B auth useronly
-in 3proxy).
-.SH OPTIONS
-.TP
-.B -I
-Inetd mode. Standalone service only.
-.TP
-.B -d
-Daemonise. Detach service from console and run in the background.
-.TP
-.B -t
-Be silenT. Do not log start/stop/accept error records.
-.TP
-.B -e
-External address. IP address of interface proxy should initiate connections
-from. 
-By default system will deside which address to use in accordance
-with routing table.
-.TP
-.B -i
-Internal address. IP address proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
-.TP
-.B -l
-Log. By default logging is to stdout. If
-.I logfile
-is specified logging is to file. Under Unix, if
-.RI \' @ \'
-preceeds
-.IR logfile ,
-syslog is used for logging.
-.SH ARGUMENTS
-.TP
-.I local_port
-- port icqpr accepts connection
-.TP
-.I remote_host
-- IP address of the host connection is forwarded to
-.TP
-.I remote_port
-- remote port connection is forwarded to
-.SH CLIENTS
-You can use any ICQ/AOL client where server address configuration is supported
-or spoof login server name (e.g. login.icq.com) with IP address of proxy server
-via DNS record or hosts file. Transparent redirection is also possible. Use
-.I internal_ip
-and
-.I local_port
-as a destination in client application. Connection is forwarded to
-.IR remote_host : remote_port
-.SH BUGS
-Report all bugs to
-.BR 3proxy@security.nnov.ru
-.SH SEE ALSO
-3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), udppm(8), syslogd(8),
-.br
-http://3proxy.ru/
-.SH AUTHORS
-3proxy is designed by 3APA3A
-.RI ( 3APA3A@security.nnov.ru ),
-Vladimir Dubrovin
-.RI ( vlad@sandy.ru )

man/pop3p.8

@@ -1,4 +1,4 @@
-.TH pop3p "8" "July 2009" "3proxy 0.7" "Universal proxy server"
+.TH pop3p "8" "January 2019" "3proxy 0.9" "Universal proxy server"
 .SH NAME
 .B pop3p
 \- POP3 proxy gateway service
@@ -51,6 +51,10 @@ is specified logging is to file. Under Unix, if
 preceeds
 .IR logfile ,
 syslog is used for logging.
+.TP
+.B -S
+Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
+crashes.
 .SH CLIENTS
 You can use any MUA (Mail User Agent) with POP3 support. Set client to use
 .I internal_ip
@@ -69,13 +73,11 @@ authentication (APOP, CRAM-MD5, etc) requires challenge from server before
 we know which server to connect.
 .SH BUGS
 Report all bugs to
-.BR 3proxy@security.nnov.ru
+.BR 3proxy@3proxy.org
 .SH SEE ALSO
 3proxy(8), ftppr(8), proxy(8), socks(8), tcppm(8), udppm(8), syslogd(8),
 .br
-http://3proxy.ru/
+https://3proxy.org/
 .SH AUTHORS
-3proxy is designed by 3APA3A
-.RI ( 3APA3A@security.nnov.ru ),
-Vladimir Dubrovin
-.RI ( vlad@sandy.ru )
+3proxy is designed by Vladimir 3APA3A Dubrovin
+.RI ( 3proxy@3proxy.org )

man/proxy.8

@@ -1,4 +1,4 @@
-.TH proxy "8" "July 2009" "3proxy 0.7" "Universal proxy server"
+.TH proxy "8" "January 2019" "3proxy 0.9" "Universal proxy server"
 .SH NAME
 .B proxy
 \- HTTP proxy gateway service
@@ -52,6 +52,10 @@ is specified logging is to file. Under Unix, if
 preceeds
 .IR logfile ,
 syslog is used for logging.
+.TP
+.B -S
+Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
+crashes.
 .SH CLIENTS
 You should use client with HTTP proxy support or configure router to redirect
 HTTP traffic to proxy (transparent proxy). Configure client to connect to
@@ -64,13 +68,11 @@ limit clients, use
 instead.
 .SH BUGS
 Report all bugs to
-.BR 3proxy@security.nnov.ru
+.BR 3proxy@3proxy.org
 .SH SEE ALSO
 3proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8), syslogd(8),
 .br
-http://3proxy.ru/
+https://3proxy.org/
 .SH AUTHORS
-3proxy is designed by 3APA3A
-.RI ( 3APA3A@security.nnov.ru ),
-Vladimir Dubrovin
-.RI ( vlad@sandy.ru )
+3proxy is designed by Vladimir 3APA3A Dubrovin
+.RI ( 3proxy@3proxy.org )

man/smtpp.8

@@ -1,4 +1,4 @@
-.TH smtpp "8" "July 2009" "3proxy 0.7" "Universal proxy server"
+.TH smtpp "8" "January 2019" "3proxy 0.9" "Universal proxy server"
 .SH NAME
 .B smtpp
 \- SMTP proxy gateway service
@@ -51,6 +51,10 @@ is specified logging is to file. Under Unix, if
 preceeds
 .IR logfile ,
 syslog is used for logging.
+.TP
+.B -S
+Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
+crashes.
 .SH CLIENTS
 You can use any MUA (Mail User Agent) with SMTP authentication support.
 Set client to use
@@ -70,13 +74,11 @@ authentication (CRAM-MD5, SPA, etc) requires challenge from server before
 we know which server to connect.
 .SH BUGS
 Report all bugs to
-.BR 3proxy@security.nnov.ru
+.BR 3proxy@3proxy.org
 .SH SEE ALSO
 3proxy(8), ftppr(8), proxy(8), socks(8), tcppm(8), udppm(8), syslogd(8),
 .br
-http://3proxy.ru/
+https://3proxy.org/
 .SH AUTHORS
-3proxy is designed by 3APA3A
-.RI ( 3APA3A@security.nnov.ru ),
-Vladimir Dubrovin
-.RI ( vlad@sandy.ru )
+3proxy is designed by Vladimir 3APA3A Dubrovin
+.RI ( 3proxy@3proxy.org )

man/socks.8

@@ -1,4 +1,4 @@
-.TH socks "8" "July 2009" "3proxy 0.7" "Universal proxy server"
+.TH socks "8" "January 2019" "3proxy 0.9" "Universal proxy server"
 .SH NAME
 .B socks
 \- SOCKS 4/4.5/5 gateway service
@@ -33,6 +33,11 @@ from. External IP must be specified if you need incoming connections.
 By default system will deside which address to use in accordance
 with routing table.
 .TP
+.B -N
+External NAT address 3proxy reports to client for BIND and UDPASSOC
+By default external address is reported. It's only useful in the case
+of IP-IP NAT (will not work for PAT)
+.TP
 .B -i
 Internal address. IP address proxy accepts connections to.
 By default connection to any interface is accepted. It\'s usually unsafe.
@@ -48,6 +53,10 @@ is specified logging is to file. Under Unix, if
 preceeds
 .IR logfile ,
 syslog is used for logging.
+.TP
+.B -S
+Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
+crashes.
 .SH CLIENTS
 You should use client with SOCKS support or use some socksification support
 (for example
@@ -65,13 +74,11 @@ sufficient privileges). If you need to control access use
 instead.
 .SH BUGS
 Report all bugs to
-.BR 3proxy@security.nnov.ru
+.BR 3proxy@3proxy.org
 .SH SEE ALSO
 3proxy(8), proxy(8), ftppr(8), pop3p(8), tcppm(8), udppm(8), syslogd(8),
 .br
-http://3proxy.ru/
+https://3proxy.org/
 .SH AUTHORS
-3proxy is designed by 3APA3A
-.RI ( 3APA3A@security.nnov.ru ),
-Vladimir Dubrovin
-.RI ( vlad@sandy.ru )
+3proxy is designed by Vladimir 3APA3A Dubrovin
+.RI ( 3proxy@3proxy.org )

man/tcppm.8

@@ -1,4 +1,4 @@
-.TH tcppm "8" "July 2009" "3proxy 0.7" "Universal proxy server"
+.TH tcppm "8" "January 2019" "3proxy 0.9" "Universal proxy server"
 .SH NAME
 .B tcppm
 \- TCP port mapper
@@ -40,6 +40,10 @@ is specified logging is to file. Under Unix, if
 preceeds
 .IR logfile ,
 syslog is used for logging.
+.TP
+.B -S
+Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
+crashes.
 .SH ARGUMENTS
 .TP
 .I local_port
@@ -59,13 +63,11 @@ as a destination in client application. Connection is forwarded to
 .IR remote_host : remote_port
 .SH BUGS
 Report all bugs to
-.BR 3proxy@security.nnov.ru
+.BR 3proxy@3proxy.org
 .SH SEE ALSO
 3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), udppm(8), syslogd(8),
 .br
-http://3proxy.ru/
+https://3proxy.org/
 .SH AUTHORS
-3proxy is designed by 3APA3A
-.RI ( 3APA3A@security.nnov.ru ),
-Vladimir Dubrovin
-.RI ( vlad@sandy.ru )
+3proxy is designed by Vladimir 3APA3A Dubrovin
+.RI ( 3proxy@3proxy.org )

man/tlspr.8

@@ -0,0 +1,86 @@
+.TH tlspr "8" "May 2024" "3proxy 0.9" "Universal proxy server"
+.SH NAME
+.B tlspr
+\- SNI proxy gateway service
+.SH SYNOPSIS
+.BR "tlspr " [ -d ][ -a ]
+.IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
+.IB \fR[ -p listening_port\fR]
+.IB \fR[ -P destination_port\fR]
+.IB \fR[ -c tls_check_level\fR]
+.IB \fR[ -i internal_ip\fR]
+.IB \fR[ -e external_ip\fR]
+.SH DESCRIPTION
+.B proxy
+is SNI gateway service (destination host is taken from TLS handshake). Destination port must be specified via -P option (or it may be detected with Transparent plugin).
+.SH OPTIONS
+.TP
+.B -I
+Inetd mode. Standalone service only.
+.TP
+.B -d
+Daemonise. Detach service from console and run in the background.
+.TP
+.B -t
+Be silenT. Do not log start/stop/accept error records.
+.TP
+.B -u
+Never ask for username authentication
+.TP
+.B -e
+External address. IP address of interface proxy should initiate connections
+from. 
+By default system will deside which address to use in accordance
+with routing table.
+.TP
+.B -i
+Internal address. IP address proxy accepts connections to.
+By default connection to any interface is accepted. It\'s usually unsafe.
+.TP
+.B -a
+Anonymous. Hide information about client.
+.TP
+.B -a1
+Anonymous. Show fake information about client.
+.TP
+.B -p
+listening_port. Port proxy listens for incoming connections. Default is 1443.
+.TP
+.B -P
+destination_port. Port to establish outgoing connections. One is required unless Transparent plugin is not used because TLS handshake does not contain port information. Default is 443.
+.TP
+.B -c
+TLS_CHECK_LEVEL. 0 (default) - allow non-TLS traffic to pass, 1 - require TLS, only check client HELLO packet, 2 - require TLS, check both client and server HELLO, 3 - require TLS, check server send certificate (not compatible with TLS 1.3), 4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
+.TP
+.B -l
+Log. By default logging is to stdout. If
+.I logfile
+is specified logging is to file. Under Unix, if
+.RI \' @ \'
+preceeds
+.IR logfile ,
+syslog is used for logging.
+.TP
+.B -S
+Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
+crashes.
+.SH CLIENTS
+You should use client with HTTP proxy support or configure router to redirect
+HTTP traffic to proxy (transparent proxy). Configure client to connect to
+.I internal_ip
+and
+.IR port .
+HTTPS support allows to use almost any TCP based protocol. If you need to
+limit clients, use 
+.BR 3proxy (8)
+instead.
+.SH BUGS
+Report all bugs to
+.BR 3proxy@3proxy.org
+.SH SEE ALSO
+3proxy(8), ftppr(8), proxy(8), socks(8), pop3p(8), smtpp(8), tcppm(8), udppm(8), syslogd(8),
+.br
+https://3proxy.org/
+.SH AUTHORS
+3proxy is designed by Vladimir 3APA3A Dubrovin
+.RI ( 3proxy@3proxy.org )

man/udppm.8

@@ -1,4 +1,4 @@
-.TH udppm "8" "July 2009" "3proxy 0.7" "Universal proxy server"
+.TH udppm "8" "January 2019" "3proxy 0.9" "Universal proxy server"
 .SH NAME
 .B udppm
 \- UDP port mapper
@@ -46,6 +46,10 @@ Single packet. By default only one client can use udppm service, but
 if -s is specified only one packet will be forwarded between client and server.
 It allows to share service between multiple clients for single packet services
 (for example name lookups).
+.TP
+.B -S
+Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
+crashes.
 .SH ARGUMENTS
 .TP
 .I local_port
@@ -65,13 +69,11 @@ as a destination in client application. All datagrams are forwarded to
 .IR remote_host : remote_port
 .SH BUGS
 Report all bugs to
-.BR 3proxy@security.nnov.ru
+.BR 3proxy@3proxy.org
 .SH SEE ALSO
 3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), udppm(8), syslogd(8),
 .br
-http://3proxy.ru/
+https://3proxy.org/
 .SH AUTHORS
-3proxy is designed by 3APA3A
-.RI ( 3APA3A@security.nnov.ru ),
-Vladimir Dubrovin
-.RI ( vlad@sandy.ru )
+3proxy is designed by Vladimir 3APA3A Dubrovin
+.RI ( 3proxy@3proxy.org )

rus.3ps

@@ -0,0 +1,256 @@
+[--admin--]
+HTTP/1.0 401 Authentication Required\n
+WWW-Authenticate: Basic realm="proxy", encoding="utf-8"\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>401 Authentication Required</title></head>\n
+<body><h2>401 Authentication Required</h2>
+<h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource<br><hr>
+Доступ запрещен администратором или Вы ввели неправильное имя/пароль.
+</h3></body></html>\n
+[end]
+HTTP/1.0 200 OK\n
+Connection: close\n
+Expires: Thu, 01 Dec 1994 16:00:00 GMT\n
+Cache-Control: no-cache\n
+Content-type: text/html; charset=utf-8\n
+\n
+<http><head><title>%s Страница конфигурации</title></head>\n
+<table width='100%%' border='0'>\n
+<tr><td width='150' valign='top'>\n
+<h2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</h2>\n
+<A HREF='/C'>Счетчики</A><br><br>\n
+<A HREF='/R'>Перезагрузка конфигурации сервера</A><br><br>\n
+<A HREF='/S'>Запущенные сервисы</A><br><br>\n
+<A HREF='/F'>Настройка сервера</A>\n
+</td><td>
+<h2>%s %s Конфигурация</h2>
+[end]
+HTTP/1.0 200 OK\n
+Connection: close\n
+Cache-Control: no-cache\n
+Content-type: text/xml; charset=utf-8 \n
+\n
+<?xml version="1.0"?>\n
+<?xml-stylesheet href="/SX" type="text/css"?>\n
+<services>\n
+<description>Текущие запущенные сервисы и подключившиеся клиенты</description>\n
+[end]
+</services>\n
+[end]
+HTTP/1.0 200 OK\n
+Connection: close\n
+Cache-Control: no-cache\n
+Content-type: text/css\n
+\n
+services {\n
+	display: block;\n
+	margin: 10px auto 10px auto;\n
+	width: 80%;\n
+	background: black;\n"
+	font-family: sans-serif;\n
+	font-size: small;\n
+	color: silver;\n
+	}\n
+item {\n
+	display: block;\n
+	margin-bottom: 10px;\n
+	border: 2px solid #CCC;\n
+	padding: 10px;\n
+	spacing: 2px;\n
+	}\n
+parameter {\n
+	display: block;\n
+	padding: 2px;\n
+	margin-top: 10px;\n
+	border: 1px solid grey;\n
+	background: #EEE;\n
+	color: black;\n
+	}\n
+name {\n
+	display: inline;\n
+	float: left;\n
+	margin-right: 5px;\n
+	font-weight: bold;\n
+	}\n
+type {\n
+	display: inline;\n
+	font-size: x-small;\n
+	margin-right: 5px;\n
+	color: #666;\n
+	white-space: nowrap;\n
+	font-style: italic;\n
+	}\n
+description {\n
+	display: inline;\n
+	margin-right: 5px;\n
+	white-space: nowrap;\n
+	}\n
+value {\n
+	display: block;\n
+	margin-right: 5px;\n
+	}\n
+[end]
+<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />\n
+<pre><font size='-2'><b>
+(c)3APA3A, Владимир Дубровин и <A href='https://3proxy.ru/'>3proxy.ru</A>\n
+</b></font>\n
+</td></tr></table></body></html>
+[end]
+<h3>Счетчики</h3>\n
+<table border = '1'>\n
+<tr align='center'><td>Описание</td><td>Активный</td>
+<td>Пользователи</td><td>Адрес источника</td><td>Адрес назначения</td>
+<td>Порты</td>
+<td>Лимит</td><td>Ед.</td><td>Значение</td>
+<td>Дата сброса</td><td>Дата обновения</td><td>Номер</td></tr>\n
+[end]
+</table>\n
+[end]
+[/--admin--]
+[--proxy--]
+HTTP/1.0 400 Bad Request\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>400 Bad Request</title></head>\n
+<body><h2>400 Bad Request</h2>
+<h2>400 Ошибка: Неправильный запрос.</h2>
+</body>
+</html>\n
+[end]
+HTTP/1.0 502 Bad Gateway\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>502 Bad Gateway</title></head>\n
+<body><h2>502 Bad Gateway</h2><h3>Host Not Found or connection failed <br><hr>
+Ошибка: Удалённый сервер не найден или не удалось связаться с ним.</h3>
+</body></html>\n
+[end]
+HTTP/1.0 503 Service Unavailable\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>503 Service Unavailable</title></head>\n
+<body><h2>503 Service Unavailable</h2><h3>You have exceeded your traffic limit <br><hr> 
+Вы превысили свой лимит трафика.
+</h3></body></html>\n
+[end]
+HTTP/1.0 503 Service Unavailable\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>503 Service Unavailable</title></head>\n
+<body><h2>503 Service Unavailable</h2><h3>Recursion detected<br><hr>
+Ошибка: Сервис не доступен, обнаружена рекурсия
+</h3></body></html>\n
+[end]
+HTTP/1.0 501 Not Implemented\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>501 Not Implemented</title></head>\n
+<body><h2>501 Not Implemented</h2><h3>Required action is not supported by proxy server <br><hr>
+Ошибка: Действие не поддерживается в данном proxy сервере
+</h3></body></html>\n
+[end]
+HTTP/1.0 502 Bad Gateway\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>502 Bad Gateway</title></head>\n
+<body><h2>502 Bad Gateway</h2><h3>Failed to connect parent proxy <br><hr>
+Ошибка: Невозможно соединиться c вышестоящим proxy сервером
+</h3></body></html>\n",
+[end]
+HTTP/1.0 500 Internal Error\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>500 Internal Error</title></head>\n
+<body><h2>500 Internal Error</h2><h3>Internal proxy error during processing your request <br><hr>
+Ошибка: Возникла внутренняя ошибка proxy сервера при обработке вашего запроса
+</h3></body></html>\n
+[end]
+HTTP/1.0 407 Proxy Authentication Required\n
+Proxy-Authenticate: Basic realm="proxy", encoding="utf-8"\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>407 Proxy Authentication Required</title></head>\n
+<body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource.<br><hr>
+Доступ запрещен администратором или Вы ввели неправильное имя/пароль.
+</h3></body></html>\n
+[end]
+HTTP/1.0 200 Connection established\n\n
+[end]
+HTTP/1.0 200 Connection established\n
+Content-Type: text/html\n\n
+[end]
+HTTP/1.0 404 Not Found\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>404 Not Found</title></head>\n
+<body><h2>404 Not Found</h2><h3>File not found <br><hr>
+Файл не найден
+</h3></body></html>\n
+[end]	
+HTTP/1.0 403 Forbidden\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>403 Access Denied</title></head>\n
+<body><h2>403 Access Denied</h2><h3>Access control list denies you to access this resource.<br><hr>
+Доступ к данному ресурсу запрещен списком доступа на proxy сервер. 
+Если Вы считаете, что это ошибка обратитесь к администратору
+</h3></body></html>\n
+[end]
+HTTP/1.0 407 Proxy Authentication Required\n
+Proxy-Authenticate: NTLM\n
+Proxy-Authenticate: basic realm="proxy", encoding="utf-8"\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>407 Proxy Authentication Required</title></head>\n
+<body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource.<br><hr>
+Доступ запрещен администратором или Вы ввели неправильное имя/пароль.
+</h3></body></html>\n
+[end]
+HTTP/1.0 407 Proxy Authentication Required\n
+Connection: keep-alive\n
+Content-Length: 0\n
+Proxy-Authenticate: NTLM 
+[end]
+HTTP/1.0 403 Forbidden\n
+Connection: close\n
+Content-type: text/html; charset=us-ascii\n
+\n
+<pre>
+[end]
+HTTP/1.0 503 Service Unavailable\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>503 Service Unavailable</title></head>\n
+<body><h2>503 Service Unavailable</h2><h3>Your request violates configured policy<br><hr>
+Запрос не сответствует сконфигурированной политике.
+</h3></body></html>\n
+[end]
+HTTP/1.0 401 Authentication Required\n
+WWW-Authenticate: basic realm="FTP Server", encoding="utf-8"\n
+Connection: close\n
+Content-type: text/html; charset=utf-8\n
+\n
+<html><head><title>401 FTP Server requires authentication</title></head>\n
+<body><h2>401 FTP Server requires authentication</h2><h3>This FTP server rejects anonymous access<br><hr>
+Этот  FTP  сервер отвергает анонимный доступ.
+</h3></body></html>\n
+[end]
+HTTP/1.1 100 Continue\n
+\n
+[end]
+[/--proxy--]

scripts/3proxy-linux-install.sh

@@ -0,0 +1,985 @@
+#!/bin/bash
+# 3proxy build and install script for Debian Linux 
+# Release 2.0 at 29.12.2016
+# (с) Evgeniy Solovyev 
+# mail-to: eugen-soloviov@yandex.ru
+
+ScriptPath=""
+Src3proxyDirPath=""
+ScriptName=""
+ScriptFullName=""
+SourceRoot=""
+
+ResourcesData=""
+
+
+ProxyVersion=""
+LasestProxyVersion=""
+LasestProxyVersionLink=""
+UseSudo=0
+PacketFiles=""
+NeedSourceUpdate=0
+
+
+main()
+{
+	local msgNewVersion
+	local msgInsertYorN
+	
+	VarsInit
+	LoadResources
+	CheckRunConditions
+	
+	if [ $UseSudo == 1 ]
+	then
+		sudo bash "${0}"
+		exit $?
+	fi
+	
+	CheckLocation
+	GetLasestVersionInfo
+	
+	SourceDownloadOrUpdate
+	
+	cd "${SourceRoot}"
+	
+	Build3Proxy
+	BinInstall
+	ManInstall
+	CreateLogDir
+	CopyConfig
+	SetInit
+	Pack3proxyFiles
+}
+
+VarsInit()
+{
+	cd `dirname $0`
+	ScriptPath="${PWD}"
+	ScriptName=`basename $0`
+	ScriptFullName="${ScriptPath}/${ScriptName}"
+}
+
+CheckLocation()
+{
+	Src3proxyDirPath="${ScriptPath}"
+	
+	if echo ${ScriptPath} | grep -e "/scripts$"
+	then
+		if [ -e "../src/version.h" ]
+		then
+			ProxyVersion=`cat "../src/version.h" | awk '/VERSION/ { gsub("\"", "\n"); print; exit }' | grep "3proxy"`
+			cd ../
+			SourceRoot="${PWD}"
+			cd ../
+			Src3proxyDirPath="${PWD}"
+			cd "${ScriptPath}"
+		fi
+	fi
+}
+
+GetLasestVersionInfo()
+{
+	local Githublink
+	local msg
+	
+	Githublink=`wget https://github.com/3proxy/3proxy/releases/latest -O /dev/stdout |
+	awk '/<a.+href=.+\.tar\.gz/ { gsub("\"", "\n"); print; exit }' |
+	grep -e ".tar.gz"`
+	if [ $? != 0 ]
+	then
+		msg=`GetResource "msgInternetConnectionError"`
+		echo -e "${msg}"
+		exit 255
+	fi
+	
+	LasestProxyVersionLink="https://github.com${Githublink}"
+
+	LasestProxyVersion=`basename "${Githublink}" | awk 'gsub(".tar.gz", "") { print "3proxy-" $0 }'`
+}
+
+CheckRunConditions()
+{
+	local UserName
+	local answer
+	local msg
+	local msgContinueWork
+	local msgInsertYorN
+	
+	UserName=`whoami`
+	
+	if [  $UID != 0 ]
+	then
+		if [ `CheckPacketInstall "sudo"` == 0 ]
+		then
+			msg=`GetResource "msgSudoNotInstalled"`
+			echo -e "${msg}"
+			exit 255
+		fi
+		
+		UseSudo=1
+		
+		if [ -z `cat /etc/group | grep -e "^sudo" | grep "${UserName}"`  ]
+		then
+			msg=`GetResource "msgUserNotMemberOfSudoGroup"`
+			echo -e "${msg}"
+			exit 255
+		fi
+		
+		if [ `env | grep -e ^http_proxy` != "" ]
+		then
+			msg=`GetResource "msgSystemUseProxy"`
+			echo -e "${msg}"
+			
+			msgContinueWork=`GetResource "msgDoYouWishContinue"`
+			msgInsertYorN=`GetResource "msgPleaseInsertYorN"`
+			
+			while true; do
+				read -s -n1 -p "${msgContinueWork}" answer
+				case $answer in
+					[Yy]* ) echo -ne "\n";break;;
+					[Nn]* ) echo -ne "\n"; sleep 0; exit 0;;
+					* ) echo -e "${msgInsertYorN}";;
+				esac
+			done
+		
+		fi
+	fi
+	
+}
+
+DonwnloadSource()
+{
+	if [ ! -e "${Src3proxyDirPath}/${LasestProxyVersion}.tar.gz" ] 
+	then
+		wget "${LasestProxyVersionLink}" -O "${Src3proxyDirPath}/${LasestProxyVersion}.tar.gz"
+	fi
+	
+	ProxyVersion="${LasestProxyVersion}"
+}
+
+UnpackSource()
+{
+	if [ ! -d "${Src3proxyDirPath}/${LasestProxyVersion}" ]
+	then
+		tar -xvf "${Src3proxyDirPath}/${LasestProxyVersion}.tar.gz" -C "${Src3proxyDirPath}"
+	fi
+	
+	SourceRoot="${Src3proxyDirPath}/${LasestProxyVersion}"
+}
+
+SourceDownloadOrUpdate()
+{
+	if [ -z "${ProxyVersion}" ]
+	then
+		NeedSourceUpdate=1
+	else
+		if [ "${ProxyVersion}" != "${LasestProxyVersion}" ]
+		then
+			msgNewVersion=`GetResource "msgNewVersion"`
+			msgInsertYorN=`GetResource "msgPleaseInsertYorN"`
+			
+			echo -ne "\a"
+			
+			while true; do
+				read -s -n1 -p "${msgNewVersion}" answer
+				case $answer in
+					[Yy]* ) echo -ne "\n"; NeedSourceUpdate=1; sleep 0; break;;
+					[Nn]* ) echo -ne "\n"; NeedSourceUpdate=0; sleep 0; break;;
+					* ) echo -e "${msgInsertYorN}";;
+				esac
+			done
+		fi
+	fi
+	
+	if [ $NeedSourceUpdate == 1 ]
+	then
+		DonwnloadSource
+		UnpackSource
+	fi
+}
+
+Build3Proxy()
+{
+	local msg
+	
+	if [ `CheckPacketInstall "build-essential"` == 0 ]
+	then
+		apt-get -y install build-essential
+	fi
+	
+	if [ `CheckPacketInstall "build-essential"` == 0 ]
+	then
+		msg=`GetResource "msgBuildEssentialNotInstalled"`
+		echo -e "${msg}"
+		
+		exit 255
+	fi
+	
+	make -f Makefile.Linux
+}
+
+
+BinInstall()
+{
+	local binlist
+	local liblist
+	
+	if [! -d bin]
+	then
+		mkdir bin
+	fi
+	
+	cd bin
+	
+	binlist=`ls -l --time-style="+%d.%m.%Y %H:%m" | awk '$1 ~ /x$/ && $1 ~ /^[^d]/ && $8 !~ /\.so$/ { print $8 }'`
+	
+	for file in $binlist
+	do
+		cp -vf "${file}" /usr/bin
+		PacketFiles=`echo -e "${PacketFiles}\n/usr/bin/${file}"`
+	done
+	
+	liblist=`ls -l --time-style="+%d.%m.%Y %H:%m" | awk '$1 ~ /x$/ && $1 ~ /^[^d]/ && $8 ~ /\.so$/ { print $8 }'`
+
+	for file in $liblist
+	do
+		cp -vf "${file}" /usr/lib
+		PacketFiles=`echo -e "${PacketFiles}\n/usr/lib/${file}"`
+	done
+
+	cd ..
+}
+
+ManInstall()
+{
+	local man3list
+	local man8list
+	
+	cd man
+	
+	man3list=`ls -l --time-style="+%d.%m.%Y %H:%m" | awk '$8 ~ /\.3$/ { print $8 }'`
+	gzip -vfk $man3list
+	
+	man3list=`echo "${man3list}" | awk '{ print $1 ".gz" }'`
+	
+	for file in $man3list
+	do
+		mv -vf "${file}" /usr/share/man/man3
+		PacketFiles="${PacketFiles}\n/usr/share/man/man3/${file}" 
+	done
+	
+	man8list=`ls -l --time-style="+%d.%m.%Y %H:%m" | awk '$8 ~ /\.8$/ { print $8 }'`
+	
+	gzip -vfk $man8list
+	
+	man8list=`echo "${man8list}" | awk '{ print $1 ".gz" }'`
+	
+	for file in $man8list
+	do
+		mv -vf "${file}" /usr/share/man/man8
+		PacketFiles=`echo -e "${PacketFiles}\n/usr/share/man/man8/${file}"`
+	done
+	
+	cd ..
+}
+
+
+CreateLogDir()
+{
+	local LogDir
+	LogDir="/var/log/3proxy"
+	
+	if [ ! -d  "${LogDir}" ]
+	then
+		mkdir "${LogDir}"
+	fi
+	
+	chown nobody:nogroup "${LogDir}"
+	chmod 775 "${LogDir}"
+	PacketFiles="${PacketFiles}\n${LogDir}" 
+}
+
+
+CopyConfig()
+{
+	local ConfigDir
+	ConfigDir="/etc/3proxy"
+	
+	if [ ! -d  "${ConfigDir}" ]
+	then
+		mkdir "${ConfigDir}"
+	fi
+	
+	LoadGlobalResource "ConfigFile" > "${ConfigDir}/3proxy.cfg"
+
+	PacketFiles=`echo -e "${PacketFiles}\n${ConfigDir}/3proxy.cfg"`
+}
+
+
+SetInit()
+{
+	LoadGlobalResource "InitScript" > "/etc/init.d/3proxy"
+	chown root:root "/etc/init.d/3proxy"
+	chmod 755 "/etc/init.d/3proxy"
+	
+	PacketFiles=`echo -e "${PacketFiles}\n/etc/init.d/3proxy"`
+	update-rc.d 3proxy defaults
+}
+
+Pack3proxyFiles()
+{
+	local CPU_Arc
+	CPU_Arc=`uname -m`
+	cd ../
+	tar -czPpvf "${ProxyVersion}-${CPU_Arc}.tar.gz" $PacketFiles
+}
+
+LoadResources()
+{
+	local StartRow
+	local EndRow
+	local LngLabel
+	local msgResourceErr="\aError! Script could not find resources!"
+	
+	if env | grep -q 'LANG=ru_RU.UTF-8' 
+	then
+		LngLabel="RU"
+#LngLabel="EN"
+	else
+		LngLabel="EN"
+	fi
+	
+	StartRow=`cat "${ScriptFullName}" | awk "/^#Resources_${LngLabel}/ { print NR; exit}"`
+	
+	if [ -z "${StartRow}" ]
+	then
+		echo -e "${msgResourceErr}"
+		exit 255
+	fi
+	
+	EndRow=`cat "${ScriptFullName}" | awk "NR > ${StartRow} && /^#Resources_${LngLabel}_end/ { print NR; exit}"`
+	
+	if [ -z "${EndRow}" ]
+	then
+		echo -e "${msgResourceErr}"
+		exit 255
+	fi
+	
+	ResourcesData=`cat "${ScriptFullName}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'`
+}
+
+
+# $1 - Name of Resource
+GetResource()
+{
+	local StartRow
+	local EndRow
+	local msgResourceErr="\aError! Script could not find resource \"${1}\"!"
+	
+	StartRow=`echo "${ResourcesData}" | awk "/^#Resource=${1}/ { print NR; exit}"`
+	
+	if [ -z "${StartRow}" ]
+	then
+		echo -e "${msgResourceErr}" > /dev/stderr
+		exit 255
+	fi
+	
+	EndRow=`echo "${ResourcesData}" | awk "NR > ${StartRow} && /^#endResource=${1}/ { print NR; exit}"`
+	
+	if [ -z "${EndRow}" ]
+	then
+		echo -e "${msgResourceErr}" > /dev/stderr
+		exit 255
+	fi
+	
+	echo "${ResourcesData}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'
+}
+
+
+# $1 - Name of Resource
+LoadGlobalResource()
+{
+	local StartRow
+	local EndRow
+	local LngLabel
+	local msgResourceErr="\aError! Script could not find resource \"${1}\"!"
+	
+	
+	StartRow=`cat "${ScriptFullName}" | awk "/^#Resource=${1}/ { print NR; exit}"`
+	
+	if [ -z "${StartRow}" ]
+	then
+		echo -e "${msgResourceErr}" > /dev/stderr
+		exit 255
+	fi
+	
+	EndRow=`cat "${ScriptFullName}" | awk "NR > ${StartRow} && /^#endResource=${1}/ { print NR; exit}"`
+	
+	if [ -z "${EndRow}" ]
+	then
+		echo -e "${msgResourceErr}" > /dev/stderr
+		exit 255
+	fi
+	
+	cat "${ScriptFullName}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'
+}
+
+
+CheckPacketInstall()
+{
+	if [ `dpkg -l ${1} 2>&1 | wc -l` -le 1 ]  
+	then
+		echo 0
+		return
+	fi
+	if [ `dpkg -l ${1} | grep -e ^un | wc -l` == 1 ]
+	then
+		echo 0
+		return
+	fi
+	
+	echo 1
+}
+
+main
+exit 0
+
+#Resources_EN
+
+#Resource=msgSudoNotInstalled
+\aThe script is running under the account a non-privileged user.
+"Sudo" package is not installed in the system.
+The script can not continue, as the execution of operations,
+requiring rights "root" - is not possible!
+Please run the script under the account "root",
+or install and configure "sudo" package!
+#endResource=msgSudoNotInstalled
+
+#Resource=msgUserNotMemberOfSudoGroup
+\aThe script is running under account a non-privileged user.
+The account of the current user is not included in the "sudo" group!
+The script can not continue, as the execution of operations,
+requiring rights "root" - is not possible!
+Please run the script under the account "root",
+or configure "sudo" package!
+#endResource=msgUserNotMemberOfSudoGroup
+
+#Resource=msgSystemUseProxy
+\aAttention! The operating system uses proxy-server.
+For correctly work of package manager "apt" 
+in the file "/etc/sudoers" should be present line:
+Defaults env_keep = "http_proxy https_proxy"
+#endResource=msgSystemUseProxy
+
+#Resource=msgDoYouWishContinue
+Do you wish to the script continued executing? (y/n):
+#endResource=msgDoYouWishContinue
+
+#Resource=msgPleaseInsertYorN
+\a\nPlease insert "y" or "n"!
+#endResource=msgPleaseInsertYorN
+
+#Resource=msgInternetConnectionError
+\aError downloading "https://github.com/z3APA3A/3proxy/releases/latest"!
+Please check the settings of the Internet connection.
+#endResource=msgInternetConnectionError
+
+#Resource=msgNewVersion
+The new version of "3proxy" detected, do you want download it?
+#endResource=msgNewVersion
+
+#Resource=msgBuildEssentialNotInstalled
+\aPackage "build-essential" was not installed.
+The installation can not be continued!
+#endResource=msgBuildEssentialNotInstalled
+
+#Resources_EN_end
+
+#Resources_RU
+
+#Resource=msgSudoNotInstalled
+\aСкрипт запущен под учётной записью обычного пользователя.
+В системе не установлен пакет "sudo".
+Скрипт не может продолжить работу, так как выполнение операций,
+требующих прав "root" - не представляется возможным!
+Пожалуйста, запустите скрипт под учётной записью "root", 
+либо установите и настройте пакет "sudo"!
+#endResource=msgSudoNotInstalled
+
+#Resource=msgUserNotMemberOfSudoGroup
+\aСкрипт запущен под учётной записью обычного пользователя.
+Учётная запись текущего пользователя не включена в группу "sudo"!
+Скрипт не может продолжить работу, так как выполнение операций,
+требующих прав "root" - не представляется возможным!
+Пожалуйста, запустите скрипт под учётной записью "root", 
+либо настройте пакет "sudo"!
+#endResource=msgUserNotMemberOfSudoGroup
+
+#Resource=msgSystemUseProxy
+\aВнимание! В системе используется прокси-сервер.
+Чтобы менеджер пакетов "apt" работал корректно,
+в файле "/etc/sudoers" должна присутствовать строка:
+Defaults env_keep = "http_proxy https_proxy"
+#endResource=msgSystemUseProxy
+
+#Resource=msgDoYouWishContinue
+Хотите чтобы скрипт дальше продолжил работу? (y/n):
+#endResource=msgDoYouWishContinue
+
+#Resource=msgPleaseInsertYorN
+\a\nПожалуйста введите "y" или "n"!
+#endResource=msgPleaseInsertYorN
+
+#Resource=msgInternetConnectionError
+\aОшибка закачки "https://github.com/z3APA3A/3proxy/releases/latest"!
+Пожалуйста, проверьте настройки интернет соединения.
+#endResource=msgInternetConnectionError
+
+#Resource=msgNewVersion
+Обнаружена новая версия "3proxy", скачать её (y/n)?
+#endResource=msgNewVersion
+
+#Resource=msgBuildEssentialNotInstalled
+\aПакет "build-essential" не был установлен.
+Дальнейшая установка не может быть продолжена!
+#endResource=msgBuildEssentialNotInstalled
+
+#Resources_RU_end
+
+
+#Resource=ConfigFile
+noconfig
+# If in this file have line "noconfig", then 3proxy not to be runned!
+# For usung this configuration file 3proxy you must to delete 
+# or comment out the line with "noconfig".
+
+daemon
+# Parameter "daemon" - means run 3proxy as daemon
+
+
+pidfile /tmp/3proxy.pid
+# PID file location 
+# This parameter must have the same value as 
+# the variable "PidFile" in  the script "/etc/init.d/3proxy"
+
+
+# Configuration file location
+config /etc/3proxy/3proxy.cfg
+
+
+internal 127.0.0.1
+# Internal is address of interface proxy will listen for incoming requests
+# 127.0.0.1 means only localhost will be able to use this proxy. This is
+# address you should specify for clients as proxy IP.
+# You MAY use 0.0.0.0 but you shouldn't, because it's a chance for you to
+# have open proxy in your network in this case.
+
+external 192.168.0.1
+# External is address 3proxy uses for outgoing connections. 0.0.0.0 means any
+# interface. Using 0.0.0.0 is not good because it allows to connect to 127.0.0.1
+
+
+# DNS IP addresses
+nserver 8.8.8.8
+nserver 8.8.4.4
+
+
+# DNS cache size
+nscache 65536
+
+# Timeouts settings
+timeouts 1 5 30 60 180 1800 15 60
+
+
+# log file location
+log /var/log/3proxy/3proxy.log D
+
+# log file format
+logformat "L%C - %U [%d-%o-%Y %H:%M:%S %z] ""%T"" %E %I %O %N/%R:%r"
+
+archiver gz /usr/bin/gzip %F
+# If archiver specified log file will be compressed after closing.
+# you should specify extension, path to archiver and command line, %A will be
+# substituted with archive file name, %f - with original file name.
+# Original file will not be removed, so archiver should care about it.
+
+rotate 30
+# We will keep last 30 log files
+
+proxy -p3128
+# Run http/https proxy on port 3128
+
+auth none
+# No authentication is requires
+
+setgid 65534
+setuid 65534
+# Run 3proxy under account "nobody" with group "nobody"
+#endResource=ConfigFile
+
+
+#Resource=InitScript
+#!/bin/sh
+#
+# 3proxy daemon control script
+#
+### BEGIN INIT INFO
+# Provides:          3proxy
+# Required-Start:    $network $remote_fs $syslog
+# Required-Stop:     $network $remote_fs $syslog
+# Should-Start:      $named
+# Should-Stop:       $named
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: 3proxy HTTP Proxy
+### END INIT INFO
+
+
+ScriptName="3proxy"
+ScriptFullName="/etc/init.d/3proxy"
+
+ConfigFile="/etc/3proxy/3proxy.cfg"
+LogDir="/var/log/3proxy"
+PidFile="/tmp/3proxy.pid"
+
+ResourcesData=""
+
+main()
+{
+	LoadResources
+	
+	if [ ! -d "${LogDir}" ]
+	then
+		mkdir -p "${LogDir}";
+	fi
+	
+	case "$1" in
+		start)		Start ;;
+		stop)		Stop ;;
+		restart)	Stop; Start ;;
+		status)		Status ;;
+		*)			ShowHelp;;
+	esac
+}
+
+Start()
+{
+	local msg
+	local ProxyPID
+	
+	if [ ! -f "${ConfigFile}" ]
+	then
+		msg=`GetResource "msgConfigFileNotFound"`
+		printf "${msg}" "${ConfigFile}"
+		return
+	fi
+	
+	if cat "${ConfigFile}" | grep -qe "^noconfig"
+	then
+		msg=`GetResource "msgNoconfigDetected"`
+		printf "${msg}" "${ConfigFile}"
+		return
+	fi
+	
+	ProxyPID=`Get3proxyPID`
+	
+	if [ ! -z "${ProxyPID}" ]
+	then
+		msg=`GetResource "msg3proxyAlreadyRunning"`
+		printf "${msg}" "${ProxyPID}"
+		return
+	fi
+	
+	3proxy "${ConfigFile}"
+	sleep 1
+	
+	ProxyPID=`Get3proxyPID`
+	
+	if [ ! -f "${PidFile}" ] 
+	then
+		msg=`GetResource "msg3proxyStartProblems"`
+		printf "${msg}"
+		return
+	fi
+	
+	if [ `cat "${PidFile}"` != "${ProxyPID}" ]
+	then
+		msg=`GetResource "msg3proxyStartProblems"`
+		printf "${msg}"
+		return
+	fi
+	
+	msg=`GetResource "msg3proxyStartedSuccessfully"`
+	printf "${msg}" `date +%d-%m-%Y" "%H:%M:%S` "${ProxyPID}"
+
+}
+
+Stop()
+{
+	local msg
+	local ProxyPID
+	
+	ProxyPID=`Get3proxyPID`
+	
+	if [ -f "${PidFile}" ] 
+	then
+		if [ `cat "${PidFile}"` = "${ProxyPID}" ]
+		then
+			kill -9 "${ProxyPID}"
+			rm -f "${PidFile}"
+			
+			msg=`GetResource "msg3proxyStoppedSuccessfully"`
+			printf "${msg}" `date +%d-%m-%Y" "%H:%M:%S`
+			
+			return
+		fi
+	fi
+	
+	if [ -z "${ProxyPID}" ]
+	then
+		msg=`GetResource "msg3proxyProxyNotDetected"`
+		printf "${msg}"
+		
+		return
+	fi
+	
+	pkill -o 3proxy
+	
+	msg=`GetResource "msg3proxyStoppedByKillall"`
+	printf "${msg}" `date +%d-%m-%Y" "%H:%M:%S` "${PidFile}"
+	
+}
+
+Status()
+{
+	local msg
+	local ProxyPID
+	
+	if [ -f "${PidFile}" ] 
+	then
+		msg=`GetResource "msgPidFileExists"`
+		printf "${msg}" "${PidFile}" `cat "${PidFile}"`
+	else
+		msg=`GetResource "msgPidFileNotExists"`
+		printf "${msg}" "${PidFile}"
+	fi
+	
+	ProxyPID=`Get3proxyPID`
+	
+	if [ ! -z  "${ProxyPID}" ]
+	then
+		msg=`GetResource "msg3proxyProcessDetected"`
+		printf "${msg}"
+		ps -ef | awk '$8 ~ /^3proxy/ { print "User: " $1 "\tPID: " $2 }'
+	else
+		msg=`GetResource "msg3proxyProcessNotDetected"`
+		printf "${msg}"
+	fi
+}
+
+ShowHelp()
+{
+	local msg
+	
+	msg=`GetResource "msg3proxyHelp"`
+	printf "${msg}" "${ScriptFullName}" "${ScriptName}"
+}
+
+Get3proxyPID()
+{
+	ps -ef | awk '$8 ~ /^3proxy/ { print $2; exit }'
+}
+
+LoadResources()
+{
+	local StartRow
+	local EndRow
+	local LngLabel
+	local msgResourceErr="\aError! Script could not find resources!"
+	
+	if env | grep -q 'LANG=ru_RU.UTF-8' 
+	then
+		LngLabel="RU"
+	else
+		LngLabel="EN"
+	fi
+	
+	StartRow=`cat "${ScriptFullName}" | awk "/^#Resources_${LngLabel}/ { print NR; exit}"`
+	
+	if [ -z "${StartRow}" ]
+	then
+		echo -e "${msgResourceErr}"
+		exit 255
+	fi
+	
+	EndRow=`cat "${ScriptFullName}" | awk "NR > ${StartRow} && /^#Resources_${LngLabel}_end/ { print NR; exit}"`
+	
+	if [ -z "${EndRow}" ]
+	then
+		echo -e "${msgResourceErr}"
+		exit 255
+	fi
+	
+	ResourcesData=`cat "${ScriptFullName}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'`
+}
+
+# $1 - Name of Resource
+GetResource()
+{
+	local StartRow
+	local EndRow
+	local msgResourceErr="\aError! Script could not find resource \"${1}\"!"
+	
+	StartRow=`echo "${ResourcesData}" | awk "/^#Resource=${1}/ { print NR; exit}"`
+	
+	if [ -z "${StartRow}" ]
+	then
+		echo -e "${msgResourceErr}" > /dev/stderr
+		exit 255
+	fi
+	
+	EndRow=`echo "${ResourcesData}" | awk "NR > ${StartRow} && /^#endResource=${1}/ { print NR; exit}"`
+	
+	if [ -z "${EndRow}" ]
+	then
+		echo -e "${msgResourceErr}" > /dev/stderr
+		exit 255
+	fi
+	
+	echo "${ResourcesData}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'
+}
+
+
+main $@
+exit 0;
+
+#Resources_EN
+
+#Resource=msg3proxyHelp
+Usage:
+\t%s {start|stop|restart}
+or
+\tservice %s {start|stop|restart|status}\\n
+#endResource=msg3proxyHelp
+
+#Resource=msgConfigFileNotFound
+\a3proxy configuration file - "%s" is not found!\\n
+#endResource=msgConfigFileNotFound
+
+#Resource=msgNoconfigDetected
+Parameter "noconfig" found in 3proxy configuration file -
+"% s" !
+To run 3proxy this parameter should be disabled.\\n
+#endResource=msgNoconfigDetected
+
+#Resource=msg3proxyAlreadyRunning
+\a3proxy already running PID: %s\\n
+#endResource=msg3proxyAlreadyRunning
+
+#Resource=msg3proxyStartProblems
+With the start of 3proxy, something is wrong! 
+Use: service 3proxy status\\n
+#endResource=msg3proxyStartProblems
+
+#Resource=msg3proxyStartedSuccessfully
+[ %s %s ] 3proxy started successfully! PID: %s\\n
+#endResource=msg3proxyStartedSuccessfully
+
+#Resource=msg3proxyStoppedSuccessfully
+[ %s %s ] 3proxy stopped successfully!\\n
+#endResource=msg3proxyStoppedSuccessfully
+
+#Resource=msg3proxyProxyNotDetected
+Process "3proxy" is not detected!\\n
+#endResource=msg3proxyProxyNotDetected
+
+#Resource=msg3proxyStoppedByKillall
+[ %s %s ] Command "pkill -o 3proxy" was executed,
+because process number was not stored in "%s",
+but in fact 3proxy was runned!\\n
+#endResource=msg3proxyStoppedByKillall
+
+#Resource=msgPidFileExists
+File "%s" exists. It contains the PID: %s\\n
+#endResource=msgPidFileExists
+
+#Resource=msgPidFileNotExists
+File "%s" not found, that is, PID 3proxy was not stored!\\n
+#endResource=msgPidFileNotExists
+
+#Resource=msg3proxyProcessDetected
+Process 3proxy detected:\\n
+#endResource=msg3proxyProcessDetected
+
+#Resource=msg3proxyProcessNotDetected
+Processes of 3proxy is not found!\\n
+#endResource=msg3proxyProcessNotDetected
+
+#Resources_EN_end
+
+
+#Resources_RU
+
+#Resource=msg3proxyHelp
+Используйте:
+\t%s {start|stop|restart}
+или
+\tservice %s {start|stop|restart|status}\\n
+#endResource=msg3proxyHelp
+
+#Resource=msgConfigFileNotFound
+\aФайл конфигурации 3proxy - "%s", не найден!\\n
+#endResource=msgConfigFileNotFound
+
+#Resource=msgNoconfigDetected
+\aОбнаружен параметр "noconfig" в файле конфигурации 3proxy -
+"%s" !
+Для запуска 3proxy этот параметр нужно отключить.\\n
+#endResource=msgNoconfigDetected
+
+#Resource=msg3proxyAlreadyRunning
+\a3proxy уже запущен PID: %s\\n
+#endResource=msg3proxyAlreadyRunning
+
+#Resource=msg3proxyStartProblems
+\aСо стартом 3proxy, что-то не так!
+Используйте: service 3proxy status\\n
+#endResource=msg3proxyStartProblems
+
+#Resource=msg3proxyStartedSuccessfully
+[ %s %s ] 3proxy успешно стартовал! PID: %s\\n
+#endResource=msg3proxyStartedSuccessfully
+
+#Resource=msg3proxyStoppedSuccessfully
+[ %s %s ] 3proxy успешно остановлен!\\n
+#endResource=msg3proxyStoppedSuccessfully
+
+#Resource=msg3proxyProxyNotDetected
+Процесс "3proxy" не обнаружен!\\n
+#endResource=msg3proxyProxyNotDetected
+
+#Resource=msg3proxyStoppedByKillall
+[ %s %s ] Выполнена команда "pkill -o 3proxy",
+т.к. номер процесса не записан в "%s",
+но по факту 3proxy рабатал!\\n
+#endResource=msg3proxyStoppedByKillall
+
+#Resource=msgPidFileExists
+Файл "%s" есть. Он содержит PID: %s\\n
+#endResource=msgPidFileExists
+
+#Resource=msgPidFileNotExists
+Файл "%s" не найден, т.е. PID 3proxy не был сохранён!\\n
+#endResource=msgPidFileNotExists
+
+#Resource=msg3proxyProcessDetected
+Обнаружен процесс 3proxy:\\n
+#endResource=msg3proxyProcessDetected
+
+#Resource=msg3proxyProcessNotDetected
+Процессов 3proxy не обнаружено!\\n
+#endResource=msg3proxyProcessNotDetected
+
+#Resources_RU_end
+#endResource=InitScript

scripts/3proxy.cfg

@@ -1,23 +1,18 @@
-#!/usr/local/etc/3proxy/bin/3proxy
-daemon
-pidfile /usr/local/etc/3proxy/3proxy.pid
 nscache 65536
-nserver 127.0.0.1
+nserver 8.8.8.8
+nserver 8.8.4.4
 
-config /usr/local/etc/3proxy/3proxy.cfg
-monitor /usr/local/etc/3proxy/3proxy.cfg
-monitor /usr/local/etc/3proxy/counters
-monitor /usr/local/etc/3proxy/passwd
-monitor /usr/local/etc/3proxy/bandlimiters
+config /conf/3proxy.cfg
+monitor /conf/3proxy.cfg
 
-log /usr/local/etc/3proxy/log/log D
+log /logs/3proxy-%y%m%d.log D
 rotate 60
-counter /usr/local/etc/3proxy/3proxy.3cf
+counter /count/3proxy.3cf
 
-users $/usr/local/etc/3proxy/passwd
+users $/conf/passwd
 
-include /usr/local/etc/3proxy/counters
-include /usr/local/etc/3proxy/bandlimiters
+include /conf/counters
+include /conf/bandlimiters
 
 auth strong
 deny * * 127.0.0.1
@@ -28,5 +23,3 @@ flush
 allow admin
 
 admin -p8080
-
-

scripts/3proxy.cfg.chroot

@@ -0,0 +1,4 @@
+#!/bin/3proxy
+#daemon
+chroot /usr/local/3proxy proxy proxy
+include /conf/3proxy.cfg

scripts/3proxy.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=3proxy tiny proxy server
+Documentation=man:3proxy(1)
+After=network.target
+
+[Service]
+Environment=CONFIGFILE=/etc/3proxy/3proxy.cfg
+ExecStart=/bin/3proxy ${CONFIGFILE}
+ExecReload=/bin/kill -SIGUSR1 $MAINPID
+KillMode=process
+Restart=on-failure
+RestartSec=60s
+LimitNOFILE=65536
+LimitNPROC=32768
+RuntimeDirectory=3proxy
+
+[Install]
+WantedBy=multi-user.target
+Alias=3proxy.service

scripts/add3proxyuser.sh

@@ -1,10 +1,15 @@
 #!/bin/sh
 if [ $4 ]; then  
-	echo $1:`/usr/local/etc/3proxy/bin/mycrypt $$ $2` >> /usr/local/etc/3proxy/passwd
-	echo countin \"`wc -l /usr/local/etc/3proxy/counters|awk '{print $1}'`/$1\" D $3 $1 >> /usr/local/etc/3proxy/counters
-	echo bandlimin $4 $1 >> /usr/local/etc/3proxy/bandlimiters
+	echo bandlimin $4 $1 >> /etc/3proxy/conf/bandlimiters
+fi
+if [ $3 ]; then  
+	echo countin \"`wc -l /etc/3proxy/conf/counters|awk '{print $1}'`/$1\" D $3 $1 >> /etc/3proxy/conf/counters
+fi
+if [ $2 ]; then  
+	echo $1:`/bin/mycrypt $$ $2` >> /etc/3proxy/conf/passwd
 else
-	echo usage: $0 username password day_limit bandwidth
+	echo usage: $0 username password [day_limit] [bandwidth]
 	echo "	"day_limit - traffic limit in MB per day
 	echo "	"bandwidth - bandwith in bits per second 1048576 = 1Mbps
 fi
+

scripts/debian/3proxy.manpages

@@ -0,0 +1,10 @@
+man/3proxy.8
+man/3proxy.cfg.3
+man/ftppr.8
+man/pop3p.8
+man/tlspr.8
+man/proxy.8
+man/smtpp.8
+man/socks.8
+man/tcppm.8
+man/udppm.8

scripts/debian/changelog

@@ -0,0 +1,24 @@
+3proxy (0.9.5-1) buster; urgency=medium
+
+  *3proxy 0.9.5 initial build
+
+ -- z3APA3A <3apa3a@3proxy.org>  Sun, 09 Mar 2025 15:55:48 +0300
+
+3proxy (0.9.4-1) buster; urgency=medium
+
+  *3proxy 0.9.4 initial build
+
+ -- z3APA3A <3apa3a@3proxy.org>  Fri, 02 Jul 2021 00:47:00 +0300
+
+3proxy (0.9.3-1) buster; urgency=medium
+
+  *3proxy 0.9.3 initial build
+
+ -- z3APA3A <3apa3a@3proxy.org>  Thu, 03 Dec 2020 21:13:58 +0300
+
+3proxy (0.9.2-1) buster; urgency=medium
+
+  *3proxy 0.9.2 initial build
+
+ -- z3APA3A <3apa3a@3proxy.org>  Thu, 19 Nov 2020 19:19:19 +0300
+

scripts/debian/compat

@@ -0,0 +1 @@
+9

scripts/debian/conffiles

@@ -0,0 +1,4 @@
+/usr/local/3proxy/conf/3proxy.cfg
+/usr/local/3proxy/conf/add3proxyuser.sh
+/usr/local/3proxy/conf/bandlimiters
+/usr/local/3proxy/conf/counters

scripts/debian/control

@@ -0,0 +1,18 @@
+Source: 3proxy
+Maintainer: z3APA3A <3apa3a@3proxy.org>
+Section: net
+Priority: optional
+Standards-Version: 4.0.0
+Build-Depends: debhelper (>=10)
+Homepage: https://3proxy.org/
+Vcs-Git: https://github.com/z3APA3A/3proxy
+Vcs-Browser: https://github.com/z3APA3A/3proxy
+
+Package: 3proxy
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: tiny free proxy server
+ 3Proxy tiny free proxy server is really tiny freeware proxy servers set. 
+ It includes HTTP proxy with HTTPS and FTP support, SOCKSv4/SOCKSv4.5/SOCKSv5 proxy (socks/socks.exe), POP3 proxy, SMTP proxy, FTP proxy, caching DNS proxy, TCP and UDP portmappers.
+ You can use every proxy as a standalone program (socks, proxy, tcppm, udppm, pop3p) or use combined program (3proxy). Combined proxy additionally supports features like access control, bandwidth limiting, limiting daily/weekly/monthly traffic amount, proxy chaining, log rotation, syslog and ODBC logging, etc.
+ It's created to be small, simple and yet very functional. 

scripts/debian/copyright

@@ -0,0 +1,20 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: 3proxy
+Upstream-Contact: 3proxy@3proxy.org
+Source: https://3proxy.org/
+
+Files: *
+Copyright: 2000-2020 3APA3A, Vladimir Dubrovin, 3proxy.org
+License: BSD-3-clause or Apache or GPL-2+ or LGPL-2+
+
+Files: src/libs/md*.*
+Copyright: 1990,1991,1992  RSA Data Security, Inc
+License: public-domain
+
+Files: src/libs/regex.*
+Copyright: Henry Spencer
+License: public-domain
+
+Files: src/libs/smbdes.c
+Copyright: Andrew Tridgell 1998
+License: GPL-2+

scripts/debian/postinst

@@ -0,0 +1,43 @@
+if [ ! -f /usr/local/3proxy/conf/passwd ]; then \
+ touch /usr/local/3proxy/conf/passwd;\
+fi
+chown -R proxy:proxy /usr/local/3proxy
+chmod 550  /usr/local/3proxy/
+chmod 550  /usr/local/3proxy/conf/
+chmod 440  /usr/local/3proxy/conf/*
+if /bin/systemctl >/dev/null 2>&1; then \
+ /usr/sbin/update-rc.d 3proxy disable || true; \
+ /usr/sbin/chkconfig 3proxy off || true; \
+ /bin/systemctl enable 3proxy.service; \
+elif [ -x /usr/sbin/update-rc.d ]; then \
+ /usr/sbin/update-rc.d 3proxy defaults; \
+ /usr/sbin/update-rc.d 3proxy enable; \
+elif [ -x /usr/sbin/chkconfig ]; then \
+ /usr/sbin/chkconfig 3proxy on; \
+fi
+
+echo ""
+echo 3proxy installed.
+if /bin/systemctl >/dev/null 2>&1; then \
+ /bin/systemctl stop 3proxy.service \
+ /bin/systemctl start 3proxy.service \
+ echo use ;\
+ echo "  "systemctl start 3proxy.service ;\
+ echo to start proxy ;\
+ echo "  "systemctl stop 3proxy.service ;\
+ echo to stop proxy ;\
+elif [ -x /usr/sbin/service ]; then \
+ /usr/sbin/service 3proxy stop  || true;\
+ /usr/sbin/service 3proxy start  || true;\
+ echo "  "service 3proxy start ;\
+ echo to start proxy ;\
+ echo "  "service 3proxy stop ;\
+ echo to stop proxy ;\
+fi
+echo "  "/usr/local/3proxy/conf/add3proxyuser.sh
+echo to add users
+echo ""
+echo Default config uses Google\'s DNS.
+echo It\'s recommended to use provider supplied DNS or install local recursor, e.g. pdns-recursor.
+echo Configure preferred DNS in /usr/local/3proxy/conf/3proxy.cfg.
+echo run \'/usr/local/3proxy/conf/add3proxyuser.sh admin password\' to configure \'admin\' user