Commit 47e9d714 authored by Mati's avatar Mati

Imported Upstream version 3.3+dfsg

Programming: Lars Brinkhoff <>
Research: Stefan Berndtsson <>
Magnus Lundstrm <>
Disclaimer: Barak Pearlmutter <>
Documentation: Teemu Hukkanen <>
getopt_long usage: Taken from the manual page.
getopt_long code: Taken from GNU fileutils-4.0.
Patches: Tomas Berndtsson <> (Solaris)
Andrew Gray <> (Solaris, AIX)
Larry Gensch <> (Digital UNIX)
John Bley <>
Andrew Mobbs <>
Krishna Swaroop <>
Philip Craig <> (Windows)
Jeffrey S Laing <>
Ludovic Rousseau <>
Shimayoshi Takao <>
Chris Lesiak <>
Albert Chin-A-Young <>
Raphael Manfredi <>
Fumitoshi UKAI <>
Brian Somers <>
Sampo Niskanen <>
Testing: Philip Craig <>
FAQ: Lars Brinkhoff <>
Christian Brideau <>
... and many novice users.
This diff is collapsed.
This diff is collapsed.
I hereby disclaim all responsibility for this hack. If it backfires on
you in any way whatsoever, that's the breaks. Not my fault. If you
don't understand the risks inherent in doing this, don't do it. If you
use this hack and it allows vicious vandals to break into your
company's computers and costs you your job and your company millions
of dollars, well that's just tough nuggies. Don't come crying to me.
Q: I'm not real sure what httptunnel can be used for exactly?
A: It's a generic tool for sending data in and out through an HTTP proxy.
This is not very useful in itself, so you must run another program
which uses this data "tunnel". For example, you could use telnet
to log in on a computer ouside the proxy.
Q: httptunnel craches my SuSE 5.3 box, why?
A: I don't know, but upgrading to 6.0 seems to help.
Q: I'm responsible for network security in our company. My question
is: are there any characteristics of the communication that may be
detected at the proxy?
A: Maybe. I make no guarantees. Use the source.
Q: I wrote 'hts -d /dev/ptyq1' but 'cat </dev/ptyq1' returns an error.
A: Use 'cat </dev/ttyq1' instead.
Q: My friend runs hts at port 8888, but when I try to connect to it,
there is no response.
A: As for now, hts can't handle multiple tunnels. You must run your
own instance of hts listening to another port.
Q: Is there a Windows/95/98/NT version?
A: It's possible to build and run httptunnel in the Cygwin environment.
Q: Are there binaries of httptunnel for win32(Windows/95/98/NT) anywhere?
A: On the homepage, there is a link to someone maintaining
win32 binaries.
Q: Is there a Macintoch version?
A: Not that I know of.
Q: My firewall requires HTTP user authentication (which is currently
not supported by httptunnel). Do you plan to add something like
A: Yes.
Q: How hard would it be to implement "hts" as a cgi running on a
normal web server?
A: hts can't be called directly from the HTTP server, because hts will
service many connections during the lifetime of the tunnel. If the
HTTP server executed a new instance of hts every time a new request
was made, each new hts wouldn't have access to the prior state of
the tunnel.
However, a CGI proxy which forwards the requests to a normal hts
listening to a port != 80 whould most probably be quite trivial to
Q: Have you thought of using HTTPS?
A: It has been suggested, but I'd rather avoid all the nasty export
restrictions. You can use external software to get an encrypted
Q: On REMOTE ( I do the following:
hts -F localhost:23 8888
This worked the first time, but never since... now I only get:
hts: couldn't create tunnel
A: The first hts is still running in the background.
Q: On LOCAL ( I do:
htc -F 2323 -P http://internwebb/proxy2.pac:8000
Now, I try:
[root@localhost httptunnel-1.101]# telnet localhost 2323
telnet: Unable to connect to remote host: Connection refused
A: [Christian Brideau] http://internwebb/proxy2.pac:8000 is not
exactly the proxy's adress. This is the location of the
Proxy-Auto-Configure (PAC) file. This file contains the adress of
the proxy server. To discover the real adress, just go to an
external web page using a browser and then use netstat to figure
out what adress your browser is using.
Q: Why does 'configure' fail on HP-UX?
A: Because you haven't installed gcc. If
CFLAGS=-O ./configure
doesn't work, you must get gcc, or at least an ANSI C compiler.
General idea.
FIXME: client, server. HTTP.
All HTTP requests are made by the client, htc, and are served by the
server, hts.
Data is sent to the server using HTTP PUT requests. These have a
Content-Length header line, which is obeyed strictly if the --strict
option is used. tunnel.c provides a nice interface to the
complexities of HTTP requests. See tunnel.h for information about the
programming interface.
In the other direction, data is transferred using HTTP GET requests.
Proxy buffering.
Some proxies buffer data in HTTP PUT or POST requests. FIXME: explain
why this is a problem and how it is solved.
To enable debugging code, use --enable-debug with 'configure'. This
will make htc and hts recognize a --debug switch.
--debug 0 - no messages whatsoever
--debug 1 - log_notice () - important events
--debug 2 - log_error () - unexpected errors
--debug 3 - log_debug () - sparse debugging
--debug 4 - log_verbose () - debugging in innner loops
--debug 5 - log_annoying () - system calls and more
Without --enable-debug, log_notice() and log_error() will log using
syslog() with level LOG_NOTICE and LOG_ERROR, respectively.
log_debug(), log_verbose(), and log_annoying() will be disabled.
Some notes about the protocol.
The data sent in HTTP requests is in itself formatted according to a
simple protocol. This is needed becase some HTTP proxy servers buffer
data before sending it to its final destination.
There are seven different requests in this protocol, and there are
two types of requests. Requests with the 0x40 bit set consists of
just one byte, with no additional data. Requests with the 0x40 bit
clear have a two-byte length field and a variable length data field.
01 xx xx yy...
xx xx = length of auth data
yy... = auth data
OPEN is the initial request. For now, auth data is unused,
but should be used for authentication.
02 xx xx yy...
xx xx = lenth of data
yy... = data
DATA is the one and only way to send data.
03 xx xx yy...
xx xx = lenth of padding
yy... = padding (will be discarded)
PADDING exists only to allow padding the HTTP data. This is
needed for HTTP proxies that buffer data.
04 xx xx yy...
xx xx = length of error message
yy... = error message
Report an error to the peer.
PAD1 can be used for padding when a PADDING request would be
too long with regard to Content-Length. PADDING should always
be preferred, though, because it's easier for the recipent to
parse one large request than many small.
CLOSE is used to close the tunnel. No more data can be sent
after this request is issued, except for a TUNNEL_DISCONNECT.
DISCONNECT is used to close the connection temporarily,
probably because Content-Length - 1 number of bytes of data
has been sent in the HTTP request.
Basic Installation
These are generic installation instructions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, a file
`config.cache' that saves the results of its tests to speed up
reconfiguring, and a file `config.log' containing compiler output
(useful mainly for debugging `configure').
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If at some point `config.cache'
contains results you don't want to keep, you may remove or edit it.
The file `' is used to create `configure' by a program
called `autoconf'. You only need `' if you want to change
it or regenerate `configure' using a newer version of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system. If you're
using `csh' on an old version of System V, you might need to type
`sh ./configure' instead to prevent `csh' from trying to execute
`configure' itself.
Running `configure' takes awhile. While running, it prints some
messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
Compilers and Options
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. You can give `configure'
initial values for variables by setting them in the environment. Using
a Bourne-compatible shell, you can do that on the command line like
CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
Or on systems that have the `env' program, you can do it like this:
env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
Compiling For Multiple Architectures
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you must use a version of `make' that
supports the `VPATH' variable, such as GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
If you have to use a `make' that does not supports the `VPATH'
variable, you have to compile the package for one architecture at a time
in the source code directory. After you have installed the package for
one architecture, use `make distclean' before reconfiguring for another
Installation Names
By default, `make install' will install the package's files in
`/usr/local/bin', `/usr/local/man', etc. You can specify an
installation prefix other than `/usr/local' by giving `configure' the
option `--prefix=PATH'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
give `configure' the option `--exec-prefix=PATH', the package will use
PATH as the prefix for installing programs and libraries.
Documentation and other data files will still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=PATH' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Specifying the System Type
There may be some features `configure' can not figure out
automatically, but needs to determine by the type of host the package
will run on. Usually `configure' can figure that out, but if it prints
a message saying it can not guess the host type, give it the
`--host=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name with three fields:
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the host type.
If you are building compiler tools for cross-compiling, you can also
use the `--target=TYPE' option to select the type of system they will
produce code for and the `--build=TYPE' option to select the type of
system on which you are compiling the package.
Sharing Defaults
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/' if it exists, then
`PREFIX/etc/' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Operation Controls
`configure' recognizes the following options to control how it
Use and save the results of the tests in FILE instead of
`./config.cache'. Set FILE to `/dev/null' to disable caching, for
debugging `configure'.
Print a summary of the options to `configure', and exit.
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
Print the version of Autoconf used to generate the `configure'
script, and exit.
`configure' also accepts some other, not widely useful, options.
## Copyright (C) 1999 Lars Brinkhoff
SUBDIRS = port
bin_PROGRAMS = htc hts
man_MANS = hts.1 htc.1
CPPFLAGS += -Iport
htc_SOURCES = htc.c common.c tunnel.c http.c base64.c
htc_LDADD = -Lport -lport
hts_SOURCES = hts.c common.c tunnel.c http.c
hts_LDADD = -Lport -lport
noinst_HEADERS = common.h tunnel.h http.h base64.h
EXTRA_DIST = TODO HACKING DISCLAIMER doc/rfc1945.txt doc/rfc2068.txt \
FAQ doc/rfc2045.txt hts.1 htc.1 debian/changelog debian/control \
debian/copyright debian/dirs debian/docs debian/rules \
debian/prerm debian/postinst
This diff is collapsed.
* Version 3.0
Summary of user-visible changes since 2.0:
** Bug fixes and improved stability.
** Long options work on all platforms.
The GNU libc getopt_long() functions were copied into the httptunnel
distribution and is used on systems where no long options are available
in the standard libraries.
** Logging messages get a time stamp.
** httptunnel is now Debianized.
** Replaced the MANUAL file with two man pages.
** Made compatible with the Univeral TUN device driver.
** New --strict-content-length option.
This option makes httptunnel obey the Content-Length field in the
HTTP header. This improves compatibility with some proxies. The
defalt is to be sloppy about the Content-Length field.
** New --keep-alive option.
With this option, httptunnel will send keep-alive bytes, which
improves stability with some proxies. The defailt is to send
keep-alive bytes every five seconds.
** New --max-connection-age option.
This option specifies the maximum age of any HTTP connection made
by httptunnel. The default is 300 seconds.
** New --proxy-authorization option.
This option is used to send a authorization string to the proxy.
** New --proxy-authorization-file option.
This option works as --proxy-authorization, only it reads the
string from the specified file.
** New --pid-file option.
With this option, httptunnel will write its process identification
number to the specified file.
** New --user-agent option.
Use this option to specify a string for the User-Agent field sent
in HTTP headers. This is useful for proxies that want a specific
value there.
* Version 2.0
Summary of user-visible changes since 1.0:
** There is a FAQ.
** There is a MANUAL which isn't.
** Port numbers have default values.
** There is a debug mode.
Using --enable-debug with 'configure' will make htc and hts recognize
--debug and --logfile options.
** Uses syslog.
When not in debug mode, important events and unexpected errors
are logged using LOG_NOTICE and LOG_ERROR, respectively.
** hts takes a --content-length option.
It works like the one for htc.
** Short option for --forward-port changed from -f to -F.
** Improved portability.
Works on at least some versions of GNU/Linux, Solaris, AIX,
Digital UNIX, Cygwin, FreeBSD, OpenBSD.
** Improved protocol and HTTP handling.
Resulting in better stability.
** Bug fixes.
** Bug reports should now go to
* Version 1.103
** Bug reporting email addres changed to
** Miscellaneous cosmetic stuff.
* Version 1.102
** Emulate endprotoent() if not present.
** Changed email addresses to preferred ones.
** Handle setsockopt() errors slightly more gracefully.
* Version 1.101
** Disabled compilation of tt and rw, as they are hardly needed anymore.
** Changed internal parameters once again.
Send keep-alive bytes ever 5 seconds.
Maximum connection time back to 5 minutes.
** Improved logging.
Write package name, package version and debug level to log.
Removed one superfluous level of indentation.
** Removed a problem which caused a busy loop.
This only happened when --proxy-buffer-* was active.
* Version 1.100
** Removed an attempt to printf() NULL, which caused a crash on Solaris.
Thanks to Tomas Berndtsson <> for the fix.
** Hopefully the setsockopt() errors will be gone.
** Changed some internal parameters to satisfy really picky proxies.
Increased frequency of keep-alive bytes from 1/30s to 1/10s.
Decreased maximum connection time from 5 minutes to 1 minute.
TODO: user interface for these parameters.
* Version 1.99
** Added plea for post cards to README.
The greedy author tries to turn this otherwise perfectly free
software into a vehicle for extracting post cards from innocent
** Fixed --enable-debug without --debug bug.
** Adjusted debugging levels.
0 now means no debugging messages, 5 is the highest level.
* Version 1.98
** Close a HTTP POST connection after 5 minutes.
This is a kludge, but finally no data is lost with Squid 2.
** httptunnel is now GNU software.
** Changed the short option for --forward-port from -f to -F.
Because I want to use -f for a future --file option.
** Removed some possible buffer overflows.
* Version 1.97
** Improved poll() emulation.
** Improved HTTP request and response parsing.
** hts --content-length works now.
Thanks Philip!
** Try some setsockopt() settings to make connections more reliable.
* Version 1.96
** Changed compiler warnings when --enable-debug.
** Included the HTTP RFCs in the distribution.
** Emulate poll() using select() on systems without poll().
Still untested, though.
** Fixed void * arithmetic and a prototype/definition mismatch.
Thanks to Larry Gensch for this patch!
* Version 1.95
** I/O byte counters.
--debug 3 will show byte counters for the data sent and recieived.
--debug 4 will also show byte counters for the raw protocol data
sent and received.
** hts takes a --content-length switch.
** Make sure HTTP GET responses are not cached.
Added "Expires: 0" (invalid HTTP, I know) and "Cache-Control:
no-store, must-revalidate" to HTTP GET response header.
* Version 1.94
** Avoid a few compilation warnings.
** http.h didn't make it into the distribution.
* Version 1.93
** Parse HTTP GET responses.
If the version is unknown or the status code signals an error, fail.
* Version 1.92
** Forgot to regenerate configure, Makefile, etc.
* Version 1.91
** Forgot to update NEWS before releasing 1.90.
* Version 1.90
** More robust.
** Major protocol change.
Now uses the protocol for HTTP GET requests too.
** Improved error logging.
** Solaris and AIX fixes.
Thanks to Andrew Gray for the patch.
** Send keep-alive bytes every 30 seconds of inactivity.
* Version 1.5
** New --logfile switch.
** Uses syslog.
* Version 1.4
** Works with Squid 2.
** Solaris fixed.
And this time, they're actually tested! Thanks to Tomas Berndtsson
for supplying these fixes.
* Version 1.3
** Fixes for addr_inet() and systems without getopt_long().
Thanks to for the bug report.
* Version 1.2
** 'configure' checks whether socklen_t is declared or not.
This should make httptunnel compile on older libc's.
Thanks to Tomas Almlof and J A for reporting this bug.
** Not specifying a proxy doesn't give a usage error any more.
Thanks to George Bonser for reporting this bug.
* Version 1.1
** 'configure' takes a --enable-debug switch.
Use it to enable debugging code.
** 'htc' and 'hts' take a --debug switch.
Use it to enable debugging mode.
** Some arguments on the command line of 'hts' and 'htc' don't need to
be specified with port numbers.
If unspecified, a default port number is used. Use --help to see
where this applies.
** Removed annoying buffering bug.
So no fake --proxy-buffer-size and --proxy-buffer-timeout is needed
any more.
* Version 1.0
** First public release.
httptunnel creates a bidirectional virtual data path tunnelled in HTTP
requests. The requests can be sent via an HTTP proxy if so desired.
This can be useful for users behind restrictive firewalls. If WWW
access is allowed through an HTTP proxy, it's possible to use
httptunnel and, say, telnet or PPP to connect to a computer outside
the firewall.
If you still don't understand what this is all about, maybe you
can find some useful information in the FAQ file.
This program is mostly intended for technically oriented users.
They should know what to do.
httptunnel is free software. See COPYING for terms and conditions.
If you like it, I would appreciate if you sent a post card to:
Lars Brinkhoff
Kopmansgatan 2