
			    ip_masq_icq 0.56
			   ~~~~~~~~~~~~~~~~~~


    This is a Linux kernel module that provides masquerading support for
the ICQ protocol, allowing users to initiate message/file/chat TCP connections
to ICQ clients in the masqueraded network from the rest of the world. All
current ICQ protocols except ICQ2k (UDP v[2-5], TCP v3/ICQ98/ICQ99) are
supported.


Requirements
~~~~~~~~~~~~
    -	2.2.x kernel compiled with ``Prompt for development and/or incomplete
	code/drivers'' ("Code maturity level options" menu) and
	``IP: masquerading special modules support'' ("Networking options"
	menu) options turned on.


Compiling/Installing
~~~~~~~~~~~~~~~~~~~~
/*0. Since 0.53, this module doesn't use ip_portfw_*, so kernel patching is
   no more needed :)*/
1. cd /usr/src/ip_masq_icq-0.56; make install
2. insmod it and enjoy.


Module Parameters
~~~~~~~~~~~~~~~~~
    These parameters you can specify on the insmod/modprobe commandline:

    ports=<portnum>{,<portnum>}
	Monitor for ICQ logins on these ports.
	Default: ports=4000

    range=<startport>,<endport>
	Use <startport>..<endport> range for TCP connection forwarding.
	Default: range=60200,61000

    udp_timeout=<seconds>
	Set the UDP masquerading timeout for client<->server connection.
	This option prevents from setting long global timeouts with
	ipchains -M -S. Unnecessity of setting long global timeout for
	UDP (which has no FIN, CLOSE states with 30sec timeouts like TCP)
	protects from masquerade table inflation.
	Default: udp_timeout=600

    tcp_timeout=<seconds>
	Set the TCP masquerading timeout for master (incoming/outgoing)
	and chat (incoming only) user2user connections. These connections
	must be keeped in the masq table even if there's no traffic for a
	long time. This option prevents	from setting long global timeouts
	with ipchains -M -S.
	Default: tcp_timeout=14400  (14400sec == 4hrs)

    tcp_fin_timeout=<seconds>
	Set the FIN-state TCP masquerading timeout for master and chat 
	user2user connections. There is no reason to use this option :)
	Default: tcp_fin_timeout=60

    log=[i][o][f][d][c][s]l[n][x][m][a]
	Set logging verbosity level. Possible logging options are:
	    i	Client login
	    o	Client logout
	    f	Forwarding incoming direct connection
	    d	Forwarding outgoing direct connection
	    c	Closing the forwarded connection
	    s	Forwarding secondary (file xfer/chat) connection
	    l	User on client's contact list came online
	    n	User on client's contact list went offline
	    x	User is _possibly_ invisible for client
	    m	Online users list for specified client is overflowed
		(see ``limit'' option)
	    a	All of the above
	"User" means "remote user outside the masq'd net"
	"client" means "local user inside the masq'd net"
	"_possibly_ invisible" means that USER_OFFLINE packet was received
	and there was no corresponding USER_ONLINE packet received before.
	User is logged as UIN@IP.IP.IP.IP (ip.ip.ip.ip):TCPport<-MASQport/UDPport,
	some fields may be omited. IP address in parentheses is user's address
	in his/her local network.
	Use "log=" (empty options string) to mute logging at all.
	Default: log=i

    limit=<cnt>
	Keep addr/port/UIN for no more than <cnt> online users per client.
	Without limiting this value it's possible to flood the kernel memory
	by spoofing to masq'd UDP port (there are only 4096 such ports so it's
	possible to try all of them) many USER_ONLINE packets with random UINs
	with ICQ server's source address. Each info record (``struct online''
	in module source) occupies 32 bytes (on ix86).
	Default: limit=512 (max 16 kbytes per client)

    hide_local_ip=[1|0]
	Replace "local IP" field in the login packet with masq box's address to
	prevent local network IPs from seeing by remote users.
	Default: hide_local_ip=1

    hide_remote_local_ip=[1|0]
	Replace "local IP" field in the USER_ONLINE packet with "real IP"
	field of that packet to hide "local IP" fields of remote users
	from local users.
	Default: hide_remote_local_ip=0

    intranet=[1|0]
	Enable direct connections between users behind the same masq box.
	Default: intranet=1


Runtime configuration/statistics
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    All of the above options (except "ports") are tunable thru procfs directory
    /proc/net/ip_masq/icq/ :

    On/off options (hide_local_ip, hide_remote_local_ip, intranet)
	Write "1" or "on" to enable option and "0" or "off" to disable.
	Example:
	    [root@reactor ~]# cat /proc/net/ip_masq/icq/intranet 
	    off
    	    [root@reactor ~]# echo 1 >/proc/net/ip_masq/icq/intranet 
	    [root@reactor ~]# cat /proc/net/ip_masq/icq/intranet 
	    on

    Numeric/range options (tcp_timeout, tcp_fin_timeout, range, limit)
	Write decimal or 0x-prefixed hex or 0-prefixed octal to set scalar
	value, or "<number>-<number>" to set range.
	Example:
	    [root@reactor ~]# echo 30 > /proc/net/ip_masq/icq/tcp_fin_timeout 
	    [root@reactor ~]# cat /proc/net/ip_masq/icq/tcp_fin_timeout 
	    30
	    [root@reactor ~]# echo 32768-49152 >/proc/net/ip_masq/icq/range
	    [root@reactor ~]# cat /proc/net/ip_masq/icq/range 
	    32768-49152
	    [root@reactor ~]# echo 61000-60200 >/proc/net/ip_masq/icq/range
	    [root@reactor ~]# cat /proc/net/ip_masq/icq/range 
	    60200-61000

    Log option
	Write [<set>][+<enable>][-<disable>], where strings <set>, <enable>
	and <disable> are composed of the same letters as for "log=" option.
	Example:
	    [root@reactor ~]# echo a -i -o -x -m > /proc/net/ip_masq/icq/log 
	    [root@reactor ~]# cat /proc/net/ip_masq/icq/log 
	    -o Client Logout
	    -i Client Login
	    +f Forwarding incoming direct connection
	    +d Forwarding outgoing direct connection
	    +c Closing the forwarded connection
	    +s Forwarding secondary connection
	    +l User on client's contact list is online
	    +n User on client's contact list is offline
	    -x User is _possibly_ invisible for client
	    -m Online users list for specified client is overflowed
	    [root@reactor ~]# echo -a +io > /proc/net/ip_masq/icq/log 
	    [root@reactor ~]# awk '{printf $1 " "} END{print ""}' /proc/net/ip_masq/icq/log
	    +o +i -f -d -c -s -l -n -x -m
	    [root@reactor ~]# echo +f s c d > /proc/net/ip_masq/icq/log 
	    [root@reactor ~]# awk '{printf $1 " "} END{print ""}' /proc/net/ip_masq/icq/log
	    +o +i +f +d +c +s -l -n -x -m
	Note that writing an empty string to /proc/net/ip_masq/icq/log has no
	effect, as opposed to "log=" option.

    Active client list is available in human-readable form
    from /proc/net/ip_masq/icq/users.


Known bugs
~~~~~~~~~~
1. When forwarding direct connection from host with several clients running,
   incorrect source UIN may be logged (nevertheless, everything except UIN
   logging works ok :) ).
2. Expiration timeout for ougoing chat connections isn't set to tcp_timeout
   option's value. But default 15minutes timeout is quite enough for a chat..
3. Multichat doesn't work.
4. ICQ2000 uses new incompatible protocol on 5190/tcp.....


Homepage
~~~~~~~~
    primary:	http://freeshell.org/~djsf/masq-icq/
    alternate:	http://djsf.narod.ru/masq-icq/
    		http://www.chat.ru/~djsf/masq-icq/
		http://djsf.webjump.com/masq-icq/
		http://members.xoom.com/djsf/masq-icq/
		http://djsf.tripod.com/masq-icq/

ip_masq_icq mailing list
~~~~~~~~~~~~~~~~~~~~~~~~
    To subscribe, send a mail to majordomo@access.ru, with the message body
    consisting only of the line "subscribe ip_masq_icq".

Author
~~~~~~
    andrew deryabin <djsf@iname.com>
    ICQ: 13553135, Fido: 2:5020/1145
