Installing from Binary
Untar the binary file you downloaded. bin, include, and lib will be created under dpf-platform-version directory. bin has DPF inagent; include and lib will have DPF header files and library, respectively.
Installing from Source
DPF is built using GNU build system. Untar the zip file and do the regular configure, make, and make install. The same directories and files will be created as if DPF is installed from the binary.
Running inagent
Copy files in $(DPF-install-dir)/bin to the firewall/NAT machine that you want to run DPF inagent. Refer What goes where to figure out where you have to run DPF inagent. DPF inagent requires the following arguments:
inagent -S serv_addr [-P proxy_addr -C client_addr]
-f debug_file [-g debug_level] [-x max_of_debug_file]
-S Service address for servers. The address to which server sockets must
send DPF commands. Must be ip:port. E.g., "192.168.100.1:65432"
One TCP and UDP sockets will be created at this address.
-P Proxy address. The address that NAT binding will be created at.
If the network behind is not private, then this must not be specified.
Must be one of the public IP address this machine has.
E.g., "128.105.175.121"
-C Service address for clients. The address to which client sockets must
send DPF commands. Remember that clients in the same private network as
DPFnized server must ask DPF inagent how to connect to the server.
(See Intra Private Network Connection)
If the network behind is not private, then this must not be specified.
Must be ip:port. E.g., "192.168.100.1:65431. One TCP sockets will be
created at this address
-f Debuf/Log file. The full path name of the file that log and debug
messages are stored.
-g Debug Level. 'fulldebug', 'network', or 'basic'. 'fulldebug' means
extensive logging and 'basic' means minimum logging. Default is 'basic'
-x Maximum size of the debug/log file. When the log/debug file reaches
the size, the log is moved to *.old file and new log file will be
created. Default is 64000
Running Application
To run DPFnized application, you need to create a sort of routing table and set environment variables.
Routing table
When an application calls DPF_connect, DPF refers the DPF routing table to decide whether it has to contact DPF inagent to connect to the destination (Note that clients in the same private network as the server need to send DPF commands to DPF inagent. (See Intra Private Network Connection) You have to tell DPF where the routing table is by setting $(DPF_ROUTE). The format of the routing table is very simple. Each line of the file contains one rule. Each rule consists of 'target' and 'address'. 'target' specifies destination IP address(es) to match and 'address' tells to what address DPF commands must be sent for the destination. The 'target' must be specified as a valid IP string in the standard dotted notation, "/", and 'mask'. 'mask' tells how many bits of destination IP and IP of 'target' must match. 'address' must be either "none" or IP:port format. When 'address' is of 'IP:port' format, it must be the same address that you use with -C option to run DPF inagent. DPF stops searching the table as soon as it sees a rule that matches, therefore you must put specific rules before generic ones. The following shows an example routing table.
# If a line starts with '#' or white space, it is treated as a comment # 128.105.144.68/32 192.168.100.1:65431 0.0.0.0/0 none
Environment variable setting
- DPF_ENABLE
- The fact that DPF must be used or not. Valid value is either "TRUE", "FALSE", or undefined. If $(DPF_ENABLE) is "FALSE" or undefined, DPF will be bypassed.
- DPF_ROUTE
- The full pathname of DPF routing table.
- DPF_INAGENT
- The service address for server of the DPF inagent. This must be the same value as the IP address you use with -S option to run the inagent.
- DPF_DEBUG_PATH
- The full path of the debug/log file
- DPF_DEBUG_LEVEL
- The debug/log level. Must be one of 'fulldebug', 'network', or 'basic'
- DPF_LOG_MAXSIZE
- The maximum size of the debug/log file