APRSd

WA4DSY Linux APRS server docs. 2.1.3 July 2000

Note

This upgrade adds three keywords to the aprsd.conf file.

httpport 14501
ipwatchport 14502
hub domain.name port [user  pass]

The first two, httpport and ipwatchport, will be enabled by default even if you don’t add them to aprsd.conf.
If you want different ports or want to disable these features will you need to
edit the config file.
Documentation on these can be found in ports.html
Please read the Revisions section.

The httpport (14501) port suppiles server status information in HTML format.
This port is accessed with any web browser by entering the
URL: http://wa4dsy.net:14501/
(replace “wa4dsy.net” with the domain name of the
aprsd server you want ) To refresh the data click the RELOAD button on your browser.

The ipwatchport (14502) provides all data streams without dup filtering with
a special header prepended. The header contains the source IP address of the
packet and the user login name, “IGATE” or “UDP”. An example: !44.36.16.48:WA4DSY!
Packets from other igates this server connected to will show the domain name
instead of the IP address and the user will be “IGATE”. Packets from the UDP port
will have the IP address and the user field will be “UDP”. Packets from the TNC
will have “TNC” in the IP address field and “*” in the user field .
Use telnet or nc optionally with grep to determine the source of packets.
eg: telnet first.aprs.net 23 | grep ‘199.45.66.88’
Will display only packets from IP address 199.45.66.88.

The new “hub” command is used like the “igate” command. The syntax is the same.
Unlike “igate” only one hub will be active at any time. If the hub connection
fails aprsd will try to connect to the next hub listed and if that fails, the next and so on.

Everyone: You will need to compile the code get a working
executable for your system. This is done automatically by the install script.
Be advised you need the c++ compiler installed on your system.
You can also type “make” to compile the program.
It is designed to work on RedHat 5.1 and later
Linux distributions. This includes Mandrake. Others may or may not work.
Early versions before 5.1 will not work.
Go the the Installing for more details.

Index

Revisions
Legal Stuff
Program description
aprsd Files
File Locations

Installing as a daemon
Starting and Stopping the Server
Installing as a user program
Server configuration file aprsd.conf
Com port configuration
Server shutdown

Remote TNC sysop access
Log Files
Station to Station Messages
Message Acks
User Validation
Filtering abusive users

Selective Internet to RF gating
Mic-E packet translation
AEA to TAPR conversion
UDP input port
The ?IGATE? Query
Java Applets

The aprs passcode calculator
Monitoring system operation with a web browser
Determining the source IP address of aprs packets
Known Bugs



REVISION 2.1.3

July 6 2000

  • Fixed bug in user counter that incremented each time
    a hub connection was restablished and outgoing data was enabled, eg: a user and pass code provided.
    This bug caused the user limit to be exceeded even though there were not really that many users.

REVISION 2.1.2
May-June 2000

  • Fixed lots of problems in the Mic-e conversion routine.
    It now conforms to the APRS PROTOCOL REFERENCE 1.0

    Conversion errors should be gone now!

  • Changed packet buffers size from 1024 bytes to 255 bytes
    This can be changed to larger values if desired by editing the
    “#define BUFSIZE 255” line in constant.h and recompiling.
    Incoming lines longer than BUFSIZE will be truncated. The
    size includes CR, LF and NULL at the end of the line.

  • Added a filter in SendToAllClients() to remove 3rd party reformatted packets from Internet data stream
  • Raised the igate limit from 20 to 100
  • Fixed error in serverConfig() that allowed more igates to be defined than buffer size permitted
  • Added “MSTAMP OFF” to TNC.INIT file
  • “# Tickle” is removed.
  • Added http server to provide status information in HTML format on port 14501 (or user defined)
  • Added keyword for aprsd.conf file to support http server configuration: httpport To change the port number add to your aprsd.conf file: httpport nnnnn where “nnnnn” is the port number.
    To DISABLE this feature add this to your aprsd.conf file: httpport 0

  • Fixed bug in SendToAllClients() which failed to close the socket when user disappeared.
  • Filter out comment packets, eg: # Tickle, at the igate and user inputs so they aren’t repeated.
  • Added keyword for aprsd.conf to support a data port suppling the source IP address prepended
    to each aprs packet. eg: If user w4xyz at IP address 192.168.1.2 sends “Hi There.” the
    packet will be sent out as: “!192.168.1.2:w4xyz!Hi There.” This can help locate the source of bogus packets.
    To change the port number add to your aprsd.conf file: ipwatchport nnnnn where “nnnnn” is the port number.
    To DISABLE this feature add this to your aprsd.conf file: ipwatchport 0

  • Fixed end-of-line logic so it accepts CR or LF or CR-LF or LF-CR on
    all incoming internet packets. Now we can use netcat (nc) in addition
    to telnet to logon and watch the raw data.

  • Fixed error in code that reads the history.txt file. Now history items that
    have expired are ignored and don’t go into the history list. Time-to-live (ttl)
    variables adjusted for current time.

  • Completely redesigned and recoded the duplicate packet detection logic.
    This effort broke lots of things and several days of debugging were required!
    This version should eliminate 100% of duplicates occuring within 15 seconds.
    See dupCheck.cpp, crc32.c and aprsString::gethash().

  • aprsd.conf keyword “igate” now has default values.
    • igate port default is 1313 if not supplied.
    • igate user default is the value of MyCall if not supplied.
    • igate pass default is “-1” if not supplied.
    • Example: “igate first.aprs.net” will expand to “igate first.aprs.net 1313 WA4DSY -1” (assuming your call is WA4DSY)
    • Note that no data is sent to the igate unless a passcode is supplied.
  • Program doesn’t Segfault on exit anymore. It “Terminates” instead.
  • The MYCALL parameter in the INIT.TNC file is read into the MyCall variable
    in aprsd and overides the MyCall parameter in the aprsd.conf file. If
    the TNC serial port is not defined the MyCall parameter in aprsd.conf is used.
    Previous versions required you to enter identical MYCALL strings in
    BOTH aprsd.conf and INIT.TNC. Now you only need one in INIT.TNC.

  • In INIT.TNC the first parameter to UNPROTO, the ax25 destination address, is
    replaced by the string “APDxxx” where xxx is the verison number of aprsd.
    This is done as the file is read into the TNC with “APDxxx” replacing the
    users string. eg: UNPROTO APRS VIA WIDE would become UNPROTO APD213 VIA WIDE.

  • History list data is NOT saved to disk every 15 minutes. This is now done only at shutdown.
  • Cleaned up code so it now compiles without warnings with the -Wall option.
    Added “#define _PTHREADS” and “#define _GNU_SOURCE” to all sources.
    This should make the STL container library thread safe.

  • Changed instances of gethostbyname2() to the thread safe version, gethostbyname2_r().
    Also found and changed some other non thread safe fuctions to the safe versions.

  • I fixed a bug in the igate connection thread which resulted in sockets not being
    closed after a failed attempt to connect. This caused aprsd to eventually run out of sockets
    if one or more igates were unreachable. When this happened no more connections could be made.
    This bug has been in all previous versions and I believe it has caused most of the “lockup” problems.

  • Added “hub” keyword to aprsd.conf. This is used the same way as “igate” to define remote
    systems to connect to. The difference is that although many hubs can be defined only
    one connection will be active at any time. If the connection fails the next hub will be
    tried in rotation until one accepts a connection. Use “hub” to connect to the “master”
    aprs servers on port 10152 or 23.

REVISION 2.1.1
4-11-2000

  • Added “PACLEN 0” to INIT.TNC file to allow 256 byte packets.
  • Added the validate.cpp module to the open source directory.
  • Fixed error in AEA to TAPR conversion. Paths no longer reversed.
  • Changed default APRServe in aprsd.conf to second.aprs.net.
  • Updated this documentation file.
  • Included program “aprspass” to compute aprs passcodes from callsigns.
  • Fixed bug in ?IGATE? query response so full host name is now displayed.
  • Install scripts modified to compile source code before installing.
  • Added keyword “aprsPass &#60yes|no&#62” to aprsd.conf.
    Set to “no” if you don’t want to allow logons from users
    with the insecure aprs passcodes.
    Set to “yes” if you want the system to work with all users.

REVISIONS 2.1.0 Pre-Releases 1 to 7
6-20-1999

  • Fixed the code so it runs properly as a daemon.
    See added function “daemonInit()” in code.
    Also modified aprsd.init .
    To run as a daemon enter: ./aprsd -d
    To run as a program enter: ./aprsd

  • Added logic to handle MD5 password encryption in the validate module.
    Now it works with RedHat 6.0 shadowed MD5 passwords.

  • Added “#include &#60errno.h&#62” statements in history.cpp and aprsd.cpp.
    Now it now compiles under RedHat 6.0.

  • Changed logic so messages sent on RF also are sent to other Internet users.
    Needed to do this so messages to wild card groups such as “SCOUTS”
    go both to RF and the remainder of the users and igates.

  • New Feature: The server now responds to the “?IGATE?” query.

  • New Feature: You can put system abusers in the “user.deny” file and
    deny access to RF or prevent them from logging on.

  • New Feature: You can configure the server to ignore packets which were
    transmitted from your own TNC. The previous versions always igated
    your own TNCs packets. Use the command line “igateMyCall no” in aprsd.conf
    to turn off igateing of your own TNCs packets.

  • Fixed bug that caused the history list dump to abort and disconnect user
    after about 700 items had been sent.

  • Fixed two bugs in aprsString and raw-user send code. Now mic_e packets
    come out in raw format on port 14580 .

  • Changed the servers status messages to the new format.
    eg: “aprsdATL>APRS,TCPIP*::USERLIST :Verified user W4HAM logged on using MacAPRS 3.2.0.”

    Note the extra colon after TCPIP* and the lack of a message number on the end
    to indicate we don’t expect an ack.

  • Fixed speed related problem in SendToAllClients() function that caused
    overflows of the Internet send queue. The server can now handle many
    more users at higher data rates.

  • Added command “TncPktSpacing” to the aprsd.conf file. This command takes
    one parameter which is the number of milliseconds between packets sent to the
    TNC. Queued packets to be transmitted will be spaced out at least by
    this number of milliseconds. The default is 1500 (1.5 seconds).

2.0.9 changes

Changed the validate code so validate is compiled into the
aprsd executable instead of being a separate program. This
improves both speed and security.

2.0.8

  • 2.0.8 Fixed a security problem with logons. It was possible
    in earlier versions to “be creative” with user and password
    strings to pass commands to a Linux shell.

  • Cleaned up some serial interface code which may
    have been causing trouble with mic_e packets on some systems.

  • New Feature: Added msgdest2rf keyword in aprsd.conf file. See below for details.

** IF YOU ARE UPGRADING FROM 2.0.6 **

The new INSTALL scripts, INSTALLDAEMON and INSTALLPGM
have been enhanced to look for existing aprsd configuration files
and not overwrite them. You should save copies of these files anyway
in case something goes wrong.

  • welcome.txt
  • aprsd.conf
  • INIT.TNC
  • RESTORE.TNC


LEGAL STUFF

Copyright 1997-2000 by Dale A. Heatherington, WA4DSY
email: dale@wa4dsy.net


This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA


APRS is a registered trademark, and APRS protocols are copyrighted
by Bob Bruninga, WB4APR. The owner reserves all rights and
privileges to their use.

HAMS may apply the APRS formats in the TRANSMISSION of position,
weather, and status packets. However, the author reserves the
ownership of these protocols for exclusive commercial application and for
all reception and plotting applications. Other persons desiring to include
APRS RECEPTION in their software for sale within or outside of the
amateur community will require a license from the author. Also
TRANSMISSION of APRS protocols in any NON-AMATEUR commercial application
or software will require a license from the author.

Bob Bruninga, WB4APR
115 Old Farm CT
Glen Burnie, MD 21060


DESCRIPTION

This is an APRS Internet server program. It acts as a gateway between
the Internet and a local ham VHF APRS packet network. It is interfaced to
directly to a TNC via one of the PC serial ports and does not use the Linux
ax25 sockets interface. Hamish Moffatt has a
modified version of aprsd
with ax25 support.

It has only been tested on RedHat Linux 5.1 , 5.2, 6.0 and Mandrake 5.3 and later. It requires libstdc++ 2.8.0 or later
to run. It will NOT run on RedHat 4.2.

The program gets data from a TNC connected to a serial port
and sends it to all clients who have connected to any of several user
defined tcp ports. Some defaults are 1313, 10151, 10152 and 14579.
It was designed to duplicate most if not all of the functionality of
APRServe, a Macintosh APRS server designed and coded by Steve Dimse, K4HG.
See http://www.aprs.net/aprserve.dcc.html
It can also gate data coming from the Internet to the TNC for
transmission on the local VHF RF network.

CLIENT SOFTWARE

Users can connect using several client programs such as Mac/WinAPRS,
javAPRS, Xastir for Linux
and Telnet. The logon protocol used by Mac/WinAPRS and others is recognized
and properly handled giving registered users the privilige of sending
3rd party messages into the local VHF network.

Clients can use telnet to watch TNC data.
eg: telnet www.wa4dsy.net 14579
If raw TNC data is desired port 14580 can be used.

Scripts written in languages such as perl can connect to the
server and interact with the data. A UDP port is provided to simplify
injection of data into the aprs stream by scripts.

The system operator can use telnet to monitor the server status
by connecting to any port and enter entering his Linux user name, password
and entering “monitor” for the version field. Also he can enter remote
sysop mode and gain direct control of the TNC.
eg: user WA4ZZZ pass 12345 vers monitor

HISTORY LIST

A history of data from the TNC and IGATES going back 30 minutes (time also user defined) is kept in
memory and delivered to each user when he connects. This
history data is filtered to remove duplicates and certain
other unwanted information. Duplicate data are detected by looking
for any packets with the same data and source call sign that have
been seen in the last 30 seconds. When duplicates are found they are discarded.

There is also a quota system to further reduce the quanity of data in the history list.
Each AX25 source call sign is allowed three packets in the history
list. One position report, one weather report and one “other”. Only the
most receint of each type is retained.



FILES


aprsd				The APRS server executable
aprspass                        Computes aprs passcodes from callsigns

user.deny			List of users with restrictions placed on them
welcome.txt			This file is sent to users when they connect
INIT.TNC			This file is read into the TNC when the server starts
RESTORE.TNC			This file is read into the TNC when the server closes
history.txt			Created by the server when it closes to save the
                                history buffer.
				Also updated every 10 minutes during operaton.
				It's also is read into the servers history
                                list when  server starts.

Log Files:

aprsd.log			Created by server to log all user connections
stsm.log			Station to station msgs gated to RF
udp.log				Data from the UDP port logged here
rf.log				Data from our TNC after being digipeated


Install files:

INSTALLDAEMON			Installation script for running as a daemon
INSTALLPGM			Installation script for running as a program
REMOVE				UnInstall script - deletes /home/aprsd2/*


FILE LOCATIONS

/home/aprsd2
	aprsd
        aprspass
        user.deny
	welcome.txt
	INIT.TNC
	RESTORE.TNC
	aprsd.log
	stsm.log
	rf.log
	udp.log
	aprsd.conf
	history.txt


/etc/rc.d/init.d
	aprsd.init

/etc/rc.d/rc3.d
	link to aprsd.init

/etc/rc.d/rc5.d
	link to aprsd.init

/etc/rc.d/rc6.d
	link to aprsd.init


 


INSTALLING AS A DAEMON

(** also see Installing as a Program below **)

  • Login as root.
  • Copy the archive into your home directory.
  • Issue the following command:
  • tar zxvf aprsd213.tar.gz
  • Of course you already did it or you wouldn’t be reading this 😉
  • cd aprsd213
  • Note: The following command will also compile the source files

  • ./INSTALLDAEMON
  • cd /home/aprsd2
  • Now make any changes you may require to these files (in /home/aprsd2/):
    Note: The install program will not overwrite these if they already exist.

    • aprsd.conf
    • user.deny
    • welcome.txt
    • INIT.TNC
    • RESTORE.TNC

Note: If you have defined a serial port in aprsd.conf (eg: tncport /dev/ttyS0)
the value of “MyCall” specified in aprsd.conf will be replaced
with whatever it is in INIT.TNC. This action is new in version 2.1.2.

At this point INSTALL has created a directory
/home/aprsd2/ and copied several files
into it. It also has copied aprsd.init
to various /etc/rc.d/ directories.



Starting and Stopping the Server

After you run INSTALL the server will start when the machine is booted up.
To start without rebooting cd to /etc/rc.d/init.d and run the aprsd.init
script with “start” as the parameter. eg: ./aprsd.init start

You can also start it as a daemon by using the -d option. eg: ./aprsd -d

The serial device for TNC data and tcp port numbers are set in the
/home/aprsd2/aprsd.conf file. You can edit this file in the directory you used
to uncompress the distribution files then run INSTALL to make the
changes effective. INSTALL also will copy the distribution welcome.txt,
INIT.TNC and RESTORE.TNC to /home/aprsd so be sure you make changes to
these in the distribution directory before running INSTALL.

To stop the server go to the /etc/rc.d/init.d directory and
enter “./aprsd.init stop”. To restart enter “./aprsd.init start” .


RUNNING AS A PROGRAM

The server can be run as a regular program for testing purposes or if you
don’t want it to auto start when Linux boots.

First, stop the aprsd daemon by entering: /etc/rc.d/init.d/aprsd.init stop .

It can be re-started as a user program changing to the /home/aprsd2 directory
and typing its name ” ./aprsd ” Note: you will need to be logged on
as root unless your user name has write priviliges on the directory /home/aprsd2
and all the files in it.

If you want to be able to log on as remote sysop and take control of the
TNC you will need to add a “tnc” group to the /etc/group file.
See “REMOTE TNC SYSOP ACCESS” below for more details.


INSTALLING AS A PROGRAM

(You may want to do this first to try it out)

  • Login as root.
  • Copy the archive into your home directory.
  • Issue the following commands:
    • tar zxvf aprsd213.tar.gz
    • cd aprsd213
    • Note: The following command will also compile the source files
    • ./INSTALLPGM
    • cd /home/aprsd2

    Now make any changes you may require to welcome.txt, INIT.TNC, RESTORE.TNC
    and aprsd.conf to reflect your call sign, location and TNC paramters.

    Note: The install program will not overwrite these if they already exist.

The program and configuration files are copied to /home/aprsd2.
You will need to change the permissions on /home/aprsd2 and all the files
in it if you want to run it as a user other than root. The Linux password
validator will only work if aprsd run as root.

COMMAND LINE PARAMETERS

The server has two command line arguments, the name of the server configuration
file and one switch “-d” for daemon mode. If no file name is provided the server
will use /home/aprsd2/aprsd.conf .

While running, once each minute this server will emit a status message to the console.
Also, it tells you each time it sends out a packet and to how many users. It
also shows you what it’s sending to the TNC. One field in the status message
is aprsString Objs. This is a debugging tool to help find memory leaks. It should
be no more than 1 or 2 higher than the History items field. Sometimes it will
read much higher but should return to a difference of 1 or 2 within a minute or so.

Ctrl-C or “q” will shut down the server in an
orderly manner and save the current history
list (last 30 mins of select received data) to disk.


SERVER CONFIGURATION FILE

The default configuration file is /home/aprsd2/aprsd.conf. The file is read
on start up. Lines starting with “#” are comments and are ignored. Documentation
on syntax and key words are in the file. More information on the tcpip ports used
by the server can be found in
ports.html

igateMyCall

The “igateMyCall &#60yes|no&#62” command is new in version 2.1.0 . If the “yes”
option is chosen packets sent from your TNC and digipeated will be igated to
the Internet. If you have a beacon sending the same position as in your
NetBeacon both will be overlayed and unreadable on the users map. If you must
igate your own TNC beacons you can offset the location of one of them
about .02 north or south so they show as separate objects.


SAMPLE CONFIGURATION FILE


servercall aprsdATL
MyCall N0CALL
MyLocation Atlanta_GA
MyEmail sysop@myisp.net
MaxUsers 25
NetBeacon 10 !0000.00N/00000.00WI aprsd Linux APRS Server
ackrepeats 2
ackrepeattime 5
expire 30
tncport /dev/ttyS0
rf-allow yes
TncPktSpacing 1500
igateMyCall no
hub first.aprs.net 23
hub second.aprs.net 23
hub third.aprs.net 23
igate nashville.aprs.net 14579
rawtncport 14580
localport 14579
mainport 10151
mainport-nh 10152
linkport 1313
msgport 1314
udpport 1315
httpport 14501
ipwatchport 14502
posit2rf K4HG-8 N4NEQ-9
msgdest2rf SCOUTS KIDS CQGA


IGATE PORTS

The “igate” commands in the configuration file above define the distant APRServe and
other IGATES you want to establish connections to. You may choose zero to 20. Duplicate
data will not be relayed to your users. Connections which drop will be reestablished
automatically. After a connection drops it will attempt to reconnect after 1 minute.
If that attempt fails it will try again in 2 minutes. The time will double each time
until it hits 16 minutes. Then it will retry forever at 16 minute intervals.
These connection attempts appear in the aprsd.log file.

Which ports on the distant igates do you connect to? There are two ways to go.
You can connect to the ports which emit only local data (APRServe 1313 or
aprsmon 14580) or you can choose one reliable server and connect
to the port which supplies the complete data stream (APRServe 23 or aprsd 10152).
In either case it should be a port which doesn’t do the history file dump when
you first connect. Connecting to local ports on ALL other servers will be more
reliable since a single failure won’t cut off all your external data.

This server has a port (1314) which only supplies station to station messages and corresponding
posits. Other servers which will be used ONLY to relay 3rd party station to station
messages to their local VHF network may want to connect to this port to greatly
reduce the amount of data on their tcpip connection.


COM PORT CONFIGURATION

The TNC COM port is fixed at 9600 baud, 1 stop bit, 8 data bits and no parity.
Be sure the TNC is configured to these parameters. You can use the terminal
program “minicom” that comes with Linux to prepare the TNC. Make sure the
TNC is NOT in KISS mode.

Be sure the device ( dev/ttyS* ) has the proper read/write permissions or the
server will not be able to access it.

Root can set the serial port so it can be written to by anyone
with the following command:

chmod ugo+w /dev/ttyS0

NOTE: If you don’t define a device for the com port in the aprsd.conf
file all TNC related functions in the server are disabled.


SHUTTING DOWN THE SERVER WHEN RUNNING AS A PROGRAM

Ctrl-C or “q” will shut down the server in an
orderly manner and saves the current history
list (last 30 mins of received TNC data) to disk.

Ctrl-\ shuts down without saving anything.

Note: The server also saves the history list (history.txt) to disk
every 10 minutes automatically.



REMOTE TNC SYSOP ACCESS – (ESC)

You may telnet to the APRS server and connect to the TNC for the purpose
of changing parameters or even sending data out over the radio channel.
Use the (ESC) key from a telnet session to enter remote access mode.
Some Telnet programs send data a line at a time so the (ESC) character
will not be sent until you hit the (Enter) key.

You’ll be prompted for your user name and password.
These must match an entry in the Linux password file. In other
words, a valid Linux login user/password. If the password is incorrect
remote sysop mode will be exited. The user must also
belong to the “tnc” group. This group must be created
in the /etc/group file. Here is an example line:

tnc::102:root,wa4dsy,bozo

In this example users root,wa4dsy and bozo are assigned to the tnc group.

After you have logged on, everything you type goes to the TNC and
all TNC output data goes only to you. The TNC is effectivly disconnected
from all other internet users. Hit control-C to get the TNC into command mode.

To exit remote TNC access hit the key. You may also need to
hit {##: if your Telnet program sends data a line at a time. Some
Telnet programs can be configured for character at a time mode. Check
your documentation for details.

REMEMBER TO ENTER THE TNC “K” COMMAND BEFORE YOU EXIT.

To disconnect hit ctrl-D .



LOG FILES

/home/aprsd2/aprsd.log	User logons and logoffs and some system activity msgs.

/home/aprsd2/stsm.log	Station to station 3rd party messages sent on RF.

/home/aprsd2/udp.log	Record of data entering from the UDP port.

/home/aprsd2/rf.log     Record our own packets heard on RF by the TNC.
                        (After being digipeated)

These can be viewed in real time with: tail -f /home/aprsd2/aprsd.log
or the name of the log you want to monitor.

You can also use the “less” program to view it.
After entering “less /home/aprsd2/aprsd.log” you type “F” to
follow it in real time. Type ctrl-C to exit “F” mode.

All 3rd party station to station messages relayed from the Internet
to RF are logged in /home/aprsd2/stsm.log

3rd party formatted packets received by the TNC will never
be sent anywhere.

Data from the UDP port are logged in /home/aprsd2/udp.log .

All data heard on RF with the “MYCALL” callsign with be logged
in rf.log . This feature lets you see what you have sent out
on RF if you are being digipeated by someone else.

To keep the log files from getting too large they need to
be rotated on a regular basis. Add the following to your
/etc/logrotate.conf file. Log files will be rotated
daily or weekly and the oldest deleted after 4 rotations.
Feel free to modify the schedule to suit your needs.


/home/aprsd2/aprsd.log {
        weekly
        rotate 4
}

/home/aprsd2/stsm.log {
        daily
        rotate 4
}
/home/aprsd2/udp.log {
        daily
        rotate 4
}
/home/aprsd2/rf.log {
        daily
        rotate 4
}


I use the “joe” editor to edit my configuration files. It isn’t
installed by default so you may need to install it from the
cdrom. To install mount the CD
and do rpm -iv /mnt/cdrom/RedHat/RPMS/joe-2.8-13.i386.rpm .



STATION TO STATION MESSAGES

This program will reformat and relay aprs
station to station messages from the Internet
to the TNC for RF transmission under the following
conditions.

It came from a logged on verified registered user.

and

The originator was not seen on the TNC RF data stream
in the past 30 minutes.

and

The destination HAS been seen on the TNC RF data stream
in the past 30 minutes and doesn’t have “GATE*” in his path
and has been repeated less than 3 times.

and

The line “rf-allow yes” is in the /home/aprsd2/aprsd.conf file.

Version 2.0.8 and later allows you to define up to 64 message destination call signs
or aliases which will always be gated to RF if “rf-allow yes” has been defined.
See the example aprsd.conf file for an example of how to use the “msgdest2rf”
command to enable this feature.
For each 3rd party messge delivered to RF the latest position report
packet of the originating station will also be sent after reformating
the path in 3rd party format. The program pulls the posit from the
history list if it’s in there.

eg:

KE6DJZ>AP0917,KB6TLJ-5,RELAY,WIDE:=3415.99N/11844.34WyAPRS+SA

becomes:

}KE6DJZ>AP0917,TCPIP,WA4DSY*:=3415.99N/11844.34WyAPRS+SA

(assuming “MyCall” is WA4DSY )

During a series of messages the position packet will only
be sent with a message every 10 minutes unless the station emits and new one.

This server will NOT igate a 3rd party _reformatted_
message from RF to the Internet. This is strictly one way.

Users of unregisterd client programs can send their own
station-to-station messages to other Internet users. These
messages will not go out on the TNC RF channel and the path
will be modified (TCPIP is changed to TCPXX*) so other
hubs will know not to send these messages out on their RF
channels. Unregistered users cannot Igate packets other
than their own. In other words, the ax25 source call
in their packets must match their logon call and “TCPIP” must
be in the path. (TCPIP* or TCPXX* will not work either)

eg; assume N0CALL is unregistered and attempts to send
the following into the server.

N0CALL>APRS,TCPIP:>TESTING
This will be converted to N0CALL>APRS,TCPXX*:>TESTING
and gated to other users (but not to RF!)

However…
W4ZZZ>APRS,TCPIP:>TESTING
or
N0CALL>APRS,TCPIP*:>TESTING

will be deleted and not sent anywhere.
Telnet users must provide a user name or call sign
before any of their data can be relayed to the internet.
They need to enter “user callsign pass -1” so the server will
accept the data. The ax25 FROM call in packets they send
must match the call sign they loggon with. If they provide
a valid password full priviliges are granted since they
used the keyboard to emulate a client program logon string.
(Not that anyone would want to do this except for testing)

This server will also accept valid user/password combinations
for the Linux system it is running on. These users must be in
the aprs group. This group can be added by editing the /etc/group file.

Note:

This program trusts other versions of itself and APRServe to
flag the paths of data from unregistered Internet users with “TCPXX*”.
Station to station messages flagged this way will not be sent out on RF.
The IGATE commands in the aprsd.conf file should specify a remote host port
which is secure. For IGATES it must be a port which doesn’t echo any
Internet user data, only TNC data. Full function servers such as APRServe
and this version (2.x.x) of aprsd will change TCPIP* to TCPXX* in the paths
of unregistered users on all ports.

Users of the current java APRS applet don’t log at all and are granted read-only access



MESSAGE ACKS (New in 2.0.7)

At the suggestion of Bob Bruninga I have implemented redundent message acks.
Message packets of the form “WA4DSY>APRS::W4XYZ :ack{1” will be reformatted to
3rd party format and sent to the TNC as usual. However, the packet will be repeated
several times at intervals of 5 (typical) seconds. The number of repeats and the time
between them are defined by the “ackrepeats” and “ackrepeattime” statements
in the aprsd.conf file. The defaults are 2 repeats at 5 second intervals.
You can set the repeats to any value from 0 to 9 and the time interval
from 1 to 30 seconds. Note the “ackrepeats” value is in additon to the
first message ack. You will always send at least one.



USER VALIDATION

I obtained the user validation code from Steve Dimse K4HG. He
has recently allowed the source code to be released. The source is in validate.cpp.

If the users APRS name and pass code aren’t valid the validate module tries the Linux
pass word validator for the “aprs” group. If that also fails
it waits 10 seconds then returns the bad news to aprsd which notifies the user.

NOTE: aprsd must be run as root for the Linux password validator to work.

However, the APRS user and passwords (from Mac/WinAPRS users)
will be properly tested regardless of what user is running aprsd if
“aprsPass yes” is in the aprsd.conf file.

The logon format:

user pass vers

eg: user N0CALL pass 00001 vers MacAPRS 3.0
might be sent by a MacAPRS user.
As pass code of -1 means you are an unregistered user,
not a hacker trying out an bogus password.

You can telent to a port and enter the following,
assuming your Linux user name is bozo and you password is
xyzzy and you are part of the aprs group as defined in
the /etc/group file.

user bozo pass xyzzy

To monitor some server status data you can enter:

user bozo pass xyzzy vers monitor

The aprs data stream is turned off and “Monitor Mode” is entered.
Once a minute the server will send a status message to you.

Once you have logged on, ctrl-D will not cause a disconnect.
You have to use your Telnet escape key then do a quit.
I had to do this to prevent inadvertant disconnects due to
possible spurious control codes in some users data.



KEEPING ABUSERS OUT OF THE SYSTEM (New in 2.1.0)

You can put the call signs of the users you want to
restrict in the users.deny file. The format is
the users call sign followed by either
the letter “L” or “R”. The “L” prevents logons and RF access.
The “R” prevents only RF access while allowing the user to
send packets into the aprs network.


user.deny example:

W4EVIL L   <--- Prevents sending of packets into the server or RF
W4SOB R    <--- Prevents any of his packets from getting on RF
		even if they came from another igate.


NOTE: This file is read every time aprsd needs to check users
so you will NOT need to restart the server when you change it.

If the abuse becomes serious enough you might consider
putting "aprsPass no" in the aprsd.conf file. This turns off
the checking of aprs passcodes and only allows Linux user/passwords.
You will need to have all your users in the Linux passwd file.



Full time gating of selected stations from Internet to RF

For special events or personal reasons it may be desirable
to allow the transfer of packets of selected stations from
the Internet to RF. Allowing all stations to do this would
overload the 1200 baud VHF packet frequency and isn't allowed.
These packets are only sent on RF if they came from the Internet
and were NOT heard on the local VHF frequency.

There are three "modes" of doing this. The most permissive
allows all packets from a selected station to be sent to RF
in real time. The second mode only allows position report packets
to be sent on RF every 14.9 minutes. This puts much less strain
on the RF network and is the recommended mode.

The third mode which was new in version 2.0.8 gates 3rd party station
to station messages to RF full time if the DESTINATION call sign or alias
is defined in the aprsd.conf file after the msgdest2rf keyword.

You select the stations by entering them in the /home/aprsd2/aprsd.conf file.
Up to 64 stations can be defined. Several can be put on each line.
The server must be restarted before any changes to aprsd.conf take effect.

Examples:

These stations posits are sent to RF every 15 minutes:
posit2rf K4HG-8 N4NEQ-9
posit2rf W7LUS-14

All packets from this station are gated to RF full time.
gate2rf N0CLU-9



This allows any message addressed to SCOUTS, KIDS or CQGA to go to
RF even though these "call signs" were not heard locally.
msgdest2rf SCOUTS KIDS CQGA

Note: The posits of stations in the "posit2rf" list are sent at 14 second
intervals. It takes 14.9 minutes to scan the list of 64 before it repeats.
The posits are taken from the 30 minute history list. If no posit
is available for the station then no data is transmitted.



MIC_E PACKET TRANSLATION

Compressed TAPR Mic_E packets are converted to standard APRS format
before being sent anywhere else. I used the Mic_E decoder written by
Alan Crosswell, N2YGK to do the conversion. This is the same code that’s
in his aprsmon program.

The unconverted raw Mic_E packets from the local TNC
can be observed by telneting to port 14580.



AEA to TAPR conversion

All packets in the AEA format are converted to TAPR format
before any other processing. Clients never see an AEA
formatted packet except from the RAW TNC port (14580) if the system
operator is using an AEA TNC.



UDP PORT

The UDP input port (default 1315) is provided for interface with
scripts. Only IP addresses listed in the “trust” line(s) in the
aprsd.conf file are can send data to this port. You can enter
up to 20 trust commands.

Example:

trust 198.162.50.5 

You may also provide a subnet mask after the ip address
to open up an entire sub net. The example below allows
16 address from 198.162.50.0 to 198.162.50.15 .

Example:

trust 198.162.50.0 255.255.255.240 

The script can format packets to be sent to the TNC for RF transmission
or TCPIP. The routing is determined by the “TO-CALL” field. If it’s
“TNC” the packet goes on on RF via the TNC after the path is striped off.

This goes to the TNC: WA4DSY>TNC:Data for TNC here

This goes to TCPIP: WA4DSY>APRS:Data for the Internet

The complete string including the path goes out on the Internet.

See the file “udp_example” for a sample perl script.



RESPONDING TO QUERIES (New in 2.1.0)

The aprsd server will respond to aprs queries as follows:
query:


WA4DSY>APRS:?IGATE?
or
WA4DSY>APRS::IGATE    :?IGATE?{0
or
WA4DSY>APRS::aprsd    :?IGATE?{0
or
WA4DSY>APRS::aprsdATL :?IGATE?{0

The first three examples will cause ALL aprsd servers to respond.
The last will get you a response only from the aprsdATL server.
The server first sends and ack packet the station initiating the query
then sends response data such as the following example:

aprsdATL>APRS,TCPIP*::WA4DSY   :WA4DSY Atlanta_GA wa4dsy.net 216.254.33.225
sysop@mail.net aprsd 2.1.3 {1

Most of the data comes from the aprsd.conf file.

  • WA4DSY = mycall <-- from INIT.TNC
  • Atlanta_GA = mylocation
  • wa4dsy.net = host name obtained from Linux OS
  • 216.254.33.225 = IP address from Linux OS
  • sysop@mail.net = myemail
  • aprsd 2.1.3 = internal version number string.
  • {1 = sequence number


Java Applet

The JavAPRS applet by Steve Dimse is a completely separate product and
is not supported by me. Surf over to

http://www.aprs.net/javAPRS.html
for more information.



APRS passcode calculator (new in 2.1.1)

The aprspass program is located in the /home/aprsd2 directory.
You may move it to another more convienient location if you wish.
To determine the aprs passcode required for a callsign “N0CALL”:
Change to the /home/aprsd2 directory.

./aprspass N0CALL
APRS passcode for N0CALL = 12345

The program will print the passcode “12345”. You may use this 5 digit number
as a password to connect and login to other igates and APRServe.
The callsign and passcode are used as follows in aprsd.conf.

igate second.aprs.net 23 N0CALL 12345

This causes aprsd to connect the second.aprs.net, port 23. Data from
that server becomes available at your server. Your TNC data and logged on
Internet user data is sent to second.aprs.net over the two way connection.

Please use your real callsign!



Monitoring system status with a web browser (new in 2.1.2)

System operators can now check the operational status of their
aprsd server with a web browser. The default port is 14501. To
see the information simply enter the URL into the browser.

Example: To see the Miami server: http://first.aprs.net:14501/
To refresh the data click the browser reload button. Notice the
igate domain names and user IP addresses are links. If the host
is running aprsd 212 or later you can click on the link to see
the status of that server.
This is an open port, no passwords are required.

To disable this feature add to your aprsd.conf file: httpport 0

Determining the source IP address of aprs packets (new in 2.1.2)

This TCPIP port (default 14502) supplies all data streams without dup filtering with
a special header prepended. The header contains the source IP address of the
packet and the user login name, “IGATE” or “UDP”. An example: !44.36.16.48:WA4DSY!
Packets from other igates this server connected to will show the domain name
instead of the IP address and the user will be “IGATE”. Packets from the UDP port
will have the IP address and the user field will be “UDP”. Packets from the TNC
will have “TNC” in the IP address field and “*” in the user field .
Use telnet or nc optionally with grep to determine the source of packets.
eg: telnet first.aprs.net 23 | grep ‘199.45.66.88’
Will display only packets from IP address 199.45.66.88.

To disable this feature add to your aprsd.conf file: ipwatchport 0

KNOWN BUGS

Slow connection establishment to igates and hubs

Due to bugs in the “thread-safe” gethostbyname2_r() function
I had to put mutual exclusion semaphores around it. The result is that
when igate and hub connections are being established, only one
host name lookup can be in progress at any time. If the host name is not
found due to the name server being down, it can take up to a minute
for that name lookup to complete. If you have 30 aprs.net igates in the
list and the aprs.net name server is down, it can take up to 30 minutes
to try them all.

Memory Leak

Under RedHat 5.1 this program leaks 8K of memory for each user
connect/disconnect event. This appears to be a problem with one or more
C libraries in the thread creation/destruction code.
It has been fixed in 5.2.

To get the fix for 5.1surf over to

ftp://ftp.redhat.com/pub/redhat/upgrades/5.1/i386/

Then get this file:
glibc-2.0.7-19.i386.rpm

The memory leak seems to be fixed in this version.
To install do: rpm -U glibc-2.0.7-19.i386.rpm
then reboot. You don’t need to recompile aprsd!