WA4DSY Linux APRS server docs. 2.1.4 Aug 19 2000

Notes for 2.1.4

Version 2.1.4 fixes some minor bugs and adds some functionality. See the Revisions section for more details on the changes. The main enhancement is you have a choice of converting MIC-E packets to classic APRS packets or not. The default is to NOT convert them. The new command "ConvertMicE yes | no" should be placed in your /home/aprsd2/aprsd.conf file.

Notes for 2.1.3 and 2.1.2

This upgrade adds three keywords to the aprsd.conf file.
httpport 14501
ipwatchport 14502
hub domain.name port [user  pass]
The first two, httpport and ipwatchport, will be enabled by default even if you don't add them to aprsd.conf. If you want different ports or want to disable these features will you need to edit the config file. Documentation on these can be found in ports.html
Please read the Revisions section.

The httpport (14501) port suppiles server status information in HTML format. This port is accessed with any web browser by entering the URL: http://wa4dsy.net:14501/(replace "wa4dsy.net" with the domain name of the aprsd server you want ) To refresh the data click the RELOAD button on your browser.

The ipwatchport (14502) provides all data streams without dup filtering with a special header prepended. The header contains the source IP address of the packet and the user login name, "IGATE" or "UDP". An example: !44.36.16.48:WA4DSY! Packets from other igates this server connected to will show the domain name instead of the IP address and the user will be "IGATE". Packets from the UDP port will have the IP address and the user field will be "UDP". Packets from the TNC will have "TNC" in the IP address field and "*" in the user field . Use telnet or nc optionally with grep to determine the source of packets.
eg: telnet first.aprs.net 23 | grep '199.45.66.88'
Will display only packets from IP address 199.45.66.88.

The new "hub" command is used like the "igate" command. The syntax is the same. Unlike "igate" only one hub will be active at any time. If the hub connection fails aprsd will try to connect to the next hub listed and if that fails, the next and so on.

Everyone: You will need to compile the code get a working executable for your system. This is done automatically by the install script. Be advised you need the c++ compiler installed on your system. You can also type "make" to compile the program. It is designed to work on RedHat 5.1 and later Linux distributions. This includes Mandrake. Others may or may not work. Early versions before 5.1 will not work. Go the the Installing for more details.

Index

Revisions
Legal Stuff
Program description
aprsd Files
File Locations
Installing as a daemon
Starting and Stopping the Server
Installing as a user program
Server configuration file aprsd.conf
Com port configuration
Server shutdown
Remote TNC sysop access
Log Files
Station to Station Messages
Message Acks
User Validation
Filtering abusive users
Selective Internet to RF gating
Mic-E packet translation
AEA to TAPR conversion
UDP input port
The ?IGATE? Query
Java Applets
The aprs passcode calculator
Monitoring system operation with a web browser
Determining the source IP address of aprs packets
Known Bugs

REVISION 2.1.4
Aug 2000

REVISION 2.1.3
July 6 2000

REVISION 2.1.2
May-June 2000

REVISION 2.1.1
4-11-2000

REVISIONS 2.1.0 Pre-Releases 1 to 7
6-20-1999


LEGAL STUFF

Copyright 1997-2000 by Dale A. Heatherington, WA4DSY
Web page:
http://www.wa4dsy.net/aprs/

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA


APRS is a registered trademark, and APRS protocols are copyrighted by Bob Bruninga, WB4APR. The owner reserves all rights and privileges to their use.

HAMS may apply the APRS formats in the TRANSMISSION of position, weather, and status packets. However, the author reserves the ownership of these protocols for exclusive commercial application and for all reception and plotting applications. Other persons desiring to include APRS RECEPTION in their software for sale within or outside of the amateur community will require a license from the author. Also TRANSMISSION of APRS protocols in any NON-AMATEUR commercial application or software will require a license from the author.

Bob Bruninga, WB4APR
115 Old Farm CT
Glen Burnie, MD 21060


DESCRIPTION

This is an APRS Internet server program. It acts as a gateway between the Internet and a local ham VHF APRS packet network. It is interfaced to directly to a TNC via one of the PC serial ports and does not use the Linux ax25 sockets interface. Hamish Moffatt has a
modified version of aprsd with ax25 support.

It has only been tested on RedHat Linux 5.1 , 5.2, 6.0 and Mandrake 5.3 and later. It requires libstdc++ 2.8.0 or later to run. It will NOT run on RedHat 4.2.

The program gets data from a TNC connected to a serial port and sends it to all clients who have connected to any of several user defined tcp ports. Some defaults are 1313, 10151, 10152 and 14579. It was designed to duplicate most if not all of the functionality of APRServe, a Macintosh APRS server designed and coded by Steve Dimse, K4HG.
See http://www.aprs.net/aprserve.dcc.html
It can also gate data coming from the Internet to the TNC for transmission on the local VHF RF network.

CLIENT SOFTWARE

Users can connect using several client programs such as Mac/WinAPRS, javAPRS, Xastir for Linux and Telnet. The logon protocol used by Mac/WinAPRS and others is recognized and properly handled giving registered users the privilige of sending 3rd party messages into the local VHF network.

Clients can use telnet to watch TNC data.
eg: telnet www.wa4dsy.net 14579
If raw TNC data is desired port 14580 can be used.

Scripts written in languages such as perl can connect to the server and interact with the data. A UDP port is provided to simplify injection of data into the aprs stream by scripts.

The system operator can use telnet to monitor the server status by connecting to any port and enter entering his Linux user name, password and entering "monitor" for the version field. Also he can enter remote sysop mode and gain direct control of the TNC.
eg: user WA4ZZZ pass 12345 vers monitor

HISTORY LIST

A history of data from the TNC and IGATES going back 30 minutes (time also user defined) is kept in memory and delivered to each user when he connects. This history data is filtered to remove duplicates and certain other unwanted information. Duplicate data are detected by looking for any packets with the same data and source call sign that have been seen in the last 30 seconds. When duplicates are found they are discarded.

There is also a quota system to further reduce the quanity of data in the history list. Each AX25 source call sign is allowed three packets in the history list. One position report, one weather report and one "other". Only the most receint of each type is retained.


FILES

aprsd				The APRS server executable
aprspass                        Computes aprs passcodes from callsigns

user.deny			List of users with restrictions placed on them
welcome.txt			This file is sent to users when they connect
INIT.TNC			This file is read into the TNC when the server starts
RESTORE.TNC			This file is read into the TNC when the server closes
history.txt			Created by the server when it closes to save the 
                                history buffer.
				Also updated every 10 minutes during operaton.
				It's also is read into the servers history
                                list when  server starts.

Log Files:

aprsd.log			Created by server to log all user connections
stsm.log			Station to station msgs gated to RF
udp.log				Data from the UDP port logged here
rf.log				Data from our TNC after being digipeated


Install files:

INSTALLDAEMON			Installation script for running as a daemon 
INSTALLPGM			Installation script for running as a program
REMOVE				UnInstall script - deletes /home/aprsd2/*


FILE LOCATIONS

/home/aprsd2
	aprsd
        aprspass
        user.deny
	welcome.txt
	INIT.TNC
	RESTORE.TNC
	aprsd.log
	stsm.log
	rf.log
	udp.log
	aprsd.conf
	history.txt


/etc/rc.d/init.d
	aprsd.init

/etc/rc.d/rc3.d
	link to aprsd.init

/etc/rc.d/rc5.d
	link to aprsd.init

/etc/rc.d/rc6.d
	link to aprsd.init


 

INSTALLING AS A DAEMON

(** also see Installing as a Program below **)
Note: If you have defined a serial port in aprsd.conf (eg: tncport /dev/ttyS0) the value of "MyCall" specified in aprsd.conf will be replaced with whatever it is in INIT.TNC. This action is new in version 2.1.2.

At this point INSTALL has created a directory /home/aprsd2/ and copied several files into it. It also has copied aprsd.init to various /etc/rc.d/ directories.


Starting and Stopping the Server

After you run INSTALL the server will start when the machine is booted up. To start without rebooting cd to /etc/rc.d/init.d and run the aprsd.init script with "start" as the parameter. eg: ./aprsd.init start

You can also start it as a daemon by using the -d option. eg: ./aprsd -d

The serial device for TNC data and tcp port numbers are set in the /home/aprsd2/aprsd.conf file. You can edit this file in the directory you used to uncompress the distribution files then run INSTALL to make the changes effective. INSTALL also will copy the distribution welcome.txt, INIT.TNC and RESTORE.TNC to /home/aprsd so be sure you make changes to these in the distribution directory before running INSTALL.

To stop the server go to the /etc/rc.d/init.d directory and enter "./aprsd.init stop". To restart enter "./aprsd.init start" .


RUNNING AS A PROGRAM

The server can be run as a regular program for testing purposes or if you don't want it to auto start when Linux boots.

First, stop the aprsd daemon by entering: /etc/rc.d/init.d/aprsd.init stop .

It can be re-started as a user program changing to the /home/aprsd2 directory and typing its name " ./aprsd " Note: you will need to be logged on as root unless your user name has write priviliges on the directory /home/aprsd2 and all the files in it.

If you want to be able to log on as remote sysop and take control of the TNC you will need to add a "tnc" group to the /etc/group file. See "REMOTE TNC SYSOP ACCESS" below for more details.


INSTALLING AS A PROGRAM

(You may want to do this first to try it out)

The program and configuration files are copied to /home/aprsd2. You will need to change the permissions on /home/aprsd2 and all the files in it if you want to run it as a user other than root. The Linux password validator will only work if aprsd run as root.

COMMAND LINE PARAMETERS

The server has two command line arguments, the name of the server configuration file and one switch "-d" for daemon mode. If no file name is provided the server will use /home/aprsd2/aprsd.conf .

While running, once each minute this server will emit a status message to the console. Also, it tells you each time it sends out a packet and to how many users. It also shows you what it's sending to the TNC. One field in the status message is aprsString Objs. This is a debugging tool to help find memory leaks. It should be no more than 1 or 2 higher than the History items field. Sometimes it will read much higher but should return to a difference of 1 or 2 within a minute or so.

Ctrl-C or "q" will shut down the server in an orderly manner and save the current history list (last 30 mins of select received data) to disk.


SERVER CONFIGURATION FILE

The default configuration file is /home/aprsd2/aprsd.conf. The file is read on start up. Lines starting with "#" are comments and are ignored. Documentation on syntax and key words are in the file. More information on the tcpip ports used by the server can be found in
ports.html

igateMyCall

The "igateMyCall <yes|no>" command is new in version 2.1.0 . If the "yes" option is chosen packets sent from your TNC and digipeated will be igated to the Internet. If you have a beacon sending the same position as in your NetBeacon both will be overlayed and unreadable on the users map. If you must igate your own TNC beacons you can offset the location of one of them about .02 north or south so they show as separate objects.


SAMPLE CONFIGURATION FILE

#aprsd 2.1.4 server configuration file
#
#This file is read ONCE on server startup.
#You must restart aprsd for changes to take effect.
#eg: /etc/rc.d/init.d/aprsd.init stop (then start)
#
#Lines starting with "#" are comments and are ignored
#Key words such as "mycall" and "maxusers" are NOT case sensitive.
#MyCall is the same as mycall.
#
#*** There is no error checking so be careful ******
#
#
#Servercall is the ax25 source call used in packets
#sent from the server to Internet users. (9 chars max)
#Note: Does not go out on the air.
#
servercall aprsdATL
#
#MyCall  This is over written by the MYCALL string in INIT.TNC
MyCall N0CALL
MyLocation Atlanta_GA
#This email address will be sent in replies to ?IGATE? queries.
MyEmail sysop@myisp.net
#
#Set MaxUsers to a value that your Internet connection can support.
MaxUsers 25
#
#This determines if Mic-E packets are converted to classic APRS packets.
#Put 'no' unless you have a good reason to do conversions. (NEW in 2.1.4)
ConvertMicE no
#
#Define beacon text. The server will supply the ax25 path header.
#The first number after "NetBeacon" is the time interval in minutes.
#Comment out the line or set time interval to 0 to disable beacon.
#The rest of the line can be any aprs protocol conforming packet.
#
NetBeacon 10 !0000.00N/00000.00WI aprsd Linux APRS Server
#
#Define the TNC beacon. The TNC will supply the ax25 path header.
#It's optional and you may use the TNC BTEXT in the INIT.TNC file instead.
#
#TncBeacon 15 !0000.00N/00000.00WI aprsd Linux APRS Server
#
#
#Send 2 extra message acks is addition to each received ack to TNC
#Range 0 to 9
ackrepeats 2
#
#Send extra acks at 5 second intervals
#Range 1 to 30 seconds
ackrepeattime 5
#
#Set history list items to expire in 30 minutes
expire 30
#
#Define the TNC serial port (9600 baud)
#Note: This device must have write permissions
#If undefined all TNC related functions are disabled.
tncport /dev/ttyS0
#
# Allow Internet to RF message passing.
rf-allow yes
#
#Set the minimum time between TNC transmit packets in milliseconds
TncPktSpacing 1500
#
# Disallow packets transmitted from our own TNC from 
# being igated back to the Internet after being digipeated.
igateMyCall no
#
#Set this to 'yes' if you want to log ALL PACKETS heard on RF to /home/aprsd2/rf.log
#If 'no' then only packets with your callsign will be logged.  (New in 2.1.4)
logAllRF no
#
#igate and hub connection definitions
#usage: igate <host name> <host port> <optional user name> <optional user password>
#Note: Use user/pass option (below) ONLY if you intend to feed data TO the igate.
#      Usually the igate will connect to you and read your data.
#
#hub is like igate except only ONE hub connection is active at a time.
#If the hub connection fails the next hub is tried in rotation until one accepts a connection.
#
hub first.aprs.net 23
hub second.aprs.net 23
hub third.aprs.net 23
igate nashville.aprs.net 14579
#igate www.aprs.net 1313  
#igate sanfran.aprs.net 10148
#igate kb2ear.aprs.net 14580
#igate socal.aprs.net 14579
#
#Use the following format (host port user pass) to allow sending 
#data from this server to to another server.
#You need a user name and password for the server host system.
#The aprs passcode for your callsign can be found with the aprspass program.
#The password "99999" is not valid.
#
#igate www.aprs.net 23 N0CALL 99999
#igate www.wa4dsy.net 14579 N0CALL 99999
#
#Define server listen ports (see ports.html)
rawtncport 14580
localport 14579
mainport 10151
mainport-nh 10152
linkport 1313
msgport 1314
udpport 1315
httpport 14501
ipwatchport 14502
#
#define trusted users of the UDP port.
#usage: trust <ip address>  <subnet mask>
#trust 208.148.145.151
#trust 208.148.145.144 255.255.255.240
#
#Selected call signs which are always gated to RF
#if they are not seen locally. All packets from
#these are gated in real time. Do not use unless
#you really need real time data.  Consider posit2rf below.
#They are case sensitive! Use upper case. Up to 64 may be defined.
#gate2rf K4HG-8 N4NEQ-9 
#gate2rf W7LUS-14
#
#Call signs of stations whose posits are gated
#to RF every 15 minutes.  Only posit packets are
#gated.  Posits are taken from the history list.
#They are case sensitive! Use upper case.
posit2rf K4HG-8 N4NEQ-9 
#posit2rf W7LUS-14
#
#Define a list of message destination call signs or aliases 
#to gate to RF full time.  Note: the CQGA example 
#below is CQ GA (Georgia). Edit to suite your locale.
#Up to 64 of these may be defined. They are case sensitive.
#
msgdest2rf SCOUTS KIDS CQGA
#
#end


IGATE PORTS

The "igate" commands in the configuration file above define the distant APRServe and other IGATES you want to establish connections to. You may choose zero to 20. Duplicate data will not be relayed to your users. Connections which drop will be reestablished automatically. After a connection drops it will attempt to reconnect after 1 minute. If that attempt fails it will try again in 2 minutes. The time will double each time until it hits 16 minutes. Then it will retry forever at 16 minute intervals. These connection attempts appear in the aprsd.log file.

Which ports on the distant igates do you connect to? There are two ways to go. You can connect to the ports which emit only local data (APRServe 1313 or aprsmon 14580) or you can choose one reliable server and connect to the port which supplies the complete data stream (APRServe 23 or aprsd 10152). In either case it should be a port which doesn't do the history file dump when you first connect. Connecting to local ports on ALL other servers will be more reliable since a single failure won't cut off all your external data.

This server has a port (1314) which only supplies station to station messages and corresponding posits. Other servers which will be used ONLY to relay 3rd party station to station messages to their local VHF network may want to connect to this port to greatly reduce the amount of data on their tcpip connection.


COM PORT CONFIGURATION

The TNC COM port is fixed at 9600 baud, 1 stop bit, 8 data bits and no parity. Be sure the TNC is configured to these parameters. You can use the terminal program "minicom" that comes with Linux to prepare the TNC. Make sure the TNC is NOT in KISS mode.

Be sure the device ( dev/ttyS* ) has the proper read/write permissions or the server will not be able to access it.

Root can set the serial port so it can be written to by anyone with the following command:

chmod ugo+w /dev/ttyS0

NOTE: If you don't define a device for the com port in the aprsd.conf file all TNC related functions in the server are disabled.


SHUTTING DOWN THE SERVER WHEN RUNNING AS A PROGRAM

Ctrl-C or "q" will shut down the server in an orderly manner and saves the current history list (last 30 mins of received TNC data) to disk.

Ctrl-\ shuts down without saving anything.

Note: The server also saves the history list (history.txt) to disk every 10 minutes automatically.


REMOTE TNC SYSOP ACCESS - (ESC)

You may telnet to the APRS server and connect to the TNC for the purpose of changing parameters or even sending data out over the radio channel. Use the (ESC) key from a telnet session to enter remote access mode. Some Telnet programs send data a line at a time so the (ESC) character will not be sent until you hit the (Enter) key.

You'll be prompted for your user name and password. These must match an entry in the Linux password file. In other words, a valid Linux login user/password. If the password is incorrect remote sysop mode will be exited. The user must also belong to the "tnc" group. This group must be created in the /etc/group file. Here is an example line:

tnc::102:root,wa4dsy,bozo

In this example users root,wa4dsy and bozo are assigned to the tnc group.

After you have logged on, everything you type goes to the TNC and all TNC output data goes only to you. The TNC is effectivly disconnected from all other internet users. Hit control-C to get the TNC into command mode.

To exit remote TNC access hit the key. You may also need to hit if your Telnet program sends data a line at a time. Some Telnet programs can be configured for character at a time mode. Check your documentation for details.

REMEMBER TO ENTER THE TNC "K" COMMAND BEFORE YOU EXIT.

To disconnect hit ctrl-D .


LOG FILES

/home/aprsd2/aprsd.log	User logons and logoffs and some system activity msgs.

/home/aprsd2/stsm.log	Station to station 3rd party messages sent on RF.

/home/aprsd2/udp.log	Record of data entering from the UDP port.

/home/aprsd2/rf.log     Record our own packets heard on RF by the TNC. 
                        (After being digipeated)

These can be viewed in real time with: tail -f /home/aprsd2/aprsd.log or the name of the log you want to monitor.

You can also use the "less" program to view it. After entering "less /home/aprsd2/aprsd.log" you type "F" to follow it in real time. Type ctrl-C to exit "F" mode.

All 3rd party station to station messages relayed from the Internet to RF are logged in /home/aprsd2/stsm.log

3rd party formatted packets received by the TNC will never be sent anywhere.

Data from the UDP port are logged in /home/aprsd2/udp.log .

All data heard on RF with the "MYCALL" callsign with be logged in rf.log . This feature lets you see what you have sent out on RF if you are being digipeated by someone else.

To keep the log files from getting too large they need to be rotated on a regular basis. Add the following to your /etc/logrotate.conf file. Log files will be rotated daily or weekly and the oldest deleted after 4 rotations. Feel free to modify the schedule to suit your needs.

/home/aprsd2/aprsd.log {
        weekly
        rotate 4
}

/home/aprsd2/stsm.log {
        daily
        rotate 4
}
/home/aprsd2/udp.log {
        daily
        rotate 4
}
/home/aprsd2/rf.log {
        daily
        rotate 4
}


I use the "joe" editor to edit my configuration files. It isn't installed by default so you may need to install it from the cdrom. To install mount the CD and do rpm -iv /mnt/cdrom/RedHat/RPMS/joe-2.8-13.i386.rpm .

STATION TO STATION MESSAGES

This program will reformat and relay aprs station to station messages from the Internet to the TNC for RF transmission under the following conditions.

It came from a logged on verified registered user.

and

The originator was not seen on the TNC RF data stream in the past 30 minutes.

and

The destination HAS been seen on the TNC RF data stream in the past 30 minutes and doesn't have "GATE*" in his path and has been repeated less than 3 times.

and

The line "rf-allow yes" is in the /home/aprsd2/aprsd.conf file.

Version 2.0.8 and later allows you to define up to 64 message destination call signs or aliases which will always be gated to RF if "rf-allow yes" has been defined. See the example aprsd.conf file for an example of how to use the "msgdest2rf" command to enable this feature. For each 3rd party messge delivered to RF the latest position report packet of the originating station will also be sent after reformating the path in 3rd party format. The program pulls the posit from the history list if it's in there.

eg:

KE6DJZ>AP0917,KB6TLJ-5,RELAY,WIDE:=3415.99N/11844.34WyAPRS+SA

becomes:

}KE6DJZ>AP0917,TCPIP,WA4DSY*:=3415.99N/11844.34WyAPRS+SA

(assuming "MyCall" is WA4DSY )

During a series of messages the position packet will only be sent with a message every 10 minutes unless the station emits and new one.

This server will NOT igate a 3rd party _reformatted_ message from RF to the Internet. This is strictly one way.

Users of unregisterd client programs can send their own station-to-station messages to other Internet users. These messages will not go out on the TNC RF channel and the path will be modified (TCPIP is changed to TCPXX*) so other hubs will know not to send these messages out on their RF channels. Unregistered users cannot Igate packets other than their own. In other words, the ax25 source call in their packets must match their logon call and "TCPIP" must be in the path. (TCPIP* or TCPXX* will not work either)

eg; assume N0CALL is unregistered and attempts to send the following into the server.

N0CALL>APRS,TCPIP:>TESTING
This will be converted to N0CALL>APRS,TCPXX*:>TESTING and gated to other users (but not to RF!)

However...
W4ZZZ>APRS,TCPIP:>TESTING
or
N0CALL>APRS,TCPIP*:>TESTING
will be deleted and not sent anywhere.
Telnet users must provide a user name or call sign before any of their data can be relayed to the internet. They need to enter "user callsign pass -1" so the server will accept the data. The ax25 FROM call in packets they send must match the call sign they loggon with. If they provide a valid password full priviliges are granted since they used the keyboard to emulate a client program logon string. (Not that anyone would want to do this except for testing)

This server will also accept valid user/password combinations for the Linux system it is running on. These users must be in the aprs group. This group can be added by editing the /etc/group file.

Note:

This program trusts other versions of itself and APRServe to flag the paths of data from unregistered Internet users with "TCPXX*". Station to station messages flagged this way will not be sent out on RF. The IGATE commands in the aprsd.conf file should specify a remote host port which is secure. For IGATES it must be a port which doesn't echo any Internet user data, only TNC data. Full function servers such as APRServe and this version (2.x.x) of aprsd will change TCPIP* to TCPXX* in the paths of unregistered users on all ports.

Users of the current java APRS applet don't log at all and are granted read-only access


MESSAGE ACKS (New in 2.0.7)

At the suggestion of Bob Bruninga I have implemented redundent message acks. Message packets of the form "WA4DSY>APRS::W4XYZ :ack{1" will be reformatted to 3rd party format and sent to the TNC as usual. However, the packet will be repeated several times at intervals of 5 (typical) seconds. The number of repeats and the time between them are defined by the "ackrepeats" and "ackrepeattime" statements in the aprsd.conf file. The defaults are 2 repeats at 5 second intervals. You can set the repeats to any value from 0 to 9 and the time interval from 1 to 30 seconds. Note the "ackrepeats" value is in additon to the first message ack. You will always send at least one.


USER VALIDATION

I obtained the user validation code from Steve Dimse K4HG. He has recently allowed the source code to be released. The source is in validate.cpp.

If the users APRS name and pass code aren't valid the validate module tries the Linux pass word validator for the "aprs" group. If that also fails it waits 10 seconds then returns the bad news to aprsd which notifies the user.

NOTE: aprsd must be run as root for the Linux password validator to work. However, the APRS user and passwords (from Mac/WinAPRS users) will be properly tested regardless of what user is running aprsd if "aprsPass yes" is in the aprsd.conf file.

The logon format:

user pass vers

eg: user N0CALL pass 00001 vers MacAPRS 3.0
might be sent by a MacAPRS user.
As pass code of -1 means you are an unregistered user, not a hacker trying out an bogus password.

You can telent to a port and enter the following, assuming your Linux user name is bozo and you password is xyzzy and you are part of the aprs group as defined in the /etc/group file.

user bozo pass xyzzy

To monitor some server status data you can enter:

user bozo pass xyzzy vers monitor

The aprs data stream is turned off and "Monitor Mode" is entered. Once a minute the server will send a status message to you.

Once you have logged on, ctrl-D will not cause a disconnect. You have to use your Telnet escape key then do a quit. I had to do this to prevent inadvertant disconnects due to possible spurious control codes in some users data.


KEEPING ABUSERS OUT OF THE SYSTEM (New in 2.1.0)

You can put the call signs of the users you want to restrict in the users.deny file. The format is the users call sign followed by either the letter "L" or "R". The "L" prevents logons and RF access. The "R" prevents only RF access while allowing the user to send packets into the aprs network.

user.deny example:

W4EVIL L   <--- Prevents sending of packets into the server or RF
W4SOB R    <--- Prevents any of his packets from getting on RF
		even if they came from another igate.


NOTE: This file is read every time aprsd needs to check users
so you will NOT need to restart the server when you change it.
If the abuse becomes serious enough you might consider putting "aprsPass no" in the aprsd.conf file. This turns off the checking of aprs passcodes and only allows Linux user/passwords. You will need to have all your users in the Linux passwd file.

Full time gating of selected stations from Internet to RF

For special events or personal reasons it may be desirable to allow the transfer of packets of selected stations from the Internet to RF. Allowing all stations to do this would overload the 1200 baud VHF packet frequency and isn't allowed. These packets are only sent on RF if they came from the Internet and were NOT heard on the local VHF frequency.

There are three "modes" of doing this. The most permissive allows all packets from a selected station to be sent to RF in real time. The second mode only allows position report packets to be sent on RF every 14.9 minutes. This puts much less strain on the RF network and is the recommended mode.

The third mode which was new in version 2.0.8 gates 3rd party station to station messages to RF full time if the DESTINATION call sign or alias is defined in the aprsd.conf file after the msgdest2rf keyword.

You select the stations by entering them in the /home/aprsd2/aprsd.conf file. Up to 64 stations can be defined. Several can be put on each line. The server must be restarted before any changes to aprsd.conf take effect.

Examples:

These stations posits are sent to RF every 15 minutes: 
posit2rf K4HG-8 N4NEQ-9 
posit2rf W7LUS-14

All packets from this station are gated to RF full time.
gate2rf N0CLU-9



This allows any message addressed to SCOUTS, KIDS or CQGA to go to
RF even though these "call signs" were not heard locally.
msgdest2rf SCOUTS KIDS CQGA

Note: The posits of stations in the "posit2rf" list are sent at 14 second intervals. It takes 14.9 minutes to scan the list of 64 before it repeats. The posits are taken from the 30 minute history list. If no posit is available for the station then no data is transmitted.


MIC_E PACKET TRANSLATION

Compressed TAPR Mic_E packets are converted to standard APRS format before being sent anywhere else. I used the Mic_E decoder written by Alan Crosswell, N2YGK to do the conversion. This is the same code that's in his aprsmon program.

The unconverted raw Mic_E packets from the local TNC can be observed by telneting to port 14580.


AEA to TAPR conversion

All packets in the AEA format are converted to TAPR format before any other processing. Clients never see an AEA formatted packet except from the RAW TNC port (14580) if the system operator is using an AEA TNC.


UDP PORT

The UDP input port (default 1315) is provided for interface with scripts. Only IP addresses listed in the "trust" line(s) in the aprsd.conf file are can send data to this port. You can enter up to 20 trust commands.

Example:

trust 198.162.50.5 

You may also provide a subnet mask after the ip address to open up an entire sub net. The example below allows 16 address from 198.162.50.0 to 198.162.50.15 .

Example:

trust 198.162.50.0 255.255.255.240 

The script can format packets to be sent to the TNC for RF transmission or TCPIP. The routing is determined by the "TO-CALL" field. If it's "TNC" the packet goes on on RF via the TNC after the path is striped off.

This goes to the TNC: WA4DSY>TNC:Data for TNC here
This goes to TCPIP: WA4DSY>APRS:Data for the Internet

The complete string including the path goes out on the Internet.

See the file "udp_example" for a sample perl script.


RESPONDING TO QUERIES (New in 2.1.0)

The aprsd server will respond to aprs queries as follows:
query:
WA4DSY>APRS:?IGATE? 
or
WA4DSY>APRS::IGATE    :?IGATE?{0
or
WA4DSY>APRS::aprsd    :?IGATE?{0
or
WA4DSY>APRS::aprsdATL :?IGATE?{0 
The first three examples will cause ALL aprsd servers to respond. The last will get you a response only from the aprsdATL server. The server first sends and ack packet the station initiating the query then sends response data such as the following example:
aprsdATL>APRS,TCPIP*::WA4DSY   :WA4DSY Atlanta_GA wa4dsy.net 216.254.33.225
sysop@mail.net aprsd 2.1.4 {1
Most of the data comes from the aprsd.conf file.

Java Applet

The JavAPRS applet by Steve Dimse is a completely separate product and is not supported by me. Surf over to
http://www.aprs.net/javAPRS.html for more information.

APRS passcode calculator (new in 2.1.1)

The aprspass program is located in the /home/aprsd2 directory. You may move it to another more convienient location if you wish. To determine the aprs passcode required for a callsign "N0CALL":
Change to the /home/aprsd2 directory.
./aprspass N0CALL
APRS passcode for N0CALL = 12345
The program will print the passcode "12345". You may use this 5 digit number as a password to connect and login to other igates and APRServe. The callsign and passcode are used as follows in aprsd.conf.
igate second.aprs.net 23 N0CALL 12345
This causes aprsd to connect the second.aprs.net, port 23. Data from that server becomes available at your server. Your TNC data and logged on Internet user data is sent to second.aprs.net over the two way connection.
Please use your real callsign!

Monitoring system status with a web browser (new in 2.1.2)

System operators can now check the operational status of their aprsd server with a web browser. The default port is 14501. To see the information simply enter the URL into the browser.
Example: To see the Miami server: http://first.aprs.net:14501/
To refresh the data click the browser reload button. Notice the igate domain names and user IP addresses are links. If the host is running aprsd 212 or later you can click on the link to see the status of that server. This is an open port, no passwords are required.

To disable this feature add to your aprsd.conf file: httpport 0

Determining the source IP address of aprs packets (new in 2.1.2)

This TCPIP port (default 14502) supplies all data streams without dup filtering with a special header prepended. The header contains the source IP address of the packet and the user login name, "IGATE" or "UDP". An example: !44.36.16.48:WA4DSY! Packets from other igates this server connected to will show the domain name instead of the IP address and the user will be "IGATE". Packets from the UDP port will have the IP address and the user field will be "UDP". Packets from the TNC will have "TNC" in the IP address field and "*" in the user field . Use telnet or nc optionally with grep to determine the source of packets.
eg: telnet first.aprs.net 23 | grep '199.45.66.88'
Will display only packets from IP address 199.45.66.88.

To disable this feature add to your aprsd.conf file: ipwatchport 0

KNOWN BUGS

Slow connection establishment to igates and hubs

Due to bugs in the "thread-safe" gethostbyname2_r() function I had to put mutual exclusion semaphores around it. The result is that when igate and hub connections are being established, only one host name lookup can be in progress at any time. If the host name is not found due to the name server being down, it can take up to a minute for that name lookup to complete. If you have 30 aprs.net igates in the list and the aprs.net name server is down, it can take up to 30 minutes to try them all.

Memory Leak

Under RedHat 5.1 this program leaks 8K of memory for each user connect/disconnect event. This appears to be a problem with one or more C libraries in the thread creation/destruction code. It has been fixed in 5.2.

To get the fix for 5.1surf over to ftp://ftp.redhat.com/pub/redhat/upgrades/5.1/i386/

Then get this file:
glibc-2.0.7-19.i386.rpm

The memory leak seems to be fixed in this version. To install do: rpm -U glibc-2.0.7-19.i386.rpm then reboot. You don't need to recompile aprsd!