update version

Update README.md
fix: check whether tcp mux header or not mor strictly
2022-07-24 21:20:01 +08:00 · 2022-07-12 10:06:53 +08:00 · 2022-07-11 16:10:08 +08:00 · 2022-06-30 14:01:39 +08:00 · 2022-06-30 14:00:25 +08:00 · 2022-06-30 14:00:18 +08:00
49 changed files with 5502 additions and 811 deletions
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -0,0 +1,31 @@
+name: compile xfrpc in ubuntu-latest 
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+    
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    
+    - name: install other depend lib
+      run: |
+          sudo apt-get update -y
+          sudo apt-get install -y libjson-c-dev
+          sudo apt-get install -y libevent-dev
+          
+    - name: compile xfrpc
+      run: |
+        mkdir build
+        cd build
+        cmake ..
+        make
--- a/.gitignore
+++ b/.gitignore
@@ -37,8 +37,10 @@ CMakeFiles/
 CMakeCache.txt
 Makefile
 cmake_install.cmake
+install_manifest.txt

 # bin generated
-xfrp_client
+xfrpc
 xfrp_test_server
-bin
+bin
+.vscode
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -2,21 +2,41 @@ cmake_minimum_required(VERSION 2.6)

 project(xfrp C)

-set(src_xfrp_test_server
-	xfrp_test_server.c
-	)
+set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/Modules/")

-set(src_xfrp_client
+find_package(LibEvent)
+if(NOT LibEvent_FOUND)
+  message(FATAL_ERROR "libevent2 not found!")
+endif(NOT LibEvent_FOUND)
+
+find_package(OpenSSL)
+if(NOT OPENSSL_FOUND)
+  message(FATAL_ERROR "OpenSSL not found!")
+endif(NOT OPENSSL_FOUND)
+
+find_package(JSON-C REQUIRED)
+include_directories(${JSON-C_INCLUDE_DIR})
+
+set(src_xfrpc
 	main.c
  	client.c
  	config.c
  	control.c
  	ini.c
  	msg.c
-	xfrp_client.c
+	xfrpc.c
 	debug.c
 	zip.c
 	commandline.c
+	crypto.c
+	fastpbkdf2.c
+	utils.c
+	common.c
+	login.c
+	proxy_tcp.c
+	proxy_ftp.c
+	proxy.c
+	tcpmux.c
 	)
 	
 set(libs
@@ -31,14 +51,11 @@ set(test_libs
 	event
 	)

-ADD_DEFINITIONS(-Wall -g  --std=gnu99 -Wmissing-declarations)
+ADD_DEFINITIONS(-Wall -g  --std=gnu99)

-add_executable(xfrp_client ${src_xfrp_client})
-target_link_libraries(xfrp_client ${libs})
+add_executable(xfrpc ${src_xfrpc})
+target_link_libraries(xfrpc ${libs})

-add_executable(xfrp_test_server ${src_xfrp_test_server})
-target_link_libraries(xfrp_test_server ${test_libs})
-
-install(TARGETS xfrp_client xfrp_test_server
+install(TARGETS xfrpc
        RUNTIME DESTINATION bin
 )
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,7 +1,7 @@
 Contributing
 ================================================================================

-If you want to contribute to [xfrp](https://github.com/kuntengrom/xfrp), please follow these simple rules:
+If you want to contribute to [xfrpc](https://github.com/liudf0716/xfrpc), please follow these simple rules:

 1. Press the fork button:

@@ -27,7 +27,7 @@ If you want to contribute to [xfrp](https://github.com/kuntengrom/xfrp), please
 6. Commit and push your changes, then make a pull request from Github.

    git commit --signoff  
-    git push -f
+    git push 
    
 7. Awaiting review, if accepted, merged!

--- a/README.md
+++ b/README.md
@@ -1,75 +1,198 @@
-![xfrp](https://github.com/KunTengRom/xfrp/blob/master/logo.png)
+![xfrpc](https://github.com/liudf0716/xfrpc/blob/master/logo.png)

-[![Build Status][1]][2]
-[![license][3]][4]
-[![Supported][7]][8]
-[![PRs Welcome][5]][6]
-[![Issue Welcome][9]][10]
-[![OpenWRT][11]][12]
-[![KunTeng][13]][14]

-[1]: https://img.shields.io/travis/KunTengRom/xfrp.svg?style=plastic
-[2]: https://travis-ci.org/KunTengRom/xfrp
-[3]: https://img.shields.io/badge/license-GPLV3-brightgreen.svg?style=plastic
-[4]: https://github.com/KunTengRom/xfrp/blob/master/LICENSE
-[5]: https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=plastic
-[6]: https://github.com/KunTengRom/xfrp/pulls
-[7]: https://img.shields.io/badge/FRP-Supported-blue.svg?style=plastic
-[8]: https://github.com/fatedier/frp
-[9]: https://img.shields.io/badge/Issues-welcome-brightgreen.svg?style=plastic
-[10]: https://github.com/KunTengRom/xfrp/issues/new
-[11]: https://img.shields.io/badge/Platform-%20OpenWRT%20%7CLEDE%20-brightgreen.svg?style=plastic
-[12]: https://github.com/KunTengRom/LEDE
-[13]: https://img.shields.io/badge/KunTeng-Inside-blue.svg?style=plastic
-[14]: http://rom.kunteng.org
+## What is xfrpc 

-## What is xfrp and why start xfrp
+`xfrpc` is [frp](https://github.com/fatedier/frp) client implemented by c language for [OpenWRT](https://github.com/openwrt/openwrt)
+The motivation to start xfrpc project is that we are OpenWRTer, and openwrt usually run in devices which have limit ROM and RAM space, however frpc always need more space and memory; therefore we launched xfrpc project.

-xfrp was [frp](https://github.com/fatedier/frp) client implemented by c for OpenWRT system
+## Development Status

-If you dont know what is frp, please visit [this](https://github.com/fatedier/frp)
+xfrpc partially compitable with latest frp release feature, It targets to fully compatible with latest frp release.

-The motivation to start xfrp project is that we are OpenWRTer, and openwrt usually ran in wireless router which has little ROM and RAM space, however golang always need more space and memory; therefore we start xfrp project
+the following table is detail  compatible feature:

-## Compile
+| Feature  | xfrpc | frpc |
+| ------------- | ------------- | ---------|
+| tcp  | Yes |	 Yes  |
+| tcpmux  | Yes |	 Yes  |
+| http  | Yes |	 Yes  |
+| https  | Yes |  Yes  |
+| subdomain | No | Yes |
+| use_encryption | No | Yes |
+| use_compression | No | Yes |
+| udp  | No |  Yes  |
+| p2p  | No |  Yes  |
+| xtcp  | No |  Yes  |
+| vistor  | No |  Yes  |
+
+
+
+## Architecture
+
+![Architecture](https://github.com/fatedier/frp/blob/dev/doc/pic/architecture.png?raw=true)
+
+Architecture quote from [frp](https://github.com/fatedier/frp) project, replace frpc with xfrpc.
+
+## Sequence Diagram
+
+```mermaid
+sequenceDiagram
+	title:	xfrpc与frps通信交互时序图
+	participant 本地服务
+	participant xfrpc
+  participant frps
+  participant 远程访问用户
+  
+  xfrpc ->> frps  : TypeLogin Message
+  frps ->> xfrpc  : TypeLoginResp Message
+  Note right of frps  : 根据Login信息里面的pool值，决定给xfrpc发送几条TypeReqWorkConn请求信息
+  frps ->> xfrpc  : frps aes-128-cfb iv[16] data
+  frps -->> xfrpc : TypeReqWorkConn Message
+	loop 根据Login中的PoolCount创建工作连接数
+  	xfrpc -->> frps  : TypeNewWorkConn Message
+  	Note left of xfrpc  : 与服务器创建代理服务工作连接，并请求新的工作连接请求
+  	Note right of frps  : 处理xfrpc端发送的TypeNewWorkConn消息，注册该工作连接到连接池中
+  	frps ->> xfrpc  : TypeStartWorkConn Message
+  	Note left of xfrpc  : 将新创建的工作连接与代理的本地服务连接做绑定
+	end
+  xfrpc ->> frps  : xfrpc aes-128-cfb iv[16] data
+  loop 用户配置的代理服务数
+  	xfrpc -->> frps : TypeNewProxy Message
+  	frps -->> xfrpc : NewProxyResp Message
+  end
+	
+  loop 心跳包检查
+    xfrpc -->> frps : TypePing Message
+    frps -->> xfrpc : TypePong Message
+  end
+  
+  远程访问用户 ->> frps   : 发起访问
+  frps ->> xfrpc	 : TypeStartWorkconn Message
+  loop  远程访问用户与本地服务之间的交互过程
+    frps ->> xfrpc         : 用户数据
+    xfrpc ->> 本地服务      : 用户数据
+    本地服务 ->> xfrpc      : 本地服务数据
+    xfrpc ->> frps         : 本地服务数据
+    frps  ->> 远程访问用户  : 本地服务数据
+  end
+  
+```
+
+## Compile on Ubuntu 20.04.3 LTS

 xfrp need [libevent](https://github.com/libevent/libevent) [openssl-dev](https://github.com/openssl/openssl) and [json-c](https://github.com/json-c/json-c) support

-Before compile xfrp, please install `libevent` `openssl-dev` and `json-c` in your system.
+Before compile xfrp, please install `libevent` and `json-c` in your system.
+
+Install json-c libevent in ubuntu 20.04 LTS

 ```shell
-git clone https://github.com/KunTengRom/xfrp.git
+sudo apt-get install -y libjson-c-dev
+sudo apt-get install -y libevent-dev
+```
+
+```shell
+git clone https://github.com/liudf0716/xfrpc.git
 cd xfrp
-cmake .
+mkdir build
+cmake ..
 make
 ```

+## Compile on OpenWrt
+
+xfrpc was recruited by openwrt community since version 1.04.515
+
+anyway I highly recommend you to use latest version 
+
+in order to compile xfrpc in openwrt sdk environment, you should firstly `make menuconfig`, then select `Network --> Web Servers/Proxies  ---> xfrpc`
+
 ## Quick start

+**before using xfrpc, you should get frps server: [frps](https://github.com/fatedier/frp/releases)**

-Run in debug mode :
+ frps 

-```shell
-xfrp_client -c frpc_mini.ini -f -d 7 
+frps use latest release 0.42.0
+
+```
+# frps.ini
+[common]
+bind_port = 7000
 ```

-Run in release mode :
+run frps

-```shell
-xfrp_client -c frpc_mini.ini -d 0
+```
+./frps -c frps.ini
 ```

----
+ xfrpc tcp

-## Todo list
+```
+#xfrpc_mini.ini 
+[common]
+server_addr = your_server_ip
+server_port = 7000

- support compression
- support encrypt
+[ssh]
+type = tcp
+local_ip = 127.0.0.1
+local_port = 22
+remote_port = 6128
+```

+ xfrpc http&https
+
+ compare with supporting tcp, supporting http&https need to add vhost_http_port&vhost_https_port in frps.ini as the following
+ 
+```
+# frps.ini
+[common]
+bind_port = 7000
+vhost_http_port = 80
+vhost_https_port = 443
+```
+
+```
+# xfrpc_mini.ini 
+[common]
+server_addr = x.x.x.x
+server_port = 7000
+
+[http]
+type = http
+local_port = 80
+custom_domains = www.example.com
+
+[https]
+type = https
+local_port = 443
+custom_domains = www.example.com
+```
+
+ Run in debug mode 
+
+```shell
+xfrpc -c frpc_mini.ini -f -d 7 
+```
+
+ Run in release mode :
+
+```shell
+xfrpc -c frpc_mini.ini -d 0
+```
+
+## Openwrt luci configure ui
+
+If running xfrpc in openwrt box, [luci-app-xfrpc](https://github.com/liudf0716/luci-app-xfrpc) is a good choice 
+
+luci-app-xfrpc was recruited by [luci project](https://github.com/openwrt/luci) 

 ## How to contribute our project

-See [CONTRIBUTING](https://github.com/KunTengRom/xfrp/blob/master/CONTRIBUTING.md) for details on submitting patches and the contribution workflow.
+See [CONTRIBUTING](https://github.com/liudf0716/xfrpc/blob/master/CONTRIBUTING.md) for details on submitting patches and the contribution workflow.

 ## Contact

@@ -77,3 +200,28 @@ QQ群 ： [331230369](https://jq.qq.com/?_wv=1027&k=47QGEhL)


 ## Please support us and star our project
+
+[![Star History Chart](https://api.star-history.com/svg?repos=liudf0716/xfrpc&type=Date)](https://star-history.com/#liudf0716/xfrpc&Date)
+
+## 打赏
+
+支付宝打赏
+
+![支付宝打赏](https://user-images.githubusercontent.com/1182593/169465135-d4522479-4068-4714-ab58-987d7d7eb338.png)
+
+
+微信打赏
+
+
+![微信打赏](https://user-images.githubusercontent.com/1182593/169465249-db1b495e-078e-4cab-91fc-96dab3320b06.png)
+
+
+ <!--
+ 
+## 广告
+
+想学习OpenWrt开发，但是摸不着门道？自学没毅力？基础太差？怕太难学不会？跟着佐大学OpenWrt开发入门培训班助你能学有所成
+
+报名地址：https://forgotfun.org/2018/04/openwrt-training-2018.html
+
+-->
--- a/client.c
+++ b/client.c
@@ -21,7 +21,7 @@

 /** @file client.c
    @brief client surrogate for local service
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */

 #include <string.h>
@@ -29,20 +29,12 @@
 #include <stdio.h>
 #include <errno.h>
 #include <assert.h>
-
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <errno.h>
-
 #include <syslog.h>
-
 #include <zlib.h>

-#include <event2/bufferevent.h>
-#include <event2/buffer.h>
-#include <event2/listener.h>
-#include <event2/util.h>
-#include <event2/event.h>

 #include "debug.h"
 #include "client.h"
@@ -52,168 +44,149 @@
 #include "const.h"
 #include "uthash.h"
 #include "zip.h"
+#include "common.h"
+#include "proxy.h"
+#include "utils.h"
+#include "tcpmux.h"

-#define MAX_OUTPUT (512*1024)
-
-static void drained_writecb(struct bufferevent *bev, void *ctx);
-static void xfrp_event_cb(struct bufferevent *bev, short what, void *ctx);
+static struct proxy_client 	*all_pc = NULL;

 static void
-xfrp_read_cb(struct bufferevent *bev, void *ctx)
+xfrp_worker_event_cb(struct bufferevent *bev, short what, void *ctx)
 {
-	struct bufferevent *partner = ctx;
-	struct evbuffer *src, *dst;
-	size_t len;
-	src = bufferevent_get_input(bev);
-	len = evbuffer_get_length(src);
-	if (!partner) {
-		evbuffer_drain(src, len);
-		return;
-	}
-	dst = bufferevent_get_output(partner);
-	evbuffer_add_buffer(dst, src);
-
-	if (evbuffer_get_length(dst) >= MAX_OUTPUT) {
-		/* We're giving the other side data faster than it can
-		 * pass it on.  Stop reading here until we have drained the
-		 * other side to MAX_OUTPUT/2 bytes. */
-		bufferevent_setcb(partner, xfrp_read_cb, drained_writecb,
-		    xfrp_event_cb, bev);
-		bufferevent_setwatermark(partner, EV_WRITE, MAX_OUTPUT/2,
-		    MAX_OUTPUT);
-		bufferevent_disable(bev, EV_READ);
-	}
-}
-
-static void
-drained_writecb(struct bufferevent *bev, void *ctx)
-{
-	struct bufferevent *partner = ctx;
-
-	/* We were choking the other side until we drained our outbuf a bit.
-	 * Now it seems drained. */
-	bufferevent_setcb(bev, xfrp_read_cb, NULL, xfrp_event_cb, partner);
-	bufferevent_setwatermark(bev, EV_WRITE, 0, 0);
-	if (partner)
-		bufferevent_enable(partner, EV_READ);
-}
-
-static void
-close_on_finished_writecb(struct bufferevent *bev, void *ctx)
-{
-	struct evbuffer *b = bufferevent_get_output(bev);
-
-	if (evbuffer_get_length(b) == 0) {
+	if (what & (BEV_EVENT_EOF|BEV_EVENT_ERROR)) {
+		debug(LOG_DEBUG, "working connection closed!");
 		bufferevent_free(bev);
 	}
 }

-static void
-xfrp_event_cb(struct bufferevent *bev, short what, void *ctx)
+static void 
+xfrp_proxy_event_cb(struct bufferevent *bev, short what, void *ctx)
 {
-	struct bufferevent *partner = ctx;
+	struct proxy_client *client = ctx;
+	assert(client);

 	if (what & (BEV_EVENT_EOF|BEV_EVENT_ERROR)) {
-		if (partner) {
-			/* Flush all pending data */
-			xfrp_read_cb(bev, ctx);
-
-			if (evbuffer_get_length(
-				    bufferevent_get_output(partner))) {
-				/* We still have to flush data from the other
-				 * side, but when that's done, close the other
-				 * side. */
-				bufferevent_setcb(partner,
-				    NULL, close_on_finished_writecb,
-				    xfrp_event_cb, NULL);
-				bufferevent_disable(partner, EV_READ);
-			} else {
-				/* We have nothing left to say to the other
-				 * side; close it. */
-				bufferevent_free(partner);
-			}
+		debug(LOG_DEBUG, "xfrpc proxy close connect server [%s:%d] stream_id %d: %s", 
+						client->ps->local_ip, client->ps->local_port, 
+						client->stream_id, strerror(errno));
+		tcp_mux_send_win_update_fin(client->ctl_bev, client->stream_id);
+		client->stream_state = LOCAL_CLOSE;
+	} else if (what & BEV_EVENT_CONNECTED) {
+		debug(LOG_DEBUG, "client [%d] connected", client->stream_id);
+		//client->stream_state = ESTABLISHED;
+		if (client->data_tail_size > 0) {
+			debug(LOG_DEBUG, "send client data ...");
+			send_client_data_tail(client);		
 		}
-		bufferevent_free(bev);
-	}
+	  }
 }

-static void
-xfrp_decrypt_cb(struct bufferevent *bev, void *ctx)
+int 
+is_ftp_proxy(const struct proxy_service *ps)
 {
-	struct bufferevent *partner = ctx;
-	struct evbuffer *src, *dst;
-	size_t len;
-	src = bufferevent_get_input(bev);
-	len = evbuffer_get_length(src);
-	if (len > 4) {
-		dst = bufferevent_get_output(partner);
-		evbuffer_drain(src, 4);
-		evbuffer_add_buffer(dst, src);
-	}
-}
+	if (! ps || ! ps->proxy_type)
+		return 0;

-static void
-xfrp_encrypt_cb(struct bufferevent *bev, void *ctx)
-{
-	struct bufferevent *partner = ctx;
-	struct evbuffer *src, *dst;
-	size_t len;
-	src = bufferevent_get_input(bev);
-	len = evbuffer_get_length(src);
-	if (len > 0) {
-		dst = bufferevent_get_output(partner);
-		unsigned int header = htonl(len);
-		evbuffer_prepend(src, &header, sizeof(unsigned int));
-		evbuffer_add_buffer(dst, src);	
-	}
+	if (0 == strcmp(ps->proxy_type, "ftp") && ps->remote_data_port > 0)
+		return 1;
+
+	return 0;
 }

 // create frp tunnel for service
-void start_frp_tunnel(const struct proxy_client *client)
+void 
+start_xfrp_tunnel(struct proxy_client *client)
 {
-	struct event_base *base = client->base;
-	struct common_conf *c_conf = get_common_config();
-	
-	struct bufferevent *b_svr = connect_server(client, c_conf->server_addr, c_conf->server_port);
-	if (!b_svr) {
+	if (! client->ctl_bev) {
+		debug(LOG_ERR, "proxy client control bev is invalid!");
 		return;
 	}
-	
-	struct bufferevent *b_clt = connect_server(client, client->local_ip, client->local_port);
-	if (!b_clt) {
-		bufferevent_free(b_svr);
+
+	struct event_base *base = client->base;
+	struct common_conf *c_conf = get_common_config();
+	struct proxy_service *ps = client->ps;
+
+	if ( !base ) {
+		debug(LOG_ERR, "service event base get failed");
+		return;
+	}
+
+	if ( !ps ) {
+		debug(LOG_ERR, "service tunnel started failed, no proxy service resource.");
+		return;
+	}
+
+	if ( !ps->local_port ) {
+		debug(LOG_ERR, "service tunnel started failed, proxy service resource unvalid.");
+		return;
+	}
+
+	client->local_proxy_bev = connect_server(base, ps->local_ip, ps->local_port);
+	if ( !client->local_proxy_bev ) {
+		debug(LOG_ERR, "frpc tunnel connect local proxy port [%d] failed!", ps->local_port);
+		del_proxy_client(client);
 		return;
 	}
 	
 	debug(LOG_DEBUG, "proxy server [%s:%d] <---> client [%s:%d]", 
-		  c_conf->server_addr, c_conf->server_port, client->local_ip, client->local_port);
+		  c_conf->server_addr, 
+		  ps->remote_port, 
+		  ps->local_ip ? ps->local_ip:"::1",
+		  ps->local_port);
+
+	bufferevent_data_cb proxy_s2c_recv, proxy_c2s_recv;
+	if (is_ftp_proxy(client->ps)) {
+		proxy_c2s_recv = ftp_proxy_c2s_cb;
+		proxy_s2c_recv = ftp_proxy_s2c_cb;
+	} else {
+		proxy_c2s_recv = tcp_proxy_c2s_cb; // local service ---> xfrpc
+		proxy_s2c_recv = tcp_proxy_s2c_cb; // frps ---> xfrpc
+	}
 	
-	bufferevent_setcb(b_svr, xfrp_decrypt_cb, NULL, xfrp_event_cb, b_clt);
-	bufferevent_setcb(b_clt, xfrp_encrypt_cb, NULL, xfrp_event_cb, b_svr);
-	
-	bufferevent_enable(b_svr, EV_READ|EV_WRITE);
-	bufferevent_enable(b_clt, EV_READ|EV_WRITE);
-	
-	send_msg_frp_server(NewWorkConn, client, b_svr);
+	if (!c_conf->tcp_mux) {
+		bufferevent_setcb(client->ctl_bev, 
+						proxy_s2c_recv, 
+						NULL, 
+						xfrp_worker_event_cb, 
+						client);
+		bufferevent_enable(client->ctl_bev, EV_READ|EV_WRITE);
+	}
+
+	bufferevent_setcb(client->local_proxy_bev, 
+						proxy_c2s_recv, 
+						NULL, 
+						xfrp_proxy_event_cb, 
+						client);
+						
+	bufferevent_enable(client->local_proxy_bev, EV_READ|EV_WRITE);
 }

-void free_proxy_client(struct proxy_client *client)
+int 
+send_client_data_tail(struct proxy_client *client)
 {
-	if (client->name) free(client->name);
-	if (client->local_ip) free(client->local_ip);
-	if (client->custom_domains) free(client->custom_domains);
-	if (client->locations) free(client->locations);
-	
-	free_base_config(client->bconf);
-	
-	evtimer_del(client->ev_timeout);
+	int send_l = 0;
+	if (client->data_tail && client->data_tail_size && client->local_proxy_bev) {
+		send_l = bufferevent_write(client->local_proxy_bev, client->data_tail, client->data_tail_size);
+		client->data_tail = NULL;
+		client->data_tail_size = 0;
+	}
+
+	return send_l;
 }

-void del_proxy_client(struct proxy_client *client)
+static void 
+free_proxy_client(struct proxy_client *client)
+{
+	if (client->local_proxy_bev) bufferevent_free(client->local_proxy_bev);
+	free(client);
+}
+
+void 
+del_proxy_client(struct proxy_client *client)
 {
-	struct proxy_client *all_pc = get_all_pc();
 	if (!client || !all_pc ) {
-		debug(LOG_INFO, "Error: all_pc or client is NULL");
+		debug(LOG_INFO, "all_pc or client is NULL");
 		return;
 	}
 	
@@ -221,3 +194,36 @@ void del_proxy_client(struct proxy_client *client)
 	
 	free_proxy_client(client);
 }
+
+struct proxy_client *
+get_proxy_client(uint32_t sid)
+{
+	struct proxy_client *pc = NULL;
+	HASH_FIND_INT(all_pc, &sid, pc);
+	return pc;
+}
+
+struct proxy_client *
+new_proxy_client()
+{
+	struct proxy_client *client = calloc(1, sizeof(struct proxy_client));
+	assert(client);
+	client->stream_id   = get_next_session_id();
+	client->send_window	= 200*1024;
+	client->stream_state = INIT;
+	HASH_ADD_INT(all_pc, stream_id, client);
+	
+	return client;
+}
+
+void
+clear_all_proxy_client()
+{
+	if (!all_pc) return;
+	
+	struct proxy_client *client, *tmp;
+	HASH_ITER(hh, all_pc, client, tmp) {
+		HASH_DEL(all_pc, client);
+		free_proxy_client(client);
+	}
+}
--- a/client.h
+++ b/client.h
@@ -20,36 +20,65 @@
 \********************************************************************/

 /** @file client.h
-    @brief xfrp client proxy client related
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+    @brief xfrpc proxy client related
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */

 #ifndef _CLIENT_H_
 #define _CLIENT_H_

+#include <stdint.h>
+
 #include "uthash.h"
+#include "common.h"
+#include "tcpmux.h"

 struct event_base;
 struct base_conf;
 struct bufferevent;
 struct event;
-struct evdns_base;
+struct proxy_service;

 struct proxy_client {
 	struct event_base 	*base;
-	struct evdns_base  	*dnsbase;
-	struct bufferevent	*ctl_bev;
-	struct event		*ev_timeout;
-	
+	struct bufferevent	*ctl_bev; // xfrpc proxy <---> frps
+	struct bufferevent 	*local_proxy_bev; // xfrpc proxy <---> local service
 	struct base_conf	*bconf;
-	char	*name; // pointer to bconf->name
+
+	uint32_t				stream_id;
+	uint32_t				send_window;
+	enum tcp_mux_state		stream_state;
+	int						connected;
+	int 					work_started;
+	struct 	proxy_service 	*ps;
+	unsigned char			*data_tail; // storage untreated data
+	size_t					data_tail_size;
+	
+	// private arguments
+	UT_hash_handle hh;
+};
+
+struct proxy_service {
+	char 	*proxy_name;
+	char 	*proxy_type;
+	char 	*ftp_cfg_proxy_name;
+	int 	use_encryption;
+	int		use_compression;
+
 	char	*local_ip;
-	int		local_port;
 	int		remote_port;
-	
-	char	*custom_domains;
+	int 	remote_data_port;
+	int 	local_port;
+
+	// http and https only
+	char 	*custom_domains;
+	char 	*subdomain;
 	char	*locations;
-	
+	char	*host_header_rewrite;
+	char	*http_user;
+	char	*http_pwd;
+
+	// private arguments
 	UT_hash_handle hh;
 };

@@ -57,10 +86,19 @@ struct proxy_client {
 // frp server send xfrp client NoticeUserConn request
 // when xfrp client receive that request, it will start
 // frp tunnel
-void start_frp_tunnel(const struct proxy_client *client);
+// if client has data-tail(not NULL), client value will be changed 
+void start_xfrp_tunnel(struct proxy_client *client);

 void del_proxy_client(struct proxy_client *client);

-void free_proxy_client(struct proxy_client *client);
+struct proxy_client	*get_proxy_client(uint32_t sid);

-#endif
+int send_client_data_tail(struct proxy_client *client);
+
+int is_ftp_proxy(const struct proxy_service *ps);
+
+struct proxy_client *new_proxy_client();
+
+void clear_all_proxy_client();
+
+#endif //_CLIENT_H_
--- a/cmake/Modules/CMakeParseArguments.cmake
+++ b/cmake/Modules/CMakeParseArguments.cmake
@@ -0,0 +1,161 @@
+#.rst:
+# CMakeParseArguments
+# -------------------
+#
+#
+#
+# CMAKE_PARSE_ARGUMENTS(<prefix> <options> <one_value_keywords>
+# <multi_value_keywords> args...)
+#
+# CMAKE_PARSE_ARGUMENTS() is intended to be used in macros or functions
+# for parsing the arguments given to that macro or function.  It
+# processes the arguments and defines a set of variables which hold the
+# values of the respective options.
+#
+# The <options> argument contains all options for the respective macro,
+# i.e.  keywords which can be used when calling the macro without any
+# value following, like e.g.  the OPTIONAL keyword of the install()
+# command.
+#
+# The <one_value_keywords> argument contains all keywords for this macro
+# which are followed by one value, like e.g.  DESTINATION keyword of the
+# install() command.
+#
+# The <multi_value_keywords> argument contains all keywords for this
+# macro which can be followed by more than one value, like e.g.  the
+# TARGETS or FILES keywords of the install() command.
+#
+# When done, CMAKE_PARSE_ARGUMENTS() will have defined for each of the
+# keywords listed in <options>, <one_value_keywords> and
+# <multi_value_keywords> a variable composed of the given <prefix>
+# followed by "_" and the name of the respective keyword.  These
+# variables will then hold the respective value from the argument list.
+# For the <options> keywords this will be TRUE or FALSE.
+#
+# All remaining arguments are collected in a variable
+# <prefix>_UNPARSED_ARGUMENTS, this can be checked afterwards to see
+# whether your macro was called with unrecognized parameters.
+#
+# As an example here a my_install() macro, which takes similar arguments
+# as the real install() command:
+#
+# ::
+#
+#    function(MY_INSTALL)
+#      set(options OPTIONAL FAST)
+#      set(oneValueArgs DESTINATION RENAME)
+#      set(multiValueArgs TARGETS CONFIGURATIONS)
+#      cmake_parse_arguments(MY_INSTALL "${options}" "${oneValueArgs}"
+#                            "${multiValueArgs}" ${ARGN} )
+#      ...
+#
+#
+#
+# Assume my_install() has been called like this:
+#
+# ::
+#
+#    my_install(TARGETS foo bar DESTINATION bin OPTIONAL blub)
+#
+#
+#
+# After the cmake_parse_arguments() call the macro will have set the
+# following variables:
+#
+# ::
+#
+#    MY_INSTALL_OPTIONAL = TRUE
+#    MY_INSTALL_FAST = FALSE (this option was not used when calling my_install()
+#    MY_INSTALL_DESTINATION = "bin"
+#    MY_INSTALL_RENAME = "" (was not used)
+#    MY_INSTALL_TARGETS = "foo;bar"
+#    MY_INSTALL_CONFIGURATIONS = "" (was not used)
+#    MY_INSTALL_UNPARSED_ARGUMENTS = "blub" (no value expected after "OPTIONAL"
+#
+#
+#
+# You can then continue and process these variables.
+#
+# Keywords terminate lists of values, e.g.  if directly after a
+# one_value_keyword another recognized keyword follows, this is
+# interpreted as the beginning of the new option.  E.g.
+# my_install(TARGETS foo DESTINATION OPTIONAL) would result in
+# MY_INSTALL_DESTINATION set to "OPTIONAL", but MY_INSTALL_DESTINATION
+# would be empty and MY_INSTALL_OPTIONAL would be set to TRUE therefor.
+
+#=============================================================================
+# Copyright 2010 Alexander Neundorf <neundorf@kde.org>
+#
+# Distributed under the OSI-approved BSD License (the "License");
+# see accompanying file Copyright.txt for details.
+#
+# This software is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the License for more information.
+#=============================================================================
+# (To distribute this file outside of CMake, substitute the full
+#  License text for the above reference.)
+
+
+if(__CMAKE_PARSE_ARGUMENTS_INCLUDED)
+  return()
+endif()
+set(__CMAKE_PARSE_ARGUMENTS_INCLUDED TRUE)
+
+
+function(CMAKE_PARSE_ARGUMENTS prefix _optionNames _singleArgNames _multiArgNames)
+  # first set all result variables to empty/FALSE
+  foreach(arg_name ${_singleArgNames} ${_multiArgNames})
+    set(${prefix}_${arg_name})
+  endforeach()
+
+  foreach(option ${_optionNames})
+    set(${prefix}_${option} FALSE)
+  endforeach()
+
+  set(${prefix}_UNPARSED_ARGUMENTS)
+
+  set(insideValues FALSE)
+  set(currentArgName)
+
+  # now iterate over all arguments and fill the result variables
+  foreach(currentArg ${ARGN})
+    list(FIND _optionNames "${currentArg}" optionIndex)  # ... then this marks the end of the arguments belonging to this keyword
+    list(FIND _singleArgNames "${currentArg}" singleArgIndex)  # ... then this marks the end of the arguments belonging to this keyword
+    list(FIND _multiArgNames "${currentArg}" multiArgIndex)  # ... then this marks the end of the arguments belonging to this keyword
+
+    if(${optionIndex} EQUAL -1  AND  ${singleArgIndex} EQUAL -1  AND  ${multiArgIndex} EQUAL -1)
+      if(insideValues)
+        if("${insideValues}" STREQUAL "SINGLE")
+          set(${prefix}_${currentArgName} ${currentArg})
+          set(insideValues FALSE)
+        elseif("${insideValues}" STREQUAL "MULTI")
+          list(APPEND ${prefix}_${currentArgName} ${currentArg})
+        endif()
+      else()
+        list(APPEND ${prefix}_UNPARSED_ARGUMENTS ${currentArg})
+      endif()
+    else()
+      if(NOT ${optionIndex} EQUAL -1)
+        set(${prefix}_${currentArg} TRUE)
+        set(insideValues FALSE)
+      elseif(NOT ${singleArgIndex} EQUAL -1)
+        set(currentArgName ${currentArg})
+        set(${prefix}_${currentArgName})
+        set(insideValues "SINGLE")
+      elseif(NOT ${multiArgIndex} EQUAL -1)
+        set(currentArgName ${currentArg})
+        set(${prefix}_${currentArgName})
+        set(insideValues "MULTI")
+      endif()
+    endif()
+
+  endforeach()
+
+  # propagate the result variables to the caller:
+  foreach(arg_name ${_singleArgNames} ${_multiArgNames} ${_optionNames})
+    set(${prefix}_${arg_name}  ${${prefix}_${arg_name}} PARENT_SCOPE)
+  endforeach()
+  set(${prefix}_UNPARSED_ARGUMENTS ${${prefix}_UNPARSED_ARGUMENTS} PARENT_SCOPE)
+
+endfunction()
--- a/cmake/Modules/FindJSON-C.cmake
+++ b/cmake/Modules/FindJSON-C.cmake
@@ -0,0 +1,21 @@
+# JSON-C_FOUND - true if library and headers were found
+# JSON-C_INCLUDE_DIRS - include directories
+# JSON-C_LIBRARIES - library directories
+
+find_package(PkgConfig)
+pkg_check_modules(PC_JSON-C QUIET json-c)
+
+find_path(JSON-C_INCLUDE_DIR json.h
+	HINTS ${PC_JSON-C_INCLUDEDIR} ${PC_JSON-C_INCLUDE_DIRS} PATH_SUFFIXES json-c json)
+
+find_library(JSON-C_LIBRARY NAMES json-c libjson-c
+	HINTS ${PC_JSON-C_LIBDIR} ${PC_JSON-C_LIBRARY_DIRS})
+
+set(JSON-C_LIBRARIES ${JSON-C_LIBRARY})
+set(JSON-C_INCLUDE_DIRS ${JSON-C_INCLUDE_DIR})
+
+include(FindPackageHandleStandardArgs)
+
+find_package_handle_standard_args(JSON-C DEFAULT_MSG JSON-C_LIBRARY JSON-C_INCLUDE_DIR)
+
+mark_as_advanced(JSON-C_INCLUDE_DIR JSON-C_LIBRARY)
--- a/cmake/Modules/FindLibEvent.cmake
+++ b/cmake/Modules/FindLibEvent.cmake
@@ -0,0 +1,39 @@
+# - Find LibEvent (a cross event library)
+# This module defines
+# LIBEVENT_INCLUDE_DIR, where to find LibEvent headers
+# LIBEVENT_LIB, LibEvent libraries
+# LibEvent_FOUND, If false, do not try to use libevent
+
+set(LibEvent_EXTRA_PREFIXES /usr/local /opt/local "$ENV{HOME}")
+foreach(prefix ${LibEvent_EXTRA_PREFIXES})
+  list(APPEND LibEvent_INCLUDE_PATHS "${prefix}/include")
+  list(APPEND LibEvent_LIB_PATHS "${prefix}/lib")
+endforeach()
+
+FIND_PATH(LIBEVENT_INCLUDE_DIR event.h PATHS ${LibEvent_INCLUDE_PATHS})
+
+FIND_LIBRARY(LIBEVENT_LIB          NAMES event          PATHS ${LibEvent_LIB_PATHS})
+FIND_LIBRARY(LIBEVENT_CORE_LIB     NAMES event_core     PATHS ${LibEvent_LIB_PATHS})
+FIND_LIBRARY(LIBEVENT_PTHREADS_LIB NAMES event_pthreads PATHS ${LibEvent_LIB_PATHS})
+FIND_LIBRARY(LIBEVENT_EXTRA_LIB    NAMES event_extra    PATHS ${LibEvent_LIB_PATHS})
+FIND_LIBRARY(LIBEVENT_OPENSSL_LIB  NAMES event_openssl  PATHS ${LibEvent_LIB_PATHS})
+
+if (LIBEVENT_LIB AND LIBEVENT_INCLUDE_DIR)
+  set(LibEvent_FOUND TRUE)
+  set(LIBEVENT_LIB ${LIBEVENT_LIB})
+else ()
+  set(LibEvent_FOUND FALSE)
+endif ()
+
+if (LibEvent_FOUND)
+  if (NOT LibEvent_FIND_QUIETLY)
+    message(STATUS "Found libevent: ${LIBEVENT_LIB}")
+  endif ()
+else ()
+  if (LibEvent_FIND_REQUIRED)
+    message(FATAL_ERROR "Could NOT find libevent.")
+  endif ()
+  message(STATUS "libevent NOT found.")
+endif ()
+
+MARK_AS_ADVANCED(LIBEVENT_INCLUDE_DIR LIBEVENT_LIB LIBEVENT_PTHREADS_LIB LIBEVENT_OPENSSL_LIB LIBEVENT_CORE_LIB LIBEVENT_EXTRA_LIB)
--- a/cmake/Modules/FindOpenSSL.cmake
+++ b/cmake/Modules/FindOpenSSL.cmake
@@ -0,0 +1,340 @@
+#.rst:
+# FindOpenSSL
+# -----------
+#
+# Try to find the OpenSSL encryption library
+#
+# Once done this will define
+#
+# ::
+#
+#   OPENSSL_ROOT_DIR - Set this variable to the root installation of OpenSSL
+#
+#
+#
+# Read-Only variables:
+#
+# ::
+#
+#   OPENSSL_FOUND - System has the OpenSSL library
+#   OPENSSL_INCLUDE_DIR - The OpenSSL include directory
+#   OPENSSL_CRYPTO_LIBRARY - The OpenSSL crypto library
+#   OPENSSL_SSL_LIBRARY - The OpenSSL SSL library
+#   OPENSSL_LIBRARIES - All OpenSSL libraries
+#   OPENSSL_VERSION - This is set to $major.$minor.$revision$patch (eg. 0.9.8s)
+
+#=============================================================================
+# Copyright 2006-2009 Kitware, Inc.
+# Copyright 2006 Alexander Neundorf <neundorf@kde.org>
+# Copyright 2009-2011 Mathieu Malaterre <mathieu.malaterre@gmail.com>
+#
+# Distributed under the OSI-approved BSD License (the "License");
+# see accompanying file Copyright.txt for details.
+#
+# This software is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the License for more information.
+#=============================================================================
+# (To distribute this file outside of CMake, substitute the full
+#  License text for the above reference.)
+
+if (UNIX)
+  find_package(PkgConfig QUIET)
+  pkg_check_modules(_OPENSSL QUIET openssl)
+endif ()
+
+if (WIN32)
+  # http://www.slproweb.com/products/Win32OpenSSL.html
+  set(_OPENSSL_ROOT_HINTS
+    ${OPENSSL_ROOT_DIR}
+    "[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\OpenSSL (32-bit)_is1;Inno Setup: App Path]"
+    "[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\OpenSSL (64-bit)_is1;Inno Setup: App Path]"
+    ENV OPENSSL_ROOT_DIR
+    )
+  file(TO_CMAKE_PATH "$ENV{PROGRAMFILES}" _programfiles)
+  set(_OPENSSL_ROOT_PATHS
+    "${_programfiles}/OpenSSL"
+    "${_programfiles}/OpenSSL-Win32"
+    "${_programfiles}/OpenSSL-Win64"
+    "C:/OpenSSL/"
+    "C:/OpenSSL-Win32/"
+    "C:/OpenSSL-Win64/"
+    )
+  unset(_programfiles)
+else ()
+  set(_OPENSSL_ROOT_HINTS
+    ${OPENSSL_ROOT_DIR}
+    ENV OPENSSL_ROOT_DIR
+    )
+endif ()
+
+set(_OPENSSL_ROOT_HINTS_AND_PATHS
+    HINTS ${_OPENSSL_ROOT_HINTS}
+    PATHS ${_OPENSSL_ROOT_PATHS}
+    )
+
+find_path(OPENSSL_INCLUDE_DIR
+  NAMES
+    openssl/ssl.h
+  ${_OPENSSL_ROOT_HINTS_AND_PATHS}
+  HINTS
+    ${_OPENSSL_INCLUDEDIR}
+  PATH_SUFFIXES
+    include
+)
+
+if(WIN32 AND NOT CYGWIN)
+  if(MSVC)
+    # /MD and /MDd are the standard values - if someone wants to use
+    # others, the libnames have to change here too
+    # use also ssl and ssleay32 in debug as fallback for openssl < 0.9.8b
+    # TODO: handle /MT and static lib
+    # In Visual C++ naming convention each of these four kinds of Windows libraries has it's standard suffix:
+    #   * MD for dynamic-release
+    #   * MDd for dynamic-debug
+    #   * MT for static-release
+    #   * MTd for static-debug
+
+    # Implementation details:
+    # We are using the libraries located in the VC subdir instead of the parent directory eventhough :
+    # libeay32MD.lib is identical to ../libeay32.lib, and
+    # ssleay32MD.lib is identical to ../ssleay32.lib
+    find_library(LIB_EAY_DEBUG
+      NAMES
+        libeay32MDd
+        libeay32d
+      ${_OPENSSL_ROOT_HINTS_AND_PATHS}
+      PATH_SUFFIXES
+        "lib"
+        "VC"
+        "lib/VC"
+    )
+
+    find_library(LIB_EAY_RELEASE
+      NAMES
+        libeay32MD
+        libeay32
+      ${_OPENSSL_ROOT_HINTS_AND_PATHS}
+      PATH_SUFFIXES
+        "lib"
+        "VC"
+        "lib/VC"
+    )
+
+    find_library(SSL_EAY_DEBUG
+      NAMES
+        ssleay32MDd
+        ssleay32d
+      ${_OPENSSL_ROOT_HINTS_AND_PATHS}
+      PATH_SUFFIXES
+        "lib"
+        "VC"
+        "lib/VC"
+    )
+
+    find_library(SSL_EAY_RELEASE
+      NAMES
+        ssleay32MD
+        ssleay32
+        ssl
+      ${_OPENSSL_ROOT_HINTS_AND_PATHS}
+      PATH_SUFFIXES
+        "lib"
+        "VC"
+        "lib/VC"
+    )
+
+    set(LIB_EAY_LIBRARY_DEBUG "${LIB_EAY_DEBUG}")
+    set(LIB_EAY_LIBRARY_RELEASE "${LIB_EAY_RELEASE}")
+    set(SSL_EAY_LIBRARY_DEBUG "${SSL_EAY_DEBUG}")
+    set(SSL_EAY_LIBRARY_RELEASE "${SSL_EAY_RELEASE}")
+
+    include(${CMAKE_CURRENT_LIST_DIR}/SelectLibraryConfigurations.cmake)
+    select_library_configurations(LIB_EAY)
+    select_library_configurations(SSL_EAY)
+
+    mark_as_advanced(LIB_EAY_LIBRARY_DEBUG LIB_EAY_LIBRARY_RELEASE
+                     SSL_EAY_LIBRARY_DEBUG SSL_EAY_LIBRARY_RELEASE)
+    set( OPENSSL_SSL_LIBRARY ${SSL_EAY_LIBRARY} )
+    set( OPENSSL_CRYPTO_LIBRARY ${LIB_EAY_LIBRARY} )
+    set( OPENSSL_LIBRARIES ${SSL_EAY_LIBRARY} ${LIB_EAY_LIBRARY} )
+  elseif(MINGW)
+    # same player, for MinGW
+    set(LIB_EAY_NAMES libeay32)
+    set(SSL_EAY_NAMES ssleay32)
+    if(CMAKE_CROSSCOMPILING)
+      list(APPEND LIB_EAY_NAMES crypto)
+      list(APPEND SSL_EAY_NAMES ssl)
+    endif()
+    find_library(LIB_EAY
+      NAMES
+        ${LIB_EAY_NAMES}
+      ${_OPENSSL_ROOT_HINTS_AND_PATHS}
+      PATH_SUFFIXES
+        "lib"
+        "lib/MinGW"
+    )
+
+    find_library(SSL_EAY
+      NAMES
+        ${SSL_EAY_NAMES}
+      ${_OPENSSL_ROOT_HINTS_AND_PATHS}
+      PATH_SUFFIXES
+        "lib"
+        "lib/MinGW"
+    )
+
+    mark_as_advanced(SSL_EAY LIB_EAY)
+    set( OPENSSL_SSL_LIBRARY ${SSL_EAY} )
+    set( OPENSSL_CRYPTO_LIBRARY ${LIB_EAY} )
+    set( OPENSSL_LIBRARIES ${SSL_EAY} ${LIB_EAY} )
+    unset(LIB_EAY_NAMES)
+    unset(SSL_EAY_NAMES)
+  else()
+    # Not sure what to pick for -say- intel, let's use the toplevel ones and hope someone report issues:
+    find_library(LIB_EAY
+      NAMES
+        libeay32
+      ${_OPENSSL_ROOT_HINTS_AND_PATHS}
+      HINTS
+        ${_OPENSSL_LIBDIR}
+      PATH_SUFFIXES
+        lib
+    )
+
+    find_library(SSL_EAY
+      NAMES
+        ssleay32
+      ${_OPENSSL_ROOT_HINTS_AND_PATHS}
+      HINTS
+        ${_OPENSSL_LIBDIR}
+      PATH_SUFFIXES
+        lib
+    )
+
+    mark_as_advanced(SSL_EAY LIB_EAY)
+    set( OPENSSL_SSL_LIBRARY ${SSL_EAY} )
+    set( OPENSSL_CRYPTO_LIBRARY ${LIB_EAY} )
+    set( OPENSSL_LIBRARIES ${SSL_EAY} ${LIB_EAY} )
+  endif()
+else()
+
+  find_library(OPENSSL_SSL_LIBRARY
+    NAMES
+      ssl
+      ssleay32
+      ssleay32MD
+    ${_OPENSSL_ROOT_HINTS_AND_PATHS}
+    HINTS
+      ${_OPENSSL_LIBDIR}
+    PATH_SUFFIXES
+      lib
+  )
+
+  find_library(OPENSSL_CRYPTO_LIBRARY
+    NAMES
+      crypto
+    ${_OPENSSL_ROOT_HINTS_AND_PATHS}
+    HINTS
+      ${_OPENSSL_LIBDIR}
+    PATH_SUFFIXES
+      lib
+  )
+
+  mark_as_advanced(OPENSSL_CRYPTO_LIBRARY OPENSSL_SSL_LIBRARY)
+
+  # compat defines
+  set(OPENSSL_SSL_LIBRARIES ${OPENSSL_SSL_LIBRARY})
+  set(OPENSSL_CRYPTO_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
+
+  set(OPENSSL_LIBRARIES ${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY})
+
+endif()
+
+function(from_hex HEX DEC)
+  string(TOUPPER "${HEX}" HEX)
+  set(_res 0)
+  string(LENGTH "${HEX}" _strlen)
+
+  while (_strlen GREATER 0)
+    math(EXPR _res "${_res} * 16")
+    string(SUBSTRING "${HEX}" 0 1 NIBBLE)
+    string(SUBSTRING "${HEX}" 1 -1 HEX)
+    if (NIBBLE STREQUAL "A")
+      math(EXPR _res "${_res} + 10")
+    elseif (NIBBLE STREQUAL "B")
+      math(EXPR _res "${_res} + 11")
+    elseif (NIBBLE STREQUAL "C")
+      math(EXPR _res "${_res} + 12")
+    elseif (NIBBLE STREQUAL "D")
+      math(EXPR _res "${_res} + 13")
+    elseif (NIBBLE STREQUAL "E")
+      math(EXPR _res "${_res} + 14")
+    elseif (NIBBLE STREQUAL "F")
+      math(EXPR _res "${_res} + 15")
+    else()
+      math(EXPR _res "${_res} + ${NIBBLE}")
+    endif()
+
+    string(LENGTH "${HEX}" _strlen)
+  endwhile()
+
+  set(${DEC} ${_res} PARENT_SCOPE)
+endfunction()
+
+if (OPENSSL_INCLUDE_DIR)
+  if(OPENSSL_INCLUDE_DIR AND EXISTS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h")
+    file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" openssl_version_str
+         REGEX "^# *define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*")
+
+    # The version number is encoded as 0xMNNFFPPS: major minor fix patch status
+    # The status gives if this is a developer or prerelease and is ignored here.
+    # Major, minor, and fix directly translate into the version numbers shown in
+    # the string. The patch field translates to the single character suffix that
+    # indicates the bug fix state, which 00 -> nothing, 01 -> a, 02 -> b and so
+    # on.
+
+    string(REGEX REPLACE "^.*OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])([0-9a-fA-F][0-9a-fA-F])([0-9a-fA-F][0-9a-fA-F])([0-9a-fA-F][0-9a-fA-F])([0-9a-fA-F]).*$"
+           "\\1;\\2;\\3;\\4;\\5" OPENSSL_VERSION_LIST "${openssl_version_str}")
+    list(GET OPENSSL_VERSION_LIST 0 OPENSSL_VERSION_MAJOR)
+    list(GET OPENSSL_VERSION_LIST 1 OPENSSL_VERSION_MINOR)
+    from_hex("${OPENSSL_VERSION_MINOR}" OPENSSL_VERSION_MINOR)
+    list(GET OPENSSL_VERSION_LIST 2 OPENSSL_VERSION_FIX)
+    from_hex("${OPENSSL_VERSION_FIX}" OPENSSL_VERSION_FIX)
+    list(GET OPENSSL_VERSION_LIST 3 OPENSSL_VERSION_PATCH)
+
+    if (NOT OPENSSL_VERSION_PATCH STREQUAL "00")
+      from_hex("${OPENSSL_VERSION_PATCH}" _tmp)
+      # 96 is the ASCII code of 'a' minus 1
+      math(EXPR OPENSSL_VERSION_PATCH_ASCII "${_tmp} + 96")
+      unset(_tmp)
+      # Once anyone knows how OpenSSL would call the patch versions beyond 'z'
+      # this should be updated to handle that, too. This has not happened yet
+      # so it is simply ignored here for now.
+      string(ASCII "${OPENSSL_VERSION_PATCH_ASCII}" OPENSSL_VERSION_PATCH_STRING)
+    endif ()
+
+    set(OPENSSL_VERSION "${OPENSSL_VERSION_MAJOR}.${OPENSSL_VERSION_MINOR}.${OPENSSL_VERSION_FIX}${OPENSSL_VERSION_PATCH_STRING}")
+  endif ()
+endif ()
+
+include(${CMAKE_CURRENT_LIST_DIR}/FindPackageHandleStandardArgs.cmake)
+
+if (OPENSSL_VERSION)
+  find_package_handle_standard_args(OpenSSL
+    REQUIRED_VARS
+      OPENSSL_LIBRARIES
+      OPENSSL_INCLUDE_DIR
+    VERSION_VAR
+      OPENSSL_VERSION
+    FAIL_MESSAGE
+      "Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the system variable OPENSSL_ROOT_DIR"
+  )
+else ()
+  find_package_handle_standard_args(OpenSSL "Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the system variable OPENSSL_ROOT_DIR"
+    OPENSSL_LIBRARIES
+    OPENSSL_INCLUDE_DIR
+  )
+endif ()
+
+mark_as_advanced(OPENSSL_INCLUDE_DIR OPENSSL_LIBRARIES)
--- a/cmake/Modules/FindPackageHandleStandardArgs.cmake
+++ b/cmake/Modules/FindPackageHandleStandardArgs.cmake
@@ -0,0 +1,382 @@
+#.rst:
+# FindPackageHandleStandardArgs
+# -----------------------------
+#
+#
+#
+# FIND_PACKAGE_HANDLE_STANDARD_ARGS(<name> ...  )
+#
+# This function is intended to be used in FindXXX.cmake modules files.
+# It handles the REQUIRED, QUIET and version-related arguments to
+# find_package().  It also sets the <packagename>_FOUND variable.  The
+# package is considered found if all variables <var1>...  listed contain
+# valid results, e.g.  valid filepaths.
+#
+# There are two modes of this function.  The first argument in both
+# modes is the name of the Find-module where it is called (in original
+# casing).
+#
+# The first simple mode looks like this:
+#
+# ::
+#
+#     FIND_PACKAGE_HANDLE_STANDARD_ARGS(<name>
+#       (DEFAULT_MSG|"Custom failure message") <var1>...<varN> )
+#
+# If the variables <var1> to <varN> are all valid, then
+# <UPPERCASED_NAME>_FOUND will be set to TRUE.  If DEFAULT_MSG is given
+# as second argument, then the function will generate itself useful
+# success and error messages.  You can also supply a custom error
+# message for the failure case.  This is not recommended.
+#
+# The second mode is more powerful and also supports version checking:
+#
+# ::
+#
+#     FIND_PACKAGE_HANDLE_STANDARD_ARGS(<NAME>
+#       [FOUND_VAR <resultVar>]
+#       [REQUIRED_VARS <var1>...<varN>]
+#       [VERSION_VAR   <versionvar>]
+#       [HANDLE_COMPONENTS]
+#       [CONFIG_MODE]
+#       [FAIL_MESSAGE "Custom failure message"] )
+#
+# In this mode, the name of the result-variable can be set either to
+# either <UPPERCASED_NAME>_FOUND or <OriginalCase_Name>_FOUND using the
+# FOUND_VAR option.  Other names for the result-variable are not
+# allowed.  So for a Find-module named FindFooBar.cmake, the two
+# possible names are FooBar_FOUND and FOOBAR_FOUND.  It is recommended
+# to use the original case version.  If the FOUND_VAR option is not
+# used, the default is <UPPERCASED_NAME>_FOUND.
+#
+# As in the simple mode, if <var1> through <varN> are all valid,
+# <packagename>_FOUND will be set to TRUE.  After REQUIRED_VARS the
+# variables which are required for this package are listed.  Following
+# VERSION_VAR the name of the variable can be specified which holds the
+# version of the package which has been found.  If this is done, this
+# version will be checked against the (potentially) specified required
+# version used in the find_package() call.  The EXACT keyword is also
+# handled.  The default messages include information about the required
+# version and the version which has been actually found, both if the
+# version is ok or not.  If the package supports components, use the
+# HANDLE_COMPONENTS option to enable handling them.  In this case,
+# find_package_handle_standard_args() will report which components have
+# been found and which are missing, and the <packagename>_FOUND variable
+# will be set to FALSE if any of the required components (i.e.  not the
+# ones listed after OPTIONAL_COMPONENTS) are missing.  Use the option
+# CONFIG_MODE if your FindXXX.cmake module is a wrapper for a
+# find_package(...  NO_MODULE) call.  In this case VERSION_VAR will be
+# set to <NAME>_VERSION and the macro will automatically check whether
+# the Config module was found.  Via FAIL_MESSAGE a custom failure
+# message can be specified, if this is not used, the default message
+# will be displayed.
+#
+# Example for mode 1:
+#
+# ::
+#
+#     find_package_handle_standard_args(LibXml2  DEFAULT_MSG
+#       LIBXML2_LIBRARY LIBXML2_INCLUDE_DIR)
+#
+#
+#
+# LibXml2 is considered to be found, if both LIBXML2_LIBRARY and
+# LIBXML2_INCLUDE_DIR are valid.  Then also LIBXML2_FOUND is set to
+# TRUE.  If it is not found and REQUIRED was used, it fails with
+# FATAL_ERROR, independent whether QUIET was used or not.  If it is
+# found, success will be reported, including the content of <var1>.  On
+# repeated Cmake runs, the same message won't be printed again.
+#
+# Example for mode 2:
+#
+# ::
+#
+#     find_package_handle_standard_args(LibXslt
+#       FOUND_VAR LibXslt_FOUND
+#       REQUIRED_VARS LibXslt_LIBRARIES LibXslt_INCLUDE_DIRS
+#       VERSION_VAR LibXslt_VERSION_STRING)
+#
+# In this case, LibXslt is considered to be found if the variable(s)
+# listed after REQUIRED_VAR are all valid, i.e.  LibXslt_LIBRARIES and
+# LibXslt_INCLUDE_DIRS in this case.  The result will then be stored in
+# LibXslt_FOUND .  Also the version of LibXslt will be checked by using
+# the version contained in LibXslt_VERSION_STRING.  Since no
+# FAIL_MESSAGE is given, the default messages will be printed.
+#
+# Another example for mode 2:
+#
+# ::
+#
+#     find_package(Automoc4 QUIET NO_MODULE HINTS /opt/automoc4)
+#     find_package_handle_standard_args(Automoc4  CONFIG_MODE)
+#
+# In this case, FindAutmoc4.cmake wraps a call to find_package(Automoc4
+# NO_MODULE) and adds an additional search directory for automoc4.  Here
+# the result will be stored in AUTOMOC4_FOUND.  The following
+# FIND_PACKAGE_HANDLE_STANDARD_ARGS() call produces a proper
+# success/error message.
+
+#=============================================================================
+# Copyright 2007-2009 Kitware, Inc.
+#
+# Distributed under the OSI-approved BSD License (the "License");
+# see accompanying file Copyright.txt for details.
+#
+# This software is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the License for more information.
+#=============================================================================
+# (To distribute this file outside of CMake, substitute the full
+#  License text for the above reference.)
+
+include(${CMAKE_CURRENT_LIST_DIR}/FindPackageMessage.cmake)
+include(${CMAKE_CURRENT_LIST_DIR}/CMakeParseArguments.cmake)
+
+# internal helper macro
+macro(_FPHSA_FAILURE_MESSAGE _msg)
+  if (${_NAME}_FIND_REQUIRED)
+    message(FATAL_ERROR "${_msg}")
+  else ()
+    if (NOT ${_NAME}_FIND_QUIETLY)
+      message(STATUS "${_msg}")
+    endif ()
+  endif ()
+endmacro()
+
+
+# internal helper macro to generate the failure message when used in CONFIG_MODE:
+macro(_FPHSA_HANDLE_FAILURE_CONFIG_MODE)
+  # <name>_CONFIG is set, but FOUND is false, this means that some other of the REQUIRED_VARS was not found:
+  if(${_NAME}_CONFIG)
+    _FPHSA_FAILURE_MESSAGE("${FPHSA_FAIL_MESSAGE}: missing: ${MISSING_VARS} (found ${${_NAME}_CONFIG} ${VERSION_MSG})")
+  else()
+    # If _CONSIDERED_CONFIGS is set, the config-file has been found, but no suitable version.
+    # List them all in the error message:
+    if(${_NAME}_CONSIDERED_CONFIGS)
+      set(configsText "")
+      list(LENGTH ${_NAME}_CONSIDERED_CONFIGS configsCount)
+      math(EXPR configsCount "${configsCount} - 1")
+      foreach(currentConfigIndex RANGE ${configsCount})
+        list(GET ${_NAME}_CONSIDERED_CONFIGS ${currentConfigIndex} filename)
+        list(GET ${_NAME}_CONSIDERED_VERSIONS ${currentConfigIndex} version)
+        set(configsText "${configsText}    ${filename} (version ${version})\n")
+      endforeach()
+      if (${_NAME}_NOT_FOUND_MESSAGE)
+        set(configsText "${configsText}    Reason given by package: ${${_NAME}_NOT_FOUND_MESSAGE}\n")
+      endif()
+      _FPHSA_FAILURE_MESSAGE("${FPHSA_FAIL_MESSAGE} ${VERSION_MSG}, checked the following files:\n${configsText}")
+
+    else()
+      # Simple case: No Config-file was found at all:
+      _FPHSA_FAILURE_MESSAGE("${FPHSA_FAIL_MESSAGE}: found neither ${_NAME}Config.cmake nor ${_NAME_LOWER}-config.cmake ${VERSION_MSG}")
+    endif()
+  endif()
+endmacro()
+
+
+function(FIND_PACKAGE_HANDLE_STANDARD_ARGS _NAME _FIRST_ARG)
+
+# set up the arguments for CMAKE_PARSE_ARGUMENTS and check whether we are in
+# new extended or in the "old" mode:
+  set(options  CONFIG_MODE  HANDLE_COMPONENTS)
+  set(oneValueArgs  FAIL_MESSAGE  VERSION_VAR  FOUND_VAR)
+  set(multiValueArgs REQUIRED_VARS)
+  set(_KEYWORDS_FOR_EXTENDED_MODE  ${options} ${oneValueArgs} ${multiValueArgs} )
+  list(FIND _KEYWORDS_FOR_EXTENDED_MODE "${_FIRST_ARG}" INDEX)
+
+  if(${INDEX} EQUAL -1)
+    set(FPHSA_FAIL_MESSAGE ${_FIRST_ARG})
+    set(FPHSA_REQUIRED_VARS ${ARGN})
+    set(FPHSA_VERSION_VAR)
+  else()
+
+    CMAKE_PARSE_ARGUMENTS(FPHSA "${options}" "${oneValueArgs}" "${multiValueArgs}"  ${_FIRST_ARG} ${ARGN})
+
+    if(FPHSA_UNPARSED_ARGUMENTS)
+      message(FATAL_ERROR "Unknown keywords given to FIND_PACKAGE_HANDLE_STANDARD_ARGS(): \"${FPHSA_UNPARSED_ARGUMENTS}\"")
+    endif()
+
+    if(NOT FPHSA_FAIL_MESSAGE)
+      set(FPHSA_FAIL_MESSAGE  "DEFAULT_MSG")
+    endif()
+  endif()
+
+# now that we collected all arguments, process them
+
+  if("x${FPHSA_FAIL_MESSAGE}" STREQUAL "xDEFAULT_MSG")
+    set(FPHSA_FAIL_MESSAGE "Could NOT find ${_NAME}")
+  endif()
+
+  # In config-mode, we rely on the variable <package>_CONFIG, which is set by find_package()
+  # when it successfully found the config-file, including version checking:
+  if(FPHSA_CONFIG_MODE)
+    list(INSERT FPHSA_REQUIRED_VARS 0 ${_NAME}_CONFIG)
+    list(REMOVE_DUPLICATES FPHSA_REQUIRED_VARS)
+    set(FPHSA_VERSION_VAR ${_NAME}_VERSION)
+  endif()
+
+  if(NOT FPHSA_REQUIRED_VARS)
+    message(FATAL_ERROR "No REQUIRED_VARS specified for FIND_PACKAGE_HANDLE_STANDARD_ARGS()")
+  endif()
+
+  list(GET FPHSA_REQUIRED_VARS 0 _FIRST_REQUIRED_VAR)
+
+  string(TOUPPER ${_NAME} _NAME_UPPER)
+  string(TOLOWER ${_NAME} _NAME_LOWER)
+
+  if(FPHSA_FOUND_VAR)
+    if(FPHSA_FOUND_VAR MATCHES "^${_NAME}_FOUND$"  OR  FPHSA_FOUND_VAR MATCHES "^${_NAME_UPPER}_FOUND$")
+      set(_FOUND_VAR ${FPHSA_FOUND_VAR})
+    else()
+      message(FATAL_ERROR "The argument for FOUND_VAR is \"${FPHSA_FOUND_VAR}\", but only \"${_NAME}_FOUND\" and \"${_NAME_UPPER}_FOUND\" are valid names.")
+    endif()
+  else()
+    set(_FOUND_VAR ${_NAME_UPPER}_FOUND)
+  endif()
+
+  # collect all variables which were not found, so they can be printed, so the
+  # user knows better what went wrong (#6375)
+  set(MISSING_VARS "")
+  set(DETAILS "")
+  # check if all passed variables are valid
+  unset(${_FOUND_VAR})
+  foreach(_CURRENT_VAR ${FPHSA_REQUIRED_VARS})
+    if(NOT ${_CURRENT_VAR})
+      set(${_FOUND_VAR} FALSE)
+      set(MISSING_VARS "${MISSING_VARS} ${_CURRENT_VAR}")
+    else()
+      set(DETAILS "${DETAILS}[${${_CURRENT_VAR}}]")
+    endif()
+  endforeach()
+  if(NOT "${${_FOUND_VAR}}" STREQUAL "FALSE")
+    set(${_FOUND_VAR} TRUE)
+  endif()
+
+  # component handling
+  unset(FOUND_COMPONENTS_MSG)
+  unset(MISSING_COMPONENTS_MSG)
+
+  if(FPHSA_HANDLE_COMPONENTS)
+    foreach(comp ${${_NAME}_FIND_COMPONENTS})
+      if(${_NAME}_${comp}_FOUND)
+
+        if(NOT DEFINED FOUND_COMPONENTS_MSG)
+          set(FOUND_COMPONENTS_MSG "found components: ")
+        endif()
+        set(FOUND_COMPONENTS_MSG "${FOUND_COMPONENTS_MSG} ${comp}")
+
+      else()
+
+        if(NOT DEFINED MISSING_COMPONENTS_MSG)
+          set(MISSING_COMPONENTS_MSG "missing components: ")
+        endif()
+        set(MISSING_COMPONENTS_MSG "${MISSING_COMPONENTS_MSG} ${comp}")
+
+        if(${_NAME}_FIND_REQUIRED_${comp})
+          set(${_FOUND_VAR} FALSE)
+          set(MISSING_VARS "${MISSING_VARS} ${comp}")
+        endif()
+
+      endif()
+    endforeach()
+    set(COMPONENT_MSG "${FOUND_COMPONENTS_MSG} ${MISSING_COMPONENTS_MSG}")
+    set(DETAILS "${DETAILS}[c${COMPONENT_MSG}]")
+  endif()
+
+  # version handling:
+  set(VERSION_MSG "")
+  set(VERSION_OK TRUE)
+  set(VERSION ${${FPHSA_VERSION_VAR}})
+
+  # check with DEFINED here as the requested or found version may be "0"
+  if (DEFINED ${_NAME}_FIND_VERSION)
+    if(DEFINED ${FPHSA_VERSION_VAR})
+
+      if(${_NAME}_FIND_VERSION_EXACT)       # exact version required
+        # count the dots in the version string
+        string(REGEX REPLACE "[^.]" "" _VERSION_DOTS "${VERSION}")
+        # add one dot because there is one dot more than there are components
+        string(LENGTH "${_VERSION_DOTS}." _VERSION_DOTS)
+        if (_VERSION_DOTS GREATER ${_NAME}_FIND_VERSION_COUNT)
+          # Because of the C++ implementation of find_package() ${_NAME}_FIND_VERSION_COUNT
+          # is at most 4 here. Therefore a simple lookup table is used.
+          if (${_NAME}_FIND_VERSION_COUNT EQUAL 1)
+            set(_VERSION_REGEX "[^.]*")
+          elseif (${_NAME}_FIND_VERSION_COUNT EQUAL 2)
+            set(_VERSION_REGEX "[^.]*\\.[^.]*")
+          elseif (${_NAME}_FIND_VERSION_COUNT EQUAL 3)
+            set(_VERSION_REGEX "[^.]*\\.[^.]*\\.[^.]*")
+          else ()
+            set(_VERSION_REGEX "[^.]*\\.[^.]*\\.[^.]*\\.[^.]*")
+          endif ()
+          string(REGEX REPLACE "^(${_VERSION_REGEX})\\..*" "\\1" _VERSION_HEAD "${VERSION}")
+          unset(_VERSION_REGEX)
+          if (NOT ${_NAME}_FIND_VERSION VERSION_EQUAL _VERSION_HEAD)
+            set(VERSION_MSG "Found unsuitable version \"${VERSION}\", but required is exact version \"${${_NAME}_FIND_VERSION}\"")
+            set(VERSION_OK FALSE)
+          else ()
+            set(VERSION_MSG "(found suitable exact version \"${VERSION}\")")
+          endif ()
+          unset(_VERSION_HEAD)
+        else ()
+          if (NOT ${_NAME}_FIND_VERSION VERSION_EQUAL VERSION)
+            set(VERSION_MSG "Found unsuitable version \"${VERSION}\", but required is exact version \"${${_NAME}_FIND_VERSION}\"")
+            set(VERSION_OK FALSE)
+          else ()
+            set(VERSION_MSG "(found suitable exact version \"${VERSION}\")")
+          endif ()
+        endif ()
+        unset(_VERSION_DOTS)
+
+      else()     # minimum version specified:
+        if (${_NAME}_FIND_VERSION VERSION_GREATER VERSION)
+          set(VERSION_MSG "Found unsuitable version \"${VERSION}\", but required is at least \"${${_NAME}_FIND_VERSION}\"")
+          set(VERSION_OK FALSE)
+        else ()
+          set(VERSION_MSG "(found suitable version \"${VERSION}\", minimum required is \"${${_NAME}_FIND_VERSION}\")")
+        endif ()
+      endif()
+
+    else()
+
+      # if the package was not found, but a version was given, add that to the output:
+      if(${_NAME}_FIND_VERSION_EXACT)
+         set(VERSION_MSG "(Required is exact version \"${${_NAME}_FIND_VERSION}\")")
+      else()
+         set(VERSION_MSG "(Required is at least version \"${${_NAME}_FIND_VERSION}\")")
+      endif()
+
+    endif()
+  else ()
+    if(VERSION)
+      set(VERSION_MSG "(found version \"${VERSION}\")")
+    endif()
+  endif ()
+
+  if(VERSION_OK)
+    set(DETAILS "${DETAILS}[v${VERSION}(${${_NAME}_FIND_VERSION})]")
+  else()
+    set(${_FOUND_VAR} FALSE)
+  endif()
+
+
+  # print the result:
+  if (${_FOUND_VAR})
+    FIND_PACKAGE_MESSAGE(${_NAME} "Found ${_NAME}: ${${_FIRST_REQUIRED_VAR}} ${VERSION_MSG} ${COMPONENT_MSG}" "${DETAILS}")
+  else ()
+
+    if(FPHSA_CONFIG_MODE)
+      _FPHSA_HANDLE_FAILURE_CONFIG_MODE()
+    else()
+      if(NOT VERSION_OK)
+        _FPHSA_FAILURE_MESSAGE("${FPHSA_FAIL_MESSAGE}: ${VERSION_MSG} (found ${${_FIRST_REQUIRED_VAR}})")
+      else()
+        _FPHSA_FAILURE_MESSAGE("${FPHSA_FAIL_MESSAGE} (missing: ${MISSING_VARS}) ${VERSION_MSG}")
+      endif()
+    endif()
+
+  endif ()
+
+  set(${_FOUND_VAR} ${${_FOUND_VAR}} PARENT_SCOPE)
+
+endfunction()
--- a/cmake/Modules/FindPackageMessage.cmake
+++ b/cmake/Modules/FindPackageMessage.cmake
@@ -0,0 +1,57 @@
+#.rst:
+# FindPackageMessage
+# ------------------
+#
+#
+#
+# FIND_PACKAGE_MESSAGE(<name> "message for user" "find result details")
+#
+# This macro is intended to be used in FindXXX.cmake modules files.  It
+# will print a message once for each unique find result.  This is useful
+# for telling the user where a package was found.  The first argument
+# specifies the name (XXX) of the package.  The second argument
+# specifies the message to display.  The third argument lists details
+# about the find result so that if they change the message will be
+# displayed again.  The macro also obeys the QUIET argument to the
+# find_package command.
+#
+# Example:
+#
+# ::
+#
+#   if(X11_FOUND)
+#     FIND_PACKAGE_MESSAGE(X11 "Found X11: ${X11_X11_LIB}"
+#       "[${X11_X11_LIB}][${X11_INCLUDE_DIR}]")
+#   else()
+#    ...
+#   endif()
+
+#=============================================================================
+# Copyright 2008-2009 Kitware, Inc.
+#
+# Distributed under the OSI-approved BSD License (the "License");
+# see accompanying file Copyright.txt for details.
+#
+# This software is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the License for more information.
+#=============================================================================
+# (To distribute this file outside of CMake, substitute the full
+#  License text for the above reference.)
+
+function(FIND_PACKAGE_MESSAGE pkg msg details)
+  # Avoid printing a message repeatedly for the same find result.
+  if(NOT ${pkg}_FIND_QUIETLY)
+    string(REPLACE "\n" "" details "${details}")
+    set(DETAILS_VAR FIND_PACKAGE_MESSAGE_DETAILS_${pkg})
+    if(NOT "${details}" STREQUAL "${${DETAILS_VAR}}")
+      # The message has not yet been printed.
+      message(STATUS "${msg}")
+
+      # Save the find details in the cache to avoid printing the same
+      # message again.
+      set("${DETAILS_VAR}" "${details}"
+        CACHE INTERNAL "Details about finding ${pkg}")
+    endif()
+  endif()
+endfunction()
--- a/commandline.c
+++ b/commandline.c
@@ -30,6 +30,7 @@
 #include <string.h>
 #include <signal.h>
 #include <syslog.h>
+#include <assert.h>
 #include <sys/types.h>
 #include <sys/stat.h>

@@ -38,6 +39,7 @@
 #include "commandline.h"
 #include "debug.h"
 #include "version.h"
+#include "utils.h"

 typedef void signal_func (int);

@@ -108,7 +110,7 @@ get_daemon_status()
 /** @internal
 * @brief Print usage
 *
- * Prints usage, called when wifidog is run with -h or with an unknown option
+ * Prints usage, called when xfrpc is run with -h or with an unknown option
 */
 static void
 usage(const char *appname)
@@ -121,6 +123,7 @@ usage(const char *appname)
    fprintf(stdout, "  -d <level>    Debug level\n");
    fprintf(stdout, "  -h            Print usage\n");
    fprintf(stdout, "  -v            Print version information\n");
+    fprintf(stdout, "  -r            Print run id of client\n");
    fprintf(stdout, "\n");
 }

@@ -133,7 +136,7 @@ parse_commandline(int argc, char **argv)
    int c;
 	int flag = 0;
 	
-    while (-1 != (c = getopt(argc, argv, "c:hfd:sw:vx:i:a:"))) {
+    while (-1 != (c = getopt(argc, argv, "c:hfd:sw:vrx:i:a:"))) {


        switch (c) {
@@ -145,7 +148,8 @@ parse_commandline(int argc, char **argv)

        case 'c':
            if (optarg) {
-				confile = strdup(optarg);          
+				confile = strdup(optarg); //never free it
+                assert(confile);
 				flag = 1;
            }
            break;
@@ -162,10 +166,28 @@ parse_commandline(int argc, char **argv)
            break;

        case 'v':
-            fprintf(stdout, "This is %s version " VERSION "\n", argv[0]);
+            fprintf(stdout, "version: " VERSION "\n");
            exit(1);
            break;
+        
+        case 'r':
+            {
+                char ifname[16] = {0};
+            	if(get_net_ifname(ifname, 16)){
+            		debug(LOG_ERR, "error: get device sign ifname failed!");
+            		exit(0);
+            	}

+            	char if_mac[64] = {0};
+            	if(get_net_mac(ifname, if_mac, sizeof(if_mac))) {
+            		debug(LOG_ERR, "error: Hard ware MAC address of [%s] get failed!", ifname);
+            		exit(0);
+            	}
+
+                fprintf(stdout, "run ID:%s\n", if_mac);
+                exit(1);
+                break;
+            }
        default:
            usage(argv[0]);
            exit(1);
--- a/common.c
+++ b/common.c
@@ -0,0 +1,50 @@
+/* vim: set et ts=4 sts=4 sw=4 : */
+/********************************************************************\
+ * This program is free software; you can redistribute it and/or    *
+ * modify it under the terms of the GNU General Public License as   *
+ * published by the Free Software Foundation; either version 2 of   *
+ * the License, or (at your option) any later version.              *
+ *                                                                  *
+ * This program is distributed in the hope that it will be useful,  *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of   *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    *
+ * GNU General Public License for more details.                     *
+ *                                                                  *
+ * You should have received a copy of the GNU General Public License*
+ * along with this program; if not, contact:                        *
+ *                                                                  *
+ * Free Software Foundation           Voice:  +1-617-542-5942       *
+ * 59 Temple Place - Suite 330        Fax:    +1-617-542-2652       *
+ * Boston, MA  02111-1307,  USA       gnu@gnu.org                   *
+ *                                                                  *
+\********************************************************************/
+
+/** @file common.c
+    @brief xfrp common function implemented
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
+*/
+
+#include "uthash.h"
+#include "common.h"
+
+uint64_t ntoh64(const uint64_t input)
+{
+    uint64_t rval;
+    uint8_t *data = (uint8_t *)&rval;
+
+    data[0] = input >> 56;
+    data[1] = input >> 48;
+    data[2] = input >> 40;
+    data[3] = input >> 32;
+    data[4] = input >> 24;
+    data[5] = input >> 16;
+    data[6] = input >> 8;
+    data[7] = input >> 0;
+
+    return rval;
+}
+
+uint64_t hton64(const uint64_t input)
+{
+    return (ntoh64(input));
+}
--- a/common.h
+++ b/common.h
@@ -0,0 +1,76 @@
+/* vim: set et ts=4 sts=4 sw=4 : */
+/********************************************************************\
+ * This program is free software; you can redistribute it and/or    *
+ * modify it under the terms of the GNU General Public License as   *
+ * published by the Free Software Foundation; either version 2 of   *
+ * the License, or (at your option) any later version.              *
+ *                                                                  *
+ * This program is distributed in the hope that it will be useful,  *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of   *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    *
+ * GNU General Public License for more details.                     *
+ *                                                                  *
+ * You should have received a copy of the GNU General Public License*
+ * along with this program; if not, contact:                        *
+ *                                                                  *
+ * Free Software Foundation           Voice:  +1-617-542-5942       *
+ * 59 Temple Place - Suite 330        Fax:    +1-617-542-2652       *
+ * Boston, MA  02111-1307,  USA       gnu@gnu.org                   *
+ *                                                                  *
+\********************************************************************/
+
+/** @file common.h
+    @brief xfrp common header
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
+*/
+
+#ifndef _COMMON_H_
+#define _COMMON_H_
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <netinet/in.h>
+
+#include <event2/bufferevent.h>
+#include <event2/buffer.h>
+#include <event2/listener.h>
+#include <event2/util.h>
+#include <event2/event.h>
+#include <event2/dns.h>
+#include <event2/event_struct.h>
+
+#include <assert.h>
+
+#include "uthash.h"
+
+#define BIGENDIAN_64BIT 1
+//#define BIGENDIAN_32BIT 1
+
+#define SAFE_FREE(m) 	\
+if (m) free(m)
+
+uint64_t ntoh64(const uint64_t input);
+uint64_t hton64(const uint64_t input);
+
+#ifdef BIGENDIAN_64BIT
+	typedef uint64_t msg_size_t;
+	#define msg_ntoh(l)		\
+	ntoh64(l)
+
+	#define msg_hton(b) 	\
+	hton64(b)
+
+#elif BIGENDIAN_32BIT
+	#define msg_ntoh(l)		\
+	ntohl(l)
+
+	#define msg_hton(b)		\
+	htonl(b)
+
+	typedef uint32_t msg_size_t;
+#endif //BIGENDIAN_64BIT
+
+typedef unsigned short ushort;
+
+#endif //_COMMON_H_
--- a/config.c
+++ b/config.c
@@ -20,25 +20,31 @@
 \********************************************************************/

 /** @file config.c
-    @brief xfrp client config related
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+    @brief xfrpc client config related
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <time.h>

 #include <syslog.h>
+#include <sys/utsname.h>

 #include "ini.h"
 #include "uthash.h"
 #include "config.h"
 #include "client.h"
 #include "debug.h"
+#include "msg.h"
+#include "utils.h"
+#include "version.h"

 static struct common_conf 	*c_conf;
-static struct proxy_client 	*p_clients;
+static struct proxy_service *all_ps;

+static void new_ftp_data_proxy_service(struct proxy_service *ftp_ps);

 struct common_conf *get_common_config()
 {
@@ -56,25 +62,27 @@ void free_common_config()
 	if (c_conf->log_level) free(c_conf->log_level);
 	if (c_conf->auth_token) free(c_conf->auth_token);
 	if (c_conf->privilege_token) free(c_conf->privilege_token);
+	SAFE_FREE(c_conf->server_ip);
 };

+void set_common_server_ip(const char *ip)
+{
+	struct common_conf *c_conf = get_common_config();
+	c_conf->server_ip = strdup(ip);
+	assert(c_conf->server_ip);
+
+	debug(LOG_DEBUG, "server IP address: [%s]", c_conf->server_ip);
+}
+
 void free_base_config(struct base_conf *bconf)
 {
 	if (bconf->name) free(bconf->name);
 	if (bconf->auth_token) free(bconf->auth_token);
-	if (bconf->type) free(bconf->type);
 	if (bconf->privilege_token) free(bconf->privilege_token);
 	if (bconf->host_header_rewrite) free(bconf->host_header_rewrite);
-	if (bconf->http_username) free(bconf->http_username);
-	if (bconf->http_password) free(bconf->http_password);
 	if (bconf->subdomain) free(bconf->subdomain);
 }

-struct proxy_client *get_all_pc()
-{
-	return p_clients;
-}
-
 static int is_true(const char *val)
 {
 	if (val && (strcmp(val, "true") == 0 || strcmp(val, "1") == 0))
@@ -83,14 +91,17 @@ static int is_true(const char *val)
 	return 0;
 }

-static char *get_valid_type(const char *val)
+static const char *get_valid_type(const char *val)
 {
 	if (!val)
 		return NULL;
 	
 	#define MATCH_VALUE(s) strcmp(val, s) == 0
-	if (MATCH_VALUE("tcp") || MATCH_VALUE("http") || MATCH_VALUE("https") || MATCH_VALUE("udp")) {
-		return strdup(val);
+	if (MATCH_VALUE("tcp") || 
+		MATCH_VALUE("http") || 
+		MATCH_VALUE("https")) { 
+
+		return val;
 	}
 	
 	return NULL;
@@ -98,7 +109,7 @@ static char *get_valid_type(const char *val)

 static void dump_common_conf()
 {
-	if(!c_conf) {
+	if(! c_conf) {
 		debug(LOG_ERR, "Error: c_conf is NULL");
 		return;
 	}
@@ -107,120 +118,173 @@ static void dump_common_conf()
 			 c_conf->server_addr, c_conf->server_port, c_conf->auth_token, c_conf->privilege_token, c_conf->heartbeat_interval, c_conf->heartbeat_timeout);
 }

-static void dump_proxy_client(const int index, const struct proxy_client *pc)
+static void dump_proxy_service(const int index, struct proxy_service *ps)
 {
-	if (!pc || !pc->bconf)
+	if (!ps)
 		return;
-
-	if (NULL == pc->bconf->type) {
-		pc->bconf->type = strdup("tcp");
-	}
 	
-	if (1 == pc->bconf->privilege_mode) {
-		if (NULL == pc->bconf->privilege_token) {
-			debug(LOG_ERR, "Proxy [%s] error: privilege_token must be set when privilege_mode = true", pc->bconf->name);
-			exit(0);
-		}
-
-        if ((strcmp(pc->bconf->type, "http") != 0) && (strcmp(pc->bconf->type, "https"))) {
-		    if (0 > pc->remote_port) {
-			    debug(LOG_ERR, "Proxy [%s] error: remote_port must be set when privilege_mode = true", pc->bconf->name);
-			    exit(0);
-		    }
-        }
-	}
-
-	if (0 > pc->local_port) {
-		debug(LOG_ERR, "Proxy [%s] error: local_port not found", pc->bconf->name);
+	if (0 > ps->local_port) {
+		debug(LOG_ERR, "Proxy [%s] error: local_port not found", ps->proxy_name);
 		exit(0);
 	}

-	debug(LOG_DEBUG, "Proxy %d: {name:%s, local_port:%d, type:%s}", index, pc->bconf->name, pc->local_port, pc->bconf->type);
+	if (NULL == ps->proxy_type) {
+		ps->proxy_type = strdup("tcp");
+		assert(ps->proxy_type);
+	} else if (strcmp(ps->proxy_type, "ftp") == 0) {
+		new_ftp_data_proxy_service(ps);
+	}
+
+	debug(LOG_DEBUG, 
+		"Proxy service %d: {name:%s, local_port:%d, type:%s}", 
+		index, 
+		ps->proxy_name, 
+		ps->local_port, 
+		ps->proxy_type);
 }

-static void dump_all_pc()
+static void dump_all_ps()
 {
-	struct proxy_client *s = NULL, *tmp = NULL;
+	struct proxy_service *ps = NULL, *tmp = NULL;
 	
 	int index = 0;
-	HASH_ITER(hh, p_clients, s, tmp) {
-		dump_proxy_client(index++, s);
+	HASH_ITER(hh, all_ps, ps, tmp) {
+		dump_proxy_service(index++, ps);
 	}
 }

-static struct proxy_client *new_proxy_client(const char *name)
+static struct proxy_service *new_proxy_service(const char *name)
 {
-	struct proxy_client *pc = calloc(sizeof(struct proxy_client), 1);
-	assert(pc);
-	struct base_conf	*bc = calloc(sizeof(struct base_conf), 1);
-	assert(bc);
+	if (! name)
+		return NULL;
+
+	struct proxy_service *ps = (struct proxy_service *)calloc(sizeof(struct proxy_service), 1);
+	assert(ps);
 	assert(c_conf);
-	
-	bc->name 			= strdup(name);
-	bc->use_encryption 	= 0;
-	bc->use_gzip		= 0;
-	bc->privilege_mode	= 0;
-	bc->pool_count		= 0;

-	pc->bconf			= bc;
-	pc->name			= strdup(name);
-	pc->local_port		= -1;
-	pc->remote_port		= -1;
+	ps->proxy_name 			= strdup(name);
+	ps->ftp_cfg_proxy_name	= NULL;
+	assert(ps->proxy_name);

-	if (c_conf->auth_token)
-		bc->auth_token	= strdup(c_conf->auth_token);
-	if (c_conf->privilege_token)
-		bc->privilege_token = strdup(c_conf->privilege_token);
+	ps->proxy_type 			= NULL;
+	ps->use_encryption 		= 0;
+	ps->local_port			= -1;
+	ps->remote_port			= -1;
+	ps->remote_data_port	= -1;
+	ps->use_compression 	= 0;
+	ps->use_encryption		= 0;

-	return pc;
+	ps->custom_domains		= NULL;
+	ps->subdomain			= NULL;
+	ps->locations			= NULL;
+	ps->host_header_rewrite	= NULL;
+	ps->http_user			= NULL;
+	ps->http_pwd			= NULL;
+
+	return ps;
 }

-static int service_handler(void *user, const char *section, const char *nm, const char *value)
+// create a new proxy service with suffix "_ftp_data_proxy"
+static void new_ftp_data_proxy_service(struct proxy_service *ftp_ps)
 {
- 	struct proxy_client	*pc = NULL;
+	struct proxy_service *ps = NULL;
+	char *ftp_data_proxy_name = get_ftp_data_proxy_name((const char *)ftp_ps->proxy_name);

-	if (strcmp(section, "common") == 0)
+	HASH_FIND_STR(all_ps, ftp_data_proxy_name, ps);
+	if (!ps) {
+		ps = new_proxy_service(ftp_data_proxy_name);
+		if (! ps) {
+			debug(LOG_ERR, 
+				"cannot create ftp data proxy service, it should not happenned!");
+			exit(0);
+		}
+		
+		ps->ftp_cfg_proxy_name = strdup(ftp_ps->proxy_name);
+		assert(ps->ftp_cfg_proxy_name);
+
+		ps->proxy_type = strdup("tcp");
+		ps->remote_port = ftp_ps->remote_data_port;
+		ps->local_ip = ftp_ps->local_ip;
+		ps->local_port = 0; //will be init in working tunnel connectting
+
+		HASH_ADD_KEYPTR(hh, all_ps, ps->proxy_name, strlen(ps->proxy_name), ps);
+	}
+
+	free(ftp_data_proxy_name);
+}
+
+static int 
+proxy_service_handler(void *user, const char *sect, const char *nm, const char *value)
+{
+ 	struct proxy_service *ps = NULL;
+
+	char *section = NULL;
+	section = strdup(sect);
+	assert(section);
+
+	if (strcmp(section, "common") == 0) {
+		SAFE_FREE(section);
 		return 0;
-	
-	HASH_FIND_STR(p_clients, section, pc);
-	if (!pc) {
-		pc = new_proxy_client(section);
-		HASH_ADD_KEYPTR(hh, p_clients, pc->name, strlen(pc->name), pc);
-		debug(LOG_DEBUG, "Section[%s] not found in p_clients, add pc[%s]",
-			  section, pc->name);
+	}
+
+	HASH_FIND_STR(all_ps, section, ps);
+	if (!ps) {
+		ps = new_proxy_service(section);
+		if (! ps) {
+			debug(LOG_ERR, "cannot create proxy service, it should not happenned!");
+			exit(0);
+		}
+
+		HASH_ADD_KEYPTR(hh, all_ps, ps->proxy_name, strlen(ps->proxy_name), ps);
 	} 
 	
 	#define MATCH_NAME(s) strcmp(nm, s) == 0
+	#define TO_BOOL(v) strcmp(value, "true") ? 0:1
+
 	if (MATCH_NAME("type")) {
-		pc->bconf->type = get_valid_type(value);
+		if (! get_valid_type(value)) {
+			debug(LOG_ERR, "proxy service type %s is not supportted", value);
+			SAFE_FREE(section);
+			exit(0);
+		}
+		ps->proxy_type = strdup(value);
+		assert(ps->proxy_type);
 	} else if (MATCH_NAME("local_ip")) {
-		pc->local_ip = strdup(value);
+		ps->local_ip = strdup(value);
+		assert(ps->local_ip);
 	} else if (MATCH_NAME("local_port")) {
-		pc->local_port = atoi(value);
+		ps->local_port = atoi(value);
 	} else if (MATCH_NAME("use_encryption")) {
-		pc->bconf->use_encryption = is_true(value);
-	} else if (MATCH_NAME("use_gzip")) {
-		pc->bconf->use_gzip = is_true(value);
-	} else if (MATCH_NAME("privilege_mode")) {
-		pc->bconf->privilege_mode = is_true(value);
-	} else if (MATCH_NAME("pool_count")) {
-		pc->bconf->pool_count = atoi(value);
+		ps->use_encryption = is_true(value);
 	} else if (MATCH_NAME("remote_port")) {
-		pc->remote_port = atoi(value);
+		ps->remote_port = atoi(value);
+	} else if (MATCH_NAME("remote_data_port")) {
+		ps->remote_data_port = atoi(value);
 	} else if (MATCH_NAME("http_user")) {
-		pc->bconf->http_username = strdup(value);
+		ps->http_user = strdup(value);
+		assert(ps->http_user);
 	} else if (MATCH_NAME("http_pwd")) {
-		pc->bconf->http_password = strdup(value);
+		ps->http_pwd = strdup(value);
+		assert(ps->http_pwd);
 	} else if (MATCH_NAME("subdomain")) {
-		pc->bconf->subdomain= strdup(value);
+		ps->subdomain = strdup(value);
+		assert(ps->http_pwd);
 	} else if (MATCH_NAME("custom_domains")) {
-		pc->custom_domains= strdup(value);
+		ps->custom_domains = strdup(value);
+		assert(ps->custom_domains);
 	} else if (MATCH_NAME("locations")) {
-		pc->locations= strdup(value);
+		ps->locations = strdup(value);
+		assert(ps->locations);
 	} else if (MATCH_NAME("host_header_rewrite")) {
-		pc->bconf->host_header_rewrite= strdup(value);
+		ps->host_header_rewrite = strdup(value);
+		assert(ps->host_header_rewrite);
+	} else if (MATCH_NAME("use_encryption")) {
+		ps->use_encryption = TO_BOOL(value);
+	} else if (MATCH_NAME("use_compression")) {
+		ps->use_compression = TO_BOOL(value);
 	}
-	
+
+	SAFE_FREE(section);
 	return 1;
 }

@@ -230,33 +294,56 @@ static int common_handler(void *user, const char *section, const char *name, con
 	
 	#define MATCH(s, n) strcmp(section, s) == 0 && strcmp(name, n) == 0
 	if (MATCH("common", "server_addr")) {
-		if (config->server_addr) free(config->server_addr);
-		config->server_addr = strdup(value);
+		SAFE_FREE(config->server_addr);
+		int addr_len = strlen(value) + 1;
+		config->server_addr = (char *)calloc(1, addr_len);
+		assert(config->server_addr);
+		if(dns_unified(value, config->server_addr, addr_len)) {
+			debug(LOG_ERR, "error: server_addr [%s] is invalid!", value);
+			exit(0);
+		}
+		if (is_valid_ip_address(value))
+			set_common_server_ip(value);
 	} else if (MATCH("common", "server_port")) {
 		config->server_port = atoi(value);
 	} else if (MATCH("common", "http_proxy")) {
+		SAFE_FREE(config->http_proxy);
 		config->http_proxy = strdup(value);
+		assert(config->http_proxy);
 	} else if (MATCH("common", "log_file")) {
-		if (config->log_file) free(config->log_file);
+		SAFE_FREE(config->log_file);
 		config->log_file = strdup(value);
+		assert(config->log_file);
 	} else if (MATCH("common", "log_way")) {
-		if (config->log_way) free(config->log_way);
+		SAFE_FREE(config->log_way);
 		config->log_way = strdup(value);
+		assert(config->log_way);
 	} else if (MATCH("common", "log_level")) {
-		if (config->log_level) free(config->log_level);
+		SAFE_FREE(config->log_level);
 		config->log_level = strdup(value);
+		assert(config->log_level);
 	} else if (MATCH("common", "log_max_days")) {
 		config->log_max_days = atoi(value);
 	} else if (MATCH("common", "privilege_token")) {
+		SAFE_FREE(config->privilege_token);
 		config->privilege_token = strdup(value);
+		assert(config->privilege_token);
 	} else if (MATCH("common", "heartbeat_interval")) {
 		config->heartbeat_interval = atoi(value);
 	} else if (MATCH("common", "heartbeat_timeout")) {
 		config->heartbeat_timeout = atoi(value);
-	} else if (MATCH("common", "auth_token")) {
+	} else if (MATCH("common", "token")) {
+		SAFE_FREE(config->auth_token);
 		config->auth_token = strdup(value);
+		assert(config->auth_token);
+	} else if (MATCH("common", "user")) {
+		SAFE_FREE(config->user);
+		config->user = strdup(value);
+		assert(config->user);
+	} else if (MATCH("common", "tcp_mux")) {
+		config->tcp_mux = atoi(value);
+		config->tcp_mux = !!config->tcp_mux;
 	}
-	
 	return 1;
 }

@@ -266,23 +353,49 @@ static void init_common_conf(struct common_conf *config)
 		return;
 	
 	config->server_addr			= strdup("0.0.0.0");
+	assert(config->server_addr);
 	config->server_port			= 7000;
 	config->log_file			= strdup("console");
+	assert(config->log_file);
 	config->log_way				= strdup("console");
+	assert(config->log_way);
 	config->log_level			= strdup("info");
+	assert(config->log_level);
 	config->log_max_days		= 3;
-	config->heartbeat_interval 	= 10;
-	config->heartbeat_timeout	= 30;
+	config->heartbeat_interval 	= 30;
+	config->heartbeat_timeout	= 90;
+	config->tcp_mux				= 1;
+	config->user				= NULL;
+	config->server_ip			= NULL;
+	config->is_router			= 0;
+}
+
+// it should be free after using
+// because of assert it will never return NULL
+char *get_ftp_data_proxy_name(const char *ftp_proxy_name)
+{
+	char *ftp_tail_data_name = FTP_RMT_CTL_PROXY_SUFFIX;
+	char *ftp_data_proxy_name = (char *)calloc(1, 
+								strlen(ftp_proxy_name)+strlen(ftp_tail_data_name)+1);
+	assert(ftp_data_proxy_name);
+
+	snprintf(ftp_data_proxy_name, 
+		strlen(ftp_proxy_name) + strlen(ftp_tail_data_name) + 1, 
+		"%s%s", 
+		ftp_proxy_name, 
+		ftp_tail_data_name);
+	
+	return ftp_data_proxy_name;
 }

 void load_config(const char *confile)
 {
-	c_conf = calloc(sizeof(struct common_conf), 1);
+	c_conf = (struct common_conf *)calloc(sizeof(struct common_conf), 1);
 	assert(c_conf);
 	
 	init_common_conf(c_conf);

-	debug(LOG_INFO, "Reading configuration file '%s'", confile);
+	debug(LOG_DEBUG, "Reading configuration file '%s'", confile);
 	
 	if (ini_parse(confile, common_handler, c_conf) < 0) {
 		debug(LOG_ERR, "Config file parse failed");
@@ -301,7 +414,26 @@ void load_config(const char *confile)
 		exit(0);
 	}
 	
-	ini_parse(confile, service_handler, NULL);
+	ini_parse(confile, proxy_service_handler, NULL);
 	
-	dump_all_pc();
+	dump_all_ps();
+}
+
+int is_running_in_router()
+{
+	return c_conf->is_router;
+}
+
+struct proxy_service *
+get_proxy_service(const char *proxy_name)
+{
+	struct proxy_service *ps = NULL;
+	HASH_FIND_STR(all_ps, proxy_name, ps);
+	return ps;
+}
+
+struct proxy_service *
+get_all_proxy_services()
+{
+	return all_ps;
 }
--- a/config.h
+++ b/config.h
@@ -20,50 +20,66 @@
 \********************************************************************/

 /** @file config.h
-    @brief xfrp client config related
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+    @brief xfrpc client config related
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */
 #ifndef _CONFIG_H_
 #define _CONFIG_H_

+#include "client.h"
+#include "common.h"
+
+#define FTP_RMT_CTL_PROXY_SUFFIX	"_ftp_remote_ctl_proxy"
+
 struct base_conf{
 	char	*name;
 	char	*auth_token;
-	char	*type;
 	int		use_encryption;
 	int		use_gzip;
 	int		privilege_mode;
 	char	*privilege_token;
 	int		pool_count;
 	char	*host_header_rewrite;
-	char	*http_username;
-	char	*http_password;
 	char	*subdomain;
 };

 // common config
 struct common_conf {
-	char	*server_addr; /* default 0.0.0.0 */
-	int		server_port; /* default 7000 */
+	char	*server_addr; 	/* default 0.0.0.0 */
+	char 	*server_ip;
+	int		server_port; 	/* default 7000 */
 	char	*http_proxy;
-	char	*log_file; /* default consol */
-	char	*log_way; /* default console */
-	char	*log_level; /* default info */
+	char	*log_file; 		/* default consol */
+	char	*log_way; 		/* default console */
+	char	*log_level; 	/* default info */
 	int		log_max_days;	/* default 3 */
 	char	*privilege_token;
 	char	*auth_token;
 	int		heartbeat_interval; /* default 10 */
 	int		heartbeat_timeout;	/* default 30 */
+	int 	tcp_mux;		/* default 0 */
+	char	*user;
+
+	/* private fields */
+	int 	is_router;	// to sign router (Openwrt/LEDE) or not
 };
-	
+
 struct common_conf *get_common_config();

 void free_common_config();

 void free_base_config(struct base_conf *bconf);

-struct proxy_client *get_all_pc();
-
 void load_config(const char *confile);

-#endif
+char *get_ftp_data_proxy_name(const char *ftp_proxy_name);
+
+void set_common_server_ip(const char *ip);
+
+int is_running_in_router();
+
+struct proxy_service *get_proxy_service(const char *proxy_name);
+
+struct proxy_service *get_all_proxy_services();
+
+#endif //_CONFIG_H_
--- a/const.h
+++ b/const.h
@@ -20,8 +20,8 @@
 \********************************************************************/

 /** @file const.h
-    @brief xfrp constant parameter define
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+    @brief xfrpc constant parameter define
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */

 #ifndef	_CONST_H_
@@ -34,15 +34,5 @@ enum server_status {
 	Closed
 };

-// msg type
-enum msg_type {
-	NewCtlConn = 0,
-	NewWorkConn,
-	NoticeUserConn,
-	NewCtlConnRes,
-	HeartbeatReq,
-	HeartbeatRes,
-	NewWorkConnUdp
-};

 #endif
--- a/control.c
+++ b/control.c
--- a/control.h
+++ b/control.h
@@ -21,16 +21,64 @@

 /** @file control.h
    @brief control related
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */

+#ifndef	_CONTROL_H_
+#define	_CONTROL_H_
+
+#include "const.h"
+#include "uthash.h"
+#include "msg.h"
+
 struct proxy_client;
 struct bufferevent;
 struct event_base;
 enum msg_type;

+struct control {
+	struct event_base 	*connect_base;  	//main netevent 
+	struct evdns_base  	*dnsbase;
+    struct bufferevent  *connect_bev;    	//main io evet buf
+    struct event		*ticker_ping;    	//heartbeat timer
+
+	struct event		*tcp_mux_ping_event;	
+	uint32_t			tcp_mux_ping_id;	
+	uint32_t			stream_id;	
+};
+
+void connect_eventcb(struct bufferevent *bev, short events, void *ptr);
+
+void init_main_control();
+
+void run_control();
+
+struct control *get_main_control();
+
+void close_main_control();
+
+void start_login_frp_server(struct event_base *base);
+
+void send_login_frp_server(struct bufferevent *bev);
+
+void login();
+
+void send_msg_frp_server(struct bufferevent *bev, 
+			const enum msg_type type, 
+			const char *msg, 
+			const size_t msg_len, 
+			uint32_t sid);
+
+void send_enc_msg_frp_server(struct bufferevent *bev, 
+			const enum msg_type type, 
+			const char *msg, 
+			const size_t msg_len, 
+			uint32_t sid);
+
 void control_process(struct proxy_client *client);

-struct bufferevent *connect_server(struct proxy_client *client, const char *name, const int port);
+void send_new_proxy(struct proxy_service *ps);

-void send_msg_frp_server(enum msg_type type, const struct proxy_client *client, struct bufferevent *bev);
+struct bufferevent *connect_server(struct event_base *base, const char *name, const int port);
+
+#endif //_CONTROL_H_
--- a/crypto.c
+++ b/crypto.c
@@ -0,0 +1,280 @@
+/* vim: set et ts=4 sts=4 sw=4 : */
+/********************************************************************\
+ * This program is free software; you can redistribute it and/or    *
+ * modify it under the terms of the GNU General Public License as   *
+ * published by the Free Software Foundation; either version 2 of   *
+ * the License, or (at your option) any later version.              *
+ *                                                                  *
+ * This program is distributed in the hope that it will be useful,  *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of   *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    *
+ * GNU General Public License for more details.                     *
+ *                                                                  *
+ * You should have received a copy of the GNU General Public License*
+ * along with this program; if not, contact:                        *
+ *                                                                  *
+ * Free Software Foundation           Voice:  +1-617-542-5942       *
+ * 59 Temple Place - Suite 330        Fax:    +1-617-542-2652       *
+ * Boston, MA  02111-1307,  USA       gnu@gnu.org                   *
+ *                                                                  *
+\********************************************************************/
+
+/** @file crypto.c
+    @brief xfrpc crypto implement
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
+*/
+
+
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <time.h>
+#include <syslog.h>
+#include <openssl/ssl.h>
+
+#include "fastpbkdf2.h"
+#include "crypto.h"
+#include "config.h"
+#include "common.h"
+#include "debug.h"
+
+static const char *default_salt = "frp";
+static const size_t block_size = 16;
+static struct frp_coder *main_encoder = NULL;
+static struct frp_coder *main_decoder = NULL;
+static EVP_CIPHER_CTX *enc_ctx = NULL;
+static EVP_CIPHER_CTX *dec_ctx = NULL;
+
+static void
+free_frp_coder(struct frp_coder *coder)
+{
+	free(coder->salt);
+	free(coder->privilege_token);
+	free(coder);
+}
+
+static void
+free_all_frp_coder()
+{
+	if (main_encoder) {
+		free_frp_coder(main_encoder);
+		main_encoder = NULL;
+	}
+
+	if (main_decoder) {
+		free_frp_coder(main_decoder);
+		main_decoder = NULL;
+	}
+}
+
+void 
+free_evp_cipher_ctx() 
+{
+	free_all_frp_coder();
+
+	if (enc_ctx) {
+		EVP_CIPHER_CTX_free(enc_ctx);
+		enc_ctx = NULL;
+	}
+
+	if (dec_ctx) {
+		EVP_CIPHER_CTX_free(dec_ctx);
+		dec_ctx = NULL;
+	}
+}
+
+size_t 
+get_block_size()
+{
+	return block_size;
+}
+
+struct frp_coder *
+new_coder(const char *privilege_token, const char *salt)
+{
+	struct frp_coder *enc = calloc(sizeof(struct frp_coder), 1);
+	assert(enc);
+
+	enc->privilege_token = privilege_token ? strdup(privilege_token):strdup("\0");
+	enc->salt = strdup(salt);
+	encrypt_key(enc->privilege_token, strlen(enc->privilege_token), enc->salt, enc->key, block_size);
+	encrypt_iv(enc->iv, block_size);
+	return enc;
+}
+
+struct frp_coder *
+clone_coder(const struct frp_coder *coder)
+{
+	assert(coder);
+	struct frp_coder *enc = calloc(sizeof(struct frp_coder), 1);
+	memcpy(enc, coder, sizeof(*coder));
+	enc->privilege_token = strdup(coder->privilege_token);
+	enc->salt 	= strdup(coder->salt);
+
+	return enc;
+}
+
+size_t 
+get_encrypt_block_size()
+{
+	return block_size;
+}
+
+struct frp_coder *
+init_main_encoder() 
+{
+	if (main_decoder) {
+		main_encoder = clone_coder(main_decoder);
+	} else {
+		struct common_conf *c_conf = get_common_config();
+		main_encoder = new_coder(c_conf->auth_token, default_salt);
+	}
+	return main_encoder;
+}
+
+struct frp_coder *
+init_main_decoder(const uint8_t *iv)
+{
+	struct common_conf *c_conf = get_common_config();
+	main_decoder = new_coder(c_conf->auth_token, default_salt);
+	memcpy(main_decoder->iv, iv, block_size);
+	return main_decoder;
+}
+
+struct frp_coder *
+get_main_encoder() 
+{
+	return main_encoder;
+}
+
+struct frp_coder *
+get_main_decoder()
+{
+	return main_decoder;
+}
+
+int 
+is_encoder_inited()
+{
+	struct frp_coder *e = get_main_encoder();
+	return e != NULL;
+}
+
+int 
+is_decoder_inited()
+{
+	struct frp_coder *d = get_main_decoder();
+	return d != NULL;
+}
+
+// key_ret buffer len must be 16
+// the result should be free after using
+unsigned char *
+encrypt_key(const char *token, size_t token_len, const char *salt, uint8_t *key, size_t block_size) 
+{
+	unsigned char *key_ret = key;
+	fastpbkdf2_hmac_sha1((void *)token, 
+						token_len, (void *)salt, 
+						strlen(salt), 
+						64, 
+						(void *)key_ret, 
+						block_size);
+	return key_ret;
+}
+
+// the result should be free after using
+unsigned char *
+encrypt_iv(unsigned char *iv_buf, size_t iv_len)
+{
+	if (iv_len < block_size || iv_buf == NULL) {
+		return NULL;
+	}
+
+	srand((unsigned int) time(NULL));
+	for(size_t i=0; i<iv_len; i++) {
+		iv_buf[i] = (rand() % 254 ) + 1;
+	}
+
+	return iv_buf;
+}
+
+// using aes-128-cfb and nopadding
+size_t 
+encrypt_data(const uint8_t *src_data, size_t srclen, struct frp_coder *encoder, unsigned char **ret)
+{
+	uint8_t *intext = (uint8_t *)src_data;
+	assert(intext);
+	assert(encoder);
+	struct frp_coder *c = encoder;
+	int outlen = 0, tmplen = 0;
+	uint8_t *outbuf = NULL;
+	assert(c);
+
+	outbuf = calloc(srclen, 1);
+	assert(outbuf);
+	*ret = outbuf;
+
+	if (!enc_ctx) {
+		enc_ctx = EVP_CIPHER_CTX_new();
+		EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_cfb(), NULL, c->key, c->iv);
+	}
+	EVP_CIPHER_CTX *ctx = enc_ctx;
+
+	if(!EVP_EncryptUpdate(ctx, outbuf, &tmplen, intext, (int)srclen)) {
+		debug(LOG_ERR, "EVP_EncryptUpdate error!");
+		goto E_END;
+	}
+	outlen += tmplen;
+	if(!EVP_EncryptFinal_ex(ctx, outbuf+tmplen, &tmplen)) {
+		debug(LOG_ERR, "EVP_EncryptFinal_ex error!");
+		goto E_END;
+	}
+
+	outlen += tmplen;
+E_END:
+	return outlen;
+}
+
+size_t 
+decrypt_data(const uint8_t *enc_data, size_t enclen, struct frp_coder *decoder, uint8_t **ret)
+{
+	uint8_t *inbuf = (uint8_t *)enc_data;
+	uint8_t *outbuf = calloc(enclen+1, 1);
+	struct frp_coder *c = decoder;
+	assert(inbuf);
+	assert(outbuf);
+	*ret = outbuf;
+	assert(decoder);
+	
+	int outlen = 0, tmplen = 0;
+	if (!dec_ctx) {
+		dec_ctx= EVP_CIPHER_CTX_new();
+		EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_cfb(), NULL, c->key, c->iv);
+	}
+
+	EVP_CIPHER_CTX *ctx = dec_ctx;
+	if(!EVP_DecryptUpdate(ctx, outbuf, &tmplen, inbuf, enclen)) {
+		debug(LOG_ERR, "EVP_DecryptUpdate error!");
+		goto D_END;
+	}
+	outlen += tmplen;
+
+	if(!EVP_DecryptFinal_ex(ctx, outbuf+outlen, &tmplen)) {
+		debug(LOG_ERR, "EVP_DecryptFinal_ex error");
+		goto D_END;
+	}
+	outlen += tmplen;
+
+D_END:
+	return outlen;
+}
+
+void 
+free_encoder(struct frp_coder *encoder) {
+	if (encoder) {
+		SAFE_FREE(encoder->privilege_token);
+		SAFE_FREE(encoder->salt);
+		free(encoder);
+	}
+}
--- a/crypto.h
+++ b/crypto.h
@@ -0,0 +1,60 @@
+/* vim: set et ts=4 sts=4 sw=4 : */
+/********************************************************************\
+ * This program is free software; you can redistribute it and/or    *
+ * modify it under the terms of the GNU General Public License as   *
+ * published by the Free Software Foundation; either version 2 of   *
+ * the License, or (at your option) any later version.              *
+ *                                                                  *
+ * This program is distributed in the hope that it will be useful,  *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of   *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    *
+ * GNU General Public License for more details.                     *
+ *                                                                  *
+ * You should have received a copy of the GNU General Public License*
+ * along with this program; if not, contact:                        *
+ *                                                                  *
+ * Free Software Foundation           Voice:  +1-617-542-5942       *
+ * 59 Temple Place - Suite 330        Fax:    +1-617-542-2652       *
+ * Boston, MA  02111-1307,  USA       gnu@gnu.org                   *
+ *                                                                  *
+\********************************************************************/
+
+/** @file crypto.h
+    @brief xfrpc crypto header
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
+*/
+
+
+#ifndef _CRYPTO_H_
+#define _CRYPTO_H_
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "common.h"
+
+struct frp_coder {
+	uint8_t 	key[16];
+	char 		*salt;
+	uint8_t 	iv[16];
+	char 		*privilege_token;
+};
+
+size_t get_encrypt_block_size();
+size_t decrypt_data(const uint8_t *enc_data, size_t enc_len, struct frp_coder *decoder, uint8_t **ret);
+int is_encoder_inited();
+int is_decoder_inited();
+struct frp_coder *init_main_encoder();
+struct frp_coder *init_main_decoder(const uint8_t *iv);
+struct frp_coder *new_coder(const char *privilege_token, const char *salt);
+uint8_t *encrypt_key(const char *token, size_t token_len, const char *salt, uint8_t *key, size_t key_len);
+uint8_t *encrypt_iv(uint8_t *iv_buf, size_t iv_len);
+size_t encrypt_data(const uint8_t *src_data, size_t srclen, struct frp_coder *encoder, uint8_t **ret);
+struct frp_coder *get_main_encoder();
+struct frp_coder *get_main_decoder();
+size_t get_block_size();
+void free_encoder(struct frp_coder *encoder);
+void free_evp_cipher_ctx();
+
+#endif // _CRYPTO_H_
--- a/debug.c
+++ b/debug.c
@@ -34,6 +34,8 @@

 #include "debug.h"

+#define	PROGNAME	"xfrpc"
+
 debugconf_t debugconf = {
    .debuglevel = LOG_INFO,
    .log_stderr = 1,
@@ -46,7 +48,7 @@ Do not use directly, use the debug macro */
 void
 _debug(const char *filename, int line, int level, const char *format, ...)
 {
-    char buf[28];
+    char buf[32] = {0};
    va_list vlist;
    time_t ts;
    sigset_t block_chld;
@@ -75,7 +77,7 @@ _debug(const char *filename, int line, int level, const char *format, ...)
        }

        if (debugconf.log_syslog) {
-            openlog("wifidog", LOG_PID, debugconf.syslog_facility);
+            openlog(PROGNAME, LOG_PID, debugconf.syslog_facility);
            va_start(vlist, format);
            vsyslog(level, format, vlist);
            va_end(vlist);
--- a/debug.h
+++ b/debug.h
@@ -28,6 +28,7 @@
 #define _WIFIDOG_DEBUG_H_

 #include <string.h>
+#include <syslog.h>

 #define __FILENAME__ (strrchr(__FILE__, '/') ? strrchr(__FILE__, '/') + 1 : __FILE__)

--- a/fastpbkdf2.c
+++ b/fastpbkdf2.c
@@ -0,0 +1,399 @@
+/*
+ * fast-pbkdf2 - Optimal PBKDF2-HMAC calculation
+ * Written in 2015 by Joseph Birr-Pixton <jpixton@gmail.com>
+ *
+ * To the extent possible under law, the author(s) have dedicated all
+ * copyright and related and neighboring rights to this software to the
+ * public domain worldwide. This software is distributed without any
+ * warranty.
+ *
+ * You should have received a copy of the CC0 Public Domain Dedication
+ * along with this software. If not, see
+ * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#include "fastpbkdf2.h"
+
+#include <assert.h>
+#include <string.h>
+
+#include <openssl/sha.h>
+
+/* --- MSVC doesn't support C99 --- */
+#ifdef _MSC_VER
+#define restrict
+#define _Pragma __pragma
+#endif
+
+/* --- Common useful things --- */
+#define MIN(a, b) ((a) > (b)) ? (b) : (a)
+
+static inline void write32_be(uint32_t n, uint8_t out[4])
+{
+#if defined(__GNUC__) && __GNUC__ >= 4 && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+  *(uint32_t *)(out) = __builtin_bswap32(n);
+#else
+  out[0] = (n >> 24) & 0xff;
+  out[1] = (n >> 16) & 0xff;
+  out[2] = (n >> 8) & 0xff;
+  out[3] = n & 0xff;
+#endif
+}
+
+static inline void write64_be(uint64_t n, uint8_t out[8])
+{
+#if defined(__GNUC__) &&  __GNUC__ >= 4 && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+  *(uint64_t *)(out) = __builtin_bswap64(n);
+#else
+  write32_be((n >> 32) & 0xffffffff, out);
+  write32_be(n & 0xffffffff, out + 4);
+#endif
+}
+
+/* --- Optional OpenMP parallelisation of consecutive blocks --- */
+#ifdef WITH_OPENMP
+# define OPENMP_PARALLEL_FOR _Pragma("omp parallel for")
+#else
+# define OPENMP_PARALLEL_FOR
+#endif
+
+/* Prepare block (of blocksz bytes) to contain md padding denoting a msg-size
+ * message (in bytes).  block has a prefix of used bytes.
+ *
+ * Message length is expressed in 32 bits (so suitable for sha1, sha256, sha512). */
+static inline void md_pad(uint8_t *block, size_t blocksz, size_t used, size_t msg)
+{
+  memset(block + used, 0, blocksz - used - 4);
+  block[used] = 0x80;
+  block += blocksz - 4;
+  write32_be((uint32_t) (msg * 8), block);
+}
+
+/* Internal function/type names for hash-specific things. */
+#define HMAC_CTX(_name) HMAC_ ## _name ## _ctx
+#define HMAC_INIT(_name) HMAC_ ## _name ## _init
+#define HMAC_UPDATE(_name) HMAC_ ## _name ## _update
+#define HMAC_FINAL(_name) HMAC_ ## _name ## _final
+
+#define PBKDF2_F(_name) pbkdf2_f_ ## _name
+#define PBKDF2(_name) pbkdf2_ ## _name
+
+/* This macro expands to decls for the whole implementation for a given
+ * hash function.  Arguments are:
+ *
+ * _name like 'sha1', added to symbol names
+ * _blocksz block size, in bytes
+ * _hashsz digest output, in bytes
+ * _ctx hash context type
+ * _init hash context initialisation function
+ *    args: (_ctx *c)
+ * _update hash context update function
+ *    args: (_ctx *c, const void *data, size_t ndata)
+ * _final hash context finish function
+ *    args: (void *out, _ctx *c)
+ * _xform hash context raw block update function
+ *    args: (_ctx *c, const void *data)
+ * _xcpy hash context raw copy function (only need copy hash state)
+ *    args: (_ctx * restrict out, const _ctx *restrict in)
+ * _xtract hash context state extraction
+ *    args: args (_ctx *restrict c, uint8_t *restrict out)
+ * _xxor hash context xor function (only need xor hash state)
+ *    args: (_ctx *restrict out, const _ctx *restrict in)
+ *
+ * The resulting function is named PBKDF2(_name).
+ */
+#define DECL_PBKDF2(_name, _blocksz, _hashsz, _ctx,                           \
+                    _init, _update, _xform, _final, _xcpy, _xtract, _xxor)    \
+  typedef struct {                                                            \
+    _ctx inner;                                                               \
+    _ctx outer;                                                               \
+  } HMAC_CTX(_name);                                                          \
+                                                                              \
+  static inline void HMAC_INIT(_name)(HMAC_CTX(_name) *ctx,                   \
+                                      const uint8_t *key, size_t nkey)        \
+  {                                                                           \
+    /* Prepare key: */                                                        \
+    uint8_t k[_blocksz];                                                      \
+                                                                              \
+    /* Shorten long keys. */                                                  \
+    if (nkey > _blocksz)                                                      \
+    {                                                                         \
+      _init(&ctx->inner);                                                     \
+      _update(&ctx->inner, key, nkey);                                        \
+      _final(k, &ctx->inner);                                                 \
+                                                                              \
+      key = k;                                                                \
+      nkey = _hashsz;                                                         \
+    }                                                                         \
+                                                                              \
+    /* Standard doesn't cover case where blocksz < hashsz. */                 \
+    assert(nkey <= _blocksz);                                                 \
+                                                                              \
+    /* Right zero-pad short keys. */                                          \
+    if (k != key)                                                             \
+      memcpy(k, key, nkey);                                                   \
+    if (_blocksz > nkey)                                                      \
+      memset(k + nkey, 0, _blocksz - nkey);                                   \
+                                                                              \
+    /* Start inner hash computation */                                        \
+    uint8_t blk_inner[_blocksz];                                              \
+    uint8_t blk_outer[_blocksz];                                              \
+                                                                              \
+    for (size_t i = 0; i < _blocksz; i++)                                     \
+    {                                                                         \
+      blk_inner[i] = 0x36 ^ k[i];                                             \
+      blk_outer[i] = 0x5c ^ k[i];                                             \
+    }                                                                         \
+                                                                              \
+    _init(&ctx->inner);                                                       \
+    _update(&ctx->inner, blk_inner, sizeof blk_inner);                        \
+                                                                              \
+    /* And outer. */                                                          \
+    _init(&ctx->outer);                                                       \
+    _update(&ctx->outer, blk_outer, sizeof blk_outer);                        \
+  }                                                                           \
+                                                                              \
+  static inline void HMAC_UPDATE(_name)(HMAC_CTX(_name) *ctx,                 \
+                                        const void *data, size_t ndata)       \
+  {                                                                           \
+    _update(&ctx->inner, data, ndata);                                        \
+  }                                                                           \
+                                                                              \
+  static inline void HMAC_FINAL(_name)(HMAC_CTX(_name) *ctx,                  \
+                                       uint8_t out[_hashsz])                  \
+  {                                                                           \
+    _final(out, &ctx->inner);                                                 \
+    _update(&ctx->outer, out, _hashsz);                                       \
+    _final(out, &ctx->outer);                                                 \
+  }                                                                           \
+                                                                              \
+                                                                              \
+  /* --- PBKDF2 --- */                                                        \
+  static inline void PBKDF2_F(_name)(const HMAC_CTX(_name) *startctx,         \
+                                     uint32_t counter,                        \
+                                     const uint8_t *salt, size_t nsalt,       \
+                                     uint32_t iterations,                     \
+                                     uint8_t *out)                            \
+  {                                                                           \
+    uint8_t countbuf[4];                                                      \
+    write32_be(counter, countbuf);                                            \
+                                                                              \
+    /* Prepare loop-invariant padding block. */                               \
+    uint8_t Ublock[_blocksz];                                                 \
+    md_pad(Ublock, _blocksz, _hashsz, _blocksz + _hashsz);                    \
+                                                                              \
+    /* First iteration:                                                       \
+     *   U_1 = PRF(P, S || INT_32_BE(i))                                      \
+     */                                                                       \
+    HMAC_CTX(_name) ctx = *startctx;                                          \
+    HMAC_UPDATE(_name)(&ctx, salt, nsalt);                                    \
+    HMAC_UPDATE(_name)(&ctx, countbuf, sizeof countbuf);                      \
+    HMAC_FINAL(_name)(&ctx, Ublock);                                          \
+    _ctx result = ctx.outer;                                                  \
+                                                                              \
+    /* Subsequent iterations:                                                 \
+     *   U_c = PRF(P, U_{c-1})                                                \
+     */                                                                       \
+    for (uint32_t i = 1; i < iterations; i++)                                 \
+    {                                                                         \
+      /* Complete inner hash with previous U */                               \
+      _xcpy(&ctx.inner, &startctx->inner);                                    \
+      _xform(&ctx.inner, Ublock);                                             \
+      _xtract(&ctx.inner, Ublock);                                            \
+      /* Complete outer hash with inner output */                             \
+      _xcpy(&ctx.outer, &startctx->outer);                                    \
+      _xform(&ctx.outer, Ublock);                                             \
+      _xtract(&ctx.outer, Ublock);                                            \
+      _xxor(&result, &ctx.outer);                                             \
+    }                                                                         \
+                                                                              \
+    /* Reform result into output buffer. */                                   \
+    _xtract(&result, out);                                                    \
+  }                                                                           \
+                                                                              \
+  static inline void PBKDF2(_name)(const uint8_t *pw, size_t npw,             \
+                     const uint8_t *salt, size_t nsalt,                       \
+                     uint32_t iterations,                                     \
+                     uint8_t *out, size_t nout)                               \
+  {                                                                           \
+    assert(iterations);                                                       \
+    assert(out && nout);                                                      \
+                                                                              \
+    /* Starting point for inner loop. */                                      \
+    HMAC_CTX(_name) ctx;                                                      \
+    HMAC_INIT(_name)(&ctx, pw, npw);                                          \
+                                                                              \
+    /* How many blocks do we need? */                                         \
+    uint32_t blocks_needed = (uint32_t)(nout + _hashsz - 1) / _hashsz;        \
+                                                                              \
+    OPENMP_PARALLEL_FOR                                                       \
+    for (uint32_t counter = 1; counter <= blocks_needed; counter++)           \
+    {                                                                         \
+      uint8_t block[_hashsz];                                                 \
+      PBKDF2_F(_name)(&ctx, counter, salt, nsalt, iterations, block);         \
+                                                                              \
+      size_t offset = (counter - 1) * _hashsz;                                \
+      size_t taken = MIN(nout - offset, _hashsz);                             \
+      memcpy(out + offset, block, taken);                                     \
+    }                                                                         \
+  }
+
+static inline void sha1_extract(SHA_CTX *restrict ctx, uint8_t *restrict out)
+{
+  write32_be(ctx->h0, out);
+  write32_be(ctx->h1, out + 4);
+  write32_be(ctx->h2, out + 8);
+  write32_be(ctx->h3, out + 12);
+  write32_be(ctx->h4, out + 16);
+}
+
+static inline void sha1_cpy(SHA_CTX *restrict out, const SHA_CTX *restrict in)
+{
+  out->h0 = in->h0;
+  out->h1 = in->h1;
+  out->h2 = in->h2;
+  out->h3 = in->h3;
+  out->h4 = in->h4;
+}
+
+static inline void sha1_xor(SHA_CTX *restrict out, const SHA_CTX *restrict in)
+{
+  out->h0 ^= in->h0;
+  out->h1 ^= in->h1;
+  out->h2 ^= in->h2;
+  out->h3 ^= in->h3;
+  out->h4 ^= in->h4;
+}
+
+DECL_PBKDF2(sha1,
+            SHA_CBLOCK,
+            SHA_DIGEST_LENGTH,
+            SHA_CTX,
+            SHA1_Init,
+            SHA1_Update,
+            SHA1_Transform,
+            SHA1_Final,
+            sha1_cpy,
+            sha1_extract,
+            sha1_xor)
+
+static inline void sha256_extract(SHA256_CTX *restrict ctx, uint8_t *restrict out)
+{
+  write32_be(ctx->h[0], out);
+  write32_be(ctx->h[1], out + 4);
+  write32_be(ctx->h[2], out + 8);
+  write32_be(ctx->h[3], out + 12);
+  write32_be(ctx->h[4], out + 16);
+  write32_be(ctx->h[5], out + 20);
+  write32_be(ctx->h[6], out + 24);
+  write32_be(ctx->h[7], out + 28);
+}
+
+static inline void sha256_cpy(SHA256_CTX *restrict out, const SHA256_CTX *restrict in)
+{
+  out->h[0] = in->h[0];
+  out->h[1] = in->h[1];
+  out->h[2] = in->h[2];
+  out->h[3] = in->h[3];
+  out->h[4] = in->h[4];
+  out->h[5] = in->h[5];
+  out->h[6] = in->h[6];
+  out->h[7] = in->h[7];
+}
+
+static inline void sha256_xor(SHA256_CTX *restrict out, const SHA256_CTX *restrict in)
+{
+  out->h[0] ^= in->h[0];
+  out->h[1] ^= in->h[1];
+  out->h[2] ^= in->h[2];
+  out->h[3] ^= in->h[3];
+  out->h[4] ^= in->h[4];
+  out->h[5] ^= in->h[5];
+  out->h[6] ^= in->h[6];
+  out->h[7] ^= in->h[7];
+}
+
+DECL_PBKDF2(sha256,
+            SHA256_CBLOCK,
+            SHA256_DIGEST_LENGTH,
+            SHA256_CTX,
+            SHA256_Init,
+            SHA256_Update,
+            SHA256_Transform,
+            SHA256_Final,
+            sha256_cpy,
+            sha256_extract,
+            sha256_xor)
+
+static inline void sha512_extract(SHA512_CTX *restrict ctx, uint8_t *restrict out)
+{
+  write64_be(ctx->h[0], out);
+  write64_be(ctx->h[1], out + 8);
+  write64_be(ctx->h[2], out + 16);
+  write64_be(ctx->h[3], out + 24);
+  write64_be(ctx->h[4], out + 32);
+  write64_be(ctx->h[5], out + 40);
+  write64_be(ctx->h[6], out + 48);
+  write64_be(ctx->h[7], out + 56);
+}
+
+static inline void sha512_cpy(SHA512_CTX *restrict out, const SHA512_CTX *restrict in)
+{
+  out->h[0] = in->h[0];
+  out->h[1] = in->h[1];
+  out->h[2] = in->h[2];
+  out->h[3] = in->h[3];
+  out->h[4] = in->h[4];
+  out->h[5] = in->h[5];
+  out->h[6] = in->h[6];
+  out->h[7] = in->h[7];
+}
+
+static inline void sha512_xor(SHA512_CTX *restrict out, const SHA512_CTX *restrict in)
+{
+  out->h[0] ^= in->h[0];
+  out->h[1] ^= in->h[1];
+  out->h[2] ^= in->h[2];
+  out->h[3] ^= in->h[3];
+  out->h[4] ^= in->h[4];
+  out->h[5] ^= in->h[5];
+  out->h[6] ^= in->h[6];
+  out->h[7] ^= in->h[7];
+}
+
+DECL_PBKDF2(sha512,
+            SHA512_CBLOCK,
+            SHA512_DIGEST_LENGTH,
+            SHA512_CTX,
+            SHA512_Init,
+            SHA512_Update,
+            SHA512_Transform,
+            SHA512_Final,
+            sha512_cpy,
+            sha512_extract,
+            sha512_xor)
+
+void fastpbkdf2_hmac_sha1(const uint8_t *pw, size_t npw,
+                          const uint8_t *salt, size_t nsalt,
+                          uint32_t iterations,
+                          uint8_t *out, size_t nout)
+{
+  PBKDF2(sha1)(pw, npw, salt, nsalt, iterations, out, nout);
+}
+
+void fastpbkdf2_hmac_sha256(const uint8_t *pw, size_t npw,
+                            const uint8_t *salt, size_t nsalt,
+                            uint32_t iterations,
+                            uint8_t *out, size_t nout)
+{
+  PBKDF2(sha256)(pw, npw, salt, nsalt, iterations, out, nout);
+}
+
+void fastpbkdf2_hmac_sha512(const uint8_t *pw, size_t npw,
+                            const uint8_t *salt, size_t nsalt,
+                            uint32_t iterations,
+                            uint8_t *out, size_t nout)
+{
+  PBKDF2(sha512)(pw, npw, salt, nsalt, iterations, out, nout);
+}
+
--- a/fastpbkdf2.h
+++ b/fastpbkdf2.h
@@ -0,0 +1,71 @@
+/*
+ * fastpbkdf2 - Faster PBKDF2-HMAC calculation
+ * Written in 2015 by Joseph Birr-Pixton <jpixton@gmail.com>
+ *
+ * To the extent possible under law, the author(s) have dedicated all
+ * copyright and related and neighboring rights to this software to the
+ * public domain worldwide. This software is distributed without any
+ * warranty.
+ *
+ * You should have received a copy of the CC0 Public Domain Dedication
+ * along with this software. If not, see
+ * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#ifndef FASTPBKDF2_H
+#define FASTPBKDF2_H
+
+#include <stdlib.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** Calculates PBKDF2-HMAC-SHA1.
+ *
+ *  @p npw bytes at @p pw are the password input.
+ *  @p nsalt bytes at @p salt are the salt input.
+ *  @p iterations is the PBKDF2 iteration count and must be non-zero.
+ *  @p nout bytes of output are written to @p out.  @p nout must be non-zero.
+ *
+ *  This function cannot fail; it does not report errors.
+ */
+void fastpbkdf2_hmac_sha1(const uint8_t *pw, size_t npw,
+                          const uint8_t *salt, size_t nsalt,
+                          uint32_t iterations,
+                          uint8_t *out, size_t nout);
+
+/** Calculates PBKDF2-HMAC-SHA256.
+ *
+ *  @p npw bytes at @p pw are the password input.
+ *  @p nsalt bytes at @p salt are the salt input.
+ *  @p iterations is the PBKDF2 iteration count and must be non-zero.
+ *  @p nout bytes of output are written to @p out.  @p nout must be non-zero.
+ *
+ *  This function cannot fail; it does not report errors.
+ */
+void fastpbkdf2_hmac_sha256(const uint8_t *pw, size_t npw,
+                            const uint8_t *salt, size_t nsalt,
+                            uint32_t iterations,
+                            uint8_t *out, size_t nout);
+
+/** Calculates PBKDF2-HMAC-SHA512.
+ *
+ *  @p npw bytes at @p pw are the password input.
+ *  @p nsalt bytes at @p salt are the salt input.
+ *  @p iterations is the PBKDF2 iteration count and must be non-zero.
+ *  @p nout bytes of output are written to @p out.  @p nout must be non-zero.
+ *
+ *  This function cannot fail; it does not report errors.
+ */
+void fastpbkdf2_hmac_sha512(const uint8_t *pw, size_t npw,
+                            const uint8_t *salt, size_t nsalt,
+                            uint32_t iterations,
+                            uint8_t *out, size_t nout);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- a/login.c
+++ b/login.c
@@ -0,0 +1,138 @@
+/* vim: set et ts=4 sts=4 sw=4 : */
+/********************************************************************\
+ * This program is free software; you can redistribute it and/or    *
+ * modify it under the terms of the GNU General Public License as   *
+ * published by the Free Software Foundation; either version 2 of   *
+ * the License, or (at your option) any later version.              *
+ *                                                                  *
+ * This program is distributed in the hope that it will be useful,  *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of   *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    *
+ * GNU General Public License for more details.                     *
+ *                                                                  *
+ * You should have received a copy of the GNU General Public License*
+ * along with this program; if not, contact:                        *
+ *                                                                  *
+ * Free Software Foundation           Voice:  +1-617-542-5942       *
+ * 59 Temple Place - Suite 330        Fax:    +1-617-542-2652       *
+ * Boston, MA  02111-1307,  USA       gnu@gnu.org                   *
+ *                                                                  *
+\********************************************************************/
+
+/** @file login.c
+    @brief xfrpc login protocol implemented
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <time.h>
+
+#include <syslog.h>
+#include <sys/utsname.h>
+
+#include "ini.h"
+#include "uthash.h"
+#include "config.h"
+#include "client.h"
+#include "debug.h"
+#include "msg.h"
+#include "version.h"
+#include "login.h"
+#include "utils.h"
+
+static struct login 		*c_login;
+
+char *get_run_id()
+{
+	return c_login->run_id;
+}
+
+struct login *get_common_login_config()
+{
+	return c_login;
+}
+
+int is_logged()
+{
+	return c_login->logged;
+}
+
+void init_login()
+{
+	if (! c_login) 
+		c_login = calloc(sizeof(struct login), 1);
+
+	assert(c_login);
+
+	struct common_conf *c_conf = get_common_config();
+	assert(c_conf);
+
+	struct utsname uname_buf;
+	if (uname(&uname_buf)) {
+		return;
+	}
+
+	c_login->version 		= strdup(PROTOCOL_VERESION);
+	assert(c_login->version);
+	c_login->hostname 		= NULL;
+	c_login->os 			= strdup(uname_buf.sysname);
+	assert(c_login->os);
+	c_login->arch 			= strdup(uname_buf.machine);
+	assert(c_login->arch);
+	c_login->user 			= NULL;
+
+	c_login->timestamp 		= 0;
+	c_login->run_id 		= NULL;
+	c_login->metas			= NULL;
+	c_login->pool_count 	= 1;
+	c_login->privilege_key 	= NULL;
+	c_login->user			= c_conf->user;
+
+	c_login->logged 		= 0;
+
+	/* start to init login->run_id */
+	char ifname[16] = {0};
+	if(get_net_ifname(ifname, 16)){
+		debug(LOG_ERR, "error: get device sign ifname failed!");
+		exit(0);
+	}
+
+	if (strcmp(ifname, "br-lan") == 0) {
+		c_conf->is_router = 1;
+		debug(LOG_DEBUG, "working in router");
+	}
+
+	char if_mac[64] = {0};
+	if(get_net_mac(ifname, if_mac, sizeof(if_mac))) {
+		debug(LOG_ERR, "error: Hard ware MAC address of [%s] get failed!", ifname);
+		exit(0);
+	}
+
+	c_login->run_id = strdup(if_mac);
+	assert(c_login->run_id);
+}
+
+int login_resp_check(struct login_resp *lr)
+{
+	if (lr->run_id == NULL || strlen(lr->run_id) <= 1) {
+		if (lr->error && strlen(lr->error) > 0) {
+			debug(LOG_ERR, "login response error: %s", lr->error);
+		}
+		debug(LOG_ERR, "login falied!");
+		c_login->logged = 0;
+	} else {
+		c_login->logged = 1;
+		debug(LOG_DEBUG, "xfrp login response: run_id: [%s], version: [%s]", 
+			lr->run_id, 
+			lr->version);
+		SAFE_FREE(c_login->run_id);
+
+		c_login->run_id = strdup(lr->run_id);
+		assert(c_login->run_id);
+	}
+
+	return c_login->logged;
+}
--- a/login.h
+++ b/login.h
@@ -0,0 +1,65 @@
+/* vim: set et ts=4 sts=4 sw=4 : */
+/********************************************************************\
+ * This program is free software; you can redistribute it and/or    *
+ * modify it under the terms of the GNU General Public License as   *
+ * published by the Free Software Foundation; either version 2 of   *
+ * the License, or (at your option) any later version.              *
+ *                                                                  *
+ * This program is distributed in the hope that it will be useful,  *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of   *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    *
+ * GNU General Public License for more details.                     *
+ *                                                                  *
+ * You should have received a copy of the GNU General Public License*
+ * along with this program; if not, contact:                        *
+ *                                                                  *
+ * Free Software Foundation           Voice:  +1-617-542-5942       *
+ * 59 Temple Place - Suite 330        Fax:    +1-617-542-2652       *
+ * Boston, MA  02111-1307,  USA       gnu@gnu.org                   *
+ *                                                                  *
+\********************************************************************/
+
+/** @file login.h
+    @brief xfrp login header
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
+*/
+
+#ifndef _LOGIN_H_
+#define _LOGIN_H_
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <netinet/in.h>
+
+#include "uthash.h"
+
+struct login {
+	char		*version;
+	char		*hostname;
+	char 		*os;
+	char		*arch;
+	char 		*user;
+	char 		*privilege_key;
+	long int 	timestamp;
+	char 		*run_id;
+	char		*metas;
+	int 		pool_count;
+
+	/* fields not need json marshal */
+	int			logged;		//0 not login 1:logged
+};
+
+struct login_resp {
+	char 	*version;
+	char	*run_id;
+	char 	*error;
+};
+
+void init_login();
+char *get_run_id();
+struct login *get_common_login_config();
+int is_logged();
+int login_resp_check(struct login_resp *lr);
+
+#endif //_LOGIN_H_
--- a/main.c
+++ b/main.c
@@ -21,15 +21,16 @@

 /** @file main.c
    @brief xfrp client main
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */

-#include "xfrp_client.h"
+#include "xfrpc.h"
 #include "commandline.h"
+#include "login.h"

 int main(int argc, char **argv)
 {
 	parse_commandline(argc, argv);
-	
-	xfrp_client_loop();
+	init_login();
+	xfrpc_loop();
 }
--- a/msg.c
+++ b/msg.c
@@ -20,127 +20,384 @@
 \********************************************************************/

 /** @file msg.c
-    @brief xfrp client msg related
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+    @brief xfrpc client msg related
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */

 #include <string.h>
 #include <stdio.h>
 #include <json-c/json.h>
-#include <json-c/bits.h>
+#include <openssl/md5.h>
+#include <time.h>
 #include <assert.h>
+#include <syslog.h>
+#include <netinet/in.h>

 #include "msg.h"
 #include "const.h"
+#include "config.h"
+#include "debug.h"
+#include "common.h"
+#include "login.h"
+#include "client.h"
+#include "utils.h"

-static void fill_custom_domains(struct json_object *j_ctl_req, const char *custom_domains)
+#define JSON_MARSHAL_TYPE(jobj,key,jtype,item)		\
+json_object_object_add(jobj, key, json_object_new_##jtype((item)));
+
+#define SAFE_JSON_STRING(str_target) \
+str_target?str_target:"\0"
+
+const char msg_types[] = {TypeLogin, 
+						 TypeLoginResp, 
+						 TypeNewProxy, 
+						 TypeNewProxyResp, 
+						 TypeNewWorkConn, 
+						 TypeReqWorkConn, 
+						 TypeStartWorkConn, 
+						 TypePing, 
+						 TypePong, 
+						 TypeUDPPacket};
+
+char *
+calc_md5(const char *data, int datalen)
+{
+	unsigned char digest[16] = {0};
+	char *out = (char*)malloc(33);
+	assert(out);
+
+	MD5_CTX md5;
+	
+	MD5_Init(&md5);
+	MD5_Update(&md5, data, datalen);
+	MD5_Final(digest, &md5);
+	
+	for (int n = 0; n < 16; ++n) {
+        snprintf(&(out[n*2]), 3, "%02x", (unsigned int)digest[n]);
+    }
+
+    return out;
+}
+
+static void 
+fill_custom_domains(struct json_object *j_ctl_req, const char *custom_domains)
 {
 	struct json_object *jarray_cdomains = json_object_new_array();
 	assert(jarray_cdomains);
 	char *tmp = strdup(custom_domains);
+	assert(tmp);
 	char *tok = tmp, *end = tmp;
 	while (tok != NULL) {
 		strsep(&end, ",");
-		json_object_array_add(jarray_cdomains, json_object_new_string(tok));
+
+		int dname_len = strlen(tok) + 1;
+		char *dname_buf = (char *)calloc(1, dname_len);
+		assert(dname_buf);
+		dns_unified(tok, dname_buf, dname_len);
+		json_object_array_add(jarray_cdomains, json_object_new_string(dname_buf));
+
+		free(dname_buf);
 		tok = end;
 	}
-	free(tmp);
+	SAFE_FREE(tmp);
 	
 	json_object_object_add(j_ctl_req, "custom_domains", jarray_cdomains);
 }

-int control_request_marshal(const struct control_request *req, char **msg)
+struct work_conn *
+new_work_conn() {
+	struct work_conn *work_c = calloc(1, sizeof(struct work_conn));
+	assert(work_c);
+	if (work_c) 
+		work_c->run_id = NULL;
+
+	return work_c;
+}
+
+char *
+get_auth_key(const char *token, long int *timestamp)
 {
-	const char *tmp = NULL;
-	int  nret = 0;
-	struct json_object *j_ctl_req = json_object_new_object();
-	if (!j_ctl_req)
+	char seed[128] = {0};
+	*timestamp = time(NULL);
+	if (token)
+		snprintf(seed, 128, "%s%ld", token, *timestamp);
+	else
+		snprintf(seed, 128, "%ld", *timestamp);
+	
+	return calc_md5(seed, strlen(seed));
+}
+
+size_t 
+login_request_marshal(char **msg)
+{
+	size_t nret = 0;
+	struct json_object *j_login_req = json_object_new_object();
+	if (j_login_req == NULL)
 		return 0;
 	
-	json_object_object_add(j_ctl_req, "type", json_object_new_int(req->type));
-	json_object_object_add(j_ctl_req, "proxy_name", json_object_new_string(req->proxy_name));
-	json_object_object_add(j_ctl_req, "auth_key", 
-						   json_object_new_string(req->auth_key?req->auth_key:""));
-	if (req->type == HeartbeatReq)
-		goto end_process;
-	json_object_object_add(j_ctl_req, "use_encryption", json_object_new_boolean(req->use_encryption));
-	json_object_object_add(j_ctl_req, "use_gzip", json_object_new_boolean(req->use_gzip));
-	json_object_object_add(j_ctl_req, "pool_count", json_object_new_int(req->pool_count));
-	json_object_object_add(j_ctl_req, "privilege_mode", json_object_new_boolean(req->privilege_mode));
-	json_object_object_add(j_ctl_req, "privilege_key", 
-						   json_object_new_string(req->privilege_key?req->privilege_key:""));
-	json_object_object_add(j_ctl_req, "proxy_type", 
-						   json_object_new_string(req->proxy_type?req->proxy_type:""));
-	json_object_object_add(j_ctl_req, "remote_port", json_object_new_int(req->remote_port));
-	if (!req->custom_domains)
-		json_object_object_add(j_ctl_req, "custom_domains", NULL);
-	else {
-		fill_custom_domains(j_ctl_req, req->custom_domains);
-	}
-	if (!req->locations)
-		json_object_object_add(j_ctl_req, "locations", NULL);
-	else {
-		// need to implement it
-		;
-	}
-		
-	json_object_object_add(j_ctl_req, "host_header_rewrite", 
-						   json_object_new_string(req->host_header_rewrite?req->host_header_rewrite:""));
-	json_object_object_add(j_ctl_req, "http_username", 
-						   json_object_new_string(req->http_username?req->http_username:""));
-	json_object_object_add(j_ctl_req, "http_password", 
-						   json_object_new_string(req->http_password?req->http_password:""));
-	json_object_object_add(j_ctl_req, "subdomain", 
-						   json_object_new_string(req->subdomain?req->subdomain:""));
-	json_object_object_add(j_ctl_req, "timestamp", json_object_new_int(req->timestamp));
+	struct login *lg = get_common_login_config();
+	if (!lg)
+		return 0;
 	
+	SAFE_FREE(lg->privilege_key);
+	struct common_conf *cf = get_common_config();
+	char *auth_key = get_auth_key(cf->auth_token, &lg->timestamp);
+	lg->privilege_key = strdup(auth_key);
+	assert(lg->privilege_key);
 	
-end_process:
-	tmp = json_object_to_json_string(j_ctl_req);
+	JSON_MARSHAL_TYPE(j_login_req, "version", string, lg->version);
+	JSON_MARSHAL_TYPE(j_login_req, "hostname", string, SAFE_JSON_STRING(lg->hostname));
+	JSON_MARSHAL_TYPE(j_login_req, "os", string, lg->os);
+	JSON_MARSHAL_TYPE(j_login_req, "arch", string, lg->arch);
+	JSON_MARSHAL_TYPE(j_login_req, "user", string, SAFE_JSON_STRING(lg->user));
+
+	JSON_MARSHAL_TYPE(j_login_req, "privilege_key", string, SAFE_JSON_STRING(lg->privilege_key));
+	JSON_MARSHAL_TYPE(j_login_req, "timestamp", int64, lg->timestamp);
+	JSON_MARSHAL_TYPE(j_login_req, "run_id", string, SAFE_JSON_STRING(lg->run_id));
+	JSON_MARSHAL_TYPE(j_login_req, "pool_count", int, lg->pool_count);
+	json_object_object_add(j_login_req, "metas", NULL);
+	
+	const char *tmp = NULL;
+	tmp = json_object_to_json_string(j_login_req);
 	if (tmp && strlen(tmp) > 0) {
 		nret = strlen(tmp);
 		*msg = strdup(tmp);
+		assert(*msg);
 	}
-	json_object_put(j_ctl_req);
+	json_object_put(j_login_req);
+	SAFE_FREE(auth_key);
 	return nret;
 }

-struct control_response *control_response_unmarshal(const char *jres)
+int 
+new_proxy_service_marshal(const struct proxy_service *np_req, char **msg)
+{
+	const char *tmp = NULL;
+	int  nret = 0;
+	struct json_object *j_np_req = json_object_new_object();
+	if ( ! j_np_req)
+		return 0;
+	
+	JSON_MARSHAL_TYPE(j_np_req, "proxy_name", string, np_req->proxy_name);
+	JSON_MARSHAL_TYPE(j_np_req, "proxy_type", string, np_req->proxy_type);
+	JSON_MARSHAL_TYPE(j_np_req, "use_encryption", boolean, np_req->use_encryption);
+	JSON_MARSHAL_TYPE(j_np_req, "use_compression", boolean, np_req->use_compression);
+
+	if (is_ftp_proxy(np_req)) {
+		JSON_MARSHAL_TYPE(j_np_req, "remote_data_port", int, np_req->remote_data_port);
+	}
+
+	if (np_req->custom_domains) {
+		fill_custom_domains(j_np_req, np_req->custom_domains);
+		json_object_object_add(j_np_req, "remote_port", NULL);
+	} else {
+		json_object_object_add(j_np_req, "custom_domains", NULL);
+		if (np_req->remote_port != -1) {
+			JSON_MARSHAL_TYPE(j_np_req, "remote_port", int, np_req->remote_port);
+		} else {
+			json_object_object_add(j_np_req, "remote_port", NULL);
+		}
+	}
+
+	JSON_MARSHAL_TYPE(j_np_req, "subdomain", string, SAFE_JSON_STRING(np_req->subdomain));
+
+	json_object *j_location_array = json_object_new_array();
+	if (np_req->locations) {
+		json_object_object_add(j_np_req, "locations", j_location_array);
+	} else {
+		json_object_object_add(j_np_req, "locations", NULL);
+	}
+	
+	JSON_MARSHAL_TYPE(j_np_req, "host_header_rewrite", string, SAFE_JSON_STRING(np_req->host_header_rewrite));
+	JSON_MARSHAL_TYPE(j_np_req, "http_user", string, SAFE_JSON_STRING(np_req->http_user));
+	JSON_MARSHAL_TYPE(j_np_req, "http_pwd", string, SAFE_JSON_STRING(np_req->http_pwd));
+		
+	tmp = json_object_to_json_string(j_np_req);
+	if (tmp && strlen(tmp) > 0) {
+		nret = strlen(tmp);
+		*msg = strdup(tmp);
+		assert(*msg);
+	}
+	json_object_put(j_np_req);
+
+	return nret;
+}
+
+int 
+new_work_conn_marshal(const struct work_conn *work_c, char **msg)
+{
+	const char *tmp = NULL;
+	int nret = 0;
+	struct json_object *j_new_work_conn = json_object_new_object();
+	if (! j_new_work_conn)
+		return 0;
+
+	JSON_MARSHAL_TYPE(j_new_work_conn, "run_id", string, SAFE_JSON_STRING(work_c->run_id));
+	tmp = json_object_to_json_string(j_new_work_conn);
+	if (tmp && strlen(tmp) > 0) {
+		nret = strlen(tmp);
+		*msg = strdup(tmp);
+		assert(*msg);
+	}
+
+	json_object_put(j_new_work_conn);
+
+	return nret;
+}
+
+// result returned of this func need be free
+struct new_proxy_response *
+new_proxy_resp_unmarshal(const char *jres)
+{
+	struct json_object *j_np_res = json_tokener_parse(jres);
+	if (j_np_res == NULL)
+		return NULL;
+	
+	struct new_proxy_response *npr = calloc(1, sizeof(struct new_proxy_response));
+	assert(npr);
+
+	struct json_object *npr_run_id = NULL;
+	if (json_object_object_get_ex(j_np_res, "run_id", &npr_run_id))
+		npr->run_id = strdup(json_object_get_string(npr_run_id));
+
+	struct json_object *npr_proxy_remote_addr = NULL;
+	if (! json_object_object_get_ex(j_np_res, "remote_addr", &npr_proxy_remote_addr))
+		goto END_ERROR;
+	const char *remote_addr = json_object_get_string(npr_proxy_remote_addr);
+	char *port = strrchr(remote_addr, ':');
+	if (port) {
+		port++;
+		npr->remote_port = atoi(port);
+	}
+
+	struct json_object *npr_proxy_name = NULL;
+	if (! json_object_object_get_ex(j_np_res, "proxy_name", &npr_proxy_name))
+		goto END_ERROR;
+	npr->proxy_name = strdup(json_object_get_string(npr_proxy_name));
+	assert(npr->proxy_name);
+
+	struct json_object *npr_error = NULL;
+	if(! json_object_object_get_ex(j_np_res, "error", &npr_error))
+		goto END_ERROR;
+	npr->error = strdup(json_object_get_string(npr_error));
+	assert(npr->error);
+
+END_ERROR:
+	json_object_put(j_np_res);
+	return npr;
+}
+
+// login_resp_unmarshal NEED FREE
+struct login_resp *
+login_resp_unmarshal(const char *jres)
+{
+	struct json_object *j_lg_res = json_tokener_parse(jres);
+	if (j_lg_res == NULL)
+		return NULL;
+	
+	struct login_resp *lr = calloc(1, sizeof(struct login_resp));
+	assert(lr);
+
+	struct json_object *l_version = NULL;
+	if (! json_object_object_get_ex(j_lg_res, "version", &l_version))
+		goto END_ERROR;
+	lr->version = strdup(json_object_get_string(l_version));
+	assert(lr->version);
+
+	struct json_object *l_run_id = NULL;
+	if (! json_object_object_get_ex(j_lg_res, "run_id", &l_run_id))
+		goto END_ERROR;
+	lr->run_id = strdup(json_object_get_string(l_run_id));
+	assert(lr->run_id);
+
+	struct json_object *l_error = NULL;
+	if(! json_object_object_get_ex(j_lg_res, "error", &l_error))
+		goto END_ERROR;
+	lr->error = strdup(json_object_get_string(l_error));
+	assert(lr->error);
+
+END_ERROR:
+	json_object_put(j_lg_res);
+	return lr;
+}
+
+struct start_work_conn_resp *
+start_work_conn_resp_unmarshal(const char *resp_msg)
+{
+	struct json_object *j_start_w_res = json_tokener_parse(resp_msg);
+	if (j_start_w_res == NULL)
+		return NULL;
+
+	struct start_work_conn_resp *sr = calloc(1, sizeof(struct start_work_conn_resp));
+	assert(sr);
+
+	struct json_object *pn = NULL;
+	if(! json_object_object_get_ex(j_start_w_res, "proxy_name", &pn))
+		goto START_W_C_R_END;
+
+	sr->proxy_name = strdup(json_object_get_string(pn));
+	assert(sr->proxy_name);
+
+START_W_C_R_END:
+	json_object_put(j_start_w_res);
+	return sr;
+}
+
+struct control_response *
+control_response_unmarshal(const char *jres)
 {
 	struct json_object *j_ctl_res = json_tokener_parse(jres);
-	if (is_error(j_ctl_res))
+	if (j_ctl_res == NULL)
 		return NULL;
 	struct control_response *ctl_res = calloc(sizeof(struct control_response), 1);
-	if (ctl_res == NULL) {
-		goto error;
-	}
+	assert(ctl_res);
 	
-	struct json_object *jtype = json_object_object_get(j_ctl_res, "type");
-	if (jtype == NULL) {
-		goto error;
-	}
+	struct json_object *jtype = NULL;
+	if(! json_object_object_get_ex(j_ctl_res, "type", &jtype))
+		goto END_ERROR;
 	ctl_res->type = json_object_get_int(jtype);
 	
-	struct json_object *jcode = json_object_object_get(j_ctl_res, "code");
-	if (jcode == NULL)
-		goto error;
+	struct json_object *jcode = NULL;
+	if(! json_object_object_get_ex(j_ctl_res, "code", &jcode))
+		goto END_ERROR;
 	ctl_res->code = json_object_get_int(jcode);
 	
-	struct json_object *jmsg = json_object_object_get(j_ctl_res, "msg");
-	if (jmsg)
+	struct json_object *jmsg = NULL;
+	if(json_object_object_get_ex(j_ctl_res, "msg", &jmsg)) {
 		ctl_res->msg = strdup(json_object_get_string(jmsg));
-	
-error:
+		assert(ctl_res->msg);
+	}
+
+END_ERROR:
 	json_object_put(j_ctl_res);
 	return ctl_res;
 }

-void control_response_free(struct control_response *res)
+void 
+control_response_free(struct control_response *res)
 {
 	if (!res)
 		return;
 	
-	if (res->msg) free(res->msg);
-	
-	free(res);
+	SAFE_FREE(res->msg);
+	SAFE_FREE(res);
 }
+
+int 
+msg_type_valid_check(char msg_type)
+{
+	int i = 0;
+	for(i = 0; i<(sizeof(msg_types) / sizeof(*msg_types)); i++) {
+		if (msg_types[i] == msg_type)
+			return 1;
+	}
+
+	return 0;
+}
+
+char *
+get_msg_type(uint8_t type) 
+{
+	return NULL;
+}
+
--- a/msg.h
+++ b/msg.h
@@ -20,49 +20,100 @@
 \********************************************************************/

 /** @file msg.h
-    @brief xfrp msg struct
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+    @brief xfrpc msg struct
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */

+#ifndef _MSG_H_
+#define _MSG_H_
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <inttypes.h>
+
+#include "client.h"
+#include "common.h"
+
+#define TYPE_LEN 1 //byte, char
+
+#define MSG_TYPE_I 	0
+#define MSG_LEN_I 	1
+#define MSG_DATA_I	9
+
+// msg_type match frp v0.10.0
+enum msg_type {
+	TypeLogin                 = 'o',
+	TypeLoginResp             = '1',
+	TypeNewProxy              = 'p',
+	TypeNewProxyResp          = '2',
+	TypeCloseProxy            = 'c',
+	TypeNewWorkConn           = 'w',
+	TypeReqWorkConn           = 'r',
+	TypeStartWorkConn         = 's',
+	TypeNewVisitorConn        = 'v',
+	TypeNewVisitorConnResp    = '3',
+	TypePing                  = 'h',
+	TypePong                  = '4',
+	TypeUDPPacket             = 'u',
+	TypeNatHoleVisitor        = 'i',
+	TypeNatHoleClient         = 'n',
+	TypeNatHoleResp           = 'm',
+	TypeNatHoleClientDetectOK = 'd',
+	TypeNatHoleSid            = '5',
+};

 struct general_response {
-	int		code;
+	int	code;
 	char	*msg;
 };

-// messages between control connections of frpc and frps
-struct control_request {
-	int		type;
-	char	*proxy_name;
-	char	*auth_key;
-	int		use_encryption;
-	int		use_gzip;
-	int		pool_count;
-	
-	int		privilege_mode;
-	char	*privilege_key;
-	char	*proxy_type;
-	int		remote_port;
-	char	*custom_domains;
-	char	*locations;
-	char	*host_header_rewrite;
-	char	*http_username;
-	char	*http_password;
-	char	*subdomain;
-	long	timestamp;
-};
-
-
 struct control_response {
-	int		type;
-	int		code;
+	int	type;
+	int	code;
 	char	*msg;
 };

+struct new_proxy_response {
+	char 	*run_id;
+	char 	*proxy_name;
+	char	*error;
+	int	remote_port;
+};
+
+struct work_conn {
+	char *run_id;
+};
+
+struct __attribute__((__packed__)) msg_hdr {
+	char		type;
+	uint64_t	length;
+	uint8_t		data[];
+};
+
+struct start_work_conn_resp {
+	char 	*proxy_name;
+};
+
+int new_proxy_service_marshal(const struct proxy_service *np_req, char **msg);
+int msg_type_valid_check(char msg_type);
+char *calc_md5(const char *data, int datalen);
+char *get_auth_key(const char *token, long int *timestamp);
+size_t login_request_marshal(char **msg);
+
 // tranlate control request to json string
-int control_request_marshal(const struct control_request *req, char **msg);
+struct new_proxy_response *new_proxy_resp_unmarshal(const char *jres);
+struct login_resp *login_resp_unmarshal(const char *jres);
+struct start_work_conn_resp *start_work_conn_resp_unmarshal(const char *resp_msg);

 // parse json string to control response
 struct control_response *control_response_unmarshal(const char *jres);
+struct work_conn *new_work_conn();
+int new_work_conn_marshal(const struct work_conn *work_c, char **msg);

 void control_response_free(struct control_response *res);
+
+char *get_msg_type(uint8_t type);
+
+#endif //_MSG_H_
--- a/xfrp_client.c
+++ b/xfrp_client.c
@@ -19,77 +19,42 @@
 *                                                                  *
 \********************************************************************/

-/** @file xfrp_client.c
-    @brief xfrp client
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+/** @file proxy.c
+    @brief xfrp proxy implemented
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */

-#include <string.h>
 #include <stdlib.h>
 #include <stdio.h>
-#include <errno.h>
 #include <assert.h>
+#include <string.h>

 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <errno.h>
-
-#include <json-c/json.h>
-
 #include <syslog.h>

-#include <event2/event.h>
-#include <event2/dns.h>

-#include "commandline.h"
-#include "client.h"
-#include "config.h"
-#include "uthash.h"
-#include "control.h"
 #include "debug.h"
-#include "xfrp_client.h"
+#include "uthash.h"
+#include "common.h"
+#include "proxy.h"
+#include "config.h"

-static void start_xfrp_client(struct event_base *base, struct evdns_base  *dnsbase)
+struct proxy *
+new_proxy_obj(struct bufferevent *bev)
 {
-	struct proxy_client *all_pc = get_all_pc();
-	struct proxy_client *pc = NULL, *tmp = NULL;
-	
-	debug(LOG_INFO, "Start xfrp client");
-	HASH_ITER(hh, all_pc, pc, tmp) {
-		pc->base = base;
-		pc->dnsbase = dnsbase;
-		control_process(pc);
-	}
+	struct proxy *p = (struct proxy *)calloc(1, sizeof(struct proxy));
+	assert(p);
+	p->bev = bev;
+	p->remote_data_port = -1;
+	p->proxy_name = NULL;
+	return p;
 }

-void xfrp_client_loop()
+void 
+free_proxy_obj(struct proxy *p)
 {
-	struct event_base *base = NULL;
-	struct evdns_base *dnsbase  = NULL; 
-	
-	base = event_base_new();
-	if (!base) {
-		debug(LOG_ERR, "event_base_new() error");
-		exit(0);
-	}	
-	
-	dnsbase = evdns_base_new(base, 1);
-	if (!dnsbase) {
-		exit(0);
-	}
-	evdns_base_set_option(dnsbase, "timeout", "1.0");
-    // thanks to the following article
-    // http://www.wuqiong.info/archives/13/
-    evdns_base_set_option(dnsbase, "randomize-case:", "0");//TurnOff DNS-0x20 encoding
-    evdns_base_nameserver_ip_add(dnsbase, "180.76.76.76");//BaiduDNS
-    evdns_base_nameserver_ip_add(dnsbase, "223.5.5.5");//AliDNS
-    evdns_base_nameserver_ip_add(dnsbase, "223.6.6.6");//AliDNS
-    evdns_base_nameserver_ip_add(dnsbase, "114.114.114.114");//114DNS
-	
-	start_xfrp_client(base, dnsbase);
-		
-	event_base_dispatch(base);
-	
-	evdns_base_free(dnsbase, 0);
-	event_base_free(base);
+	SAFE_FREE(p->proxy_name);
+	SAFE_FREE(p);
 }
--- a/proxy.h
+++ b/proxy.h
@@ -0,0 +1,63 @@
+/* vim: set et ts=4 sts=4 sw=4 : */
+/********************************************************************\
+ * This program is free software; you can redistribute it and/or    *
+ * modify it under the terms of the GNU General Public License as   *
+ * published by the Free Software Foundation; either version 2 of   *
+ * the License, or (at your option) any later version.              *
+ *                                                                  *
+ * This program is distributed in the hope that it will be useful,  *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of   *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    *
+ * GNU General Public License for more details.                     *
+ *                                                                  *
+ * You should have received a copy of the GNU General Public License*
+ * along with this program; if not, contact:                        *
+ *                                                                  *
+ * Free Software Foundation           Voice:  +1-617-542-5942       *
+ * 59 Temple Place - Suite 330        Fax:    +1-617-542-2652       *
+ * Boston, MA  02111-1307,  USA       gnu@gnu.org                   *
+ *                                                                  *
+\********************************************************************/
+
+/** @file proxy.h
+    @brief xfrp proxy header file
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
+*/
+
+#ifndef _PROXY_H_
+#define _PROXY_H_
+
+#include <stdint.h>
+#include <event2/bufferevent.h>
+#include <event2/buffer.h>
+#include <event2/listener.h>
+#include <event2/util.h>
+#include <event2/event.h>
+
+#include "client.h"
+#include "common.h"
+
+#define IP_LEN 16
+
+struct ftp_pasv {
+	int 	code;
+	char	ftp_server_ip[IP_LEN];
+	int		ftp_server_port;
+};
+
+struct proxy {
+	struct bufferevent 	*bev;
+	char 				*proxy_name;
+	int 				remote_data_port;	//used in ftp proxy
+};
+
+void tcp_proxy_c2s_cb(struct bufferevent *bev, void *ctx);
+void tcp_proxy_s2c_cb(struct bufferevent *bev, void *ctx);
+void ftp_proxy_c2s_cb(struct bufferevent *bev, void *ctx);
+void ftp_proxy_s2c_cb(struct bufferevent *bev, void *ctx);
+struct proxy *new_proxy_obj(struct bufferevent *bev);
+void free_proxy_obj(struct proxy *p);
+void set_ftp_data_proxy_tunnel(const char *ftp_proxy_name, 
+								struct ftp_pasv *local_fp, 
+								struct ftp_pasv *remote_fp);
+#endif //_PROXY_H_
--- a/proxy_ftp.c
+++ b/proxy_ftp.c
@@ -0,0 +1,267 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <assert.h>
+#include <string.h>
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <errno.h>
+#include <syslog.h>
+
+#include <event2/bufferevent.h>
+#include <event2/buffer.h>
+#include <event2/listener.h>
+#include <event2/event.h>
+
+#include "debug.h"
+#include "uthash.h"
+#include "common.h"
+#include "proxy.h"
+#include "config.h"
+#include "client.h"
+
+#define FTP_PRO_BUF 		256
+#define FTP_PASV_PORT_BLOCK 256
+
+static struct ftp_pasv *new_ftp_pasv();
+static void free_ftp_pasv(struct ftp_pasv *fp);
+static struct ftp_pasv * pasv_unpack(char *data);
+static size_t pasv_pack(struct ftp_pasv *fp, char **pack_p);
+
+void set_ftp_data_proxy_tunnel(const char *ftp_proxy_name, 
+								struct ftp_pasv *local_fp, 
+								struct ftp_pasv *remote_fp)
+{
+	struct proxy_service *ps = NULL;
+	char *ftp_data_proxy_name = get_ftp_data_proxy_name(ftp_proxy_name);
+
+	struct proxy_service *p_services = get_all_proxy_services();
+	HASH_FIND_STR(p_services, ftp_data_proxy_name, ps);
+	if (!ps) {
+		debug(LOG_ERR, 
+			"error: ftp data proxy not inserted in proxy-service queue, it should not happend!");
+		goto FTP_DATA_PROXY_TUNNEL_END;
+	}
+
+	ps->local_port = local_fp->ftp_server_port;
+	ps->local_ip = strdup(local_fp->ftp_server_ip);
+	assert(ps->local_ip);
+
+	ps->remote_port = remote_fp->ftp_server_port;
+
+	debug(LOG_DEBUG, 
+		"set ftp proxy DATA port [local:remote] = [%d:%d]", 
+		ps->local_port, ps->remote_port);
+
+FTP_DATA_PROXY_TUNNEL_END:
+	free(ftp_data_proxy_name);
+}
+
+// read from client-working host port
+void ftp_proxy_c2s_cb(struct bufferevent *bev, void *ctx)
+{
+	struct proxy *p = (struct proxy *)ctx;
+	assert(p);
+	struct bufferevent *partner = p->bev;
+
+	struct evbuffer *src, *dst;
+	size_t len;
+	src = bufferevent_get_input(bev);
+	len = evbuffer_get_length(src);
+	if (len < 0)
+		return;
+
+	dst = bufferevent_get_output(partner);
+	assert(dst);
+
+	unsigned char *buf = calloc(1, len);
+	assert(buf);
+	size_t read_n = 0;
+	read_n = evbuffer_remove(src, buf, len);
+
+// #define FTP_P_DEBUG 1
+#ifdef FTP_P_DEBUG
+	char *dbg_buf = calloc(1, read_n * 7 + 1);
+	assert(dbg_buf);
+	unsigned int i = 0;
+	for(i = 0; i<read_n && ((2 * i) < (read_n * 2 + 1)); i++) {
+		snprintf(dbg_buf + 7*i, 8, "%3u[%c] ", 
+			(unsigned char)buf[i], 
+			(unsigned char)buf[i]);
+	}
+	debug(LOG_DEBUG, "FTP Client RECV ctl byte:%s", dbg_buf);
+	debug(LOG_DEBUG, "FTP Client RECV ctl stri:%s", buf);
+	SAFE_FREE(dbg_buf);
+#endif //FTP_P_DEBUG
+
+	struct ftp_pasv *local_fp = pasv_unpack((char *)buf);
+
+	if (local_fp) {
+		struct common_conf *c_conf = get_common_config();
+		struct ftp_pasv *r_fp = new_ftp_pasv();
+		r_fp->code = local_fp->code;
+
+		if (! c_conf->server_ip) {
+			debug(LOG_ERR, "error: FTP proxy without server ip!");
+			exit(0);
+		}
+
+		strncpy(r_fp->ftp_server_ip, c_conf->server_ip, IP_LEN);
+		r_fp->ftp_server_port = p->remote_data_port;
+
+		if (r_fp->ftp_server_port <= 0) {
+			debug(LOG_ERR, "error: remote ftp data port is not init!");
+			goto FTP_C2S_CB_END;
+		}
+
+		char *pasv_msg = NULL;
+		size_t pack_len = pasv_pack(r_fp, &pasv_msg);
+		if ( ! pack_len){
+			debug(LOG_ERR, "error: ftp proxy replace failed!");
+			SAFE_FREE(pasv_msg);
+			goto FTP_C2S_CB_END;
+		}
+
+#ifdef FTP_P_DEBUG
+		debug(LOG_DEBUG, "ftp pack result:%s", pasv_msg);
+#endif //FTP_P_DEBUG
+
+		set_ftp_data_proxy_tunnel(p->proxy_name, local_fp, r_fp);
+		evbuffer_add(dst, pasv_msg, pack_len);
+		SAFE_FREE(pasv_msg);
+	} else {
+		evbuffer_add(dst, buf, read_n);
+	}
+
+FTP_C2S_CB_END:
+	SAFE_FREE(buf);
+	free_ftp_pasv(local_fp);
+	return;
+}
+
+void ftp_proxy_s2c_cb(struct bufferevent *bev, void *ctx)
+{
+	tcp_proxy_s2c_cb(bev, ctx);
+}
+
+static struct ftp_pasv *pasv_unpack(char *data)
+{
+	char cd_buf[4] = {0};
+	snprintf(cd_buf, 4, "%s", data);
+	int code = atoi(cd_buf);
+	if (code != 227 && code != 211 && code != 229)
+		return NULL;
+
+	struct ftp_pasv *fp = new_ftp_pasv();
+	assert(fp);
+
+	fp->code = code;
+	switch(fp->code) {
+		case 227:
+		{
+			int i = 0, ip_i = 0, port_i = 0, ip_start = 0, comma_n = 0;
+			char port[2][4] = { {0}, {0} };
+			for (i=0; i<strlen(data) && ip_i<IP_LEN; i++) {
+				if (data[i] == '(') {
+					ip_start = 1;
+					continue;
+				}
+				if (! ip_start)
+					continue;
+
+				if (data[i] == ')')
+					break;
+
+				if (data[i] == ','){
+					comma_n++;
+					port_i = 0;
+					if (comma_n < 4){
+						fp->ftp_server_ip[ip_i] = '.';
+						ip_i++;
+					}
+					continue;
+				}
+
+				if (comma_n >= 4 && port_i < 4) {
+					port[comma_n - 4][port_i] = data[i];
+					port_i++;
+					continue;
+				}
+				fp->ftp_server_ip[ip_i] = data[i];
+				ip_i++;
+			}
+
+			fp->ftp_server_port = atoi(port[0]) * FTP_PASV_PORT_BLOCK + atoi(port[1]);
+			debug(LOG_DEBUG, "ftp pasv unpack:[%s:%d]", fp->ftp_server_ip, fp->ftp_server_port);
+			break;
+		}
+		default:
+			free_ftp_pasv(fp);
+			break;
+	}
+
+	return fp;
+}
+
+// the value returned need FREE after using
+static size_t pasv_pack(struct ftp_pasv *fp, char **pack_p)
+{
+	*pack_p = (char *)calloc(1, FTP_PRO_BUF);
+	assert(*pack_p);
+	size_t pack_len = 0;
+
+	switch (fp->code){
+		case 227:
+		{
+			char ftp_ip[IP_LEN] = {0};
+			int i =0;
+			for (i=0; i<strlen(fp->ftp_server_ip) && i < IP_LEN; i++) {
+				if (fp->ftp_server_ip[i] == '.') {
+					ftp_ip[i] = ',';
+					continue;
+				}
+				
+				ftp_ip[i] = fp->ftp_server_ip[i];
+			}
+			snprintf(*pack_p, 
+				FTP_PRO_BUF, 
+				"227 Entering Passive Mode (%s,%d,%d).\n", 
+				ftp_ip, 
+				fp->ftp_server_port / FTP_PASV_PORT_BLOCK, 
+				fp->ftp_server_port % FTP_PASV_PORT_BLOCK);
+
+			pack_len = strlen(*pack_p);
+			break;
+		}
+		default:
+			debug(LOG_DEBUG, "ftp pasv protocol data not supportted in pasv_pack");
+			free(*pack_p);
+			break;
+	}
+
+	return pack_len;
+}
+
+// need be free after using
+static struct ftp_pasv *new_ftp_pasv()
+{
+	struct ftp_pasv *fp = (struct ftp_pasv *)calloc(1, sizeof(struct ftp_pasv));
+	if (! fp)
+		return NULL;
+
+	memset(fp->ftp_server_ip, 0, IP_LEN);
+	fp->ftp_server_port = -1;
+	fp->code = -1;
+
+	return fp;	 
+}
+
+// can be used to free NULL pointer also
+static void free_ftp_pasv(struct ftp_pasv *fp)
+{
+	if (!fp)
+		return;
+	
+	SAFE_FREE(fp);
+	fp = NULL;
+}
--- a/proxy_tcp.c
+++ b/proxy_tcp.c
@@ -0,0 +1,103 @@
+/* vim: set et ts=4 sts=4 sw=4 : */
+/********************************************************************\
+ * This program is free software; you can redistribute it and/or    *
+ * modify it under the terms of the GNU General Public License as   *
+ * published by the Free Software Foundation; either version 2 of   *
+ * the License, or (at your option) any later version.              *
+ *                                                                  *
+ * This program is distributed in the hope that it will be useful,  *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of   *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    *
+ * GNU General Public License for more details.                     *
+ *                                                                  *
+ * You should have received a copy of the GNU General Public License*
+ * along with this program; if not, contact:                        *
+ *                                                                  *
+ * Free Software Foundation           Voice:  +1-617-542-5942       *
+ * 59 Temple Place - Suite 330        Fax:    +1-617-542-2652       *
+ * Boston, MA  02111-1307,  USA       gnu@gnu.org                   *
+ *                                                                  *
+\********************************************************************/
+
+/** @file proxy_tcp.c
+    @brief xfrp proxy tcp implemented
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
+*/
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <assert.h>
+#include <string.h>
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <errno.h>
+#include <syslog.h>
+#include <unistd.h>
+
+#include <event2/bufferevent.h>
+#include <event2/buffer.h>
+#include <event2/listener.h>
+#include <event2/event.h>
+
+#include "debug.h"
+#include "uthash.h"
+#include "common.h"
+#include "proxy.h"
+#include "config.h"
+#include "tcpmux.h"
+
+#define	BUF_LEN	4096
+
+// read data from local service
+void tcp_proxy_c2s_cb(struct bufferevent *bev, void *ctx)
+{
+	struct common_conf  *c_conf = get_common_config();
+	struct proxy_client *client = (struct proxy_client *)ctx;
+	assert(client);
+	struct bufferevent *partner = client->ctl_bev;
+	assert(partner);
+	struct evbuffer *src = bufferevent_get_input(bev);
+	size_t len = evbuffer_get_length(src);
+	assert(len > 0);
+	if (!c_conf->tcp_mux) {
+		struct evbuffer *dst = bufferevent_get_output(partner);
+		evbuffer_add_buffer(dst, src);
+		return;
+	}
+
+	if (client->send_window == 0) {
+		debug(LOG_DEBUG, "client %d recv len %d exceed send windows: %d", client->stream_id, len, client->send_window);
+		bufferevent_disable(bev, EV_READ);
+		return;
+	} else {
+		len = client->send_window>=len?len:client->send_window;
+		client->send_window -= len;
+	}
+
+	tcp_mux_send_data(partner, client->stream_id, len);
+	uint8_t buf[BUF_LEN];
+	while(len > 0) {
+		memset(buf, 0, BUF_LEN);
+		int nread = bufferevent_read(bev, buf, len>BUF_LEN?BUF_LEN:len);
+		assert(nread >= 0);
+		bufferevent_write(partner, buf, nread);
+		len -= nread;
+	}
+}
+
+// read data from frps
+// when tcp mux enable this function will not be used
+void tcp_proxy_s2c_cb(struct bufferevent *bev, void *ctx)
+{
+	struct proxy_client *client = (struct proxy_client *)ctx;
+	assert(client);
+	struct bufferevent *partner = client->local_proxy_bev;
+	assert(partner);
+	struct evbuffer *src, *dst;
+	src = bufferevent_get_input(bev);
+	size_t len = evbuffer_get_length(src);
+	assert(len > 0);
+	dst = bufferevent_get_output(partner);
+	evbuffer_add_buffer(dst, src);
+}
--- a/systemd/xfrpc.service
+++ b/systemd/xfrpc.service
@@ -0,0 +1,16 @@
+# 1. put xfrpc and xfrpc.ini under /usr/local/xfrpc/
+# 2. put this file (xfrpc.service) at /etc/systemd/system
+# 3. run `sudo systemctl daemon-reload && sudo systemctl enable xfrpc && sudo systemctl start xfrpc`
+# Then we can manage xfrpc with `sudo service xfrpc {start|stop|restart|status}`
+
+
+[Unit]
+Description=frp c language client
+Wants=network-online.target
+After=network.target network-online.target
+
+[Service]
+ExecStart=/usr/local/xfrpc/xfrpc -c /usr/local/xfrpc/xfrpc.ini -f -d 0
+
+[Install]
+WantedBy=multi-user.target
--- a/tcpmux.c
+++ b/tcpmux.c
@@ -0,0 +1,388 @@
+/* vim: set et ts=4 sts=4 sw=4 : */
+/********************************************************************\
+ * This program is free software; you can redistribute it and/or    *
+ * modify it under the terms of the GNU General Public License as   *
+ * published by the Free Software Foundation; either version 2 of   *
+ * the License, or (at your option) any later version.              *
+ *                                                                  *
+ * This program is distributed in the hope that it will be useful,  *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of   *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    *
+ * GNU General Public License for more details.                     *
+ *                                                                  *
+ * You should have received a copy of the GNU General Public License*
+ * along with this program; if not, contact:                        *
+ *                                                                  *
+ * Free Software Foundation           Voice:  +1-617-542-5942       *
+ * 59 Temple Place - Suite 330        Fax:    +1-617-542-2652       *
+ * Boston, MA  02111-1307,  USA       gnu@gnu.org                   *
+ *                                                                  *
+\********************************************************************/
+
+/** @file tcpmux.c
+    @brief xfrp tcp mux implemented
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
+*/
+
+#include "common.h"
+#include "tcpmux.h"
+#include "client.h"
+#include "config.h"
+#include "debug.h"
+#include "control.h"
+
+static uint8_t proto_version = 0;
+
+static struct tcp_mux_type_desc type_desc[] = {
+	{DATA, "data"},
+	{WINDOW_UPDATE, "window update"},
+	{PING, "ping"},
+	{GO_AWAY, "go away"},
+};
+
+static struct tcp_mux_flag_desc flag_desc[] = {
+	{ZERO, "zero"},
+	{SYN, "syn"},
+	{ACK, "ack"},
+	{FIN, "fin"},
+	{RST, "rst"},
+};
+
+static const char *
+type_2_desc(enum tcp_mux_type type)
+{
+	for(int i = 0; i < sizeof(type_desc)/sizeof(struct tcp_mux_type_desc); i++){
+		if (type == type_desc[i].type)
+			return type_desc[i].desc;
+	}
+
+	return "unkown_type";
+}
+
+static const char *
+flag_2_desc(enum tcp_mux_flag flag)
+{
+	for(int i = 0; i < sizeof(flag_desc)/sizeof(struct tcp_mux_flag_desc); i++){
+		if (flag == flag_desc[i].flag)
+			return flag_desc[i].desc;
+	}
+	
+	return "unkown_flag";
+}
+
+static int
+valid_tcp_mux_flag(uint16_t flag)
+{
+	for(int i = 0; i < sizeof(flag_desc)/sizeof(struct tcp_mux_flag_desc); i++){
+		if (flag == flag_desc[i].flag)
+			return 1;
+	}
+	return 0;
+}
+
+static int
+valid_tcp_mux_type(uint8_t type)
+{
+	if (type >= DATA && type <= GO_AWAY)
+		return 1;
+
+	return 0;
+}
+
+static int
+valid_tcp_mux_sid(uint32_t sid)
+{
+	if (sid == 1)
+		return 1;
+	
+	return get_proxy_client(sid)?1:0;
+}
+
+
+void 
+tcp_mux_encode(enum tcp_mux_type type, enum tcp_mux_flag flags, uint32_t stream_id, uint32_t length, struct tcp_mux_header *tmux_hdr)
+{
+	assert(tmux_hdr);
+	tmux_hdr->version 	= proto_version;
+	tmux_hdr->type		= type;
+	tmux_hdr->flags		= htons(flags);
+	tmux_hdr->stream_id	= htonl(stream_id);
+	tmux_hdr->length	= length?htonl(length):0;
+}
+
+static uint32_t
+tcp_mux_flag()
+{	
+	struct common_conf 	*c_conf = get_common_config();
+	return c_conf->tcp_mux;
+}
+
+static void
+dump_tcp_mux_header(uint8_t *data, int len)
+{
+	if (len != 12)
+		return;
+
+	printf("tcp mux header is : \n");
+	for (int i = 0; i < len; i++)
+		printf("%2x", data[i]);
+	printf("\n");
+}
+
+static uint32_t
+parse_tcp_mux_proto(uint8_t *data, int len, uint32_t *flag, uint32_t *type, uint32_t *stream_id, uint32_t *dlen)
+{
+	struct common_conf *c_conf = get_common_config();
+	if (!c_conf->tcp_mux)
+		return 0;	
+
+	if (len < sizeof(struct tcp_mux_header))
+		return 0;
+
+	struct tcp_mux_header *hdr = (struct tcp_mux_header *)data;
+	if(hdr->version == proto_version && 
+	   valid_tcp_mux_type(hdr->type) &&
+	   valid_tcp_mux_flag(htons(hdr->flags))) {
+		if (hdr->type == DATA && !valid_tcp_mux_sid(htonl(hdr->stream_id))) {
+			debug(LOG_INFO, "!!!!!type is DATA but cant find stream_id : type [%s] flag [%s] stream_id[%d]", 
+				type_2_desc(hdr->type), flag_2_desc(htons(hdr->flags)), htonl(hdr->stream_id));
+			dump_tcp_mux_header(data, len);
+			exit(-1);
+		}
+		*type = hdr->type;
+		*flag = htons(hdr->flags);
+		*stream_id = htonl(hdr->stream_id);
+		*dlen = htonl(hdr->length);
+		return 1;
+	}
+
+	return 0;
+}
+
+uint32_t 
+get_next_session_id() {
+	static uint32_t next_session_id = 1;
+	uint32_t id = next_session_id;
+	next_session_id += 2;
+	return id;
+}
+
+void
+tcp_mux_send_win_update_syn(struct bufferevent *bout, uint32_t stream_id)
+{
+	if (!tcp_mux_flag()) return;
+
+	struct tcp_mux_header tmux_hdr;
+	memset(&tmux_hdr, 0, sizeof(tmux_hdr));
+	tcp_mux_encode(WINDOW_UPDATE, SYN, stream_id, 0, &tmux_hdr);
+	debug(LOG_DEBUG, "tcp mux [%d] send wind update syn", stream_id);
+	bufferevent_write(bout, (uint8_t *)&tmux_hdr, sizeof(tmux_hdr));
+}
+
+void
+tcp_mux_send_win_update_ack(struct bufferevent *bout, uint32_t stream_id, uint32_t delta)
+{
+	if (!tcp_mux_flag()) return;
+
+	struct tcp_mux_header tmux_hdr;
+	memset(&tmux_hdr, 0, sizeof(tmux_hdr));
+	tcp_mux_encode(WINDOW_UPDATE, ZERO, stream_id, delta, &tmux_hdr);
+	debug(LOG_DEBUG, "tcp mux [%d] send wind update ZERO [%d]", stream_id, delta);
+	bufferevent_write(bout, (uint8_t *)&tmux_hdr, sizeof(tmux_hdr));
+}
+
+void
+tcp_mux_send_win_update_fin(struct bufferevent *bout, uint32_t stream_id)
+{
+	if (!tcp_mux_flag()) return;
+
+	struct tcp_mux_header tmux_hdr;
+	memset(&tmux_hdr, 0, sizeof(tmux_hdr));
+	tcp_mux_encode(WINDOW_UPDATE, FIN, stream_id, 0, &tmux_hdr);
+	debug(LOG_DEBUG, "tcp mux [%d] send wind update FIN", stream_id);
+	bufferevent_write(bout, (uint8_t *)&tmux_hdr, sizeof(tmux_hdr));
+}
+
+void
+tcp_mux_send_data(struct bufferevent *bout, uint32_t stream_id, uint32_t length)
+{
+	if (!tcp_mux_flag()) return;
+
+	struct tcp_mux_header tmux_hdr;
+	memset(&tmux_hdr, 0, sizeof(tmux_hdr));
+	tcp_mux_encode(DATA, ZERO, stream_id, length, &tmux_hdr);
+	//debug(LOG_DEBUG, "tcp mux [%d] send data len : %d", stream_id, length);
+	bufferevent_write(bout, (uint8_t *)&tmux_hdr, sizeof(tmux_hdr));
+}
+
+void 
+tcp_mux_send_ping(struct bufferevent *bout, uint32_t ping_id)
+{
+	if (!tcp_mux_flag()) return;
+
+	struct tcp_mux_header tmux_hdr;
+	memset(&tmux_hdr, 0, sizeof(tmux_hdr));
+	tcp_mux_encode(PING, SYN, 0, ping_id, &tmux_hdr);
+	//debug(LOG_DEBUG, "tcp mux send ping syn : %d", ping_id);
+	bufferevent_write(bout, (uint8_t *)&tmux_hdr, sizeof(tmux_hdr));
+}
+
+static void 
+tcp_mux_handle_ping(struct bufferevent *bout, uint32_t ping_id)
+{
+	if (!tcp_mux_flag()) return;
+
+	struct tcp_mux_header tmux_hdr;
+	memset(&tmux_hdr, 0, sizeof(tmux_hdr));
+	tcp_mux_encode(PING, ACK, 0, ping_id, &tmux_hdr);
+	//debug(LOG_DEBUG, "tcp mux send ping ack : %d", ping_id);
+	bufferevent_write(bout, (uint8_t *)&tmux_hdr, sizeof(tmux_hdr));
+}
+
+void 
+handle_tcp_mux_frps_msg(uint8_t *buf, int ilen, void (*fn)(uint8_t *, int, void *))
+{
+	static uint32_t l_stream_id = 0;
+	static uint32_t l_dlen = 0;
+	static uint32_t l_type = 0;
+	static uint32_t l_flag = 0;
+	static int8_t only_data = 0;
+	uint8_t *data = buf;
+	while (ilen > 0) {
+		uint32_t type = 0, stream_id = 0, dlen = 0, flag = 0;
+		uint32_t is_tmux;
+		if (only_data) {
+			is_tmux = 0;
+			only_data = 0;
+		} else {
+			is_tmux = parse_tcp_mux_proto(data, ilen, &flag, &type, &stream_id, &dlen);
+		}	
+		if (!is_tmux) {
+			struct proxy_client *pc = get_proxy_client(l_stream_id);
+			debug(LOG_DEBUG, "receive only %s data : l_stream_id %d l_type %s l_flag %s l_dlen %d ilen %d", 
+							!pc?"main control ":"worker ", 
+							l_stream_id, type_2_desc(l_type), 
+							flag_2_desc(l_flag), l_dlen, ilen);
+			assert(ilen);
+			if (ilen == 12)
+				dump_tcp_mux_header(data, ilen);
+
+			if (!pc || (pc && !pc->local_proxy_bev)) {
+				assert(ilen >= l_dlen);
+				assert(l_dlen > 0);
+				fn(data, l_dlen, pc);
+				data += l_dlen;
+				ilen -= l_dlen;
+				l_dlen = 0;
+				continue;
+			}
+			
+			if (pc->stream_state != ESTABLISHED) {
+				debug(LOG_INFO, "client [%d] state is [%d]", pc->stream_id, pc->stream_state);
+				break;
+			}
+
+			if ( ilen >= l_dlen) {
+				assert(pc->local_proxy_bev);
+				bufferevent_write(pc->local_proxy_bev, data, l_dlen);
+				data += l_dlen;
+				ilen -= l_dlen;
+				l_dlen = 0;
+			} else {
+				assert(pc->local_proxy_bev);
+				bufferevent_write(pc->local_proxy_bev, data, ilen);
+				l_dlen -= ilen;
+				ilen 	= 0;
+			}
+
+			continue;
+		}
+		
+		struct proxy_client *pc = get_proxy_client(stream_id);
+		debug(LOG_DEBUG, "[%s] receive tcp mux type [%s] flag [%s] stream_id [%d] dlen [%d] ilen [%d]", 
+						pc?"worker":"main control",
+						type_2_desc(type), flag_2_desc(flag), stream_id, dlen, ilen);
+		data += sizeof(struct tcp_mux_header);
+		ilen -= sizeof(struct tcp_mux_header);
+		l_stream_id = stream_id;
+		l_type = type;
+		l_flag = flag;
+		l_dlen = type==PING?0:dlen;
+		assert(ilen >= 0);
+
+		switch(type) {
+		case DATA:
+		{
+			if (ilen == 0) {
+				only_data = 1;
+				break;
+			}
+
+			if (!pc || (pc && !pc->local_proxy_bev)) {
+				assert(ilen >= dlen);
+				fn(data, dlen, pc);
+				data += dlen;
+				ilen -= dlen;
+				l_dlen = 0;
+				continue;
+			}
+			
+			if (pc->stream_state != ESTABLISHED) {
+				debug(LOG_INFO, "client [%d] state is [%d]", pc->stream_id, pc->stream_state);
+				break;
+			}
+			
+			if (ilen >= dlen){
+				assert(pc->local_proxy_bev);
+				bufferevent_write(pc->local_proxy_bev, data, dlen);
+				data += dlen;
+				ilen -= dlen;
+				l_dlen = 0;
+			} else {
+				assert(pc->local_proxy_bev);
+				bufferevent_write(pc->local_proxy_bev, data, ilen);
+				l_dlen -= ilen;
+				ilen 	= 0;
+			}
+			break;
+		} 
+		case PING:
+		{
+			struct bufferevent *bout = get_main_control()->connect_bev;
+			uint32_t seq = dlen;
+			assert(bout);
+			if (flag == SYN)
+				tcp_mux_handle_ping(bout, seq);
+			break;
+		} 
+		case WINDOW_UPDATE:
+		{
+			switch(flag) {
+			case RST:
+			case FIN:
+				del_proxy_client(pc);
+				break;
+			case ZERO:
+			case ACK:	
+				if (!pc)
+					break;
+
+				if (dlen > 0) {
+					pc->send_window += dlen;
+					bufferevent_enable(pc->local_proxy_bev, EV_READ|EV_WRITE);
+				}
+				pc->stream_state = ESTABLISHED;
+				break;
+			default:
+				debug(LOG_INFO, "window update no need process : flag %2x %s dlen %d stream_id %d", 
+								flag, flag_2_desc(flag), dlen, stream_id);
+			}
+			
+			break;
+		} 
+		default:
+			debug(LOG_INFO, "no need unhandle tcp mux msg : type %s flag %s stream_id %d dlen %d ilen %d", 
+							type_2_desc(type), flag_2_desc(flag),  stream_id, dlen, ilen);
+		}
+	}
+}
--- a/tcpmux.h
+++ b/tcpmux.h
@@ -0,0 +1,92 @@
+/* vim: set et ts=4 sts=4 sw=4 : */
+/********************************************************************\
+ * This program is free software; you can redistribute it and/or    *
+ * modify it under the terms of the GNU General Public License as   *
+ * published by the Free Software Foundation; either version 2 of   *
+ * the License, or (at your option) any later version.              *
+ *                                                                  *
+ * This program is distributed in the hope that it will be useful,  *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of   *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    *
+ * GNU General Public License for more details.                     *
+ *                                                                  *
+ * You should have received a copy of the GNU General Public License*
+ * along with this program; if not, contact:                        *
+ *                                                                  *
+ * Free Software Foundation           Voice:  +1-617-542-5942       *
+ * 59 Temple Place - Suite 330        Fax:    +1-617-542-2652       *
+ * Boston, MA  02111-1307,  USA       gnu@gnu.org                   *
+ *                                                                  *
+\********************************************************************/
+
+/** @file tcpmux.h
+    @brief xfrp tcp mux header file
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
+*/
+
+#ifndef	__TCP_MUX__
+#define	__TCP_MUX__
+
+#include "uthash.h"
+
+enum tcp_mux_type {
+	DATA,
+	WINDOW_UPDATE,
+	PING,
+	GO_AWAY,
+};
+
+struct tcp_mux_type_desc {
+	enum tcp_mux_type type;
+	char	*desc;
+};
+
+enum tcp_mux_flag {
+	ZERO,
+	SYN,
+	ACK = 1<<1,
+	FIN = 1<<2,
+	RST = 1<<3,
+};
+
+struct __attribute__((__packed__)) tcp_mux_header {
+	uint8_t		version;
+	uint8_t		type;
+	uint16_t	flags;
+	uint32_t	stream_id;
+	uint32_t	length;
+};
+
+struct tcp_mux_flag_desc {
+	enum tcp_mux_flag flag;
+	char	*desc;
+};
+
+enum tcp_mux_state {
+	INIT = 0,
+	SYN_SEND,
+	SYN_RECEIVED,
+	ESTABLISHED,
+	LOCAL_CLOSE,
+	REMOTE_CLOSE,
+	CLOSED,
+	RESET
+};
+
+void tcp_mux_send_win_update_syn(struct bufferevent *bout, uint32_t stream_id);
+
+void tcp_mux_send_win_update_ack(struct bufferevent *bout, uint32_t stream_id, uint32_t delta);
+
+void tcp_mux_send_win_update_fin(struct bufferevent *bout, uint32_t stream_id);
+
+void tcp_mux_send_data(struct bufferevent *bout, uint32_t stream_id, uint32_t length);
+
+void tcp_mux_send_ping(struct bufferevent *bout, uint32_t ping_id);
+
+uint32_t get_next_session_id();
+
+void tcp_mux_encode(enum tcp_mux_type type, enum tcp_mux_flag flags, uint32_t stream_id, uint32_t length, struct tcp_mux_header *tmux_hdr);
+
+void handle_tcp_mux_frps_msg(uint8_t *data, int len, void (*fn)(uint8_t *, int, void *));
+
+#endif
--- a/testfastpbkdf2.c
+++ b/testfastpbkdf2.c
@@ -0,0 +1,167 @@
+#include "fastpbkdf2.h"
+
+#include <stdio.h>
+#include <assert.h>
+#include <string.h>
+
+typedef void (*pbkdf2_fn)(const uint8_t *pw, size_t npw,
+                          const uint8_t *salt, size_t nsalt,
+                          uint32_t iterations,
+                          uint8_t *out, size_t nout);
+
+static void dump(const char *label, const uint8_t *data, size_t n)
+{
+  printf("%s: ", label);
+  for (size_t i = 0; i < n; i++)
+    printf("%02x", data[i]);
+  printf("\n");
+}
+
+static void check(pbkdf2_fn fn,
+                  const void *pw, size_t npw,
+                  const void *salt, size_t nsalt,
+                  unsigned iterations,
+                  const void *expect, size_t nexpect)
+{
+  uint8_t out[128];
+  assert(nexpect < sizeof(out));
+
+  fn(pw, npw,
+     salt, nsalt,
+     iterations,
+     out, nexpect);
+
+  dump("expect", expect, nexpect);
+  dump("got   ", out, nexpect);
+  assert(memcmp(expect, out, nexpect) == 0);
+  printf("- test passed\n");
+}
+
+int main(void)
+{
+  /* nb. do not edit this code. edit gentests.py instead. */
+  printf("sha1 (6 tests):\n");
+  check(fastpbkdf2_hmac_sha1,
+        "password", 8,
+        "salt", 4,
+        1,
+        "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6", 20);
+        
+  check(fastpbkdf2_hmac_sha1,
+        "password", 8,
+        "salt", 4,
+        2,
+        "\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e\xd9\x2a\xce\x1d\x41\xf0\xd8\xde\x89\x57", 20);
+        
+  check(fastpbkdf2_hmac_sha1,
+        "password", 8,
+        "salt", 4,
+        4096,
+        "K\x00\x79\x01\xb7\x65\x48\x9a\xbe\xad\x49\xd9\x26\xf7\x21\xd0\x65\xa4\x29\xc1", 20);
+        
+  check(fastpbkdf2_hmac_sha1,
+        "password", 8,
+        "salt", 4,
+        16777216,
+        "\xee\xfe\x3d\x61\xcd\x4d\xa4\xe4\xe9\x94\x5b\x3d\x6b\xa2\x15\x8c\x26\x34\xe9\x84", 20);
+        
+  check(fastpbkdf2_hmac_sha1,
+        "passwordPASSWORDpassword", 24,
+        "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
+        4096,
+        "\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96\x4c\xf2\xf0\x70\x38", 25);
+        
+  check(fastpbkdf2_hmac_sha1,
+        "pass\x00\x77\x6f\x72\x64", 9,
+        "sa\x00\x6c\x74", 5,
+        4096,
+        "V\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37\xd7\xf0\x34\x25\xe0\xc3", 16);
+        
+  printf("ok\n");
+
+  printf("sha256 (9 tests):\n");
+  check(fastpbkdf2_hmac_sha256,
+        "passwd", 6,
+        "salt", 4,
+        1,
+        "U\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5\x09\x11\x20\x41\xd3\xa1\x97\x83", 64);
+        
+  check(fastpbkdf2_hmac_sha256,
+        "Password", 8,
+        "NaCl", 4,
+        80000,
+        "M\xdc\xd8\xf6\x0b\x98\xbe\x21\x83\x0c\xee\x5e\xf2\x27\x01\xf9\x64\x1a\x44\x18\xd0\x4c\x04\x14\xae\xff\x08\x87\x6b\x34\xab\x56\xa1\xd4\x25\xa1\x22\x58\x33\x54\x9a\xdb\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78\x47\x8f\x62\xb3\x97\xf3\x3c\x8d", 64);
+        
+  check(fastpbkdf2_hmac_sha256,
+        "password", 8,
+        "salt", 4,
+        1,
+        "\x12\x0f\xb6\xcf\xfc\xf8\xb3\x2c\x43\xe7\x22\x52\x56\xc4\xf8\x37\xa8\x65\x48\xc9\x2c\xcc\x35\x48\x08\x05\x98\x7c\xb7\x0b\xe1\x7b", 32);
+        
+  check(fastpbkdf2_hmac_sha256,
+        "password", 8,
+        "salt", 4,
+        2,
+        "\xae\x4d\x0c\x95\xaf\x6b\x46\xd3\x2d\x0a\xdf\xf9\x28\xf0\x6d\xd0\x2a\x30\x3f\x8e\xf3\xc2\x51\xdf\xd6\xe2\xd8\x5a\x95\x47\x4c\x43", 32);
+        
+  check(fastpbkdf2_hmac_sha256,
+        "password", 8,
+        "salt", 4,
+        4096,
+        "\xc5\xe4\x78\xd5\x92\x88\xc8\x41\xaa\x53\x0d\xb6\x84\x5c\x4c\x8d\x96\x28\x93\xa0\x01\xce\x4e\x11\xa4\x96\x38\x73\xaa\x98\x13\x4a", 32);
+        
+  check(fastpbkdf2_hmac_sha256,
+        "passwordPASSWORDpassword", 24,
+        "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
+        4096,
+        "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8\x14\xb8\x11\x6e\x84\xcf\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f\xb8\xdd\x53\xe1\xc6\x35\x51\x8c\x7d\xac\x47\xe9", 40);
+        
+  check(fastpbkdf2_hmac_sha256,
+        "", 0,
+        "salt", 4,
+        1024,
+        "\x9e\x83\xf2\x79\xc0\x40\xf2\xa1\x1a\xa4\xa0\x2b\x24\xc4\x18\xf2\xd3\xcb\x39\x56\x0c\x96\x27\xfa\x4f\x47\xe3\xbc\xc2\x89\x7c\x3d", 32);
+        
+  check(fastpbkdf2_hmac_sha256,
+        "password", 8,
+        "", 0,
+        1024,
+        "\xea\x58\x08\x41\x1e\xb0\xc7\xe8\x30\xde\xab\x55\x09\x6c\xee\x58\x27\x61\xe2\x2a\x9b\xc0\x34\xe3\xec\xe9\x25\x22\x5b\x07\xbf\x46", 32);
+        
+  check(fastpbkdf2_hmac_sha256,
+        "pass\x00\x77\x6f\x72\x64", 9,
+        "sa\x00\x6c\x74", 5,
+        4096,
+        "\x89\xb6\x9d\x05\x16\xf8\x29\x89\x3c\x69\x62\x26\x65\x0a\x86\x87", 16);
+        
+  printf("ok\n");
+
+  printf("sha512 (4 tests):\n");
+  check(fastpbkdf2_hmac_sha512,
+        "password", 8,
+        "salt", 4,
+        1,
+        "\x86\x7f\x70\xcf\x1a\xde\x02\xcf\xf3\x75\x25\x99\xa3\xa5\x3d\xc4\xaf\x34\xc7\xa6\x69\x81\x5a\xe5\xd5\x13\x55\x4e\x1c\x8c\xf2\x52", 32);
+        
+  check(fastpbkdf2_hmac_sha512,
+        "password", 8,
+        "salt", 4,
+        2,
+        "\xe1\xd9\xc1\x6a\xa6\x81\x70\x8a\x45\xf5\xc7\xc4\xe2\x15\xce\xb6\x6e\x01\x1a\x2e\x9f\x00\x40\x71\x3f\x18\xae\xfd\xb8\x66\xd5\x3c", 32);
+        
+  check(fastpbkdf2_hmac_sha512,
+        "password", 8,
+        "salt", 4,
+        4096,
+        "\xd1\x97\xb1\xb3\x3d\xb0\x14\x3e\x01\x8b\x12\xf3\xd1\xd1\x47\x9e\x6c\xde\xbd\xcc\x97\xc5\xc0\xf8\x7f\x69\x02\xe0\x72\xf4\x57\xb5", 32);
+        
+  check(fastpbkdf2_hmac_sha512,
+        "passwordPASSWORDpassword", 24,
+        "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
+        1,
+        "n\x23\xf2\x76\x38\x08\x4b\x0f\x7e\xa1\x73\x4e\x0d\x98\x41\xf5\x5d\xd2\x9e\xa6\x0a\x83\x44\x66\xf3\x39\x6b\xac\x80\x1f\xac\x1e\xeb\x63\x80\x2f\x03\xa0\xb4\xac\xd7\x60\x3e\x36\x99\xc8\xb7\x44\x37\xbe\x83\xff\x01\xad\x7f\x55\xda\xc1\xef\x60\xf4\xd5\x64\x80\xc3\x5e\xe6\x8f\xd5\x2c\x69\x36", 72);
+        
+  printf("ok\n");
+
+  return 0;
+}
--- a/utils.c
+++ b/utils.c
@@ -0,0 +1,210 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <arpa/inet.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <ctype.h>
+
+#include <net/if.h>
+#include <sys/ioctl.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <ifaddrs.h>
+#include <linux/if_link.h>
+
+#include "utils.h"
+
+// s_sleep using select instead of sleep
+// s: second, u: usec 10^6usec = 1s
+void s_sleep(unsigned int s, unsigned int u)
+{
+	struct timeval timeout;
+
+	timeout.tv_sec = s;
+	timeout.tv_usec = u;
+	select(0, NULL, NULL, NULL, &timeout);
+}
+
+// is_valid_ip_address:
+// return 0:ipaddress unlegal
+int is_valid_ip_address(const char *ip_address) 
+{
+    struct sockaddr_in sa;
+    int result = inet_pton(AF_INET, ip_address, &(sa.sin_addr));
+	return result;
+}
+
+//	net_if_name: name of network interface, e.g. br-lan
+//	return: 1: error 0:get succeed
+int get_net_mac(char *net_if_name, char *mac, int mac_len) {
+	int ret = 1;
+	int i = 0;
+	int sock = 0;
+
+	if (mac_len < 12 || net_if_name == NULL) {
+		return 1;
+	}
+	struct ifreq ifreq;
+
+	sock = socket(AF_INET, SOCK_STREAM, 0);
+	if( sock < 0 ) {
+		perror("error sock");
+		goto OUT;
+	}
+
+	strncpy(ifreq.ifr_name, net_if_name, IFNAMSIZ);
+	if( ioctl(sock, SIOCGIFHWADDR,&ifreq) < 0 ) {
+		perror("error ioctl");
+		goto OUT;
+	}
+
+	for( i = 0; i < 6; i++ ){
+		snprintf(mac+2*i, mac_len - 2*i, "%02X", 
+			(unsigned char)ifreq.ifr_hwaddr.sa_data[i]);
+	}
+	mac[strlen(mac)] = 0;
+	ret =  0;
+
+OUT:
+	close(sock);
+	return ret;
+}
+
+// return: -1: network interface check failed; other: ifname numbers 
+int show_net_ifname()
+{
+	struct ifaddrs *ifaddr, *ifa;
+	int family, s, n;
+	char host[NI_MAXHOST];
+
+	if (getifaddrs(&ifaddr) == -1) {
+	   perror("getifaddrs");
+	   exit(EXIT_FAILURE);
+	}
+
+	/* Walk through linked list, maintaining head pointer so we
+	  can free list later */
+
+	for (ifa = ifaddr, n = 0; ifa != NULL; ifa = ifa->ifa_next, n++) {
+	    if (ifa->ifa_addr == NULL) continue;
+
+	    family = ifa->ifa_addr->sa_family;
+
+		/* Display interface name and family (including symbolic
+		form of the latter for the common families) */
+		 
+		printf("%-8s %s (%d)\n",
+		      ifa->ifa_name,
+		      (family == AF_PACKET) ? "AF_PACKET" :
+		      (family == AF_INET) ? "AF_INET" :
+		      (family == AF_INET6) ? "AF_INET6" : "???",
+		      family);
+
+	   /* For an AF_INET* interface address, display the address */
+
+	   if (family == AF_INET || family == AF_INET6) {
+	       s = getnameinfo(ifa->ifa_addr,
+	               (family == AF_INET) ? sizeof(struct sockaddr_in) :
+	                                     sizeof(struct sockaddr_in6),
+	               host, NI_MAXHOST,
+	               NULL, 0, NI_NUMERICHOST);
+	       if (s != 0) {
+	           printf("getnameinfo() failed: %s\n", gai_strerror(s));
+	           exit(EXIT_FAILURE);
+	       }
+
+	       printf("\t\taddress: <%s>\n", host);
+
+	   } else if (family == AF_PACKET && ifa->ifa_data != NULL) {
+	       struct rtnl_link_stats *stats = (struct rtnl_link_stats *)ifa->ifa_data;
+
+	       printf("\t\ttx_packets = %10u; rx_packets = %10u\n"
+	              "\t\ttx_bytes   = %10u; rx_bytes   = %10u\n",
+	              stats->tx_packets, stats->rx_packets,
+	              stats->tx_bytes, stats->rx_bytes);
+	   }
+	}
+
+	freeifaddrs(ifaddr);
+	return 0;
+}
+
+// return: 0: network interface get succeed
+int get_net_ifname(char *if_buf, int blen)
+{
+	if (NULL == if_buf || blen < 8) return -1;
+
+	struct ifaddrs *ifaddr, *ifa;
+	int family, n;
+	int ret = 1;
+	if (getifaddrs(&ifaddr) == -1) {
+	   perror("getifaddrs");
+	   exit(EXIT_FAILURE);
+	}
+
+	int found = 0;
+	char tmp_if_buf[16];
+	memset(tmp_if_buf, 0, sizeof(tmp_if_buf));
+	/* Walk through linked list, maintaining head pointer so we
+	  can free list later */
+	for (ifa = ifaddr, n = 0; ifa != NULL; ifa = ifa->ifa_next, n++) {
+	    if (ifa->ifa_addr == NULL) continue;
+
+	    family = ifa->ifa_addr->sa_family;
+
+		if (family == AF_INET) {
+			// for LEDE/OpenWRT embedded router os
+			if (strcmp(ifa->ifa_name, "br-lan") == 0) {
+				found = 1;
+				break;
+			}
+		} else if (family == AF_PACKET && 
+			ifa->ifa_data != NULL && 
+			strcmp(ifa->ifa_name, "lo") != 0) { // skip local loop interface
+			
+			strncpy(tmp_if_buf, ifa->ifa_name, 16);
+		}
+	}
+
+	if (found) {
+		strncpy(if_buf, ifa->ifa_name, blen);
+		ret = 0;
+	} else if (tmp_if_buf[0] != 0) {
+		strncpy(if_buf, tmp_if_buf, blen);
+		ret = 0;
+	}
+
+	freeifaddrs(ifaddr);
+	return ret;
+}
+
+// e.g. wWw.Baidu.com/China will be trans into www.baidu.com/China
+// return: 0:check and trant succeed, 1:failed or domain name is invalid
+int dns_unified(const char *dname, char *udname_buf, int udname_buf_len)
+{
+	if (! dname || ! udname_buf || udname_buf_len < strlen(dname)+1)
+		return 1;
+	
+	int has_dot = 0;
+	int dlen = strlen(dname);
+	int i = 0;
+	for(i=0; i<dlen; i++) {
+		if(dname[i] == '/')
+			break;
+
+		if (dname[i] == '.' && i != dlen-1)
+			has_dot = 1;
+
+		udname_buf[i] = tolower(dname[i]);
+	}
+
+	if (! has_dot)	//domain name should have 1 dot leastly
+		return 1;
+
+	return 0;
+}
--- a/utils.h
+++ b/utils.h
@@ -0,0 +1,19 @@
+#ifndef _UTILS_H_
+#define _UTILS_H_
+
+struct mycurl_string {
+	char 	*ptr;
+	size_t 	len;
+};
+
+void s_sleep(unsigned int s, unsigned int u);
+
+// is_valid_ip_address:
+// return 0:ipaddress unlegal
+int is_valid_ip_address(const char *ip_address);
+int show_net_ifname();
+int get_net_ifname(char *if_buf, int blen);
+int get_net_mac(char *net_if_name, char *mac, int mac_len);
+int dns_unified(const char *dname, char *udname_buf, int udname_buf_len);
+
+#endif //_UTILS_H_
--- a/version.h
+++ b/version.h
@@ -1,6 +1,8 @@
 #ifndef _VERSION_H_
 #define _VERSION_H_

-#define VERSION   "0.05."
+#define VERSION   "1.07.582"
+#define PROTOCOL_VERESION "0.43.0"
+#define CLIENT_V 1

-#endif
+#endif //_VERSION_H_
--- a/xfrp_test_server.c
+++ b/xfrp_test_server.c
@@ -1,80 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <event2/event.h>
-#include <event2/bufferevent.h>
-
-#define PORT 7000
-#define BACKLOG 100
-
-void readcb(struct bufferevent *bufev, void *arg)
-{
-	char buf[1024] = {0};
-	size_t readlen;
-	int res;
-
-	readlen  = bufferevent_read(bufev, buf, sizeof(buf));
-	
-	printf("buf:[%s]\n", buf);
-}
-
-void writecb(struct bufferevent *bufev, void *arg)
-{
-}
-
-void errorcb(struct bufferevent *bufev, short event, void *arg)
-{
-	if (event & BEV_EVENT_EOF) {
-		bufferevent_free(bufev);
-		printf("Disconnect\n");
-	} else if (event & BEV_EVENT_ERROR) {
-		bufferevent_free(bufev);
-		printf("Got error\n");
-	} else if (event & BEV_EVENT_TIMEOUT) {
-		printf("Timeout\n");
-	}
-}
-
-void accept_handler(int fd, short event, void *arg)
-{
-	struct event_base *evbase;
-	struct bufferevent *bufev;
-	int sock;
-	struct sockaddr_in addr;
-	socklen_t addrlen;
-
-	evbase = (struct event_base *)arg;
-
-	if (event & EV_READ) {
-		sock = accept(fd, (struct sockaddr*)&addr, &addrlen);
-		bufev = bufferevent_socket_new(evbase, sock, BEV_OPT_CLOSE_ON_FREE);
-		bufferevent_setcb(bufev, readcb, writecb, errorcb, NULL);
-		bufferevent_enable(bufev, EV_READ | EV_WRITE);
-	}
-}
-
-int main(int argc, char** argv)
-{
-	struct event_base *evbase;
-	struct event *ev;
-	struct sockaddr_in sin;
-	int sock;
-
-	memset(&sin, 0, sizeof(sin));
-	sin.sin_family = AF_INET;
-	sin.sin_addr.s_addr = INADDR_ANY;
-	sin.sin_port = htons(PORT);
-
-	sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
-	bind(sock, (struct sockaddr*)&sin, sizeof(sin));
-	listen(sock, BACKLOG);
-
-	evbase = event_base_new();
-	ev = event_new(evbase, sock, EV_READ | EV_PERSIST, accept_handler, evbase);
-	event_add(ev, NULL);
-	event_base_dispatch(evbase);
-
-	event_free(ev);
-	event_base_free(evbase);
-	return 0;
-}
--- a/xfrpc.c
+++ b/xfrpc.c
@@ -19,7 +19,37 @@
 *                                                                  *
 \********************************************************************/

-/** @file agent.c
-    @brief agent for router to communicate with frp server
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+/** @file xfrpc.c
+    @brief xfrpc client
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <assert.h>
+#include <errno.h>
+
+#include <syslog.h>
+
+#include <event2/event.h>
+
+#include "commandline.h"
+#include "client.h"
+#include "config.h"
+#include "uthash.h"
+#include "control.h"
+#include "debug.h"
+#include "xfrpc.h"
+#include "crypto.h"
+#include "msg.h"
+#include "utils.h"
+
+void xfrpc_loop()
+{
+	init_main_control();
+	run_control();
+	
+	close_main_control();
+}
--- a/xfrp_client.h
+++ b/xfrp_client.h
@@ -19,9 +19,14 @@
 *                                                                  *
 \********************************************************************/

-/** @file xfrp_client.h
-    @brief xfrp client header file
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+/** @file xfrpc.h
+    @brief xfrpc client header file
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */

-void xfrp_client_loop();
+#ifndef _XFRPC_H_
+#define _XFRPC_H_
+
+void xfrpc_loop();
+
+#endif //_XFRPC_H_
--- a/xfrpc_min.ini
+++ b/xfrpc_min.ini
@@ -1,10 +1,9 @@
 [common]
-server_addr = wifidog.kunteng.org
+server_addr = your_server_ip
 server_port = 7000
-auth_token = 123
-privilege_token = 12345678

 [ssh]
 type = tcp
 local_ip = 127.0.0.1
 local_port = 22
+remote_port = 6128
--- a/zip.c
+++ b/zip.c
@@ -21,7 +21,7 @@

 /** @file zip.c
    @brief zlib related function
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */

 #include <string.h>
--- a/zip.h
+++ b/zip.h
@@ -21,7 +21,7 @@

 /** @file zip.h
    @brief zlib related function
-    @author Copyright (C) 2016 Dengfeng Liu <liudengfeng@kunteng.org>
+    @author Copyright (C) 2016 Dengfeng Liu <liu_df@qq.com>
 */

 #ifndef _ZIP_H_