Updates to ftp(1) and pkg

Contributed by merdely on 2007-07-10 from the stayin-alive dept.

Recently, Marc Espie (espie@) reminded us on ports@ that FTP is broken. "So a file transfer goes like this: send some commands, open a data connection, and transfer the file... during the transfer, the control connection stays silent... that is, totally silent. And then, we come back up, and there is NO control connection left. Over the lousy five minutes it took us to transfer the file," the network expired the control connection.

To attempt to make ftp(1) work better, Marc committed code to:

implement a `keep-alive' option that sends bytes over an inactive connection. The FTP protocol provides us with a NOOP operation that is perfectly suitable for that, and so far servers are happy with it. Sending the command slowly is an idea I borrowed from spamd. No change for people not using the option, so it can't break normal ftp.

A new "-k" option was added to the ftp command:

     -k seconds
             Sends a byte after each seconds period over the control connec-
             tion during long transfers, so that incorrectly configured net-
             work equipment won't agressively drop it.  The FTP protocol sup-
             ports a NOOP command that can be used for that purpose.  This as-
             sumes the FTP server can deal with extra commands coming over the
             control connection during a transfer.  Well-behaved servers queue
             those commands, and process them after the transfer.

As Marc then announced on ports@:

[The -k option] doesn't solve the other ftp problem, that in many cases you may have an intermediate proxy that does not understand telnet correctly, and so your urgent ABORTs won't get through correctly, and it will take forever for pkg_add to close connections early (we solved this in our ftp-proxy a few years ago).
So, from pkg_add, you can try out to set the env variable FTP_KEEPALIVE if you think you have the problem... one common symptom is to have the installation of openoffice hanging at the end.

(Comments are closed)

Comments

By Anonymous Coward (85.97.21.103) on 2007-07-10 23:19

Before this fix, I tried to solve the problem by setting FTPMODE to "active" and it worked. This doesn't mean that I don't appreciate this fix. Thank you for making our operating system better each day.
Comments
1. By Anonymous Coward (84.56.88.23) on 2007-07-11 11:47
  
  > Before this fix, I tried to solve the problem by setting FTPMODE to "active" and it worked. This doesn't mean that I don't appreciate this fix. Thank you for making our operating system better each day.
  
  You aren't serious about that, are you?
  Comments
  1. By Anonymous Coward (85.102.220.197) on 2007-07-11 20:40
    
    > > Before this fix, I tried to solve the problem by setting FTPMODE to "active" and it worked. This doesn't mean that I don't appreciate this fix. Thank you for making our operating system better each day.
    >
    > You aren't serious about that, are you?
    >
    
    I was serious and I would like to know what I was missing.
    
    Comments
    
    By Anonymous Coward (202.81.60.133) on 2007-07-12 12:29
    
    > > > Before this fix, I tried to solve the problem by setting FTPMODE to "active" and it worked. This doesn't mean that I don't appreciate this fix. Thank you for making our operating system better each day.
    > >
    > > You aren't serious about that, are you?
    > >
    >
    > I was serious and I would like to know what I was missing.
    perhaps your firewall blocks outgoing connection to port >1024 which explains why setting FTPMODE to active solved the problem (as I also have same problem).
By Cabal (Cabal) Cabal on 2007-07-10 23:24 http://www.enginuity.org/

This short-coming is nothing new to the FTP protocol, what made it crop up now?
Comments
1. By Marc Espie (213.41.185.88) espie@openbsd.org on 2007-07-11 07:32
  
  > This short-coming is nothing new to the FTP protocol, what made it crop up now?
  
  Two things:
  - increasing number of issues with big packages and pkg_add. I guess it's due to more people using pkg_add over ftp.
  - very lousy network at my current work, due to people sitting on public IP adresses, nat being overused, and aggressively expiring connections.
  
  Those are `long term' fixes. In many cases, it's fairly hard to test and fix issues you don't see.
  
  For instance, this has nothing to do with active ftp. There are at least three distinct issues with ftp in there !
  
  - active vs. passive ftp
  - proxy not relaying telnet ABORT correctly
  - nat firewalls dropping control connections.
  
  And maybe more.
  
  Anyways, this is just a band-aid. If someone wants to *look* at ftp and actually fix the code (probably rewrite it), they're welcome.
  Comments
  1. By Cabal (Cabal) on 2007-07-11 13:11 http://www.enginuity.org/
    
    Very interesting, thanks for the info.
By Anonymous Coward (208.146.43.174) on 2007-07-13 15:56

maybe it's because i haven't finished my morning tea yet, but i'm not seeing where ftp-proxy deals with the telnet commands as you mentioned....
Comments
1. By sthen (85.158.45.32) on 2007-07-13 20:25
  
  > maybe it's because i haven't finished my morning tea yet, but i'm
  > not seeing where ftp-proxy deals with the telnet commands as you
  > mentioned....
  
  Unless I'm mistaken it's because /usr/libexec/ftp-proxy uses
  NAT/RDR - the data connections are passed straight through,
  they don't need special handling in the proxy.
  Comments
  1. By sthen (85.158.45.32) on 2007-07-13 20:26
    
    > > maybe it's because i haven't finished my morning tea yet, but i'm
    > > not seeing where ftp-proxy deals with the telnet commands as you
    > > mentioned....
    >
    > Unless I'm mistaken it's because /usr/libexec/ftp-proxy uses
    > NAT/RDR - the data connections are passed straight through,
    > they don't need special handling in the proxy.
    
    ugh, s/libexec/sbin/ of course
  2. By Anonymous Coward (208.146.43.174) on 2007-07-13 22:08
    
    > > maybe it's because i haven't finished my morning tea yet, but i'm
    > > not seeing where ftp-proxy deals with the telnet commands as you
    > > mentioned....
    >
    > Unless I'm mistaken it's because /usr/libexec/ftp-proxy uses
    > NAT/RDR - the data connections are passed straight through,
    > they don't need special handling in the proxy.
    
    those commands are sent over the control connection not the data.
2. By Marc Espie (213.41.185.88) espie@openbsd.org on 2007-07-14 10:38
  
  > maybe it's because i haven't finished my morning tea yet, but i'm not seeing where ftp-proxy deals with the telnet commands as you mentioned....
  
  This was some fix I did in the *previous* ftp-proxy (read cvs log, you'll see this was completely rewritten).
  
  I haven't actually looked at the new one... I have no idea whether it deals correctly with urgent stuff (which is what this is all about). I'm bound to update my soekris one of these days, now that I've got a big enough flash available to get away from flashdist, but I don't fancy reinstalling my gateway...
  Comments
  1. By Anonymous Coward (71.216.4.2) on 2007-07-14 15:08
    
    > > maybe it's because i haven't finished my morning tea yet, but i'm not seeing where ftp-proxy deals with the telnet commands as you mentioned....
    >
    > This was some fix I did in the *previous* ftp-proxy (read cvs log, you'll see this was completely rewritten).
    >
    > I haven't actually looked at the new one... I have no idea whether it deals correctly with urgent stuff (which is what this is all about). I'm bound to update my soekris one of these days, now that I've got a big enough flash available to get away from flashdist, but I don't fancy reinstalling my gateway...
    >
    >
    
    ah ok, i see it. thanks.
    well it doesn't appear that the new proxy has any of that.

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (9)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (2)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]