ipl ftp proxy bugfix

From: Karim Fodil-Lemelin (kfl_at_xiphos.ca)
Date: 11/25/04

  • Next message: Bruce M Simpson: "Re: Linux compatible rpc.lockd" 
    Date: Thu, 25 Nov 2004 15:28:41 -0500
To: freebsd-net@freebsd.org

    Hi all,

        I have been experiencing problems reaching some ftp servers in
    active mode through the ftp proxy in the ipl module. Although some ftp
    servers would work without problems (ex: ftp.freebsd.org). Here is how
    you can reproduce the current problem:

    /etc/ipnat.rules
    map sis2 192.168.0.0/16 -> 0/32 proxy port ftp ftp/tcp
    map sis2 192.168.0.0/16 -> 0/32

    ftp to a site where the welcome message/banner (220) is larger then 80
    bytes (FTP_BUFSZ/2).

    ftp> passive
    Passive mode off
    ftp> ls
    500 Illegal PORT command.

    The problem is that the ftp proxy entry gets deleted when
    ftp_server_valid() tries to get the 220 command due to the lack of \n in
    the buffer (striped by len = MIN(mlen, FTP_BUFSZ / 2); in ip_ftp_pxy.c).
    I have attached the solution.

    Regards, 

    -- 
Karim Fodil-Lemelin
Lead Programmer
Xiphos Technologies Inc.
www.xiplink.com

    Index: ip_ftp_pxy.c
    ===================================================================
    RCS file: /usr/xiphos/cvsroot/scps/OS_port/FreeBSD/dev/sys_49/contrib/ipfilter/netinet/ip_ftp_pxy.c,v
    retrieving revision 1.1
    diff -u -r1.1 ip_ftp_pxy.c
    --- ip_ftp_pxy.c 30 Aug 2004 20:48:14 -0000 1.1
    +++ ip_ftp_pxy.c 25 Nov 2004 20:03:34 -0000
    @@ -818,11 +818,9 @@
             }
     
             for (; i; i--) {
    - c = *s++;
    - if (c == '\n') {
    - ftps->ftps_cmds = cmd;
    - return 0;
    - }
    + c = *s++;
    + ftps->ftps_cmds = cmd;
    + return 0;
             }
     #if !defined(_KERNEL) && !defined(KERNEL)
             fprintf(stdout, "ippr_ftp_server_valid:junk after cmd[%s]\n", buf);

    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Bruce M Simpson: "Re: Linux compatible rpc.lockd"

    Relevant Pages

    • How to write transparent FTP or HTTP forwarding rules for PF using Firewall Builder (security/fwbuil
      ... "Firewall Builder":http://www.fwbuilder.org/ tool.) ... does not have an in-kernel FTP proxy. ... proxy, forward FTP command channel connections to the proxy, and allow ... The FTP proxy is usually run out of inetd with inetd.conf entries ...
      (comp.unix.bsd.freebsd.misc)
    • Re: ftp request through ftp proxy
      ... Finally I use a batch file called in my code. ... I don't know of another class that will let you use an FTP proxy, ... "ftp scheme proxies are not supported ... requested FTP command is not supported when using HTTP proxy". ...
      (microsoft.public.dotnet.languages.csharp)
    • RE: OpenSSH and FTP
      ... I can't just use SCP without our ftp proxy. ... through a custom FTP proxy server. ...
      (SSH)
    • Re: FTP proxy with authentication
      ... All of the FTP clients I used had the problems whin connected to FTP ... server via SQUID. ... more complex requests, such as creation of directories, changing access ... >>What is the right FTP proxy to go for. ...
      (RedHat)
    • Re: Solaris 9 FTPD and IPFilterd
      ... an FTP proxy service on the firewall interacts with the real ... In addition to the FTP daemon, ... FTP proxy listening on the public interface, ... natural course. ...
      (comp.unix.solaris)