Subject: pkg/30488: tnftp issues with SOCKS firewalls on Solaris
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Jonathan Perkin <jonathan@perkin.org.uk>
List: pkgsrc-bugs
Date: 06/10/2005 07:20:00
>Number:         30488
>Category:       pkg
>Synopsis:       Latest tnftp does not work through SOCKS firewalls (Solaris)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jun 10 07:20:00 +0000 2005
>Originator:     Jonathan Perkin
>Release:        NetBSD 2.0.2 / SunOS 5.9
>Organization:
>Environment:
	SunOS build1 5.9 Generic_112233-01 sun4u sparc SUNW,UltraSPARC-IIi-cEngine
	NetBSD chorlton.adsl.perkin.org.uk 2.0.2 NetBSD 2.0.2 (CHORLTON) #0: Fri Apr 22 21:25:38 BST 2005 sketch@store.adsl.perkin.org.uk:/store/netbsd/2.0.2/src/sys/arch/i386/compile/obj/CHORLTON i386
>Description:
Newer versions of tnftp have issues on Solaris when retrieving files via
FTP through a SOCKS firewall (local software is NEC Socks5 v1.0r6).

To demonstrate:

#
# Common command-line fetch
#
$ /tool/local/bin/runsocks /cache/pkg/bin/ftp
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-2.0.2/i386/binary/kernel/netbsd-GENERIC.gz
Connected to ftp.netbsd.org.

¹0m$

#
# pkgsrc distfile fetch (latest ftp still works via squid proxy)
#
$ bmake fetch
===> *** No /home/jonp/public_html/NetBSD/pkgsrc/distfiles/pkg-vulnerabilities file found,
===> *** skipping vulnerability checks. To fix, install
===> *** the pkgsrc/security/audit-packages package and run
===> *** '/cache/pkg/sbin/download-vulnerability-list'.
=> postfix-2.2.3.tar.gz doesn't seem to exist on this system.
=> Attempting to fetch postfix-2.2.3.tar.gz from
ftp://ftp.porcupine.org/mirrors/postfix-release/official/.
Connected to ftp.porcupine.org.

¹fix-2.2.3.tar.gz from http://ftp.fi.NetBSD.org/pub/NetBSD/packages/distfiles/po
stfix/.
Requesting http://ftp.fi.NetBSD.org/pub/NetBSD/packages/distfiles/postfix/postfix-2.2.3.tar.gz
  (via www-cache.is.bbc.co.uk:80)
100% |*************************************|  2353 KB    1.01 MB/s 00:00 ETA
2409888 bytes retrieved in 00:02 (0.99 MB/s)

#
# Older version works fine, same environment and compiler
#
$ /tool/local/bin/runsocks ~/pkg/SunOS-5.9-sparc/bin/ftp
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-2.0.2/i386/binary/kernel/netbsd-GENERIC.gz
Connected to ftp.netbsd.org.
220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20040809) ready.
331 Guest login ok, type your name as password.
[..]
local: netbsd-GENERIC.gz remote: netbsd-GENERIC.gz
227 Entering Passive Mode (204,152,190,13,236,24)
150 Opening BINARY mode data connection for 'netbsd-GENERIC.gz' (3526105 bytes).
100% |*************************************|  3443 KB  176.97 KB/s 00:00 ETA
226 Transfer complete.

#
# Broken revision (today's pkgsrc -current)
#
$ /cache/pkg/bin/ftp
ftp> status
Not connected.
No proxy connection.
Gate ftp: off, server (none), port ftpgate.
Passive mode: on; fallback to active mode: on.
Mode: ; Type: ; Form: ; Structure: .
Verbose: on; Bell: off; Prompting: on; Globbing: on.
Store unique: off; Receive unique: off.
Preserve modification times: on.
Case: off; CR stripping: on.
Ntrans: off.
Nmap: off.
Hash mark printing: off; Mark count: 1024; Progress bar: on.
Get transfer rate throttle: off; maximum: 0; increment 1024.
Put transfer rate throttle: off; maximum: 0; increment 1024.
Socket buffer sizes: send 49152, receive 49152.
Use of PORT cmds: on.
Use of EPSV/EPRT cmds for IPv4: on.
Command line editing: on.
Version: tnftp 20050610

#
# Previous working revision (older pkgsrc branch)
#
$ ~/pkg/SunOS-5.9-sparc/bin/ftp
ftp> status
Not connected.
No proxy connection.
Gate ftp: off, server (none), port ftpgate.
Passive mode: on; fallback to active mode: on.
Mode: ; Type: ; Form: ; Structure: .
Verbose: on; Bell: off; Prompting: on; Globbing: on.
Store unique: off; Receive unique: off.
Preserve modification times: on.
Case: off; CR stripping: on.
Ntrans: off.
Nmap: off.
Hash mark printing: off; Mark count: 1024; Progress bar: on.
Get transfer rate throttle: off; maximum: 0; increment 1024.
Put transfer rate throttle: off; maximum: 0; increment 1024.
Socket buffer sizes: send 49152, receive 49152.
Use of PORT cmds: on.
Use of EPSV/EPRT cmds for IPv4: off.
Command line editing: on.
Version: tnftp 20030825

#
# Oddly, it still works on NetBSD via SOCKS
#
$ pwd
/home/sketch/cvs/netbsd/pkgsrc/net/tnftp/work/tnftp-20050610/src

$ ./ftp
ftp> status
Not connected.
No proxy connection.
Gate ftp: off, server (none), port ftpgate.
Passive mode: on; fallback to active mode: on.
Mode: ; Type: ; Form: ; Structure: .
Verbose: on; Bell: off; Prompting: on; Globbing: on.
Store unique: off; Receive unique: off.
Preserve modification times: on.
Case: off; CR stripping: on.
Ntrans: off.
Nmap: off.
Hash mark printing: off; Mark count: 1024; Progress bar: on.
Get transfer rate throttle: off; maximum: 0; increment 1024.
Put transfer rate throttle: off; maximum: 0; increment 1024.
Socket buffer sizes: send 32768, receive 32768.
Use of PORT cmds: on.
Use of EPSV/EPRT cmds for IPv4: on.
Command line editing: on.
Version: tnftp 20050610

$ socksify ./ftp ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-2.0.2/i386/binary/kernel/netbsd-GENERIC.gz
Trying 2001:4f8:4:7:2e0:81ff:fe21:6563...
ftp: connect to address 2001:4f8:4:7:2e0:81ff:fe21:6563: No route to host
Trying 204.152.190.13...
Connected to ftp.netbsd.org.
220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20040809) ready.
331 Guest login ok, type your name as password.
[..]
local: netbsd-GENERIC.gz remote: netbsd-GENERIC.gz
229 Entering Extended Passive Mode (|||49672|)
150 Opening BINARY mode data connection for 'netbsd-GENERIC.gz' (3526105 bytes).
100% |*************************************|  3443 KB  206.24 KB/s    00:00 ETA
226 Transfer complete.

$ pkg_info -Fe /usr/pkg/bin/socksify 
dante-1.1.14nb1
>How-To-Repeat:
>Fix: