Subject: pkg/30488: tnftp issues with SOCKS firewalls on Solaris
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Jonathan Perkin <jonathan@perkin.org.uk>
List: pkgsrc-bugs
Date: 06/10/2005 07:20:00
>Number: 30488
>Category: pkg
>Synopsis: Latest tnftp does not work through SOCKS firewalls (Solaris)
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jun 10 07:20:00 +0000 2005
>Originator: Jonathan Perkin
>Release: NetBSD 2.0.2 / SunOS 5.9
>Organization:
>Environment:
SunOS build1 5.9 Generic_112233-01 sun4u sparc SUNW,UltraSPARC-IIi-cEngine
NetBSD chorlton.adsl.perkin.org.uk 2.0.2 NetBSD 2.0.2 (CHORLTON) #0: Fri Apr 22 21:25:38 BST 2005 sketch@store.adsl.perkin.org.uk:/store/netbsd/2.0.2/src/sys/arch/i386/compile/obj/CHORLTON i386
>Description:
Newer versions of tnftp have issues on Solaris when retrieving files via
FTP through a SOCKS firewall (local software is NEC Socks5 v1.0r6).
To demonstrate:
#
# Common command-line fetch
#
$ /tool/local/bin/runsocks /cache/pkg/bin/ftp
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-2.0.2/i386/binary/kernel/netbsd-GENERIC.gz
Connected to ftp.netbsd.org.
¹0m$
#
# pkgsrc distfile fetch (latest ftp still works via squid proxy)
#
$ bmake fetch
===> *** No /home/jonp/public_html/NetBSD/pkgsrc/distfiles/pkg-vulnerabilities file found,
===> *** skipping vulnerability checks. To fix, install
===> *** the pkgsrc/security/audit-packages package and run
===> *** '/cache/pkg/sbin/download-vulnerability-list'.
=> postfix-2.2.3.tar.gz doesn't seem to exist on this system.
=> Attempting to fetch postfix-2.2.3.tar.gz from
ftp://ftp.porcupine.org/mirrors/postfix-release/official/.
Connected to ftp.porcupine.org.
¹fix-2.2.3.tar.gz from http://ftp.fi.NetBSD.org/pub/NetBSD/packages/distfiles/po
stfix/.
Requesting http://ftp.fi.NetBSD.org/pub/NetBSD/packages/distfiles/postfix/postfix-2.2.3.tar.gz
(via www-cache.is.bbc.co.uk:80)
100% |*************************************| 2353 KB 1.01 MB/s 00:00 ETA
2409888 bytes retrieved in 00:02 (0.99 MB/s)
#
# Older version works fine, same environment and compiler
#
$ /tool/local/bin/runsocks ~/pkg/SunOS-5.9-sparc/bin/ftp
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-2.0.2/i386/binary/kernel/netbsd-GENERIC.gz
Connected to ftp.netbsd.org.
220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20040809) ready.
331 Guest login ok, type your name as password.
[..]
local: netbsd-GENERIC.gz remote: netbsd-GENERIC.gz
227 Entering Passive Mode (204,152,190,13,236,24)
150 Opening BINARY mode data connection for 'netbsd-GENERIC.gz' (3526105 bytes).
100% |*************************************| 3443 KB 176.97 KB/s 00:00 ETA
226 Transfer complete.
#
# Broken revision (today's pkgsrc -current)
#
$ /cache/pkg/bin/ftp
ftp> status
Not connected.
No proxy connection.
Gate ftp: off, server (none), port ftpgate.
Passive mode: on; fallback to active mode: on.
Mode: ; Type: ; Form: ; Structure: .
Verbose: on; Bell: off; Prompting: on; Globbing: on.
Store unique: off; Receive unique: off.
Preserve modification times: on.
Case: off; CR stripping: on.
Ntrans: off.
Nmap: off.
Hash mark printing: off; Mark count: 1024; Progress bar: on.
Get transfer rate throttle: off; maximum: 0; increment 1024.
Put transfer rate throttle: off; maximum: 0; increment 1024.
Socket buffer sizes: send 49152, receive 49152.
Use of PORT cmds: on.
Use of EPSV/EPRT cmds for IPv4: on.
Command line editing: on.
Version: tnftp 20050610
#
# Previous working revision (older pkgsrc branch)
#
$ ~/pkg/SunOS-5.9-sparc/bin/ftp
ftp> status
Not connected.
No proxy connection.
Gate ftp: off, server (none), port ftpgate.
Passive mode: on; fallback to active mode: on.
Mode: ; Type: ; Form: ; Structure: .
Verbose: on; Bell: off; Prompting: on; Globbing: on.
Store unique: off; Receive unique: off.
Preserve modification times: on.
Case: off; CR stripping: on.
Ntrans: off.
Nmap: off.
Hash mark printing: off; Mark count: 1024; Progress bar: on.
Get transfer rate throttle: off; maximum: 0; increment 1024.
Put transfer rate throttle: off; maximum: 0; increment 1024.
Socket buffer sizes: send 49152, receive 49152.
Use of PORT cmds: on.
Use of EPSV/EPRT cmds for IPv4: off.
Command line editing: on.
Version: tnftp 20030825
#
# Oddly, it still works on NetBSD via SOCKS
#
$ pwd
/home/sketch/cvs/netbsd/pkgsrc/net/tnftp/work/tnftp-20050610/src
$ ./ftp
ftp> status
Not connected.
No proxy connection.
Gate ftp: off, server (none), port ftpgate.
Passive mode: on; fallback to active mode: on.
Mode: ; Type: ; Form: ; Structure: .
Verbose: on; Bell: off; Prompting: on; Globbing: on.
Store unique: off; Receive unique: off.
Preserve modification times: on.
Case: off; CR stripping: on.
Ntrans: off.
Nmap: off.
Hash mark printing: off; Mark count: 1024; Progress bar: on.
Get transfer rate throttle: off; maximum: 0; increment 1024.
Put transfer rate throttle: off; maximum: 0; increment 1024.
Socket buffer sizes: send 32768, receive 32768.
Use of PORT cmds: on.
Use of EPSV/EPRT cmds for IPv4: on.
Command line editing: on.
Version: tnftp 20050610
$ socksify ./ftp ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-2.0.2/i386/binary/kernel/netbsd-GENERIC.gz
Trying 2001:4f8:4:7:2e0:81ff:fe21:6563...
ftp: connect to address 2001:4f8:4:7:2e0:81ff:fe21:6563: No route to host
Trying 204.152.190.13...
Connected to ftp.netbsd.org.
220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20040809) ready.
331 Guest login ok, type your name as password.
[..]
local: netbsd-GENERIC.gz remote: netbsd-GENERIC.gz
229 Entering Extended Passive Mode (|||49672|)
150 Opening BINARY mode data connection for 'netbsd-GENERIC.gz' (3526105 bytes).
100% |*************************************| 3443 KB 206.24 KB/s 00:00 ETA
226 Transfer complete.
$ pkg_info -Fe /usr/pkg/bin/socksify
dante-1.1.14nb1
>How-To-Repeat:
>Fix: