cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: FTP third party transfer (proxy) support.

From: Alexander Krasnostavsky <ALEXANDERKR_at_Amdocs.com>
Date: Tue, 18 May 2004 19:21:40 +0300

>> I am going to add FTP proxy support to curl-7.11.2 code

>Please consider basing any changes on a more recent CVS version. We
have >done quite big internal changes since 7.11.2 so it might take some
work to >merge changes done to 7.11.2 into the current 7.12 tree.

OK, I will start from 7.12.0-20040518

>> and would like to see your comments for the following issues:
>>
>> * url: ftp://user:password@host/path#user:password@host/path
>>
>> Source#Target

>I don't understand this. The CURLOPT_URL should be the source file to
>transfer I take it, but then you need pretty much a whole second URL
for >the target, won't you?

FTP proxy background:
There are situations when a user wants to transfer files between two FTP
servers, neither of which is the local host that is attended to by the
user. Figure 1 illustrates the situation. As shown in the diagram, a
user at host "C" may want to transfer files from host "A" to host "B".
Of course, one way to doing this is to transfer files from host "A" to
host "C" and from host "C" to host "B - thus doubling the network
traffic arising from the desired transfer as well as unduly engaging the
resources (CPU and disk) of host "C", not to mention the degradation in
response time.

                    Control Control
            Primary Connection ------------ Secondary Connection
                    ---------->| User-FTP |<-----------
                    | | User-PI | |
                    | | "C" | |
                    V ------------ V
            -------------- --------------
            | Server-FTP | Data Connection | Server-FTP |
            | "A" |<---------------------->| "B" |
            -------------- Port (A) Port (B) --------------

                                 Figure 1

FTP service protocol provides a transfer mechanism that alleviates these
performance bottlenecks. This mechanism is called third-party transfer
or proxy transfer. Using this mechanism, the user at host "C" can
initiate control connections to both servers: hosts "A" and "B". The
connection invoked first is the primary control connection, and the
second is the secondary control connection. As shown in Figure 1,
because the user logged in to the FTP service on host "A" first, this
connection is the primary one, and the second to host "B" is the
secondary connection. When both connections are established, the user
can set up a data connection between the two servers. In this fashion,
control information is communicated over the control connections while
data is transferred between the servers over the data connection without
being routed through host "C".

When data is to be transferred between two servers, A and B (refer to
Figure 1), the user-PI, C, sets up control connections with both
server-PI's. One of the servers, say A, is then sent a PASV command
telling him to "listen" on his data port rather than initiate a
connection when he receives a transfer service command. When the user-PI
receives an acknowledgment to the PASV command, which includes the
identity of the host and port being listened on, the user-PI then sends
A's port, a, to B in a PORT command; a reply is returned. The user-PI
may then send the corresponding service commands to A and B. Server B
initiates the connection and the transfer proceeds. The command-reply
sequence is listed below where the messages are vertically synchronous
but horizontally asynchronous:

         User-PI - Server A User-PI - Server B
         ------------------ ------------------

         C->A : Connect C->B : Connect
         C->A : PASV
         A->C : 227 Entering Passive Mode. A1,A2,A3,A4,a1,a2
                                           C->B : PORT A1,A2,A3,A4,a1,a2
                                           B->C : 200 Okay
         C->A : STOR file C->B : RETR file
                    B->A : Connect to HOST-A, PORT-a

                                Figure 2

So, because there is no need for "classic" local client that actually
reads/writes to file at the local host "C", we need to specify in the
url all the parameters for the target host "B" too.

>> * New options for FTP interface: CURLOPT_PROXYPREQUOTE,
>> CURLOPT_PROXYPOSTQUOTE, CURLOPT_FTPPROXYPORT,
CURLOPT_FTPPROXYLISTONLY
>> * CURLOPT_PROXY, CURLOPT_PROXYUSERPWD should be used for FTP too.

>Are you going to address "3rd party transfers" as well as ftp-proxying
at >the same time? What are the objectives for CURLOPT_PROXYPREQUOTE,
>CURLOPT_PROXYPOSTQUOTE and CURLOPT_FTPPROXYLISTONLY?

"3rd party transfers" and ftp-proxying are the same concept.
The "QUOTE" commands can be used as source/target pre/post commands, for
example: user can do some pre-command at the source host "A" and after
the transfer do some post-command at the target host "B" (nothing on
"C").
Proxy is the "FTP" server mode. I prefer to call source and target
hosts.
But it is required to change the options from CURLOPT_PREQUOTE and
CURLOPT_POSTQUOTE to CURLOPT_SOURCEPREQUOTE, CURLOPT_SOURCEPOSTQUOTE and
CURLOPT_TARGETPREQUOTE, CURLOPT_TARGETPOSTQUOTE
About CURLOPT_FTPPROXYLISTONLY - because in proxy mode we have 2
connections with 2 remote hosts, we can actually perform the LIST
command on both. It is just for the uniform interface.

>> * Is there a way to work with OpenSSL mode between remote hosts?

>I haven't read up on 3rd party transfers and how they are setup and
work, >so I really can't tell right now.

May be now from Figure 2 you are able to answer. I have no experience
with SSL and how it implemented.

Please approve the interface changes and reply with any additional
questions you have in this issue.

Actually, in many applications that transfer large amount of files, most
of file transfers performed by special process called daemon when FTP
client works in proxy mode and installed on separate secured host which
is called file transfer server and does not participate directly in the
transfer at all. This solves heavy load of network traffic and cpu time
as described before. Therefore it is very important to implement it in
the best way.

Thanks,
Alexander

The information contained in this message is proprietary of Amdocs,
protected from disclosure, and may be privileged.
The information is intended to be conveyed only to the designated recipient(s)
of the message. If the reader of this message is not the intended recipient,
you are hereby notified that any dissemination, use, distribution or copying of
this communication is strictly prohibited and may be unlawful.
If you have received this communication in error, please notify us immediately
by replying to the message and deleting it from your computer.
Thank you.
Received on 2004-05-18