cURL / Mailing Lists / curl-library / Single Mail

curl-library

FTP regression

From: Patrick Monnerat <Patrick.Monnerat_at_datasphere.ch>
Date: Tue, 5 May 2015 13:42:40 +0200

Hi friends,

I just discovered a regression in the FTP EPSV handling.

The FTP server only listens to IPv4, while the server machine has both
IPv4 and IPv6 addresses (returned by DNS queries).
With an URL like "ftp://servername/" , the control connection is then
established on the IPv4 address, but the data connection fails after
EPSV because it is attempted on the IPv6 address.

Here is the trace:

* Trying 2002:c346:88:1:92b1:1cff:fe41:896f...

* connect to 2002:c346:88:1:92b1:1cff:fe41:896f port 21 failed: A remote
host refused an attempted connect operation.

* Trying 172.25.3.61...
* Connected to linuxdev.datasphere.ch (172.25.3.61) port 21 (#0)
< 220 linuxdev.datasphere.ch ftp
> USER xxx
< 331 Please specify the password.
> PASS xxx
< 230 Login successful.
> PWD
< 257 "/home/xxx"
* Entry path is '/home/xxx'

> EPSV
* Connect data stream passively
* ftp_perform ends with SECONDARY: 0
< 229 Entering Extended Passive Mode (|||46016|).
* Trying 2002:c346:88:1:92b1:1cff:fe41:896f...
* Connecting to linuxdev.datasphere.ch (172.25.3.61) port 46016
* connect to 2002:c346:88:1:92b1:1cff:fe41:896f port 21 failed: A remote
host refused an attempted connect operation.
* Failed to connect to linuxdev.datasphere.ch port 21: A remote host
refused an attempted connect operation.
* Failed EPSV attempt, exiting

After some debug stepping through the code, I suspect this fails
because:
- connect() is attempted on the IPv6 address on a non-blocking socket.
It then fails with errno = EINPROGRESS. Procedure singleipconnect then
returns CURL_OK.
- The loop in Curl_connecthost() exits without trying IPv4 because the
singleipconnect() call for IPv6 returned success.
- The attempted IPv6 connection finally fails, thus is unusable.

Before commit
https://github.com/bagder/curl/commit/9a452ba3a16bb51249e1d1be5a5b6e47a2
55c064 the effective IP address for data connection after EPSV was taken
directly from the control connection, thus avoiding to try another
address from the DNS. I think this way of doing has to be restored.

Patrick

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-05-05

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: libcurl fail's to initiate asynchronous DNS requests with c-ares"
Previous message: Rohit Nandan: "libcurl fail's to initiate asynchronous DNS requests with c-ares"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]