NetBSD Problem Report #30488
From sketch@perkin.org.uk Fri Jun 10 07:19:59 2005
Return-Path: <sketch@perkin.org.uk>
Received: from mailgw2.mh.bbc.co.uk (unknown [132.185.144.142])
by narn.netbsd.org (Postfix) with ESMTP id 7713763B11A
for <gnats-bugs@gnats.NetBSD.org>; Fri, 10 Jun 2005 07:19:58 +0000 (UTC)
Message-Id: <20050610071957.133C3332A0@chorlton.adsl.perkin.org.uk>
Date: Fri, 10 Jun 2005 08:19:57 +0100 (BST)
From: Jonathan Perkin <jonathan@perkin.org.uk>
Reply-To: jonathan@perkin.org.uk
To: gnats-bugs@netbsd.org
Subject: tnftp issues with SOCKS firewalls on Solaris
X-Send-Pr-Version: 3.95
>Number: 30488
>Category: pkg
>Synopsis: [Solaris] Latest tnftp does not work through SOCKS firewalls
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: lukem
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jun 10 07:20:00 +0000 2005
>Closed-Date: Thu Jun 23 18:02:18 +0000 2016
>Last-Modified: Thu Jun 23 18:02:18 +0000 2016
>Originator: Jonathan Perkin
>Release: NetBSD 2.0.2 / SunOS 5.9
>Organization:
>Environment:
SunOS build1 5.9 Generic_112233-01 sun4u sparc SUNW,UltraSPARC-IIi-cEngine
NetBSD chorlton.adsl.perkin.org.uk 2.0.2 NetBSD 2.0.2 (CHORLTON) #0: Fri Apr 22 21:25:38 BST 2005 sketch@store.adsl.perkin.org.uk:/store/netbsd/2.0.2/src/sys/arch/i386/compile/obj/CHORLTON i386
>Description:
Newer versions of tnftp have issues on Solaris when retrieving files via
FTP through a SOCKS firewall (local software is NEC Socks5 v1.0r6).
To demonstrate:
#
# Common command-line fetch
#
$ /tool/local/bin/runsocks /cache/pkg/bin/ftp
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-2.0.2/i386/binary/kernel/netbsd-GENERIC.gz
Connected to ftp.netbsd.org.
¹0m$
#
# pkgsrc distfile fetch (latest ftp still works via squid proxy)
#
$ bmake fetch
===> *** No /home/jonp/public_html/NetBSD/pkgsrc/distfiles/pkg-vulnerabilities file found,
===> *** skipping vulnerability checks. To fix, install
===> *** the pkgsrc/security/audit-packages package and run
===> *** '/cache/pkg/sbin/download-vulnerability-list'.
=> postfix-2.2.3.tar.gz doesn't seem to exist on this system.
=> Attempting to fetch postfix-2.2.3.tar.gz from
ftp://ftp.porcupine.org/mirrors/postfix-release/official/.
Connected to ftp.porcupine.org.
¹fix-2.2.3.tar.gz from http://ftp.fi.NetBSD.org/pub/NetBSD/packages/distfiles/po
stfix/.
Requesting http://ftp.fi.NetBSD.org/pub/NetBSD/packages/distfiles/postfix/postfix-2.2.3.tar.gz
(via www-cache.is.bbc.co.uk:80)
100% |*************************************| 2353 KB 1.01 MB/s 00:00 ETA
2409888 bytes retrieved in 00:02 (0.99 MB/s)
#
# Older version works fine, same environment and compiler
#
$ /tool/local/bin/runsocks ~/pkg/SunOS-5.9-sparc/bin/ftp
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-2.0.2/i386/binary/kernel/netbsd-GENERIC.gz
Connected to ftp.netbsd.org.
220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20040809) ready.
331 Guest login ok, type your name as password.
[..]
local: netbsd-GENERIC.gz remote: netbsd-GENERIC.gz
227 Entering Passive Mode (204,152,190,13,236,24)
150 Opening BINARY mode data connection for 'netbsd-GENERIC.gz' (3526105 bytes).
100% |*************************************| 3443 KB 176.97 KB/s 00:00 ETA
226 Transfer complete.
#
# Broken revision (today's pkgsrc -current)
#
$ /cache/pkg/bin/ftp
ftp> status
Not connected.
No proxy connection.
Gate ftp: off, server (none), port ftpgate.
Passive mode: on; fallback to active mode: on.
Mode: ; Type: ; Form: ; Structure: .
Verbose: on; Bell: off; Prompting: on; Globbing: on.
Store unique: off; Receive unique: off.
Preserve modification times: on.
Case: off; CR stripping: on.
Ntrans: off.
Nmap: off.
Hash mark printing: off; Mark count: 1024; Progress bar: on.
Get transfer rate throttle: off; maximum: 0; increment 1024.
Put transfer rate throttle: off; maximum: 0; increment 1024.
Socket buffer sizes: send 49152, receive 49152.
Use of PORT cmds: on.
Use of EPSV/EPRT cmds for IPv4: on.
Command line editing: on.
Version: tnftp 20050610
#
# Previous working revision (older pkgsrc branch)
#
$ ~/pkg/SunOS-5.9-sparc/bin/ftp
ftp> status
Not connected.
No proxy connection.
Gate ftp: off, server (none), port ftpgate.
Passive mode: on; fallback to active mode: on.
Mode: ; Type: ; Form: ; Structure: .
Verbose: on; Bell: off; Prompting: on; Globbing: on.
Store unique: off; Receive unique: off.
Preserve modification times: on.
Case: off; CR stripping: on.
Ntrans: off.
Nmap: off.
Hash mark printing: off; Mark count: 1024; Progress bar: on.
Get transfer rate throttle: off; maximum: 0; increment 1024.
Put transfer rate throttle: off; maximum: 0; increment 1024.
Socket buffer sizes: send 49152, receive 49152.
Use of PORT cmds: on.
Use of EPSV/EPRT cmds for IPv4: off.
Command line editing: on.
Version: tnftp 20030825
#
# Oddly, it still works on NetBSD via SOCKS
#
$ pwd
/home/sketch/cvs/netbsd/pkgsrc/net/tnftp/work/tnftp-20050610/src
$ ./ftp
ftp> status
Not connected.
No proxy connection.
Gate ftp: off, server (none), port ftpgate.
Passive mode: on; fallback to active mode: on.
Mode: ; Type: ; Form: ; Structure: .
Verbose: on; Bell: off; Prompting: on; Globbing: on.
Store unique: off; Receive unique: off.
Preserve modification times: on.
Case: off; CR stripping: on.
Ntrans: off.
Nmap: off.
Hash mark printing: off; Mark count: 1024; Progress bar: on.
Get transfer rate throttle: off; maximum: 0; increment 1024.
Put transfer rate throttle: off; maximum: 0; increment 1024.
Socket buffer sizes: send 32768, receive 32768.
Use of PORT cmds: on.
Use of EPSV/EPRT cmds for IPv4: on.
Command line editing: on.
Version: tnftp 20050610
$ socksify ./ftp ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-2.0.2/i386/binary/kernel/netbsd-GENERIC.gz
Trying 2001:4f8:4:7:2e0:81ff:fe21:6563...
ftp: connect to address 2001:4f8:4:7:2e0:81ff:fe21:6563: No route to host
Trying 204.152.190.13...
Connected to ftp.netbsd.org.
220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20040809) ready.
331 Guest login ok, type your name as password.
[..]
local: netbsd-GENERIC.gz remote: netbsd-GENERIC.gz
229 Entering Extended Passive Mode (|||49672|)
150 Opening BINARY mode data connection for 'netbsd-GENERIC.gz' (3526105 bytes).
100% |*************************************| 3443 KB 206.24 KB/s 00:00 ETA
226 Transfer complete.
$ pkg_info -Fe /usr/pkg/bin/socksify
dante-1.1.14nb1
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: pkg-manager->lukem
Responsible-Changed-By: lukem@netbsd.org
Responsible-Changed-When: Sun, 12 Jun 2005 00:55:42 +0000
Responsible-Changed-Why:
I'm looking at it
State-Changed-From-To: open->feedback
State-Changed-By: lukem@netbsd.org
State-Changed-When: Sun, 12 Jun 2005 00:55:42 +0000
State-Changed-Why:
After running configure, could you try undefining HAVE_POLL
in config.h and seeing if
a) it still builds (it should use select instead of poll)
b) that fixes the problem ?
On a hunch I looked at the SOCKS wrapping, and I noticed that it
doesn't wrap poll(), only select().
From: Jonathan Perkin <jonathan@perkin.org.uk>
To: lukem@netbsd.org
Cc: pkg-manager@netbsd.org, pkgsrc-bugs@netbsd.org,
gnats-admin@netbsd.org, jonathan@perkin.org.uk
Subject: Re: pkg/30488
Date: Mon, 13 Jun 2005 08:05:37 +0100
* On 2005-06-12 at 01:55 BST, lukem@netbsd.org wrote:
> After running configure, could you try undefining HAVE_POLL
> in config.h and seeing if
> a) it still builds (it should use select instead of poll)
> b) that fixes the problem ?
>
> On a hunch I looked at the SOCKS wrapping, and I noticed that it
> doesn't wrap poll(), only select().
It still builds, but fails to run with the same symptoms as before.
Thanks,
--
Jonathan Perkin The NetBSD Project
http://www.perkin.org.uk/ http://www.netbsd.org/
State-Changed-From-To: feedback->open
State-Changed-By: wiz@netbsd.org
State-Changed-When: Sat, 17 Sep 2005 19:42:36 +0000
State-Changed-Why:
Feedback provided, problem remains.
State-Changed-From-To: open->feedback
State-Changed-By: shattered@NetBSD.org
State-Changed-When: Sat, 12 Dec 2015 14:18:30 +0000
State-Changed-Why:
has this improved in the intervening 10 years?
State-Changed-From-To: feedback->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Thu, 23 Jun 2016 18:02:18 +0000
State-Changed-Why:
Submitter can't test; since it worked on NetBSD assume it was caused by
some combination of old Solaris and 3rd-party socks and is no longer
relevant. If anyone runs into a similar problem please file a new PR.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home