Project

General

Profile

Actions

Bug #331

open

ftpsesame (aka Bridging S01E03)

Added by bastyaelvtars about 15 years ago. Updated over 8 years ago.

Status:
In Progress
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

ftpsesame cannot allow ftp active filetransfers. Built it with debug
(from wip/ftpsesame) and running:
---------------------------------------------------------------------------
  1. gdb ftpsesame
    ..
    (gdb) set args -d -D7 -isk1
    (gdb) b filter_allow
    Breakpoint 1 at 0x80493c0: file filter.c, line 104.
    (gdb) run
    Starting program:
    /usr/obj/pkgsrc/wip/ftpsesame/work/ftpsesame-0.95/ftpsesame -d -D7 -isk1
    listening on sk1, filter 'tcp and port 21', snaplen 500
    #1 session init: client 160.114.118.95:1875, server 193.6.210.44:21
    #1 client: USER anonymous
    #1 server: 331 Please specify the password.
    #1 client: PASS -wget@
    #1 server: 230 Login successful.
    #1 client: SYST
    #1 server: 215 UNIX Type: L8
    #1 client: PWD
    #1 server: 257 "/"
    #1 client: TYPE I
    #1 server: 200 Switching to Binary mode.
    #1 client: CWD /pub/mirrors/knoppix
    #1 server: 250-Check KNOPPIX-CHANGELOG.txt for the recent changes in
    KNOPPIX.
    #1 client: PORT 160,114,118,95,7,84
    #1 server: 200 PORT command successful. Consider using PASV.
    #1 active: PORT 160,114,118,95,7,84
    #1 allowing 193.6.210.44 to 160.114.118.95 port 1876

Breakpoint 1, filter_allow (id=1, src=0x281619e8, src2=0x281270ab,
dst=0xbfbff268, d_port=1860) at filter.c:104
104 {
(gdb) n
109 snprintf(an, PF_ANCHOR_NAME_SIZE, "%s/%d.%d",
FTPSESAME_ANCHOR,
(gdb) n
111 strlcpy(pfp.anchor, an, PF_ANCHOR_NAME_SIZE);
(gdb) n
112 strlcpy(pfr.anchor, an, PF_ANCHOR_NAME_SIZE);
(gdb) n
113 strlcpy(pfte.anchor, an, PF_ANCHOR_NAME_SIZE);
(gdb) n
115 if (ioctl(dev, DIOCXBEGIN, &pft) 1)
(gdb) n
116 return (0);
(gdb) n
115 if (ioctl(dev, DIOCXBEGIN, &pft) -1)
(gdb) n
141 }
(gdb) n
servertalk (s=0x28169000, sbuf=0x281619e8 "200 PORT command successful.
Consider using PASV.") at errno.h:52
52 return (&errno);
(gdb) n
51 {
(gdb) n
#1 filter_allow failed: Invalid argument
201 }
(gdb) n
process_pkt (notused=0x0, h=0xa, p=0x281619c8 "") at ftpsesame.c:438
438 s
>clientbuf0 = '\0';
(gdb) n
439 }
(gdb) n
0x2808bf73 in pcap_lookupnet () from /usr/lib/libpcap.so.3
(gdb) n
Single stepping until exit from function pcap_lookupnet,
which has no line number information.
#3 client: RETR KNOPPIX_V4.0.2CD-2005-09-23-DE.iso
0x2808ce00 in pcap_dispatch () from /usr/lib/libpcap.so.3
---------------------------------------------------------------------------

On the client machine (also DragonFly :-D):
---------------------------------------------------------------------------
> wget --no-passive-ftp
ftp://xenia.sote.hu/pub/mirrors/knoppix/KNOPPIX_V4.0.2CD-2005-09-23-DE.iso
--23:39:17--
ftp://xenia.sote.hu/pub/mirrors/knoppix/KNOPPIX_V4.0.2CD-2005-09-23-DE.iso
=> `KNOPPIX_V4.0.2CD-2005-09-23-DE.iso'
Resolving xenia.sote.hu... 193.6.210.44
Connecting to xenia.sote.hu|193.6.210.44|:21... connected.
Logging in as anonymous ... Logged in!
> SYST ... done. > PWD ... done.
> TYPE I ... done. > CWD /pub/mirrors/knoppix ... done.
> PORT ... done. > RETR KNOPPIX_V4.0.2CD-2005-09-23-DE.iso ...
Error in server response, closing control connection.
Retrying.

--23:40:18--
ftp://xenia.sote.hu/pub/mirrors/knoppix/KNOPPIX_V4.0.2CD-2005-09-23-DE.iso
(try: 2) => `KNOPPIX_V4.0.2CD-2005-09-23-DE.iso'
Connecting to xenia.sote.hu|193.6.210.44|:21... connected.
Logging in as anonymous ... Logged in!
> SYST ... done. > PWD ... done.
> TYPE I ... done. > CWD /pub/mirrors/knoppix ... done.
> PORT ... done. > RETR KNOPPIX_V4.0.2CD-2005-09-23-DE.iso ...
---------------------------------------------------------------------------

We tried to debug with Joerg off-list (cause the list was offline) but
it somehow got suspended. I know I am getting on the list members'
nerves, but this is the very last thing I need to complete my mission
(kinda funny thing: everything that I need does not work :-P).

Actions #1

Updated by bastyaelvtars about 15 years ago

I managed to allow active ftp without ftpsesame, although I'm looking
forward to seeing it fixed. I have documented the workaround here:

http://wiki.dragonflybsd.org/index.cgi/HowtoFilteringBridge?

Actions #2

Updated by tuxillo over 8 years ago

  • Description updated (diff)
  • Status changed from New to In Progress
  • Assignee deleted (0)

Hi,

Document has been moved to: http://www.dragonflybsd.org/docs/howtos/HowToFilteringBridge/
From I could test, ftpsesame doesn't work yet on DragonFly although it is highly possible I'm not following your steps correctly.

Cheers,
Antonio Huete

Actions

Also available in: Atom PDF