Mailinglist Archive: proxy-suite (13 mails)
| < Previous | Next > |
SO_REUSEADDR bug in FTP-Proxy (from Rogier Wolff)
- From: Volker Wiegand <wiegand@xxxxxxx>
- Date: Sat, 11 Dec 1999 12:47:46 +0000 (UTC)
- Message-id: <Pine.LNX.4.10.9912111347580.741-100000@xxxxxxxxxxxxxxxxxxx>
Hi,
the following patch was posted from Rogier Wolff, but the Mailing List
Daemon refused to accept it. We are crrently fixing the posting problem,
and here is his posting.
Volker
---------- Forwarded message ----------
Date: Fri, 10 Dec 1999 14:09:30 +0100 (MET)
From: Rogier Wolff <R.E.Wolff@xxxxxxxxxxxx>
To: proxy-suite-owner@xxxxxxxx
Subject: failure notice (fwd)
Hi,
When the data port for connections to the server is specified as 41000
- 41999, there will always be a data connection between realserver:20
and proxyserver:41000, as the ftp-proxy always uses the lowest
possible port. Some ftp-servers don't seem to like this. They end up
refusing to build a dataconnection half of the time. (i.e. first
request works, second request doesn't, and so forth).
I observed this on an old Red Hat system, probably still running a 2.0
kernel (just checked: Yes, its 2.0.32). Now you know why this system
should really be behind the firewall.
Anyway, I've modified the ftp-proxy to start looking for a free port
at a random position in the range. This reduces the problem from
occurring 50% of the time to 0.05% of the time. (range is 1000
entries). This is acceptable, as the retry will simply work.
Roger.
diff -ur proxy-suite-1.7.orig/common/com-misc.c proxy-suite-1.7/common/com-misc.c
--- proxy-suite-1.7.orig/common/com-misc.c Fri Oct 22 11:29:01 1999
+++ proxy-suite-1.7/common/com-misc.c Fri Dec 10 12:47:11 1999
@@ -643,6 +643,17 @@
#endif
}
+int misc_rand (int lrng, int urng)
+{
+ struct timeval t;
+
+ if (lrng == urng) return lrng;
+
+ gettimeofday (&t, NULL);
+ srand (t.tv_usec);
+ return (lrng + (rand () % (urng - lrng + 1)));
+}
+
/* ------------------------------------------------------------
* $Log: com-misc.c,v $
diff -ur proxy-suite-1.7.orig/common/com-socket.c proxy-suite-1.7/common/com-socket.c
--- proxy-suite-1.7.orig/common/com-socket.c Fri Oct 22 11:29:01 1999
+++ proxy-suite-1.7/common/com-socket.c Fri Dec 10 12:49:21 1999
@@ -1163,6 +1163,7 @@
{
struct sockaddr_in saddr;
int sock;
+ int i;
u_int16_t port;
if (phls == NULL || ctyp == NULL) /* Sanity check */
@@ -1181,17 +1182,22 @@
saddr.sin_addr.s_addr = htonl(addr);
saddr.sin_family = AF_INET;
+
/*
** Bind the socket, taking care of a given port range.
** Note: this function covers also lrng = urng = 0 ...
+ **
+ ** Note: To prevent problems with reuseing portnos too quickly
+ ** we start at a random point inside the range.
*/
- for (port = lrng; port <= urng; port++) {
+ for (i=0,port = misc_rand (lrng, urng);i < (urng-lrng); i++,port++) {
saddr.sin_port = htons(port);
if (bind(sock, (struct sockaddr *) &saddr,
sizeof(saddr)) == 0)
break;
if (errno != EADDRINUSE)
- port = urng + 1;
+ i = urng-lrng + 1;
+ if (port >= urng) port = lrng;
}
if (port > urng) { /* nothing found? */
close(sock);
--
** R.E.Wolff@xxxxxxxxxxxx ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
"I didn't say it was your fault. I said I was going to blame it on you."
the following patch was posted from Rogier Wolff, but the Mailing List
Daemon refused to accept it. We are crrently fixing the posting problem,
and here is his posting.
Volker
---------- Forwarded message ----------
Date: Fri, 10 Dec 1999 14:09:30 +0100 (MET)
From: Rogier Wolff <R.E.Wolff@xxxxxxxxxxxx>
To: proxy-suite-owner@xxxxxxxx
Subject: failure notice (fwd)
Hi,
When the data port for connections to the server is specified as 41000
- 41999, there will always be a data connection between realserver:20
and proxyserver:41000, as the ftp-proxy always uses the lowest
possible port. Some ftp-servers don't seem to like this. They end up
refusing to build a dataconnection half of the time. (i.e. first
request works, second request doesn't, and so forth).
I observed this on an old Red Hat system, probably still running a 2.0
kernel (just checked: Yes, its 2.0.32). Now you know why this system
should really be behind the firewall.
Anyway, I've modified the ftp-proxy to start looking for a free port
at a random position in the range. This reduces the problem from
occurring 50% of the time to 0.05% of the time. (range is 1000
entries). This is acceptable, as the retry will simply work.
Roger.
diff -ur proxy-suite-1.7.orig/common/com-misc.c proxy-suite-1.7/common/com-misc.c
--- proxy-suite-1.7.orig/common/com-misc.c Fri Oct 22 11:29:01 1999
+++ proxy-suite-1.7/common/com-misc.c Fri Dec 10 12:47:11 1999
@@ -643,6 +643,17 @@
#endif
}
+int misc_rand (int lrng, int urng)
+{
+ struct timeval t;
+
+ if (lrng == urng) return lrng;
+
+ gettimeofday (&t, NULL);
+ srand (t.tv_usec);
+ return (lrng + (rand () % (urng - lrng + 1)));
+}
+
/* ------------------------------------------------------------
* $Log: com-misc.c,v $
diff -ur proxy-suite-1.7.orig/common/com-socket.c proxy-suite-1.7/common/com-socket.c
--- proxy-suite-1.7.orig/common/com-socket.c Fri Oct 22 11:29:01 1999
+++ proxy-suite-1.7/common/com-socket.c Fri Dec 10 12:49:21 1999
@@ -1163,6 +1163,7 @@
{
struct sockaddr_in saddr;
int sock;
+ int i;
u_int16_t port;
if (phls == NULL || ctyp == NULL) /* Sanity check */
@@ -1181,17 +1182,22 @@
saddr.sin_addr.s_addr = htonl(addr);
saddr.sin_family = AF_INET;
+
/*
** Bind the socket, taking care of a given port range.
** Note: this function covers also lrng = urng = 0 ...
+ **
+ ** Note: To prevent problems with reuseing portnos too quickly
+ ** we start at a random point inside the range.
*/
- for (port = lrng; port <= urng; port++) {
+ for (i=0,port = misc_rand (lrng, urng);i < (urng-lrng); i++,port++) {
saddr.sin_port = htons(port);
if (bind(sock, (struct sockaddr *) &saddr,
sizeof(saddr)) == 0)
break;
if (errno != EADDRINUSE)
- port = urng + 1;
+ i = urng-lrng + 1;
+ if (port >= urng) port = lrng;
}
if (port > urng) { /* nothing found? */
close(sock);
--
** R.E.Wolff@xxxxxxxxxxxx ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
"I didn't say it was your fault. I said I was going to blame it on you."
| < Previous | Next > |