FTP: SIZE sent in two packets -> chokes on firewall




Networking: FTP
17 years ago
16 years ago


(Reporter: ktaylor, Assigned: dougt)




Firefox Tracking Flags

(Not tracked)


(Whiteboard: [Possible reason why given in comments])


(2 attachments)



17 years ago
I'm using the 2001052321 build of the IRIX browser and notice that ftp does not

If I connect to ftp.mozilla.org (for example), the client sits there with a
message at the bottom saying "Resolving host ftp.mozilla.org" and never returns
with the ftp results. This happens for all hosts, and has been that way in most
of the recent builds.

Comment 1

17 years ago
On Mac, I can ftp to ftp.mozilla.org with today's mozilla debug build.

Comment 2

17 years ago
maybe it's just specific to the IRIX build then.

Comment 3

17 years ago
I can confirm this problem. I also can't connect to any FTP if I am typing the
URL in my browser, however, FTP works just fine if I try to go to a bookmarked
site or click on a link that leads to an FTP site. I tried several addresses
like ftp.mozilla.org, ftp.sunet.se, ftp.funet.fi, ftp.saunalahti.fi and
ftp.bluesnews.com, NOT A SINGLE one of them did work. I am using Win2000, so this
is not an IRIX-only problem.

I was using May 24 build 2001052404 under Win2000 (SP2).

Comment 4

17 years ago
I cannot connect to FTP hosts outside our firewall.  I'm running Unix Milestone
0.9 (2001050521) under Debian GNU/Linux 2.2.  The tech support at our firewall's
manufacturer has indicated that Mozilla does not conform to the RFC's on passive
FTP transfers.  They have not specified how it fails to conform to them.

Comment 5

17 years ago
I now suspect that what the local firewall dislikes is the fact that Mozilla 
splits the SIZE command into two packets.  I have always_defragment turned on, 
so they're not fragments of a single packet.  On one system, my home directory 
is /home/u02/jpdalbec, and Mozilla sends: "SIZE /home/" and then 
"u02/jpdalbec\r\n" in separate packets.  This system is behind the firewall, so 
FTP works.

Comment 6

17 years ago
Marking NEW.
Ever confirmed: true
Summary: ftp part of browser does not work → ftp part of browser does not work with Firewall
Whiteboard: [Possible reason why given in comments]

Comment 7

17 years ago
moving milestone out.  
Summary: ftp part of browser does not work with Firewall → ftp part of browser does not work with some Firewalls
Target Milestone: --- → Future

Comment 8

17 years ago
I have this problem, too.  I'm running Linux 2.4.5-ac6 on a Pentium III
(450MHz), in X 4.0.2 (don't think that matters, though).  It looks like the
problem is indeed with the splitting of the "SIZE" command.  Mozilla sends the
"SIZE /" command in two segments, first: "SIZ" and then "E /".  Hosts inside our
intranet don't seem to mind, but when I communicate with hosts outside
(ftp.mozilla.org, ftp.cdrom.com, etc), Mozilla sends the first part ("SIZ") and
then hangs without sending the next part.

Comment 9

17 years ago
Argh, forgot to mention that I'm using Mozilla 0.9.2 (Build 200106823).  Plus, I
can post the actual packets in question if that would help.  Many apologies for
the dual-posting!

Comment 10

17 years ago
qa to me.
Packets and/or name of firewall vendor would be appreciated.
QA Contact: tever → benc
Summary: ftp part of browser does not work with some Firewalls → FTP: SIZE sent in two packets -> chokes on firewall

Comment 11

17 years ago
Created attachment 44394 [details]
FTP Packets to local machine (no firewall) - request goes through but "SIZE /" command is split - tcpdump capture file (little-endian), v2.4

Comment 12

17 years ago
Created attachment 44396 [details]
FTP Packets to remote machine (goes through a firewall) - blocks after receiving the "SIZ" packet - tcpdump capture file (little-endian), v2.4

Comment 13

17 years ago
I find this very hard to believe.  TCP ensures that the data from one application 
level to another is the same (checksum'ed, ect).  If you are seeing this, you 
probably have a bad impl. of a firewall and or tcp stack.  
Last Resolved: 17 years ago
Resolution: --- → INVALID

Comment 14

16 years ago

Out of laziness (or performance reasons), some of these stateful-firewalls might
actually treat packets as datagrams, so breaking a single FTP command across
packets confuses it.

Additional vendor information would be really useful here.

I'll look at the data some more at a later date and decide if we need to do more
research or documentation. 
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.