Page 1 of 1
TC2.60 Android FTP plugin fails IPv6 PASV login.
Posted: 2015-06-29, 00:53 UTC
by heady
Apologies - I'm new to the forum and could not find out where to post issues relating to TC for Android plugins - so have posted here. Please correct me if I'm wrong.
When phone is connected by IPv4 FTP plugin setting PASV=yes login/transfer/quit work correctly.
When phone is connected by IPv6 FTP plugin setting PASV=yes login fails when server terminates early (by what looks like the incorrect use of PASV instead of EPSV for IPv6)
Possible temporary short term solution - force FTP plugin to always use IPv4.
Code: Select all
220 ProFTPD 1.3.4a Server ready.
USER ***
331 Password required for ***
PASS ********
230-Welcome user ***@2001:****:****:****:****:****:****:**** to 127.0.1.1 FTP server.
230-The local time is: Mon Jun 29 00:26:22 2015
230 User *** logged in
OPTS UTF8 ON
200 UTF8 set to on
SYST
215 UNIX Type: L8
CWD /
250 CWD command successful
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (206,193,146).
QUIT
221 Goodbye.
Posted: 2015-06-29, 00:59 UTC
by heady
Also seems if exactly same issue occurs for active FTP connections.
When phone is connected by IPv4 FTP plugin setting PASV=no login/transfer/quit work correctly.
When phone is connected by IPv6 FTP plugin setting PASV=no login fails when server terminates early (by what looks like the incorrect use of PORT instead of EPRT for IPv6)
Possible temporary short term solution - force FTP plugin to always use IPv4.
Code: Select all
220 ProFTPD 1.3.4a Server ready.
USER ***
331 Password required for ***
PASS ********
230-Welcome user ***@2001:****:****:****:****:****:****:**** to 127.0.1.1 FTP server.
230-The local time is: Mon Jun 29 00:23:29 2015
230 User *** logged in
OPTS UTF8 ON
200 UTF8 set to on
SYST
215 UNIX Type: L8
CWD /
250 CWD command successful
TYPE A
200 Type set to A
PORT 32,1,8,176,147,252
500 Illegal PORT command
QUIT
221 Goodbye.
Posted: 2015-06-29, 13:28 UTC
by ghisler(Author)
Passive mode: The server does not send a valid response to PASV command. It probably gets the ipv6 address and fails to format it properly.
Active (PORT) mode: TC prefers ipv4 when both ipv4 and ipv6 are present. TC does send the ipv4 address, 32.1.8.176, but the SERVER claims that the address is invalid.
Posted: 2015-06-29, 21:34 UTC
by heady
ghisler(Author) wrote:Passive mode: The server does not send a valid response to PASV command. It probably gets the ipv6 address and fails to format it properly.
I'll look into this a little more.
Active (PORT) mode: TC prefers ipv4 when both ipv4 and ipv6 are present. TC does send the ipv4 address, 32.1.8.176, but the SERVER claims that the address is invalid.
It does seem that in this case TC is not preferring ipv4 but sticking with ipv6.
The value 32.1.8.176 is nowhere near the source IP address for either ipv6 or ipv4.
If IPv4 it should start with 81.x.x.206
If IPv6 is should look like 2001
x
x
x:206
All I can do is compare and contrast against other clients.
AndFTP Android (same device) (Active)
Code: Select all
220 ProFTPD 1.3.4a Server ready.
USER ***
331 Password required for ***
PASS ********
230-Welcome user ***@2001:****:****:****:****:****:****:**** to 127.0.1.1 FTP server.
230-The local time is: Mon Jun 29 21:07:37 2015
230 User *** logged in
FEAT
211-Features:
MDTM
MFMT
TVFS
AUTH TLS
UTF8
MFF modify;UNIX.group;UNIX.mode;
MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
PBSZ
PROT
SITE MKDIR
SITE RMDIR
SITE UTIME
LANG en-US.UTF-8;en-US
SITE SYMLINK
REST STREAM
SITE COPY
SIZE
211 End
PWD
257 "/" is the current directory
NOOP
200 NOOP command successful
CWD /
250 CWD command successful
FEAT
211-Features:
MDTM
MFMT
TVFS
AUTH TLS
UTF8
MFF modify;UNIX.group;UNIX.mode;
MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
PBSZ
PROT
SITE MKDIR
SITE RMDIR
SITE UTIME
LANG en-US.UTF-8;en-US
SITE SYMLINK
REST STREAM
SITE COPY
SIZE
211 End
EPRT |2|2001:****:****:****:****:****:****:****|38462|
200 EPRT command successful
MLSD
150 Opening ASCII mode data connection for MLSD
226 Transfer complete
AndFTP Android (same device) (Passive)
Code: Select all
220 ProFTPD 1.3.4a Server ready.
USER ***
331 Password required for ***
PASS ********
230-Welcome user ***@2001:****:****:****:****:****:****:**** to 127.0.1.1 FTP server.
230-The local time is: Mon Jun 29 21:06:20 2015
230 User *** logged in
FEAT
211-Features:
MDTM
MFMT
TVFS
AUTH TLS
UTF8
MFF modify;UNIX.group;UNIX.mode;
MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
PBSZ
PROT
SITE MKDIR
SITE RMDIR
SITE UTIME
LANG en-US.UTF-8;en-US
SITE SYMLINK
REST STREAM
SITE COPY
SIZE
211 End
PWD
257 "/" is the current directory
NOOP
200 NOOP command successful
CWD /
250 CWD command successful
FEAT
211-Features:
MDTM
MFMT
TVFS
AUTH TLS
UTF8
MFF modify;UNIX.group;UNIX.mode;
MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
PBSZ
PROT
SITE MKDIR
SITE RMDIR
SITE UTIME
LANG en-US.UTF-8;en-US
SITE SYMLINK
REST STREAM
SITE COPY
SIZE
211 End
EPSV
229 Entering Extended Passive Mode (|||49173|)
MLSD
150 Opening ASCII mode data connection for MLSD
226 Transfer complete
Thanks for your time.
Posted: 2015-07-02, 08:38 UTC
by ghisler(Author)
Strange, I will check it in a debugger.
Posted: 2015-07-06, 00:59 UTC
by heady
ghisler(Author) wrote:Strange, I will check it in a debugger.
Thanks - much appreciated.
Posted: 2015-07-06, 08:08 UTC
by ghisler(Author)
OK, I have checked it now. The plugin didn't support ipv6 yet. It called InetAddress.getByName for name resolution, which could sometimes return also ipv6 addresses even if there was an ipv4 address too.
I have now added full ipv6 support to the plugin. Unfortunately I could only test it in the local area network, so I don't know whether it will work over the Internet too. Can you please test it?
There are actually 2 variations of the plugin:
1. The first will just use the first returned IP address, which may be ipv4 or ipv6. Please try this first:
https://plugins.ghisler.com/beta/tcandroidftp207b3a.apk
2. The second will request all addresses of a server, and prefer ipv4 if both ipv4 and ipv6 are available:
https://plugins.ghisler.com/beta/tcandroidftp207b3b.apk
Both EPSV and EPRT are supported, but port mode will often not work due to firewalls in the route. Please let me know how they work.
Posted: 2015-07-06, 22:47 UTC
by heady
ghisler(Author) wrote:OK, I have checked it now. The plugin didn't support ipv6 yet.
...
I have now added full ipv6 support to the plugin. Unfortunately I could only test it in the local area network, so I don't know whether it will work over the Internet too. Can you please test it?
...
Both EPSV and EPRT are supported, but port mode will often not work due to firewalls in the route. Please let me know how they work.
Thanks - much appreciated - it'll take a few days to reply with the results.
Posted: 2015-07-08, 23:54 UTC
by heady
Thanks - I have tested plugin 1 for both EPSV and EPRT. Was able to login successfully via IPv6 and the associated logs and traces are below.
Thank you for your work. I will test plugin 2 in the next few days.
EPSV
Code: Select all
Jul 8 09:14:52 xray proftpd: pam_unix(proftpd:session): session closed for user ***
Jul 8 09:14:52 xray proftpd[2079]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - FTP session closed.
Jul 8 09:14:52 xray proftpd: pam_unix(proftpd:session): session closed for user ***
Jul 8 09:14:52 xray proftpd[2462]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - FTP session closed.
Jul 8 09:22:09 xray proftpd[3151]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - FTP session opened.
Jul 8 09:22:09 xray proftpd[3151]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - mod_wrap/1.2.4: using access files: /etc/hosts.allow, /etc/hosts.deny
Jul 8 09:22:09 xray proftpd[3151]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - mod_wrap/1.2.4: allowed connection from 2001:****:****:****:****:****:****:****
Jul 8 09:22:09 xray proftpd: pam_unix(proftpd:session): session opened for user *** by (uid=0)
Jul 8 09:22:09 xray proftpd[3151]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - Preparing to chroot to directory '/srv/ftp'
Jul 8 09:22:09 xray proftpd[3151]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - USER ***: Login successful.
Jul 8 09:23:32 xray proftpd: pam_unix(proftpd:session): session closed for user ***
Jul 8 09:23:32 xray proftpd[3151]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - FTP session closed.
Code: Select all
220 ProFTPD 1.3.4a Server ready.
USER ***
331 Password required for ***
PASS ********
230-Welcome user ***@2001:****:****:****:****:****:****:**** to 127.0.1.1 FTP server.
230-The local time is: Wed Jul 08 08:22:09 2015
230 User *** logged in
OPTS UTF8 ON
200 UTF8 set to on
SYST
215 UNIX Type: L8
CWD /
250 CWD command successful
TYPE A
200 Type set to A
EPSV
229 Entering Extended Passive Mode (|||50140|)
LIST
150 Opening ASCII mode data connection for file list
226 Transfer complete
CWD /ftp/
250 CWD command successful
EPSV
229 Entering Extended Passive Mode (|||49872|)
LIST
150 Opening ASCII mode data connection for file list
226 Transfer complete
CWD /ftp/***/
250 CWD command successful
EPSV
229 Entering Extended Passive Mode (|||49280|)
LIST
150 Opening ASCII mode data connection for file list
226 Transfer complete
EPRT
Code: Select all
Jul 8 09:24:38 xray proftpd[3265]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - FTP session opened.
Jul 8 09:24:38 xray proftpd[3265]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - mod_wrap/1.2.4: using access files: /etc/hosts.allow, /etc/hosts.deny
Jul 8 09:24:38 xray proftpd[3265]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - mod_wrap/1.2.4: allowed connection from 2001:****:****:****:****:****:****:****
Jul 8 09:24:38 xray proftpd: pam_unix(proftpd:session): session opened for user *** by (uid=0)
Jul 8 09:24:38 xray proftpd[3265]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - Preparing to chroot to directory '/srv/ftp'
Jul 8 09:24:38 xray proftpd[3265]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - USER ***: Login successful.
Jul 8 09:34:43 xray proftpd[3265]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - FTP no transfer timeout, disconnected
Jul 8 09:34:43 xray proftpd: pam_unix(proftpd:session): session closed for user ***
Jul 8 09:34:43 xray proftpd[3265]: 127.0.1.1 (2001:****:****:****:****:****:****:****[2001:****:****:****:****:****:****:****]) - FTP session closed.
Code: Select all
220 ProFTPD 1.3.4a Server ready.
USER ***
331 Password required for ***
PASS ********
230-Welcome user ***@2001:****:****:****:****:****:****:**** to 127.0.1.1 FTP server.
230-The local time is: Wed Jul 08 08:24:38 2015
230 User *** logged in
OPTS UTF8 ON
200 UTF8 set to on
SYST
215 UNIX Type: L8
CWD /
250 CWD command successful
TYPE A
200 Type set to A
EPRT |2|2001:****:****:****:****:****:****:****|41847|
200 EPRT command successful
LIST
150 Opening ASCII mode data connection for file list
226 Transfer complete
CWD /ftp/
250 CWD command successful
EPRT |2|2001:****:****:****:****:****:****:****|55842|
200 EPRT command successful
LIST
150 Opening ASCII mode data connection for file list
226 Transfer complete
CWD /ftp/****/
250 CWD command successful
EPRT |2|2001:****:****:****:****:****:****:****|40879|
200 EPRT command successful
LIST
150 Opening ASCII mode data connection for file list
226 Transfer complete
Posted: 2015-07-09, 10:02 UTC
by ghisler(Author)
Nice to see that it works, thanks for the logs!
All the second plugin does is prefer ipv4 over ipv6 if the name resolution reports both.
x