Use more portable 227 (PASV) response format.

RFC1123 says that "The format of the 227 reply to a PASV command is not well
standardized". Evidently, we should not use "227 =a,b,c,d,p1,p2" or
"227 Entering Passive Mode. A1,A2,A3,A4,a1,a2" formats. Some nf_ct_ftp
versions block responses that use those alternative syntax rules!

diff --git a/src/client_side.cc b/src/client_side.cc
index 30d84f205d6384985d542e4b1e6482f153173a1e..9063f80b69089981cdd0c1245a8552c846925588 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -5208,7 +5208,12 @@ FtpHandlePasvReply(ClientSocketContext *context, const HttpReply *reply, StoreIO
     // local port number and hope that traffic will be redirected to us.
     MemBuf mb;
     mb.init();
-    mb.Printf("227 =%s,%i,%i\r\n", addr, static_cast<int>(port >> 8),
+
+    // Do not use "227 =a,b,c,d,p1,p2" format or omit parens: some nf_ct_ftp
+    // versions block responses that use those alternative syntax rules!
+    mb.Printf("227 Entering Passive Mode (%s,%i,%i).\n",
+              addr,
+              static_cast<int>(port / 256),
               static_cast<int>(port % 256));
 
     debugs(11, 3, Raw("writing", mb.buf, mb.size));