From: Amos Jeffries <squid3@treenet.co.nz>
Date: Wed, 19 Aug 2009 03:50:54 +0000 (+1200)
Subject: Bug 2718: FTP sends EPSV2 on ipv4 connection
X-Git-Tag: SQUID_3_2_0_1~780
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe2d668b4d2f233c6cdeb6fbe15aa45c7e5da05f;p=thirdparty%2Fsquid.git

Bug 2718: FTP sends EPSV2 on ipv4 connection

Switch EPSV attempts based on the FTP control/data Channel IP type.
Also adds better debugging trace of what is being performed.
---

diff --git a/src/ftp.cc b/src/ftp.cc
index ac52cce2d4..1f53b53393 100644
--- a/src/ftp.cc
+++ b/src/ftp.cc
@@ -2629,6 +2629,7 @@ ftpSendPassive(FtpStateData * ftpState)
     case SENT_EPSV_ALL: /* EPSV ALL resulted in a bad response. Try ther EPSV methods. */
         ftpState->flags.epsv_all_sent = true;
         if (addr.IsIPv6()) {
+            debugs(9, 5, HERE << "FTP Channel is IPv6 (" << addr << ") attempting EPSV 2 after EPSV ALL has failed.");
             snprintf(cbuf, 1024, "EPSV 2\r\n");
             ftpState->state = SENT_EPSV_2;
             break;
@@ -2637,6 +2638,7 @@ ftpSendPassive(FtpStateData * ftpState)
 
     case SENT_EPSV_2: /* EPSV IPv6 failed. Try EPSV IPv4 */
         if (addr.IsIPv4()) {
+            debugs(9, 5, HERE << "FTP Channel is IPv4 (" << addr << ") attempting EPSV 1 after EPSV ALL has failed.");
             snprintf(cbuf, 1024, "EPSV 1\r\n");
             ftpState->state = SENT_EPSV_1;
             break;
@@ -2649,27 +2651,35 @@ ftpSendPassive(FtpStateData * ftpState)
         // else fall through to skip EPSV 1
 
     case SENT_EPSV_1: /* EPSV options exhausted. Try PASV now. */
+        debugs(9, 5, HERE << "FTP Channel (" << addr << ") rejects EPSV connection attempts. Trying PASV instead.");
         snprintf(cbuf, 1024, "PASV\r\n");
         ftpState->state = SENT_PASV;
         break;
 
     default:
         if (!Config.Ftp.epsv) {
+            debugs(9, 5, HERE << "EPSV support manually disabled. Sending PASV for FTP Channel (" << addr <<")");
             snprintf(cbuf, 1024, "PASV\r\n");
             ftpState->state = SENT_PASV;
         } else if (Config.Ftp.epsv_all) {
+            debugs(9, 5, HERE << "EPSV ALL manually enabled. Attempting with FTP Channel (" << addr <<")");
             snprintf(cbuf, 1024, "EPSV ALL\r\n");
             ftpState->state = SENT_EPSV_ALL;
             /* block other non-EPSV connections being attempted */
             ftpState->flags.epsv_all_sent = true;
         } else {
 #if USE_IPV6
-            snprintf(cbuf, 1024, "EPSV 2\r\n");
-            ftpState->state = SENT_EPSV_2;
-#else
-            snprintf(cbuf, 1024, "EPSV 1\r\n");
-            ftpState->state = SENT_EPSV_1;
+            if (addr.IsIPv6()) {
+                debugs(9, 5, HERE << "FTP Channel (" << addr << "). Sending default EPSV 2");
+                snprintf(cbuf, 1024, "EPSV 2\r\n");
+                ftpState->state = SENT_EPSV_2;
+            }
 #endif
+            if (addr.IsIPv4()) {
+                debugs(9, 5, HERE << "Channel (" << addr <<"). Sending default EPSV 1");
+                snprintf(cbuf, 1024, "EPSV 1\r\n");
+                ftpState->state = SENT_EPSV_1;
+            }
         }
         break;
     }
@@ -2682,7 +2692,7 @@ ftpSendPassive(FtpStateData * ftpState)
                        COMM_NONBLOCKING,
                        ftpState->entry->url());
 
-    debugs(9, 3, HERE << "Unconnected data socket created on FD " << fd << " to " << addr);
+    debugs(9, 3, HERE << "Unconnected data socket created on FD " << fd << " from " << addr);
 
     if (fd < 0) {
         ftpFail(ftpState);