headers
Michael Russell | 1 May 2008 19:10
Picon
Favicon

[Proftpd-user] Slow ftp, please!

Hi,

Here's a perhaps unusual request, either for information or an enhancement:

We have a low-grade network at our office, where we conduct support activities for many Unix systems.
We occasionally have to ftp large files to/from here.
Standard (SCO unix) ftp client slaughters the network's performance.

Is there a way to have ftp behave 'nicely'?
On these occasions, a 40Mbyte file would take 20 minutes to transfer & reduce us to watching for successful keystrokes on our PCs, where we use Citrix to log in to a major client.

As the file could well be required 'some time today', it would be useful to be able to throttle back the network usage.

Can this presently be accomplished, or would it require a code change?

Thanks in advance,

Michael

Sent from Yahoo! Mail.
A Smarter Email.
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 2 comments |
headers
Thomas L. Shinnick | 1 May 2008 20:40
Picon

Re: [Proftpd-user] Slow ftp, please!

At 12:10 PM 5/1/2008, Michael Russell wrote:
Hi,

Here's a perhaps unusual request, either for information or an enhancement:

We have a low-grade network at our office, where we conduct support activities for many Unix systems.
We occasionally have to ftp large files to/from here.
Standard (SCO unix) ftp client slaughters the network's performance.

Is there a way to have ftp behave 'nicely'?
On these occasions, a 40Mbyte file would take 20 minutes to transfer & reduce us to watching for successful keystrokes on our PCs, where we use Citrix to log in to a major client.

As the file could well be required 'some time today', it would be useful to be able to throttle back the network usage.

Can this presently be accomplished, or would it require a code change?

I've not used either of these two ideas, but until wiser heads opine....

Have you experimented with the standard configuration directive?
    TransferRate [ cmds] [ kilobytes-per-sec[:free-bytes]] [ ["user"|"group"|"class" expression]]
See the configuration directives documentation for discussion.

And there's a contributed module, found from the "Contrib module news" link http://www.proftpd.org/module_news.html on the home page, to "FTP traffic shaping" http://www.castaglia.org/proftpd/modules/mod_shaper.html, which looks quite interesting, for instance the added directive:
    # Change the overall daemon rate to 100 KB/s
    ShaperAll rate 100

Some things to play with... :-)


Thanks in advance,

Michael
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 1 comment |
headers
JollyRoger | 3 May 2008 04:07
Picon
Favicon

Re: [Proftpd-user] Slow ftp, please!

On 5/1/08 1:40 PM, "Thomas L. Shinnick" <tshinnic <at> io.com> wrote:

> I've not used either of these two ideas, but until wiser heads opine....
> 
> Have you experimented with the standard configuration directive?
>     TransferRate [ cmds] [ kilobytes-per-sec[:free-bytes]] [
> ["user"|"group"|"class" expression]]
> See the configuration directives documentation for discussion.

I use the TransferRate directive, and it works great with both users and
groups here.

--

-- 
JR

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 0 comments |
headers
Lucio Aisemberg | 5 May 2008 14:07
Picon

[Proftpd-user] SSL error

Hi,

I've been looking for an answer about this log error from the server-side when 
trying to complete a passive transfer over ssl:

May 05 11:05:10 www proftpd[5307] 10.20.1.167 (...): Passive data transfer 
failed, possibly due to network issues
May 05 11:05:10 www proftpd[5307] 10.20.1.167 (...): Check your PassivePorts 
and MasqueradeAddress settings,
May 05 11:05:10 www proftpd[5307] 10.20.1.167 (...): and any router, NAT, and 
firewall rules in the network path.

Sometimes, also appeared this:
May 05 09:24:47 www proftpd[14000] 10.20.1.167 (....): mod_tls/2.1.1: 
unexpected OpenSSL error, disconnecting

>From the client-side, ssl connection is closed with this message:

50 Opening BINARY mode data connection for 0011200805050800.zip
===>START SSL connect on DATA
ftp: SSL_connect DATA error 0 - error:00000000:lib(0):func(0):reason(0)

Server is a 14-month-old compilation of version 1.3.0.
There is a symantec firewall in the middle, but it seems to be everything all 
right..

Thanks,

PD: should i recompile an updated version?
--

-- 
Lucio Aisemberg

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 501 comments |
headers
Matus UHLAR - fantomas | 5 May 2008 16:18
Picon
Favicon

[Proftpd-user] "invalid" character hangs listing of a directory

Hello,

we encountered a problem where users created file that contained "invalid"
(not ascii) character in its name which cuased proftpd hand and eat 100% of
CPU when trying to list the contents of a directory. 

I moved the file to directory and ensured it hangs. /bin/ls | od -c says
this:

0000000   _   o   b   j   e   d   n   a   v   k   a   _   i   n   t   e
0000020   r   _   x   m   l   s   e   n   d   .   b   a   k 362   a  \n
0000040

the "362" is octal number of the character which apparently causes the
problem.

Is this known problem, can we avoid this somehow?

--

-- 
Matus UHLAR - fantomas, uhlar <at> fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes. 

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 1 comment |
headers
TJ Saunders | 5 May 2008 18:37

Re: [Proftpd-user] "invalid" character hangs listing of a directory


> we encountered a problem where users created file that contained "invalid"
> (not ascii) character in its name which cuased proftpd hand and eat 100% of
> CPU when trying to list the contents of a directory.

Could you get a process trace, and any relevant debug logging/trace
logging of the proftpd process when this occurs?

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Mediocrity knows nothing higher than itself, but talent instantly recognizes
   genius.

     -Sir Arthur Conan Doyle

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 0 comments |
headers
TJ Saunders | 5 May 2008 18:36

Re: [Proftpd-user] SSL error


> I've been looking for an answer about this log error from the server-side when
> trying to complete a passive transfer over ssl:
>
> May 05 11:05:10 www proftpd[5307] 10.20.1.167 (...): Passive data transfer
> failed, possibly due to network issues
> May 05 11:05:10 www proftpd[5307] 10.20.1.167 (...): Check your PassivePorts
> and MasqueradeAddress settings,
> May 05 11:05:10 www proftpd[5307] 10.20.1.167 (...): and any router, NAT, and
> firewall rules in the network path.

The above message occurs when proftpd times out waiting for a data
transfer; the most usual culprits are firewall/NAT/router issues.  If you
see this message only sometimes, my guess is that it's a transient network
condition in your system.

> >From the client-side, ssl connection is closed with this message:
>
> 50 Opening BINARY mode data connection for 0011200805050800.zip
> ===>START SSL connect on DATA
> ftp: SSL_connect DATA error 0 - error:00000000:lib(0):func(0):reason(0)

Well, the above message from the client indicates that it uses OpenSSL,
but that it hasn't loaded the OpenSSL error strings, so that it cannot
provide any more useful information than "00000000".

> PD: should i recompile an updated version?

This doesn't look like a server issue to me; perhaps a problem with the
clients used, or a transient network issue.

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Everywhere one seeks to produce meaning, to make the world signify,
   to render it visible.  We are not, however, in danger of lacking meaning;
   quite the contrary, we are gorged with meaning and it is killing us.

   	-Jean Baudrillard

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 501 comments |
headers
abdelmounim1.baroudi | 5 May 2008 18:26

[Proftpd-user] Pb using TLSCARevocationFile or /and TLSCARevocationPath


Hello,

I'm trying to use FTPS using Proftpd but i'm still having some troubles with the use of CRL.

I have configured proftpd with server Certificate , i had declared my client CA and Declared too a CRL to deny acces for Revoked client.

The problem is , using CRL file , all of revoked client access to the ftp server .

Bellow all information about my configuration and the other information

proftpd.conf
-------------


        #############################################################
        # TLS configuration
        #############################################################
        <ifModule mod_tls.c>

                # Configure the server address presented to clients on the assumption that that IP address or DNS host
                # is acting as a NAT gateway or port forwarder for the server
#               MasqueradeAddress      10.10.200.10

                # PassivePorts restricts the range of ports from which the server will select when sent the PASV command from a
                # client. The port range selected must be in the non-privileged range (eg. greater than or equal to 1024); it is
                # STRONGLY RECOMMENDED that the chosen range be large enough to handle many simultaneous passive connections (for
                # example, 49152-65534, the IANA-registered ephemeral port range).
                PassivePorts 49160 49166

                # to enable TLS function
                TLSEngine on

                # to log TLS actions
                TLSLog /PROFTPD_home/logs/tls.log ALL

                # Are clients required to use FTP over TLS when talking to this server?
                TLSRequired on

                # Server's certificates
                TLSRSACertificateFile /PROFTPD_home/Certs/server/new-OBS-serverCert.pem
                TLSRSACertificateKeyFile /PROFTPD_home/Certs/server/new-OBS-serverKey.pem
                TLSOptions StdEnvVars
                # CA the server trusts
#               TLSCACertificateFile /PROFTPD_home/Certs/CA/CA-Cert.pem
                TLSCACertificatePath /PROFTPD_home/Certs/CA/
#               TLSCARevocationFile /PROFTPD_home/Certs/CRL/Ca-Crl.pem
                TLSCARevocationPath /PROFTPD_home/Certs/CRL/

                # Authenticate clients that want to use FTP over TLS?
                TLSVerifyClient on

                # The RootRevoke directive causes all root privileges to be dropped once a user is authenticated.
                # This will also cause active transfers to be disabled, if the server is listening on a port less than 1025.
                # Note that this only affects active transfers; passive transfers will not be blocked.
                RootRevoke on
                TLSVerifyDepth 9
        </ifModule>
        #############################################################
        # END TLS configuration
        #############################################################

</VirtualHost>


Trace after connection with a revoked Certificate, in the tls.log file i have this :
--------------------------------------------------------------------------------------


May 05 20:13:35 mod_tls/2.1.1[28874]: TLS/TLS-C requested, starting TLS handshake
May 05 20:13:36 mod_tls/2.1.1[28874]: TLSv1/SSLv3 connection accepted, using cipher DHE-RSA-AES256-SHA (256 bits)
May 05 20:13:36 mod_tls/2.1.1[28874]: Client: C = FR, ST = FRANCE, L = Cesson Sevigne, O = Orange Business Services, OU = ENG/ UNIX, CN = BAROUDI Abdelmounim, emailAddress = client02 <at> ornage.fr
May 05 20:13:36 mod_tls/2.1.1[28874]: Protection set to Private
May 05 20:13:36 mod_tls/2.1.1[28874]: starting TLS negotiation on data connection
May 05 20:13:36 mod_tls/2.1.1[28874]: TLSv1/SSLv3 data connection accepted, using cipher DHE-RSA-AES256-SHA (256 bits)




NB : I have tried all my certificates and CRL with apache server  and it's work well

the log from a httpd server is like this :


[Mon May 05 18:17:10 2008] [info] Certificate with serial 2 (0x2) revoked per CRL from issuer /C=FR/ST=FRANCE/O=Orange Business Services/OU=UNIX Engineering Team/CN=ENG Administrator/emailAddress=administrator <at> orange.fr
[Mon May 05 18:17:10 2008] [error] Certificate Verification: Error (23): certificate revoked
[Mon May 05 18:17:10 2008] [debug] ssl_engine_kernel.c(1787): OpenSSL: Write: SSLv3 read client certificate B
[Mon May 05 18:17:10 2008] [debug] ssl_engine_kernel.c(1806): OpenSSL: Exit: error in SSLv3 read client certificate B
[Mon May 05 18:17:10 2008] [debug] ssl_engine_kernel.c(1806): OpenSSL: Exit: error in SSLv3 read client certificate B
[Mon May 05 18:17:10 2008] [info] SSL library error 1 in handshake (server1:443, client 172.30.4.123)
[Mon May 05 18:17:10 2008] [info] SSL Library Error: 336105650 error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[Mon May 05 18:17:10 2008] [info] Connection to child 67 closed with abortive shutdown(server 1:443, client 172.30.4.123)


Thanks in advance for your reply
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 2 comments |
headers
TJ Saunders | 5 May 2008 19:36

[Proftpd-user] GCC 4.3.x and -Wno-long-double warnings


For anyone who encounters a gcc warning about "-Wno-long-double" while
using a recent gcc release, see:

  http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28322

The short version is that recent gcc versions will not complain about
unsupported command-line -Wno-* options until _later_, until after some
other warning/error.

Thus, if reporting an issue with compiling proftpd, be sure to include the
_entire_ output from gcc, not just the "-Wno-long-double" portion.

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   He who has never hoped can never despair.

   	-George Bernard Shaw

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 0 comments |
headers
Jorge Bastos | 6 May 2008 15:35
Picon

[Proftpd-user] ScoreBoard

Hi TJ,

I’ve been using the proftpd scoreboard to see the active connections, but sinse 1.3.2rc1 in the “sce_begin_session” field now I have the wrong data, now it show’s me always:

1970-01-01 01:00:00

 

Before it showed me the correct login data from the users.

 

Is this known?

 

Jorge

 

 

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 0 comments |

Gmane