You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Allen Firstenberg (JIRA)" <ji...@apache.org> on 2011/06/16 20:44:47 UTC
[jira] [Created] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
When picking a passive port, use "random port" from the pool instead of "lowest port"
-------------------------------------------------------------------------------------
Key: FTPSERVER-420
URL: https://issues.apache.org/jira/browse/FTPSERVER-420
Project: FtpServer
Issue Type: Improvement
Components: Core
Reporter: Allen Firstenberg
As discussed on the mailing list <http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html>, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
Posted by "Allen Firstenberg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Allen Firstenberg updated FTPSERVER-420:
----------------------------------------
Attachment: PassivePortsTest.class
Whoops. Thanks for that reminder. Now attached.
> When picking a passive port, use "random port" from the pool instead of "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff, PassivePorts.java, PassivePorts.java.diff
>
>
> As discussed on the mailing list <http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html>, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
> Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
Posted by "Allen Firstenberg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Allen Firstenberg updated FTPSERVER-420:
----------------------------------------
Attachment: DataConnectionConfigurationFactory.java.diff
PassivePorts.java.diff
Attached two files that change PassivePorts.java to use a random port, roughly using the algorithm proposed in the email discussion. Minor change to DataConnectionConfigurationFactory to create its default instance of PassivePorts.
> When picking a passive port, use "random port" from the pool instead of "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff, PassivePorts.java.diff
>
>
> As discussed on the mailing list <http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html>, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
> Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
Posted by "Allen Firstenberg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Allen Firstenberg updated FTPSERVER-420:
----------------------------------------
Attachment: (was: PassivePortsTest.class)
> When picking a passive port, use "random port" from the pool instead of "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff, PassivePorts.java, PassivePorts.java.diff
>
>
> As discussed on the mailing list <http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html>, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
> Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
Posted by "Allen Firstenberg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Allen Firstenberg updated FTPSERVER-420:
----------------------------------------
Comment: was deleted
(was: Whoops. Thanks for that reminder. Now attached. )
> When picking a passive port, use "random port" from the pool instead of "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff, PassivePorts.java, PassivePorts.java.diff
>
>
> As discussed on the mailing list <http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html>, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
> Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13051323#comment-13051323 ]
Niklas Gustavsson commented on FTPSERVER-420:
---------------------------------------------
I've reviewed the patch and think it's very good. Still making some very minor changes before I will commit it.
> When picking a passive port, use "random port" from the pool instead of "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff, PassivePorts.java, PassivePorts.java.diff, PassivePortsTest.java
>
>
> As discussed on the mailing list < http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html >, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
> Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
Posted by "Allen Firstenberg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Allen Firstenberg updated FTPSERVER-420:
----------------------------------------
Attachment: PassivePorts.java
And in case it is easier for someone to review the code without the diff, here is the complete modified PassivePorts.java
> When picking a passive port, use "random port" from the pool instead of "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff, PassivePorts.java, PassivePorts.java.diff
>
>
> As discussed on the mailing list <http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html>, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
> Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
Posted by "Allen Firstenberg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Allen Firstenberg updated FTPSERVER-420:
----------------------------------------
Attachment: PassivePortsTest.java
Whoops, knew I forgot something. (And then attached the wrong file.) This should be the correct one, however.
> When picking a passive port, use "random port" from the pool instead of "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff, PassivePorts.java, PassivePorts.java.diff, PassivePortsTest.java
>
>
> As discussed on the mailing list <http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html>, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
> Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
Posted by "Allen Firstenberg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Allen Firstenberg updated FTPSERVER-420:
----------------------------------------
Description:
As discussed on the mailing list < http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html >, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
was:
As discussed on the mailing list <http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html>, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
> When picking a passive port, use "random port" from the pool instead of "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff, PassivePorts.java, PassivePorts.java.diff, PassivePortsTest.java
>
>
> As discussed on the mailing list < http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html >, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
> Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
Posted by "Allen Firstenberg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13050673#comment-13050673 ]
Allen Firstenberg commented on FTPSERVER-420:
---------------------------------------------
Line 214:
} else if( checkPortUnbound(ret.intValue()) ){
> When picking a passive port, use "random port" from the pool instead of "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff, PassivePorts.java, PassivePorts.java.diff
>
>
> As discussed on the mailing list <http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html>, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
> Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13050689#comment-13050689 ]
Niklas Gustavsson commented on FTPSERVER-420:
---------------------------------------------
Sorry, completely missed it. Could you also update the test case as that's now broken since the random assignments?
> When picking a passive port, use "random port" from the pool instead of "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff, PassivePorts.java, PassivePorts.java.diff
>
>
> As discussed on the mailing list <http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html>, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
> Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13050663#comment-13050663 ]
Niklas Gustavsson commented on FTPSERVER-420:
---------------------------------------------
>From an initial review, it looks good. However, I'm missing the check if the port is currently in use. This is required as ports can be used by other processes.
> When picking a passive port, use "random port" from the pool instead of "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Attachments: DataConnectionConfigurationFactory.java.diff, PassivePorts.java, PassivePorts.java.diff
>
>
> As discussed on the mailing list <http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html>, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
> Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (FTPSERVER-420) When picking a passive port, use
"random port" from the pool instead of "lowest port"
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Niklas Gustavsson closed FTPSERVER-420.
---------------------------------------
Resolution: Fixed
Fix Version/s: 1.1.0
1.0.6
Assignee: Niklas Gustavsson
Fixed in rev 1137251 and 1137252. Thanks for your work on this Allen!
> When picking a passive port, use "random port" from the pool instead of "lowest port"
> -------------------------------------------------------------------------------------
>
> Key: FTPSERVER-420
> URL: https://issues.apache.org/jira/browse/FTPSERVER-420
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Allen Firstenberg
> Assignee: Niklas Gustavsson
> Fix For: 1.0.6, 1.1.0
>
> Attachments: DataConnectionConfigurationFactory.java.diff, PassivePorts.java, PassivePorts.java.diff, PassivePortsTest.java
>
>
> As discussed on the mailing list < http://www.mail-archive.com/ftpserver-users@mina.apache.org/msg01635.html >, passive ports are allocated from the pool based on the lowest available port from the list. This may cause problems with some firewalls or clients that may not release the port as quickly as the server expects. It is also a minor security risk to provide an easily guessable port for passive connections.
> Discussion on the list centered around other options to allocate ports, focusing on a random port assignment from the available pool.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira