Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Reply
 
Thread Tools Rating: Thread Rating: 2 votes, 3.00 average. Display Modes
Old 09-16-2010, 11:10 PM   #151
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

opcode: Man, microsoft is so annoying... I use the Unix like telnet from cygwin, and well that works like it's supposed to! It seems the telnet client I suggested you enable is completely broken somehow. My guess is it's sending multi-char characters or something stupid like that because I get the same behavior you do which makes no sense at all... Perhaps you can try to find a free windows based telnet client (though you'll want to actually use it in raw mode as the FTP isn't a telnet server and thus won't respond correctly to custom telnet stuff).

BoNeZz: If you are comparing the crypto speeds of 5.8.5 vs 7.5.9 there are two huge differences. 5.8.5 up to 7.3.3 used the MS encryption library and were limited to 128bit algorithms. 7.4+ uses OpenSSL and has support for 256bit ciphers and a whole range of new algorithms. I don't think one is much faster than the other at AES128 but there is no guarantee you are trying to use that when comparing the speeds for both versions... What kind of machine are you using this on?

OpenSSL doesn't care about any installed certificates on the machine, just the files in the /system directory it creates so any old certs installed in the registry by the MS encryption stuff don't matter.
Yil is offline   Reply With Quote
Old 09-17-2010, 07:25 AM   #152
opcode
Junior Member
 
Join Date: Aug 2009
Posts: 21
Default

Thanks for the info about having to use RAW mode. Worked like a charm with PuTTY - i actually tried before but in Telnet mode instead of RAW. Anyway, if i send some bogus IDNT command, the popup of your script comes up.
So ioFTPD is indeed not receiving the IDNT properly. Which is weird, because it works well on glftpd.
Also fun fact, i only had BNC_HOST_1 = 127.0.0.1 in the config, but sent the IDNT from another box (not even on the same network) but still the args.exe window popped up. Shouldn't it ignore the IDNT alltogether? I guess its because it's added as a pre-script and ioFTPD doesn't evaluate the BNC_HOST rule before actually starting to process the command (when the script has already been triggered).

Edit: Maybe looking at the yatb source helps? It seems the idnt stuff is in controlthread.cc, you can find the source here: http://www.glhelp.org/forum/download...do=file&id=560
opcode is offline   Reply With Quote
Old 09-17-2010, 12:26 PM   #153
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

PRE events on FTP commands like LIST, RMD, etc are always executed first. This allows you to reject access to the command (which everyone has by default) via a script which is useful for things like RMD when you want to deny deleting dirs, etc. SITE PRE events are slightly different because they are only executed if the user has access to the command although it can still choose to reject access if it wants.

I took a quick look at the code, seems like it includes a fair amount of debugging information if you enable debug mode. That should shed some light on what's going on. It clearly logs what IDNT commands it is sending.
Yil is offline   Reply With Quote
Old 09-17-2010, 01:03 PM   #154
opcode
Junior Member
 
Join Date: Aug 2009
Posts: 21
Default

Here you go

Code:
box:/home/opcode/yatb-rev233/bin# ./yatb-static -u yatb.conf
[IPLIST - 28612,Fri Sep 17 21:54:59 2010] readlist start
[IPLIST - 28612,Fri Sep 17 21:54:59 2010] adding ips to list
[IPLIST - 28612,Fri Sep 17 21:54:59 2010] found 1 ip(s)
[IPLIST - 28612,Fri Sep 17 21:54:59 2010] readlist end
[IPLIST - 28612,Fri Sep 17 21:54:59 2010] readlist start
[IPLIST - 28612,Fri Sep 17 21:54:59 2010] adding ips to list
[IPLIST - 28612,Fri Sep 17 21:54:59 2010] found 1 ip(s)
[IPLIST - 28612,Fri Sep 17 21:54:59 2010] readlist end
[-SYSTEM- - 28612,Fri Sep 17 21:54:59 2010] RAND_status ok
[-SYSTEM- - 28612,Fri Sep 17 21:54:59 2010] try to load cert file
[-SYSTEM- - 28612,Fri Sep 17 21:54:59 2010] try to load private key
[-SYSTEM- - 28612,Fri Sep 17 21:54:59 2010] try to load dh params
[-SYSTEM- - 28612,Fri Sep 17 21:54:59 2010] try to check private key
[-GETIP- - 28612,Fri Sep 17 21:54:59 2010] try to get ip for: ip.of.bnc.shell.here
[-GETIP- - 28612,Fri Sep 17 21:54:59 2010] try to get ip for: www.glftpd.com
[-GETIP- - 28612,Fri Sep 17 21:54:59 2010] resolved ip: xxx.xxx.xxx.xxx
[ACCEPT - 28612,Fri Sep 17 17:54:59 2010] [Accept] start
[-SYSTEM- - 28613,Fri Sep 17 17:54:59 2010] new day - reset limit
[-SYSTEM- - 28613,Fri Sep 17 17:54:59 2010] new month - reset limit
[ACCEPT - 28612,Fri Sep 17 17:55:03 2010] [Accept] end(1)
[-SYSTEM- - 28612,Fri Sep 17 17:55:03 2010] using no traffic limit
[SOCKOPT - 28612,Fri Sep 17 17:55:03 2010] ----- options for listen_sock  -----------
[SOCKOPT - 28612,Fri Sep 17 17:55:03 2010] socket is not set to keepalive
[SOCKOPT - 28612,Fri Sep 17 17:55:03 2010] socket is not set to linger
[SOCKOPT - 28612,Fri Sep 17 17:55:03 2010] socket is set to reuse adr
[SOCKOPT - 28612,Fri Sep 17 17:55:03 2010] sock set to blocking
[-SYSTEM- - 28612,Fri Sep 17 17:55:03 2010] [main] list create start
[IPLIST - 28612,Fri Sep 17 17:55:03 2010] get ip start
[IPLIST - 28612,Fri Sep 17 17:55:03 2010] 0,host.of.ioftpd.box,12345
[IPLIST - 28612,Fri Sep 17 17:55:03 2010] get ip end
[-SYSTEM- - 28612,Fri Sep 17 17:55:03 2010] [konstruktor] start
[-GETIP- - 28612,Fri Sep 17 17:55:03 2010] try to get ip for: host.of.ioftpd.box
[-GETIP- - 28612,Fri Sep 17 17:55:03 2010] resolved ip: xxx.xxx.xxx.xxx
[-SYSTEM- - 28612,Fri Sep 17 17:55:03 2010] [konstruktor] end
[-SYSTEM- - 28612,Fri Sep 17 17:55:03 2010] [main] try to start controlthread
[-SYSTEM- - 28612,Fri Sep 17 17:55:03 2010] [main] list create end
[ACCEPT - 28612,Fri Sep 17 17:55:03 2010] [Accept] start
[-SYSTEM- - 29965,Fri Sep 17 17:55:03 2010] [makethread] start
[-EMPTY- - 29965,Fri Sep 17 17:55:03 2010] [controlthread] start
[-EMPTY- - 29965,Fri Sep 17 17:55:03 2010] [controlthread] try to get ident reply
[-GETIP- - 29965,Fri Sep 17 17:55:03 2010] try to get ip for: ip.of.bnc.shell.here
[CONNECT - 29965,Fri Sep 17 17:55:03 2010] [Connect] start
[-GETIP- - 29965,Fri Sep 17 17:55:03 2010] try to get ip for: ip.of.remote.user.trying.to.connect
[CONNECT - 29965,Fri Sep 17 17:55:03 2010] [Connect] end(0-5)
[CONNECT - 29965,Fri Sep 17 17:55:03 2010] Connection refused
[IDENT - 29965,Fri Sep 17 17:55:03 2010] [Ident] could not connect to ident port @ip.of.remote.user.trying.to.connect
[ - 29965,Fri Sep 17 17:55:03 2010] -----SOCKET---- closing ident_sock : 6
[-EMPTY- - 29965,Fri Sep 17 17:55:03 2010] [controlthread] after ident
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [controlthread] try to connect to site
[CONNECT - 29965,Fri Sep 17 17:55:03 2010] [Connect] start
[-GETIP- - 29965,Fri Sep 17 17:55:03 2010] try to get ip for: host.of.ioftpd.box
[-GETIP- - 29965,Fri Sep 17 17:55:03 2010] resolved ip: xxx.xxx.xxx.xxx
[CONNECT - 29965,Fri Sep 17 17:55:03 2010] [Connect] end(1)
[SOCKOPT - 29965,Fri Sep 17 17:55:03 2010] ----- options for site_sock  -----------
[SOCKOPT - 29965,Fri Sep 17 17:55:03 2010] socket is set to keepalive
[SOCKOPT - 29965,Fri Sep 17 17:55:03 2010] socket is not set to linger
[SOCKOPT - 29965,Fri Sep 17 17:55:03 2010] socket is not set to reuse adr
[SOCKOPT - 29965,Fri Sep 17 17:55:03 2010] sock set to blocking
[SOCKOPT - 29965,Fri Sep 17 17:55:03 2010] ----- options for client_sock  -----------
[SOCKOPT - 29965,Fri Sep 17 17:55:03 2010] socket is set to keepalive
[SOCKOPT - 29965,Fri Sep 17 17:55:03 2010] socket is not set to linger
[SOCKOPT - 29965,Fri Sep 17 17:55:03 2010] socket is set to reuse adr
[SOCKOPT - 29965,Fri Sep 17 17:55:03 2010] sock set to blocking
[-SYSTEM- - 29965,Fri Sep 17 17:55:03 2010] IDNT cmd: IDNT *@ip.of.remote.user.trying.to.connect:ip.of.remote.user.trying.to.connect

[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [ControlWrite] write to site
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [controlthread] try to get welcome msg
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [ControlRead] read from site
[CONTROLREAD - 29965,Fri Sep 17 17:55:03 2010] start
[CONTROLREAD - 29965,Fri Sep 17 17:55:03 2010] loop start
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [ControlRead] read failed
[-SYSTEM- - 29965,Fri Sep 17 17:55:03 2010] [makethread] delete pConnection
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [controlthread] destructor start
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [deletedatathread] start
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [deletedatathread] no datathread running
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [controlthread] close client sock
[ - 29965,Fri Sep 17 17:55:03 2010] -----SOCKET---- closing client_sock : 4
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [controlthread] close site sock
[ - 29965,Fri Sep 17 17:55:03 2010] -----SOCKET---- closing site_sock : 6
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [controlthread] destructor end
[-SYSTEM- - 29965,Fri Sep 17 17:55:03 2010] [makethread] end
so the IDNT command being sent is
Quote:
IDNT *@ip.of.remote.user.trying.to.connect:ip.of.remote .user.trying.to.connect
which looks ok to me (ident is not working on the box i am trying from, so thats not an error).

What seems like it could be a source of the problem is this part
Quote:
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [ControlWrite] write to site
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [controlthread] try to get welcome msg
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [ControlRead] read from site
[CONTROLREAD - 29965,Fri Sep 17 17:55:03 2010] start
[CONTROLREAD - 29965,Fri Sep 17 17:55:03 2010] loop start
[-AFTER-IDENT- - 29965,Fri Sep 17 17:55:03 2010] [ControlRead] read failed

Last edited by opcode; 09-17-2010 at 01:14 PM.
opcode is offline   Reply With Quote
Old 09-17-2010, 01:22 PM   #155
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

I'll see if I can take a deeper look this weekend. If the IDNT PRE event isn't firing then it's like the server never got the message. At the moment my best guess is that it looks like the BNC send the IDNT command before the server sent the hello message (which is technically wrong) but I can't see it making a difference since it would just get buffered until read, but perhaps it does...

I've got another idea! Are you using implicit SSL connections anywhere ('Explicit_Encryption' not set to True?) I.e. the connection immediately enables SSL before any data (even the hello message) is sent? That would account for what is going on since the SSL handshake would fail which is why you see the read failure for what looks like a broken connection and the IDNT PRE event never firing since it never got to process any commands...

Update: Hmm, I just looked at your posted config above and it looks fine, but still worth a double check that no strange characters hiding in there...

Update2: Since you were able to use RAW mode with PuTTY you aren't using implicit SSL at least on the ioFTPD side...

Last edited by Yil; 09-17-2010 at 02:00 PM.
Yil is offline   Reply With Quote
Old 09-17-2010, 06:07 PM   #156
opcode
Junior Member
 
Join Date: Aug 2009
Posts: 21
Default

i even tried turning off ssl, e.g. not forcing ssl on the ioftpd side and the bnc and then trying to connect without ssl. the result was the same though.
opcode is offline   Reply With Quote
Old 09-26-2010, 12:56 PM   #157
BoNeZz
Member
ioFTPD Foundation User
 
Join Date: Feb 2004
Posts: 39
Default

Quote:
Originally Posted by Yil View Post

BoNeZz: If you are comparing the crypto speeds of 5.8.5 vs 7.5.9 there are two huge differences. 5.8.5 up to 7.3.3 used the MS encryption library and were limited to 128bit algorithms. 7.4+ uses OpenSSL and has support for 256bit ciphers and a whole range of new algorithms. I don't think one is much faster than the other at AES128 but there is no guarantee you are trying to use that when comparing the speeds for both versions... What kind of machine are you using this on?

OpenSSL doesn't care about any installed certificates on the machine, just the files in the /system directory it creates so any old certs installed in the registry by the MS encryption stuff don't matter.
AMD Athlon 64 processor 3500+( single core)

and in another machine like this:

AMD Sempron 2400+ (also single core)

i used windows xp 32bit. i try next week in first machine with win7 32bit, it's good?

or these cpu are too slow ?
BoNeZz is offline   Reply With Quote
Old 10-05-2010, 12:31 AM   #158
jacqueline2010
Junior Member
 
Join Date: Oct 2010
Posts: 1
Default

After that part is done, dir list is behaving properly. But it looks really strange with a dirlisting command that just hangs in client without getting reply for several minutes.. first assumption then is for pasv port to be blocked or hdd problems..


ebay tickets selling
jacqueline2010 is offline   Reply With Quote
Old 11-02-2010, 03:19 PM   #159
Sabour
Junior Member
ioFTPD Foundation User
 
Join Date: Sep 2006
Posts: 11
Default

@Yil
Any news for v8?
Sabour is offline   Reply With Quote
Old 11-03-2010, 10:08 AM   #160
ArtX
Senior Member
FlashFXP Beta Tester
ioFTPD Foundation User
 
Join Date: Jan 2004
Posts: 301
Default

and/or any updates on your sfv script for ioftpd
ArtX is offline   Reply With Quote
Old 11-04-2010, 01:44 PM   #161
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

Thinks sure have been quiet around these parts lately Hopefully that's a good thing!

I've been taking a bit of a break finishing up the changes to the next release since I really need to spend several straight days on it and haven't had the time and/or the inclination. I do keep adding things to the TODO list, so that's a good sign though! I've noticed a few odd things helping people setup their servers or answering questions and I just want to make it clear, if you see something that looks odd please report it here! I saw an account used to test the BNC have -168 logins. MINUS 168? That's gotta be a problem of some kind! So please let me know if you see crazy stuff like that since it's usually a trivial fix once I know about it...

I can say for sure that the next release will be a v7 point release with some new features and rewritten async event notifications. After that change there's a handful of simpler changes I can make in later releases to finally try and solve the lockup issue if that does do it. Luckily it isn't a big deal anymore since downtime is trivial now since it can detect it and suicide, but until it's really stable I'm going to keep on trying to fix it as a high priority item...
Yil is offline   Reply With Quote
Old 11-05-2010, 12:30 PM   #162
BoNeZz
Member
ioFTPD Foundation User
 
Join Date: Feb 2004
Posts: 39
Default

great news

anyway my speed problem in machines with monocore cpu isn't resolved

i tried some settings, but i don't understand why if i upload with an user i get 50% of total bandwith

if i try to upload with two user i get more than 50%, like 70 80 90%, not stable but more speed anyway

where\how can i set up on ioftpd more speed or bandwith used with an upload?

Global_Outbound_Bandwidth and client are disable, so no limit

maybe i set up threads? i don't know if is right and anyway i don't know how to set up threads to
BoNeZz is offline   Reply With Quote
Old 11-05-2010, 03:17 PM   #163
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

BoNeZz: From the .ini file:
Code:
# Suggested value for I/O threads, is 2x number of logical cpus.
# Suggested value for worker threads on site that runs lots of scripts,
# is ~half of max users online.
# Suggested value for encryption threads, is number of logical cpus.
Starting with v7.4 and the change to OpenSSL there are no more encryption specific threads so that setting should be removed from the .ini file. Worker threads don't impact transfer speeds so that just leaves I/O threads. You could try using 3 instead of 2 (since you have a single core) I/O threads and see if that makes a difference which it may if you have multiple transfers, but I don't think should impact just a single transfer.

You could also try excluding the 256 bit ciphers which may take more CPU so you could have a more even comparison between v7.5 and the older MS 128 bit encryption in v7.3 and earlier. I think this .ini setting should work:

OpenSSL_Ciphers = DEFAULT:!:HIGH:!LOW:!EXPORT

There's a link to a webpage that describes how you can tweak this setting in the .ini file. You can probably force just one cipher to make it the same as whatever was being chosen by v7.3 if needed.
Yil is offline   Reply With Quote
Old 11-06-2010, 08:49 AM   #164
BoNeZz
Member
ioFTPD Foundation User
 
Join Date: Feb 2004
Posts: 39
Default

Quote:
Originally Posted by Yil View Post
BoNeZz: From the .ini file:
Code:
# Suggested value for I/O threads, is 2x number of logical cpus.
# Suggested value for worker threads on site that runs lots of scripts,
# is ~half of max users online.
# Suggested value for encryption threads, is number of logical cpus.
Starting with v7.4 and the change to OpenSSL there are no more encryption specific threads so that setting should be removed from the .ini file. Worker threads don't impact transfer speeds so that just leaves I/O threads. You could try using 3 instead of 2 (since you have a single core) I/O threads and see if that makes a difference which it may if you have multiple transfers, but I don't think should impact just a single transfer.

You could also try excluding the 256 bit ciphers which may take more CPU so you could have a more even comparison between v7.5 and the older MS 128 bit encryption in v7.3 and earlier. I think this .ini setting should work:

OpenSSL_Ciphers = DEFAULT:!:HIGH:!LOW:!EXPORT

There's a link to a webpage that describes how you can tweak this setting in the .ini file. You can probably force just one cipher to make it the same as whatever was being chosen by v7.3 if needed.
i tried with OpenSSL_Ciphers = DEFAULT:!:HIGH:!LOW:!EXPORT
but same speed

i tried also OpenSSL_Ciphers = NULL
but same speed
BoNeZz is offline   Reply With Quote
Old 11-06-2010, 02:14 PM   #165
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

NULL? I think that means it would be plaintext without any encryption at all. I can't think of a good reason why that would slow things down! Can you see what cipher (if any) it thinks you are connecting to the server with?

Can you double check that no-SSL and SSL to the same site back to back result in a huge performance difference? Is that true of all sites? Perhaps it's the other side that is slow and not you...
Yil is offline   Reply With Quote
Reply

Tags
command, fixed, link, openssl, server

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 01:54 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)