Skip to content

Fixed "Cannot assign requested address" for to-origin TPROXY FTP data#142

Merged
rousskov merged 1 commit intosquid-cache:masterfrom
k0rv1n:ftp_tproxy
Feb 2, 2018
Merged

Fixed "Cannot assign requested address" for to-origin TPROXY FTP data#142
rousskov merged 1 commit intosquid-cache:masterfrom
k0rv1n:ftp_tproxy

Conversation

@k0rv1n
Copy link
Contributor

@k0rv1n k0rv1n commented Feb 1, 2018

No description provided.

@squid-prbot
Copy link
Collaborator

Can one of the admins verify this patch?

@rousskov
Copy link
Contributor

rousskov commented Feb 1, 2018

OK to test

Copy link
Contributor

@rousskov rousskov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See inlined comments for one bug and a question.

conn->tos = ctrl.conn->tos;
conn->nfmark = ctrl.conn->nfmark;
// Using non-local addresses in TPROXY mode requires appropriate socket option.
conn->flags = ctrl.conn->flags & COMM_TRANSPARENT;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should not be overwriting the entire conn->flags value like this. If you want to copy the COMM_TRANSPARENT bit from the control connection flags, please copy it without touching the other bits of the conn->flags.

Please note that the above would remain true even if conn->flags were always zero at the time of assignment in the current code (but it is not zero AFAICT).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

conn->tos = ctrl.conn->tos;
conn->nfmark = ctrl.conn->nfmark;
// Using non-local addresses in TPROXY mode requires appropriate socket option.
conn->flags = ctrl.conn->flags & COMM_TRANSPARENT;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getOutgoingAddress(), which works with somewhat related concepts, also sets COMM_DOBIND. Do we need that flag here as well?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On our setup everything works without COMM_DOBIND flag.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DOBIND is only necessary if the IP address might be the magic ANY_ADDR. Which this FtpClient code is never permitting to happen (the ctrl->local should never be ANY_ADDR).

@rousskov rousskov changed the title Fix FTP data connection in TPROXY mode Fixed "Cannot assign requested address" for to-origin TPROXY FTP data Feb 1, 2018
@rousskov
Copy link
Contributor

rousskov commented Feb 1, 2018

I updated PR title and description to use a more common error message text and to indicate that the bug affects Squid-to-origin connections.

Copy link
Contributor

@yadij yadij left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Latest revision looks okay to me, assuming it works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants