If we reject simultaneous data connections from a given source IP, What would be the implications when connections are in fact from two different clients, but they all go through the same router (in a typical work/home network)? The FTP server would see the public IP of the router, isn't it?
Regards, Sai Pullabhotla On Thu, Mar 25, 2010 at 8:37 AM, Niklas Gustavsson <nik...@protocol7.com> wrote: > On Thu, Mar 25, 2010 at 2:30 PM, Sai Pullabhotla > <sai.pullabho...@jmethods.com> wrote: >> I've not looked at the patch that supports concurrent data connections >> on a single passive port, but I've some serious doubts as to if it is >> even legitimate to have such support and if we can gracefully handle >> such scenario. > > I think most FTP servers support concurrent use of the same port. > >> Here is an example scenario - >> >> 1. Client A has more than one session (for this example let us say >> two) open with the FTP server. >> 2. Session 1 issues PASV command. >> 3. Server replies back asking to connect on port 2000. >> 4. About the same time, Session 2 issues PASV command >> 5. Server replies back asking to connect on port 2000. >> 6. Both session 1 and session 2 connect to port 2000 almost at the same time. >> 7. How do we distinguish which data connection belongs to which >> control session? >> >> Would we possibly be sending/receiving incorrect data on session 1/2? > > Step 5 must not be allowed. That is, we should not have two waiting > passive ports from the same IP. In this case (if only port 2000 is > used for passive ports), step 5 should be returning a 4XX reply. > > Would that work? > > All considered, adding support for this will require quite some work > when it comes to testing. > > /niklas >