On Thu, Jun 12, 2008 at 03:23:29AM +0000, Stuart Henderson wrote: > On 2008-06-11, Marc Espie <[EMAIL PROTECTED]> wrote: > > On Wed, Jun 11, 2008 at 10:22:17AM -0500, c l wrote: > >> Anyone else get this message when doing pkg_add's from ftp sites? > >> > >> 421 There are too many connections from your internet address > >> > >> I get this on all my openbsd boxes, 4.3 and -current from June 10, 2008. > >> > >> All of them are behind either a cisco pix or 4.3 -release firewall. > >> > >> It seems to happen with just about any package that has a few dependencies. > > > > Looks like you have some proxying mechanism which fucks up. It definitely > > appears that your ftp client is not terminating client properly, something > > eats the connection termination. > > This happens with some mirrors from time to time.. definitely seen > it on belnet befrore, maybe some others. As I said before, but it's worth repeating.
pkg_add *relies* on being able to interrupt ftp transfers in the middle. That's a part of the telnet layer of ftp. Namely, there's some sequence you can send on the connection that will abort the connection cleanly, on both sides. From pkg_add's point of view, there will be only one active ftp connection to a given ftp server, there's some code that's very careful doing that. Of course, if there's some lousy network equipment in the middle, there can be *stuck* ftp connections. The other part of the problem is the data/control nature of ftp. Stupide aggressive nats will tend to drop the control connection after a while, because it's inactive, even though there is data going through the data connection. We fixed this one for real when we started sending NOP over inactive control connections to prevent that (ftp-level `keep-alive' kind-of). Ftp is a fine protocol, modern network equipment is dumb. There's not much you can do, except switch to a more stupid protocol, like http, which is perfectly adapted to a world of dumb networks and dumb users.
