| Summary: | vsftpd sessions hang on connect due to rfc1413 ident checking set in xinetd conf. | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Ben Kennedy <ben> |
| Component: | [OLD] Server | Assignee: | Roy Marples (RETIRED) <uberlord> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | x86 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Fixed in vsftpd-2.0.3 |
vsftpd is set up to be invoked by xinetd. The settings in /etc/xinetd.d/vsftpd are such that xinetd will attempt to do RFC 1413 (identd) enquiry against the connecting host before passing the connection over to vsftpd. In some situations this is responsible for a hefty delay in establishing the connection and the ftp attempt appears to initially hang). Specifically this behaviour is a result of 'USERID' in the following lines of /etc/xinetd.d/vsftpd: log_on_success += DURATION USERID log_on_failure += USERID Removing 'USERID' on these lines solves the problem. Reproducible: Sometimes Steps to Reproduce: 1. telnet to port 21 on a host running vsftpd in the stock gentoo deployment (i.e., try to connect by ftp). Actual Results: If the connect is coming from a stealthy host, e.g. a computer behind some kind of NAT device which doesn't respond to pings etc., there will be a lengthy delay (dozens and dozens of seconds) before the "220 Welcome..." message is returned. Expected Results: There should be no delay in vsftpd getting control of the session. This can be ensured by removing the 'USERID' params from the xinetd conf. vsftpd 1.2.2 from portage.