Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Not able to access ftp site on 5.1.x #2621

Closed
xygwfxu opened this issue Dec 11, 2020 · 30 comments
Closed

Not able to access ftp site on 5.1.x #2621

xygwfxu opened this issue Dec 11, 2020 · 30 comments
Assignees
Labels

Comments

@xygwfxu
Copy link

xygwfxu commented Dec 11, 2020

Install 5.1.6 on Android 10, enable a profile. Access site: ftp://ftp.fedex.com/pub/us/software/

Not able to open this site. However it works on version 5.0.6.
Check server access log, even no log for that site.

@xygwfxu xygwfxu added the bug label Dec 11, 2020
@madeye
Copy link
Contributor

madeye commented Dec 11, 2020

It looks an issue of shadowsocks-rust. I cannot get my FTP client working with the shadowsocks-rust locally.

@zonyitoo To get FTP works, we need to establish the TCP relay even there's no request sent from client. Can you double check this?

@madeye
Copy link
Contributor

madeye commented Dec 11, 2020

@zonyitoo here is a similar fix for shadowsocks-libev before: shadowsocks/shadowsocks-libev@fa82628

When a new socks5 client connected, after a small duration, we would establish a TCP relay to the remote shadowsocks server even if there's no data sent from the client.

@zonyitoo
Copy link

zonyitoo commented Dec 11, 2020

@zonyitoo To get FTP works, we need to establish the TCP relay even there's no request sent from client. Can you double check this?

I understand. But why? Why FTP requires proxy server to connect to remote without any data was sent?

@madeye
Copy link
Contributor

madeye commented Dec 11, 2020

FTP is a very old protocol. Imaging a telnet session in the late 90s,

  1. You establish a TCP connection to a server port,
  2. The server first send a prompt to ask for your login info,
  3. You follow the prompt to send username and password.
  4. The server will tell you if the login is successful or not.

And it's similar for FTP, here is a diagram I found: https://www.eventhelix.com/RealtimeMantra/Networking/FTP.pdf

Generally, if a TCP protocol requires the server to send the prompt first, it cannot work with the current shadowsocks-rust.

@zonyitoo
Copy link

Got it.

@Mygod
Copy link
Contributor

Mygod commented Dec 16, 2020

This is fixed? Should we close it?

@madeye
Copy link
Contributor

madeye commented Dec 16, 2020

Nope, I think we have to wait until the next release of shadowsocks-rust.

@zonyitoo
Copy link

I have already fixed in feature-separate-crates branch. But I haven't finished migrating dns-relay, yet.

@xygwfxu
Copy link
Author

xygwfxu commented Dec 29, 2020

Verified on v5.1.8, issue is still there. Not able to access ftp resource.

@madeye
Copy link
Contributor

madeye commented Dec 29, 2020

@xygwfxu Try again, it should work now.

@xygwfxu
Copy link
Author

xygwfxu commented Dec 30, 2020

@madeye The version I tried is v5.1.8 which is the current latest. what do you mean to retry for same version?

I thought you released two builds with same version number and just tried again. Same error.

@madeye
Copy link
Contributor

madeye commented Dec 30, 2020

I can connect to FTP site with 5.1.8.

Any step to reproduce your issue?

@madeye madeye closed this as completed Dec 30, 2020
@xygwfxu
Copy link
Author

xygwfxu commented Dec 30, 2020

ic.
My ftp server is in same host of server from filezilla, then use vlc to connect this ftp server.

@madeye
Copy link
Contributor

madeye commented Dec 30, 2020

My ftp server is in same host of server from filezilla, then use vlc to connect this ftp server.

It looks an issue of VLC. I cannot open the ftp.fedex.com even without shadowsocks.

Please try open ftp://ftp.fedex.com/pub/ in Chrome. It should work now.

@xygwfxu
Copy link
Author

xygwfxu commented Jan 1, 2021

ok, ok.
My bad, I shouldn't thought these are same issues. At that moment,I just want simplifying how to reproduce such issue. so I gave a public ftp server for you. and yes this public ftp resource works on 5.1.8.

Not sure whats the diff here, however If you could you can setup a your own windowds filezilla ftp server, set to same subnet of you ss server like 192.168.1.x. then please try to access it like " ftp://192.168.1.< ftp ip>" in chrome to see if it works.

In my test results, it same as vlc which its failed.

@madeye
Copy link
Contributor

madeye commented Jan 1, 2021

@xygwfxu I just setup a FTP server with vsftpd and everything works fine in Chrome.

Also, can you make sure 5.0.6 works for your FTP server in VLC? I tried 5.0.6 with a FTP server in VLC and it cannot work either. In fact, VLC cannot work with any of my FTP server even without shadowsocks...

@xygwfxu
Copy link
Author

xygwfxu commented Jan 1, 2021

thats so strange.
I use vlc to watch movies from my ftp server for months on v5.0.6. And this is the only issue that blocks me to upgrade to v5.1.x :(

@xygwfxu
Copy link
Author

xygwfxu commented Jan 1, 2021

ic there is a test. MP4 file in vlc.

@madeye
Copy link
Contributor

madeye commented Jan 1, 2021

Try open this file in VLC. I can play the video through shadowsocks.

@xygwfxu
Copy link
Author

xygwfxu commented Jan 1, 2021

@madeye are u saying vlc can open ftp resource on v5.1.8 on your side?

u previous comment mentioned none of works.

bit confuse here.

@madeye
Copy link
Contributor

madeye commented Jan 1, 2021

I solved a permission issue in my FTP server, now it can work.

@xygwfxu
Copy link
Author

xygwfxu commented Jan 1, 2021

okay. so for me its a diff issue.
it works on v5.0.6 not for v5.1.8.

would be kinda acl related/ similar issue cus I use intranet IP?

@madeye
Copy link
Contributor

madeye commented Jan 1, 2021

would be kinda acl related/ similar issue cus I use intranet IP?

What's the route are you using? To access the intranet IPs, you should not bypass LAN IPs.

@xygwfxu
Copy link
Author

xygwfxu commented Jan 1, 2021

the 3rd one bypass cn ips.

@madeye
Copy link
Contributor

madeye commented Jan 1, 2021

I just tried an intranet FTP site through shadowsocks, which also works in VLC.

@xygwfxu
Copy link
Author

xygwfxu commented Jan 1, 2021

that'bad. I don't know how I can workaround this.

thanks for your great helps anyway.

@Mygod
Copy link
Contributor

Mygod commented Jan 19, 2021

Just ran into this for SSH. SSH begins with a handshake message of server version. For MobaXterm, it seems to await server's version before sending its own version, which makes the session timeout. I will update and test later.

@zonyitoo
Copy link

500ms is too long for SSH?

@madeye
Copy link
Contributor

madeye commented Jan 19, 2021

I did some tests with JuiceSSH. Everything looks fine.

@Mygod
Copy link
Contributor

Mygod commented Jan 22, 2021

Sorry I meant this for the old version. It works fine in the latest version.

JackyAnn added a commit to JackyAnn/shadowsocks-android that referenced this issue Sep 22, 2022
* Allow user to keep data when uninstalling (shadowsocks#2506)

* Update README.md

* Update dependencies

* Add cargo clean task

* Enable LTO

* Speed up rebuild

* Update issue templates with labels

* Update dependencies

* Fix output name second attempt

* Update NDK

* Ensure cargoBuild is ran before mergeJniLibFolders

* Bump version

* Refine release build process

* Refine gradle files

* Add RUST_BACKTRACE

* Use rethrowAsSocketException

* Suppress write errors to protect_path

* Update shadowsocks-rust

* Bump version

* Improve accessibility

* Rename cipher plain to none

* Revert "Add RUST_BACKTRACE"

This reverts commit fdff88e.

ndk-stack should be used instead.

* Use cp.cloudflare.com for connectivity test

Credits: https://www.v2ex.com/t/656983#r_8748918

* Update dependencies

* Remote DNS setting is enabled unconditionally

* Show more information on conflicting plugins

Because one of you feckers just cannot learn to be decent.

* Add support for PTR queries

* Prevent querying PTR on custom Network

* Suppress network unspecified exceptions

* Handle IOException while reading

* Refine handling duplicate plugins

* Use any address as default DNS

* Suppress EACCES for ProtectWorker

* Clean up unused code

* Do not suppress IOException

* Disable UDP relay if plugin is enabled and no fallback

* Remove unnecessary isExperimental

* Update dependencies

* Fix unchecked cast

* Do not use WorkManager in device storage

* Remove unnecessary directBootAware overloading

* Suppress BadConfigurationProvider

* Disable RemoveWorkManagerInitializer lint for apps

* Update to Android 11 beta 1

* Request QUERY_ALL_PACKAGES for mobile

* Refine code style

* Fix ambiguous coroutineContext

* Downgrade coroutines

* Update dependencies

* Deprecate using Handler

* Fix shadowsocks#2546

* Only match exported plugins

* Update dependencies

* Update dependencies

* Migrate to ML kit for scanning QR code

Fixes shadowsocks#2548.

* Make scanner immersive

* Lock orientation to prevent camera recreation

* Fix missing Serializable declaration

* Add missing serialVersionUID

* Update dependencies

* Partially migrate to ActivityResultContracts

AlertDialogFragment will be migrated after the API goes stable.

* Add ActionBar to oss activity

* Add ActionBar to details activity

* Refine Scanner

* Bump version

* Update dependencies

* Suppress cancellation exceptions

* Skip processing if EOS is reached

* Refine PTR compat

* Fix shadowsocks#2557

* Fix shadowsocks#2562

* Update Android gradle

* Set VPN flag properly

Refine shadowsocks#2562.

* Drop support for Android Lollipop

* Update dependencies

* Remove UDP upstream DNS support. Fix shadowsocks#2564 shadowsocks#2518

* Update shadowsocks-rust

* Update dependencies

* Decouple main dependencies from plugin lib

* Simplify code

* Add missing type

* Update dependencies

* Deprecate old backup mechanism for Android 5-

* Update leanback theme to appcompat

* Use singleTask launchMode

* Fix build

* Bump version

* Update dependencies

* Update dependencies

* Bump plugin lib version to 2.0.0

* Add isV2 to PluginManager.InitResult

* Pass a value with the VPN option, if plugin version < 2.0

* Switch to __android_vpn

* Remove unnecessary parentheses

* Update shadowsocks-rust

* Bump version

* Clean up and bump version

* Revert camera-view back to alpha17

* Bump version

* Update dependencies

* Migrate away from deprecated APIs with core 1.3.0-alpha05

* Clean up code

* Refine code style

* Remove old ciphers. Fix shadowsocks#2621

* Enable single-threaded

* Update shadowsocks-rust to 1.8.23

* Use Parcelize for TrafficStats

* Fix platform insets on API 29-

* Fix shadowsocks#2623

* Update barcode-scanning

* Fix shadowsocks#2571

* Refine error message

* Refine shadowsocks#2571

* Limit open sockets to 256 in UDP association. Fix shadowsocks#2625

* Bump version

* Fix little problem of profile switching

* Update shadowsocks-rust to 1.9.0 (shadowsocks#2622)

* Fix shadowsocks#2638

* Bump version

* Switch to local UDP DNS resolver (shadowsocks#2635)

* Switch to the local UDP DNS resolver

* Update shadowsocks-rust

* Revert the rustup commands

* Fix shadowsocks#2642

* Fix the ByteBuffer allocation

* Update shadowsocks-rust

* Revert to local UDS resolver

Fix shadowsocks#2650

* Check deprecated ciphers (shadowsocks#2651)

* Bump version

* Fix shadowsocks#2301

* Bump version

* Remove the non-ietf chacha20 and salsa20 ciphers

* Fix shadowsocks#2665

* Update dependencies

* Fix deprecation of kotlin extensions

* Remove unused gcm work library for API 23+

* Use work-multiprocess

* Refine code style

* Update dependencies (shadowsocks#2672)

* Update dependencies

* Refine code style

* Bump gradle to 6.8.2

* Drop packet if out of buffer

* Refine error message

* Enlarge the buffer size of a UDP connection

* Bump version

* Ignore all exceptions whilst updating subscriptions

* Refine the JSON config file for ss-rust 1.10

* Refine the code style

* Update shadowsocks-rust to v1.10.3

* Fix shadowsocks#2679

* Update dependencies

Fixes shadowsocks#2699.

* Fix deprecation of adapterPosition

* Bump plugin to 2.0.1

* Migrate AlertDialogFragment to fragment result API

* Remove useless dependency update

* Migrate the rest to fragment result API

* Remove unused field

* Prevent crashing on shitty ROMs

* Add search tool for profiles (shadowsocks#2682)

* Suppress logging unsupported query type errors

* Ignore if connection was prematurely closed

* Use default udp_timeout=300 instead

Refine shadowsocks#2625.

* Mark underlyingNetwork as volatile

Attempts at addressing shadowsocks#2667.

* Fixed required targetFragments for preference

* Downgrade gradle plugin

* Update shadowsocks-rust and add back some ciphers

Fix shadowsocks#2705 and shadowsocks#2663.

* Update dependencies

* Check plugin properly

Fix shadowsocks#2667.

* Check crypto before init

* Make code style more Kotlin

* Update core and remove workaround

* Refine search to respect locale

* Double fixes touch target

* Resolve server name dynamically always (shadowsocks#2731)

Fixes shadowsocks#2722.

* Bump version

* Downgrade fragment to 1.3.2

Fixes shadowsocks#2733.

* Make plugin library depend on minimum version instead

* Enable Parallel GC

* Set useLegacyPackaging

* Update the maven publish plugin (shadowsocks#2734)

1. Remove the unnecessary custom URL
2. Replace jcenter with mavenCentral

* Handle illegal profiles properly

* Fix windows build failed shadowsocks#2666 shadowsocks#2711

* Allowed build under msys2 or cygwin

* Update dependencies

* Bring back semitransparent TV app via build variants (shadowsocks#2741)

This creates two variants for tv, freedom containing the original design, and google containing one matching Google's nonsense guideline. The former should be published on GitHub and elsewhere.

Revert "Revert "Revert "Revert "Revert "Make app fullscreen to match guidelines"""""

This reverts commit 0c67ac6.

* Fix typo

* Show full proxied apps mode to compensate for missing title

* Use MaterialAlertDialogBuilder

* Add progress indicator to ServiceButton

* Remove elevation from progress

* Only show progress for connecting

* Only show progress when connecting is taking too long

* Bump version

* Update dependencies

* Update sdk to S

* Use registerBestMatchingNetworkCallback

* Use OsConstants.ENONET

* Deal with new requirements

* Use main thread for default network callback on API 26+

* Remove unused code

* Fix duplicate authentication

* Update dependencies

* Bump version

* More stupid Android 6 bugs

* Update dependencies

* Downgrade leanback-preference

* Update to API 31

* Remove STORAGE permission on Android 10+

* Update dnsjava

* Ensure that redirects are always followed

Fixes shadowsocks#2786, shadowsocks#2791.

* Update dependencies

* Update to AGP 7.0.2

* Fix lint

* Update dependencies

* Fix shadowsocks#2803

* Remove extra file

* v5.2.6

* Revert "Show full proxied apps mode to compensate for missing title"

This reverts commit d21cf7b.

Fixes shadowsocks#2806.

* Add linkedin.com to gfwlist

* Fix Codacy badge

* Update dependencies

* Update .gitignore

ignore DS_Store

* Just to satisfy the obsessive-compulsive disorder :-)

* Update shadowsocks-rust

Update rust  dependency

* add new ciphers feature, and reorder cipher name

* Modify acl rules

* Update config.yml

try to fix up the rust build error

* enable armv8, neon feathures for hardware acceleration.

* Fix the missing springAnimator

* Update shadowsocks-rust to v1.15.0-alpha.5

* Bump version

* Update translations

Fixes shadowsocks#2867.

* Add German and Ukrainian translations

* Misc fixes

* Fix order

* Use system resolver

* Update dependencies

* Declare POST_NOTIFICATIONS

* Protect sensitive profile information when copied

* Add support for monochrome icons (not recommended)

* Declare supported languages

* Require authentication for closing service

* Support skipping animation in StatsBar

* Downgrade AGP

* Misc fixes

* Turn on fun switch

* Remove useless code

* Bump version

* Fix the compile error shadowsocks#2930 (shadowsocks#2935)

Make checking python version code compatible with windows and *nix

Redefine the python version detection code

Co-authored-by: Mygod <[email protected]>
Co-authored-by: Mygod <[email protected]>
Co-authored-by: Max Lv <[email protected]>
Co-authored-by: cyber386 <[email protected]>
Co-authored-by: Goooler <[email protected]>
Co-authored-by: SquallATF <[email protected]>
Co-authored-by: dev4u <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants