FTPES data connection delay

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
xeon
226 Transfer OK
Posts: 128
Joined: 2009-08-19 03:18

FTPES data connection delay

#1 Post by xeon » 2014-12-14 16:48

Hello,

I've noticed when connecting via FTPES that there seems to be a 200ms delay for each data connection, it doesn't seem to happen when viewing large directories, however. Do you think it could be related to this?

http://support.microsoft.com/kb/214397


Thanks

User avatar
botg
Site Admin
Posts: 33242
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FTPES data connection delay

#2 Post by botg » 2014-12-14 17:18

Which FTP server software (product and version) are you using?

When testing against FileZilla Server in a LAN, listing small (or empty) directory listings with FTP over TLS doesn't take more than 6 milliseconds in total here.

xeon
226 Transfer OK
Posts: 128
Joined: 2009-08-19 03:18

Re: FTPES data connection delay

#3 Post by xeon » 2014-12-14 17:18

botg wrote:Which FTP server software (product and version) are you using?
vsftpd 3.0.2

User avatar
botg
Site Admin
Posts: 33242
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FTPES data connection delay

#4 Post by botg » 2014-12-14 17:52

Looks like a server issue to me.

Even when unconditionally enabling TCP_NODELAY in the client, there's still this delay when connecting to vsftpd.

xeon
226 Transfer OK
Posts: 128
Joined: 2009-08-19 03:18

Re: FTPES data connection delay

#5 Post by xeon » 2014-12-14 20:03

botg wrote:Looks like a server issue to me.

Even when unconditionally enabling TCP_NODELAY in the client, there's still this delay when connecting to vsftpd.
I'm also seeing the same behavior on proftpd 1.3.5. According to the docs, it has TCP_NODELAY enabled by default. I believe vsftpd does too, going by the source code.

User avatar
boco
Contributor
Posts: 25334
Joined: 2006-05-01 03:28
Location: Germany

Re: FTPES data connection delay

#6 Post by boco » 2014-12-14 22:49

At least in ProFTPd, there are the 'IdentLookups' and 'UseReverseDNS' options that can delay connection. Maybe vsftpd does have something similar?
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

xeon
226 Transfer OK
Posts: 128
Joined: 2009-08-19 03:18

Re: FTPES data connection delay

#7 Post by xeon » 2014-12-15 00:19

boco wrote:At least in ProFTPd, there are the 'IdentLookups' and 'UseReverseDNS' options that can delay connection. Maybe vsftpd does have something similar?
I disabled both on proftpd, it still happens. Also, looking at the packet captures in wireshark, the ACK is always delayed by exactly 200ms and I've only seen it happen on smaller listings, this to me seems indicative of the Nagle algorithm kicking in where it shouldn't be.

User avatar
botg
Site Admin
Posts: 33242
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FTPES data connection delay

#8 Post by botg » 2014-12-15 12:46

The problem is indeed caused by the Nagle algorithm.

vsftpd writes the "end of connection" TLS packet to the socket. This being a small packet, the server's TCP stack waits for more data. Yet this data doesn't come. This is causing the 200ms delay.

As this is purely a server-side issue, it can only be fixed server-side.

User avatar
botg
Site Admin
Posts: 33242
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FTPES data connection delay

#9 Post by botg » 2014-12-15 14:39

I took the liberty to fix vsftpd.

Here's my patch and the copy of my mail to the vsftpd author.
Hi Chris,

when listing directories or downloading files from vsftpd using FTP over TLS, there's a delay of up to 200ms at the end of each transfer. This is most pronounced with small (e.g. empty) files/directories.

It turns out that TCP's Nagle algorithm is delaying the TLS shutdown notification for up to 200ms.

I've attached a small patch for the latest vsftpd that sets TCP_NODELAY prior to initiating the TLS shutdown to get rid of the delay.

Regards,
Tim Kosse
Attachments
delay.patch
(1.07 KiB) Downloaded 106 times

xeon
226 Transfer OK
Posts: 128
Joined: 2009-08-19 03:18

Re: FTPES data connection delay

#10 Post by xeon » 2014-12-29 02:52

Thanks for the patch, it seems to have resolved it.

I'm still hoping that, one day, FileZilla Server for Linux will be a thing. I really do like vsftpd, but it's missing a number of important features that will probably never get added. Support for MLSD, forward secrecy, using RSA and ECDSA certificates simultaneously, just to name a few.

Post Reply