FTPES data connection delay
Moderator: Project members
FTPES data connection delay
Hello,
I've noticed when connecting via FTPES that there seems to be a 200ms delay for each data connection, it doesn't seem to happen when viewing large directories, however. Do you think it could be related to this?
http://support.microsoft.com/kb/214397
Thanks
I've noticed when connecting via FTPES that there seems to be a 200ms delay for each data connection, it doesn't seem to happen when viewing large directories, however. Do you think it could be related to this?
http://support.microsoft.com/kb/214397
Thanks
Re: FTPES data connection delay
Which FTP server software (product and version) are you using?
When testing against FileZilla Server in a LAN, listing small (or empty) directory listings with FTP over TLS doesn't take more than 6 milliseconds in total here.
When testing against FileZilla Server in a LAN, listing small (or empty) directory listings with FTP over TLS doesn't take more than 6 milliseconds in total here.
Re: FTPES data connection delay
vsftpd 3.0.2botg wrote:Which FTP server software (product and version) are you using?
Re: FTPES data connection delay
Looks like a server issue to me.
Even when unconditionally enabling TCP_NODELAY in the client, there's still this delay when connecting to vsftpd.
Even when unconditionally enabling TCP_NODELAY in the client, there's still this delay when connecting to vsftpd.
Re: FTPES data connection delay
I'm also seeing the same behavior on proftpd 1.3.5. According to the docs, it has TCP_NODELAY enabled by default. I believe vsftpd does too, going by the source code.botg wrote:Looks like a server issue to me.
Even when unconditionally enabling TCP_NODELAY in the client, there's still this delay when connecting to vsftpd.
Re: FTPES data connection delay
At least in ProFTPd, there are the 'IdentLookups' and 'UseReverseDNS' options that can delay connection. Maybe vsftpd does have something similar?
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: FTPES data connection delay
I disabled both on proftpd, it still happens. Also, looking at the packet captures in wireshark, the ACK is always delayed by exactly 200ms and I've only seen it happen on smaller listings, this to me seems indicative of the Nagle algorithm kicking in where it shouldn't be.boco wrote:At least in ProFTPd, there are the 'IdentLookups' and 'UseReverseDNS' options that can delay connection. Maybe vsftpd does have something similar?
Re: FTPES data connection delay
The problem is indeed caused by the Nagle algorithm.
vsftpd writes the "end of connection" TLS packet to the socket. This being a small packet, the server's TCP stack waits for more data. Yet this data doesn't come. This is causing the 200ms delay.
As this is purely a server-side issue, it can only be fixed server-side.
vsftpd writes the "end of connection" TLS packet to the socket. This being a small packet, the server's TCP stack waits for more data. Yet this data doesn't come. This is causing the 200ms delay.
As this is purely a server-side issue, it can only be fixed server-side.
Re: FTPES data connection delay
I took the liberty to fix vsftpd.
Here's my patch and the copy of my mail to the vsftpd author.
Here's my patch and the copy of my mail to the vsftpd author.
Hi Chris,
when listing directories or downloading files from vsftpd using FTP over TLS, there's a delay of up to 200ms at the end of each transfer. This is most pronounced with small (e.g. empty) files/directories.
It turns out that TCP's Nagle algorithm is delaying the TLS shutdown notification for up to 200ms.
I've attached a small patch for the latest vsftpd that sets TCP_NODELAY prior to initiating the TLS shutdown to get rid of the delay.
Regards,
Tim Kosse
- Attachments
-
- delay.patch
- (1.07 KiB) Downloaded 138 times
Re: FTPES data connection delay
Thanks for the patch, it seems to have resolved it.
I'm still hoping that, one day, FileZilla Server for Linux will be a thing. I really do like vsftpd, but it's missing a number of important features that will probably never get added. Support for MLSD, forward secrecy, using RSA and ECDSA certificates simultaneously, just to name a few.
I'm still hoping that, one day, FileZilla Server for Linux will be a thing. I really do like vsftpd, but it's missing a number of important features that will probably never get added. Support for MLSD, forward secrecy, using RSA and ECDSA certificates simultaneously, just to name a few.