0 votes
ago by (120 points)

Hi

Thanks for a good useful software!

We encountered a strange behavior when using Rebex tiny sftp server.

We have a setup with a machine with multiple Ethernet interfaces and when we start Rebex tiny sftp server it lists 3 IP-addresses.
When we connect to the sftp server on the interface for the second IP in that list we get a strange behavior and the connection fail.

We log with wireshark and see the following:
Client send SYN and server answers SYN, ACK asc expected.
After that we could see the client sending an intial packet with information regarding client SSH version (which also will be listed in the server gui), no TCP ack is sent to client. After a while client resends packet again...
But no more traffic is sent from the server.
After about 20-30s a RST,ACK is sent from server to client.

On client side we never get any information about server type or anything else.

When digging deeper we found TCP packets from server addressed to client IP:port (same as above) but where the source IP from server is the first IP in the list.

Our workaround is to just physically unplug all Ethernet interfaces from machine apart from the interface needed while using Rebex sftp server.

TL;DR; Rebex sftp server may answer on first IP even if request comes in on second IP.

Question: Is this even possible or have we missed something?

Tested in 1.0.22, but we think that we saw this in 1.0.15 before doing an update.

Thanks in advance.

Applies to: Rebex SFTP

1 Answer

0 votes
ago by (150k points)

Hi, and thanks!

We have not encountered this particular problem before, although we have other encountered issues on machines with multiple network interfaces when routing table has been configured in such a way that there are several possible routes between the client and the server.

A bit of searching revealed one possible culprit - Weak Host Configuration:

In the weak host model, an IP host (either IPv4 or IPv6) can send packets on an interface that is not assigned the source IP address of the packet being sent. This is known as weak host send behavior. An IP host can also receive packets on an interface that is not assigned the destination IP address of the packet being received. This is known as weak host receive behavior.

Try following these steps to configure the IPv4 interface as "not weak":

  1. netsh interface ipv4 show interface
  2. See the Idx numbers
  3. netsh interface ipv4 set interface [Idx number] weakhostsend=disabled
  4. netsh interface ipv4 set interface [Idx number] weakhostreceive=disabled

Does this resolve the issue?

In any case, if you only need to bind Rebex Tiny SFTP server to a single interface, a better solution would be to only bind the server to that particular interface instead of INADDR_ANY. We will add support for this to the next release!

ago by (120 points)
Thanks for your answer.

It may be the possible culprit as you say. We will try this next time.
For information we tested to run: netsh interface ipv4 show interface level=verbose
For all interfaces listed the answer was already:
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled

If it helps in your analysis in our case the machine has multiple routes out. So the routing table looks like the following, "route PRINT" gives:
dest | mask | gw | if
0.0.0.0 | 0.0.0.0 | a.b.c.1 | a.b.c.d
0.0.0.0 | 0.0.0.0 | x.y.z.1 | x.y.z.g
...

Where request was addressed to x.y.z.g but we could see that the ip-packets with payload from sftp-server was sent from a.b.c.d if this makes sense.

Your suggestion to make it possible to bind to a specific IP seems like a good idea to add as well. We are looking forward to this release.
...