bionic (3) globus_ftp_extensions.3.gz
NAME
globus_ftp_extensionsGridFTP: Protocol Extensions to FTP for the Grid
-
Introduction
This section defines extensions to the FTP specification STD 9, RFC 959, FILE TRANSFER PROTOCOL (FTP)
(October 1985) These extensions provide striped data transfer, parallel data transfer, extended data
transfer, data buffer size configuration, and data channel authentication.
The following new commands are introduced in this specification
• Striped Passive (SPAS)
• Striped Data Port (SPOR)
• Extended Retrieve (ERET)
• Extended Store (ESTO)
• Set Data Buffer Size (SBUF)
• Data Channel Authentication Mode (DCAU)
A new transfer mode (extended-block mode) is introduced for parallel and striped data transfers. Also, a
set of extension options to RETR are added to control striped data layout and parallelism.
The following new feature names are to be included in the FTP server's response to FEAT if it implements
the following sets of functionality
PARALLEL
The server supports the SPOR, SPAS, the RETR options mentioned above, and extended block mode.
ESTO
The server implements the ESTO command as described in this document.
ERET
The server implements the ERET command as described in this document.
SBUF
The server implements the SBUF command as described in this document.
DCAU
The server implements the DCAU command as described in this document, including the requirement that
data channels are authenticated by default, if RFC 2228 authentication is used to establish the
control channel.
Terminology
Parallel transfer
From a single data server, splitting file data for transfer over multiple data connections.
Striped transfer
Distributing a file's data over multiple independent data nodes, and transerring over multiple data
connections.
Data Node
In a striped data transfer, a data node is one of the stripe destinations returned in the SPAS
command, or one of the stripe destinations sent in the SPOR command.
DTP
The data transfer process establishes and manages the data connection. The DTP can be passive or
active.
PI
The protocol interpreter. The user and server sides of the protocol have distinct roles implemented
in a user-PI and a server-PI.
FTP Standards Used
• RFC 959, FILE TRANSFER PROTOCOL (FTP), J. Postel, R. Reynolds (October 1985)
• Commands used by GridFTP
• USER
• PASS
• ACCT
• CWD
• CDUP
• QUIT
• REIN
• PORT
• PASV
• TYPE
• MODE
• RETR
• STOR
• STOU
• APPE
• ALLO
• REST
• RNFR
• RNTO
• ABOR
• DELE
• RMD
• MKD
• PWD
• LIST
• NLST
• SITE
• SYST
• STAT
• HELP
• NOOP
• Features used by GridFTP
• ASCII and Image types
• Stream mode
• File structure
• RFC 2228, FTP Security Extensions, Horowitz, M. and S. Lunt (October 1997)
• Commands used by GridFTP
• AUTH
• ADAT
• MIC
• CONF
• ENC
• Features used by GridFTP
• GSSAPI authentication
• RFC 2389, Feature negotiation mechanism for the File Transfer Protocol, P. Hethmon , R. Elz (August
1998)
• Commands used by GridFTP
• FEAT
• OPTS
• Features used by GridFTP
• FTP Extensions, R. Elz, P. Hethmon (September 2000)
• Commands used by GridFTP
• SIZE
• Features used by GridFTP
• Restart of a stream mode transfer
Striped Passive (SPAS)
This extension is used to establish a vector of data socket listeners for for a server with one or more
stripes. This command MUST be used in conjunction with the extended block mode. The response to this
command includes a list of host and port addresses the server is listening on.
Due to the nature of the extended block mode protocol, SPAS must be used in conjunction with data
transfer commands which receive data (such as STOR, ESTO, or APPE) and can not be used with commands
which send data on the data channels.
Syntax
The syntax of the SPAS command is:
spas = "SPAS" <CRLF>
Responses
The server-PI will respond to the SPAS command with a 229 reply giving the list of host-port strings for
the remote server-DTP or user-DTP to connect to.
spas-response = "229-Entering Striped Passive Mode" CRLF
1*(<SP> host-port CRLF)
229 End
Where the command is correctly parsed, but the server-DTP cannot process the SPAS request, it must return
the same error responses as the PASV command.
OPTS for SPAS
There are no options in this SPAS specification, and hence there is no OPTS command defined.
Striped Data Port (SPOR)
This extension is to be used as a complement to the SPAS command to implement striped third-party
transfers. This command MUST always be used in conjunction with the extended block mode. The argument to
SPOR is a vector of host/TCP listener port pairs to which the server is to connect. This
Due to the nature of the extended block mode protocol, SPOR must be used in conjunction with data
transfer commands which send data (such as RETR, ERET, LIST, or NLST) and can not be used with commands
which receive data on the data channels.
Syntax
The syntax of the SPOR command is:
SPOR 1*(<SP> <host-port>) <CRLF>
The host-port sequence in the command structure MUST match the host-port replies to a SPAS command.
Responses
The server-PI will respond to the SPOR command with the same response set as the PORT command described
in the ftp specification.
OPTS for SPOR
There are no options in this SPOR specification, and hence there is no OPTS command defined.
Extended Retrieve (ERET)
The extended retrieve extension is used to request that a retrieve be done with some additional
processing on the server. This command an extensible way of providing server-side data reduction or other
modifications to the RETR command. This command is used in place of OPTS to the RETR command to allow
server side processing to be done with a single round trip (one command sent to the server instead of
two) for latency-critical applications.
ERET may be used with either the data transports defined in RFC 959, or using extended block mode as
defined in this document. Using an ERET creates a new virtual file which will be sent, with it's own size
and byte range starting at zero. Restart markers generated while processing an ERET are relative to the
beginning of this view of the file.
Syntax
The syntax of the ERET command is
ERET <SP> <retrieve-mode> <SP> <filename>
retrieve-mode ::= P <SP> <offset> <SP> <size>
offset ::= 64 bit integer
size ::= 64 bit integer
The retrieve-mode defines behavior of the extended-retrieve mode. There is one mode defined by this
specification, but other general purpose or application-specific ones may be added later.
modes_ERET Extended Retrieve Modes
Partial Retrieve Mode (P)
A section of the file will be retrieved from the data server. The section is defined by the starting
offset and extent size parameters. When used with extended block mode, the extended block headers
sent along with data will send the data with offset of 0 meaning the beginning of the section of the
file which was requested.
Extended Store (ESTO)
The extended store extension is used to request that a store be done with some additional processing on
the server. Arbitrary data processing algorithms may be added by defining additional ESTO store-modes.
Similar to the ERET, the ESTO command expects data sent to satisfy the request to be sent as if it were a
new file with data block offset 0 being beginning the beginning of the new file.
The format of the ESTO command is
ESTO <SP> <store-mode> <filename>
store-mode ::= A <SP> <offset>
The store-mode defines the behavior of the extended store. There is one mode defined by this
specification, but others may be added later.
Extended Store Modes
Adjusted store (A)
The data in the file is to stored with offset added to the file pointer before storing the blocks of
the file. In extended block mode, this value is added to the offset in the extended block header by
the server when writing to disk. Extended block headers should therefore send the beginning of the
byte range on the data channel with offset of zero. In stream mode, the offset is added to the
implicit offset of 0 for the beginning of the data before writing. If a stream mode restart marker is
used in conjunction with this ESTO mode, the restart marker's offset is added to the offset passed as
the parameter to the adjusted store.
Set Buffer Size (SBUF)
This extension adds the capability of a client to set the TCP buffer size for subsequent data connections
to a value. This replaces the server-specific commands SITE RBUFSIZE, SITE RETRBUFSIZE, SITE RBUFSZ, SITE
SBUFSIZE, SITE SBUFSZ, and SITE BUFSIZE. Clients may wish to consider supporting these other commands to
ensure wider compatibility.
Syntax
The syntax of the SBUF command is
sbuf = SBUF <SP> <buffer-size>
buffer-size ::= <number>
The buffer-size value is the TCP buffer size in bytes. The TCP window size should be set accordingly by
the server.
Response Codes
If the server-PI is able to set the buffer size state to the requested buffer-size, then it will return a
200 reply.
Note:
Even if the SBUF is accepted by the server, an error may occur later when the data connections are
actually created, depending on how the server or client operating systems' TCP implementations.
Data Channel Authentication (DCAU)
This extension provides a method for specifying the type of authentication to be performed on FTP data
channels. This extension may only be used when the control connection was authenticated using RFC 2228
Security extensions.
The format of the DCAU command is
DCAU <SP> <authentication-mode> <CRLF>
authentication-mode ::= <no-authentication>
| <authenticate-with-self>
| <authenticate-with-subject>
no-authentication ::= N
authenticate-with-self ::= A
authenticate-with-subject ::= S <subject-name>
subject-name ::= string
Authentication Modes
• No authentication (N)
No authentication handshake will be done upon data connection establishment.
• Self authentication (A)
A security-protocol specific authentication will be used on the data channel. The identity of the
remote data connection will be the same as the identity of the user which authenticated to the
control connection.
• Subject-name authentication (S)
A security-protocol specific authentication will be used on the data channel. The identity of the
remote data connection MUST match the supplied subject-name string.
The default data channel authentication mode is A for FTP sessions which are RFC 2228 authenticated---the
client must explicitly send a DCAU N message to disable it if it does not implement data channel
authentication.
If the security handshake fails, the server should return the error response 432 (Data channel
authentication failed).
Extended Block Mode
The striped and parallel data transfer methods described above require an extended transfer mode to
support out-of-sequence data delivery, and partial data transmission per data connection. The extended
block mode described here extends the block mode header to provide support for these as well as large
blocks, and end-of-data synchronization.
Clients indicate that they want to use extended block mode by sending the command
MODE <SP> E <CRLF>
on the control channel before a transfer command is sent.
The structure of the extended block header is
Extended Block Header
+----------------+-------/-----------+------/------------+
| Descriptor | Byte Count | Offset Count |
| 8 bits | 64 bits | 64 bits |
+----------------+-------/-----------+------/------------+
The descriptor codes are indicated by bit flags in the descriptor byte. Six codes have been assigned,
where each code number is the decimal value of the corresponding bit in the byte.
Code Meaning
128 End of data block is EOR (Legacy)
64 End of data block is EOF
32 Suspected errors in data block
16 Data block is a restart marker
8 End of data block is EOD for a parallel/striped transfer
4 Sender will close the data connection
With this encoding, more than one descriptor coded condition may exist for a particular block. As many
bits as necessary may be flagged.
Some additional protocol is added to the extended block mode data channels, to properly handle end-of-
file detection in the presence of an unknown number of data streams.
• When no more data is to be sent on the data channel, then the sender will mark the last block, or send
a zero-length block after the last block with the EOD bit (8) set in the extended block header.
• After receiving an EOD the data connection can be cached for use in a subsequent transfer. To signifiy
that the data connection will be closed the sender sets the close bit (4) in the header on the last
message sent.
• The sender communicates end of file by sending an EOF message to all servers receiving data. The EOF
message format follows.
Extended Block EOF Header
+----------------+-------/--------+------/---------------+
| Descriptor | unused | EOD count expected |
| 8 bits | 64 bits | 64 bits |
+----------------+-------/--------+------/---------------+
EOF Descriptor. The EOF header descriptor has the same definition as the regular data message header
described above.
EOD Count Expected. This 64 bit field represents the total number of data connections that will be
established with the server receiving the file. This number is used by the receiver to determine it has
received all of the data. When the number of EOD messages received equals the number represented by the
'EOD Count Expected' field the receiver has hit end of file.
Simply waiting for EOD on all open data connections is not sufficient. It is possible that the receiver
reads an EOD message on all of its open data connects while an additional data connection is in flight.
If the receiver were to assume it reached end of file it would fail to receive the data on the in flight
connection.
To handle EOF in the multi-striped server case a 126 response has been introduced. When receiving data
from a striped server a client makes a control connection to a single host, but several host may create
several data connections back to the client. Each host can independently decide how many data connections
it will use, but only a single EOF message may be sent to back to the client, therefore it must be
possible to aggregate the total number of data connections used in the transfer across the stripes. The
126 response serves this purpose.
The 126 is an intermediate response to RETR command. It has the following format.
126 <SP> 1*(count of data connections)
Several 'Count of data connections' can be in a single reply. They correspond to the stripes returned in
the response to the SPAS command.
Discussion of protocol change to enable bidirectional data channels brought up the following problem if
doing bidirectional data channels
If the client is pasv, and sending to a multi-stripe server, then the server creates data connections
connections; since the client didn't do SPAS, it cannot associate HOST/PORT pairs on the data connections
with stripes on the server (it doesn't even know how many there are). it cannot reliably determine which
nodes to send data to. (Becomes even more complex in the third-party transfer case, because the sender
may have multiple stripes of data.) The basic problem is that we need to know logical stripe numbers to
know where to send the data.
EOF Handling in Extended Block Mode
If you are in either striped or parallel mode, you will get exactly one EOF on each SPAS-specified ports
(stripes). Hosts in extended block mode must be prepared to accept an arbitrary number of connections on
each SPOR port before the EOF block is sent.
Restarting
In general, opaque restart markers passed via the block header should not be used in extended block mode.
Instead, the destination server should send extended data marker responses over the control connection,
in the following form:
extended-mark-response = "111" <SP> "Range Marker" <SP> <byte-ranges-list>
byte-ranges-list = <byte-range> [ *("," <byte-range>) ]
byte-range = <start-offset> "-" <end-offset>
start-offset ::= <number>
end-offset ::= <number>
The byte ranges in the marker are an incremental set of byte ranges which have been stored to disk by the
data server. The complete restart marker is a concatenation of all byte ranges received by the client in
111 responses.
The client MAY combine adjacent ranges received over several range responses into any number of ranges
when sending the REST command to the server to restart a transfer.
For example, the client, on receiving the responses:
111 Range Marker 0-29
111 Range Marker 30-89
may send, equivalently,
REST 0-29,30-89
REST 0-89
REST 30-59,0-29,60-89
to restart the transfer after those 90 bytes have been received.
The server MAY indicate that a given range of data has been received in multiple subsequent range
markers. The client MUST be able to handle this. For example:
111 Range Marker 30-59
111 Range Marker 0-89
is equivalent to
111 Range Marker 30-59
111 Range Marker 0-29,60-89
Similarly, the client, if it is doing no processing of the restart markers, MAY send redundant
information in a restart.
Should these be allowed as restart markers for stream mode?
Performance Monitoring
In order to monitor the performance of extended block mode transfer, an additional preliminary reply MAY
be transmitted over the control channel. This reply is of the form:
extended-perf-response = "112-Perf Marker" CRLF
<SP> "Timestamp:" <SP> <timestamp> CRLF
<SP> "Stripe Index:" <SP> <stripe-number> CRLF
<SP> "Stripe Bytes Transferred:" <SP> <byte count> CRLF
<SP> "Total Stripe Count:" <SP> <stripe count> CRLF
"112 End" CRLF
timestamp = <number> [ "." <digit> ]
<timestamp> is seconds since the epoch
The performance marker can contain these or any other perf-line facts which provide useful information
about the current performance.
All perf-line facts represent an instantaneous state of the transfer at the given timestamp. The meaning
of the facts are
• Timestamp - The time at which the server computed the performance information. This is in seconds since
the epoch (00:00:00 UTC, January 1, 1970).
• Stripe Index - the index (0-number of stripes on the STOR side of the transfer) which this marker
pertains to.
• Stripe Bytes Transferred - The number of bytes which have been received on this stripe.
A transfer start time can be specified by a perf marker with 'Stripe Bytes Transferred' set to zero. Only
the first marker per stripe can be used to specify the start time of that stripe. Any subsequent markers
with 'Stripe Bytes Transferred' set to zero simply indicates no data transfer over the interval.
A server should send a 'start' marker for each stripe. A server should also send a final perf marker for
each stripe. This is a marker with 'Stripe Bytes Transferred' set to the total transfer size for that
stripe.
Options to RETR
The options described in this section provide a means to convey striping and transfer parallelism
information to the server-DTP. For the RETR command, the Client-FTP may specify a parallelism and
striping mode it wishes the server-DTP to use. These options are only used by the server-DTP if the
retrieve operation is done in extended block mode. These options are implemented as RFC 2389 extensions.
The format of the RETR OPTS is specified by:
retr-opts = "OPTS" <SP> "RETR" [<SP> option-list] CRLF
option-list = [ layout-opts ";" ] [ parallel-opts ";" ]
layout-opts = "StripeLayout=Partitioned"
| "StripeLayout=Blocked;BlockSize=" <block-size>
parallel-opts = "Parallelism=" <starting-parallelism> ","
<minimum-parallelism> ","
<maximum-parallelism>
block-size ::= <number>
starting-parallelism ::= <number>
minimum-parallelism ::= <number>
maximum-parallelism ::= <number>
Layout Options
The layout option is used by the source data node to send sections of the data file to the appropriate
destination stripe. The various StripeLayout parameters are to be implemented as follows:
Partitioned
A partitioned data layout is one where the data is distributed evenly on the destination data nodes.
Only one contiguous section of data is stored on each data node. A data node is defined here a single
host-port mentioned in the SPOR command
Blocked
A blocked data layout is one where the data is distributed in round-robin fashion over the
destination data nodes. The data distribution is ordered by the order of the host-port specifications
in the SPOR command. The block-size defines the size of blocks to be distributed.
PLVL Parallelism Options
The parallelism option is used by the source data node to control how many parallel data connections may
be established to each destination data node. This extension option provides for both a fixed level of
parallelism, and for adapting the parallelism to the host/network connection, within a range. If the
starting-parallelism option is set, then the server-DTP will make starting-parallelism connections to
each destination data node. If the minimum-parallelism option is set, then the server may reduce the
number of parallel connections per destination data node to this value. If the maximum-parallelism option
is set, then the server may increase the number of parallel connections to per destination data node to
at most this value.
References
[1] Postel, J. and Reynolds, J., '<a href='ftp://ftp.isi.edu/in-notes/rfc959.txt'> FILE TRANSFER PROTOCOL (FTP)</a>', STD 9, RFC 959, October 1985. [2] Hethmon, P. and Elz, R., '<a href='ftp://ftp.isi.edu/in-notes/rfc2389.txt'> Feature negotiation mechanism for the File Transfer Protocol</a>', RFC 2389, August 1998. [3] Horowitz, M. and Lunt, S., '<a href='ftp://ftp.isi.edu/in-notes/rfc2228.txt'> FTP Security Extensions</a>', RFC 2228, October 1997. [4] Elz, R. and Hethom, P., '<a href='http://www.ietf.org/internet-drafts/draft-ietf-ftpext-mlst-13.txt'> FTP Extensions</a>', IETF Draft, May 2001.
Appendix I: Implementation under GSI
There are several security components in this document which are extensions to the behavior of RFC 2228.
These appendix attempts to clarify the protocol how these extensions map to the OpenSSL-based
implementation of the GSSAPI known as GSI (Grid Security Infrastructure).
A client implementation which communicates with a server which supports the DCAU extension should
delegate a limited credential set (using the GSS_C_DELEG_FLAG and GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG
flags to gss_init_sec_context()). If delegation is not performed, the client MUST request that DCAU be
disable by requesting DCAU N, or the server will be unable to perform the default of DCAU A as described
by this document.
When DCAU mode 'A' or 'S' is used, a separate security context is established on each data channel. The
context is established by performing the GSSAPI handshake with the active-DTP calling
gss_init_sec_context() and the passive-DTP calling gss_accept_sec_context(). No delegation need be done
on these data channels.
Data channel protection via the PROT command MUST always be used in conjunction with the DCAU A or DCAU S
commands. If a PROT level is set, then messages will be wrapped according to RFC 2228 Appendix I using
the contexts established on each data channel. Tokens transferred over the data channels when either PROT
or DCAU is used are not framed in any way when using GSI. (When implementing this specification with
other GSSAPI mechanisms, a 4 byte, big endian, binary token length should procede all tokens).
If the DCAU mode or the PROT mode is changed between file transfers when caching data channels in
extended block mode, all open data channels must be closed. This is because the GSI implementation does
not support changing levels of protection on an existing connection.