Author: ngn
Date: Fri Dec 26 02:09:07 2008
New Revision: 729474
URL: http://svn.apache.org/viewvc?rev=729474&view=rev
Log:
Add support for implicit SSL for data connections, mostly based on the patch
provided by Kevin Conaway (FTPSERVER-247)
Added:
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/MinaImplicitDataChannelTest.java
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DataConnectionConfiguration.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DataConnectionConfigurationFactory.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/DefaultDataConnectionConfiguration.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java
mina/ftpserver/trunk/core/src/main/resources/org/apache/ftpserver/config/spring/ftpserver-1.0.xsd
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/ClientTestTemplate.java
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/SSLTestTemplate.java
mina/ftpserver/trunk/core/src/test/resources/spring-config/config-spring-1.xml
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DataConnectionConfiguration.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DataConnectionConfiguration.java?rev=729474&r1=729473&r2=729474&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DataConnectionConfiguration.java
(original)
+++
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DataConnectionConfiguration.java
Fri Dec 26 02:09:07 2008
@@ -110,4 +110,9 @@
* @return The {...@link SslConfiguration}
*/
SslConfiguration getSslConfiguration();
+
+ /**
+ * @return True if SSL is mandatory for the data channel
+ */
+ boolean isImplicitSsl();
}
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DataConnectionConfigurationFactory.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DataConnectionConfigurationFactory.java?rev=729474&r1=729473&r2=729474&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DataConnectionConfigurationFactory.java
(original)
+++
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DataConnectionConfigurationFactory.java
Fri Dec 26 02:09:07 2008
@@ -46,6 +46,7 @@
private String passiveAddress;
private String passiveExternalAddress;
private PassivePorts passivePorts = new PassivePorts(new int[] { 0 });
+ private boolean implicitSsl;
/**
* Default constructor
@@ -70,7 +71,7 @@
ssl, activeEnabled, activeIpCheck,
activeLocalAddress, activeLocalPort,
passiveAddress, passivePorts,
- passiveExternalAddress);
+ passiveExternalAddress, implicitSsl);
}
/*
* (Non-Javadoc)
@@ -285,4 +286,19 @@
public void setSslConfiguration(SslConfiguration ssl) {
this.ssl = ssl;
}
+
+ /**
+ * @return True if ssl is mandatory for the data connection
+ */
+ public boolean isImplicitSsl() {
+ return implicitSsl;
+ }
+
+ /**
+ * Set whether ssl is required for the data connection
+ * @param sslMandatory True if ssl is mandatory for the data connection
+ */
+ public void setImplicitSsl(boolean implicitSsl) {
+ this.implicitSsl = implicitSsl;
+ }
}
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java?rev=729474&r1=729473&r2=729474&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java
(original)
+++
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java
Fri Dec 26 02:09:07 2008
@@ -251,6 +251,9 @@
DataConnectionConfigurationFactory dc = new
DataConnectionConfigurationFactory();
if (element != null) {
+
+ dc.setImplicitSsl(SpringUtil.parseBoolean(element, "implicit-ssl",
false));
+
// data con config element available
SslConfiguration ssl = parseSsl(element);
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/DefaultDataConnectionConfiguration.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/DefaultDataConnectionConfiguration.java?rev=729474&r1=729473&r2=729474&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/DefaultDataConnectionConfiguration.java
(original)
+++
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/DefaultDataConnectionConfiguration.java
Fri Dec 26 02:09:07 2008
@@ -19,12 +19,8 @@
package org.apache.ftpserver.impl;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-
import org.apache.ftpserver.DataConnectionConfiguration;
import org.apache.ftpserver.DataConnectionConfigurationFactory;
-import org.apache.ftpserver.DataConnectionException;
import org.apache.ftpserver.ssl.SslConfiguration;
/**
@@ -50,6 +46,8 @@
private String passiveAddress;
private String passiveExternalAddress;
private PassivePorts passivePorts;
+
+ private final boolean implicitSsl;
/**
* Internal constructor, do not use directly. Use {...@link
DataConnectionConfigurationFactory} instead.
@@ -58,7 +56,7 @@
SslConfiguration ssl, boolean activeEnabled, boolean activeIpCheck,
String activeLocalAddress, int activeLocalPort,
String passiveAddress, PassivePorts passivePorts,
- String passiveExternalAddress) {
+ String passiveExternalAddress, boolean implicitSsl) {
this.idleTime = idleTime;
this.ssl = ssl;
this.activeEnabled = activeEnabled;
@@ -68,6 +66,7 @@
this.passiveAddress = passiveAddress;
this.passivePorts = passivePorts;
this.passiveExternalAddress = passiveExternalAddress;
+ this.implicitSsl = implicitSsl;
}
/**
@@ -169,4 +168,11 @@
public SslConfiguration getSslConfiguration() {
return ssl;
}
+
+ /**
+ * @see org.apache.ftpserver.DataConnectionConfiguration#isImplicitSsl()
+ */
+ public boolean isImplicitSsl() {
+ return implicitSsl;
+ }
}
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java?rev=729474&r1=729473&r2=729474&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java
(original)
+++
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java
Fri Dec 26 02:09:07 2008
@@ -28,8 +28,6 @@
import java.security.GeneralSecurityException;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLServerSocket;
-import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
@@ -82,7 +80,9 @@
final FtpIoSession session) {
this.session = session;
this.serverContext = serverContext;
-
+ if
(session.getListener().getDataConnectionConfiguration().isImplicitSsl()) {
+ secure = true;
+ }
}
/**
@@ -276,6 +276,7 @@
if (!passive) {
int localPort = dataConfig.getActiveLocalPort();
if (secure) {
+ LOG.debug("Opening secure active data connection");
SslConfiguration ssl = getSslConfiguration();
if (ssl == null) {
throw new FtpException(
@@ -291,6 +292,7 @@
localPort, false);
}
} else {
+ LOG.debug("Opening active data connection");
if (localPort == 0) {
dataSoc = new Socket(address, port);
} else {
@@ -301,9 +303,9 @@
}
}
} else {
- LOG.debug("Opening passive data connection");
if(secure) {
+ LOG.debug("Opening secure passive data connection");
// this is where we wrap the unsecured socket as a
SSLSocket. This is
// due to the JVM bug described in FTPSERVER-241.
@@ -332,7 +334,9 @@
}
dataSoc = sslSocket;
- } else {
+ } else {
+ LOG.debug("Opening passive data connection");
+
dataSoc = servSoc.accept();
}
LOG.debug("Passive data connection opened");
Modified:
mina/ftpserver/trunk/core/src/main/resources/org/apache/ftpserver/config/spring/ftpserver-1.0.xsd
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/resources/org/apache/ftpserver/config/spring/ftpserver-1.0.xsd?rev=729474&r1=729473&r2=729474&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/resources/org/apache/ftpserver/config/spring/ftpserver-1.0.xsd
(original)
+++
mina/ftpserver/trunk/core/src/main/resources/org/apache/ftpserver/config/spring/ftpserver-1.0.xsd
Fri Dec 26 02:09:07 2008
@@ -125,6 +125,7 @@
</xs:element>
</xs:sequence>
<xs:attribute
name="idle-timeout" type="xs:int" />
+ <xs:attribute name="implicit-ssl" type="xs:boolean" />
</xs:complexType>
</xs:element>
<xs:element minOccurs="0" name="blacklist"
type="xs:string" />
Modified:
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/ClientTestTemplate.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/ClientTestTemplate.java?rev=729474&r1=729473&r2=729474&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/ClientTestTemplate.java
(original)
+++
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/ClientTestTemplate.java
Fri Dec 26 02:09:07 2008
@@ -30,6 +30,7 @@
import org.apache.commons.net.ftp.FTPConnectionClosedException;
import org.apache.ftpserver.FtpServerFactory;
import org.apache.ftpserver.impl.DefaultFtpServer;
+import org.apache.ftpserver.impl.FtpIoSession;
import org.apache.ftpserver.listener.ListenerFactory;
import org.apache.ftpserver.test.TestUtil;
import org.apache.ftpserver.usermanager.ClearTextPasswordEncryptor;
@@ -197,6 +198,11 @@
IoUtils.delete(TEST_TMP_DIR);
}
}
+
+ protected FtpIoSession getActiveSession() {
+ return server.getListener("default").getActiveSessions().iterator()
+ .next();
+ }
/*
* (non-Javadoc)
Modified:
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java?rev=729474&r1=729473&r2=729474&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java
(original)
+++
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java
Fri Dec 26 02:09:07 2008
@@ -69,8 +69,11 @@
.getServerAddress()));
assertEquals(100, ((NioListener) listener)
.getDataConnectionConfiguration().getIdleTime());
- assertEquals(true, ((NioListener) listener)
+ assertTrue(((NioListener) listener)
.getDataConnectionConfiguration().isActiveEnabled());
+ assertTrue(((NioListener) listener)
+ .getDataConnectionConfiguration().isImplicitSsl());
+
assertEquals(InetAddress.getByName("1.2.3.4"),
InetAddress.getByName(((NioListener) listener)
.getDataConnectionConfiguration().getActiveLocalAddress()) );
assertEquals("123-125", ((NioListener) listener)
Modified:
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java?rev=729474&r1=729473&r2=729474&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java
(original)
+++
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java
Fri Dec 26 02:09:07 2008
@@ -25,7 +25,6 @@
import org.apache.commons.net.ftp.FTPReply;
import org.apache.commons.net.ftp.FTPSClient;
-import org.apache.ftpserver.impl.FtpIoSession;
import org.apache.ftpserver.util.IoUtils;
/**
@@ -36,11 +35,11 @@
*/
public abstract class ExplicitSecurityTestTemplate extends SSLTestTemplate {
- private static final File TEST_FILE1 = new File(ROOT_DIR, "test1.txt");
+ protected static final File TEST_FILE1 = new File(ROOT_DIR, "test1.txt");
- private static final File TEST_FILE2 = new File(ROOT_DIR, "test2.txt");
+ protected static final File TEST_FILE2 = new File(ROOT_DIR, "test2.txt");
- private static final byte[] TEST_DATA = "TESTDATA".getBytes();
+ protected static final byte[] TEST_DATA = "TESTDATA".getBytes();
protected void setUp() throws Exception {
super.setUp();
@@ -48,11 +47,6 @@
client.login(ADMIN_USERNAME, ADMIN_PASSWORD);
}
- private FtpIoSession getActiveSession() {
- return server.getListener("default").getActiveSessions().iterator()
- .next();
- }
-
/**
* Tests that we can send command over the command channel. This is, in
fact
* already tested by login in setup but an explicit test is good anyways.
Added:
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/MinaImplicitDataChannelTest.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/MinaImplicitDataChannelTest.java?rev=729474&view=auto
==============================================================================
---
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/MinaImplicitDataChannelTest.java
(added)
+++
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/MinaImplicitDataChannelTest.java
Fri Dec 26 02:09:07 2008
@@ -0,0 +1,131 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ftpserver.ssl;
+
+import java.io.ByteArrayInputStream;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.TrustManager;
+
+import org.apache.commons.net.ftp.FTPSClient;
+import org.apache.commons.net.ftp.FTPSSocketFactory;
+import org.apache.ftpserver.DataConnectionConfigurationFactory;
+import org.apache.ftpserver.impl.ServerDataConnectionFactory;
+
+/**
+* @author The Apache MINA Project ([email protected])
+* @version $Rev$, $Date$
+ */
+public class MinaImplicitDataChannelTest extends ImplicitSecurityTestTemplate {
+
+ protected void setUp() throws Exception {
+ super.setUp();
+ }
+
+ protected String getAuthValue() {
+ return "SSL";
+ }
+
+ protected DataConnectionConfigurationFactory
createDataConnectionConfiguration() {
+ DataConnectionConfigurationFactory result = super
+ .createDataConnectionConfiguration();
+ result.setImplicitSsl(true);
+ return result;
+ }
+
+ protected boolean useImplicit() {
+ return true;
+ }
+
+ /**
+ * Simple test that the {...@link ServerDataConnectionFactory#isSecure()}
+ * works as expected
+ */
+ public void testThatDataChannelIsSecure() {
+ assertTrue(getActiveSession().getDataConnection().isSecure());
+ }
+
+ /**
+ * Test that implicit SSL data connections works with clients that
+ * use implicit SSL for the data connection, without sending PROT P.
+ * In this case in active mode.
+ *
+ * The inherited tests from {...@link ExplicitSecurityTestTemplate}
ensures that
+ * data transfers work when using PROT P
+ */
+ public void testStoreWithoutProtPInActiveMode() throws Exception {
+ secureClientDataConnection();
+
+ // Do not send PROT P
+
+ // make sure we use a implicit SSL data connection
+ assertTrue(getActiveSession().getDataConnection().isSecure());
+
+ client.storeFile(TEST_FILE1.getName(), new ByteArrayInputStream(
+ TEST_DATA));
+
+ assertTrue(TEST_FILE1.exists());
+ assertEquals(TEST_DATA.length, TEST_FILE1.length());
+ }
+
+ /**
+ * Test that implicit SSL data connections works with clients that
+ * use implicit SSL for the data connection, without sending PROT P.
+ * In this case in active mode.
+ */
+ public void testStoreWithProtPInPassiveMode() throws Exception {
+ secureClientDataConnection();
+ client.setRemoteVerificationEnabled(false);
+ client.enterLocalPassiveMode();
+
+ // Do not send PROT P
+
+ // make sure we use a implicit SSL data connection
+ assertTrue(getActiveSession().getDataConnection().isSecure());
+
+ client.storeFile(TEST_FILE1.getName(), new ByteArrayInputStream(
+ TEST_DATA));
+
+ assertTrue(TEST_FILE1.exists());
+ assertEquals(TEST_DATA.length, TEST_FILE1.length());
+ }
+
+
+ private void secureClientDataConnection() throws NoSuchAlgorithmException,
+ KeyManagementException {
+
+ // FTPSClient does not support implicit data connections, so we hack
it ourselves
+ FTPSClient sclient = (FTPSClient) client;
+ SSLContext context = SSLContext.getInstance("TLS");
+
+ // these are the same key and trust managers that we initialize the
client with
+ context.init(new KeyManager[] { clientKeyManager },
+ new TrustManager[] { clientTrustManager }, null);
+ sclient.setSocketFactory(new FTPSSocketFactory(context));
+ SSLServerSocketFactory ssf = context.getServerSocketFactory();
+ sclient.setServerSocketFactory(ssf);
+
+ // FTPClient should not use SSL secured sockets for the data
connection
+ }
+}
Modified:
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/SSLTestTemplate.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/SSLTestTemplate.java?rev=729474&r1=729473&r2=729474&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/SSLTestTemplate.java
(original)
+++
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/ssl/SSLTestTemplate.java
Fri Dec 26 02:09:07 2008
@@ -25,7 +25,9 @@
import java.io.IOException;
import java.security.KeyStore;
+import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.net.ftp.FTPSClient;
@@ -55,6 +57,9 @@
private static final File FTPSERVER_KEYSTORE = new File(TestUtil
.getBaseDir(), "src/test/resources/ftpserver.jks");
+ protected KeyManager clientKeyManager;
+ protected TrustManager clientTrustManager;
+
protected SslConfigurationFactory createSslConfiguration() {
SslConfigurationFactory sslConfigFactory = new
SslConfigurationFactory();
sslConfigFactory.setKeystoreFile(FTPSERVER_KEYSTORE);
@@ -75,16 +80,17 @@
factory.setImplicitSsl(useImplicit());
factory.setSslConfiguration(createSslConfiguration().createSslConfiguration());
-
-// DataConnectionConfigurationFactory dataConfig = new
DataConnectionConfigurationFactory();
-//
dataConfig.setSslConfiguration(createSslConfiguration().createSslConfiguration());
-//
-//
factory.setDataConnectionConfiguration(dataConfig.createDataConnectionConfiguration());
-//
+
+
factory.setDataConnectionConfiguration(createDataConnectionConfiguration().createDataConnectionConfiguration());
+
server.addListener("default", factory.createListener());
return server;
}
+
+ protected DataConnectionConfigurationFactory
createDataConnectionConfiguration() {
+ return new DataConnectionConfigurationFactory();
+ }
protected boolean useImplicit() {
return false;
@@ -112,8 +118,12 @@
.getInstance("SunX509");
trustManagerFactory.init(store);
- ftpsClient.setKeyManager(keyManagerFactory.getKeyManagers()[0]);
- ftpsClient.setTrustManager(trustManagerFactory.getTrustManagers()[0]);
+
+ clientKeyManager = keyManagerFactory.getKeyManagers()[0];
+ clientTrustManager = trustManagerFactory.getTrustManagers()[0];
+
+ ftpsClient.setKeyManager(clientKeyManager);
+ ftpsClient.setTrustManager(clientTrustManager);
String auth = getAuthValue();
if (auth != null) {
Modified:
mina/ftpserver/trunk/core/src/test/resources/spring-config/config-spring-1.xml
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/resources/spring-config/config-spring-1.xml?rev=729474&r1=729473&r2=729474&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/test/resources/spring-config/config-spring-1.xml
(original)
+++
mina/ftpserver/trunk/core/src/test/resources/spring-config/config-spring-1.xml
Fri Dec 26 02:09:07 2008
@@ -38,7 +38,7 @@
<keystore file="src/test/resources/ftpserver.jks"
password="password"/>
</ssl>
- <data-connection idle-timeout="100">
+ <data-connection idle-timeout="100"
implicit-ssl="true">
<active enabled="true"
local-address="1.2.3.4"/>
<passive ports="123-125"/>
</data-connection>
