Arch Linux

mrbug

Member

Registered: 2007-07-17

Posts: 221

pacman protocol

Which protocol does pacman use to download packages and lists? For some reason, it will go right through my work firewall without any kind of http_proxy settings, but lynx and firefox both need the proxy to be entered into the respective configs...

---

dvdtube - download all uploads from a YouTube user and then optionally create a DVD.
(Regular version AUR link / SVN version AUR link)

shining

Pacman Developer

Registered: 2006-05-10

Posts: 2,043

Re: pacman protocol

It's usually either http or ftp, depending on what you choose in /etc/pacman.conf or pacman.d/* .
pacman uses libdownload for downloading, which supports the http_proxy settings if I understood correctly.

---

pacman roulette : pacman -S $(pacman -Slq | LANG=C sort -R | head -n $((RANDOM % 10)))

mrbug

Member

Registered: 2007-07-17

Posts: 221

Re: pacman protocol

That's really weird.... pacman.conf shows http, but that doesn't explain why it was able to just go through the firewall without using the proxy settings!

I also (about three months ago) was able to get Firefox and Lynx to get out to the internet without using any kind of proxy settings, which was really weird. Maybe the firewall is letting pacman through because of a flag or something of which I'm unaware.

Anyway, this is quite odd. I'm definitely not complaining about how it's getting through the firewall without any problem! Yaourt won't return a list of AUR packages unless I'm using a shell through Lynx with the proxy settings configured.

cvsup/csup won't connect to the server at all, but I'm guessing that it's a port restriction problem....

---

dvdtube - download all uploads from a YouTube user and then optionally create a DVD.
(Regular version AUR link / SVN version AUR link)

cactus

Taco Eater

From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰

Registered: 2004-05-25

Posts: 4,622

Website

Re: pacman protocol

if you had to configure lynx, and thus added variables to your .bashrc file or something...
export http_proxy='http://space.pig.bouyancy.com:80/'

Then pacman (libarchive) will use it I believe.

---

"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Allan

Pacman

From: Brisbane, AU

Registered: 2007-06-09

Posts: 11,390

Website

Re: pacman protocol

I have the same question.  I have not set http_proxy anywhere.  But I can still download using pacman on my work network where firefox, wget, etc will not work.

---

PGP Key: F99FFE0FEAE999BD

cactus

Taco Eater

From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰

Registered: 2004-05-25

Posts: 4,622

Website

Re: pacman protocol

Do you have multiple server stanza's defined?
Maybe it is failing over to ftp perhaps?

Take some packet captures! I love packet captures.

---

"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Allan

Pacman

From: Brisbane, AU

Registered: 2007-06-09

Posts: 11,390

Website

Re: pacman protocol

Yep, that is what is happening...    - we need a facepalm smiley!

---

PGP Key: F99FFE0FEAE999BD

mrbug

Member

Registered: 2007-07-17

Posts: 221

Re: pacman protocol

So does ftp somehow go through firewalls? It is really weird, though. The enabled servers all use ftp, I believe. I'll check tomorrow.

What's the best way to do a packet capture? I'd assume something like Wireshark...

Oh and to clarify, this has happened on a completely clean new install without http_proxy or ftp_proxy being set ANYWHERE.

Last edited by mrbug (2007-11-18 23:05:04)

---

dvdtube - download all uploads from a YouTube user and then optionally create a DVD.
(Regular version AUR link / SVN version AUR link)

cactus

Taco Eater

From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰

Registered: 2004-05-25

Posts: 4,622

Website

Re: pacman protocol

So does ftp somehow go through firewalls? It is really weird, though. The enabled servers all use ftp, I believe. I'll check tomorrow.

ftp usually has a harder time going through firewalls, because the protocol sucks (random port). Most often you will see helper proxies/modules on firewalls to ease this (iptables has an ftp helper module for instance).

It may just be that your network doesn't proxy ftp, but still allows it through the firewall. It really does depend on how the network is setup, firewalled, and routed, where you are at.

What's the best way to do a packet capture? I'd assume something like Wireshark...

Oh and to clarify, this has happened on a completely clean new install without http_proxy or ftp_proxy being set ANYWHERE.

I usually just do something like the following (fyi: this captures http and ftp-control traffic).

tcpdump -npi eth0 -w capture.pcap tcp port 80 or tcp port 21

replace eth0 with your network interface.

Switch to another terminal, and do your pacman -Syu
Hit control C when you are done.
You can open the resulting pcap file in wireshark for easy viewing.

---

"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

mrbug

Member

Registered: 2007-07-17

Posts: 221

Re: pacman protocol

Thanks.. I'll try that today and see what happens.

I'm guessing that the most likely reason why pacman will go right through is because the firewall was setup incorrectly.....

Last edited by mrbug (2007-11-19 10:34:44)

---

dvdtube - download all uploads from a YouTube user and then optionally create a DVD.
(Regular version AUR link / SVN version AUR link)