Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: TFTPd configuration and usage Network
Many network devices are able to upload and download firmware and configurations via the TFTP protocol. I have found it useful to use this feature with Netopia ENT routers, as it enables me to make backups of client configurations, and update the firmware directly on my service laptop. OS X comes with tftpd preinstalled. On OS X Server, tftpd is utilized for NetBoot; however, on the standard client, the framework still exists.

In Tiger, most services that were previously configured using xinetd have been migrated to launchd. The new launchd service consults the settings located in /System » Library » LaunchDaemons and /Library » LaunchDaemons directories. By default, Tiger has tftp.plist installed, however, this should be modified to suit your needs.

First, back up the default tftp.plist as below:
cp /System/Library/LaunchDaemons/tftp.plist ~/Desktop/tftp.plist
The tftp.plist includes only one program argument: -i. This flag prohibits usage with realpath, which will translate relative links to a full path. I would recommend using this as well as the -s flag, which essentially chroots the environment. The entire contents of this modified file is as follows (note that there is no return within the <!DOCTYPE plist... statement):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" 
        "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>InitGroups</key>
    <true/>
    <key>Label</key>
    <string>com.apple.tftpd</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/libexec/tftpd</string>
        <string>-i</string>
        <string>-s</string>
        <string>/private/tftpboot</string>
    </array>
    <key>Sockets</key>
    <dict>
        <key>Listeners</key>
        <dict>
            <key>SockServiceName</key>
            <string>tftp</string>
            <key>SockType</key>
            <string>dgram</string>
        </dict>
    </dict>
    <key>inetdCompatibility</key>
    <dict>
        <key>Wait</key>
        <true/>
    </dict>
</dict>
</plist>
You may also wish to add the -l flag in the ProgramArguments block to enable logging requests to syslog. Consult the tftpd man pages for additional arguments. In 10.4, the /private/tftpboot directory already exists, so no other changes are necessary. The service may be started with the following command:
$ sudo launchctl load -w /System/Library/LaunchDaemons/tftp.plist
And stopped with:
sudo launchctl unload -w /System/Library/LaunchDaemons/tftp.plist
The TFTP protocol allows any user to read and write to files on your system, so keep this in mind when choosing the storage directory. As a minimal security measure, the files must already exist before writing to them, and must have write access by all users. In general usage, I will store firmware upgrades with read-only access. When capturing someone's firmware configuration, I then perform the following:
$ cd /private/tftpboot
$ sudo touch netopia.conf
$ sudo chmod 666 netopia.conf
At this point, you're ready to start using the service to store configurations as needed. For testing, you can perform the following:
$ cd ~/Desktop
$ echo "THIS IS A TEST" > netopia.conf
$ tftp localhost
This will open a tftp connection and switch to an interactive tftp session. Now perform the following:
tftp>verbose
tftp>put netopia.conf
tftp>quit
If there are no errors returned, all is working correctly. If not, check your firewall settings to ensure that UDP port 69 is open. Other issues may be due to syntax errors in the tftp.plist file.

    •    
  • Currently 3.00 / 5
  You rated: 3 / 5 (7 votes cast)
 
[67,800 views]  

10.4: TFTPd configuration and usage | 8 comments | Create New Account
Click here to return to the '10.4: TFTPd configuration and usage' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: TFTPd configuration and usage
Authored by: tetsuo_ on Feb 22, '07 11:33:31AM
sudo service tftp start
and
sudo service tftp stop
respectively might be a bit easier to remember than
sudo launchctl (un)load -w /System/Library/LaunchDaemons/tftp.plist
;-)

BTW, of course it works for other services, too:

sudo service --list


[ Reply to This | # ]
10.4: TFTPd configuration and usage
Authored by: mmassa on Feb 22, '07 02:19:20PM
While I enjoy doing things the hard way too, you can also just download and install a great GUI from FlrSoft to control it ;)

[ Reply to This | # ]
10.4: TFTPd configuration and usage
Authored by: nKhona on Feb 22, '07 09:10:45PM

I've noticed a file limit of around 26MB with the TFTP server, both up and down. Anyone else seen the same thing?



[ Reply to This | # ]
10.4: TFTPd configuration and usage
Authored by: mlc on Feb 27, '07 10:52:05PM
This is from the tftp man page:
blksize blk-size
              Set the tftp blksize option to blk-size octets (8-bit bytes).
              Since the number of blocks in a tftp get or put is 65535, the
              default block size of 512 bytes only allows a maximum of just
              under 32 megabytes to be transferred.  The value given for
              blk-size must be between 8 and 65464, inclusive.  Note that many
              servers will not respect this option.
I would assume that most routers, etc. would likely use the default block size. If this is configurable on your router, you might try increasing the size to accommodate.

[ Reply to This | # ]
Launchd configuration
Authored by: gcallari on Feb 25, '07 01:45:32AM
And you can also use the excellent Lingon (http://lingon.sourceforge.net/) if you want to modify or add your launchd configuration files (as the author puts it, be sure to know what you are doing...)

[ Reply to This | # ]
Permissions
Authored by: elvey on May 13, '07 09:23:28AM

I was unable to get tfptd working because the path specified didn't have the needed rights or ownership. I set up a world-readable folder in / and specified that instead as the chroot directory, and tftpd finally started working. Anything in /private/ (including anything in /var, /etc, or /tmp as the working path may not work; I couldn't get /private/var/my-tftpd-public-dir to work. (I, of course, didn't want to change the permissions on /private or /var!) The GUI app mentioned above (TftpServer.app) helped by pointing out that there was a permissions problem (though it didn't work right otherwise, e.g., it couldn't stop or start the daemon and sometimes hung making the attempt)).



[ Reply to This | # ]
10.4: TFTPd configuration and usage
Authored by: pkoning on Aug 16, '07 02:07:45PM

Yes, the 32MB bug is a documented bug. You can get somewhat larger files if your TFTP client can be told to use the blocksize option. While that can be up to 64k, the practical limit is likely to be the Ethernet packet size limit so that doesn't help much.

Another way to avoid the problem is to use a Linux tftp server... :-(



[ Reply to This | # ]
10.4: TFTPd configuration and usage
Authored by: funkboy on Nov 24, '07 06:30:35AM

you can also install tftp-hpa from MacPorts that will get around the 16mb limit. Just point the plist to that binary instead.

-f



[ Reply to This | # ]