A Working TFTP Server for Multi-Homed Linux Systems

Linux machines with multiple network interfaces are unreliable as TFTP servers. This issue has been outstanding for a long time, without any resolution. The patch attached to the Debian bug fixes the problem for an old release of tftpd-hpa, but does not apply cleanly to recent releases.

Recent releases of dnsmasq contain a TFTP server which does not have this problem. While this doesn’t solve every case, it provides a tidy solution for a machine which provides BOOTP and TFTP services to several subnets.

The underlying problem is the application’s inability to control the source address of UDP packets. This is a problem for every UDP server application on a multi-homed host, as seen here and here in ntpd. The solution is for the application to take control of the UDP source address, but there is no platform independent method to do this.

Applications have to choose between two high level approaches. The first approach, used by dnsmasq and by ntpd, is to have multiple UDP sockets and explicitly bind each socket to its interface. This is portable across many platforms, but has difficulties supporting dynamically configured interfaces. Tracking dynamic interfaces introduces platform specific code back into the application.

The second approach is to explicitly control the source address via sendmsg(). This produces a simpler application, but also introduces platform specific code. The Linux solution is IP_PKTINFO, which is also supported in recent Solaris releases.

2 replies
  1. Simon Kelley
    Simon Kelley says:

    Just a quick correction about dnsmasq. It can use either of the two approaches to UDP source control that you describe. By default it does the IP_PKTINFO thing (and its equivalent for the other supported platforms) but can be configured to use the multiple-socket solution with –bind-interfaces.



  2. Ean
    Ean says:

    Thanks for the concise summary of the issue! My searching didn’t turn up the Debian bug, but did turn up your page and it was a huge help.

    Fyi, dnsmasq’s TFTP server does support multi-homed servers, but it doesn’t support ipv6. If you need both multi-homing and ipv6, I’ve had luck hand-applying the patch from the debian bug thread above to the latest tftpd-hpa.

Comments are closed.