tftpd not working when net.inet.udp.blackhole=1
Maxim Konovalov
maxim at macomnet.ru
Mon Jul 3 17:48:09 UTC 2006
Hello,
On Mon, 3 Jul 2006, 18:41+0300, Nikolay Pavlov wrote:
> Hi folks.
> I have a strange problem with tftpd when using sysctl
> net.inet.udp.blackhole=1 It's not working with this variable enabled.
>
> I use tftp to upload images from my routers. Here is details of the
> problem:
>
> OS FreeBSD 6.0-RELEASE-p6
>
> root at ipstat:~/projects/route_tools# sysctl net.inet.udp.blackhole=1
> net.inet.udp.blackhole: 0 -> 1
>
> telnet at fbi8000-Border-NY#copy running-conf tftp XX.XX.48.25
> XX.XX.51.194.runcfg.new
> TFTP session timed out
> Error - can't upload running-config to TFTP server.
[...]
Nice question indeed. I spent 20 minutes trying to get wtf is going
on. There are several moments:
a) I guess you are running stock tftpd from inetd i.e. tftpd -s
/tftproot. In that case tftpd chroots to /tftproot.
b) tftpd wants to resolve a peer ip address but there is no
/etc/resolv.conf in its new root directory so it asks 127.0.0.1 for
resolve.
c) net.inet.udp.blackhole=1 forces the kernel just drop tftpd DNS
requests.
d) From this point several timing issues starts: tftpd still trying to
resolve a client ip address, then gives up but now client gives up.
I see several solutions:
a) Don't use chroot. In general this is not good from security point
of view.
b) Run a named @127.0.0.1.
c) Put a valid resolv.conf to /tftpboot/etc/.
d) Don't use net.inet.udp.blackhole=1.
HTH.
--
Maxim Konovalov
More information about the freebsd-net
mailing list