Package: tftp
Version: 0.17-12
When tftp is used to retrieve a file from a TFTP server that is located
on the same host, the last ACK datagram it sends in response to the last
DATA datagram from the server has a wrong source port number, different
from the one used in the request and in the previous ACKs. This results
in an ICMP "port unreachable" error being sent and the server resending
the last data datagram after time-out. Except from this, it does not
seem to have any other side effects, the file is correctly retrieved
since the last DATA datagram was received anyway.
Here is a tcpdump trace of the following sequence :
$ tftp localhost
tftp> get chain.b
Received 734 bytes in 0.1 seconds
15:34:48.175800 127.0.0.1.1050 > 127.0.0.1.69: 19 RRQ "chain.b" (DF)
15:34:48.212424 127.0.0.1.1051 > 127.0.0.1.1050: udp 516 (DF)
15:34:48.212878 127.0.0.1.1050 > 127.0.0.1.1051: udp 4 (DF)
15:34:48.214088 127.0.0.1.1051 > 127.0.0.1.1050: udp 226 (DF)
15:34:48.214495 127.0.0.1.1052 > 127.0.0.1.1051: udp 4 (DF)
15:34:48.214624 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 1051
unreachable [tos 0xc0]
15:34:53.214761 127.0.0.1.1051 > 127.0.0.1.1050: udp 226 (DF)
15:34:53.214887 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 1050
unreachable [tos 0xc0]
In this sequence, tftp uses source port 1050 to send the Read Request
(RRQ) and ACKs, except for the last ACK that unexpectedly has source
port 1052 instead. The TFTP server (tftpd) uses source port 1051.
Notes :
- When the TFTP server is a remote host, the last ACK sent by tftp has
the same (correct) source port as the previous RRQ and ACK datagrams.
- When tftp is used to send a file to either the local host or a remote
host, all DATA datagrams sent have the same source port.
- atftp, another TFTP client, does not exhibit such behavior when
retrieving files from either the local host or a remote host.
System : Debian GNU/Linux 3.1 (Sarge), kernel 2.4.32 and 2.4.18, libc6
2.3.2.ds1-22.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]