00. Table of Contents
Article directory
01. Introduction to tftp protocol
TFTP (Trivial File Transfer Protocol, Simple File Transfer Protocol) is a protocol in the TCP/IP protocol suite used for simple file transfer between clients and servers. It provides uncomplicated and low-cost file transfer services. Port The number is 69.
TFTP is usually implemented based on the UDP protocol, but it is not certain that some TFTP protocols are implemented based on other transport protocols. The TFTP protocol is designed mainly for small file transfers, so it does not have many of the features of the usual FTP. For example, it can only obtain or write files from the file server, cannot list directories, and does not perform authentication.
The TFTP code occupies a small amount of memory, which is very important for smaller computers or some special-purpose devices. These devices do not require a hard disk, but only require a small-capacity read-only memory that solidifies TFTP, UDP, and IP. That’s it. Therefore, as the proportion of embedded devices in network equipment continues to increase, the TFTP protocol is becoming more and more widely used.
02. tftp packet format
2.1 Overview of tftp packet format
TFTP defines a total of six types of packets. The type of packet is determined by the first two bytes of the data packet, which we call the Opcode field. These five types of data packets are:
-
Read file request packet: Read request, abbreviated as RRQ, corresponding Opcode field value is 1
-
Write file request package: Write requst, abbreviated as WRQ, corresponding Opcode field value is 2
-
File data package: Data, abbreviated as DATA, corresponding Opcode field value is 3
-
Response packet: Acknowledgment, abbreviated as ACK, corresponding Opcode field value is 4
-
Error information package: Error, abbreviated as ERROR, corresponding Opcode field value is 5
The data packet formats of RRQ and WRQ are the same, except that some value range settings are different, and the remaining three data packet formats are different.
-
Request recovery package: Acknowledgment, abbreviated as ACK, corresponding Opcode field value is 6
2.2 Read/write request packet (RRQ/WRQ=1/2)
The format of RRQ and WRQ data packets:
\1. Operation code (2 bytes), which is used to indicate the type of the current data packet (a value of 1 indicates that the data packet is a read request, 2 indicates that the data packet is a write request);
\2. Variable length field, which is used to represent the file name to be read or uploaded. It uses ASCII code and ends with \0;
\3. Mode, which is also a variable-length field, is used to indicate the data type of the transferred file. If the transferred file is a string file, then it fills in the string "netascii". If the transferred file is a binary file, then it fills in the string " octet", these strings end with \0.
\4. Optional fields (timeout, blksize, tsize, etc., ending with \0)
Data packet capture analysis
protocol analysis
00 01 (操作码)
31 2e 63 00 (1.c(文件名), 以 \0 结尾 即 00)
6f 63 74 65 74 00 (octet(文件传输方式), 以 \0 结尾 即 00)
62 6c 6b 73 69 7a 65 00 (blksize(每次传输文件大小), 以 \0 结尾 即 00)
35 31 32 00 (字符串), 以 \0 结尾 即 00)
74 73 69 7a 65 00 (tsize(文件大小), 以 \0 结尾 即 00)
30 00 (0(字符串), 以 \0 结尾 即 00)
2.3 Data packet (DATA=3)
DATA packet that transmits data blocks,
\1. Operation code (2 bytes)
\2. Block number (2 bytes)
\3. Data
Data packet capture analysis
protocol analysis
00 03 (操作码)
00 01 (block number)
..... (DATA)
2.4 Response packet (ACK=4)
The response packet is a response to the received file data
\1. Operation code (2 bytes)
\2. Data packet sequence (2 bytes)
Data packet capture analysis
protocol analysis
00 04 (操作码)
00 01 (block number)
2.5 Error information packet (Error=5)
Error ERROR packet
\1. Operation code (2 bytes)
\2. Error code (2 bytes)
\3. Specific reason for the error (variable length)
2.6 Request response packet (ACK=6)
The request response package is a response to the request data. It is an optional package and may not be needed in some cases, depending on the specific situation.
\1. Operation code (2 bytes)
\2. Optional fields (timeout, blksize, tsize, etc., ending with \0 and related values)
Data packet capture analysis
protocol analysis
00 06 (操作码)
62 6c 6b 73 69 7a 65 00 (blksize, 以 \0 结尾 即 00)
35 31 32 00 (512(字符串), 以 \0 结尾 即 00)
74 73 69 7a 65 00 (tsize(文件大小), 以 \0 结尾 即 00)
31 39 34 37 00 (1947(字符串), 以 \0 结尾 即 00)
03. tftp working process
3.1 tftp download process
The figure below shows the process diagram of TFTP request download. Uploading and downloading are essentially different file transmission directions.
3.2 tftp upload process
The work of TFTP starts with the client initiating an RRQ or WRQ. Here we take WRQ (write request) as an example to describe the working process of reading and writing, as well as error handling and other contents.
\1. The server waits for the client to send a file write request packet on UDP port 69.
\2. The client sends a WRQ packet that conforms to the TFTP request format to the server through UDP. From the perspective of a UDP packet, the source port of the UDP packet is arbitrarily selected by the client, and the destination port is 69 of the server.
\3. After receiving the request packet from the client, the server needs to send ACK to the client. For the write request packet, the confirmation number of the ACK packet sent by the server is 0.
\4. The client sends DATA data to the server, and the server receives the data and writes the file.
\5. When the length of the DATA data sent by the client is less than 512 bytes, the server considers that the WRQ request is completed.
04. TFTP transmission mode
\1. Netascii: This is an 8-bit ASCII code form, generally used to transmit character data.
\2. Octet: This is an 8-bit source data type, generally used to transmit binary data.
\3. Mail: It returns the returned data directly to the user instead of saving it as a file, but this mode is no longer supported.
05. Discussion
1.tftp服务介绍
1)TFTP(Trivial File Transfer Protocol,简单文件传输协议)是TCP/IP协议族中的一个用来在客户机与服务器之间进行简单文件传输的协议,提供不复杂、开销不大的文件传输服务。
2)tftp服务的端口号为69。
3)TFTP是一个传输文件的简单协议,它基于UDP协议而实现,但是我们也不能确定有些TFTP协议是基于其它传输协议完成的。
4)此协议设计的时候是进行小文件传输的。因此它不具备通常的FTP的许多功能,它只能从文件服务器上获得或写入文件,不能列出目录,不进行认证,它传输8位数据。
5)传输中有三种模式:
1》netascii,这是8位的ASCII码形式;
2》另一种是octet,这是8位源数据类型;
3》最后一种mail已经不再支持,它将返回的数据直接返回给用户而不是保存为文件。
2.tftp传输过程
1)任何传输起自一个读取或写入文件的请求,这个请求也是连接请求。
2)如果服务器批准此请求,则服务器打开连接,数据以定长512字节传输。
3)每个数据包包括一块数据,服务器发出下一个数据包以前必须得到客户对上一个数据包的确认。
4)如果一个数据包的大小小于512字节,则表示传输结束。如果数据包在传输过程中丢失,发出方会在超时后重新传输最后一个未被确认的数据包。
5)通信的双方都是数据的发出者与接收者,一方传输数据接收应答,另一方发出应答接收数据。
6)大部分的错误会导致连接中断,错误由一个错误的数据包引起。这个包不会被确认,也不会被重新发送,因此另一方无法接收到。如果错误包丢失,则使用超时机制。
7)错误主要是由三种情况引起的:
1》不能满足请求。
2》收到的数据包内容错误,而这种错误不能由延时或重发解释。
3》对需要资源的访问丢失(如硬盘满)。
8)TFTP只在一种情况下不中断连接,这种情况是源端口不正确,在这种情况下,指示错误的包会被发送到源机。
3.tftp特点
1)由于TFTP使用UDP,而UDP使用IP,IP可以还使用其它本地通信方法。因此一个TFTP包中会有以下几段:本地媒介头,IP头,数据报头,TFTP头,剩下的就是TFTP数据了。
2)TFTP在IP头中不指定任何数据,但是它使用UDP中的源和目标端口以及包长度域。
3)由于TFTP使用的包标记(TID)在这里被用做端口,因此TID必须介于0到65,535之间。
4)TFTP头中包括两个字节的操作码,这个码指出了包的类型,大体上的TFTP包格式为:| Local Medium | Internet | Datagram | TFTP |
4.tftp优点
1)TFTP可用于UDP环境;比如当需要将程序或者文件同时向许多机器下载时就往往需要使用到TFTP协议。
2)TFTP代码所占的内存较小,这对于较小的计算机或者某些特殊用途的设备来说是很重要的,这些设备不需要硬盘,只需要固化了TFTP、UDP和IP的小容量只读存储器即可。当电源接通后,设备执行只读存储器中的代码,在网络上广播一个TFTP请求。网络上的TFTP服务器就发送响应,其中包括可执行二进制程序。设备收到此文件后将其放入内存,然后开始运行程序。这种方式增加了灵活性,也减少了开销。
5.初始链接
1)初始连接时候需要发出WRQ(请求写入远程系统)或RRQ(请求读取远程系统),收到一个确定应答,一个确定可以写出的包或应该读取的第一块数据。
2)通常确认包包括要确认的包的包号,每个数据包都与一个块号相对应,块号从1开始而且是连续的。因此对于写入请求的确定是一个比较特殊的情况,因此它的包的包号是0。
3)如果收到的包是一个错误的包,则这个请求被拒绝。
4)创建连接时,通信双方随机选择一个TID,因为是随机选择的,因此两次选择同一个ID的可能性就很小了。
5)每个包包括两个TID,发送者ID和接收者ID。这些ID用于在UDP通信时选择端口,请求主机选择ID的方法上面已经说过了,在第一次请求的时候它会将请求发到TID 69,也就是服务器的69端口上。应答时,服务器使用一个选择好的TID作为源TID,并用上一个包中的TID作为目的ID进行发送。这两个被选择的ID在随后的通信中会被一直使用。
6)下例是一个写入的例子,其中WRQ,ACK和DATA代表写入请求,确认和数据。
1》主机A向主机B发出WRQ,其中端口为69。
2》B机向A机发出ACK,块号为0,包括B和A的TID
此时连接建立,第一个数据包以序列号1从主机开始发出。以后两台主机要保证以开始时确定的TID进行通信。
如果源ID与原来确定的ID不一样,这个包会被认识为发送到了错误的地址而被抛弃。错误的包是被发送到正确端口的,但是包本身有错误。
设想发送方发出一个请求,这个请求在网络的那个设备中被复制成两个包,接收方先后接收到两个包。接收方会认为为这是两个独立的请求,会返回两个应答。
当这两个应答其中之一被接收到时,连接已经建立。第二个应答再到达时,这个包会被抛弃,而不会因为接收到第二个应答包而导致第一个建立的连接失败。
6.正常终止
1)传输的结束由DATA数据标记,其包括0-511个字符。这个包可以被其它数据包确认。
2)接收方在发出对最后数据包的确认后可以断开连接,当然,适当的等待是比较好的,如果最后的确定包丢失可以再次传输。
3)如果发出确认后仍然收到最后数据包,可以确定最后的确认丢失。发送最后一个DATA包的主机必须等待对此包的确认或超时。
4)如果响应是ACK,传输完成。如果发送方超时并不准备重新发送并且接收方有问题或网络有问题时,发送也正常结束。当然实现时也可以是非正常结束,但无论如何连接都将被关闭。
7.早终结
如果请求不能被满足,或者在传输中发生错误,需要发送ERROR包。这仅是一种传输友好的方式,这种包不会被确认也不会被重新传输,因此这种包可能永远不会被接收到。因此需要用超时来侦测错误。
8.TFTP数据包
TFTP支持五种类型的包,已经说明这五种类型的包:
包头中包括了这个包所指定的操作码。
opcode operation
1.Read request (RRQ)
2.Write request (WRQ)
3.Data (DATA)
4.Acknowledgment (ACK)
5.Error (ERROR)
9.tftp命令
man tftp
tftp - Trivial File Transfer Protocol client
tftp是一个客户端,是一个不重要轻量级的文件传输协议,用于传输文件到远程主机上或从远程机器上下载数据。
tftp [-4][-6][-v][-l][-m mode] [host [port]] [-c command]
10.in.tftpd命令
man in.tftpd
tftpd - Trivial File Transfer Protocol server
in.tftpd [options...] directory...
11.tftp实现
tftp包有:tftp,tftp-server
rpm -ql tftp
/usr/bin/tftp
/usr/share/doc/tftp-0.49
/usr/share/doc/tftp-0.49/CHANGES
/usr/share/doc/tftp-0.49/README
/usr/share/doc/tftp-0.49/README.security
/usr/share/doc/tftp-0.49/README.security.tftpboot
/usr/share/man/man1/tftp.1.gz
rpm -ql tftp-server
/etc/xinetd.d/tftp
/usr/sbin/in.tftpd
/var/lib/tftpboot(库)
/usr/share/doc/tftp-server-0.49
/usr/share/doc/tftp-server-0.49/CHANGES
/usr/share/doc/tftp-server-0.49/README
/usr/share/doc/tftp-server-0.49/README.security
/usr/share/doc/tftp-server-0.49/README.security.tftpboot
/usr/share/man/man8/in.tftpd.8.gz
/usr/share/man/man8/tftpd.8.gz