tftp-hpa doesn't accept IPv4 connections by default

Bug #1448500 reported by Nick B. on 2015-04-25
66
This bug affects 13 people
Affects Status Importance Assigned to Milestone
tftp-hpa (Ubuntu)
High
Joshua Powers

Bug Description

After upgrading to 15.04 on my server it seems tftp-hpa is not listening and/or accepting IPv4 connections. When an IPv4 client tries to connect this shows up in syslog

in.tftpd[4295]: connect: Address family not supported by protocol

netstat shows it's only listening on IPv6
sudo netstat -lp | grep tftp
udp6 0 0 [::]:tftp [::]:* 14327/in.tftpd

If I change the TFTP_ADDRESS option in /etc/default/tftp-hpa from "[::]:69" to "0.0.0.0:69" it works. But this breaks IPv6

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: tftp-hpa (not installed)
ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3
Uname: Linux 3.19.0-15-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
Date: Sat Apr 25 12:32:30 2015
Dependencies:
 gcc-4.9-base 4.9.1-16ubuntu6
 libc6 2.19-10ubuntu2.3
 libgcc1 1:4.9.1-16ubuntu6
 multiarch-support 2.19-10ubuntu2.3
InstallationDate: Installed on 2015-02-12 (72 days ago)
InstallationMedia: Ubuntu-Server 14.10 "Utopic Unicorn" - Release amd64 (20141022.2)
ProcEnviron:
 LC_CTYPE=en_US.UTF-8
 TERM=screen-bce
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/zsh
SourcePackage: tftp-hpa
UpgradeStatus: Upgraded to vivid on 2015-04-24 (1 days ago)

Nick B. (futurepilot) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in tftp-hpa (Ubuntu):
status: New → Confirmed
Changed in tftp-hpa (Ubuntu):
importance: Undecided → High
Nine (nine-lesi) wrote :

At me works at first client get, after that only if restart server.

I have ubuntu 15.04 upgraded from 14.10, and I have tried a apt-get remove --purge and install again, and continues.

Justin Slay (justin-slay) wrote :

I have the same issue where the first GET request works, but then times out and produces this error until service is restarted.

Frans Oilinki (moilinki) wrote :

It seems tftpd-hpa interprets option --address ::69 to mean that only listen on IPv6:
1. By default (with TFTP_ADDRESS="[::]:69") it is started as

    /usr/sbin/in.tftpd --listen --user tftp --address [::]:69 --secure --create /srv/tftp

2. netstat (command "sudo netstat -anutp | grep '[:]69'") shows:

        udp6 0 0 :::69 :::* 10681/in.tftpd

I do not know and I am not interested to check the source code if there is way to explicitly tell tftpd-hpa to listen on all interfaces, both IPv4 and IPv6, but if you just omit the --address option, tftpd-hpa - per netstat output - listens on all interfaces both IPv4 and IPv6; when I start tftp-hpa as "/usr/sbin/in.tftpd --listen --user tftp --secure --create /srv/tftp" then netstat shows

       udp 0 0 0.0.0.0:69 0.0.0.0:* 24607/in.tftpd
       udp6 0 0 :::69 :::* 24607/in.tftpd

I accomplished this by hacking /etc/init.d/tftpd-hpa as follows:

diff --git a/init.d/tftpd-hpa b/init.d/tftpd-hpa
index 115ca4e..a4a5b60 100755
--- a/init.d/tftpd-hpa
+++ b/init.d/tftpd-hpa
@@ -52,9 +52,15 @@ do_start()
                fi
        done

+ if [ "$TFTP_ADDRESS" = "[::]:69" ]; then # all interfaces
+ start-stop-daemon --start --quiet --oknodo --exec $DAEMON -- \
+ --listen --user $TFTP_USERNAME \
+ $TFTP_OPTIONS $TFTP_DIRECTORY
+ else
                start-stop-daemon --start --quiet --oknodo --exec $DAEMON -- \
                        --listen --user $TFTP_USERNAME --address $TFTP_ADDRESS \
                        $TFTP_OPTIONS $TFTP_DIRECTORY
+ fi
 }

 do_stop ()

Frans Oilinki (moilinki) wrote :

NOTE: There is an obvious limitation in the above "solution" - if you want to listen on different port then you are back to square one. I wish this helps someone to bypass the problem while waiting for proper and complete fix.

FIX:
Just edit /etc/default/tftpd-hpa and remove [::] from line TFTP_ADDRESS="[::]:69"

Nick B. (futurepilot) wrote :

That seems to work to get it to listen of both IPv4 and IPv6. Not sure if it's a true fix or just a workaround though. Did something in the code change?

% sudo netstat -lp | grep tftp
udp 0 0 *:tftp *:* 2095/in.tftpd
udp6 0 0 [::]:tftp [::]:* 2095/in.tftpd

Nikolai Kristiansen (nikolaik) wrote :

Can confirm that Rafael's change in comment #7 works :-)

Robie Basak (racb) wrote :

17:16 <rbasak> stgraber: any opinion on bug 1448500 please?

17:18 <stgraber> rbasak: if just :69 instead of [::]:69 causes it to do the right thing, I don't have a problem with that change

summary: - tftp-hpa doesn't accept IPv4 connections
+ tftp-hpa doesn't accept IPv4 connections by default
tags: added: server-next
Robie Basak (racb) on 2016-08-02
tags: added: bitesize
Changed in tftp-hpa (Ubuntu):
status: Confirmed → Triaged
Robie Basak (racb) on 2016-09-13
Changed in tftp-hpa (Ubuntu):
assignee: nobody → Joshua Powers (powersj)
Joshua Powers (powersj) wrote :

The original issue was the following message "in.tftpd[4295]: connect: Address family not supported by protocol". This appears to have been fixed in version 5.2+20150808-1, see Debian bug 793921 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793921). This version is found in Xenial (16.04) or later.

Due to the fact that this bug was original found with Vivid (15.04) I would ask that it be verified on the supported version found in Xenial and reply if it still occurs. I will move the bug to incomplete until I hear back.

The second issue that was brought up in the bug discussion above was due to a change to default configuration. Namely /etc/default/tftpd-hpa was changed to use 'TFTP_ADDRESS="[::]:69"' due to LP: #1228340, which was over 3 years ago. This changed the default behavior in Trusty (14.04) and forward.

While I too do not see any IPv4 udp results while running `sudo netstat -lp | grep tftp`, I can confirm that connecting to a server setup with the default configuration using `tftp -4 <address>` works. I am not sure of the explanation yet, but if this is another issue we should file a different bug and track it. I however, do not believe that tftpd-hpa has been broken for 3 years.

This does not appear to affect Debian stable or unstable as the default configuration file in /etc/default/tftpd-hpa for both looks like:

TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure"

Changed in tftp-hpa (Ubuntu):
status: Triaged → Incomplete
Nick B. (futurepilot) wrote :

I can confirm that it works with IPv4 as expected with the default configuration.

Joshua Powers (powersj) wrote :

Thanks for confirming! For the original issue of "Address family not supported by protocol" I am marking this as 'Fix Released'.

For the separate issue brought up about not seeing netstat output for IPv4, the following was brought to my attention: '...a process that binds on both by not specifying (or whatever it is it does) ends up in an "netstat --inet6 -nlp" listing but not that "netstat --inet -nlp" one.' As such I do not believe there is an issue here, understandably a user experience one with netstat, but not with tftp-hpa.

Changed in tftp-hpa (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.