Linux/tftp-hpa

From Omnia
Jump to navigation Jump to search

Website:

https://git.kernel.org/pub/scm/network/tftp/tftp-hpa.git/

Get the client for testing:

apt install tftp

Get xinetd wrapper

apt install xinetd

Compile and Build:

git clone https://git.kernel.org/pub/scm/network/tftp/tftp-hpa.git
cd tftp-hpa
bash autogen.sh
# ./configure
./configure --prefix=/opt/tftp-hpa
make
make install


mkdir /tftp

/etc/xinetd.d/tftp:

service tftp
{
        socket_type     = dgram
        protocol        = udp
        wait            = yes
        user            = root
        #group           = tftp
        port            = 69
        server          = /opt/tftp-hpa/sbin/in.tftpd
        server_args     = -vvv  --create  --user tftp  --secure /tftp  --map-file /etc/tftpd.map  --refuse blksize
        #server_args     = -vvv -s /tftp -m /etc/tftpd.map -r blksize
        #server_args     = --verbose -u tftp -s /tftp -r blksize
        disable         = no
}
adduser tftp
tftp:x:1001:1001:TFTP User:/tftp:
chown tftp:tftp /tftp

/etc/tftpd.map:

# Convert backslashes to slashes
rg \\ /
service xinetd stop
service xinetd start

More Complete Map File

#
# Rule file for the -m (remapping option)
#
# This file has three fields: operation, regex, remapping
#
# The operation is a combination of the following letters:
#
# r - rewrite the matched string with the remapping pattern
# i - case-insensitive matching
# g - repeat until no match (used with "r")
# e - exit (with success) if we match this pattern, do not process
#     subsequent rules
# s - start over from the first rule if we match this pattern
# a - abort (refuse the request) if we match this rule
# G - this rule applies to TFTP GET requests only
# P - this rule applies to TFTP PUT requests only
#
# The regex is a regular expression in the style of egrep(1).
#
# The remapping is a pattern, all characters are verbatim except \
# \0 copies the full string that matched the regex
# \1..\9 copies the 9 first (..) expressions in the regex
# \\ is an escaped \
# See http://linux.die.net/man/8/tftpd for more info.
#
# "#" begins a comment, unless \-escaped
#
ri    ^[a-z]:            # Remove "drive letters"
rg    \\        /        # Convert backslashes to slashes
rg    ([A-Z])   \L\1     # Convert uppercase to lowercase
rg    \#        @        # Convert hash marks to @ signs
rg    /../      /..no../ # Convert /../ to /..no../
e    ^ok/                # These are always ok
r    ^[^/]      /\0      # Convert non-absolute files
a    \.pvt$              # Reject requests for private files

ref: https://github.com/jumanjihouse/docker-tftp-hpa/blob/master/src/mapfile

Filter By IP

/etc/tftpd.map

# Convert backslashes to slashes
rg \\ /
#r bob \0-\i
#r .* \0-\i

## Exit if does not match
#e~ undionly.kpxe.* \0

## Attach mac to name
#r undionly.kpxe.* \0:\i
## Trigger certain clients
#re undionly.kpxe:10.0.0.100(.*) asrock.kpxe
## Not the mac we are looking for, then exit with default
#re undionly.kpxe(:.*) ipxe

## Attach mac to name
r ipxe.efi.* \0:\i
## Trigger certain clients
re ipxe.efi:10.0.0.92(.*) asrock.efi  # 6592
re ipxe.efi:10.0.0.93(.*) asrock.efi  # 6593
re ipxe.efi:10.0.0.94(.*) asrock.efi  # 6594
## Not the mac we are looking for, then exit with default
re ipxe.efi(:.*) ipxe.efi

#  e~ TEST.* \0
#  r TEST.* \0:\x
#  #re TEST:.*ACCB0D3 found
#  #re (TEST)(:.*) third_\1_\2
#  re TEST(:.*) catch\1
#  re .* FAIL
#  #r .* \0-b

keywords

tftp tftpd tftp-hpa