Archived

This topic is now archived and is closed to further replies.

Working on implementing a modified TFTP server

This topic is 5111 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

YES I AM SEARCHING GOOGLE OVER THIS! I am just posting this, to see if anybody has any experience with implementing the TFTP protocal. Only difference, is this version of TFTP will be slightly limitted, and be done over TCP, instead of UDP. Anyways, the server, needs to be secured, as I do not want to have to worry about the people using it, having to cover up the ports it is using from outside sources. So, the goal is to make it inherently safe. Anyways, what I am doing, is working on a SQL server pool. Just for sake of people who might be reviewing this post later, a SQL server pool is a solution implemented sometimes in the java servlette community. It is for when SQL servers limit the ammount of connections made to them. Server pools, then open all the limitted connections available, and then just send data, based on connections given to it. While I am not fully versed on the theory behind it, but it basically works on not wasting the SQL server''s time with socket connections/deconnections. Maybe one of the java programmers more experienced with servlettes could go more into this. Just note, for further down the post, the idea of a server pool, seems to be Java based (might not be though), but the project I am working on is currently being done in perl. Though some portions may be changed to C or C++, depending on where bottle necks lie. The idea behind this TFTP/SQL server pool server is that the data sent back and forth is done in an abstract method, that could easily be translated into XHTML1|2, RSS Feeds, XML, Lisp, SQL statements, or just about anything that you can think of changing it too. The TFTP portion of the server will only accept data in this format, and if it deviates from the format too much or is a wrong commands, it will close the connection (to stop potencial buffer overflows, and other monkey business). I''ve already setup the server to close connections after (a) time outs, and (b) babbling (sending too much data). I am just wondering what other things I should watch out for. I am also wondering more on the TFTP standard. I only vaguly know it, and after a quick google search, found several helpful resources. I am wondering if I should even bother reading RFC 783, or just go onto 1350. Is there is anything 783 covers, that won''t be in 1350? I am also wondering what I should do for an abstract format. A helpful person on anther set of forums told me about a set of perl modules that implement SQL in Perl, so I don''t really have to worry about implementing a standard that when printed, is a book of several inches. I do not want to do this XML based, as that would include too much crap into my code (having to create a schema, a DTD, and use too many other protocals to really make the project managable). I am tempted to go with Lisp, but am unsure if that is the best choice. Are there any options other than XML and Lisp? I would also like to know the quickest version of code--is there any real bottlenecks I should worry about? I would like it, if it wasn''t this piece of software''s fault if I ever get slashdotted, that the server is down (not that I will ever be slashdotted ). So summary: 1) What security issues should I worry about, for the TFTP transactions over TCP? 2) Do I really need to read RFC 783, or will 1350 include everything I need to know? 3) Any suggestions on creating the abstract format? Thank you for your time, Jamie Payne.
DakeDesu, protecter of newbie posters. Destroyer of elitist b*ggers™; And most certainly NOT AN ALIEN. This is a special test for quote cleaning--signatures should be delete from all quotes. This is a test.

Share this post


Link to post
Share on other sites
Update: Reading the rfcs on RFC Editor.org, and am making my way through RFC 1350.

Should I read 1782, 1783, 1784, 1785, 1986, 2090, 2437, 2348, 2349, and/or 3617? Which should I avoid, which would be most relavent for this project. I am not asking you to research it right now. No, I am asking for people who have worked on implementing a TFTP server for opinions.

Also: As now, I have found that there is a SQL server implemented in perl, so I do not need to do the work, I am working on changing the format of information being sent. I was guessing in a manner similar to HTTP headers, with the information being delimated by Keyword: content;, but it will fail in spots where I expect '';'' to darn well be in the content being sent back and forth.

Any ideas on how this will work?


DakeDesu, protecter of newbie posters. Destroyer of elitist b*ggers™; And most certainly NOT AN ALIEN.
This is a special test for quote cleaning--signatures should be delete from all quotes. This is a test.

Share this post


Link to post
Share on other sites
The RFC''s themselves tell you which RFC''s they update and/or obsolete. It is indicated in the header of the RFC. The status section which is usually immediately below the header, indicates whether the rfc documents an internet standard or not.

But now, stop for a second and realize what you are doing. You yourself have modified the protocol. So your implementation will only be able to interface with itself. You can pretty much throw the RFC''s out the window, or use them as guidelines. But in the end, whatever you end up making will not conform to the standard as listed in 1350, and updated by some of the others. So whether you use the updated info in the later RFC''s will amount to a purely personal decision.

Share this post


Link to post
Share on other sites
Just because I modify it on one account does not mean I should throw away everything else.

I''ve read through the RFCs, and now have the impression that when one RFC obsoletes a previous one, it will say everything that is not obsolete in the old one. I guess I was wondering if they were going to do something similar to some of W3C, which require you to read those of previous standards to figure out what is going on. I learn the minds behind the RFCs don''t do that.

Thank you, you have been quite helpful.


DakeDesu, protecter of newbie posters. Destroyer of elitist b*ggers™; And most certainly NOT AN ALIEN.
This is a special test for quote cleaning--signatures should be delete from all quotes. This is a test.

Share this post


Link to post
Share on other sites