全部博文(132)
分类: 系统运维
2009-05-13 10:11:29
Trivial File Transfer Protocol (TFTP) is a transfer , with the functionality of a very basic form of (FTP); it was first defined in 1980.
Due to its simple design, TFTP can be implemented in a very small amount of — an important consideration at that time. It was therefore useful for computers such as which did not have any data storage devices. It is still used to transfer small amounts of data between hosts on a , such as firmware or operating system images when a remote or any other boots from a network host or . The initial stages of some network based installation systems (such as , and 's ) use TFTP to load a basic that performs the actual installation.
TFTP is based in part on the earlier protocol , which was part of the . In the early days of work on the protocol suite, TFTP was often the first protocol implemented on a new host type, because it was so simple.
The original versions of TFTP, prior to , displayed a particularly bad protocol flaw, which was named (after the "" segment of ) when it was discovered.
TFTP support appeared first as part of 4.3 BSD.
Transfers files to and from a remote computer running the TFTP service.
TFTP [-i] host [GET | PUT] source [destination]
-i Specifies binary image transfer mode (also called
octet). In binary image mode the file is moved
literally, byte by byte. Use this mode when
transferring binary files.
host Specifies the local or remote host.
GET Transfers the file destination on the remote host to
the file source on the local host.
PUT Transfers the file source on the local host to
the file destination on the remote host.
source Specifies the file to transfer.
destination Specifies where to transfer the file.
Commands may be abbreviated. Commands are:
connect connect to remote tftp
mode set file transfer mode
put send file
get receive file
quit exit tftp
verbose toggle verbose mode
trace toggle packet tracing
status show current status
binary set mode to octet
ascii set mode to netascii
rexmt set per-packet retransmission timeout
timeout set total retransmission timeout
? print help information
user@host:~$ tftp 192.168.1.1
tftp> get file.txt
Back in October of 2001, I demonstrated . In this article, I'll show you how to set up a TFTP server so you can back up and upgrade a hardware appliance such as a Cisco router.
If you've ever had the opportunity to work with any hardware-based routers, security appliances, or intelligent switches, you're aware that these devices typically don't have hard disks for permanent storage of their configurations and underlying operating systems. Instead, they use a combination of volatile and non-volatile RAM and an chip.
Since chips have far less storage capacity than hard drives, things get a bit more interesting when you want to install or upgrade the operating system. The operating system itself and the utilities that come with it will be optimized to fit into a small space. Most of the utilities you're used to finding on a computer's operating system will be missing. You won't find any browsers or download utilities here! You also won't find any backup utilities, even though you know the first rule in computing land is "backup, backup, backup".
|
Related Reading 
|
The most common utility used to accomplish device backups and upgrades is , the Trivial File Transfer Protocol. This utility is similar to FTP, except that it has been stripped down in functionality in order to fit onto a chip; hence, the "trivial." Hardware devices, such as a Cisco router or switch, contain a TFTP client. It is up to you to create a TFTP server somewhere in your network. The TFTP server will store a backup copy of your configurations and the images (or operating systems) of the hardware devices within your network.
Your FreeBSD system already contains a TFTP server, meaning you don't have to install any additional software. You only have to enable the TFTP service and properly configure a directory. Let's start by enabling the service. As the superuser, use your favorite editor to open up /etc/inetd.conf.
You'll notice that this file contains several dozen lines of names of
services, and each has been commented out with a #. This is the
configuration file for inetd, the Internet Super Server. This
server listens on behalf of other services. When a request comes in for a
service, inetd will start the appropriate service. This reduces
system load, as one service can listen for requests rather than each service
having to listen separately.
In order to tell inetd to listen for TFTP requests, find the
two lines that start with #tftp and remove the comment from the
first line so it looks like this:
tftp dgram udp wait root /usr/libexec/tftpd tftpd -s /tftpboot
#tftp dgram udp6 wait root /usr/libexec/tftpd tftpd -s /tftpbootYou'll note that FreeBSD supports both IPv4 and IPv6, so its
inetd is capable of listening for both types of requests. Also
note that TFTP uses UDP as its transport. This means it is not as reliable as
FTP (which uses TCP). It also means that TFTP supports broadcasts, meaning you
don't have to configure the TFTP client with the IP address of a particular
TFTP server.
Once you've removed the #, save your changes. You now need to
tell inetd that you've made some changes to its configuration file
by sending what is known as a "signal one." The easiest way to do this is with
the killall command:
# killall -1 inetdIf the command is successful, you will just receive your prompt back. Be
careful to include all three parts of that command. If you forget the
-1, you'll actually terminate the inetd process. But
don't worry, you can start it again by simply typing inetd.
If you instead receive the following error message:
# killall -1 inetd
No matching processes were foundinetd is not running. Again, simply type inetd to
start it. To make sure inetd starts if the TFTP server reboots,
add the following line to /etc/rc.conf:
inetd_enable="YES"Next, ensure inetd is listening for UDP connections on port 69,
the TFTP port:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root inetd 1713 4 udp4 *:69 *:*Now that the server is functional, you need to create a directory that will be used by the TFTP server to store the backups of your hardware devices' configurations and operating systems. This directory must be called /tftpboot:
# mkdir /tftpbootNext, populate this directory with the files you wish to download to your hardware devices. For example, if you wish to upgrade your Cisco IOS, download the desired image from the Cisco web site and save it to /tftpboot. Most software images have rather complicated names, such as c1600-ny-mz.112-11.P.bin. If you'll be serving many images, you should document which devices are using which images.
You'll also want to create empty files for the files you'll upload from the hardware devices themselves. These files can be called anything that is useful to you. For example, if I wish to save the configurations from a 1602 router, a PIX 501 firewall, and a 1924 switch, I could create the following files:
# touch 1602_config PIX_config 1924_configFinally, since TFTP is a stripped-down version of FTP, it does not support authentication. For this reason, this directory and its contents must be accessible to your TFTP clients. Typically, this is accomplished by setting the permissions like so:
# chmod -R 777 /tftpbootDepending upon the TFTP client built into the hardware device you are using, you may be able to successfully use stricter permissions. Unfortunately, with a Cisco device, it will fail unless the permissions are set this way. When you're finished, verify the permissions in the directory:
# ls -l /tftpboot
total 0
-rwxrwxrwx 1 root wheel 0 May 18 15:24 1602_config
-rwxrwxrwx 1 root wheel 0 May 18 15:24 1924_config
-rwxrwxrwx 1 root wheel 0 May 18 15:24 PIX_config
-rwxrwxrwx 1 root wheel 4194172 May 18 15:33 c1600-ny-mz.112-11.P.binYou should now have an operational TFTP server. Since your FreeBSD system
also has a TFTP client, you can test that the server is set up to properly
transfer files. First, tftp to the address of your TFTP server as
a regular user. If the server responds, your prompt will change. Here, I will
use the tftp client from the same computer that is the TFTP
server:
$ tftp 127.0.0.1
tftp> If you type ?, you'll see that the tftp client
supports few commands. The ones you'll use most often are get to
download a file, put to upload a file, and quit to
exit the utility. If you're used to using the ftp client, you'll
notice the absence of cd, ls, mget,
mput, and several dozen other supported FTP commands.
Now, try to get one of the files; your transfer will be more
exciting if you pick a non-empty file. Here, I'll transfer an image file:
tftp> get c1600-ny-mz.112-11.P.bin
Received 4194172 bytes in 1.6 secondsI'll then quit the utility:
tftp> quitThere's a couple of important points regarding this file transfer. First, it
won't work if the file you want to transfer is not in /tftpboot.
Notice when I used the get command that I didn't specify the path
to the file, simply the filename. If I had tried this command instead, I would
have received the following error message:
tftp> get /tftpboot/c1600-ny-mz.112-11.P.bin
Error code 1: File not foundRemember, tftp assumes that the file you want to transfer
already exists and that it is located in /tftpboot. Second, make
sure you spell the filename correctly. This is especially important with those
long image filenames. If you're a terrible typist, you'll miss filename
completion, as it's not supported by tftp. This is another reason
why it is a good idea to document the files stored in /tftpboot
and to check your spelling when you use the get command.
Otherwise, you'll end up getting frustrated by "Error code 1" messages.
You may have noticed that I didn't specify where to put the file that was
transferred using get. This is because it is automatically copied
to the current working directory. Typically, this isn't a problem on a hardware
device, but it is something to keep in mind should you ever initiate a
tftp session using your FreeBSD computer.
Finally, you should use ls -l to verify that the number of
bytes received matches the number of bytes in the file stored on the TFTP
server. This is also a handy bit of information to have documented. If you have
a printer attached to your FreeBSD system, you can easily print out the
contents of /tftpboot once you've finished configuring the TFTP
server:
$ ls -l /tftpboot | lprNow that I'm satisfied the TFTP server is operational, I'll demonstrate uploading that image file to a Cisco 1602 router. Once I'm connected to the router, I'll input the password required to enter privileged mode:
1602> enable
Password:
1602#Before starting the TFTP client, you should always verify connectivity to
the TFTP server by pinging its IP address:
1602# ping 10.0.0.100
!!!!!On a Cisco router, ! indicates a successful ping. If you
instead receive a series of .s, the ping is timing out, which
indicates a connectivity problem.
I'll then invoke the router's built-in TFTP client by using the following command:
1602# copy tftp flash
^^^^NOTICE^^^^
Flash load helper v1.0
This process will accept the copy options and then terminate the
current system image to use the ROM based image for the copy. Routing
functionality will not be available during that time. If you are logged
in via telnet, this connection will terminate. Users with console
access can see the results of the copy operation.
---- ^^^^^^^^ ----
Proceed? [confirm]After reading the warning message, press Enter to confirm the operation. You'll then be presented with the name of the current operating system on the router and the amount of memory available on the EEPROM chip:
System flash directory:
File Length Name/status
1 3612396 c1600-ny-mz.110-8.P
[3612396 bytes used, 13164756 available, 16777216 total]The client will then prompt for some information:
Address or name of remote host [255.255.255.255]If you press Enter here, you'll receive the default value enclosed in square brackets, or the broadcast address. This means the TFTP client will send a broadcast onto the network looking for a TFTP server. If there are any intervening routers between this hardware device and the TFTP server, they will most likely discard the broadcast. To prevent that from happening, type in the IP address of your TFTP server.
Next, you'll be prompted for the source filename. That is, the filename of the image that you would like to download from the TFTP server. Remember, it's important not to mistype the name of the file in order for the transfer to succeed. I'll type in the name of my image:
Source file name? c1600-ny-mz.112-11.P.binNext, you'll be prompted for the destination filename. That is, what you would like the file to be called when it is copied to the router's EEPROM chip. Technically, you could change the filename to anything you want, but usually you keep the original image name, like I have done here:
Destination file name? c1600-ny-mz.112-11.P.binNow comes the moment of truth:
Accessing file 'c1600-ny-mz.112-11.P.bin' on 10.0.0.100...If you get an "Error code 1," the command will abort and return you to the command prompt. This means you have a typo in the "source file name," so repeat the command and try again. If you're sure you spelled the image name correctly, it's time to go to the TFTP server and ensure the file still exists in /tftpboot and is indeed spelled the way you are typing it.
If you receive a permissions problem, double-check the permissions of the
image on the TFTP server. Chances are, you forgot to set them to
777.
If all goes well, the TFTP client will continue and give you output similar to this:
Loading c1600-ny-mz.112-11.P.bin from 10.0.0.100 (via Ethernet0): ! [OK]You'll then be asked to confirm the operation three times to make sure you're really, really sure that you want to replace the current operating system with the new image:
Erase flash device before writing? [confirm]
Flash contains files. Are you sure you want to erase? [confirm]
Copy 'c1600-ny-mz.112-11.P.bin' from server
as 'c1600-ny-mz.112-11.P.bin' into Flash WITH erase? [yes/no] yesOnce you've confirmed, you'll see a series of es go by as the
current operating system is erased:
Erasing device...eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee...erasedand the new image is copied over; in this case, !s indicate
success:
Loading c1600-ny-mz.112-11.P.bin from 10.0.0.100 (via Ethernet0):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 4194172 bytes/16777216 bytes]
Verifying checksum... OK (0x5FDE)
Flash copy took 0:02:16 [hh:mm:ss]You should double-check that the bytes transferred over match up with the
number of bytes in the image file on the server. In my case, the 4194172
matches up and the checksum indicates that it is OK. If you received many
.s or timeouts during the transfer, you should check your network
connectivity and consider redoing the transfer. Finally, before rebooting the
router into the new operating system, double-check that the correct image is
indeed in the EEPROM chip:
1602# show flash
PCMCIA flash directory:
File Length Name/status
1 4194172 c1600-ny-mz.112-11.P.binThen, reboot the router:
1602# reloadLet's recap the steps necessary to configure your FreeBSD system as a TFTP server:
inetd.777.I demonstrated one use of a TFTP server: upgrading the image file on a Cisco router. If you have any hardware devices in your network, read their documentation to see the syntax of the command each uses in order to access the files you have stored on your TFTP server.
There are additional uses for a TFTP server. You may find some of the following URLs useful as launching points into your own experiments:
Just keep in mind that TFTP is designed for transferring files to and from chips on hardware devices. If you want to transfer files from one computer to another, TFTP is not the answer. There are many other options available that offer far more functionality and usually, more security.
In the next series of articles, I want to take a look at proxies and configuring proxy servers and proxy clients.
is a network and systems administrator, IT instructor, author and international speaker. She has over a decade of experience administering and teaching Netware, Microsoft, Cisco, Checkpoint, SCO, Solaris, Linux, and BSD systems. A prolific author, she pens the popular for O'Reilly and is author of and The Best of FreeBSD Basics.
Return to the
In section 1.2., we introduced how to download firmware to NAND flash using "NOR boot" when u-boot in NAND is gone. In this section, we will detail how to download or upgrade firmware in NAND using u-boot via Ethernet tftp download. Since our platform is positioned at "application ready", that means users usually only need to focus on their own market-oriented application. If developers don't build your own u-boot and kernel, you could skip this section unless you need to update new firmware. Developers could also choose serial console port to download firmware. Since it takes time, we will only focus on tftp download only. If users are interested in serial download, please refer the DENX u-boot manual.
If you have u-boot or Linux running on your system, then you can use Linux or u-boot to install a u-boot image to the appropriate address in flash memory. This section shows you how to download u-boot when Linux is running.
[root@M190]# cat /proc/mtd
dev: size erasesize name
mtd0: 00020000 00004000 "BIOS_BIN"
mtd1: 00010000 00004000 "BIOS_DAT"
mtd2: 001c0000 00004000 "KERNEL"
mtd3: 00200000 00004000 "SYSCFG"
mtd4: 01c00000 00004000 "INITRD"
[root@M190]# dd if=/tmp/uboot.bin of=/dev/mtdblock/0 bs=128k conv=sync
1+1 records in
2+0 records out
You could use the same way to download Linux image to appropriate flash memory.
You could also use u-boot tftp command to download u-boot, Linux kernel and rescue root file system. Below we will detail how to do this under Windows and Linux PC environment.
First, open up "DNW" program and set up the serial port. (Please refer to section 1.2.1.1. for serial port setting of DNW program.) Connect the Ethernet cable. If you connect directly from device to PC, use the cross Ethernet cable.
Users need to install tftp server on Windows. You can download the freeware and install to your Windows PC in the tftpboot directory. Copy the uboot.bin, zImage and nand.img into this directory. Close your anti-virus software like PC-cillin. (Or close port 69)
You can set and add the environment parameter of device using "setenv", "saveenv" command as below.
| [root@M190]#setenv ipaddr XXX.XXX.XXX.XXX [root@M190]#setenv serverip XXX.XXX.XXX.XXX [root@M190]#saveenv |
Example:
ipaddr 192.168.1.2
serverip 192.168.1.121
Note:
Make sure that the ipaddr for device and serverip for Windows PC are in the same network domain.
After setting up the IP address and wire everything right, you could start the tftp download.
After setting up the tftp server and IP address of devices, users can start transfer and write images using u-boot tftp and nandw command. It is necessary to download to SDRAM first before writing to NAND. The following command shows how to transfer u-boot.bin images to SDRAM.
| [root@M190]#tftp 30000000 u-boot.bin |
| [root@M190]#nandw 0x0 0x1c000 30000000 |
Next example shows how to transfer and write Linux kernel. The file name is "zImage". Again, we tftp to SDRAM first by the following command.
| [root@M190]#tftp 30000000 zImage |
Temporary address is base address of SDRAM, i.e. 0x30000000. And you will see the following screen:
Figure 10. U-Boot TFTP Transfer to SDRAM
Write the zImage image to the NAND by using nandw command.
| [root@M190]#nandw 0xc 0x190000 30000000 |
Figure 11. Using U-Boot Write NAND Flash
Temporary address is base address of SDRAM, i.e. 0x30000000. Start block number of kernel is 0xc, 1.8M (12~79 blocks) of NAND flash is environment space. In this case, we have written the kernel image size as 10c000, it varies depending on the menuconfig options and module selection.
After writing u-boot and kernel images to NAND flash, the last step is to write rescue root file system nand.img image. Repeat the same steps, first, we tftp the "nand.img" image to SDRAM.
| [root@M190]#tftp 30000000 nand.img |
Temporary address is base address of SDRAM, i.e. 0x30000000. Write the nand.img image to the NAND by using following nandw command.
| [root@M190]#nandw 0x100 0xce4000 30000000 |
Temporary address is base address of SDRAM, i.e. 0x30000000. Start block number of nand.img is 0x100, 13M (256~1084 blocks) of NAND flash is environment space. In this case, we have written the nand.img image size as cf0000.
After done, reset device and the kernel will be booting as following figure 12.
Figure 12. Booting Kernel
In this section, we will detail how to transfer and write firmware under Linux PC. First, we need to set up minicom so that we could see the message from the console.
Before transferring images using tftp, you should know how to use Minicom so that you could see the messages from console. In this section will explain how to setup Minicom.
Desktop Linux has Minicom program for serial communication. It is used for command prompt of u-boot.bin or shell prompt of embedded Linux.
Set up the values before using Minicom program. To execute minicom on setting mode:
| [root@localhost root]#minicom -s |
Figure 13. Minicom Setup
Please select 'Serial port setup'. Push 'A' key for setting 'Serial Device', then write serial port which is connected to device via console cable. (If you are using COM1, write /dev/ttyS0, if COM2, write /dev/ttyS1.)
Figure 14. Serial Port Setup I
Push 'E' key for setting up 'Bps/Par/Bits'. Push 'I' to set up 'bps' to 115200. Push 'V' to set up 'Data bits' to 8. Push 'W' to set up 'Stop bits' to '1', and 'V' to set up 'parity to 'NONE'.
Figure 15. Serial Port Setup II
Push 'F' key for setting up 'Hardware Flow Control to 'NO'. Push 'G' key for setting up 'Software Flow Control' to 'NO. The default value is 'NO'.
Figure 16. Hardware/Software Flow Control Setup
Once setting is over, please press 'Enter' key. And select 'Save setup as dfl item, then press 'Enter' for saving the values.
Figure 17. Saving Minicom Setup
Push 'Exit key, to exit from the setting mode. Currently, the set points are stored to the file '/etc/minirc.dfl'
Figure 18. Exiting Minicom Setup
To quit from Minicom, please press 'Ctrl + A' and then 'Z', at last push 'Q key. Then selecting 'Yes', Minicom is quitted.
Figure 18. Resetting from Minicom
This section will explain how to setup TFTP server under Linux. To use tftp server program you have to setup your computer by executing the following command.
| [root@localhost root]#setup |
You can see the "Text Mode Setup Utility" as shown below.
Figure 19. Text Mode Setup Utilities
Please select "System services". As shown below.
Figure 20. System Service List
Please select "tftp" service as shown in above figure and finally click on "ok".
Finally "quit" setup utility and execute the following command.
| [root@localhost root]#xinetd -restart |
Now you can download compiled images to the device by using tftp. Before downloading the images, connect host PC and device by Ethernet cable. (If you direct link PC and device, please use Ethernet cross cable.)
To download binary image files to device, run tftp server service on your computer and put images in /tftpboot directory.
Copy kernel zImage image to /tftpboot directory. In Linux PC, type
| [root@localhost root]#cp zImage /tftpboot/ |
Setting up an IP address helps in downloading the compiled images to device.
Connect host PC and device by Ethernet cable.
Note: If you are connecting PC LAN port to the device directly, you need to use an Ethernet cross cable.
Setting Up IP Address for Host PC
In your Linux host PC, run the terminal and execute following commands to set up an IP address.
| [root@localhost tftpboot]# ifconfig eth0 down [root@localhost tftpboot]# ifconfig eth0 192.168.1.10 netmask 255.255.255.0 up [root@localhost tftpboot]# ifconfig |
Figure 21. Setting IP Address for Host PC
Setting Up IP Address for Device
Run the Minicom first in host PC and Power ON device. Please press any key at auto-count to get the '[root@m190]#' command prompt.
Execute the command "printenv" as shown below.
Figure 22. Environment Parameter for Device
You can set and add the environment parameter of device using "setenv", "saveenv" command as below.
| [root@M190]#setenv ipaddr XXX.XXX.XXX.XXX [root@M190]#setenv serverip XXX.XXX.XXX.XXX [root@M190]#saveenv |
Example:
ipaddr 192.168.1.2
serverip 192.168.1.121
Note:
Make sure that the ipaddr is for device and serverip is for Linux PC are in the same network domain.
After setting up the IP address and wire everything right, you could start the tftp download.
Figure 23. Setting Up and Saving Parameters
After you configure the network for Host PC and device, the LED of the Ethernet jack will be on. It shows that the network connection has been successfully done.
After setting up the tftp server and IP address of devices, users can start transfer images to SDRAM by tftp and write to NAND by nandw command. It is necessary to download to SDRAM first before writing to NAND. The following command shows how to transfer u-boot.bin images to SDRAM.
| [root@M190]#tftp 30000000 u-boot.bin |
| [root@M190]#nandw 0 20000 30000000 |
Figure 24. Transfer and Write U-Boot to NAND
Next example shows how to transfer and write Linux kernel. The file name is "zImage". Again, we tftp to SDRAM first by the following command.
| [root@M190]#tftp 30000000 zImage |
Temporary address is base address of SDRAM, i.e. 0x30000000.
Write the zImage image to the NAND by using nandw command.
| [root@M190]#nandw 0xc 0x190000 30000000 |
Figure 25. Transfer and Write Kernel Image to NAND
Temporary address is base address of SDRAM, i.e. 0x30000000. Start block number of kernel is 0xc, 1.8M (12~79 blocks) of NAND flash is environment space. In this case, we have written the kernel image size as 10c000, it varies depending on the menuconfig options and module selection.
After writing u-boot and kernel images to NAND flash, the last step is to write rescue root file system nand.img image. Repeat the same steps, first, we tftp the nand.img image to SDRAM.
| [root@M190]#tftp 30000000 nand.img |
Temporary address is base address of SDRAM, i.e. 0x30000000. Write the nand.img image to the NAND by using following nandw command.
| [root@M190]#nandw 0x100 0xcf0000 30000000 |
Temporary address is base address of SDRAM, i.e. 0x30000000. Start block number of nand.img is 0x100, 13M (256~1084 blocks) of NAND flash is environment space. In this case, we have written the nand.img image size as cf0000.
After done, reset device and the kernel will be booting as following figure 26.
Figure 26. Booting Kernel