forked from mirrors/tftp-hpa-google
33 lines
1.5 KiB
Text
33 lines
1.5 KiB
Text
Starting in version 0.17, tftp-hpa operates in genuine "wait" mode,
|
|
which means that an in.tftpd process hangs around for some time after
|
|
the last service request has arrived. This speeds up servicing a
|
|
subsequent request, which apparently has been a problem in the past,
|
|
resulting in "request storms" as the client keeps retrying, resulting
|
|
in multiple connections on the server which the client has already
|
|
abandoned.
|
|
|
|
This also means that spawning tftp via tcpd is useless (in fact, this
|
|
indirection seems to be part of the reason for these "request
|
|
storms.") Instead, tftp-hpa supports calling the tcpwrapper library
|
|
directly. Thus, if your /etc/inetd.conf looks like this (all on one
|
|
line):
|
|
|
|
tftp dgram udp wait root /usr/sbin/tcpd
|
|
/usr/sbin/in.tftpd -s /tftpboot -r blksize
|
|
|
|
... it's better to change to ...
|
|
|
|
tftp dgram udp wait root /usr/sbin/in.tftpd
|
|
in.tftpd -s /tftpboot -r blksize
|
|
|
|
You should make sure that you are using "wait" option in tftpd; you
|
|
also need to have tftpd spawned as root in order for chroot (-s) to
|
|
work. tftpd automatically drops privilege and changes user ID to
|
|
"nobody" by default; the appropriate user ID for tftpd can be
|
|
specified with the -u option (e.g. "-u tftpuser").
|
|
|
|
If you are running a busy boot server, I would suggest to instead use
|
|
kernel-based firewalling rules, and to compile tftpd without
|
|
tcpwrapper support, in order to provide significantly better
|
|
performance. To do so, specify the --without-tcpwrappers option to
|
|
configure when compiling; see the INSTALL.tftp file for more information.
|