Package: tftpd-hpa
Version: 5.2+20150808-1+b1
Severity: important
Tags: ipv6
Dear Maintainer,
On a normal Debian installation, the following lines can be found in
/etc/hosts:
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
After installing both tftpd-hpa as a server and tftp-hpa as a client, one would
expect to be able to query the local server using localhost, with the following
command:
tftp localhost -c get foobar.txt
This is however not the case. The query goes timeout, because by default the
client will try the IPv6 address first when we pass in "localhost" as the
server address. We can see this behavior by using Wireshark on the "lo"
loopback interface: request is made to [::1] instead of 127.0.0.1
(which works if we replace "localhost" by this address).
The default listen address is specifically set to IPv4 only in
/etc/default/tftpd-hpa:
TFTP_ADDRESS="0.0.0.0:69"
This has a big useability impact, as any user who installs the server and the
client who want to test that the configuration is working correctly will fall
into this timeout issue, because the server binds only to IPv4 addresses
while the client will try IPv6 address for localhost by default.
As we can agree that removing "::1" address from /etc/hosts is not a sane
option,
one solution would simply be to listen on all addresses instead of only all
IPv4 addresses, by changing the /etc/default/tftpd-hpa value to:
TFTP_ADDRESS=":69"
This bug is similar to other already opened IPv6 bugs, but I wanted to
specifically describe this issue from the localhost perspective, as IPv6 is
used by default.
Other proposals have been made in the same way of stopping to listenning to
IPv4 only starting in 2014, but in 2020 this bug seems to be still present.
We hope that changing this default to a sane value will make new tftpd-hpa
users not loose as much time as I did finding out why I could not just get
a file from "localhost".
Best regards,
Romain.
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages tftpd-hpa depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.73
ii libc6 2.29-10
ii libwrap0 7.6.q-30
tftpd-hpa recommends no packages.
Versions of packages tftpd-hpa suggests:
pn pxelinux <none>
-- debconf information:
tftpd-hpa/address: 0.0.0.0:69
tftpd-hpa/username: tftp
tftpd-hpa/directory: /srv/tftp
tftpd-hpa/options: --secure
