Description of problem: If you run "systemctl enable tftp.socket" on a system with multiple IP addresses, the server does not respond from the correct IP address. In my case, there is a VRRP secondary address on an interface. If the client connects to the secondary VRRP address, the server responds from the primary address on that interface. When tftpd is launched from xinetd, it works properly. When run from systemd, we see error messages like this in the logs: Oct 26 02:46:16 ti120 in.tftpd[28414]: [ID daemon.warning] tftpd: read(ack): Connection refused The client is unable to retrieve files because it expects the response to come from the secondary IP address that it contacted. Version-Release number of selected component (if applicable): tftp-server-5.2-9.fc19.x86_64 How reproducible: Enable the tftp server with "systemctl enable tftp.socket", assign a secondary IP address using "ip addr add", and then tftp from a client to the secondary IP address and try to retrieve a file. It will not succeed. Steps to Reproduce: 1. assign a secondary IP address using "ip addr add" 2. enable the tftp server with "systemctl enable tftp.socket" 3. on a client host, connect to the secondary IP address and try to retrieve a file. Actual results: The file retrieval fails. tcpdump shows that the server does not respond from the correct address. Expected results: The client should be able to retrieve a file. tftpd should respond from the address on which it was contacted. Additional info:
The problem seems to be related to the IPv4 to IPv6 mapping. With this patch to tftp.socket, everything works properly on my network (which is using IPv4): --- usr/lib/systemd/system/tftp.socket.orig 2013-04-23 03:43:43.000000000 -0400 +++ usr/lib/systemd/system/tftp.socket 2013-10-28 13:59:28.125950493 -0400 @@ -2,7 +2,7 @@ Description=Tftp Server Activation Socket [Socket] -ListenDatagram=69 +ListenDatagram=0.0.0.0:69 [Install] WantedBy=sockets.target I don't know how to fix this in the general case. It would be nice if systemd had a setting BindIPv4Only. Perhaps the tftpd code can be patched to handle this case properly, but I do not know exactly what is going wrong with the v4 to v6 mapping.
I don't think this patch would work for ipv6 connections. Try adding ListenDatagram=[::]:69 BindIPv6Only=both or any combination of the two (BindIPv6Only should default to "both", but just to be sure...) to the tftp.socket file if that helps.
This bugzilla has gone without response for about 3 months now. Closing.
I do not have IPv6 infrastructure, so I cannot test that aspect. I can only tell you for sure that the tftp.socket file does not work as shipped. I do not see why you closed the bug. A fix is required.
(In reply to Andrew J. Schorr from comment #4) > I do not have IPv6 infrastructure, so I cannot test that aspect. I can only > tell you for sure that the tftp.socket file does not work as shipped. I do > not see why you closed the bug. A fix is required. I am still seeing this problem with 5.2-12.el7 on EL7.2 I've tried BindIPv6Only=both with various formats for the value of the ListenDatagram option but the only way to get IPv4 support to work is to specify 0.0.0.0:69 which seems to contradict the details given in the systemd.socket manual page. Stephen Quinney
I am also seeing this issue [root@localhost ~]# cat /etc/centos-release CentOS Linux release 7.2.1511 (Core) I discovered this issue while PXE booting. My PXE server has multiple NICs and hosted a tftp and dhcp server. On the first boot, when a client had no dhcp lease, the client would successfully negotiate the dhcp information tftp files. If a dhcp client were to PXE boot a second time, the tftp server would not respond. In the /var/log/messages I could see the incoming requests etc but when I used tshark to sniff the traffic I saw no outbound messages from the server. This issue was fixed with Andrew J. Schorr's suggestion and a little research. I have changed by configurations to be as follows: ListenDatagram=0.0.0.0:69 I think this issue should be reopened. At the very least I think the default configurations should be changed.