uftpd(1) uftpd(1) NAME uftpd - Encrypted UDP based ftp with multicast - client daemon SYNOPSIS uftpd [ -d ] [ -n ] [ -p port ] [ -B buf_size ] [ -E ] [ -Q dscp ] [ -U UID ] [ -x log_level ] [ -t ] [ -T temp_dir ] [ -D dest_dir[,dest_dir... ]] [ -A backup_dir[,backup_dir... ]] [ -L logfile ] [ -P pidfile ] [ -S serverlist_file ] [ -R proxy[/fp] ] [ -k keyfile[,keyfile...] ] [ -K new_key_length ] [ -m ] [ -N priority ] [ -H hb_server[:port][,hb_server[:port]...] ] [ -h hb_interval ] [ -I interface[,interface...] ] [ -M pub_mcast_addr[,pub_mcast_addr...] ] DESCRIPTION uftpd is the client daemon of the UFTP suite. It listens on one or more multicast addresses to receive files from servers. This version of the client supports servers running UFTP 3.x and UFTP 2.10.x. OPTIONS The following options are supported: -d Enable debug mode. The process will run in the foreground and all output will go to stderr. If specified, the -L option is ignored. -n Prevents name lookups of the server. Useful if name resolution takes a long time and delays sending of the registration mes- sage. -p port The UDP port number to listen on. Default is 1044. -U UID The unique ID for this client. May be specified either as a 6 digit hexadecimal number (0xnnnnnn) or as an IP address of the form 0.n.n.n. -B buf_size The size in bytes of the UDP receive buffer to use. Valid val- ues are 65536-104857600 (64KB-100MB). Defaults to 262144. -E Only allow incoming sessions if encryption is enabled. Default is to allow both encrypted and unencrypted sessions. -Q dscp Specifies the Differentiated Services Code Point (DSCP), for- merly Type of Service (TOS), in the IP header for all outgoing packets. Valid values are 0-63 and may be specified in either decimal or hexadecimal. Default is 0. On Windows XP systems, the OS doesn't allow this parameter to be changed by default. To change this, add/modify the follow- ing DWORD registry value, set to 0, and reboot: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser- vices\Tcpip\Parameters\DisableUserTOSSetting Not currently supported on Windows Vista or later. -x log_level Specifies current logging level. Valid values are 0-5, with 0 being the least verbose and 5 being the most verbose. Default is 2, which is consistent with logging prior to version 3.5. -t Receive each file into a temp file in the same directory as the destination file. The temp file will have an extension of .~uftp-{group-id}-{file-id}, where {group-id} and {file-id} are the group ID of the current session and file ID of the current file. If -A is also specified, the existing destination file is not moved to backup directory until after the file is fully received. -T temp_dir Temp directory in which files are received, then moved to dest_dir when the session is complete. If omitted, files are received directly into dest_dir. Must reside on the same filesystem as the destination directory. The -T option MUST be specified to allow the client to save the state of failed file transfers that can be resumed later. Not compatible -A or -t. Not compatible with -D when multiple destination directories are specified. Also, no incoming files with an absolute path will be accepted if this option is speci- fied. IMPORTANT: When full directories are received, the entire directory is moved at once to the destination directory, remov- ing any existing file/directory. This means that if an exist- ing directory in dest_dir is the same name as a directory received into temp_dir, all files under the existing directory are deleted. -D dest_dir[,dest_dir...] Destination directories for all received files. When an incom- ing file specifies an absolute path, it must match one of the destination directories, otherwise the file will be rejected. Incoming files that don't specify an absolute path will be received into the first destination directory in the list. Default is /tmp for UNIX-like systems, C:\temp for Windows. -A backup_dir[,backup_dir...] Specifies backup directories. Each backup directory corre- sponds to a destination directory, so the number of each MUST be the same. Existing files that would be overwritten by incoming files are moved to the corresponding backup directory for the selected destination directory, first under timestamped directories, then under the full path of the existing file. For example, if /full/path/to/file would be overwritten, it is moved to {backup_dir}/YYYYMMDD/HHMMSS/full/path/to/file. Under Windows, drive letters for local files are not part of the name, but host/share names for network files are. So C:\path\to\file would be backed up to {backup_dir}\YYYYM- MDD\HHMMSS\path\to\file, and \\host\share\path\to\file would be backed up to {backup_dir}\YYYYM- MDD\HHMMSS\host\share\path\to\file. Not compatible with -T. -L logfile Specifies the log file. Default is /tmp/uftpd.log for UNIX- like systems systems, C:\uftpd_log.txt for Windows. -P pidfile The pidfile to write the daemon's pid to on startup. Default is no pidfile. -S serverlist_file A file containing a list of servers the client will allow to send files to it. The file should contain the name/IP of a server optionally followed by the server's public key finger- print, with one on each line. If a key fingerprint is given, the key specified by the server must match the fingerprint. If your system supports source specific multicast (SSM), the client will subscribe to all public and private multicast addresses using SSM for all servers listed. When this option is specified, the public address given by -M must be a valid SSM address. Any ANNOUNCE that specifies a private IP that is not a valid SSM address will be rejected. Valid SSM addresses are in the range 232.0.0.0-232.255.255.255. Example contents: 192.168.1.101 66:1E:C9:1D:FC:99:DB:60:B0:1A:F0:8F:CA:F4:28:27:A6:BE:94:BC 192.168.1.201 When expecting to receive from a server that is behind a proxy, the file should list the name/IP and fingerprint of the client proxy instead of the server. The proxy can authenticate the server. -R proxy[/fingerprint] Specifies the name/IP of the response proxy that all responses are forwarded to. If fingerprint is given, it specifies the proxy's public key fingerprint. Upon startup, the client will query the proxy for its public key, retrying every 5 seconds until it gets a successful response. The client cannot accept an encrypted file transfer from a server until it gets the proxy's key. -k keyfile[,keyfile...] -K new_key_length These two options are used to read and/or write the client's RSA private key. If neither -k nor -K are specified, an RSA private key 512 bytes in length is generated. If -k is specified but not -K, the RSA private keys are read from each keyfile. If -k is not specified but -K is, an RSA private key new_key_length bytes in length is generated. If both -k and -K are specified, an RSA private key new_key_length bytes in length is generated and stored in the first keyfile, and subsequent key files are ignored. The definition of keyfile is dependent on the crypto library UFTP is compiled to use. On Windows systems using the native crypto library (CryptoAPI), all RSA private keys must be stored in a key container (techni- cally only keys used to sign data, but for UFTP's purposes this is the case). Key containers are internal to Windows, and each user (and the system) has its own set of key containers. In this case, keyfile is actually the name of the key container. When -k is not specified, the generated key is stored in a default key container. Note that if more than one server, client, and/or proxy use this default key container on the same machine, they will interfere with each other and the results are undefined. All other systems use OpenSSL for the crypto library (although under Windows UFTP can be also be built to use it). In this case, keyfile specifies a file name where the RSA private key is stored unencrypted in PEM format (the OS is expected to pro- tect this file). When both -k and -K are specified, the file is only written to if it does not currently exist. If the file does exist, an error message will be returned and the client will exit. When -k is not specified, the generated key is not persisted. Unlike CryptoAPI, servers, clients, and proxies will not step on each other in this case. These PEM files may also be manipulated via the openssl(1) command line tool. Keys can also be generated and viewed via the uftp_keymgt(1) utility. -m For Windows systems using CryptoAPI, private keys are normally stored in the key container of the running user. Specifying this option stores keys in the system key container. Useful when running as a service. On non-Windows systems, this option has no effect. -N priority Sets the process priority. On Windows systems, valid values are from -2 to 2, with a default of 0. These correspond to the following priorities: -2 High -1 Above Normal 0 Normal 1 Below Normal 2 Low On all other systems, this is the "nice" value. Valid values are from -20 to 19, where -20 is the highest priority and 19 is the lowest priority. Default is 0. -H hb_server[:port][,hb_server[:port]...] Lists one or more proxies to send heartbeat messages to. When sending a signed heartbeat message, the first key listed under -k is used to sign the message. If port is not specified for a given proxy, the default port of 1044 is assumed. -h hb_interval The time in seconds between sending heartbeat messages. Ignored if -H is not specified. -I interface[,interface...] Lists one or more interfaces to listen to multicast traffic on. Interfaces can be specified either by interface name, by host- name, or by IP. When receiving a closed group membership request, the client will participate if any of these interfaces matches an IP in the announcement. When receiving an open group membership request, the first interface listed is the one the client will report back to the server. This may not neces- sarily be the interface that the ANNOUNCE was received on. The default is to listen on all active non-loopback interfaces. NOTE: Since Windows doesn't have named interfaces (not in the sense that UNIX-like systems do), only hostnames or IP addresses are accepted on Windows. -M pub_multicast_addr[,pub_multicast_addr...] The list of public multicast addresses to listen on. Default is 230.4.4.1 EXAMPLES Starting with the default options: uftpd The client runs as a daemon and listens for announcements on UDP port 1044 on multicast address 230.4.4.1 on all non-loopback network inter- faces. Incoming files are received directly into /tmp (C:\temp on Win- dows). A 512-bit RSA key is generated to handle encrypted sessions. Suppose you want an external process to handle incoming files in /tmp/dest. Since you don't want to pick up incomplete files, you might want them to be received into /tmp/receiving then moved to /tmp/dest when done. Then call the client like this: uftpd -D /tmp/dest -T /tmp/receiving If the client expects to receive from different servers, one sending on 230.4.4.1 and one sending on 230.4.4.2: uftpd -M 230.4.4.1,230.4.4.2 To handle incoming encrypted sessions with differing RSA key sizes: uftpd -k file_for_1024_bit_key,file_for_2048_bit_key If incoming packets aren't being read quickly enough, and you want to increase the UDP receive buffer size to 2 MB: uftpd -B 2097152 SEE ALSO uftp(1), uftpproxyd(1), uftp_keymgt(1) NOTES The latest version of UFTP can be found at http://www.tcnj.edu/~bush/uftp.html. UFTP is covered by the GNU Gen- eral Public License. Commercial licenses and support are available from Dennis Bush (bush@tcnj.edu). UFTP 3.6 3 December 2011 uftpd(1)