uftpd(1)							      uftpd(1)



NAME
       uftpd - Encrypted UDP based ftp with multicast - client daemon

SYNOPSIS
       uftpd [ -d ] [ -n ] [ -p port ] [ -B buf_size ]
	   [ -E ] [ -Q dscp ] [ -U UID ] [ -x log_level ] [ -t ]
	   [ -T temp_dir ] [ -D dest_dir[,dest_dir... ]]
	   [ -A backup_dir[,backup_dir... ]] [ -L logfile ]
	   [ -P pidfile ] [ -S serverlist_file ] [ -R proxy[/fp] ]
	   [ -k keyfile[,keyfile...] ] [ -K new_key_length ]
	   [ -m ] [ -N priority ] [ -s postreceive_script ]
	   [ -H hb_server[:port][,hb_server[:port]...] ]
	   [ -h hb_interval ] [ -I interface[,interface...] ]
	   [ -M pub_mcast_addr[,pub_mcast_addr...] ]

DESCRIPTION
       uftpd  is  the  client  daemon of the UFTP suite.  It listens on one or
       more multicast addresses to receive files from servers.

       This version of the client supports servers running UFTP 3.x  and  UFTP
       2.10.x.


OPTIONS
       The following options are supported:

       -d     Enable  debug  mode.  The process will run in the foreground and
	      all output will go to stderr.  If specified, the	-L  option  is
	      ignored.

       -n     Prevents	name lookups of the server.  Useful if name resolution
	      takes a long time and delays sending of  the  registration  mes‐
	      sage.

       -p port
	      The UDP port number to listen on.	 Default is 1044.

       -U UID The  unique  ID for this client.	May be specified either as a 6
	      digit hexadecimal number (0xnnnnnn) or as an IP address  of  the
	      form 0.n.n.n.  When receiving a closed group membership request,
	      the client will participate if the UID matches an IP/UID in  the
	      announcement.

       -B buf_size
	      The  size in bytes of the UDP receive buffer to use.  Valid val‐
	      ues are 65536-104857600 (64KB-100MB).  Defaults to 262144.

       -E     Only allow incoming sessions if encryption is enabled.   Default
	      is to allow both encrypted and unencrypted sessions.

       -Q dscp
	      Specifies	 the  Differentiated  Services Code Point (DSCP), for‐
	      merly Type of Service (TOS), in the IP header for	 all  outgoing
	      packets.	 Valid	values are 0-63 and may be specified in either
	      decimal or hexadecimal.  Default is 0.

	      On Windows XP systems, the OS doesn't allow this parameter to be
	      changed  by  default.   To change this, add/modify the following
	      DWORD registry value, set to 0, and reboot:

	      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser‐
	      vices\Tcpip\Parameters\DisableUserTOSSetting

	      Not currently supported on Windows Vista or later.

       -x log_level
	      Specifies	 current  logging level.  Valid values are 0-5, with 0
	      being the least verbose and 5 being the most  verbose.   Default
	      is 2, which is consistent with logging prior to version 3.5.

       -t     Receive  each file into a temp file in the same directory as the
	      destination file.	 The temp  file	 will  have  an	 extension  of
	      .~uftp-{group-id}-{file-id},  where {group-id} and {file-id} are
	      the group ID of the current session and file ID of  the  current
	      file.  If -A is also specified, the existing destination file is
	      not moved to backup directory until  after  the  file  is	 fully
	      received.

       -T temp_dir
	      Temp  directory  in  which  files	 are  received,	 then moved to
	      dest_dir when the session is complete.  If  omitted,  files  are
	      received	directly  into	dest_dir.   Must  reside  on  the same
	      filesystem as the destination directory.

	      The -T option MUST be specified to allow the client to save  the
	      state of failed file transfers that can be resumed later.

	      Not  compatible  -A or -t.  Not compatible with -D when multiple
	      destination directories are specified.  Also, no incoming	 files
	      with  an absolute path will be accepted if this option is speci‐
	      fied.

	      IMPORTANT: When full directories are received, the entire direc‐
	      tory is moved at once to the destination directory, removing any
	      existing file/directory.	This means that if an existing	direc‐
	      tory  in	dest_dir is the same name as a directory received into
	      temp_dir, all files under the existing directory are deleted.

       -D dest_dir[,dest_dir...]
	      Destination directories for all received files.  When an	incom‐
	      ing  file	 specifies  an absolute path, it must match one of the
	      destination directories, otherwise the file  will	 be  rejected.
	      Incoming	files  that  don't  specify  an	 absolute path will be
	      received into the	 first	destination  directory	in  the	 list.
	      Default is /tmp for UNIX-like systems, C:\temp for Windows.

       -A backup_dir[,backup_dir...]
	      Specifies backup directories.  Each backup directory corresponds
	      to a destination directory, so the number of each	 MUST  be  the
	      same.   Existing	files  that  would  be overwritten by incoming
	      files are moved to the corresponding backup  directory  for  the
	      selected destination directory, first under timestamped directo‐
	      ries, then under the full path of the existing file.

	      For example, if /full/path/to/file would be overwritten,	it  is
	      moved  to {backup_dir}/YYYYMMDD/HHMMSS/full/path/to/file.	 Under
	      Windows, drive letters for local files are not part of the name,
	      but  host/share names for network files are.  So C:\path\to\file
	      would be backed up to {backup_dir}\YYYYMMDD\HHMMSS\path\to\file,
	      and    \\host\share\path\to\file	 would	 be   backed   up   to
	      {backup_dir}\YYYYMMDD\HHMMSS\host\share\path\to\file.

	      Not compatible with -T.

       -L logfile
	      Specifies the log file.  Default is /tmp/uftpd.log for UNIX-like
	      systems systems, C:\uftpd_log.txt for Windows.

       -P pidfile
	      The pidfile to write the daemon's pid to on startup.  Default is
	      no pidfile.

       -S serverlist_file
	      A file containing a list of servers the  client  will  allow  to
	      send  files  to  it.   The  file should contain the name/IP of a
	      server optionally followed by the server's  public  key  finger‐
	      print,  with  one	 on each line.	If a key fingerprint is given,
	      the key specified by the server must match the fingerprint.   If
	      your system supports source specific multicast (SSM), the client
	      will subscribe to all public  and	 private  multicast  addresses
	      using SSM for all servers listed.

	      When  this  option  is specified, the public address given by -M
	      must be a valid SSM address.  Any ANNOUNCE that specifies a pri‐
	      vate IP that is not a valid SSM address will be rejected.	 Valid
	      SSM addresses are in the range 232.0.0.0-232.255.255.255.

	      Example contents:
	      192.168.1.101 66:1E:C9:1D:FC:99:DB:60:B0:1A:F0:8F:CA:F4:28:27:A6:BE:94:BC
	      192.168.1.201

	      When expecting to receive from a server that is behind a	proxy,
	      the  file	 should list the name/IP and fingerprint of the client
	      proxy instead of the server.  The	 proxy	can  authenticate  the
	      server.

       -R proxy[/fingerprint]
	      Specifies	 the  name/IP of the response proxy that all responses
	      are forwarded to.	 If fingerprint is  given,  it	specifies  the
	      proxy's  public  key fingerprint.	 Upon startup, the client will
	      query the proxy for its public key,  retrying  every  5  seconds
	      until  it	 gets a successful response.  The client cannot accept
	      an encrypted file transfer from  a  server  until	 it  gets  the
	      proxy's key.

       -k keyfile[,keyfile...]

       -K new_key_length
	      These two options are used to read and/or write the client's RSA
	      private key.

	      If neither -k nor -K are specified, an RSA private key 512 bytes
	      in length is generated.

	      If  -k  is  specified  but not -K, the RSA private keys are read
	      from each keyfile.

	      If  -k  is  not  specified  but  -K  is,	an  RSA	 private   key
	      new_key_length bytes in length is generated.

	      If   both	  -k   and  -K	are  specified,	 an  RSA  private  key
	      new_key_length bytes in length is generated and  stored  in  the
	      first keyfile, and subsequent key files are ignored.

	      The  definition  of  keyfile  is dependent on the crypto library
	      UFTP is compiled to use.

	      On Windows systems using the native crypto library  (CryptoAPI),
	      all  RSA private keys must be stored in a key container (techni‐
	      cally only keys used to sign data, but for UFTP's purposes  this
	      is  the case).  Key containers are internal to Windows, and each
	      user (and the system) has its own set  of	 key  containers.   In
	      this  case,  keyfile  is actually the name of the key container.
	      When -k is not specified, the  generated	key  is	 stored	 in  a
	      default  key  container.	 Note  that  if	 more than one server,
	      client, and/or proxy use this default key container on the  same
	      machine, they will interfere with each other and the results are
	      undefined.

	      All other systems use OpenSSL for the crypto  library  (although
	      under  Windows  UFTP  can	 be also be built to use it).  In this
	      case, keyfile specifies a file name where the RSA private key is
	      stored  unencrypted in PEM format (the OS is expected to protect
	      this file).  When both -k and -K are specified, the file is only
	      written  to  if  it  does not currently exist.  If the file does
	      exist, an error message will be returned	and  the  client  will
	      exit.   When  -k is not specified, the generated key is not per‐
	      sisted.  Unlike CryptoAPI, servers, clients,  and	 proxies  will
	      not  step	 on each other in this case.  These PEM files may also
	      be manipulated via the openssl(1) command line tool.

	      Keys can also be generated and  viewed  via  the	uftp_keymgt(1)
	      utility.

       -m     For  Windows  systems using CryptoAPI, private keys are normally
	      stored in the key container of  the  running  user.   Specifying
	      this  option  stores  keys  in the system key container.	Useful
	      when running as a service.  On non-Windows systems, this	option
	      has no effect.

       -N priority
	      Sets the process priority.  On Windows systems, valid values are
	      from -2 to 2, with a default of 0.  These correspond to the fol‐
	      lowing priorities:

	      -2 High
	      -1 Above Normal
	       0 Normal
	       1 Below Normal
	       2 Low

	      On  all  other  systems, this is the "nice" value.  Valid values
	      are from -20 to 19, where -20 is the highest priority and 19  is
	      the lowest priority.  Default is 0.

       -s postreceive_script
	      The full path to an external command or script to be called when
	      files are received.  The command will be called as follows:

	      postreceive_script -I session_id file [ file... ]

	      Where "session_id" is an 8 hexadecimal digit number identifiying
	      the  current  session, and "file" is the full pathname to one or
	      more received files/directories  in  the	destination  directory
	      specified by -D.

	      The  way	this script is called depends on whether or not a temp
	      directory is specified by -T.  If a temp directory is not speci‐
	      fied,  the  script gets called once for each file as soon as the
	      file is received.	 If a temp directory is specified, the	script
	      gets  called  once  at the end of the session, and is passed all
	      top  level  files/directories  received.	  Here,	  "top	 level
	      files/directories"  refers  to all entries in the temp directory
	      for the session, but not subdirectories.	So the script would be
	      responsible  for traversing any listed directories to find files
	      contained within them.

       -H hb_server[:port][,hb_server[:port]...]
	      Lists one or more proxies to send heartbeat messages  to.	  When
	      sending  a  signed heartbeat message, the first key listed under
	      -k is used to sign the message.  If port is not specified for  a
	      given proxy, the default port of 1044 is assumed.

       -h hb_interval
	      The time in seconds between sending heartbeat messages.  Ignored
	      if -H is not specified.

       -I interface[,interface...]
	      Lists one or more interfaces to listen to multicast traffic  on.
	      Interfaces  can  be specified either by interface name, by host‐
	      name, or by  IP.	 When  receiving  a  closed  group  membership
	      request,	the client will participate if any of these interfaces
	      (or the UID if -U is specified) matches an IP in	the  announce‐
	      ment.   When  receiving  an  open	 group membership request, the
	      first interface listed is the one the client will report back to
	      the  server.  This may not necessarily be the interface that the
	      ANNOUNCE was received on.	 The  default  is  to  listen  on  all
	      active  non-loopback  interfaces.	  NOTE:	 Since Windows doesn't
	      have named interfaces (not in the sense that  UNIX-like  systems
	      do), only hostnames or IP addresses are accepted on Windows.

       -M pub_multicast_addr[,pub_multicast_addr...]
	      The list of public multicast addresses to listen on.  Default is
	      230.4.4.1

EXAMPLES
       Starting with the default options:

	    uftpd

       The client runs as a daemon and listens for announcements on  UDP  port
       1044  on multicast address 230.4.4.1 on all non-loopback network inter‐
       faces. Incoming files are received directly into /tmp (C:\temp on  Win‐
       dows).  A 512-bit RSA key is generated to handle encrypted sessions.

       Suppose	you  want  an  external	 process  to  handle incoming files in
       /tmp/dest.  Since you don't want to pick up incomplete files, you might
       want  them  to  be received into /tmp/receiving then moved to /tmp/dest
       when done.  Then call the client like this:

	    uftpd -D /tmp/dest -T /tmp/receiving

       If the client expects to receive from different servers, one sending on
       230.4.4.1 and one sending on 230.4.4.2:

	    uftpd -M 230.4.4.1,230.4.4.2

       To handle incoming encrypted sessions with differing RSA key sizes:

	    uftpd -k file_for_1024_bit_key,file_for_2048_bit_key

       If  incoming  packets aren't being read quickly enough, and you want to
       increase the UDP receive buffer size to 2 MB:

	    uftpd -B 2097152


SEE ALSO
       uftp(1), uftpproxyd(1), uftp_keymgt(1)

NOTES
       The    latest	version	   of	  UFTP	   can	   be	  found	    at
       http://www.tcnj.edu/~bush/uftp.html.   UFTP  is covered by the GNU Gen‐
       eral Public License.  Commercial licenses  and  support	are  available
       from Dennis Bush (bush@tcnj.edu).



UFTP 3.7			 28 June 2012			      uftpd(1)
