Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
uftpd(1)		    General Commands Manual		      uftpd(1)

       uftpd - Encrypted UDP based ftp with multicast -	client daemon

       uftpd [ -d ] [ -p port ]	[ -B buf_size ]
	   [ -E	] [ -Q dscp ] [	-U UID ] [ -x log_level	] [ -t ]
	   [ -T	temp_dir ] [ -D	dest_dir[,dest_dir... ]]
	   [ -A	backup_dir[,backup_dir... ]] [ -L logfile ]
	   [ -F	status_file ] [	-q ] [ -P pidfile ] [ -o ]
	   [ -S	serverlist_file	] [ -R proxylist_file ]
	   [ -r	v4proxy[/fp] ] [ -c cache_size ]
	   [ -k	keyfile	] [ -K rsa:key_len | ec:curve ]
	   [ -m	] [ -N priority	] [ -i ] [ -s postreceive_script ]
	   [ -g	max_log_size ] [ -n max_log_count ]
	   [ -H	hb_server[:port][,hb_server[:port]...] ]
	   [ -h	hb_interval ] [	-I interface[,interface...] ]
	   [ -M	pub_mcast_addr[,pub_mcast_addr...] ]

       uftpd  is  the  client  daemon of the UFTP suite.  It listens on	one or
       more multicast addresses	to receive files from servers.

       This version of the client supports servers and	proxies	 running  UFTP
       4.x and 5.x.

       The following options are supported:

       -d     Enable  debug  mode.  The	process	will run in the	foreground and
	      all output will go to stderr.  If	specified, the	-L  option  is

       -p port
	      The UDP port number to listen on.	 Default is 1044.

       -U UID The unique ID for	this client, specified as an 8 digit hexadeci-
	      mal number (0xnnnnnnnn).	The default value is based on  the  IP
	      address  of  the first listed multicast capable interface	on the
	      system.  If this address is IPv4,	the UID	is the address.	 If it
	      is IPv6, the UID is the last 4 bytes of the address.

       -B buf_size
	      The  size	in bytes of the	UDP receive buffer to use.  Valid val-
	      ues are 65536-104857600 (64KB-100MB).  Defaults to 262144.

       -E     Only allow incoming sessions if encryption is enabled.   Default
	      is to allow both encrypted and unencrypted sessions.

       -Q dscp
	      Specifies	 the  Differentiated  Services Code Point (DSCP), for-
	      merly Type of Service (TOS), in the IP header for	 all  outgoing
	      packets.	 Valid	values are 0-63	and may	be specified in	either
	      decimal or hexadecimal.  Default is 0.

	      Not currently supported on Windows.

       -x log_level
	      Specifies	current	logging	level.	Valid values are 0-5,  with  0
	      being  the  least	verbose	and 5 being the	most verbose.  Default
	      is 2, which is consistent	with logging prior to version 3.5.

       -t     Receive each file	into a temp file in the	same directory as  the
	      destination  file.   The	temp  file  will  have an extension of
	      .~uftp-{group-id}-{file-id}, where {group-id} and	{file-id}  are
	      the  group  ID of	the current session and	file ID	of the current
	      file.  If	-A is also specified, the existing destination file is
	      not  moved to backup directory until after the file is fully re-

       -T temp_dir
	      Temp directory in	 which	files  are  received,  then  moved  to
	      dest_dir	when  the  session is complete.	 If omitted, files are
	      received directly	 into  dest_dir.   Must	 reside	 on  the  same
	      filesystem as the	destination directory.

	      The  -T option MUST be specified to allow	the client to save the
	      state of failed file transfers that can be resumed later.

	      Not compatible -A	or -t.	Not compatible with -D	when  multiple
	      destination  directories are specified.  Also, if	this option is
	      specified, no incoming files with	an absolute path will  be  ac-
	      cepted,  and  sync mode will not work properly since there is no
	      existing file to check.

	      IMPORTANT: When full directories are received, the entire	direc-
	      tory is moved at once to the destination directory, removing any
	      existing file/directory.	This means that	if an existing	direc-
	      tory  in	dest_dir is the	same name as a directory received into
	      temp_dir,	all files under	the existing  directory	 are  deleted.
	      The -i option prevents this by moving all	files individually.

       -D dest_dir[,dest_dir...]
	      Destination  directories for all received	files.	When an	incom-
	      ing file specifies an absolute path, it must match  one  of  the
	      destination  directories,	 otherwise  the	file will be rejected.
	      Incoming files that don't	specify	an absolute path will  be  re-
	      ceived  into  the	 first destination directory in	the list.  De-
	      fault is /tmp for	UNIX-like systems, C:\temp for Windows.

       -A backup_dir[,backup_dir...]
	      Specifies	backup directories.  Each backup directory corresponds
	      to  a  destination  directory, so	the number of each MUST	be the
	      same.  Existing files that  would	 be  overwritten  by  incoming
	      files  are  moved	 to the	corresponding backup directory for the
	      selected destination directory, first under timestamped directo-
	      ries, then under the full	path of	the existing file.

	      For  example,  if	/full/path/to/file would be overwritten, it is
	      moved to {backup_dir}/YYYYMMDD/HHMMSS/full/path/to/file.	 Under
	      Windows, drive letters for local files are not part of the name,
	      but host/share names for network files are.  So  C:\path\to\file
	      would be backed up to {backup_dir}\YYYYMMDD\HHMMSS\path\to\file,
	      and   \\host\share\path\to\file	would	be   backed   up    to

	      Not compatible with -T.

       -L logfile
	      Specifies	the log	file.  Default is /tmp/uftpd.log for UNIX-like
	      systems systems, C:\uftpd_log.txt	for Windows.

       -F status_file
	      Prints easily parsable status information	to  a  file.   Setting
	      this option to @LOG results in status info being mixed with nor-
	      mal logging output.

	      The following is	printed	 when  the  client  registers  with  a


	      Where  "timestamp"  is  the  time	in yyyy/mm/dd-hh:mm:ss format,
	      "server_id" is the ID of the server, "session_id"	is the	ID  of
	      the  session with	the server, "server_ip"	is the IP address that
	      the server message came from, and	"server_name" is the name  as-
	      sociated with server_ip.

	      The following is printed after each file:


	      Where  "timestamp"  is  the  time	in yyyy/mm/dd-hh:mm:ss format,
	      "server_id" is the ID of the server, "session_id"	is the	ID  of
	      the  session with	the server, "filename" is the name of the cur-
	      rent file, "size"	is the size of the  file  in  kilobytes	 (i.e.
	      1234KB), and status is:

	      copy: The	file was received.

	      overwrite:  The  file  was  received,  and overwrote an existing
	      file.  Only generated in sync mode.

	      skipped: The file	was declined because it	is older that the  ex-
	      isting file.  Only generated in sync mode.

	      rejected:	 The file was rejected,	because	the file was sent with
	      an absolute pathname and either the client is using a  temp  di-
	      rectory or the filename doesn't match one	of the client's	desti-
	      nation directories.

       -q     When the client receives an ANNOUNCE from	the  server,  it  nor-
	      mally  print  the	 hostname associated with the IP address where
	      the ANNOUNCE came	from.  Specifying this option prevents	a  DNS
	      lookup of	the server IP, saving time.

       -P pidfile
	      The pidfile to write the daemon's	pid to on startup.  Default is
	      no pidfile.

       -o     Enables source specific multicast	(SSM) to  join	all  multicast
	      groups.	Setting	this option requires that the public multicast
	      addresses	specified by -M	are valid SSM addresses, and  requires
	      the  -S option to	specify	the IP addresses of server in order to
	      join the relevant	SSM group as well as  the  -R  option  if  any
	      servers communicate through a proxy.  This also requires servers
	      talking to this client to	use a SSM address for the private mul-
	      ticast address, otherwise	the message will be rejected.

	      Valid  SSM  addresses  are in the range for IPv4 and
	      the ff30::/96 range for IPv6.

       -S serverlist_file
	      A	file containing	a list of servers the  client  will  allow  to
	      send  files to it	and the	proxy the server communicates through,
	      if any.  The file	should contain the ID of the  server,  the  IP
	      address  the  client  expects the	server's request to come from,
	      the ID of	the client or response proxy it	goes through, and  op-
	      tionally the server's public key fingerprint, with one entry for
	      a	server on each line.  If a proxy is not	used by	the server,  a
	      value  of	 0  must be specified.	If a key fingerprint is	given,
	      the key specified	by the server must match the fingerprint.

	      This option is required if the -o	option is also specified,  and
	      is required if any server	communicates through a proxy.

	      Example contents:

	      If  a  particular	server is running version 4.x, the file	should
	      list the IP and fingerprint of the client	proxy instead  of  the
	      server.	In  version  4.x  mode,	the proxy can authenticate the

       -R proxylist_file
	      A	file containing	a list of proxies the  client  will  allow  to
	      send  files to it.  The file should contain the ID of the	proxy,
	      the IP address the client	expects	the proxy's  request  to  come
	      from,  and  optionally  the proxy's public key fingerprint, with
	      one entry	for a server on	each line.  If a  key  fingerprint  is
	      given,  the  key	specified  by the proxy	must match the finger-

	      This option is required if the -o	option is  specified  and  any
	      server  uses a proxy.  Not required otherwise unless proxies are
	      to be authenticated.

	      Example contents:

       -r v4proxy[/fingerprint]
	      Specifies	the name/IP of the response proxy that	all  responses
	      from  version  4.x  servers are forwarded	to.  If	fingerprint is
	      given, it	specifies the proxy's public  key  fingerprint.	  Upon
	      startup,	the  client  will  query the proxy for its public key,
	      retrying every 5 seconds until it	gets  a	 successful  response.
	      The  client  cannot accept an encrypted file transfer from a 4.x
	      server until it gets the proxy's key.

       -c cache_size
	      Specifies	the size in bytes of the cache used to	hold  received
	      data  packets before they	are written to disk.  Proper tuning of
	      this value can greatly increase efficiency at speeds in the  gi-
	      gabit  range.  Valid values are 10240-20971520 (10KB-20MB).  De-
	      fault is 1048576 (1MB).

       -k keyfile

       -K {rsa:key_len | ec:curve}
	      These two	options	are used to read  and/or  write	 the  client's
	      RSA/ECDSA	private	key.

	      The -K option creates an RSA or ECDSA private key.  New keys are
	      specified	as either rsa:key_length, which	creates	an RSA private
	      key  key_length  bits  wide, or as ec:curve, which creates an EC
	      key using	the curve "curve".

	      The supported EC curves are secp256r1  (prime256v1),  secp384r1,
	      and secp521r1.

	      If only -K is specified, a key is	created	and not	persisted.

	      If  only -k is specified,	this option reads an RSA or ECDSA pri-
	      vate key from the	specified keyfile.

	      If -k and	-K are both specified, the key created by -K is	 writ-
	      ten to the keyfile listed	by -k.

	      If  neither  -k  nor  -K	are specified, an EC private key using
	      curve secp256r1 is generated and not persisted.

	      The definition of	keyfile	is dependent  on  the  crypto  library
	      UFTP is compiled to use.

	      On Windows systems, UFTP uses CNG	(Cryptography API: Next	Gener-
	      ation).  Under CNG, all RSA and EC private keys must  be	stored
	      in a key container (technically only keys	used to	sign data, but
	      for UFTP's purposes this is the case).  Key containers  are  in-
	      ternal  to  Windows,  and	each user (and the system) has its own
	      set of key containers.  In this case, key_file is	 actually  the
	      name of the key container.

	      All  other  systems use OpenSSL for the crypto library (although
	      under Windows UFTP can be	also be	built to  use  it).   In  this
	      case,  key_file  specifies a file	name where the RSA private key
	      is stored	unencrypted in PEM format (the OS is expected to  pro-
	      tect this	file).	When both -k and -K are	specified, the file is
	      only written to if it does not currently	exist.	 If  the  file
	      does  exist,  an	error  message will be returned	and the	server
	      will exit.  When -k is not specified, the	generated key  is  not
	      persisted.   These  PEM  files  may  also	be manipulated via the
	      openssl(1) command line tool.

	      Keys can also be generated and viewed  via  the  uftp  keymgt(1)

       -m     For  Windows systems using CNG, private keys are normally	stored
	      in the key container of the running user.	 Specifying  this  op-
	      tion  stores keys	in the system key container.  Useful when run-
	      ning as a	service.  On non-Windows systems, this option  has  no

       -N priority
	      Sets the process priority.  On Windows systems, valid values are
	      from -2 to 2, with a default of 0.  These	correspond to the fol-
	      lowing priorities:

	      -2 High
	      -1 Above Normal
	       0 Normal
	       1 Below Normal
	       2 Low

	      On  all  other  systems, this is the "nice" value.  Valid	values
	      are from -20 to 19, where	-20 is the highest priority and	19  is
	      the lowest priority.  Default is 0.

       -i     When  -T	is  specified, directories are normally	moved from the
	      temp directory to	the destination	directory  at  once,  removing
	      all  existing files in the that subdirectory within the destina-
	      tion directory.  This option causes directories to be  traversed
	      so  that	all  received files are	moved individually, preventing
	      unwanted deletions.  This	also affects the operation of  the  -s
	      option.  If -T is	not specified, this option has no effect.

       -s postreceive_script
	      The full path to an external command or script to	be called when
	      files are	received.  The command will be called as follows:

	      postreceive_script -I session_id file [ file... ]

	      Where "session_id" is an 8 hexadecimal digit number  identifying
	      the  current  session, and "file"	is the full pathname to	one or
	      more received files/directories  in  the	destination  directory
	      specified	by -D.

	      The  way	this script is called depends on whether or not	a temp
	      directory	is specified by	-T, and	if -i is specified.  If	a temp
	      directory	 is not	specified, or if both -T and -i	are specified,
	      the script gets called once for each file	as soon	as the file is
	      received.	  If  a	temp directory is specified but	-i is not, the
	      script gets called once at the end of the	session, and is	passed
	      all  top	level  files/directories  received.   Here, "top level
	      files/directories" refers	to all entries in the  temp  directory
	      for the session, but not subdirectories.	So the script would be
	      responsible for traversing any listed directories	to find	 files
	      contained	within them.

       -g max_log_size
	      Specifies	 the  maximum  log file	size in	MB.  Once the log file
	      reaches this size, the file is renamed with a .1 extension and a
	      new  log	file  is  opened.   For	 example,  if  the log file is
	      /tmp/uftpd.log, it will be renamed /tmp/uftpd.log.1  and	a  new
	      /tmp/uftpd.log  will  be	created.   Ignored if -d is specified.
	      Valid values are 1-1024.	Default	is no log rolling.

       -n max_log_count
	      Specifies	the maximum number of archive log files	to  keep  when
	      log  rolling  is	active.	 When the log file rolls, archive logs
	      are renamed with an incrementing numerical extension  until  the
	      max  is  reached.	  Archive  log	files  beyond  the maximum are
	      deleted.	Ignored	if -g is  not  specified.   Valid  values  are
	      1-1000.  Default is 5.

       -H hb_server[:port][,hb_server[:port]...]]
	      Lists  one  or more proxies to send heartbeat messages to.  When
	      sending a	signed heartbeat message, the first key	 listed	 under
	      -k  is used to sign the message.	If port	is not specified for a
	      given proxy, the default port of 1044 is assumed.

       -h hb_interval
	      The time in seconds between sending heartbeat messages.  Ignored
	      if -H is not specified.

       -I interface[,interface...]
	      Lists  one or more interfaces to listen to multicast traffic on.
	      Interfaces can be	specified either by interface name,  by	 host-
	      name,  or	 by  IP.  When receiving a closed group	membership re-
	      quest, the client	will participate if any	 of  these  interfaces
	      matches an IP in the announcement.  When receiving an open group
	      membership request, the first interface listed is	 the  one  the
	      client will report back to the server.  This may not necessarily
	      be the interface that the	ANNOUNCE was received on.  The default
	      is to listen on all active non-loopback interfaces.  NOTE: Since
	      Windows doesn't have named interfaces (not  in  the  sense  that
	      UNIX-like	 systems  do),	only hostnames or IP addresses are ac-
	      cepted on	Windows.  If specifying	by hostname or IP,  may	 be  a
	      mixture of IPv4 and IPv6 addresses, except on systems that don't
	      support dual mode	sockets	such as	Windows	XP.

       -M pub_mcast_addr[,pub_mcast_addr...]
	      The list of public multicast addresses to	listen on.  May	 be  a
	      mixture of IPv4 and IPv6 addresses, except on systems that don't
	      support dual mode	 sockets  such	as  Windows  XP.   Default  is

       Starting	with the default options:


       The  client  runs as a daemon and listens for announcements on UDP port
       1044 on multicast address on all non-loopback network	inter-
       faces.  Incoming	files are received directly into /tmp (C:\temp on Win-
       dows).  An EC key using curve secp256r1	is  generated  to  handle  en-
       crypted sessions.

       Suppose	you  want  an  external	 process  to  handle incoming files in
       /tmp/dest.  Since you don't want	to pick	up incomplete files, you might
       want  them  to  be received into	/tmp/receiving then moved to /tmp/dest
       when done.  Then	call the client	like this:

	    uftpd -D /tmp/dest -T /tmp/receiving

       If the client expects to	receive	from different servers,	one sending on and one sending on ff02:4:4:2:

	    uftpd -M,ff02:4:4:2

       If  incoming  packets aren't being read quickly enough, and you want to
       increase	the UDP	receive	buffer size to 2 MB:

	    uftpd -B 2097152

       The following exit values are returned:

       0      The client started successfully and  is  running	in  the	 back-

       1      An invalid command line parameter	was specified.

       2      An error occurred	while attempting to initialize network connec-

       3      An error occurred	while reading or generating cryptographic  key

       4      An error occurred	while opening or rolling the log file.

       5      A	memory allocation error	occurred.

       6      The client was interrupted by the	user.

       uftp(1),	uftpproxyd(1), uftp_keymgt(1).

       The   latest  version  of  UFTP	can  be	 found	at  http://uftp-multi-  UFTP is covered by the GNU  General  Public  Li-
       cense.	Commercial licenses and	support	are available from Dennis Bush

UFTP 5.0			 22 April 2020			      uftpd(1)


Want to link to this manual page? Use this URL:

home | help