Added TFTP Client / server

CMakeLists.txt

@@ -51,12 +51,17 @@ endif()
 string(TOLOWER "${CMAKE_SYSTEM_NAME}" CMAKE_SYSTEM_NAME_LC)
 
 set(WOLFIP_TAP_SRC "${CMAKE_CURRENT_SOURCE_DIR}/src/port/posix/tap_${CMAKE_SYSTEM_NAME_LC}.c")
+file(GLOB WOLFIP_TFTP_SRCS CONFIGURE_DEPENDS
+    "${CMAKE_CURRENT_SOURCE_DIR}/src/tftp/*.c")
 
 if (NOT EXISTS "${WOLFIP_TAP_SRC}")
     message(FATAL_ERROR "Unsupported platform: ${CMAKE_SYSTEM_NAME}")
 endif()
 
-set(WOLFIP_SRCS src/wolfip.c ${WOLFIP_TAP_SRC})
+set(WOLFIP_SRCS
+    src/wolfip.c
+    ${WOLFIP_TFTP_SRCS}
+    ${WOLFIP_TAP_SRC})
 
 set(CERT_SRCS
     ${CMAKE_BINARY_DIR}/certs/server_cert.c
@@ -187,7 +192,7 @@ add_executable(test-ttl-expired ${EXCLUDE_TEST_BINARY}
 target_compile_definitions(test-ttl-expired PRIVATE -DWOLFIP_MAX_INTERFACES=2 -DWOLFIP_ENABLE_FORWARDING=1)
 add_test(NAME ttl-expired COMMAND test-ttl-expired)
 
-if (NOT Check_FOUND)
+if (Check_FOUND)
     add_executable(unit ${EXCLUDE_TEST_BINARY}
         src/test/unit/unit.c
         )

Makefile

@@ -89,6 +89,10 @@ endif
 TAP_OBJ:=$(NETDEV_OBJ)
 TAP_PIE_OBJ:=$(NETDEV_PIE_OBJ)
 
+WOLFIP_TFTP_SRC:=$(wildcard src/tftp/*.c)
+WOLFIP_TFTP_OBJ:=$(patsubst src/%.c,build/%.o,$(WOLFIP_TFTP_SRC))
+WOLFIP_TFTP_PIE_OBJ:=$(patsubst src/%.c,build/pie/%.o,$(WOLFIP_TFTP_SRC))
+
 ifeq ($(UNAME_S),Darwin)
   BEGIN_GROUP:=
   END_GROUP:=
@@ -135,12 +139,15 @@ CPPCHECK_FLAGS=--enable=warning,performance,portability,missingInclude \
 			   --error-exitcode=1 --xml --xml-version=2
 
 OBJ=build/wolfip.o \
+	$(WOLFIP_TFTP_OBJ) \
 	$(TAP_OBJ)
 
 IPFILTER_OBJ=build/ipfilter/wolfip.o \
+	$(WOLFIP_TFTP_OBJ) \
 	$(TAP_OBJ)
 
 ESP_OBJ=build/esp/wolfip.o \
+	$(WOLFIP_TFTP_OBJ) \
 	$(TAP_OBJ)
 
 HAVE_WOLFSSL:=$(shell printf "#include <wolfssl/options.h>\nint main(void){return 0;}\n" | $(CC) $(CFLAGS) -x c - -c -o /dev/null 2>/dev/null && echo 1)
@@ -185,6 +192,7 @@ libtcpip.a: $(OBJ)
 
 libwolfip.so:CFLAGS+=-fPIC
 libwolfip.so:  build/pie/port/posix/bsd_socket.o build/pie/wolfip.o \
+	$(WOLFIP_TFTP_PIE_OBJ) \
 	$(TAP_PIE_OBJ)
 	@mkdir -p `dirname $@` || true
 	@echo "[LD] $@"
@@ -321,7 +329,7 @@ build/esp-server: $(ESP_OBJ) build/port/posix/bsd_socket.o build/test/esp_server
 	@echo "[LD] $@"
 	@$(CC) $(CFLAGS) $(ESP_CFLAGS) $(LDFLAGS) -o $@ $(BEGIN_GROUP) $(^) -lwolfssl $(END_GROUP)
 
-build/test-wolfssl-forwarding: build/test/test_wolfssl_forwarding.o build/test/wolfip_forwarding.o $(TAP_OBJ) build/port/wolfssl_io.o build/certs/server_key.o build/certs/ca_cert.o build/certs/server_cert.o
+build/test-wolfssl-forwarding: build/test/test_wolfssl_forwarding.o build/test/wolfip_forwarding.o $(WOLFIP_TFTP_OBJ) $(TAP_OBJ) build/port/wolfssl_io.o build/certs/server_key.o build/certs/ca_cert.o build/certs/server_cert.o
 	@echo "[LD] $@"
 	@$(CC) $(CFLAGS) -o $@ $(BEGIN_GROUP) $(^) $(LDFLAGS) -lwolfssl $(END_GROUP)
 
@@ -333,7 +341,7 @@ build/test/wolfip_forwarding.o: src/wolfip.c
 	@$(CC) $(CFLAGS) -DWOLFIP_MAX_INTERFACES=2 -DWOLFIP_ENABLE_FORWARDING=1 -c $< -o $@
 
 build/test/test_ttl_expired.o: CFLAGS+=-DWOLFIP_MAX_INTERFACES=2 -DWOLFIP_ENABLE_FORWARDING=1
-build/test-ttl-expired: build/test/test_ttl_expired.o build/test/wolfip_forwarding.o
+build/test-ttl-expired: build/test/test_ttl_expired.o build/test/wolfip_forwarding.o $(WOLFIP_TFTP_OBJ)
 	@echo "[LD] $@"
 	@$(CC) $(CFLAGS) -o $@ $(BEGIN_GROUP) $(^) $(LDFLAGS) $(END_GROUP)
 
@@ -386,7 +394,8 @@ UNIT_TEST_SRCS:=src/test/unit/unit.c \
 	src/test/unit/unit_tests_tcp_ack.c \
 	src/test/unit/unit_tests_tcp_flow.c \
 	src/test/unit/unit_tests_proto.c \
-	src/test/unit/unit_tests_multicast.c
+	src/test/unit/unit_tests_multicast.c \
+	src/test/unit/unit_tests_tftp.c
 
 unit: build/test/unit
 
@@ -486,27 +495,40 @@ $(COV_MCAST_UNIT): $(COV_MCAST_UNIT_O)
 cov: unit $(COV_UNIT)
 	@echo "[RUN] unit (coverage)"
 	@rm -f $(COV_DIR)/*.gcda
+	@rm -f $(COV_DIR)/unit-multicast $(COV_DIR)/unit-multicast.o \
+		$(COV_DIR)/unit-multicast.gcno $(COV_DIR)/unit-multicast.gcda
 	@$(COV_UNIT)
 	@echo "[COV] gcovr html"
 	@mkdir -p build/coverage
-	@gcovr -r . --exclude "src/test/unit/.*" --html-details -o build/coverage/index.html
+	@gcovr -r . --exclude "src/test/unit/.*" \
+		--gcov-ignore-errors=no_working_dir_found \
+		--merge-mode-functions=merge-use-line-min \
+		--html-details -o build/coverage/index.html
 	@$(OPEN_CMD) build/coverage/index.html
 
 autocov: unit $(COV_UNIT)
 	@echo "[RUN] unit (coverage)"
 	@rm -f $(COV_DIR)/*.gcda
+	@rm -f $(COV_DIR)/unit-multicast $(COV_DIR)/unit-multicast.o \
+		$(COV_DIR)/unit-multicast.gcno $(COV_DIR)/unit-multicast.gcda
 	@$(COV_UNIT)
 	@echo "[COV] gcovr html"
 	@mkdir -p build/coverage
-	@gcovr -r . --exclude "src/test/unit/.*" --html-details -o build/coverage/index.html
+	@gcovr -r . --exclude "src/test/unit/.*" \
+		--gcov-ignore-errors=no_working_dir_found \
+		--merge-mode-functions=merge-use-line-min \
+		--html-details -o build/coverage/index.html
 
 autocov-multicast: unit-multicast $(COV_MCAST_UNIT)
 	@echo "[RUN] unit multicast (coverage)"
 	@rm -f $(COV_DIR)/*.gcda
 	@$(COV_MCAST_UNIT)
 	@echo "[COV] gcovr multicast html"
 	@mkdir -p build/coverage
-	@gcovr -r . --exclude "src/test/unit/.*" --html-details -o build/coverage/multicast.html
+	@gcovr -r . --exclude "src/test/unit/.*" \
+		--gcov-ignore-errors=no_working_dir_found \
+		--merge-mode-functions=merge-use-line-min \
+		--html-details -o build/coverage/multicast.html
 
 # Install dynamic library to re-link linux applications
 #

README.md

@@ -18,6 +18,7 @@ configured to forward traffic between multiple network interfaces.
 - Multi-interface support
 - Optional IPv4-forwarding
 - Optional IPv4 UDP multicast with IGMPv3 ASM membership reports
+- Reusable allocation-free TFTP module under `src/tftp/`
 
 ## Supported socket types
 
@@ -53,6 +54,7 @@ wolfIP exposes a BSD-like `socket(2)` API for IPv4 sockets:
 | **Application** | DHCP | Client only (DORA) | [RFC 2131](https://datatracker.ietf.org/doc/html/rfc2131) |
 | **Application** | DNS | A and PTR record queries (client) | [RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035) |
 | **Application** | HTTP/HTTPS | Server with wolfSSL TLS support | [RFC 9110](https://datatracker.ietf.org/doc/html/rfc9110) |
+| **Application** | TFTP | Client/server octet-mode transfers with callback-driven storage and verification | [RFC 1350](https://datatracker.ietf.org/doc/html/rfc1350), [RFC 2347](https://datatracker.ietf.org/doc/html/rfc2347), [RFC 2348](https://datatracker.ietf.org/doc/html/rfc2348), [RFC 2349](https://datatracker.ietf.org/doc/html/rfc2349), [RFC 7440](https://datatracker.ietf.org/doc/html/rfc7440) |
 | **VPN** | wolfGuard | FIPS-compliant WireGuard (P-256, AES-256-GCM, SHA-256) | [Wolfguard](https://www.github.com/wolfssl/wireguard) |
 
 ## wolfGuard (FIPS WireGuard)
@@ -180,6 +182,14 @@ This port follows the same model as the POSIX wrapper:
 - Socket wrappers serialize stack access with a mutex
 - Blocking operations wait on callback-driven wakeups (instead of busy polling)
 
+## Source Layout
+
+- `src/wolfip.c`: core TCP/IP stack
+- `src/http/`: optional HTTP/HTTPS server pieces
+- `src/tftp/`: reusable TFTP module sources, auto-registered by the top-level `Makefile` and `CMakeLists.txt` when present
+- `src/port/`: platform and OS adaptation layers
+- `src/test/`: integration and unit tests
+
 ## Copyright and License
 
 wolfIP is licensed under the GPLv3 license. See the LICENSE file for details.

config.h

@@ -70,6 +70,10 @@
 #define WOLFIP_ENABLE_HTTP
 #endif
 
+#ifndef WOLFIP_ENABLE_TFTP
+#define WOLFIP_ENABLE_TFTP 0
+#endif
+
 #if WOLFIP_ENABLE_LOOPBACK && WOLFIP_MAX_INTERFACES < 2
 #error "WOLFIP_ENABLE_LOOPBACK requires WOLFIP_MAX_INTERFACES > 1"
 #endif

docs/API.md

@@ -16,9 +16,25 @@ wolfIP is a minimal TCP/IP stack designed for resource-constrained embedded syst
   - ICMP (RFC 792) - ping replies only
   - DHCP (RFC 2131) - client only
   - DNS (RFC 1035) - client only
+  - TFTP (RFC 1350, RFC 2347, RFC 2348, RFC 2349, RFC 7440) via the reusable `src/tftp/` module
   - UDP (RFC 768) - unicast, optional IPv4 multicast with `IP_MULTICAST`
   - TCP (RFC 793) with options (Timestamps, MSS)
 
+## Build Integration
+
+The top-level build systems register reusable module sources from `src/tftp/`
+automatically:
+
+- `Makefile` adds any `src/tftp/*.c` files to the shared library, static library,
+  and top-level executable link sets.
+- `CMakeLists.txt` globs `src/tftp/*.c` with `CONFIGURE_DEPENDS` so the same
+  sources are compiled into the main `wolfip` and `tcpip` targets.
+
+The TFTP module is callback-driven and allocation-free. Callers provide the UDP
+send hook plus open/read/write/close callbacks for storage, and may additionally
+provide streaming hash-update and final verification callbacks for firmware
+download flows.
+
 ## Core Data Structures
 
 ### Device Driver Interface

src/test/unit/unit.c

@@ -6,6 +6,7 @@
 #include "unit_tests_tcp_flow.c"
 #include "unit_tests_proto.c"
 #include "unit_tests_multicast.c"
+#include "unit_tests_tftp.c"
 
 Suite *wolf_suite(void)
 {
@@ -870,6 +871,7 @@ Suite *wolf_suite(void)
     tcase_add_test(tc_proto, test_regression_dns_id_never_zero);
     tcase_add_test(tc_proto, test_tcp_input_listen_synack_sends_rst_and_stays_listen);
     tcase_add_test(tc_proto, test_tcp_input_listen_accept_final_ack_does_not_send_rst);
+    add_tftp_tests(tc_proto);
 
     tcase_add_test(tc_utils, test_transport_checksum);
     tcase_add_test(tc_utils, test_iphdr_set_checksum);

src/test/unit/unit_shared.c

@@ -36,6 +36,8 @@
 #ifndef WOLFIP_ENABLE_FORWARDING
 #define WOLFIP_ENABLE_FORWARDING 1
 #endif
+#undef WOLFIP_ENABLE_TFTP
+#define WOLFIP_ENABLE_TFTP 1
 #if WOLFIP_ENABLE_LOOPBACK
 #define TEST_LOOPBACK_IF 0U
 #define TEST_PRIMARY_IF 1U
@@ -47,6 +49,7 @@
 #endif
 #include <stdio.h>
 #include "../../wolfip.c"
+#include "../../tftp/wolftftp.c"
 #include <stdlib.h> /* for random() */
 #include "mocks/wolfssl/wolfcrypt/settings.h"
 #include "mocks/wolfssl/wolfcrypt/memory.h"