Network Working Group A. Bhushan
Request for Comments: 114 MIT Project MAC
NIC: 5823 16 April 1971
A FILE TRANSFER PROTOCOL
I. Introduction
Computer network usage may be divided into two broad categories --
direct and indirect. Direct usage implies that you, the network
user, are "logged" into a remote host and use it as a local user.
You interact with the remote system via a terminal (teletypewriter,
graphics console) or a computer. Differences in terminal
characteristics are handled by host system programs, in accordance
with standard protocols (such as TELNET (RFC 97) for teletypewriter
communications, NETRJS (RFC 88) for remote job entry). You, however,
have to know the different conventions of remote systems, in order to
use them.
Indirect usage, by contrast, does not require that you explicitly log
into a remote system or even know how to "use" the remote system. An
intermediate process makes most of the differences in commands and
conventions invisible to you. For example, you need only know a
standard set of network file transfer commands for your local system
in order to utilize remote file system. This assumes the existence
of a network file transfer process at each host cooperating via a
common protocol.
Indirect use is not limited to file transfers. It may include
execution of programs in remote hosts and the transfer of core
images. The extended file transfer protocol would facilitate the
exchange of programs and data between computers, the use of storage
and file handling capabilities of other computers (possibly including
the trillion-bit store data computer), and have programs in remote
hosts operate on your input and return an output.
The protocol described herein has been developed for immediate
implementation on two hosts at MIT, the GE645/Multics and the PDP-
10/DM/CG-ITS (and possibly Harvard's PDP-10). An interim version
with limited capabilities is currently in the debugging stage. [1]
Since our implementation involves two dissimilar systems (Multics is
a "service" system, ITS is not) with different file systems (Multics
provides elaborate access controls, ITS provides none), we feel that
the file transfer mechanisms proposed are generalizable. In
addition, our specification reflects a consideration of other file
systems on the network. We conducted a survey [2] of network host
systems to determine the requirements and capabilities. This paper
is a "first cut" at a protocol that will allow users at any host on
the network to use the file system of every cooperating host.
II. Discussion
A few definitions are in order before the discussion of the protocol.
A file is an ordered set consisting of computer instructions and/or
data. A file can be of arbitrary length [3]. A named file is
uniquely identified in a system by its file name and directory name.
The directory name may be the name of a physical directory or it may
be the name of a physical device. An example of physical directory
name is owner's project-programmer number and an example of physical
device name is tape number.
A file may or may not have access controls associated with it. The
access controls designate the users' access privileges. In the
absence of access controls, the files cannot be protected from
accidental or unauthorized usage.
A principal objective of the protocol is to promote the indirect use
of computers on the network. Therefore, the user or his program
should have a simple and uniform interface to the file systems on the
network and be shielded from the variations in file and storage
systems of different host computers. This is achieved by the
existence of a standard protocol in each host.
Criteria by which a user-level protocol may be judged were described
by Mealy in RFC 91, as involving the notion of logical records,
ability to access files without program modifications, and
implementability. I would add to these efficiency, extendibility,
adaptability, and provision of error-recovery mechanisms.
The attempt in this specification has been to enable the reliable
transfer of network ASCII (7-bit ASCII in 8-bit field with leftmost
bit zero) as well as "binary" data files with relative ease. The use
of other character codes, such as EBCDIC, and variously formatted
data (decimal, octal, ASCII characters packed differently) is
facilitated by inclusion of data type in descriptor headings. An
alternative mechanism for defining data is also available in the form
of attributes in file headings. The format control characters
reserved for the syntax of this protocol have identical code
representation in ASCII and EBCDIC. (These character are SOH, STX,
ETX, DC1, DC2, DC3, US, RS, GS, and FS.)
The notion of messages (the physical blocks of data communicated
between NCP's) is suppressed herein and that of "logical" records and
transactions is emphasized. The data passed by the NCP is parsed
into logical blocks by use of simple descriptors (code and count
mechanisms) as described in Section III. The alternative to count is
fixed length blocks or standard end-of-file characters (scan data
stream). Both seem less desirable than count.
The cooperating processes may be "daemon" processes which "listen" to
agreed-upon sockets, and follow the initial connection protocol much
in the same way as a "logger" does. We recommend using a single
full-duplex connection for the exchange of both data and control
information [4], and using CLS to achieve synchronization when
necessary (a CLS is not transmitted until a RFNM is received).
The user may be identified by having the using process send at the
start of the connection the user's name information (either passed on
by user or known to the using system) [5]. This user name
information (a sequence of standard ASCII characters), along with the
host number (known to the NCP), positively identifies the user to the
serving process.
At present, more elaborate access control mechanisms, such as
passwords, are not suggested. The user, however, will have the
security and protection provided by the serving system. The serving
host, if it has access controls, can prevent unprivileged access by
users from other host sites. It is up to the using host to prevent
its own users from violating access rules.
The files in a file system are identified by a pathname, similar to
the labels described in RFC 76 (Bouknight, Madden, and Grossman).
The pathname contains the essential information regarding the storage
and retrieval of data.
In order to facilitate use, default options should be provided. For
example, the main file directory on disk would be the default on the
PDP-10/ITS, and a pool directory would be the default on Multics.
The file to be transferred may be a complete file or may consist of
smaller records. It may or may not have a heading. A heading should
contain ASCII or EBCDIC characters defining file attributes. The
file attributes could be some simple agreed-upon types or they could
be described in a data reconfiguration or interpretation language
similar to that described in RFC 83 (Anderson, Haslern, and Heffner),
or a combination.
The protocol does not restrict the nature of data in the file. For
example, a file could contain ASCII text, binary core image, graphics
data or any other type of data. The protocol includes an "execute"
request for files that are programs. This is intended to facilitate
the execution of programs and subroutines in remote host computers
[6].
III. SPECIFICATIONS
1. Transactions
1A. The protocol is transaction-oriented. A transaction is defined
to be an entity of information communicated between cooperating
processes.
1B. Syntax
A transaction has three fields, a 72-bit descriptor field and
variable length (including zero) data and filler fields, as
shown below. The total length of a transaction is (72 + data +
filler) bits.
| <code><filler count><NUL><data count><NUL> | <data><filler> |
| |____||____________||___||__________||___| | |____________| |
| | | | | | | | |
| 24-bits 8-bits 8-bits 24-bits 8-bits| variable length |
| <-------descriptor field 72-bits---------> |<--data and filler-->|
| | |
1C. Semantics
The code field has three 8-bit bytes. The first byte is
interpreted as transaction type, the second byte as data type
and the third byte as extension of data type.
The filler count is a binary count of bits used as "filler"
(i.e., not information) at the end of a transaction [7]. As
the length of the filler count field is 8-bits, the number of
bits of filler shall not exceed 255 bits.
The data count is a binary count of the number of data (i.e.,
information) bits in the data field, not including filler bits.
The number of data bits is limited to (2^24-1), as there are 24
bits in the data count field.
The NUL bytes are inserted primarily as fillers in the
descriptor field and allow the count information to appear at
convenient word boundaries for different word length machines
[8].
2. Transaction Types
2A. A transaction may be of the following four basic types:
request, response, transfer and terminate. Although large
number of request and transfer types are defined,
implementation of a subset is specifically permitted. Host
computers, on which a particular transaction type is not
implemented, may refuse to accept that transaction by
responding with an unsuccessful terminate.
The following transaction type codes are tentatively defined:
Transaction Type Transaction Type Code
ASCII Octal Hexidecimal
Request
Identify I 111 49
Retrieve R 122 52
Store S 123 53
Append A 101 41
Delete D 104 44
Rename N 116 4E
addname (Plus) P 120 50
deletename (Minus) M 115 4D
Lookup L 114 4C
Open O 117 4F
Close C 103 43
Execute [9] E 105 45
Response
ready-to-receive (rr) < 074 3C
ready-to-send (rs) > 076 3E
Transfer
complete_file * 052
heading # 043 23
part_of_file ' 054 2C
last_part . 056 2E
Terminate
successful (pos.) + 053 2B
unsuccessful (neg.) - 055 2D
2B. Syntax
In the following discussion US, RS, GS, FS, DC1, DC2, and DC3
are the ASCII characters, unit separator (octal 037), record
separator (octal 036), group separator (octal 035), file
separator (octal 034), device control 1 (octal 021), device
control 2 (octal 022), and device control 3 (octal 023),
respectively. These have an identical interpretation in
EBCDIC.
2B.1 Requests
Identify, retrieve, store, append, delete, open, lookup and
execute requests have the following data field:
<path name>
Rename request has the data field:
<path name> GS <name>
Addname and deletename requests have the data field:
<path name> GS <filenames>
where pathname [10], name and filenames have the following
syntax (expressed in BNF, the metalanguage of the ALGOL 60
report):
<pathname> ::= <device name>|<name>|<pathname>US<name>
<device name> ::= DC1<name>
<name> ::= <char> | <name> <char>
<char> ::= All 8-bit ASCII or EBCDIC characters except
US, RS, GS, FS, DC1, DC2, AND DC3.
<filenames> ::= <name>|<filenames> RS <name>
The data type for the request transaction shall be either A
(octal 101 for ASCII, or E (octal 105) for EBCDIC [11].
Some examples of pathname are:
DC1 MT08
DC1 DSK 1.2 US Net<3> US J.Doe US Foo
udd US proj. US h,n/x US user US file
filename 1 filename 2
2B.2 Responses
The response transactions shall normally have an empty data
field.
2B.3 Transfers
The data types defined in section 4 will govern the syntax of
the data field in transfer transactions. No other syntactical
restrictions exist.
2B.4 Terminates
The successful terminate shall normally have an empty data
field. The unsuccessful terminate may have a data field
defined by the data types A (octal 101) for ASCII, E (octal
105) for EBCDIC, or S (octal 123) for status.
A data type code of 'S' would imply byte oriented error return
status codes in the data field. The following error return
status codes are defined tentatively:
Error Code Meaning Error Code
ASCII Octal Hexadecimal
Undefined error U 125 55
Transaction type error T 124 54
Syntax error S 123 53
File search failed F 106 46
Data type error D 104 44
Access denied A 101 41
Improper transaction sequence I 111 49
Time-out error O 117 4F
Error condition by system E 105 45
2C. Semantics
2C.1 Requests
Requests are always sent by using host. In absence of a device
name or complete pathname, default options should be provided
for all types of requests.
_Identify_ request identifies the user as indicated by
<pathname> from serving to using host.
_Retrieve_ request achieves the transfer of file specified in
<pathname> from serving to using host.
_Store_ request achieves the transfer of file specified in
<pathname> from using to serving host.
_Append_ request causes data to be added to file specified in
pathname.
_Rename_ request causes name of file specified in <pathname> to
be replaced by name specified in <name>.
_Delete_ request causes file specified in <pathname> to be
deleted. If an extra level of protection for delete is desired
(such as the query 'Do you wish to delete file x?'), it is to
be a local implementation option.
_Addname_ and _deletename_ requests cause names in <filenames>
to be added or deleted to existing names of file specified in
<pathname>. These requests are useful in systems such as
Multics which allow multiple names to be associated with a
file.
_Lookup_ request achieves the transfer of attributes (such as
date last modified, access list, etc) of file specified in
<pathname>, instead of the file itself.
_Open_ request does not cause a data transfer, instead file
specified in <pathname> is "opened" for retrieve (read) or
store (write). Subsequent requests are then treated as
requests pertaining to the file that is opened till such a time
that a close request is received.
_Execute_ request achieves the execution of file specified in
<pathname>, which must be an executable program. Upon receipt
of rr response, using host will transmit the necessary input
data (parameters, arguments, etc). Upon completion of
execution serving host will send the results to using host and
terminate [12].
2C.2 Response
Responses are always sent by serving host. The rr response
indicates that serving host is ready to receive the file
indicated in the preceding request. The rs response indicates
that the next transaction from serving host will be the
transfer of file indicated in the preceding request.
2C.3 Transfers
Transfers may be sent by either host. Transfer transactions
indicate the transfer of file indicated by a request. Files
can be transferred either as complete_file transactions or as
part_of_file transactions followed by last_part transactions.
The file may also have a heading transaction in the beginning.
The syntax of a file, therefore, may be defined as:
<file> ::= <text> | <heading> <text>
<text> ::= <complete_file> | <parts> <last_part>
<parts> ::= <part_of_file> | <parts> <part_of_file>
Headings may be used to communicate the attributes of files.
The form of headings is not formally specified but is discussed
in Section IV as possible extension to this protocol.
2C.4 Terminates
The successful terminate is always sent by serving host. It
indicates to using host that serving host has been successful
in serving the request and has gone to an initial state. Using
host will then inform user that his request is successfully
served, and go to an initial state.
The unsuccessful terminate may be sent by either host. It
indicates that sender of the terminate is unable to (or does
not not wish to) go through with the request. Both hosts will
then go to their initial states. The using host will inform
the user that his request was aborted. If any reasons for the
unsuccessful terminate (either as text or as error return
status codes) are received, these shall be communicated to the
user.
3. Transaction Sequence
3A. The transaction sequence may be defined as an instance of file
transfer, initiated by a request and ended by a terminate [13].
The exact sequence in which transactions occur depends on the
type of request. A transaction sequence may be aborted anytime
by either host, as explained in Section 3C.
3B. Examples
The identify request doesn't require a response or terminate
and constitutes a transaction sequence by itself.
Rename, delete, addname, deletename and open requests involve
no data transfer but require terminates. The user sends the
request and the server sends a successful or an unsuccessful
terminate depending on whether or not he is successful in
complying with the request.
Retrieve and Lookup requests involve data transfer from the
server to the user. The user sends the request, the server
responds with a rs, and transfers the data specified by the
request. Upon completion of the data transfer, the server
terminates the transaction sequence with a successful terminate
if all goes well, or with an unsuccessful terminate is errors
were detected.
Store and Append requests involve data transfer from the user
to server. The user sends the request and the server responds
with a rr. The user then transfers the data. Upon receiving
the data, the server terminates the sequence.
Execute request involves transfer of inputs from user to
server, and transfer of outputs from server to user. The user
sends the request to which the server responds with rr. The
user then transfers the necessary inputs. The server
"executes" the program or subroutine and transfers the outputs
to the user. Upon completion of the output transfer, the
server terminates the transaction sequence.
3C. Aborts
Either host may abort the transaction sequence at any time by
sending an unsuccessful terminate, or by closing the connection
(NCP to transmit a CLS for the connection). The CLS is a more
drastic type of abort and shall be used when there is a
catastrophic failure or when an abort is desired in the middle
of a long file transfer. The abort indicates to the receiving
host that the other host wishes to terminate the transaction
sequence and is now in the initial state. When CLS is used to
abort, the using host will reopen the connection.
4. Data Types
4A. The data type code together with the extension code defines the
manner in which the data field is to be parsed and interpreted
[14]. Although a large number of data types are defined,
specific implementations may handle only a limited subset of
data types. It is recommended that all host sites accept the
"network ASCII" and "binary" data types. Host computers which
do not "recognize" particular data types may abort the
transaction sequence and return a data type error status code.
4B. The following data types are tentatively defined. The code in
the type and extension field is represented by its ASCII
equivalent with 8th bit as zero.
Data Type Code
Byte Size Type Extension
ASCII character, bit8=0 (network) 8 A NUL
ASCII characters, bit8=1 8 A 1
ASCII characters, bit8=even parity 8 A E
ASCII characters, bit8=odd parity 8 A O
ASCII characters, 8th bit info. 8 A 8
ASCII characters, 7 bits 7 A 7
ASCII characters, in 9-bit field 9 A 9
ASCII formatted files (with SOH,
STX, ETX, etc.) 8 A F
DEC-packed ASCII (5 7-bit char.,
36th bit 1 or 0) 36 A D
EBCDIC characters 8 E NUL
SIXBIT characters 6 S NUL
Binary data 1 B NUL
Binary bytes (size is binary ext.) 1-255 B (any)
Decimal numbers, net ASCII 8 D A
Decimal numbers, EBCDIC 8 D E
Decimal numbers, sixbit 6 D S
Decimal numbers, BCD (binary coded) 4 D B
Octal numbers, net. ASCII 8 O A
Octal numbers, EBCDIC 8 O E
Octal numbers, SIXBIT 6 O S
Hexadecimal numbers, net. ASCII 8 H A
Hexadecimal numbers, EBCDIC 8 H E
Hexadecimal numbers, SIXBIT 6 H S
Unsigned integers, binary (ext.
field is byte size) 1-225 U (any)
Sign magnitude integers (field is
binary size) 1-255 I (any)
2's complement integers (ext.
field is byte size) 1-255 2 (any)
1's complement integers (ext.
field is byte size) 1-255 1 (any)
Floating point (IBM360) 32 F I
Floating point (PDP-10) 36 F D
Status codes 8 S NUL
4C. The data type information is intended to be interpretive. If a
host accepts a data type, it can interpret it to a form suited
to its internal representation of characters or numbers [15].
Specifically when no conversion is to be performed, the data
type used will be binary. The implicit or explicit byte size
is useful as it facilitates storing of data. For example, if a
PDP-10 receives data types A, A1, AE, or A7, it can store the
ASCII characters five to a word (DEC-packed ASCII). If the
datatype is A8 or A9, it would store the characters four to a
word. Sixbit characters would be stored six to a word. If
conversion routines are available on a system, the use of
system program could convert the data from one form to another
(such as EBCDIC to ASCII, IBM floating point to DEC floating
point, Decimal ASCII to integers, etc.).
5. Initial Connection, CLS, and Identifying Users
5A. There will be a prearranged socket number [16] for the
cooperating process on the serving host. The connection
establishment will be in accordance with the initial connection
protocol of RFC 66 as modified by RFC 80. The NCP dialog would
be:
user to server: RTS<us><3><p>
if accepted, server to user: STR<3><us><CLS><3><us>
server to user on link p: <ss>
server to user: STR<ss+1><us>RTS<ss><us+1><q>
user to server: STR<us><ss+1>RTS<us+1><ss><r>
This sets up a full-duplex connection between user and server
processes, with server receiving through local socket ss from
remote socket us+1 via link q, and sending to remote socket us
through local socket ss+1 via link r.
5B. The connection will be broken by trading a CLS between the
NCP'S for each of the two connections. Normally the user will
initiate the CLS.
CLS may also be used by either the user or the server to abort
a data transmission in the middle. If a CLS is received in the
middle of a transaction sequence, the whole transaction
sequence will be aborted. The using host will then reopen the
connection.
5C. The first transaction from the user to server will be the
identify transaction. The users will be identified by the
pathname in data field of the transaction which should be a
form acceptable to the server. The server is at liberty to
truncate pathnames for its own use. Since the identify
transaction does not require a response or terminate, the user
can proceed directly with other requests.
IV. Extensions to Protocol
The protocol specified above has been designed to be extendable. The
obvious extensions would be in the area of transaction types (new
types of requests), error return status words, and data types. Some
of the non-obvious extensions, that I can visualize are provisions of
access control mechanisms, developing a uniform way of specifying
file attributes in headings of files, increasing the scope of the
execute command to include subroutine mediation, and the provision of
transaction sequence identification numbers to facilitate handling of
multiple requests over the same connection pair.
Users of protected file systems should be able to have a reasonable
degree of confidence in the ability of the serving process to
identify remote users correctly. In the absence of such confidence,
some users would not be willing to give access to the serving process
(especially write access). Inclusion of access control mechanisms
such as passwords, is likely to enhance the indirect use of network
by users who are concerned about privacy and security. A simple
extension to the protocol would be to have the serving host sent a
transaction type "password?" after it receives user name. Upon
receipt of "password?" the using host will transmit the password,
which when successfully acknowledged, would indicate to the user that
requests may proceed.
There are a number of file attributes which properly belong in the
heading of a file rather than the file itself or the data type in
descriptors of transactions. Such attributes include access control
lists, date file was last modified, information about the nature of
file, and description of its contents in a data description or data
reconfiguration language. Some uniformity in the way file attributes
are specified would be useful. Until then, the interpretation of the
heading would be up to the user or the using process. For example,
the heading of files which are input to a data reconfiguration (form)
machine may be the desired transformations expressed in the
reconfiguration language.
The "execute" command which achieves the execution of programs
resident in remote hosts is a vital part of indirect use of remote
hosts. The present scope of the execute command, as outlined in the
specifications, is somewhat limited. It assumes that the user or
using process is aware of the manner in which the arguments and
results should be exchanged. One could broaden the scope of the
execute command by introducing a program mediation protocol [17].
The present specification of the protocol does not allow the
simultaneous transfer and processing of multiple requests over the
same pair of connections. If such a capability is desired, there is
an easy way to implement it which only involves a minor change. A
transaction sequence identification number (TSid) could replace a NUL
field in the descriptor of transactions. The TSid would facilitate
the coordination of transactions, related to a particular transaction
sequence. The 256 code combinations permitted by the TSid would be
used in a round-robin manner (I can't see more than 256 outstanding
requests between two user-processes in any practical implementation).
An alternate way of simultaneous processing of requests is to open
new pairs of connection. I am not sure as to how useful simultaneous
processing of requests is, and which of the two is a more reasonable
approach.
V. Conclusions
I tried to present a user-level protocol that will permit users and
using programs to make indirect use of remote host computers. The
protocol facilitates not only file system operations but also program
execution in remote hosts. This is achieved by defining requests
which are handled by cooperating processes. The transaction sequence
orientation provides greater assurance and would facilitate error
control. The notion of data types is introduced to facilitate the
interpretation, reconfiguration and storage of simple and limited
forms of data at individual host sites. The protocol is readily
extendible.
Endnotes
[1] The interim version of the protocol, limited to transfer of ASCII
files, was developed by Chander Ramchandani and Howard Brodie of
Project MAC. The ideas of transactions, descriptors, error recovery,
aborts, file headings and attributes, execution of programs, and use
of data types, pathnames, and default mechanisms are new here.
Howard Brodie and Neal Ryan have coded the interim protocol in the
PDP-10 and the 645, respectively.
[2] The network system survey was conducted last fall by Howard
Brodie of Project MAC, primarily by telephone.
[3] PDP-10 Reference Handbook, page 306.
[4] We considered using two full-duplex links, one for control
information, the other for data. The use of a separate control link
between the cooperating processes would simplify aborts, error
recoveries and synchronization. The synchronization function may
alternatively be performed by closing the connection (in the middle
of a transaction sequence) and reopening it with an abort message.
(The use of INR and INS transmitted via the NCP control link has
problems as mentioned by Kalin in RFC 103.) We prefer the latter
approach.
[5] Identifying users through use of socket numbers is not practical,
as unique user identification numbers have not been implemented, and
file systems identify users by name, not number.
[6] This subject is considered in detail by Bob Metcalfe in a
forthcoming paper.
[7] Filler bits may be necessary as particular implementations of
NCP's may not allow the free communication of bits. Instead the
NCP's may only accept bytes, as suggested in RFC 102. The filler
count is needed to determine the boundary between transactions.
[8] 72-bits in descriptor field are convenient as 72 is the least
common multiple of 6, 8, 9, 18, 24 and 30, the commonly encountered
byte sizes on the ARPA network host computers.
[9] The execute request is intended to facilitate the indirect
execution of programs and subroutines. However, this request in its
present form may have only limited use. A subroutine or program
mediation protocol would be required for broader use of the execute
feature. Metcalfe considers this problem in a forthcoming paper.
[10] The pathname idea used in Multics is similar to that of labels
in RFC 76 by Bouknight, Madden and Grossman.
[11] We, however, urge the use of standard network ASCII.
[12] The exact manner in which the input and output are transmitted
would depend on specific mediation conventions. Names of input and
output files may be transmitted instead of data itself.
[13] The transactions (including terminate) are not "echoed", as
echoing does not solve any "hung" conditions. Instead time-out
mechanisms are recommended for avoiding hang-ups.
[14] The data type mechanism suggested here does not replace data
reconfiguration service suggested by Harslem and Heafner in RFC 83
and NIC5772. In fact, it complements the reconfiguration. For
example, data reconfiguration language can be expressed in EBCDIC,
Network ASCII or any other code that form machine may "recognize".
Subsequent data may be transmitted binary, and the form machine would
reconfigure it to the required form. I have included in data types,
a large number suggested by Harslem and Heafner, as I do not wish to
preclude interpretation, reconfiguration and storage of simple forms
of data at individual host sites.
[15] The internal character representation in the hosts may be
different even in ASCII. For example PDP-10 stores 7-bit characters,
five per word with 36th bit as don't care, while Multics stores them
four per word, right-justified in 9-bit fields.
[16] It seems that socket 1 has been assigned to logger and socket 5
to NETRJS. Socket 3 seems a reasonable choice for the file transfer
process.
[17] The term program mediation was suggested by Bob Metcalfe who is
intending to write a paper on this subject.
[ This RFC was put into machine readable form for entry ]
[ into the online RFC archives by Ryan Kato 6/01]