--- tftpd/src/srv.c	2014/02/20 16:30:05	1.2.2.8
+++ tftpd/src/srv.c	2014/02/21 08:40:00	1.4.2.2
@@ -163,12 +163,14 @@ getOpts(rpack_t * __restrict pkt, int rlen)
 			cli.tsiz = strtoll(val, NULL, 10);
 		else if (!strcasecmp(opt, TFTP_OPT_TIMEOUT))
 			cli.tout.tv_sec = strtol(val, NULL, 10);
-		else if (!strcasecmp(opt, TFTP_OPT_ROLLOVER))
+		else if (!strcasecmp(opt, TFTP_OPT_ROLLOVER)) {
 			cli.roll = strtol(val, NULL, 10);
+			cli.roll++;
+		}
 	} while (rlen > 0);
 
 	EVERBOSE(4, "blksize=%u tsize=%llu timeout=%u rollover=%u", 
-			cli.siz, cli.tsiz, cli.tout.tv_sec, cli.roll);
+			cli.siz, cli.tsiz, cli.tout.tv_sec, cli.roll - 1);
 	return 0;
 }
 
@@ -209,14 +211,14 @@ txOack(sched_task_t *task)
 	}
 	if (cli.roll) {
 		memset(szStr, 0, sizeof szStr);
-		snprintf(szStr, sizeof szStr, "%u", cli.roll);
+		snprintf(szStr, sizeof szStr, "%u", cli.roll - 1);
 		rpack_rdata(pkt, TFTP_OPT_ROLLOVER, strlen(TFTP_OPT_ROLLOVER) + 1);
 		rpack_rdata(pkt, szStr, strlen(szStr) + 1);
 	}
 
 	EVERBOSE(4, "blksize=%u tsize=%llu timeout=%u rollover=%u", 
-			cli.siz, cli.tsiz, cli.tout.tv_sec, cli.roll);
-	schedEvent(TASK_ROOT(task), txPkt, NULL, TASK_FD(task), 
+			cli.siz, cli.tsiz, cli.tout.tv_sec, cli.roll - 1);
+	schedCallOnce(TASK_ROOT(task), txPkt, NULL, TASK_FD(task), 
 			TASK_DATA(task), RPACK_OFF(pkt));
 	taskExit(task, NULL);
 }
@@ -234,13 +236,13 @@ RQ(sched_task_t *task)
 
 	cli.siz = TFTP_LOAD_MAX;
 	cli.opc = ntohs(rpack_uint16(pkt, NULL, 0));
-	len = str_getString(tftp->tftp_data, rlen, &str);
+	len = str_getString(RPACK_NEXT(pkt), rlen, &str);
 	if (len == -1)
 		goto end;
 	else {
+		strlcpy(cli.file, (char*) RPACK_NEXT(pkt), sizeof cli.file);
 		rlen -= len;
 		rpack_rnext(pkt, len);
-		strlcpy(cli.file, (char*) tftp->tftp_data, sizeof cli.file);
 	}
 	len = str_getString((const u_char*) str, rlen, NULL);
 	if (len == -1)
@@ -355,8 +357,13 @@ ACK(sched_task_t *task)
 	if (ntohs(code) > cli.seq || (ntohs(code) < (cli.seq - 1))) {
 		code = htole16(5);
 		goto end;
-	} else if (ntohs(code) == cli.seq)
-		cli.seq++;
+	} else if (ntohs(code) == cli.seq) {
+		/* check for rollover seq id */
+		if (cli.roll && cli.seq == USHRT_MAX)
+			cli.seq = cli.roll - 1;
+		else
+			cli.seq++;
+	}
 
 	EVERBOSE(3, "ACK:: seq=%hu; my new seq=%hu;", ntohs(code), cli.seq);
 
@@ -458,6 +465,7 @@ rxPkt(sched_task_t *task)
 		goto end;
 	} else if (!cli.addr.sa.sa_len) {
 		cli.addr = sa;
+		RPACK_REWIND(pkt);
 		switch (ntohs(tftp->tftp_opc)) {
 			case TFTP_OPC_RRQ:
 			case TFTP_OPC_WRQ: