Currently with the examples provided the tftp server and client requests are not designed for any validation of requested path. This results in a risk of pulling or writing data to anywhere on the file system depending on the privilege of the user running the binary. Example with the client read example filename string of "/etc/shadow" can be specified and is retrieved. Likewise write operation handling is equally dangerous as it could result in remote user adds and drop files in sudoers.d on system. Perhaps an improvement would be to require specific path to serve data from specified in config. I know this is a broader problem for those using your tool and they should be mindful of potential security risks but I figured it was worth mentioning it.