[syslinux] [PATCH 0/1] EFI PXE DHCP/proxyDHCP issues fix
Patrick Masotta
masottaus at yahoo.com
Thu Jun 4 03:00:12 PDT 2015
>>>
The real DHCP server supplies client ip address only.
Everything else comes from proxyDHCP.
The proxyDHCP server supplies boot file name, boot file (syslinux.efi),
boot loader (ldlinux.e64), config file, tinycore and OS image files.
<<<
This is not completely correct:
your DHCP server provides an IP and your proxyDHCP server only processes
a complementary DHCP transaction providing the "NBP name" and "TFTP server IP".
Actual files are really offered by a "TFTP Server" that in your case surely is running
with your proxyDHCP under the same OS instance.
>>>
Problem 1:
The first problem is an issue in TianoCore BIOS that has been there since
the beginning. When responding to a proxyDHCP and attempting
to grab the boot filename, BIOS specifies an incorrect sending/listening
(source/destination) port pair. It should be 68/4011 but sends 4011/4011.
I updated this for IPv4 but noticed that the problem has
been carried over to IPv6 code in our code base.
<<<
RFC2131 says:
"DHCP uses UDP as its transport protocol. DHCP messages from a client
to a server are sent to the 'DHCP server' port (67), and DHCP
messages from a server to a client are sent to the 'DHCP client' port
(68)."
but RFC2131 does not define a proxyDHCP service; the PXE v2.1 standard does it
PXE v2.1 says:
"Step 6. The Boot Server unicasts a DHCPACK packet back to the client
on the client source port."
Then it's not really specified that the DHCPREQUEST to a proxyDHCP server must use
68 as source port...
As I can see this "issue" (if there's one here) is all about the agreement between
the client FW and the proxyDHCP server; syslinux has nothing to do here.
>>>
Failing scenario/behavior for problem 1:
You can determine if you have this issue by setting up a WireShark system
and snooping. The failing scenario is in the UDP request for boot filename
to the proxyDHCP server, both ports are 4011 so the proxy server ignores
the packet and does not reply.
<<<
This depends on the proxyDHCP; if you use i.e Serva you will have no problem at all,
the proxyDHCP ACK will be send to the source port used by the client on its
previous DHCPREQUEST. That's it.
What failing proxyDHCP are you using?
>>>
Resolution for problem 1:
If you have access to your BIOS source code, change boot request source
port to 68. If you don?t have access to the source, contact
your BIOS provider. I will alert TianoCore to this issue but it may
also be present in some OEM BIOS provider?s code.
<<<
I think you should probably delve deeper in the standards before trying to change this.
just my 2 cents.
>>>
Problem 2:
The next problem is packet parsing and incomplete ip address sets on the
syslinux side. The basic issue is that the packets are incomplete or not
used in a proxyDHCP environment. The real DHCP Offer/Ack
contains the client ip. The proxy Offer contains the server ip. We also
have to grab the gateway and subnet mask. There is no single packet or
location where all the addresses are contained. The most complete struct
that I found is the IPInfo but even there the server ip is incorrect. So we
need to either build and populate a complete struct for proxy or pull from
several different packets when needed.
<<<
The DHCP transaction has several stages; in EFI firmware every stage
populates a different packet. the packets are:
DhcpAck,ProxyOffer,PxeReply.
DhcpAck: usually includes only the DHCP parameters
ProxyOffer: includes redirection parameters (PXE stuff)
PxeReply: is populated after receiving an answer when using PXE menu capabilities.
Tianocore copies PxeReply to ProxyOffer because many NBPs do not parse PxeReply
This is not really new stuff BIOS based PXE was also having several packets cached...
>>>
Failing scenario/behavior for problem 2:
After syslinux.efi is downloaded and execution begins, no further Ethernet
communication occurs. This is caused by incomplete packets
that are dropped in the client instead of being sent. The return code
is EFI_UNSUPPORTED but the error is ignored after the return
from the UDP send command in BIOS. Should this be handled differently?
<<<
Have you applied the patch mentioned on this thread???
Best,
Patrick
More information about the Syslinux
mailing list