[syslinux] [PATCH 0/1] EFI PXE DHCP/proxyDHCP issues fix
jeff_sloan at selinc.com
jeff_sloan at selinc.com
Thu Jun 18 05:24:46 PDT 2015
Patrick,
I wanted to follow up with your earlier questions.
>>>
>>>
The real DHCP server supplies client ip address only.
Everything else comes from proxyDHCP.
The proxyDHCP server supplies boot file name, boot file (syslinux.efi),
boot loader (ldlinux.e64), config file, tinycore and OS image files.
<<<
This is not completely correct:
your DHCP server provides an IP and your proxyDHCP server only processes
a complementary DHCP transaction providing the "NBP name" and "TFTP
server IP".
Actual files are really offered by a "TFTP Server" that in your case
surely is running
with your proxyDHCP under the same OS instance.
<<<
I was thinking in terms of the physical devices/systems but should be
describing my setup in terms of the applications. The actual hardware is
not germaine. With that frame of reference, my setup is exactly as you
describe: DHCP, proxyDHCP and TFTP servers.
DHCP supplies client IP address in a DHCPOffer packet
proxyDHCP provides TFTP server IP in DHCPOffer packet with NULL client IP
as well as NBP filename
TFTP server provides all files requested
Sorry for the confusion.
>>>
>>>
Problem 1:
The first problem is an issue in TianoCore BIOS that has been there
since
the beginning. When responding to a proxyDHCP and attempting
to grab the boot filename, BIOS specifies an incorrect
sending/listening
(source/destination) port pair. It should be 68/4011 but sends
4011/4011.
I updated this for IPv4 but noticed that the problem has
been carried over to IPv6 code in our code base.
<<<
RFC2131 says:
"DHCP uses UDP as its transport protocol. DHCP messages from a client
to a server are sent to the 'DHCP server' port (67), and DHCP
messages from a server to a client are sent to the 'DHCP client' port
(68)."
but RFC2131 does not define a proxyDHCP service; the PXE v2.1 standard
does it
PXE v2.1 says:
"Step 6. The Boot Server unicasts a DHCPACK packet back to the client
on the client source port."
Then it's not really specified that the DHCPREQUEST to a proxyDHCP server
must use
68 as source port...
As I can see this "issue" (if there's one here) is all about the
agreement between
the client FW and the proxyDHCP server; syslinux has nothing to do here.
<<<
As you correctly point out, d.o.r.a. with the DHCP server must use port 68
since there is no client IP at that point. After that, any valid port is
acceptable since none are defined by the pxe or uefi specs.
Good call! Digging deeper into this issue, we have a problem with our
proxyDHCP server. It is not handling any client listening port except for
68 by ignoring the packet so the BIOS fix was actually a band-aid. I have
verified that the Boot Request UDP packets are identical using port 68 and
4011 other than the checksums so BIOS is sending correct packets.
I originally mentioned this issue here to help anyone who might be seeing
the same problem. It is not a syslinux problem in any way.
>>>
>>>
Failing scenario/behavior for problem 1:
You can determine if you have this issue by setting up a WireShark
system
and snooping. The failing scenario is in the UDP request for boot
filename
to the proxyDHCP server, both ports are 4011 so the proxy server
ignores
the packet and does not reply.
<<<
This depends on the proxyDHCP; if you use i.e Serva you will have no
problem at all,
the proxyDHCP ACK will be send to the source port used by the client on
its
previous DHCPREQUEST. That's it.
What failing proxyDHCP are you using?
<<<
Our customer was not able to give me details on proxy and tftp server
software. He is currently on vacation but I will work with him when he
returns to figure out what exactly he is using. As soon I know the answer
I will post it here so everyone knows which proxyserver is failing and I
will work on a fix.
>>>
>>>
Resolution for problem 1:
If you have access to your BIOS source code, change boot request source
port to 68. If you don?t have access to the source, contact
your BIOS provider. I will alert TianoCore to this issue but it may
also be present in some OEM BIOS provider?s code.
<<<
I think you should probably delve deeper in the standards before trying
to change this.
just my 2 cents.
<<<
Good advice and done. It is not a BIOS problem so I will not do anything
as far as TianoCore.
>>>
>>>
Problem 2:
The next problem is packet parsing and incomplete ip address sets on
the
syslinux side. The basic issue is that the packets are incomplete or
not
used in a proxyDHCP environment. The real DHCP Offer/Ack
contains the client ip. The proxy Offer contains the server ip. We
also
have to grab the gateway and subnet mask. There is no single packet or
location where all the addresses are contained. The most complete
struct
that I found is the IPInfo but even there the server ip is incorrect.
So we
need to either build and populate a complete struct for proxy or pull
from
several different packets when needed.
<<<
The DHCP transaction has several stages; in EFI firmware every stage
populates a different packet. the packets are:
DhcpAck,ProxyOffer,PxeReply.
DhcpAck: usually includes only the DHCP parameters
ProxyOffer: includes redirection parameters (PXE stuff)
PxeReply: is populated after receiving an answer when using PXE menu
capabilities.
Tianocore copies PxeReply to ProxyOffer because many NBPs do not parse
PxeReply
This is not really new stuff BIOS based PXE was also having several
packets cached...
<<<
I definitely did not make myself clear here. You are correct in the
contents of each of the cached packets so no one packet contains all of
the necessary data. I was thinking that we should pull it all together
into some struct but in the actual patch that I posted instead of updating
any of the packets, I pulled the TFTP server ip address into pkt4_v4, a
temporary packet in function net_parse_dhcp, before parsing.
However, if there is a better way of handling this, I would be happy to
implement it.
>>>
Failing scenario/behavior for problem 2:
After syslinux.efi is downloaded and execution begins, no further
Ethernet
communication occurs. This is caused by incomplete packets
that are dropped in the client instead of being sent. The return code
is EFI_UNSUPPORTED but the error is ignored after the return
from the UDP send command in BIOS. Should this be handled differently?
<<<
>>>
Have you applied the patch mentioned on this thread???
<<<
I cleaned up the patch and packaged it in a different thread with the
subject: [PATCH 0/1] Network UEFI PXE DHCP/proxyDHCP fix. Now that zytor
is back up, I will push it.
Thanks again for the feedback!
Jeff
More information about the Syslinux
mailing list