[Dnsmasq-discuss] TFTP logging strangeness

Simon Kelley simon at thekelleys.org.uk
Sun Sep 19 22:54:59 BST 2010 

On 17/09/10 14:02, Ferenc Wagner wrote:
> Hi,
>
> Sorry if I'm becoming a pest, but I was unfortunate enogh to notice
> another strangeness.  Here are the logs:
>
> Sep 17 12:56:55 n0 dnsmasq-tftp[10637]: sent /var/lib/tftpboot/pxelinux.0 to 192.168.31.43
> Sep 17 12:56:55 n0 dnsmasq-tftp[10637]: error 0 TFTP Aborted received from 192.168.31.43
> Sep 17 12:56:55 n0 dnsmasq-tftp[10637]: failed sending /var/lib/tftpboot/pxelinux.0 to 192.168.31.43
>
> and the corresponding network dump:
>
> Time             Source        sport  Destination   dport  Size  Info
> 12:56:55.638273  192.168.31.43 2070   192.168.31.33 69     69    Read Request, File: pxelinux.0\000, Transfer type: octet\000
> 12:56:55.638811  192.168.31.33 44394  192.168.31.43 2070   56    Option Acknowledgement
> 12:56:55.639331  192.168.31.43 2070   192.168.31.33 44394  59    Error Code, Code: Not defined, Message: TFTP Aborted\000
>
> One thing is that pxelinux.0 wasn't actually sent in this case, that
> message seems to be unconditionally output when the transmission fails.
> (Why the PXE stack on the NIC aborts the transfer after successfully
> negotiating the tsize option is beyond me, but that's unrelated.)
This is very common behaviour, I don't know why, either.

> But it retries at once, with blksize negotiation instead (not shown):
>
> Sep 17 12:56:55 n0 dnsmasq-tftp[10637]: sent /var/lib/tftpboot/pxelinux.0 to 192.168.31.43
> Sep 17 12:57:13 n0 dnsmasq-tftp[10637]: unsupported request from 192.168.31.43
> Sep 17 12:57:13 n0 kernel: [1036596.024038] Accepted: IN= OUT=szie-aotk SRC=192.168.31.33 DST=192.168.31.43 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=10115 PROTO=UDP SPT=42668 DPT=2072 LEN=51 UID=0 GID=0
> Sep 17 12:57:31 n0 dnsmasq-tftp[10637]: failed sending /var/lib/tftpboot/pxelinux.0 to 192.168.31.43
>
> Again the corresponding network dump:
>
> Time             Source        sport  Destination   dport  Size  Info
> 12:56:55.641492  192.168.31.43 2071   192.168.31.33 69     74    Read Request, File: pxelinux.0\000, Transfer type: octet\000
> 12:56:55.642821  192.168.31.33 43907  192.168.31.43 2071   57    Option Acknowledgement
> 12:56:55.643532  192.168.31.43 2071   192.168.31.33 43907  46    Acknowledgement, Block: 0
> 12:56:55.645010  192.168.31.33 43907  192.168.31.43 2071   1502  Data Packet, Block: 1
> 12:56:57.157363  192.168.31.33 43907  192.168.31.43 2071   1502  Data Packet, Block: 1
> 12:57:00.181397  192.168.31.33 43907  192.168.31.43 2071   1502  Data Packet, Block: 1
> 12:57:05.021365  192.168.31.33 43907  192.168.31.43 2071   1502  Data Packet, Block: 1
> 12:57:13.607268  192.168.31.43 2072   192.168.31.33 69     74    Acknowledgement, Block: 0
> 12:57:13.608470  192.168.31.33 42668  192.168.31.43 2072   85    Error Code, Code: Illegal TFTP Operation, Message: unsupported request from 192.168.31.43\000
> 12:57:14.110313  192.168.31.33 43907  192.168.31.43 2071   1502  Data Packet, Block: 1
>
> Here we got an MTU problem: the TFTP data packet didn't get through
> because of its size, so it's retransmitted in vain a couple of times,
> then finally the client also retransmits its ACK (from a different
> port!)

That's interesting. Dnsmasq disables path-MTU discovery on TFTP sockets, 
because some boot-ROMS get confused by it (allegedly: see
http://syslinux.zytor.com/wiki/index.php/Hardware_Compatibility)
Maybe that's biting us here? The TFTP code will check the MTU of the 
local interface and reduce blocksize to fit, but that's no good if the 
bottleneck is elsewhere. --tftp-no-blocksize may be yout friend here.



> Here the Linux TFTP connection tracking gets rightfully
> confused, so the firewall logs the packet, but lets it through
> nevertheless.  Dnsmasq, receiving it, mistakes the retransmitted ACK for
> a request packet, emits a confusing error message and an error packet,
> terminating the stalled transfer, but later retransmits the doomed data
> packet again.
>
> Now, retransmitting the ACK from a different port is a bug in the PXE
> ROM, there isn't much to do about that.  But it would be more helpful
> from dnsmasq to call them ACKs and not "unsupported requests".  I think.

Check the destination port too. That acknowledgement packet is being 
sent to port 69, not the port associated with the data transfer (43907) 
As far as dnsmasq is concerned it has nothing to with the existing 
transfer, it's a new request but the request is broken because the 
packet type is wrong. In the circumstances the log message is quite 
sensible! Your client is very broken, which is not that uncommon.

Cheers,

Simon.

More information about the Dnsmasq-discuss mailing list