Ошибка при загрузке tftp

Загрузка шаблона операции на сервер проходит по протоколу TFTP. Для этого сервер отправляет запрос на загрузку определённых файлов с TFTP-сервера локации. Из-за ошибки, возникающей в работе некоторых сетевых адаптеров, имена файлов при запросе могут быть искажены. Например, вместо файла pxelinux.0 сервер может запрашивать файл pxelinux.0M-^. В результате сервер не сможет загрузиться, и операция не будет выполнена.

Чтобы избежать этой проблемы, настройте на сервере-локации правила подмены символов (remapping). Если TFTP-сервер получит запрос с искажённым именем файла, то автоматически изменит имя на правильное.

Диагностика

Если проблемы с загрузкой по TFTP связаны с искажением имён файлов, то при загрузке сервера могут появиться сообщения следующего вида:

Примеры сообщений об ошибках

Вы можете посмотреть подробный вывод ошибки на сервере-локации с помощью утилиты tcpdump:

tcpdump -i enp1s0 port '(67 or 68 or 69)' -nn -A

Ответ должен содержать искажённое имя файла. Например, lpxelinux.0M-^.

07:56:48.433740 IP 192.0.2.93.2070 > 192.0.2.92.69:  34 RRQ "srv1/lpxelinux.0M-^?" octet tsize 0
E..>......k..6[].6[...E.*.R..srv1/lpxelinux.0..octet.tsize.0.
07:56:48.436957 IP 192.0.2.93.2071 > 192.0.2.92.69:  39 RRQ "srv1/lpxelinux.0M-^?" octet blksize 1456
E..C......k..6[].6[...E./fq..srv1/lpxelinux.0..octet.blksize.1456.

Решение

1. vi /opt/ispsystem/etc/tftp/remap.conf

   CODE

   Пример файла

   rg \ /
   ri (.*)ÿ$ 1
   ri (.*)M-^?$ 1
   ri (lpxelinux.0).*$ 1
   ri (lpxelinux.efi).*$ 1
   ri (syslinux.0).*$ 1
   ri (syslinux.efi).*$ 1

   CODE

   Файл с помощью регулярных выражений описывает действия, которые нужно произвести с неправильными именами. В примере приведены наиболее часто встречающиеся ошибочные имена файлов. Вы можете дополнить этот файл собственными правилами.

2. docker restart tftpd

   CODE

   

   Обратите внимание!

   Перезапуск TFTP-сервера может прервать запущенные операции.

Introduction

This document shows the TFTP Error codes.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Error Codes

   0         Not defined, see error message (if any).
   1         File not found.
   2         Access violation.
   3         Disk full or allocation exceeded.
   4         Illegal TFTP operation.
   5         Unknown transfer ID.
   6         File already exists.
   7         No such user.

Refer to the revised RFC 1350 for more information about the TFTP protocol.

Related Information

• Technical Support — Cisco Systems

Ошибка при подключении по TFTP TIMEOUT waiting for Ack block #1

In this article, we will focus on how to troubleshoot the common Trivial File Transfer Protocol (TFTP) issues with Wireshark between server and client.

What is TFTP?

TFTP is a file transfer protocol that enables a client to upload a file to a server or download a file from the server. The protocol is simple and designed to be implemented in ROM for booting diskless systems like X terminals, diskless workstations, and routers. It was planned to be small and easy to implement.  Therefore, it lacks most of the features of a regular FTP.  The protocol is only capable of reading and writing files (or mail) from/to a remote server.  It cannot list directories, and currently has no provisions for user authentication.

ALSO READ: How to do TCP Retransmission Analysis using Wireshark

TFTP Packet Types

TFTP packets are transferred over User Datagram Protocol (UDP), which is an unreliable transport protocol. In other words, UDP provides no recovery for lost packets. To fix this problem, TFTP uses a mechanism like TCP ACK and provides reliability in application layer. Any transfer begins with a request to read or write a file and then the data packets are sent in fixed length, which is called a block. Each data packet contains only one block of data, and is acknowledged by an acknowledgment packet before the next packet can be sent.

TFTP supports 6 packet types:

Following steps show a typical file transfer and packet types used between the client and server.

Packet flow of File Transfer between TFTP Server and Client

Step-1:  The client sends a read request for “startup-config” file and asks server to use block size of 128 bytes.

Step-2:  The server replies with an Option ACK packet, which includes the block size accepted by the server and the size of the file to be transferred.

Step-3:  After acknowledging the options, the server sends the first block (packet) of the data.

Step-4: The client acknowledges the first block of the data and the file transfer follows the same pattern (sending data and expecting an ack) until it is transferred completely.

ALSO READ: Analyze TCP Receive Window with Wireshark [Step-by-Step]

Troubleshooting TFTP Errors

During a file transfer, errors may occur and RFC 1350 defines 8 error codes for identifying the problems. The codes and their brief explanations are below.

TFTP errors are caused by three types of events:

1. Not being able to satisfy the request (e.g., file not found, access violation, or no such user).
2. Receiving a packet which cannot be explained by a delay or duplication in the network (e.g., an incorrectly formed packet).
3. Losing access to a necessary resource (e.g., disk full or access denied during a transfer).

TFTP issues can be categorized into 2 groups:

• Client or server related issues
• Network related issues

We will mainly focus on the first category. TFTP peers use Opcode 5 to inform each other when they come across an error. Each error packet has an error code and error message. Following figure shows a typical error packet format.

Understanding different TFTP Error Codes

We will produce the TFTP errors and analyze them with Wireshark.

Error Code 0 (Not defined, see error message (if any))

This is a general error code. When the client or server can’t identify the error, it replies with this error code and includes more details in the error message. Following screenshot shows the error.

ALSO READ: Breaking down HTTP response at Packet Level [Wireshark Tutorial]

To produce this error, I dropped TFTP packets on the firewall purposely. The client (192.168.1.50) requested for “test.txt” file and did not receive any response from the server. Since the packet filtering on the network was the cause of the problem, the client could not categorize the error and sent this general error. Even though there is no error code in the RFC to define this problem, the client puts some reasonable information in the “Error message”, which is “timeout on receive” in this case. Unfortunately, not all TFTP clients send this error, which makes it hard to resolve the problems.

Error Code 1 (File not found)

The client receives this error code when the requested file does not exist. As seen below, the error message is also enough to define the problem. This is clearly not a network related problem. When getting this error, we should check the file path and name of the file to see if it is correct or not.

Error Code 2 (Access violation)

This error is seen when we ask for a file on which we do not have the right to read or write. I produced this error with trying to transfer (write) a file to the server while I did not have that right (writing). A TFTP server can let you change security settings like reading, writing or both of them.

ALSO READ: Learn How to Use Wireshark like a PRO

Error Code 3 (Disk full or allocation exceeded)

TFTP client receives this error when there is limited storage area on the server. I produced this error with limiting the quota for the folder and then transferring a larger file than the reserved quota.

Error Code 4 (Unknown transfer ID)

Any TFTP packet does not follow the RFC is called illegal. A packet with an unknown opcode, a packet with a malformed payload, or a packet that is out of sequence with the normal flow of commands/responses would all be considered «illegal». I produced this error with crafting a TFP data packet and sending it to the server without sending a read or write request in the beginning.

Error Code 5 (Unknown transfer ID)

When a TFTP client sends a duplicate read request (typically this happens when the first read request times out), the requests may create an unexpected situation on the server. The server thinks it received different requests from the client and responds accordingly. When the client notices the server interpreted the duplicate packets as different requests, it sends this error to the server, which does not cause a termination. After receiving this error, the server immediately stops the other transferring. I was not be able to produce this error code.

ALSO READ: Analyse Slow Networks with TCP Zero Window — Wireshark

Error Code 6 (File already exists)

This error is received when there is a file with the same name on the server. I produced this file with transferring the same file to the server.

Error Code 7 (No such user)

Once the protocol was first adopted, it supported three modes of transferring, which were netascii, octet and mail mode, which was used for sending files to an email address. This error is received when the recipient username does not exist on the server. This mode is not used anymore.

Error Code 8 (Terminate transfer due to option negotiation)

TFTP client and server negotiate options during a read or write request. When the negotiations fail, the peer sends this error code to terminate the transfer. I produced this error with sending some option that server did not support. As seen below, Wireshark is not able to decode this new error properly.

Network Related TFTP Issues

TFTP uses port 69 as its destination when making a read or write request.  After receiving the request, the server uses a random port for the transfer instead of answering from port 69.  Even if you allow port 69 on the firewall, the transfer may fail due to not inspecting TFTP as service (protocol). Most common network failures happen because of firewall policy. Following screenshot shows a typical file transfer in perspective of using ports.

ALSO READ: Detect Rogue DHCP Server with Wireshark [Step-by-Step]

TFTP server and client generally use block size of 512 bytes on default. For faster transmission, we may need to set the size to a higher value, which may fail the transfer when the data packets size exceeds the path MTU size.

Packet loss in the network is another factor that can disrupt TFTP transfer.

Final Thoughts

It is easy to troubleshoot when the problem caused by either TFTP client or server. With using Wireshark’s “tftp.opcode == 5” display filter, we can list all TFTP errors and inspect them. Some network issues may not be identified by only using this filter. We need a network trace file from both of the side to have a better observation.

References

https://docstore.mik.ua/orelly/networking_2ndEd/fire/ch17_02.htm
https://datatracker.ietf.org/doc/html/rfc783

Related Keywords: Not defined, File not found, Access violation, Disk full or allocation exceeded, Unknown transfer ID, Unknown transfer ID, File already exists, No such user, Terminate transfer due to option negotiation, troubleshoot tftp errors with wireshark