[ipxe-devel] Fwd: [BUG] Fragmented packets during iSCSI login phase cause login failures

Shyam Iyer shyam_iyer at dell.com
Wed Feb 15 19:29:31 UTC 2012

Resending since earlier email got stuck as I was not subscribed to the list.

-------- Original Message --------
Subject: 	[BUG] Fragmented packets during iSCSI login phase cause login 
Date: 	Wed, 15 Feb 2012 12:34:52 -0500
From: 	Shyam Iyer <shyam_iyer at dell.com>
To: 	ipxe-devel at lists.ipxe.org
CC: 	Evan_Bigall at Dell.com, sandy_sakai at dell.com, jordan_hargrave at dell.com

Hi List,

Recently we hit an issue with ipxe undionly.kpxe with an iSCSI
target(EQL) and that is somewhat related to the manner in which packets
are segmented during the iSCSI login phase.

We found that since ipxe fragments the packets during login phase as
well the target is unable to successfully let the ipxe initiator login.

   So, the reason for the target responding with the Status "invalid
during login" can be found in RFC 3720 section 3.2.3 where it states
that any packet other than a login request will be rejected.

So, although the packets coming from the ipxe initiator are login
packets they are fragmented such that unless they are reassembled and
sent as one they won't be recognized by the target as a login PDU..

The issue is more severe during the full featured phase of the login
since this phase requires the initiator to append a lot of text string
as part of the login negotiation and thus the packet being fragmented.

See quoted text from RFC 3720
3.2.3.  iSCSI Login
     Before the Full Feature Phase is established, only Login Request and
     Login Response PDUs are allowed.  Login requests and responses MUST
     be used exclusively during Login.  On any connection, the login phase
     MUST immediately follow TCP connection establishment and a subsequent
     Login Phase MUST NOT occur before tearing down a connection.

     A target receiving any PDU except a Login request before the Login
     phase is started MUST immediately terminate the connection on which
     the PDU was received.  Once the Login phase has started, if the
     target receives any PDU except a Login request, it MUST send a Login
     reject (with Status "invalid during login") and then disconnect.  If
     the initiator receives any PDU except a Login response, it MUST
     immediately terminate the connection.

Upon further looking at the function(thanks to Evan) iscsi_tx_step at
src/net/tcp/iscsi.c, it seems that this is a fundamental design that
would cause packets to be fragmented because of the state machine in
this function that involves sending tx packets for each state..

I tried tweaking this code to see if we could send the packets at one
shot only during the full featured login phase and the result seems like
I can atleast get the login to be successful past the full featured
login phase. (See attached incomplete patch)

I don't know enough of this code and it shows in this manner that after
the login is successful and the scsi initialization proceeds the
initiator times out.. So I am not sure if this approach would work.. or
possibly folks in the list have better ideas to fix this issue..

I will be more than happy to provide traces to some link location .. and
any help in fixing this issue is appreciated.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20120215/496c8c2d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Buffer-only-during-full-featured-login-phase.patch
Type: text/x-patch
Size: 3401 bytes
Desc: not available
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20120215/496c8c2d/attachment.bin>

More information about the ipxe-devel mailing list