On Tue, 13 May 2014, Sebastian Reitenbach wrote:
> I've installed a i386 soekris box (10.0.0.27, called wormhole) from
> current snapshot, and trying to netboot a vax and a sparc, but I guess,
> they don't get to the bootparamd.
Actually, there's a trick involved and they don't *directly* do so.
Instead, their request to portmap is a "call this proc in this other
service" request, for which portmap relays back the answer.
...
> With tcpdump I've seen, what I guess its getting rarp information
> correctly, then broadcasting to try to find the bootparamd, the
> portmapper on my box answers, and then its what I guess trying to
> contact the bootparamd, but this fails. As I guess, its trying to
> contact the bootparamd on UDP port 639, but there is nothing listen,
> bootparamd is listening on UDP 805. Does the portmapper give out the
> wrong port?
>
> root@wormhole:~# tcpdump -n -i vr0 -e -ttt -vvv -s 2000 -X host 10.0.0.30
> tcpdump: listening on vr0, link-type EN10MB
> May 13 09:01:54.903204 00:00:24:c9:d4:98 08:00:2b:2d:33:2c 8035 42: rarp
> reply 08:00:2b:2d:33:2c at 10.0.0.30
> 0000: 0800 2b2d 332c 0000 24c9 d498 8035 0001 ..+-3,..$....5..
> 0010: 0800 0604 0004 0000 24c9 d498 0a00 001b ........$.......
> 0020: 0800 2b2d 332c 0a00 001e ..+-3,....
>
> May 13 09:01:54.941453 08:00:2b:2d:33:2c ff:ff:ff:ff:ff:ff 0800 138:
> 10.0.0.30.986 > 255.255.255.255.111: [udp sum ok] udp 96 (ttl 4, id 0, len
> 124)
> 0000: ffff ffff ffff 0800 2b2d 332c 0800 4500 ........+-3,..E.
> 0010: 007c 0000 0000 0411 ac54 0a00 001e ffff .|.......T......
> 0020: ffff 03da 006f 0068 e2d6 0000 0027 0000 .....o.h.....'..
> 0030: 0000 0000 0002 0001 86a0 0000 0002 0000 ................
> 0040: 0005 0000 0001 0000 0014 0000 0000 0000 ................
> 0050: 0000 0000 0000 0000 0000 0000 0000 0000 ................
> 0060: 0000 0000 0000 0001 86ba 0000 0001 0000 ................
> 0070: 0001 0000 0014 0000 0001 0000 000a 0000 ................
> 0080: 0000 0000 0000 0000 001e ..........
>
> ^^^^
> the broadcast to the portmapper
That's the "call bootparam's 'whoami' call for me" request. The "0005" at
offset 040 is PMAPPROC_CALLIT, etc.
> May 13 09:01:54.949153 00:00:24:c9:d4:98 08:00:2b:2d:33:2c 0800 110:
> 10.0.0.27.111 > 10.0.0.30.986: [bad udp cksum 9f2d!] udp 68 (ttl 64, id
> 49240, len 96, bad cksum 0! differs by a5fc)
> 0000: 0800 2b2d 332c 0000 24c9 d498 0800 4500 ..+-3,..$.....E.
> 0010: 0060 c058 0000 4011 0000 0a00 001b 0a00 .`.X..@.........
> 0020: 001e 006f 03da 004c 1496 0000 0027 0000 ...o...L.....'..
> 0030: 0001 0000 0000 0000 0000 0000 0000 0000 ................
> 0040: 0000 0000 0325 0000 0024 0000 0008 6461 .....%...$....da
> 0050: 6564 616c 7573 0000 0000 0000 0001 0000 edalus..........
> 0060: 007f 0000 0000 0000 0000 0000 0001 ..............
> ^^^^
> the answer
...from bootparamd, relayed by portmap. Note that it contains the
client_name ("daedalus") you would expect to get back from bootparamd.
That's confirmed by the vax boot saying:
> boot: client name: daedalus
One odd bit is that it looks like the router_address is "127.0.0.0", which
seems odd. But maybe I'm decoding the RPC by eyeball incorrectly.
More importantly, we can see the correct bootparam port number in
portmapper's reply: 0x0325 (at offset 0044) == 805. That value is
(supposed to be) remember by boot and used as the port to which to send
the direct bootparam "getfile" query.
> May 13 09:01:54.980649 08:00:2b:2d:33:2c 00:00:24:c9:d4:98 0800 122:
> 10.0.0.30.985 > 10.0.0.27.639: [udp sum ok] udp 80 (ttl 4, id 0, len
> 108)
Hmm, could you verify that the VAX boot block you're using was compiled
with a gcc that was built with miod@'s April 12th fix to
gnu/usr.bin/gcc/gcc/protector.c ?
Philip Guenther
