1231931 – gPXE 'Host' header being transferred without port

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1231931 - gPXE 'Host' header being transferred without port

Summary: gPXE 'Host' header being transferred without port

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	gpxe
Sub Component:
Version:	6.5
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Alex Williamson
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1172231
TreeView+	depends on / blocked

Reported:	2015-06-15 16:01 UTC by Robert McSwain
Modified:	2019-12-16 04:46 UTC (History)
CC List:	7 users (show)
Fixed In Version:	gpxe-0.9.7-6.15.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-10 20:56:33 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:0814	0	normal	SHIPPED_LIVE	gpxe bug fix update	2016-05-10 22:39:24 UTC

Description Robert McSwain 2015-06-15 16:01:43 UTC

Description of problem:
There is a bug in gPXE on how it requests a file over http. Every http request must include  a host header. The host header must include the host and port information. (Host: abc.com:port) see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23

However the http requests generated by gPXE does not include the port in its host header. 


init.gpxe - File that needs to be transferred over tftp
--------------
#!gpxe

kernel http://192.168.122.1:9999/deploy_kernel nofb nomodeset vga=normal console=ttyS0,9600 hda=noprobe edd=on inst.stage2=http://192.168.122.1:9999/stage2.dir inst.ks=http://192.168.122.1:9999/ks.cfg
initrd http://192.168.122.1:9999/deploy_ramdisk
boot

Version-Release number of selected component (if applicable):
RHEL 6.5 

How reproducible:
100%

Steps to Reproduce:
Please setup your VM to pxe boot and let a http server listen on 192.168.122.1:9999, put in a kernel and ramdisk in the http root, Modify the dnsmasq.conf or libvirt's default network xml to server init.gpxe file over tftp. Setup a tftp server to transfer init.gpxe. Please start tcpdump and see the 'Host' header being transferred without port. 

Command to start the VM:

$ sudo virt-install --name pxe --ram 2048 --vcpus 2 --disk /tmp/vm_disk,size=13,cache=none,format=raw,device=disk,bus=scsi --network bridge=virbr0,model=virtio,mac=52:54:00:08:ae:d5 --pxe --graphics none


Actual results:
Host header is sent without the port

Expected results:
Host header is sent with all proper data 

Additional info:
pcap files from tests being attached shortly

Comment 3 Alex Williamson 2015-06-16 03:47:09 UTC

A comment in the case file indicates customer has already identified the necessary change:

http://lists.ipxe.org/pipermail/ipxe-devel/2011-July/000791.html

v2 of the patch is simplified and it was committed to ipxe as:

commit 69b7d57265679d76e26581d034e8f8ab5168bb27
Author: Malte Starostik <lists.net>
Date:   Fri Jul 15 16:31:56 2011 +0200

    [http] Include port in HTTP Host header as needed
    
    According to section 14.23 of RFC2616, an HTTP Host header without
    port implies the default port is used.  Thus, when fetching from
    anywhere but port 80 for HTTP or 443 for HTTPS, the port ought to be
    explicitly given in that header.  Otherwise, some servers might fail
    to associate the request with the correct virtual host or generate
    incorrect self-referencing URLs.
    
    Signed-off-by: Michael Brown <mcb30>

diff --git a/src/net/tcp/http.c b/src/net/tcp/http.c
index 012b226..cee7513 100644
--- a/src/net/tcp/http.c
+++ b/src/net/tcp/http.c
@@ -662,13 +662,17 @@ static void http_step ( struct http_request *http ) {
        if ( ( rc = xfer_printf ( &http->socket,
                                  "%s %s%s HTTP/1.1\r\n"
                                  "User-Agent: iPXE/" VERSION "\r\n"
-                                 "Host: %s\r\n"
+                                 "Host: %s%s%s\r\n"
                                  "%s%s%s%s%s%s%s"
                                  "\r\n",
                                  ( ( http->flags & HTTP_HEAD_ONLY ) ?
                                    "HEAD" : "GET" ),
                                  ( http->uri->path ? "" : "/" ),
                                  request, host,
+                                 ( http->uri->port ?
+                                   ":" : "" ),
+                                 ( http->uri->port ?
+                                   http->uri->port : "" ),
                                  ( ( http->flags & HTTP_KEEPALIVE ) ?
                                    "Connection: Keep-Alive\r\n" : "" ),
                                  ( partial ? "Range: bytes=" : "" ),


The backport to gpxe looks relatively straightforward.

Comment 4 Alex Williamson 2015-12-03 22:59:19 UTC

Patch backported and tested with the following configuration:

# virsh net-dumpxml default
<network>
  <name>default</name>
  <uuid>d010e06a-1259-41dd-92a6-689d064d8c86</uuid>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='on' delay='0' />
  <mac address='52:54:00:09:F3:2A'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <tftp root='/var/tftp' />
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254' />
      <bootp file='init.gpxe' />
    </dhcp>
  </ip>
</network>

# cat /var/tftp/init.gpxe 
#!gpxe

# Test non-standard port
##kernel http://192.168.1.120:8888/rhel65/x86_64/os/images/pxeboot/vmlinuz nofb nomodeset vga=normal console=ttyS0,9600 hda=noprobe edd=on
##initrd http://192.168.1.120:8888/rhel65/x86_64/os/images/pxeboot/initrd.img

# Test standard port, specified
#kernel http://192.168.1.120:80/install/RHEL65/images/pxeboot/vmlinuz nofb nomodeset vga=normal console=ttyS0,9600 hda=noprobe edd=on
#initrd http://192.168.1.120:80/install/RHEL65/images/pxeboot/initrd.img

# Test standard port, not-specified
kernel http://192.168.1.120/install/RHEL65/images/pxeboot/vmlinuz nofb nomodeset vga=normal console=ttyS0,9600 hda=noprobe edd=on
initrd http://192.168.1.120/install/RHEL65/images/pxeboot/initrd.img
boot

VM started with:

virt-install --name pxe --ram 2048 --vcpus 2 --network bridge=virbr0,model=virtio,mac=52:54:00:08:ae:d5 --pxe --graphics none --nodisks

Each of the cases tested separately and verified with wireshark trace on virbr0.  In the cases where a port is specified, the HTTP GET request includes the information and it matches the active specification in gpxe script.  When unspecified, the port is not present in the GET request and there is no change from previous behavior.

With my http server configuration, all cases successfully transfer the files regardless of the Host port specification.  This may not be true of a virtual server configuration which parses the Host tag within the GET request for path context.

Light general testing shows no adverse affects from this patch in my environment.  Suggest QE repeat the above as well as perform general PXE boot regression testing for VMs.

Comment 5 Jeff Nelson 2015-12-07 17:43:53 UTC

Fix included in gpxe-0.9.7-6.15.el6

Comment 8 Qian Guo 2015-12-10 09:31:27 UTC

Additional info:

QE also have a basic test, try to install via pxe with the fixed build, the RHEL6 guest is installed well, and boot successfully w/o any error, no regression issue found.

If the result of not specifying port as comment 7 is expected, this bug is verified, will wait for Alex reply.

Thanks,
Qian

Comment 12 errata-xmlrpc 2016-05-10 20:56:33 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0814.html

Note You need to log in before you can comment on or make changes to this bug.