[GH-ISSUE #1198] Filename not properly interpreted by TFTP #1870

New issue

Closed

opened 2026-03-01 18:37:00 +03:00 by kerem · 23 comments

kerem commented 2026-03-01 18:37:00 +03:00

Owner

Copy link

Originally created by @BloodBlight on GitHub (Feb 5, 2023).
Original GitHub issue: https://github.com/netbootxyz/netboot.xyz/issues/1198

Describe the bug
This is related to this discussion from a while back:
https://github.com/netbootxyz/netboot.xyz/discussions/1133

I have an older client is sending a file name to the TFTP server, but is not being properly decoded into Unicode. I am not sure if the TFTP server is from another project (and this should be posted there), so please feel free to re-direct me and I will post it there.

What I see in the logs:
2022-07-08 15:28:56 notice in.tftpd[88]: RRQ from 192.168.10.206 filename netboot.xyz.kpxe�����

The last characters (�) is (U+FFFD), a Unicode character for "Replacement Character". As it is at the end of the string, there could be a few causes, but without knowing the code...

To Reproduce
Attempt to boot from PXE.

Expected behavior
Should download the file and start booting.

Additional context
This is an old board, but a good one (kinda like a raspberry Pi, years before they were a thing. I can't find the exact model, but it is basically a Jetway J7F4K1G5DS-LF, just a bit slower (1.2GHz).

Originally created by @BloodBlight on GitHub (Feb 5, 2023). Original GitHub issue: https://github.com/netbootxyz/netboot.xyz/issues/1198 **Describe the bug** This is related to this discussion from a while back: https://github.com/netbootxyz/netboot.xyz/discussions/1133 I have an older client is sending a file name to the TFTP server, but is not being properly decoded into Unicode. I am not sure if the TFTP server is from another project (and this should be posted there), so please feel free to re-direct me and I will post it there. What I see in the logs: ```2022-07-08 15:28:56 notice in.tftpd[88]: RRQ from 192.168.10.206 filename netboot.xyz.kpxe�����``` The last characters (�) is (U+FFFD), a Unicode character for "Replacement Character". As it is at the end of the string, there could be a few causes, but without knowing the code... **To Reproduce** Attempt to boot from PXE. **Expected behavior** Should download the file and start booting. **Additional context** This is an old board, but a good one (kinda like a raspberry Pi, years before they were a thing. I can't find the exact model, but it is basically a Jetway J7F4K1G5DS-LF, just a bit slower (1.2GHz).

kerem 2026-03-01 18:37:00 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-03-01 18:37:01 +03:00

Author

Owner

Copy link

@MartinLoeper commented on GitHub (Oct 18, 2023):

I am noticing the same for a Lenovo T460 laptop. I am getting the following hex dump on the wire: 6e 65 74 62 6f 6f 74 2e 78 79 7a 2e 65 66 69 ff 00. The ff byte before the nullbyte should not be there. Is this a bug in the uefi firmware or am I missing something?

<!-- gh-comment-id:1769581327 --> @MartinLoeper commented on GitHub (Oct 18, 2023): I am noticing the same for a Lenovo T460 laptop. I am getting the following hex dump on the wire: 6e 65 74 62 6f 6f 74 2e 78 79 7a 2e 65 66 69 ff 00. The ff byte before the nullbyte should not be there. Is this a bug in the uefi firmware or am I missing something?

kerem commented 2026-03-01 18:37:01 +03:00

Author

Owner

Copy link

@antonym commented on GitHub (Oct 19, 2023):

Not really sure if there's anything on my side I can do about it, using Proxmox VMs to my docker container running tftp it seems to pull up without issues:

2023-10-18 03:54:57 notice in.tftpd[85]: RRQ from 10.0.100.155 filename netboot.xyz.efi

Wonder if whatever is serving up the filename for DHCP is putting some characters on the file name? Where are you setting next-server and setting the filename from? Is there a common router that may be appending some characters to the filename?

I think I've seen some other scenarios where people have had extra characters added to their filename, it could be a bug in a common router you might be using as well:

https://www.reddit.com/r/linuxquestions/comments/4rwesw/tftpboot_invalid_character_in_requested_filename/

<!-- gh-comment-id:1769668105 --> @antonym commented on GitHub (Oct 19, 2023): Not really sure if there's anything on my side I can do about it, using Proxmox VMs to my docker container running tftp it seems to pull up without issues: ``` 2023-10-18 03:54:57 notice in.tftpd[85]: RRQ from 10.0.100.155 filename netboot.xyz.efi ``` Wonder if whatever is serving up the filename for DHCP is putting some characters on the file name? Where are you setting next-server and setting the filename from? Is there a common router that may be appending some characters to the filename? I think I've seen some other scenarios where people have had extra characters added to their filename, it could be a bug in a common router you might be using as well: https://www.reddit.com/r/linuxquestions/comments/4rwesw/tftpboot_invalid_character_in_requested_filename/

kerem commented 2026-03-01 18:37:01 +03:00

Author

Owner

Copy link

@BloodBlight commented on GitHub (Oct 19, 2023):

I can have two computers sitting next to each other, one works, the other doesn't. Same target. I will verify that though (might not be today) to make sure I am not full of it. So I am fairly sure it is something about the way the client is making the request.

DHCP Is being handled by a UniFi USG 3. Fairly basic config:
https://imgur.com/a/ZnOfpZw

No idea why Imgur is tagging it as mature... Ignore.

<!-- gh-comment-id:1771284103 --> @BloodBlight commented on GitHub (Oct 19, 2023): I can have two computers sitting next to each other, one works, the other doesn't. Same target. I will verify that though (might not be today) to make sure I am not full of it. So I am fairly sure it is something about the way the client is making the request. DHCP Is being handled by a UniFi USG 3. Fairly basic config: https://imgur.com/a/ZnOfpZw No idea why Imgur is tagging it as mature... Ignore.

kerem commented 2026-03-01 18:37:01 +03:00

Author

Owner

Copy link

@megapearl commented on GitHub (Jan 18, 2024):

Having the same problem here.

Client:

Intel UNDI, PXE-2.1 (build 082)
Copyright (C) 1997-2000 Intel Corporation

This Product is covered by one or more of the following patents:
US5,307,459, US5,434,872, US5,732,094, US6,570,884, US6,115,776 and
US6,327,625

Realtek PCI Express Gigabit Ethernet Controller Series v2.26 (090219)

CLIENT MAC ADDR: 90 FB A6 41 09 ED CUID: C996DEBD-1DF6-1E31-E57C-90FBA64109ED
CLIENT IP: 10.0.0.100
MASK: 255.255.255.0 DHCP IP: 10.0.0.1
CATEWAY IP: 10.0.0.1

TFTP .
PXE-T01: File not found
PXE-E3B: TFTP Error - File Not found
PSE-MOF: Exiting PXE ROM.
Reboot and Select proper Boot device or Insert Boot Media in selected Boot device and press a key

Server:

<!-- gh-comment-id:1899338601 --> @megapearl commented on GitHub (Jan 18, 2024): Having the same problem here. Client: Intel UNDI, PXE-2.1 (build 082) Copyright (C) 1997-2000 Intel Corporation This Product is covered by one or more of the following patents: US5,307,459, US5,434,872, US5,732,094, US6,570,884, US6,115,776 and US6,327,625 Realtek PCI Express Gigabit Ethernet Controller Series v2.26 (090219) CLIENT MAC ADDR: 90 FB A6 41 09 ED CUID: C996DEBD-1DF6-1E31-E57C-90FBA64109ED CLIENT IP: 10.0.0.100 MASK: 255.255.255.0 DHCP IP: 10.0.0.1 CATEWAY IP: 10.0.0.1 TFTP . PXE-T01: File not found PXE-E3B: TFTP Error - File Not found PSE-MOF: Exiting PXE ROM. Reboot and Select proper Boot device or Insert Boot Media in selected Boot device and press a key Server: 

kerem commented 2026-03-01 18:37:01 +03:00

Author

Owner

Copy link

@BloodBlight commented on GitHub (Jan 18, 2024):

I am tempted to do a packet capture...

I have had multiple older systems have this issue now...

<!-- gh-comment-id:1899364846 --> @BloodBlight commented on GitHub (Jan 18, 2024): I am tempted to do a packet capture... I have had multiple older systems have this issue now...

kerem commented 2026-03-01 18:37:01 +03:00

Author

Owner

Copy link

@rudiservo commented on GitHub (Feb 28, 2024):

The issue is in the DHCP server passing the information to old nics
In my case if you have this option

option bootfile-name "netboot.xyz.kpxe";

the old nic will put some special chars on the end of it.

if you have the config has specified in the docs

you have something like this in the dhcp server

if exists user-class and ( option user-class = "iPXE" ) {
   filename "http://boot.netboot.xyz/menu.ipxe";
 } elsif option arch = encode-int ( 16, 16 ) {
   filename "http://boot.netboot.xyz/ipxe/netboot.xyz.efi";
   option vendor-class-identifier "HTTPClient";
 } elsif option arch = 00:07 {
   filename "netboot.xyz.efi";
 } else {
   filename "netboot.xyz.kpxe";
 }

so try to remove option boot-filename if you NIC is to old.

<!-- gh-comment-id:1969022504 --> @rudiservo commented on GitHub (Feb 28, 2024): The issue is in the DHCP server passing the information to old nics In my case if you have this option `option bootfile-name "netboot.xyz.kpxe";` the old nic will put some special chars on the end of it. if you have the config has specified in the [docs](https://netboot.xyz/docs/docker) you have something like this in the dhcp server ``` if exists user-class and ( option user-class = "iPXE" ) { filename "http://boot.netboot.xyz/menu.ipxe"; } elsif option arch = encode-int ( 16, 16 ) { filename "http://boot.netboot.xyz/ipxe/netboot.xyz.efi"; option vendor-class-identifier "HTTPClient"; } elsif option arch = 00:07 { filename "netboot.xyz.efi"; } else { filename "netboot.xyz.kpxe"; } ``` so try to remove option boot-filename if you NIC is to old.

kerem commented 2026-03-01 18:37:01 +03:00

Author

Owner

Copy link

@antonym commented on GitHub (Feb 28, 2024):

Let me know if dropping the option helps and we can get the knowledge base updated.

<!-- gh-comment-id:1969572381 --> @antonym commented on GitHub (Feb 28, 2024): Let me know if dropping the option helps and we can get the knowledge base updated.

kerem commented 2026-03-01 18:37:01 +03:00

Author

Owner

Copy link

@BloodBlight commented on GitHub (Feb 28, 2024):

I will test later tonight and let you know.

On Wed, Feb 28, 2024, 10:17 AM Antony Messerli @.***>
wrote:

Let me know if dropping the option helps and we can get the knowledge base
updated.

—
Reply to this email directly, view it on GitHub
https://github.com/netbootxyz/netboot.xyz/issues/1198#issuecomment-1969572381,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AA6FDTXBM3L4Y22R3G2NCG3YV5YEXAVCNFSM6AAAAAAUR5ZCFSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRZGU3TEMZYGE
.
You are receiving this because you authored the thread.Message ID:
@.***>

<!-- gh-comment-id:1969583586 --> @BloodBlight commented on GitHub (Feb 28, 2024): I will test later tonight and let you know. On Wed, Feb 28, 2024, 10:17 AM Antony Messerli ***@***.***> wrote: > Let me know if dropping the option helps and we can get the knowledge base > updated. > > — > Reply to this email directly, view it on GitHub > <https://github.com/netbootxyz/netboot.xyz/issues/1198#issuecomment-1969572381>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AA6FDTXBM3L4Y22R3G2NCG3YV5YEXAVCNFSM6AAAAAAUR5ZCFSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRZGU3TEMZYGE> > . > You are receiving this because you authored the thread.Message ID: > ***@***.***> >

kerem commented 2026-03-01 18:37:01 +03:00

Author

Owner

Copy link

@BloodBlight commented on GitHub (Mar 1, 2024):

So, I didn't fully read through the instructions at work the other day... I am using a UniFi device for my DHCP and can't deploy a config like that. I only get the option to include a host and a file name:
https://imgur.com/a/aYicWfO

Suggestions other than a rip and replace?

<!-- gh-comment-id:1973599592 --> @BloodBlight commented on GitHub (Mar 1, 2024): So, I didn't fully read through the instructions at work the other day... I am using a UniFi device for my DHCP and can't deploy a config like that. I only get the option to include a host and a file name: https://imgur.com/a/aYicWfO Suggestions other than a rip and replace?

kerem commented 2026-03-01 18:37:01 +03:00

Author

Owner

Copy link

@rudiservo commented on GitHub (Mar 1, 2024):

@BloodBlight does it work without TFTP server?
Unifi are great, except when you need to dig deep.
Can you ssh into the router?

<!-- gh-comment-id:1973603525 --> @rudiservo commented on GitHub (Mar 1, 2024): @BloodBlight does it work without TFTP server? Unifi are great, except when you need to dig deep. Can you ssh into the router?

kerem commented 2026-03-01 18:37:01 +03:00

Author

Owner

Copy link

@BloodBlight commented on GitHub (Mar 1, 2024):

Yeeeeesss... :) But I am not really comfortable editing their their config without the GUI's consent. That has a bad tendency to break things.

If they don't have the options, then they don't and I can work around that. Maybe have a "deployment" network that has it's own server.

I can test that with these boxes, but it will take a bit more time. Too many plates and not enough spoons to handle that one right away.

<!-- gh-comment-id:1973711757 --> @BloodBlight commented on GitHub (Mar 1, 2024): Yeeeeesss... :) But I am not really comfortable editing their their config without the GUI's consent. That has a bad tendency to break things. If they don't have the options, then they don't and I can work around that. Maybe have a "deployment" network that has it's own server. I can test that with these boxes, but it will take a bit more time. Too many plates and not enough spoons to handle that one right away.

kerem commented 2026-03-01 18:37:01 +03:00

Author

Owner

Copy link

@rudiservo commented on GitHub (Mar 1, 2024):

I feel your pain.
Yes test it with the boxes
because if it does you can put a support request for unifi and hopefully they will add more options to fix it in the router GUI.

<!-- gh-comment-id:1973735961 --> @rudiservo commented on GitHub (Mar 1, 2024): I feel your pain. Yes test it with the boxes because if it does you can put a support request for unifi and hopefully they will add more options to fix it in the router GUI.

kerem commented 2026-03-01 18:37:01 +03:00

Author

Owner

Copy link

@megapearl commented on GitHub (Mar 16, 2024):

The issue is in the DHCP server passing the information to old nics In my case if you have this option

option bootfile-name "netboot.xyz.kpxe";

the old nic will put some special chars on the end of it.

if you have the config has specified in the docs

you have something like this in the dhcp server

if exists user-class and ( option user-class = "iPXE" ) {
   filename "http://boot.netboot.xyz/menu.ipxe";
 } elsif option arch = encode-int ( 16, 16 ) {
   filename "http://boot.netboot.xyz/ipxe/netboot.xyz.efi";
   option vendor-class-identifier "HTTPClient";
 } elsif option arch = 00:07 {
   filename "netboot.xyz.efi";
 } else {
   filename "netboot.xyz.kpxe";
 }

so try to remove option boot-filename if you NIC is to old.

Tried to remove the boot-filename parameter, but then the iPXE client cannot find a bootfile and is not booting at all.
I got it working by replacing the DHCP server in pfSense 2.7.2-RELEASE from the new Kea one to the old isc-dhcp deprecated one.

Now booting old bios clients and new uefi clients.

<!-- gh-comment-id:2002024793 --> @megapearl commented on GitHub (Mar 16, 2024): > The issue is in the DHCP server passing the information to old nics In my case if you have this option > > `option bootfile-name "netboot.xyz.kpxe";` > > the old nic will put some special chars on the end of it. > > if you have the config has specified in the [docs](https://netboot.xyz/docs/docker) > > you have something like this in the dhcp server > > ``` > if exists user-class and ( option user-class = "iPXE" ) { > filename "http://boot.netboot.xyz/menu.ipxe"; > } elsif option arch = encode-int ( 16, 16 ) { > filename "http://boot.netboot.xyz/ipxe/netboot.xyz.efi"; > option vendor-class-identifier "HTTPClient"; > } elsif option arch = 00:07 { > filename "netboot.xyz.efi"; > } else { > filename "netboot.xyz.kpxe"; > } > ``` > > so try to remove option boot-filename if you NIC is to old. Tried to remove the boot-filename parameter, but then the iPXE client cannot find a bootfile and is not booting at all. I got it working by replacing the DHCP server in pfSense 2.7.2-RELEASE from the new Kea one to the old isc-dhcp deprecated one.  Now booting old bios clients and new uefi clients.

kerem commented 2026-03-01 18:37:02 +03:00

Author

Owner

Copy link

@rudiservo commented on GitHub (Mar 16, 2024):

@megapearl I have OpnSense so the way PfSense and OpnSense generate the config file may be different, best way to check this is by going strait into ssh and cat the config file to check if the option is there.

Anyway it's good to know that at least in Kea generated file that issue is sort of mitigated.

IMO advisory should be added to docs about this issue and that it may differ from router firmware or software.

<!-- gh-comment-id:2002034987 --> @rudiservo commented on GitHub (Mar 16, 2024): @megapearl I have OpnSense so the way PfSense and OpnSense generate the config file may be different, best way to check this is by going strait into ssh and cat the config file to check if the option is there. Anyway it's good to know that at least in Kea generated file that issue is sort of mitigated. IMO advisory should be added to docs about this issue and that it may differ from router firmware or software.

kerem commented 2026-03-01 18:37:02 +03:00

Author

Owner

Copy link

@eladiogalvez commented on GitHub (May 12, 2024):

Same issue with pfsense and old nic.
Fixed using deprecated dhcp server as @megapearl commented.

<!-- gh-comment-id:2106215908 --> @eladiogalvez commented on GitHub (May 12, 2024): Same issue with pfsense and old nic. Fixed using deprecated dhcp server as @megapearl commented.

kerem commented 2026-03-01 18:37:02 +03:00

Author

Owner

Copy link

@gbuloz commented on GitHub (May 27, 2025):

Same issue with kea 2.6.2 on Fedora 41 when booting a 10 years old Kontron VX3040 Intel CPU board. After some debug with tcpdump I noticed an extra FF at the end of the filename requested to the TFTP server. As a workaround I've renamed the boot files on the server with an extra FF at the end of their names using : mv name.efi $(echo -en 'name.efi\xFF')

<!-- gh-comment-id:2913882859 --> @gbuloz commented on GitHub (May 27, 2025): Same issue with kea 2.6.2 on Fedora 41 when booting a 10 years old Kontron VX3040 Intel CPU board. After some debug with tcpdump I noticed an extra FF at the end of the filename requested to the TFTP server. As a workaround I've renamed the boot files on the server with an extra FF at the end of their names using : mv name.efi $(echo -en 'name.efi\xFF')

kerem commented 2026-03-01 18:37:02 +03:00

Author

Owner

Copy link

@BloodBlight commented on GitHub (May 27, 2025):

Oh, that's a great little hack! I can even script out that creation. Thank you for sharing!

<!-- gh-comment-id:2913887184 --> @BloodBlight commented on GitHub (May 27, 2025): Oh, that's a great little hack! I can even script out that creation. Thank you for sharing!

kerem commented 2026-03-01 18:37:02 +03:00

Author

Owner

Copy link

@Koli0842 commented on GitHub (Jun 3, 2025):

I have also encountered this (Ubiquiti USG, and an old Z77X-UD3H with an Atheros NIC), the above hack worked. Instead of moving, I created symlinks for all bootable entities, it still works

<!-- gh-comment-id:2937443722 --> @Koli0842 commented on GitHub (Jun 3, 2025): I have also encountered this (Ubiquiti USG, and an old Z77X-UD3H with an Atheros NIC), the above hack worked. Instead of moving, I created symlinks for all bootable entities, it still works

kerem commented 2026-03-01 18:37:02 +03:00

Author

Owner

Copy link

@BloodBlight commented on GitHub (Jun 3, 2025):

As this is NOT a bug with netbootxyz, but rather an issue with with DHCP, I am open to closing this ticket. Maybe taking the notes from it and this "hack" and putting it into the docs?

<!-- gh-comment-id:2937478428 --> @BloodBlight commented on GitHub (Jun 3, 2025): As this is NOT a bug with netbootxyz, but rather an issue with with DHCP, I am open to closing this ticket. Maybe taking the notes from it and this "hack" and putting it into the docs?

kerem commented 2026-03-01 18:37:02 +03:00

Author

Owner

Copy link

@Koli0842 commented on GitHub (Jun 3, 2025):

Sounds good to me, took some digging to find this.

<!-- gh-comment-id:2937537452 --> @Koli0842 commented on GitHub (Jun 3, 2025): Sounds good to me, took some digging to find this.

kerem commented 2026-03-01 18:37:02 +03:00

Author

Owner

Copy link

@bwann commented on GitHub (Aug 9, 2025):

I did a bunch of digging into this problem and reading of UEFI specs a while back and I'm pretty sure what is happening is UEFI bugs around line terminations, at least when using UEFI PXE on IPv4. This comes down to using the fixed length "file" field in the DHCP header vs using Option 67 for providing a boot filename, and how different UEFI implementations handle line and field terminations in DHCPv4 packets.

RFC 2132 does not guarantee the filename in option 67 is null terminated. In the UEFI 2.6 spec DHCP options are treated as variable length fields in the form of "option code + length of option data + option data" but the spec does not address line terminations at all, that's left as an implementation detail. So some handle the filename in option 67 correctly and some don't.

For example for several of my SuperMicro boards given only option 67 (no higher numbered options) as "testfilename", the packet will contain 0x48 (decimal 67), 0x0C (length 12), the filename, and then 0xff at the end of the packet. They should read 12 bytes and stop, but what they do is keep reading data in as the filename right to the end of the packet as if they're expecting a null terminated string and not a variable-length-field. That's what gets the junk added to the end of TFTP filenames. I demonstrated this by adding some data to option 68 so it follows next in the same packet and their UEFI PXE code kept reading in the data in option 68 as part of the TFTP filename!

The way I see to fix this is not to use option 67 when providing a boot filename, but the actual 'file' field in the DHCP header. At least in Kea this is done as providing "boot-file-name" in the top level Dhcp4 (or class) config, and not in "option-data". Or pray and complain to the vendor they fix their UEFI.

Interestingly DHCPv6 doesn't have this problem because it's all variable-length-fields. The Tianocore EDK II reference UEFI implementation also goes out of its way to call out the ambiguous line termination with Option 67 and tries to do the right thing. I have a writeup a did that contains code snippets and examples: https://binaryfury.wann.net/2024/12/pxe-two-tftp-filenames-one-dhcp-offer-plus-weird-filenames/

<!-- gh-comment-id:3172072959 --> @bwann commented on GitHub (Aug 9, 2025): I did a bunch of digging into this problem and reading of UEFI specs a while back and I'm pretty sure what is happening is UEFI bugs around line terminations, at least when using UEFI PXE on IPv4. This comes down to using the fixed length "file" field in the DHCP header vs using Option 67 for providing a boot filename, and how different UEFI implementations handle line and field terminations in DHCPv4 packets. RFC 2132 does not guarantee the filename in option 67 is null terminated. In the UEFI 2.6 spec DHCP options are treated as variable length fields in the form of "option code + length of option data + option data" but the spec does not address line terminations at all, that's left as an implementation detail. So some handle the filename in option 67 correctly and some don't. For example for several of my SuperMicro boards given only option 67 (no higher numbered options) as "testfilename", the packet will contain 0x48 (decimal 67), 0x0C (length 12), the filename, and then 0xff at the end of the packet. They should read 12 bytes and stop, but what they do is keep reading data in as the filename right to the end of the packet as if they're expecting a null terminated string and not a variable-length-field. That's what gets the junk added to the end of TFTP filenames. I demonstrated this by adding some data to option 68 so it follows next in the same packet and their UEFI PXE code kept reading in the data in option 68 as part of the TFTP filename! The way I see to fix this is not to use option 67 when providing a boot filename, but the actual 'file' field in the DHCP header. At least in Kea this is done as providing "boot-file-name" in the top level Dhcp4 (or class) config, and not in "option-data". Or pray and complain to the vendor they fix their UEFI. Interestingly DHCPv6 doesn't have this problem because it's all variable-length-fields. The Tianocore EDK II reference UEFI implementation also goes out of its way to call out the ambiguous line termination with Option 67 and tries to do the right thing. I have a writeup a did that contains code snippets and examples: https://binaryfury.wann.net/2024/12/pxe-two-tftp-filenames-one-dhcp-offer-plus-weird-filenames/

kerem commented 2026-03-01 18:37:02 +03:00

Author

Owner

Copy link

@antonym commented on GitHub (Aug 9, 2025):

@claude can you summarize this for a kb article for https://github.com/netbootxyz/netboot.xyz-docs

<!-- gh-comment-id:3172078618 --> @antonym commented on GitHub (Aug 9, 2025): @claude can you summarize this for a kb article for https://github.com/netbootxyz/netboot.xyz-docs

kerem commented 2026-03-01 18:37:02 +03:00

Author

Owner

Copy link

@claude[bot] commented on GitHub (Aug 9, 2025):

Claude finished @antonym's task —— View job

---

Creating Knowledge Base Article Summary

I've analyzed the issue thread and created a comprehensive KB article summary about TFTP filename interpretation problems.

Todo List:

• Analyze the issue thread and extract key technical details
• Identify root causes and affected hardware/software combinations
• Document all known workarounds and solutions
• Create formatted KB article summary suitable for documentation

---

KB Article: TFTP Filename Interpretation Issues with Older PXE Clients

Problem Description

Older PXE clients (typically 10+ years old) may append extra characters to TFTP filenames, causing "File not found" errors. The issue manifests as Unicode replacement characters (�) or hex bytes (often 0xFF) being added to the end of requested filenames.

Root Cause

This is a UEFI PXE implementation bug related to DHCP filename handling:

• Technical Issue: UEFI PXE clients incorrectly handle DHCP Option 67 (boot filename)
• Expected Behavior: Option 67 should be treated as a variable-length field
• Actual Behavior: Some implementations treat it as a null-terminated string, reading beyond the specified length
• Result: Extra bytes from the DHCP packet get appended to the TFTP filename request

Affected Hardware/Software

Hardware:

• Jetway J7F4K1G5DS-LF and similar older boards
• Lenovo T460 laptops
• Z77X-UD3H motherboards with Atheros NICs
• Kontron VX3040 Intel CPU boards
• Generally affects Intel UNDI PXE-2.1 implementations from ~2000 era

DHCP Servers:

• Kea DHCP (problematic)
• UniFi USG devices (limited configuration options)
• pfSense with Kea DHCP

Working Combinations:

• pfSense with deprecated isc-dhcp
• Properly configured OpnSense/isc-dhcp setups

Workarounds and Solutions

1. Server-Side File Naming (Recommended)

Create boot files with the extra 0xFF byte in the filename:

# Rename files to include the extra byte
mv netboot.xyz.kpxe $(echo -en 'netboot.xyz.kpxe\xFF')
mv netboot.xyz.efi $(echo -en 'netboot.xyz.efi\xFF')

# Or create symlinks (cleaner approach)
ln -s netboot.xyz.kpxe $(echo -en 'netboot.xyz.kpxe\xFF')
ln -s netboot.xyz.efi $(echo -en 'netboot.xyz.efi\xFF')

2. DHCP Configuration Changes

For isc-dhcp servers, use the boot-file-name directive instead of Option 67:

# In dhcp4 config, use boot-file-name at the top level
boot-file-name "netboot.xyz.kpxe";

# Instead of in option-data

For pfSense users: Switch from Kea to the deprecated isc-dhcp service in System > Advanced > Networking.

3. Remove DHCP boot-filename Option

Some users report success by removing the option bootfile-name directive entirely, though this may break other clients.

Technical Details

• The issue specifically affects DHCPv4 Option 67 handling
• DHCPv6 does not have this problem due to its variable-length field design
• RFC 2132 does not guarantee null termination of Option 67 filenames
• UEFI 2.6 spec leaves line termination as an implementation detail

Troubleshooting Steps

1. Identify the issue: Look for replacement characters (�) or extra bytes in TFTP server logs
2. Packet capture: Use tcpdump to verify extra bytes in TFTP requests
3. Test workarounds: Try the server-side filename solution first
4. DHCP server evaluation: Consider switching from Kea to isc-dhcp if possible

Prevention

• Use the boot-file-name directive in DHCP configuration instead of Option 67
• Test with known problematic hardware before deployment
• Document affected clients in your environment

References

• Issue discussion: https://github.com/netbootxyz/netboot.xyz/issues/1198
• Technical analysis: https://binaryfury.wann.net/2024/12/pxe-two-tftp-filenames-one-dhcp-offer-plus-weird-filenames/
• UEFI Specification 2.6+
• RFC 2132 (DHCP Options)

---

<!-- gh-comment-id:3172078692 --> @claude[bot] commented on GitHub (Aug 9, 2025): **Claude finished @antonym's task** —— [View job](https://github.com/netbootxyz/netboot.xyz/actions/runs/16853395658) --- ### Creating Knowledge Base Article Summary I've analyzed the issue thread and created a comprehensive KB article summary about TFTP filename interpretation problems. **Todo List:** - [x] Analyze the issue thread and extract key technical details - [x] Identify root causes and affected hardware/software combinations - [x] Document all known workarounds and solutions - [x] Create formatted KB article summary suitable for documentation --- ## KB Article: TFTP Filename Interpretation Issues with Older PXE Clients ### Problem Description Older PXE clients (typically 10+ years old) may append extra characters to TFTP filenames, causing "File not found" errors. The issue manifests as Unicode replacement characters (�) or hex bytes (often 0xFF) being added to the end of requested filenames. ### Root Cause This is a UEFI PXE implementation bug related to DHCP filename handling: - **Technical Issue**: UEFI PXE clients incorrectly handle DHCP Option 67 (boot filename) - **Expected Behavior**: Option 67 should be treated as a variable-length field - **Actual Behavior**: Some implementations treat it as a null-terminated string, reading beyond the specified length - **Result**: Extra bytes from the DHCP packet get appended to the TFTP filename request ### Affected Hardware/Software **Hardware:** - Jetway J7F4K1G5DS-LF and similar older boards - Lenovo T460 laptops - Z77X-UD3H motherboards with Atheros NICs - Kontron VX3040 Intel CPU boards - Generally affects Intel UNDI PXE-2.1 implementations from ~2000 era **DHCP Servers:** - Kea DHCP (problematic) - UniFi USG devices (limited configuration options) - pfSense with Kea DHCP **Working Combinations:** - pfSense with deprecated isc-dhcp - Properly configured OpnSense/isc-dhcp setups ### Workarounds and Solutions #### 1. Server-Side File Naming (Recommended) Create boot files with the extra 0xFF byte in the filename: ```bash # Rename files to include the extra byte mv netboot.xyz.kpxe $(echo -en 'netboot.xyz.kpxe\xFF') mv netboot.xyz.efi $(echo -en 'netboot.xyz.efi\xFF') # Or create symlinks (cleaner approach) ln -s netboot.xyz.kpxe $(echo -en 'netboot.xyz.kpxe\xFF') ln -s netboot.xyz.efi $(echo -en 'netboot.xyz.efi\xFF') ``` #### 2. DHCP Configuration Changes **For isc-dhcp servers**, use the `boot-file-name` directive instead of Option 67: ``` # In dhcp4 config, use boot-file-name at the top level boot-file-name "netboot.xyz.kpxe"; # Instead of in option-data ``` **For pfSense users**: Switch from Kea to the deprecated isc-dhcp service in System > Advanced > Networking. #### 3. Remove DHCP boot-filename Option Some users report success by removing the `option bootfile-name` directive entirely, though this may break other clients. ### Technical Details - The issue specifically affects DHCPv4 Option 67 handling - DHCPv6 does not have this problem due to its variable-length field design - RFC 2132 does not guarantee null termination of Option 67 filenames - UEFI 2.6 spec leaves line termination as an implementation detail ### Troubleshooting Steps 1. **Identify the issue**: Look for replacement characters (�) or extra bytes in TFTP server logs 2. **Packet capture**: Use tcpdump to verify extra bytes in TFTP requests 3. **Test workarounds**: Try the server-side filename solution first 4. **DHCP server evaluation**: Consider switching from Kea to isc-dhcp if possible ### Prevention - Use the `boot-file-name` directive in DHCP configuration instead of Option 67 - Test with known problematic hardware before deployment - Document affected clients in your environment ### References - Issue discussion: https://github.com/netbootxyz/netboot.xyz/issues/1198 - Technical analysis: https://binaryfury.wann.net/2024/12/pxe-two-tftp-filenames-one-dhcp-offer-plus-weird-filenames/ - UEFI Specification 2.6+ - RFC 2132 (DHCP Options) ---

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

development

copilot/add-doc-for-issue-1780

add-ubuntu-26.04

renovate/ansible-13.x

master

RC

changelog/3.0.1

feat/enable-rolling-builds

feat/secureboot-shim-devuan-kali

feature/secureboot-release-artifacts

copilot/sub-pr-1738

claude/issue-1703-20251117-0231

claude/issue-1703-20251117-0226

claude/issue-1703-20251117-0220

copilot/add-regex-manager-for-workflow-files

copilot/update-install-dependencies-step

copilot/fix-6503c0f7-4459-4828-8fe9-0b7f297ed932

claude/issue-1672-20250912-0331

testing

kairos_support

test

antonym/add-mac-pass

3.0.1

3.0.1-RC

3.0.0

3.0.0-RC

2.0.89

2.0.89-RC

2.0.88-RC

2.0.88

2.0.87-RC

2.0.87

2.0.86

2.0.86-RC

2.0.85

2.0.85-RC

2.0.84

2.0.84-RC

2.0.83

2.0.83-RC

2.0.82-RC

2.0.82

2.0.81-RC

2.0.81

2.0.80

2.0.80-RC

2.0.79

2.0.79-RC

2.0.78

2.0.78-RC

2.0.77-RC

2.0.77

2.0.76

2.0.76-RC

2.0.75

2.0.75-RC

2.0.74

2.0.74-RC

2.0.73

2.0.73-RC

2.0.72

2.0.72-RC

2.0.71

2.0.71-RC

2.0.70

2.0.70-RC

2.0.69

2.0.69-RC

2.0.68

2.0.68-RC

2.0.67

2.0.67-RC

2.0.66

2.0.66-RC

2.0.65

2.0.65-RC

2.0.64

2.0.64-RC

2.0.63

2.0.63-RC

2.0.62

2.0.62-RC

2.0.61

2.0.61-RC

2.0.60

2.0.60-RC

2.0.59

2.0.59-RC

2.0.58

2.0.58-RC

2.0.57

2.0.57-RC

2.0.56

2.0.56-RC

2.0.55

2.0.55-RC

2.0.54

2.0.54-RC

2.0.53

2.0.53-RC

2.0.52

2.0.52-RC

2.0.51

2.0.51-RC

2.0.50

2.0.50-RC

2.0.49

2.0.49-RC

2.0.48

2.0.48-RC

2.0.47

2.0.47-RC

2.0.46

2.0.46-RC

2.0.45

2.0.45-RC

2.0.44

2.0.44-RC

2.0.43

2.0.43-RC

2.0.42

2.0.42-RC

2.0.41

2.0.41-RC

2.0.40

2.0.40-RC

2.0.39

2.0.39-RC

2.0.38

2.0.38-RC

2.0.37

2.0.37-RC

2.0.36

2.0.36-RC

2.0.35

2.0.35-RC

2.0.34

2.0.34-RC

2.0.33

2.0.33-RC

2.0.32

2.0.32-RC

2.0.31

2.0.31-RC

2.0.30

2.0.30-RC

2.0.29

2.0.29-RC

2.0.28

2.0.28-RC

2.0.27

2.0.27-RC

2.0.26

2.0.26-RC

2.0.25

2.0.25-RC5LI

2.0.25-RC

2.0.24

2.0.24-RC

2.0.23

2.0.23-RC

2.0.22

2.0.22-RC

2.0.21

2.0.21-RC

2.0.20

2.0.20-RC

2.0.19

2.0.19-RC

2.0.18

2.0.18-RC

2.0.17

2.0.17-RC

2.0.16

2.0.16-RC

2.0.15

2.0.15-RC

2.0.14

2.0.14-RCZQD

2.0.14-RC

2.0.13

2.0.13-RC17N

2.0.13-RC

2.0.12

2.0.12-RC

2.0.11

2.0.10

2.0.10-RC

2.0.9

2.0.9-RC2N0

2.0.9-RC

2.0.8

2.0.8-RC

2.0.7

2.0.7-RC

2.0.6

2.0.6-R1-RC

2.0.6-RC

2.0.5

2.0.5-RC

2.0.4

2.0.4-RC

2.0.3

2.0.3-RC

2.0.2

2.0.2-RC

2.0.1

2.0.1-RC

2.0.0

2.0.0-RC

1.9.91-RC

1.9.9

1.9.9-RC

1.9.8-RC

1.0.0

1.9.7-RC

Labels

Clear labels   

Hacktoberfest

  

Hacktoberfest

  

bootloader

  

bsd

  

bug

  

confirmed

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

eol

  

experimental-merged

  

freebsd

  

help wanted

  

invalid

  

investigate

  

ipxe

  

linux

  

live-os

  

memdisk

  

menu

  

no-issue-activity

  

no-issue-activity

  

pull-request

Mirrored from GitHub Pull Request

  

released

  

todo

  

upstream

  

windows

  

windows

  

work-in-progress

No labels

Hacktoberfest

Hacktoberfest

bootloader

bsd

bug

confirmed

documentation

duplicate

enhancement

enhancement

enhancement

eol

experimental-merged

freebsd

help wanted

invalid

investigate

ipxe

linux

live-os

memdisk

menu

no-issue-activity

no-issue-activity

pull-request

released

todo

upstream

windows

windows

work-in-progress

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/netboot.xyz#1870

No description provided.