[Dnsmasq-discuss] Feature request: make dnsmasq able to work as a proxydhcp

richardvoigt at gmail.com richardvoigt at gmail.com
Thu Mar 26 13:50:07 GMT 2009 

On Thu, Mar 26, 2009 at 10:01 AM, Simon Kelley <simon at thekelleys.org.uk>wrote:

> Guilherme Moro wrote:
>
>> Hello all,
>>
>> I have made a proxyDHCP server to my company, and I think  I can help to
>> implement this.
>>
>> Unfortunately I dont have the permission to share my code ( that is
>> written in python ) but I think that can be pretty easy to make one based on
>> the dnsmasq code.
>>
>> The spec is indeed a bit unclear. but after some packet sniffing of other
>> (closed source )ProxyDHCP server I have figured out what happens.
>> Let me try to explain.
>>
>> There are two scenarios:
>> - the proxyDHCP server can run on the same machine that the DHCP server
>> are running
>> - the proxyDHCP can stay in different machine that the DHCP server
>>
>> for the first scenario we have the Proxy DHCP listening just in the 4011
>> port, but I need some kind of control of DHCP server, because the server
>> must respond "PXEClient" in the class identifier, so, when the client see
>> the PXEClient identifier, but no boot information, it request (DHCPREQUEST)
>> this information in the 4011 port.
>>
>> the second scenario, we have the proxyDHCP running alone in other machine
>> of the network. In this scenario we make the server runs in the 67 and 4011
>> ports . It will receive the DISCOVER in the 67 port, and reply with a OFFER
>> with the PXEClient class-identifier, and no ip address ( 0.0.0.0 ), the
>> client will just store the server IP address, it will continue the normal
>> DHCP process to get an IP address from the DHCP server, and then, the client
>> will make a DHCPREQUEST in the stored IP, port 4011, to get the boot
>> information.
>>
>> If its still not so clear, its just ask for more clarifications, I'll be
>> happy to help. =)
>> and let me know how to help you to code, if you want.
>>
>> About the use of this kind of stuff, I see more and more people using this
>> kind of router/firewall/gateway hardware to setup remotely managed networks
>> ( see SonicWall for some example of hardware -
>> http://www.sonicwall.com/us/ ), and a lot of people dont even know about
>> proxyDHCP, and how it works, and like was said, theres no open source server
>> available (yet!) so people prefer to use other kind of setup to achieve the
>> same functionality.
>> So this kind of support to boot will be a good thing, for a lot of people,
>> more than we can imagine right now
>>
>> Regards,
>>
>> Guilherme Moro
>>
>
> Many thanks, Guilherme, that is very useful information.
>
> I guess it needs two configuration options, one to turn on port 4011, and
> one to enable the "reply with address 0.0.0.0 to PXE discover". None of that
> is a significant amount of code.
>
> There should be tags set to tailor behavior in these two cases.
>
> The other thing to worry about is sending the PXE DHCP options. As far as I
> can see, they are all sent as option 43 encapsulated vendor options, and
> dnsmasq supports those, which is good. The data formats of some of the
> options (things like the menu) are pretty complex, and not possible to
> produce with the existing --dhcp-option parsing code, except by entering
> them as pure hex. It probably makes sense to add some parsing code for that.
> Opinions on which options are used in real life and which can be ignored
> would be valuable.


If I'm understanding right, the only thing that dnsmasq needs to do is send
the reply with IP address 0.0.0.0 and classid of PXEClient.  You'd run the
same PXE kit on port 4011 with a dnsmasq sending what I'll call a "PXE
beacon" as you would with PXE on the main DHCP server where the PXE beacon
is embedded in the usual DHCP response (IP address, gateway, DNS servers,
etc.)

Or are the existing PXE packages not good enough for that?  AFAICT, PXE
isn't going to be distributed from a tiny resource constrained embedded
device (boot images are tens of megabytes, minimum) and so having dnsmasq
take over the port 4011 responsibilities as well seems like a low benefit
for the added maintenance and testing headaches.

What might be more useful would be for dnsmasq to support spoofing the
source address of the PXE beacon so that the subsequent request to port 4011
goes to a different server that the dnsmasq host.

But I've no experience and very little interest in PXE so I might be totally
clueless here.


>
>
>
> Cheers,
>
> Simon.
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20090326/2a4ca4b2/attachment.htm

More information about the Dnsmasq-discuss mailing list