[Dnsmasq-discuss] ProxyDHCP with UEFI systems

Michael Kuron michael-lists at PHYSCIP.UNI-STUTTGART.DE
Mon Oct 19 12:54:54 BST 2015


I made some changes to dnsmasq (patch below) that remove the PXE menu system (the option 43 stuff) if there’s only one menu entry and put the boot file name and server address directly into the file and siaddr fields. This works fine for BIOS systems, but doesn’t work for UEFI either.
Next thing I tried was to copy the boot file name and server address into options 66 and 67, but that doesn’t work either.

So far, it really seems like proxyDHCP support in UEFI systems is completely missing. I used VMware Fusion 8.0.1 and a recent Asus laptop for testing. If anybody could supply a Wireshark of a different implementation that works (Windows Deployment Services maybe?), it should be easy to adapt my patch.

It’s really easy to set up a test system in any modern version of VMware: just create a new VM and add the following to the .vmx file:
firmware = "efi"



diff --git a/src/rfc2131.c b/src/rfc2131.c
index 9f69ed5..27b2573 100644
--- a/src/rfc2131.c
+++ b/src/rfc2131.c
@@ -859,6 +859,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
	      
	      if (tmp)
		{
+		  int num_services = 0;
		  struct dhcp_boot *boot;
		  
		  if (tmp->netid.net)
@@ -890,13 +891,49 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
		      if (boot->file)
			strncpy((char *)mess->file, boot->file, sizeof(mess->file)-1);
		    }
+		  else
+		    {
+				struct pxe_service *service;
+				for (service = daemon->pxe_services; service; service = service->next)
+					if (pxearch == service->CSA && match_netid(service->netid, netid, 1))
+						++num_services;
+				
+				if (num_services == 1)
+				{
+					for (service = daemon->pxe_services; service; service = service->next)
+						if (pxearch == service->CSA && match_netid(service->netid, netid, 1))
+					{
+						if (service->sname)
+							mess->siaddr = a_record_from_hosts(service->sname, now);
+						else if (service->server.s_addr != 0)
+							mess->siaddr = service->server; 
+						else
+							mess->siaddr = tmp->local;
+						
+						if (service->CSA == 0)
+							snprintf((char *)mess->file, sizeof(mess->file), "%s.0", service->basename);
+						else if (service->CSA == 6 || service->CSA == 7 || service->CSA == 8 || service->CSA == 9)
+						{
+							char sname[16];
+							snprintf((char *)mess->file, sizeof(mess->file), "%s.efi", service->basename);
+							inet_ntop(AF_INET, &mess->siaddr, &sname, 16);
+							// Option 66 and 67 necessary according to http://www-01.ibm.com/support/docview.wss?uid=swg27027022&aid=1
+							option_put_string(mess, end, OPTION_SNAME, sname, 0);
+							option_put_string(mess, end, OPTION_FILENAME, &mess->file, 0);
+						}
+						else
+							strncpy((char *)mess->file, service->basename, sizeof(mess->file)-1);
+					}
+				}
+		    }
		  
		  option_put(mess, end, OPTION_MESSAGE_TYPE, 1, 
			     mess_type == DHCPDISCOVER ? DHCPOFFER : DHCPACK);
		  option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, htonl(tmp->local.s_addr));
		  pxe_misc(mess, end, uuid);
		  prune_vendor_opts(tagif_netid);
-		  do_encap_opts(pxe_opts(pxearch, tagif_netid, tmp->local, now), OPTION_VENDOR_CLASS_OPT, DHOPT_VENDOR_MATCH, mess, end, 0);
+		  if (num_services != 1)
+		    do_encap_opts(pxe_opts(pxearch, tagif_netid, tmp->local, now), OPTION_VENDOR_CLASS_OPT, DHOPT_VENDOR_MATCH, mess, end, 0);
		  
		  log_packet("PXE", NULL, emac, emac_len, iface_name, ignore ? "proxy-ignored" : "proxy", NULL, mess->xid);
		  log_tags(tagif_netid, ntohl(mess->xid));


> On 05.10.2015, at 23:53, Simon Kelley <simon at thekelleys.org.uk> wrote:
> 
> The problem in known, but not the solution. I did start working on that
> about six months ago, but got bogged down in creating a test system.
> 
> What would be really useful would be to find an implementation that
> works with UEFI and proxy DHCP, and getting for packet captures to show
> what should be sent. Cheers, Simon.
> 




More information about the Dnsmasq-discuss mailing list