Re: [Dnsmasq-discuss] proxyDHCP + EFI PXE
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14/03/15 22:27, Steve Wescott wrote: > This is due to Dnsmasq's use of DHCP Option 43. Many (most?) UEFI > implementations do not seem to handle this the same as bios > systems. While I have not seen any definitive answers as to what > has changed, there are many complaints about this on various > forums. Maybe changes were made to accommodate pxe over ipv6? Just > a guess. I think this is a useful observation. Greg has sent me several wireshark traces of successful boots using other systems, and none of them use the PXE menu system, encapsulated in option 43. > > Some examples: > > "Some UEFI targets are not able to correctly process option 43. For > those targets it is necessary to set option 66 and 67." [1] "UEFI > devices are not correctly respecting the PXE Boot Menu options" > [2] "the above works if dnsmasq does not act as a DHCP proxy. For > some reason the EFI firmware does not handle that well" [3] > > Since most large companies are presumably using a commercial > solution or just straight dhcp options for pxe boot, efi support > for Proxy DHCP has not trickled down to any open source projects > that I am aware of. I would expect this to become an issue in the > near future, as many new systems are EFI only and do not include a > bios compatibility support module. > > I would love to see this get fixed in Dnsmasq, but I would expect > it would require some significant changes to how it handles Proxy > DHCP. I'm thinking about it. It may be as simple as decoupling control of the pxe subsystem from the existance of pxe-prompt and pxe-service configuration options. The Intel PXE 2.1 spec document must get some sort of "most useless and confused specification" award. Cheers, Simon. > > [1] > http://www-01.ibm.com/support/knowledgecenter/SS3HLM_7.1.1.14/com.ibm.tivoli.tpm.osd.doc/install/cosd_idhcp.htm > > [2] https://community.landesk.com/support/message/90065#sthash.ctWAPCAS.dpuf > [3] > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2014q1/008182.html > > Another interesting example: http://firmware.intel.com/messages/331 > > On Feb 14, 2015, at 06:04, Greg C wrote: > >> Has anybody been able to pxeboot an EFI system using Dnsmasq in >> proxyDHCP mode? Every machine I have tried fails to boot (mostly >> newer Dells with Intel cards). >> >> The relevant lines from from my config file are here: >> pxe-service=x86-64_EFI,"Loading...",snponly >> dhcp-range=192.168.0.0,proxy,255.255.0.0 >> >> Watching the traffic with wireshark I can see the proxy response >> get sent containing my 'menu' encapsulated in option 43 with the >> correct boot file name. Still, the client never seems acknowledge >> the boot info, either by showing an error or attempting to boot. >> It just times out after ~60 seconds and boots to the next device. >> If I reboot using 'Legacy PXE', everything works perfectly (I >> have a line for x86PC as well). If I switch from proxy to full >> DHCP I can boot in EFI mode without issue. I am running Dnsmasq >> version 2.71 on Ubuntu if that matters. Am I doing something >> wrong, or does proxyDHCP not work with EFI systems yet? These >> same machines can boot to Windows Deployment Services in >> proxyDHCP mode, so I am sure EFI PXE is capable of booting this >> way. >> >> Thanks. > > > > ___ Dnsmasq-discuss > mailing list Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlUFvMsACgkQKPyGmiibgrcHfgCgkmdAapOWQrOG8XfV4smyJMvu PHwAn2BwW31X4UaTP9vU3qB5LglMK7Ni =Zm/P -END PGP SIGNATURE- ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] proxyDHCP + EFI PXE
This is due to Dnsmasq's use of DHCP Option 43. Many (most?) UEFI implementations do not seem to handle this the same as bios systems. While I have not seen any definitive answers as to what has changed, there are many complaints about this on various forums. Maybe changes were made to accommodate pxe over ipv6? Just a guess. Some examples: "Some UEFI targets are not able to correctly process option 43. For those targets it is necessary to set option 66 and 67." [1] "UEFI devices are not correctly respecting the PXE Boot Menu options" [2] "the above works if dnsmasq does not act as a DHCP proxy. For some reason the EFI firmware does not handle that well" [3] Since most large companies are presumably using a commercial solution or just straight dhcp options for pxe boot, efi support for Proxy DHCP has not trickled down to any open source projects that I am aware of. I would expect this to become an issue in the near future, as many new systems are EFI only and do not include a bios compatibility support module. I would love to see this get fixed in Dnsmasq, but I would expect it would require some significant changes to how it handles Proxy DHCP. [1] http://www-01.ibm.com/support/knowledgecenter/SS3HLM_7.1.1.14/com.ibm.tivoli.tpm.osd.doc/install/cosd_idhcp.htm [2] https://community.landesk.com/support/message/90065#sthash.ctWAPCAS.dpuf [3] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2014q1/008182.html Another interesting example: http://firmware.intel.com/messages/331 On Feb 14, 2015, at 06:04, Greg C wrote: Has anybody been able to pxeboot an EFI system using Dnsmasq in proxyDHCP mode? Every machine I have tried fails to boot (mostly newer Dells with Intel cards). The relevant lines from from my config file are here: pxe-service=x86-64_EFI,"Loading...",snponly dhcp-range=192.168.0.0,proxy,255.255.0.0 Watching the traffic with wireshark I can see the proxy response get sent containing my 'menu' encapsulated in option 43 with the correct boot file name. Still, the client never seems acknowledge the boot info, either by showing an error or attempting to boot. It just times out after ~60 seconds and boots to the next device. If I reboot using 'Legacy PXE', everything works perfectly (I have a line for x86PC as well). If I switch from proxy to full DHCP I can boot in EFI mode without issue. I am running Dnsmasq version 2.71 on Ubuntu if that matters. Am I doing something wrong, or does proxyDHCP not work with EFI systems yet? These same machines can boot to Windows Deployment Services in proxyDHCP mode, so I am sure EFI PXE is capable of booting this way. Thanks. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] proxyDHCP + EFI PXE?
Thanks Simon. I will send you the packet captures within the next 24 hours. I realize that this is currently a niche feature, but I would expect it to become more common in the near future as things move towards EFI. Looking through the mailing list, I found this post from last year indicating the same issue: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2014q1/008182.html >There have been no changes to this code since 2.71, so upgrading won't >save you. I have no idea if this has ever worked. I've certainly never >tested it, and it wouldn't surprise me if no-one has made it work: >it's pretty niche. > >I don't, AFAIK, have any suitable hardware to test this, but you may >be in a perfect position to do what I'd do next, which is to compare >the PXE packet that WDS sends, and which works, with the one the >dnsmasq sends, and is ignored. On a good day, that will give us one, >obvious, difference and an easy fix :-) > >Could you post complete packet captures suitable for loading into >Wireshark, or send them directly to me if you prefer? > > >Cheers, > >Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] proxyDHCP + EFI PXE?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 14/02/15 06:04, Greg C wrote: > Has anybody been able to pxeboot an EFI system using Dnsmasq in > proxyDHCP mode? Every machine I have tried fails to boot (mostly > newer Dells with Intel cards). The relevant lines from from my > config file are here: pxe-service=x86-64_EFI,"Loading...",snponly > dhcp-range=192.168.0.0,proxy,255.255.0.0 > > > Watching the traffic with wireshark I can see the proxy response > get sent containing my 'menu' encapsulated in option 43 with the > correct boot file name. Still, the client never seems acknowledge > the boot info, either by showing an error or attempting to boot. It > just times out after ~60 seconds and boots to the next device. If I > reboot using > 'Legacy PXE', everything works perfectly (I have a line for x86PC as > well). If I switch from proxy to full DHCP I can boot in EFI mode > without issue. > I am running Dnsmasq version 2.71 on Ubuntu if that matters. Am I > doing something wrong, or does proxyDHCP not work with EFI systems > yet? These same machines can boot to Windows Deployment Services > in proxyDHCP mode, so I am sure EFI PXE is capable of booting this > way. Thanks. > There have been no changes to this code since 2.71, so upgrading won't save you. I have no idea if this has ever worked. I've certainly never tested it, and it wouldn't surprise me if no-one has made it work: it's pretty niche. I don't, AFAIK, have any suitable hardware to test this, but you may be in a perfect position to do what I'd do next, which is to compare the PXE packet that WDS sends, and which works, with the one the dnsmasq sends, and is ignored. On a good day, that will give us one, obvious, difference and an easy fix :-) Could you post complete packet captures suitable for loading into Wireshark, or send them directly to me if you prefer? Cheers, Simon. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJU32ICAAoJEBXN2mrhkTWi8xgP/0G4Snl7qCDIJfYR3REMwHHn TOU/KtBDegVE5zoqEJGS2s1tyIpqli4oH875smVztQ6owQjurfIOS7AA2k/wDCl9 OrQ3b0S1oIYXXTXngNJnliqPbn/Ue9JmirbDkculq13/hzw2a3H0qOdEV0nTtFfb o81xNYX4Hy++M1aGSlUhF0eZ2uDtmG7eNXZ0Efr3XbsLiX+7HKDu7WWWu2lnr1G6 VfHPBQ8K0uqXq9Un6fd/fm5hxtK20dC0+gu4KyAN4kxxjP30f3x4g+uUGB6cEYSy h7J7hvGoPbfetOOCd9yrERS1yt1/XDQWAR7gug775pHIoKnbHCamR3VUDhXqNagJ BVSNCPXZi7LbGDdZ95zKjSuZc1u1/tFzHFt+/67cyqzuksszm7+V+1viejDpl7PM MKid9y8YQJndjL6yS/usQwqBgD5F2bqtd+ks7KBnp9qGxO4FN6OcKsXujQGluZ1z N4wKIrXnDZT8ERZbwrSbI8atE/LiTIJ+V65onh+7vJvxYsD1S6VZmsek+hPqES41 jvix8lZttc9tR+SPI84WUWZ3v09EsM01KMkZv+L0+Ek15Fcimapaw0jKuUEtRRa9 wtnBGW4j6dFjzvtyBl/jYKpnnLUm4dfkcMxPng9QmrEFp2JNjGEhTCX7i0Rt7NKo GXAW05axbGooIVSg6yCn =iW5b -END PGP SIGNATURE- ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] proxyDHCP + EFI PXE?
Has anybody been able to pxeboot an EFI system using Dnsmasq in proxyDHCP mode? Every machine I have tried fails to boot (mostly newer Dells with Intel cards). The relevant lines from from my config file are here: pxe-service=x86-64_EFI,"Loading...",snponlydhcp-range=192.168.0.0,proxy,255.255.0.0 Watching the traffic with wireshark I can see the proxy response get sent containing my 'menu' encapsulated in option 43 with the correct boot file name. Still, the client never seems acknowledge the boot info, either by showing an error or attempting to boot. It just times out after ~60 seconds and boots to the next device. If I reboot using 'Legacy PXE', everything works perfectly (I have a line for x86PC as well). If I switch from proxy to full DHCP I can boot in EFI mode without issue. I am running Dnsmasq version 2.71 on Ubuntu if that matters. Am I doing something wrong, or does proxyDHCP not work with EFI systems yet? These same machines can boot to Windows Deployment Services in proxyDHCP mode, so I am sure EFI PXE is capable of booting this way. Thanks. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss