[Dnsmasq-discuss] [PATCH] Do not set resolv.conf to 127.0.0.1 if port=0
dnsmasq's startup script seems to assume users always want to use dnsmasq as local DNS resolver, and tells resolvconf to put "nameserver 127.0.0.1" in /etc/resolv.conf The problem with this is that if users just want to use dnsmasq as DHCP server, and put port=0 in /etc/dnsmasq.conf to disable the DNS functionality, they end up with broken name resolving. Put a basic check in the startup script that skips resolvconf configuration if a line starting with port=0 is in /etc/dnsmasq.conf This doesn't cover all cases (e.g. configuration could also be in different file in /etc/dnsmasq.d), but is better than current situation. Signed-off-by: Floris Bos--- debian/init | 5 + 1 file changed, 5 insertions(+) diff --git a/debian/init b/debian/init index 8c562de..46abdc4 100644 --- a/debian/init +++ b/debian/init @@ -154,6 +154,11 @@ start_resolvconf() [ $interface = lo ] && return done +# Also skip this if DNS functionality is disabled in /etc/dnsmasq.conf + if grep -qs '^port=0' /etc/dnsmasq.conf; then + return + fi + if [ -x /sbin/resolvconf ] ; then echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.$NAME fi -- 2.7.4 ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] [PATCH] Add support for unique TFTP root per MAC
It is currently only possible to let the TFTP server serve a different folder depending on the client's IP address. However it isn't always possible to predict what the client's IP address will be, especially in situations in which we are not responsible for handing them out (e.g. proxy dhcp setups). Extend the current --tftp-unique-root parameter to support having a separate folder per MAC address instead. Signed-off-by: Floris Bos--- man/dnsmasq.8 | 16 ++-- src/dnsmasq.h | 5 +++-- src/option.c | 13 +++-- src/tftp.c| 34 +- 4 files changed, 57 insertions(+), 11 deletions(-) diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 index 05f800c..787c104 100644 --- a/man/dnsmasq.8 +++ b/man/dnsmasq.8 @@ -1814,12 +1814,16 @@ directory is only used for TFTP requests via that interface. .B --tftp-no-fail Do not abort startup if specified tftp root directories are inaccessible. .TP -.B --tftp-unique-root -Add the IP address of the TFTP client as a path component on the end -of the TFTP-root (in standard dotted-quad format). Only valid if a -tftp-root is set and the directory exists. For instance, if tftp-root is "/tftp" and client -1.2.3.4 requests file "myfile" then the effective path will be -"/tftp/1.2.3.4/myfile" if /tftp/1.2.3.4 exists or /tftp/myfile otherwise. +.B --tftp-unique-root[=ip|mac] +Add the IP or hardware address of the TFTP client as a path component on the end +of the TFTP-root. Only valid if a tftp-root is set and the directory exists. +Defaults to adding IP address (in standard dotted-quad format). +For instance, if tftp-root is "/tftp" and client 1.2.3.4 requests file "myfile" +then the effective path will be "/tftp/1.2.3.4/myfile" if /tftp/1.2.3.4 exists or /tftp/myfile otherwise. +When "=mac" is specified it will append the MAC address instead, using lowercase zero padded digits +separated by dashes, e.g.: 01-02-03-04-aa-bb +Note that resolving MAC addresses is only possible if the client is in the local network or obtained +a DHCP lease from us. .TP .B --tftp-secure Enable TFTP secure mode: without this, any file which is readable by diff --git a/src/dnsmasq.h b/src/dnsmasq.h index 40f249f..25e4ad9 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h @@ -211,7 +211,7 @@ struct event_desc { #define OPT_TFTP_SECURE26 #define OPT_TFTP_NOBLOCK 27 #define OPT_LOG_OPTS 28 -#define OPT_TFTP_APREF 29 +#define OPT_TFTP_APREF_IP 29 #define OPT_NO_OVERRIDE30 #define OPT_NO_REBIND 31 #define OPT_ADD_MAC32 @@ -238,7 +238,8 @@ struct event_desc { #define OPT_SCRIPT_ARP 53 #define OPT_MAC_B6454 #define OPT_MAC_HEX55 -#define OPT_LAST 56 +#define OPT_TFTP_APREF_MAC 56 +#define OPT_LAST 57 /* extra flags for my_syslog, we use a couple of facilities since they are known not to occupy the same bits as priorities, no matter how syslog.h is set up. */ diff --git a/src/option.c b/src/option.c index 12350cb..00e1d44 100644 --- a/src/option.c +++ b/src/option.c @@ -243,7 +243,7 @@ static const struct myoption opts[] = { "enable-tftp", 2, 0, LOPT_TFTP }, { "tftp-secure", 0, 0, LOPT_SECURE }, { "tftp-no-fail", 0, 0, LOPT_TFTP_NO_FAIL }, -{ "tftp-unique-root", 0, 0, LOPT_APREF }, +{ "tftp-unique-root", 2, 0, LOPT_APREF }, { "tftp-root", 1, 0, LOPT_PREFIX }, { "tftp-max", 1, 0, LOPT_TFTP_MAX }, { "tftp-mtu", 1, 0, LOPT_TFTP_MTU }, @@ -432,7 +432,7 @@ static struct { { LOPT_OVERRIDE, OPT_NO_OVERRIDE, NULL, gettext_noop("Do NOT reuse filename and server fields for extra DHCP options."), NULL }, { LOPT_TFTP, ARG_DUP, "[=[,]]", gettext_noop("Enable integrated read-only TFTP server."), NULL }, { LOPT_PREFIX, ARG_DUP, "[,]", gettext_noop("Export files by TFTP only from the specified subtree."), NULL }, - { LOPT_APREF, OPT_TFTP_APREF, NULL, gettext_noop("Add client IP address to tftp-root."), NULL }, + { LOPT_APREF, ARG_DUP, "[=ip|mac]", gettext_noop("Add client IP or hardware address to tftp-root."), NULL }, { LOPT_SECURE, OPT_TFTP_SECURE, NULL, gettext_noop("Allow access only to files owned by the user running dnsmasq."), NULL }, { LOPT_TFTP_NO_FAIL, OPT_TFTP_NO_FAIL, NULL, gettext_noop("Do not terminate the service if TFTP directories are inaccessible."), NULL }, { LOPT_TFTP_MAX, ARG_ONE, "", gettext_noop("Maximum number of concurrent TFTP transfers (defaults to %s)."), "#" }, @@ -2720,6 +2720,15 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma } break; + +case LOPT_APREF: /* --tftp-unique-root */ + if (!arg || strcasecmp(arg, "ip") == 0) +set_option_bool(OPT_TFTP_APREF_IP); + else if (strcasecmp(arg, "mac") == 0) +set_option_bool(OPT_TFTP_APREF_MAC); + else +ret_err(gen_err); + break; #endif case LOPT_BRIDGE: /* --bridge-interface */ diff --git
Re: [Dnsmasq-discuss] About UEFI PXE booting in proxy mode
Hi Doug, Thanks. Simon mentioned to me: This is complicated and horrible (to implement the mechanism). Therefore for the moment, no any solution for using "pxe-service" for both uEFI network booting and PXE in proxy mode I believe. Steven On 2017/04/01 12:39, Doug Brown wrote: > HI Steven, > > No -- because of grub's current inability to detect a proxy boot with > UEFI, I don't think it's possible to get a proxy configuration to boot > UEFI computers with grub, unless you play around with grub-mkstandalone > to embed grub.cfg into grub.efi. I haven't had the time to play around > with trying to make that configuration work. > > Doug > > > On 3/31/2017 12:45 AM, Steven Shiau wrote: >> Hi Doug, >> >> Thanks. However, what you mentioned is not in the proxy mode. Have you >> successfully enable the proxy (relay) mode and it works for uEFI >> network booting? >> >> Thanks. >> >> Steven >> >> >> On 3/30/2017 PM 12:13, Doug Brown wrote: >>> Hi Steven, >>> >>> If I find some free time, I might try tracing through the code to figure >>> out why dnsmasq is throwing out the DHCP packets on port 4011 in the EFI >>> + PXE configuration without a proxy. In the meantime, here is the >>> configuration that works for me with dhcp-boot (assuming my dnsmasq >>> server's IP address is 192.168.1.1): >>> >>> port=0 >>> log-dhcp >>> enable-tftp >>> tftp-root=/tftpboot >>> dhcp-no-override >>> dhcp-vendorclass=BIOS,PXEClient:Arch:0 >>> dhcp-vendorclass=UEFI,PXEClient:Arch:7 >>> dhcp-vendorclass=UEFI64,PXEClient:Arch:9 >>> dhcp-boot=pxelinux.0,,192.168.1.1 >>> dhcp-boot=net:UEFI,shim.efi,,192.168.1.1 >>> dhcp-boot=net:UEFI64,shim.efi,,192.168.1.1 >>> dhcp-range=ens33,192.168.1.50,192.168.1.99,10h >>> >>> In this example, I'm using shim-signed (named as shim.efi) and >>> grubnetx64.efi.signed (named as grubx64.efi) from Ubuntu, and it should >>> properly boot a UEFI computer even if it has Secure Boot enabled. Shim >>> downloads grubx64.efi, which then downloads grub.cfg. >>> >>> Hope this helps! >>> Doug >>> >>> >>> On 3/28/2017 11:46 PM, Steven Shiau wrote: Hi Doug, Thanks for your explanation. Simon also emailed me after my post and let me know where the problem is. The conclusion is this issue seems not be easily fixed. So the patch for grub will be applied after grub 2.02. Before that, could you please show me the configuration file you confirmed it will work by using dhcp-boot strategy? Thank you very much. Steven On 3/27/2017 AM 11:29, Doug Brown wrote: > Hi Simon and Steven, > > I just found this recent thread while I was Googling for the exact > same problem (UEFI clients won't boot in PXE mode, but BIOS clients > will) and there was never any conclusion reached. I'm running into > the exact same problem, and I can provide a pcap dump, which I have > attached to this message. After the initial DHCP exchange, it shows > four DHCP packets on port 4011 sent from the client which seem to be > ignored by dnsmasq. Here is the configuration I am using with dnsmasq > 2.76, based on Steven's original third example: > > port=0 > log-dhcp > dhcp-no-override > enable-tftp > tftp-root=/tftpboot > dhcp-range=ens33,192.168.7.100,192.168.7.200,10h > pxe-service=X86PC, "Boot BIOS PXE", pxelinux.0 > pxe-service=BC_EFI, "Boot UEFI BC", grubx64.efi > pxe-service=X86-64_EFI, "Boot UEFI X86-64", grubx64.efi > > If I switch to using the dhcp-boot strategy, everything works great > on both BIOS and UEFI. But the above configuration using PXE doesn't > seem to work properly with UEFI clients for some reason, and it seems > to be a dnsmasq issue. It does work fine with BIOS clients though. > > I think I can answer Steven's earlier question as to why proxy PXE > (example config #4) doesn't work with UEFI. The problem in that case > is not due to dnsmasq at all -- it's correctly sending grub to the > client. The problem is that grub doesn't know how to detect that it > was loaded from a DHCP proxy, so it won't know where to download > grub.cfg. Shim, which you can use as a first stage bootloader to load > grub if you need to support Secure Boot, has the exact same problem. > It only knows how to look at the original DHCP ack's boot info. The > UEFI environment provides info about the proxy offer, but grub and > shim don't look at it. See the following thread where a patch was > submitted for grub: > > https://lists.gnu.org/archive/html/grub-devel/2016-04/msg00051.html > > I think it's probably possible to work around the proxy problem by > using grub-mkstandalone to create a version of grub.efi that has an > embedded intermediate grub.cfg that is coded to download the real > grub.cfg from your server, as long as you don't need Secure Boot > support. > > Either way, I still think