Re: [Dnsmasq-discuss] About UEFI PXE booting in proxy mode
Hi Doug, Thanks. Simon mentioned to me: This is complicated and horrible (to implement the mechanism). Therefore for the moment, no any solution for using "pxe-service" for both uEFI network booting and PXE in proxy mode I believe. Steven On 2017/04/01 12:39, Doug Brown wrote: > HI Steven, > > No -- because of grub's current inability to detect a proxy boot with > UEFI, I don't think it's possible to get a proxy configuration to boot > UEFI computers with grub, unless you play around with grub-mkstandalone > to embed grub.cfg into grub.efi. I haven't had the time to play around > with trying to make that configuration work. > > Doug > > > On 3/31/2017 12:45 AM, Steven Shiau wrote: >> Hi Doug, >> >> Thanks. However, what you mentioned is not in the proxy mode. Have you >> successfully enable the proxy (relay) mode and it works for uEFI >> network booting? >> >> Thanks. >> >> Steven >> >> >> On 3/30/2017 PM 12:13, Doug Brown wrote: >>> Hi Steven, >>> >>> If I find some free time, I might try tracing through the code to figure >>> out why dnsmasq is throwing out the DHCP packets on port 4011 in the EFI >>> + PXE configuration without a proxy. In the meantime, here is the >>> configuration that works for me with dhcp-boot (assuming my dnsmasq >>> server's IP address is 192.168.1.1): >>> >>> port=0 >>> log-dhcp >>> enable-tftp >>> tftp-root=/tftpboot >>> dhcp-no-override >>> dhcp-vendorclass=BIOS,PXEClient:Arch:0 >>> dhcp-vendorclass=UEFI,PXEClient:Arch:7 >>> dhcp-vendorclass=UEFI64,PXEClient:Arch:9 >>> dhcp-boot=pxelinux.0,,192.168.1.1 >>> dhcp-boot=net:UEFI,shim.efi,,192.168.1.1 >>> dhcp-boot=net:UEFI64,shim.efi,,192.168.1.1 >>> dhcp-range=ens33,192.168.1.50,192.168.1.99,10h >>> >>> In this example, I'm using shim-signed (named as shim.efi) and >>> grubnetx64.efi.signed (named as grubx64.efi) from Ubuntu, and it should >>> properly boot a UEFI computer even if it has Secure Boot enabled. Shim >>> downloads grubx64.efi, which then downloads grub.cfg. >>> >>> Hope this helps! >>> Doug >>> >>> >>> On 3/28/2017 11:46 PM, Steven Shiau wrote: Hi Doug, Thanks for your explanation. Simon also emailed me after my post and let me know where the problem is. The conclusion is this issue seems not be easily fixed. So the patch for grub will be applied after grub 2.02. Before that, could you please show me the configuration file you confirmed it will work by using dhcp-boot strategy? Thank you very much. Steven On 3/27/2017 AM 11:29, Doug Brown wrote: > Hi Simon and Steven, > > I just found this recent thread while I was Googling for the exact > same problem (UEFI clients won't boot in PXE mode, but BIOS clients > will) and there was never any conclusion reached. I'm running into > the exact same problem, and I can provide a pcap dump, which I have > attached to this message. After the initial DHCP exchange, it shows > four DHCP packets on port 4011 sent from the client which seem to be > ignored by dnsmasq. Here is the configuration I am using with dnsmasq > 2.76, based on Steven's original third example: > > port=0 > log-dhcp > dhcp-no-override > enable-tftp > tftp-root=/tftpboot > dhcp-range=ens33,192.168.7.100,192.168.7.200,10h > pxe-service=X86PC, "Boot BIOS PXE", pxelinux.0 > pxe-service=BC_EFI, "Boot UEFI BC", grubx64.efi > pxe-service=X86-64_EFI, "Boot UEFI X86-64", grubx64.efi > > If I switch to using the dhcp-boot strategy, everything works great > on both BIOS and UEFI. But the above configuration using PXE doesn't > seem to work properly with UEFI clients for some reason, and it seems > to be a dnsmasq issue. It does work fine with BIOS clients though. > > I think I can answer Steven's earlier question as to why proxy PXE > (example config #4) doesn't work with UEFI. The problem in that case > is not due to dnsmasq at all -- it's correctly sending grub to the > client. The problem is that grub doesn't know how to detect that it > was loaded from a DHCP proxy, so it won't know where to download > grub.cfg. Shim, which you can use as a first stage bootloader to load > grub if you need to support Secure Boot, has the exact same problem. > It only knows how to look at the original DHCP ack's boot info. The > UEFI environment provides info about the proxy offer, but grub and > shim don't look at it. See the following thread where a patch was > submitted for grub: > > https://lists.gnu.org/archive/html/grub-devel/2016-04/msg00051.html > > I think it's probably possible to work around the proxy problem by > using grub-mkstandalone to create a version of grub.efi that has an > embedded intermediate grub.cfg that is coded to download the real > grub.cfg from your server, as long as you don't need Secure Boot > support. > > Either way, I still think
Re: [Dnsmasq-discuss] About UEFI PXE booting in proxy mode
HI Steven, No -- because of grub's current inability to detect a proxy boot with UEFI, I don't think it's possible to get a proxy configuration to boot UEFI computers with grub, unless you play around with grub-mkstandalone to embed grub.cfg into grub.efi. I haven't had the time to play around with trying to make that configuration work. Doug On 3/31/2017 12:45 AM, Steven Shiau wrote: > Hi Doug, > > Thanks. However, what you mentioned is not in the proxy mode. Have you > successfully enable the proxy (relay) mode and it works for uEFI > network booting? > > Thanks. > > Steven > > > On 3/30/2017 PM 12:13, Doug Brown wrote: >> Hi Steven, >> >> If I find some free time, I might try tracing through the code to figure >> out why dnsmasq is throwing out the DHCP packets on port 4011 in the EFI >> + PXE configuration without a proxy. In the meantime, here is the >> configuration that works for me with dhcp-boot (assuming my dnsmasq >> server's IP address is 192.168.1.1): >> >> port=0 >> log-dhcp >> enable-tftp >> tftp-root=/tftpboot >> dhcp-no-override >> dhcp-vendorclass=BIOS,PXEClient:Arch:0 >> dhcp-vendorclass=UEFI,PXEClient:Arch:7 >> dhcp-vendorclass=UEFI64,PXEClient:Arch:9 >> dhcp-boot=pxelinux.0,,192.168.1.1 >> dhcp-boot=net:UEFI,shim.efi,,192.168.1.1 >> dhcp-boot=net:UEFI64,shim.efi,,192.168.1.1 >> dhcp-range=ens33,192.168.1.50,192.168.1.99,10h >> >> In this example, I'm using shim-signed (named as shim.efi) and >> grubnetx64.efi.signed (named as grubx64.efi) from Ubuntu, and it should >> properly boot a UEFI computer even if it has Secure Boot enabled. Shim >> downloads grubx64.efi, which then downloads grub.cfg. >> >> Hope this helps! >> Doug >> >> >> On 3/28/2017 11:46 PM, Steven Shiau wrote: >>> Hi Doug, >>> >>> Thanks for your explanation. Simon also emailed me after my post and >>> let me know where the problem is. The conclusion is this issue seems >>> not be easily fixed. >>> So the patch for grub will be applied after grub 2.02. Before that, >>> could you please show me the configuration file you confirmed it will >>> work by using dhcp-boot strategy? >>> Thank you very much. >>> >>> Steven >>> >>> >>> On 3/27/2017 AM 11:29, Doug Brown wrote: Hi Simon and Steven, I just found this recent thread while I was Googling for the exact same problem (UEFI clients won't boot in PXE mode, but BIOS clients will) and there was never any conclusion reached. I'm running into the exact same problem, and I can provide a pcap dump, which I have attached to this message. After the initial DHCP exchange, it shows four DHCP packets on port 4011 sent from the client which seem to be ignored by dnsmasq. Here is the configuration I am using with dnsmasq 2.76, based on Steven's original third example: port=0 log-dhcp dhcp-no-override enable-tftp tftp-root=/tftpboot dhcp-range=ens33,192.168.7.100,192.168.7.200,10h pxe-service=X86PC, "Boot BIOS PXE", pxelinux.0 pxe-service=BC_EFI, "Boot UEFI BC", grubx64.efi pxe-service=X86-64_EFI, "Boot UEFI X86-64", grubx64.efi If I switch to using the dhcp-boot strategy, everything works great on both BIOS and UEFI. But the above configuration using PXE doesn't seem to work properly with UEFI clients for some reason, and it seems to be a dnsmasq issue. It does work fine with BIOS clients though. I think I can answer Steven's earlier question as to why proxy PXE (example config #4) doesn't work with UEFI. The problem in that case is not due to dnsmasq at all -- it's correctly sending grub to the client. The problem is that grub doesn't know how to detect that it was loaded from a DHCP proxy, so it won't know where to download grub.cfg. Shim, which you can use as a first stage bootloader to load grub if you need to support Secure Boot, has the exact same problem. It only knows how to look at the original DHCP ack's boot info. The UEFI environment provides info about the proxy offer, but grub and shim don't look at it. See the following thread where a patch was submitted for grub: https://lists.gnu.org/archive/html/grub-devel/2016-04/msg00051.html I think it's probably possible to work around the proxy problem by using grub-mkstandalone to create a version of grub.efi that has an embedded intermediate grub.cfg that is coded to download the real grub.cfg from your server, as long as you don't need Secure Boot support. Either way, I still think there's something wrong with dnsmasq's PXE support because the example config above (non-proxy) doesn't work with any UEFI clients that I have tested, as shown by the pcap dump attached. Any ideas? Thanks, Doug On 1/26/2017 11:16 AM, Simon Kelley wrote: > There's no DHCP traffic in that capture. It appears to all be ssh. > > Wrong interface? > >
Re: [Dnsmasq-discuss] About UEFI PXE booting in proxy mode
Hi Steven, If I find some free time, I might try tracing through the code to figure out why dnsmasq is throwing out the DHCP packets on port 4011 in the EFI + PXE configuration without a proxy. In the meantime, here is the configuration that works for me with dhcp-boot (assuming my dnsmasq server's IP address is 192.168.1.1): port=0 log-dhcp enable-tftp tftp-root=/tftpboot dhcp-no-override dhcp-vendorclass=BIOS,PXEClient:Arch:0 dhcp-vendorclass=UEFI,PXEClient:Arch:7 dhcp-vendorclass=UEFI64,PXEClient:Arch:9 dhcp-boot=pxelinux.0,,192.168.1.1 dhcp-boot=net:UEFI,shim.efi,,192.168.1.1 dhcp-boot=net:UEFI64,shim.efi,,192.168.1.1 dhcp-range=ens33,192.168.1.50,192.168.1.99,10h In this example, I'm using shim-signed (named as shim.efi) and grubnetx64.efi.signed (named as grubx64.efi) from Ubuntu, and it should properly boot a UEFI computer even if it has Secure Boot enabled. Shim downloads grubx64.efi, which then downloads grub.cfg. Hope this helps! Doug On 3/28/2017 11:46 PM, Steven Shiau wrote: > Hi Doug, > > Thanks for your explanation. Simon also emailed me after my post and > let me know where the problem is. The conclusion is this issue seems > not be easily fixed. > So the patch for grub will be applied after grub 2.02. Before that, > could you please show me the configuration file you confirmed it will > work by using dhcp-boot strategy? > Thank you very much. > > Steven > > > On 3/27/2017 AM 11:29, Doug Brown wrote: >> Hi Simon and Steven, >> >> I just found this recent thread while I was Googling for the exact >> same problem (UEFI clients won't boot in PXE mode, but BIOS clients >> will) and there was never any conclusion reached. I'm running into >> the exact same problem, and I can provide a pcap dump, which I have >> attached to this message. After the initial DHCP exchange, it shows >> four DHCP packets on port 4011 sent from the client which seem to be >> ignored by dnsmasq. Here is the configuration I am using with dnsmasq >> 2.76, based on Steven's original third example: >> >> port=0 >> log-dhcp >> dhcp-no-override >> enable-tftp >> tftp-root=/tftpboot >> dhcp-range=ens33,192.168.7.100,192.168.7.200,10h >> pxe-service=X86PC, "Boot BIOS PXE", pxelinux.0 >> pxe-service=BC_EFI, "Boot UEFI BC", grubx64.efi >> pxe-service=X86-64_EFI, "Boot UEFI X86-64", grubx64.efi >> >> If I switch to using the dhcp-boot strategy, everything works great >> on both BIOS and UEFI. But the above configuration using PXE doesn't >> seem to work properly with UEFI clients for some reason, and it seems >> to be a dnsmasq issue. It does work fine with BIOS clients though. >> >> I think I can answer Steven's earlier question as to why proxy PXE >> (example config #4) doesn't work with UEFI. The problem in that case >> is not due to dnsmasq at all -- it's correctly sending grub to the >> client. The problem is that grub doesn't know how to detect that it >> was loaded from a DHCP proxy, so it won't know where to download >> grub.cfg. Shim, which you can use as a first stage bootloader to load >> grub if you need to support Secure Boot, has the exact same problem. >> It only knows how to look at the original DHCP ack's boot info. The >> UEFI environment provides info about the proxy offer, but grub and >> shim don't look at it. See the following thread where a patch was >> submitted for grub: >> >> https://lists.gnu.org/archive/html/grub-devel/2016-04/msg00051.html >> >> I think it's probably possible to work around the proxy problem by >> using grub-mkstandalone to create a version of grub.efi that has an >> embedded intermediate grub.cfg that is coded to download the real >> grub.cfg from your server, as long as you don't need Secure Boot >> support. >> >> Either way, I still think there's something wrong with dnsmasq's PXE >> support because the example config above (non-proxy) doesn't work >> with any UEFI clients that I have tested, as shown by the pcap dump >> attached. Any ideas? >> >> Thanks, >> Doug >> >> On 1/26/2017 11:16 AM, Simon Kelley wrote: >>> There's no DHCP traffic in that capture. It appears to all be ssh. >>> >>> Wrong interface? >>> >>> >>> Cheers, >>> >>> Simon. >>> >>> >>> On 24/01/17 08:50, Steven Shiau wrote: >>> > Hi Simon, >>> >>> > Attached please find the dump file of the command "tcpdump -s 0 -w >>> > capturefile". Let me know if you need more info. Thank you very >>> > much. >>> >>> > Steven >>> >>> >>> > On 1/24/2017 AM 05:25, Simon Kelley wrote: Thanks for the reply. >>> > Please could you repeat the tcpdump using the command >>> >>> > tcpdump -s 0 -w capturefile >>> >>> > and send me the resulting file? That has far more information than >>> > tcpdump prints. >>> >>> >>> > Cheers, >>> >>> > Simon. >>> >>> > On 20/01/17 08:39, Steven Shiau wrote: >>> Hi Simon, >>> >>> Thanks for your reply. I am answering you in the following. >>> >>> On 2017/01/20 06:47, Simon Kelley wrote: >>> > Your example 3 - I'm confused why that shouldn't work - the >>>
Re: [Dnsmasq-discuss] About UEFI PXE booting in proxy mode
Hi Doug, Thanks for your explanation. Simon also emailed me after my post and let me know where the problem is. The conclusion is this issue seems not be easily fixed. So the patch for grub will be applied after grub 2.02. Before that, could you please show me the configuration file you confirmed it will work by using dhcp-boot strategy? Thank you very much. Steven On 3/27/2017 AM 11:29, Doug Brown wrote: Hi Simon and Steven, I just found this recent thread while I was Googling for the exact same problem (UEFI clients won't boot in PXE mode, but BIOS clients will) and there was never any conclusion reached. I'm running into the exact same problem, and I can provide a pcap dump, which I have attached to this message. After the initial DHCP exchange, it shows four DHCP packets on port 4011 sent from the client which seem to be ignored by dnsmasq. Here is the configuration I am using with dnsmasq 2.76, based on Steven's original third example: port=0 log-dhcp dhcp-no-override enable-tftp tftp-root=/tftpboot dhcp-range=ens33,192.168.7.100,192.168.7.200,10h pxe-service=X86PC, "Boot BIOS PXE", pxelinux.0 pxe-service=BC_EFI, "Boot UEFI BC", grubx64.efi pxe-service=X86-64_EFI, "Boot UEFI X86-64", grubx64.efi If I switch to using the dhcp-boot strategy, everything works great on both BIOS and UEFI. But the above configuration using PXE doesn't seem to work properly with UEFI clients for some reason, and it seems to be a dnsmasq issue. It does work fine with BIOS clients though. I think I can answer Steven's earlier question as to why proxy PXE (example config #4) doesn't work with UEFI. The problem in that case is not due to dnsmasq at all -- it's correctly sending grub to the client. The problem is that grub doesn't know how to detect that it was loaded from a DHCP proxy, so it won't know where to download grub.cfg. Shim, which you can use as a first stage bootloader to load grub if you need to support Secure Boot, has the exact same problem. It only knows how to look at the original DHCP ack's boot info. The UEFI environment provides info about the proxy offer, but grub and shim don't look at it. See the following thread where a patch was submitted for grub: https://lists.gnu.org/archive/html/grub-devel/2016-04/msg00051.html I think it's probably possible to work around the proxy problem by using grub-mkstandalone to create a version of grub.efi that has an embedded intermediate grub.cfg that is coded to download the real grub.cfg from your server, as long as you don't need Secure Boot support. Either way, I still think there's something wrong with dnsmasq's PXE support because the example config above (non-proxy) doesn't work with any UEFI clients that I have tested, as shown by the pcap dump attached. Any ideas? Thanks, Doug On 1/26/2017 11:16 AM, Simon Kelley wrote: There's no DHCP traffic in that capture. It appears to all be ssh. Wrong interface? Cheers, Simon. On 24/01/17 08:50, Steven Shiau wrote: > Hi Simon, > Attached please find the dump file of the command "tcpdump -s 0 -w > capturefile". Let me know if you need more info. Thank you very > much. > Steven > On 1/24/2017 AM 05:25, Simon Kelley wrote: Thanks for the reply. > Please could you repeat the tcpdump using the command > tcpdump -s 0 -w capturefile > and send me the resulting file? That has far more information than > tcpdump prints. > Cheers, > Simon. > On 20/01/17 08:39, Steven Shiau wrote: Hi Simon, Thanks for your reply. I am answering you in the following. On 2017/01/20 06:47, Simon Kelley wrote: > Your example 3 - I'm confused why that shouldn't work - the > PXE client seems to be making further requests which are > bring ignored. Would it be possible for you to get a packet > dump of that exchange using tcpdump? $ sudo tcpdump -ni ens38 'udp port 67 and udp port 68' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens38, link-type EN10MB (Ethernet), capture size 262144 bytes 16:18:33.208355 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:1d:9a:d1, length 347 16:18:36.205647 IP 192.168.22.254.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 341 16:18:36.385548 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:1d:9a:d1, length 359 16:18:36.386212 IP 192.168.22.254.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 341 ^C 4 packets captured 4 packets received by filter 0 packets dropped by kernel > Example 4 looks quite hopeful - the client is > succerssfully downloading the bootx64.efi file (ignore the > error before, that's just testing for the existance of the > file. > > Can you see what's displayed on the client system at this > point? It's blank screen due to the background_image for grub is not downloaded, and in the end the grub shows no
Re: [Dnsmasq-discuss] About UEFI PXE booting in proxy mode
Hi Simon and Steven, I just found this recent thread while I was Googling for the exact same problem (UEFI clients won't boot in PXE mode, but BIOS clients will) and there was never any conclusion reached. I'm running into the exact same problem, and I can provide a pcap dump, which I have attached to this message. After the initial DHCP exchange, it shows four DHCP packets on port 4011 sent from the client which seem to be ignored by dnsmasq. Here is the configuration I am using with dnsmasq 2.76, based on Steven's original third example: port=0 log-dhcp dhcp-no-override enable-tftp tftp-root=/tftpboot dhcp-range=ens33,192.168.7.100,192.168.7.200,10h pxe-service=X86PC, "Boot BIOS PXE", pxelinux.0 pxe-service=BC_EFI, "Boot UEFI BC", grubx64.efi pxe-service=X86-64_EFI, "Boot UEFI X86-64", grubx64.efi If I switch to using the dhcp-boot strategy, everything works great on both BIOS and UEFI. But the above configuration using PXE doesn't seem to work properly with UEFI clients for some reason, and it seems to be a dnsmasq issue. It does work fine with BIOS clients though. I think I can answer Steven's earlier question as to why proxy PXE (example config #4) doesn't work with UEFI. The problem in that case is not due to dnsmasq at all -- it's correctly sending grub to the client. The problem is that grub doesn't know how to detect that it was loaded from a DHCP proxy, so it won't know where to download grub.cfg. Shim, which you can use as a first stage bootloader to load grub if you need to support Secure Boot, has the exact same problem. It only knows how to look at the original DHCP ack's boot info. The UEFI environment provides info about the proxy offer, but grub and shim don't look at it. See the following thread where a patch was submitted for grub: https://lists.gnu.org/archive/html/grub-devel/2016-04/msg00051.html I think it's probably possible to work around the proxy problem by using grub-mkstandalone to create a version of grub.efi that has an embedded intermediate grub.cfg that is coded to download the real grub.cfg from your server, as long as you don't need Secure Boot support. Either way, I still think there's something wrong with dnsmasq's PXE support because the example config above (non-proxy) doesn't work with any UEFI clients that I have tested, as shown by the pcap dump attached. Any ideas? Thanks, Doug On 1/26/2017 11:16 AM, Simon Kelley wrote: > There's no DHCP traffic in that capture. It appears to all be ssh. > > Wrong interface? > > > Cheers, > > Simon. > > > On 24/01/17 08:50, Steven Shiau wrote: > > Hi Simon, > > > Attached please find the dump file of the command "tcpdump -s 0 -w > > capturefile". Let me know if you need more info. Thank you very > > much. > > > Steven > > > > On 1/24/2017 AM 05:25, Simon Kelley wrote: Thanks for the reply. > > Please could you repeat the tcpdump using the command > > > tcpdump -s 0 -w capturefile > > > and send me the resulting file? That has far more information than > > tcpdump prints. > > > > Cheers, > > > Simon. > > > On 20/01/17 08:39, Steven Shiau wrote: > Hi Simon, > > Thanks for your reply. I am answering you in the following. > > On 2017/01/20 06:47, Simon Kelley wrote: > > Your example 3 - I'm confused why that shouldn't work - the > > PXE client seems to be making further requests which are > > bring ignored. Would it be possible for you to get a packet > > dump of that exchange using tcpdump? > $ sudo tcpdump -ni ens38 'udp port 67 and udp port 68' > tcpdump: verbose output suppressed, use -v or -vv for full > protocol decode listening on ens38, link-type EN10MB > (Ethernet), capture size 262144 bytes 16:18:33.208355 IP > 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from > 00:0c:29:1d:9a:d1, length 347 16:18:36.205647 IP > 192.168.22.254.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, > length 341 16:18:36.385548 IP 0.0.0.0.68 > > 255.255.255.255.67: BOOTP/DHCP, Request from > 00:0c:29:1d:9a:d1, length 359 16:18:36.386212 IP > 192.168.22.254.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, > length 341 ^C 4 packets captured 4 packets received by filter > 0 packets dropped by kernel > > > Example 4 looks quite hopeful - the client is > > succerssfully downloading the bootx64.efi file (ignore the > > error before, that's just testing for the existance of the > > file. > > > > Can you see what's displayed on the client system at this > > point? > It's blank screen due to the background_image for grub is > not downloaded, and in the end the grub shows no grub.cfg > error, as attached. That format is from the grub prefix we > added by: === set > prefix=(tftp)/grub-efi.cfg echo "Grub CPU and platform: > \$grub_cpu, \$grub_platform" echo 'Network status: ' > net_ls_cards net_ls_addr net_ls_routes > > tr --set
Re: [Dnsmasq-discuss] About UEFI PXE booting in proxy mode
Hi Simon, Attached please find the dump file of the command "tcpdump -s 0 -w capturefile". Let me know if you need more info. Thank you very much. Steven On 1/24/2017 AM 05:25, Simon Kelley wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thanks for the reply. Please could you repeat the tcpdump using the command tcpdump -s 0 -w capturefile and send me the resulting file? That has far more information than tcpdump prints. Cheers, Simon. On 20/01/17 08:39, Steven Shiau wrote: Hi Simon, Thanks for your reply. I am answering you in the following. On 2017/01/20 06:47, Simon Kelley wrote: Your example 3 - I'm confused why that shouldn't work - the PXE client seems to be making further requests which are bring ignored. Would it be possible for you to get a packet dump of that exchange using tcpdump? $ sudo tcpdump -ni ens38 'udp port 67 and udp port 68' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens38, link-type EN10MB (Ethernet), capture size 262144 bytes 16:18:33.208355 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:1d:9a:d1, length 347 16:18:36.205647 IP 192.168.22.254.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 341 16:18:36.385548 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:1d:9a:d1, length 359 16:18:36.386212 IP 192.168.22.254.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 341 ^C 4 packets captured 4 packets received by filter 0 packets dropped by kernel Example 4 looks quite hopeful - the client is succerssfully downloading the bootx64.efi file (ignore the error before, that's just testing for the existance of the file. Can you see what's displayed on the client system at this point? It's blank screen due to the background_image for grub is not downloaded, and in the end the grub shows no grub.cfg error, as attached. That format is from the grub prefix we added by: === set prefix=(tftp)/grub-efi.cfg echo "Grub CPU and platform: \$grub_cpu, \$grub_platform" echo 'Network status: ' net_ls_cards net_ls_addr net_ls_routes tr --set pretty_mac x: x- \$net_default_mac echo "Loading config file \$prefix/grub.cfg-01-\$pretty_mac..." configfile \$prefix/grub.cfg-01-\$pretty_mac echo "Loading config file \$prefix/grub.cfg-\$net_default_ip..." configfile \$prefix/grub.cfg-\$net_default_ip echo "Loading config file: \$prefix/grub.cfg" configfile \$prefix/grub.cfg echo "Could not find config file \$prefix/grub.cfg-\$pretty_mac, \$prefix/grub.cfg-\$net_default_ip or \$prefix/grub.cfg!" sleep 15 === This is exactly the same problem as mentioned here: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q4/010931 .html i.e., only grub efi is downloaded, while the rest of required files are not downloaded. As I mentioned for comparison, for non-proxy mode with same configuration, it works well. Thanks again. Steven ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCAAGBQJYhnTjAAoJEBXN2mrhkTWiHX8QAJhjmt1VYRoJ3DuaA6f3s9o+ Tpoie2+4VgFHf3q/wQjq+miQ+da75+0sii9UAdjBtAAHDgLdyzPJSxCHU3neKYYF dY8ww789lJlUAyvmvKm7Pnv3psMWhy22WLxeJGFXPIz+DjpH+tatZ507ZTQ7946o nbTPdnfOO5ADF/Spuors6ioB+cmyZD9cPASSvMUQm7EwunBpAORB2S11ZRbeqSb/ 84EdzTTtWomq7oP4NtSV98SDo0sTH2MYQtF1ht4INlutQs/zOP6P7NuzdFFJLcb8 Bieq1FYWxK6x4FcTqNdw9SJJon/jRjoxhF3Lvovkwb/00RuQuJRHqHpw+laY6yNA MGS5LOIps/fIP42gxs7zftgqvfXVMfBLPUDRS3G+IwOZeteKvzNGwV0LrGFGKcZZ iRDRAIhWH8RImb6gSpt1YXNxyR6Or1m0IuqR+jvYPOjtmXBjRYupZ89B0FKHR9jv r2tJKSVq/uJa4ScW5R8ezGxaQB8iVFFj6CKDWeWEKxb4NxJUYrJ8RVb1IhAxZJUg 6EqXAZ/tvsIDRlveXk1nMqJ12pJlA68mnLzQ4Z5yarGTsoi6zlLecyhQkThp/LxP E4lGqyuJEamggwyLd0WUYH7TMqXimCd9Nyv36rurfDZOVbT3G/JaS980SkTbsjZ2 c6JPXEqLshQyjdbht/1b =msps -END PGP SIGNATURE- ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -- Steven Shiau Public Key Server PGP Key ID: 4096R/47CF935C Fingerprint: 0240 1FEB 695D 7112 62F0 8796 11C1 12DA 47CF 935C capturefile.gz Description: application/gzip ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] About UEFI PXE booting in proxy mode
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thanks for the reply. Please could you repeat the tcpdump using the command tcpdump -s 0 -w capturefile and send me the resulting file? That has far more information than tcpdump prints. Cheers, Simon. On 20/01/17 08:39, Steven Shiau wrote: > Hi Simon, > > Thanks for your reply. I am answering you in the following. > > On 2017/01/20 06:47, Simon Kelley wrote: >> Your example 3 - I'm confused why that shouldn't work - the PXE >> client seems to be making further requests which are bring >> ignored. Would it be possible for you to get a packet dump of >> that exchange using tcpdump? > $ sudo tcpdump -ni ens38 'udp port 67 and udp port 68' tcpdump: > verbose output suppressed, use -v or -vv for full protocol decode > listening on ens38, link-type EN10MB (Ethernet), capture size > 262144 bytes 16:18:33.208355 IP 0.0.0.0.68 > 255.255.255.255.67: > BOOTP/DHCP, Request from 00:0c:29:1d:9a:d1, length 347 > 16:18:36.205647 IP 192.168.22.254.67 > 255.255.255.255.68: > BOOTP/DHCP, Reply, length 341 16:18:36.385548 IP 0.0.0.0.68 > > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:1d:9a:d1, > length 359 16:18:36.386212 IP 192.168.22.254.67 > > 255.255.255.255.68: BOOTP/DHCP, Reply, length 341 ^C 4 packets > captured 4 packets received by filter 0 packets dropped by kernel > >> >> Example 4 looks quite hopeful - the client is succerssfully >> downloading the bootx64.efi file (ignore the error before, that's >> just testing for the existance of the file. >> >> Can you see what's displayed on the client system at this point? > It's blank screen due to the background_image for grub is not > downloaded, and in the end the grub shows no grub.cfg error, as > attached. That format is from the grub prefix we added by: > === set > prefix=(tftp)/grub-efi.cfg echo "Grub CPU and platform: \$grub_cpu, > \$grub_platform" echo 'Network status: ' net_ls_cards net_ls_addr > net_ls_routes > > tr --set pretty_mac x: x- \$net_default_mac > > echo "Loading config file \$prefix/grub.cfg-01-\$pretty_mac..." > configfile \$prefix/grub.cfg-01-\$pretty_mac > > echo "Loading config file \$prefix/grub.cfg-\$net_default_ip..." > configfile \$prefix/grub.cfg-\$net_default_ip > > echo "Loading config file: \$prefix/grub.cfg" configfile > \$prefix/grub.cfg > > echo "Could not find config file \$prefix/grub.cfg-\$pretty_mac, > \$prefix/grub.cfg-\$net_default_ip or \$prefix/grub.cfg!" sleep 15 > === This is exactly the same > problem as mentioned here: > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q4/010931 .html > > i.e., only grub efi is downloaded, while the rest of required files are > not downloaded. As I mentioned for comparison, for non-proxy mode > with same configuration, it works well. > > Thanks again. > > Steven > > > > ___ Dnsmasq-discuss > mailing list Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCAAGBQJYhnTjAAoJEBXN2mrhkTWiHX8QAJhjmt1VYRoJ3DuaA6f3s9o+ Tpoie2+4VgFHf3q/wQjq+miQ+da75+0sii9UAdjBtAAHDgLdyzPJSxCHU3neKYYF dY8ww789lJlUAyvmvKm7Pnv3psMWhy22WLxeJGFXPIz+DjpH+tatZ507ZTQ7946o nbTPdnfOO5ADF/Spuors6ioB+cmyZD9cPASSvMUQm7EwunBpAORB2S11ZRbeqSb/ 84EdzTTtWomq7oP4NtSV98SDo0sTH2MYQtF1ht4INlutQs/zOP6P7NuzdFFJLcb8 Bieq1FYWxK6x4FcTqNdw9SJJon/jRjoxhF3Lvovkwb/00RuQuJRHqHpw+laY6yNA MGS5LOIps/fIP42gxs7zftgqvfXVMfBLPUDRS3G+IwOZeteKvzNGwV0LrGFGKcZZ iRDRAIhWH8RImb6gSpt1YXNxyR6Or1m0IuqR+jvYPOjtmXBjRYupZ89B0FKHR9jv r2tJKSVq/uJa4ScW5R8ezGxaQB8iVFFj6CKDWeWEKxb4NxJUYrJ8RVb1IhAxZJUg 6EqXAZ/tvsIDRlveXk1nMqJ12pJlA68mnLzQ4Z5yarGTsoi6zlLecyhQkThp/LxP E4lGqyuJEamggwyLd0WUYH7TMqXimCd9Nyv36rurfDZOVbT3G/JaS980SkTbsjZ2 c6JPXEqLshQyjdbht/1b =msps -END PGP SIGNATURE- ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] About UEFI PXE booting in proxy mode
Hi Simon, Thanks for your reply. I am answering you in the following. On 2017/01/20 06:47, Simon Kelley wrote: > Your example 3 - I'm confused why that shouldn't work - the PXE client > seems to be making further requests which are bring ignored. Would it > be possible for you to get a packet dump of that exchange using tcpdump? $ sudo tcpdump -ni ens38 'udp port 67 and udp port 68' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens38, link-type EN10MB (Ethernet), capture size 262144 bytes 16:18:33.208355 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:1d:9a:d1, length 347 16:18:36.205647 IP 192.168.22.254.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 341 16:18:36.385548 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:1d:9a:d1, length 359 16:18:36.386212 IP 192.168.22.254.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 341 ^C 4 packets captured 4 packets received by filter 0 packets dropped by kernel > > Example 4 looks quite hopeful - the client is succerssfully > downloading the bootx64.efi file (ignore the error before, that's just > testing for the existance of the file. > > Can you see what's displayed on the client system at this point? It's blank screen due to the background_image for grub is not downloaded, and in the end the grub shows no grub.cfg error, as attached. That format is from the grub prefix we added by: === set prefix=(tftp)/grub-efi.cfg echo "Grub CPU and platform: \$grub_cpu, \$grub_platform" echo 'Network status: ' net_ls_cards net_ls_addr net_ls_routes tr --set pretty_mac x: x- \$net_default_mac echo "Loading config file \$prefix/grub.cfg-01-\$pretty_mac..." configfile \$prefix/grub.cfg-01-\$pretty_mac echo "Loading config file \$prefix/grub.cfg-\$net_default_ip..." configfile \$prefix/grub.cfg-\$net_default_ip echo "Loading config file: \$prefix/grub.cfg" configfile \$prefix/grub.cfg echo "Could not find config file \$prefix/grub.cfg-\$pretty_mac, \$prefix/grub.cfg-\$net_default_ip or \$prefix/grub.cfg!" sleep 15 === This is exactly the same problem as mentioned here: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q4/010931.html i.e., only grub efi is downloaded, while the rest of required files are not downloaded. As I mentioned for comparison, for non-proxy mode with same configuration, it works well. Thanks again. Steven -- Steven Shiau Public Key Server PGP Key ID: 4096R/47CF935C Fingerprint: 0240 1FEB 695D 7112 62F0 8796 11C1 12DA 47CF 935C ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] About UEFI PXE booting in proxy mode
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Below is the reply I sent to your original mail to me. The reply bounced, seemingly due to a misconfiguration of the MX record for your domain. Hopefully this will get to you via the list. Simon. - - -- I can shed some light on this, but not give you a complete answer. Firstly, your 2-not-working example fails because it's not using PXE. PXE clients do sensible things when the "bootfile name" is set in DHCP replies, which is what dhcp-boot does, but this isn't the complete PXE protocol. Hence example one works. That trick doesn't work for PXE-proxy, since you need the PXE protocol to do proxy. Any configuration without pxe-service enabled will never work for PXE proxy. That explains config 2. Your example 3 - I'm confused why that shouldn't work - the PXE client seems to be making further requests which are bring ignored. Would it be possible for you to get a packet dump of that exchange using tcpdump? Example 4 looks quite hopeful - the client is succerssfully downloading the bootx64.efi file (ignore the error before, that's just testing for the existance of the file. Can you see what's displayed on the client system at this point? On 18/01/17 14:36, Jr-Huang Shiau wrote: > Dear all, I am having the same issue as Juan GarcĂa-Pardo described > here: > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q4/010931 .html > > On Ubuntu 16.04, I use dnsmasq which is backported from Ubuntu > 16.10: dpkg -l dnsmasq Desired=Unknown/Install/Remove/Purge/Hold | > Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Tri g-pend > > |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) > ||/ Name Version Architecture > Description > +++-==---= > > ii dnsmasq2.76-5 all Small > caching DNS proxy and DHCP/TFTP server > > I configured a PXE server, and disabled the isc-dhcp-server and > tftpd-hpa so that I can test the DHCP proxy function of dnsmasq. > > 1. When the attached config file "1-working-local.conf" is used as > /etc/dnsmasq.conf without DHCP proxy, both PXE or uEFI client boot > successfully. > > 2. When the attached config file "2-not-working-proxy.conf" is used > as /etc/dnsmasq.conf with DHCP proxy, both PXE or uEFI client can > _NOT_ boot successfully. In the log file "2-not-working-proxy.log" > you can see either PXE or uEFI client fails to enter network > booting. > > 3. When the attached config file "3-partial-working-local.conf" is > used as /etc/dnsmasq.conf without DHCP proxy, PXE client can boot > successfully. However, EFI client did not. The log file was > attached as "3-not-working-efi-local.log". > > 4. When the attached config file "4-partial-working-proxy.conf" is > used as /etc/dnsmasq.conf with DHCP proxy, PXE client can > successfully enter network booting, as shown in > "4a-working-pxe-client-proxy.log". However, for EFI network client, > just "bootx64.efi" was downloaded, no other files were downloaded, > as shown in "4b-not-working-efi-client-proxy.log". For comparison, > you can see in "1-working-efi-no-proxy.log", without DHCP proxy, > the clients should download grub config file "grub.cfg" and other > files. > > Therefore it seems there is some uEFI network booting issues, no > matter it's using proxy or not. > > If you need me to do more tests or more info, please let me know. > Thank you very much. > > Steven > > > > ___ Dnsmasq-discuss > mailing list Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCAAGBQJYgUIIAAoJEBXN2mrhkTWiJPkP/1yjXLO6q7UbhvhM0b3Hdwfc v19A39lp4VhL3ujt21+jSdsWwsqPCJcLfkkkW2OCI6niRR40UVPMU3eYvk+Uxc1p LlP/ZJj5ayNUQ1EvuqqJQwRTwdnaYFmgxvR6HhCKXWnEzKK+3x52p273O2B/O9Ld V429G4y7G8Or3UKC4Bk6ww9I/KZ/r0ufTVstWW0nW2wqA9zzf009JofN6yUbJcUN dT1jetjbiiHCgyeFodtm7PVcda/E2uwVr/8ScXQgvqbser78AId6O72FkysLplDd Fo59KWsawqJO8+C/YCKCTXIMp3yFPgcv1KCgBmieR4eEr7RXcu0l4+iEsYvamvsJ MJ1KV6ts2Pt5bA7gszuP2PDNlt+t0K/dnpDaxRcGbyI4lhamqEnzH/wd7FUylcLl U8K7EYwlz7CoQKXqi6qP6EU4qeTyVMQmKoeY907WKt1DZMqWH7Ye9iTvihA+3a95 RqCuEWk3BsrZ/hOEKpeEmVy8cwh4gkrI6elszjmC5rYEvlwRwVezZK9zA/xRdfn+ 7jkE4P08/L5qhtrOCnBCW3+6AbHyRblJGSR/dEB8cSIUdqGXTJpGtxWAQPjgOrzJ Q0iE/2omLUcjgWGvZwZTsm2bWlqC9Lj9jIW00QXCZDo//QgUBVlkUMiO+l6IdggT ctKEAYejg9k832KJt3J0 =OwJE -END PGP SIGNATURE- ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
