Boot Service Discovery Protocol
Boot Service Discovery Protocol (BSDP) is an Apple-developed, standards-conforming extension of DHCP.[1] It allows Macintosh computers to boot from bootable images on a network instead of local storage media such as CD, DVD, or hard disk. The DHCP options used are the "vendor-specific information" option (number 43) and the "vendor class identifier" option (number 60). There are three versions of BSDP, though usually version 1.0 is used. All versions enable a client to choose from several bootable images offered by a server. The reference implementation of BSDP is Darwin's BOOTP server, which is part of Mac OS's NetBoot feature.
| Internet protocol suite |
|---|
| Application layer |
| Transport layer |
| Internet layer |
| Link layer |
|
Description
Contents of DHCP Vendor Class Identifier
The DHCP server and client send a vendor class option that contains an ASCII-encoded string with three parts delimited by a / character. The first part is AAPLBSDPC, which advertises BSDP capability. The second part is the client's architecture ("ppc" or "i386"). The third part is a system identifier. For example, an Intel-based iMac sends
AAPLBSDPC/i386/iMac4,1
as its vendor class. A list of Microsoft vendor classes can be found here.
Contents of DHCP Vendor Specific Information Options
According to RFC 2132 the DHCP Option carrying the number 43 is reserved for vendor specific information. This information is stored in the following format:
Code Len Vendor-specific information +-----+-----+-----+-----+--- | 43 | n | i1 | i2 | ... +-----+-----+-----+-----+---
If the vendor wants to convey multiple options within this option field, this is done with encapsulated vendor-specific extensions. Vendor encapsulated extensions contain one or more concatenated fields. Each field consists of:
| Byte Position | Content |
|---|---|
| 0 | Type of field |
| 1 | Length n of field |
| 2 to n-2 | Data |
The following table describes the possible field types. All numeric fields are interpreted as unsigned and Big Endian integers.
| Type | Meaning | Data type |
|---|---|---|
| 1 | Message Type | 8 Bit int
|
| 2 | BSDP Version used | 16 Bit int
|
| 3 | Server Identifier | IP address of the server, one byte per component: c0 a8 64 01 represents 192.168.100.1 |
| 4 | Server Priority | 16 Bit int |
| 5 | Port for Response | 16 Bit int |
| 6 | "boot image list path" | String |
| 7 | ID of Standard Boot Image | 32 Bit int (According to Apple's documentation, the boot image ID can range up to 65535. This comprises 16 bits; however, 32 bits are reserved. In all observed IDs, the most significant 16 bits are always 1000 0001 0000 0000 (0x8100), which probably indicates the type and version of the operating system to be booted.) |
| 8 | ID of Selected Boot Image | 32 Bit int |
| 9 | List of Boot Images | ? |
| 10 | "netboot 1.0 firmware" | ? |
| 11 | Error List for Image Attribute | ? |
| 12 | Maximum Message Size | ? |
| 128 | "shadow mount path" | String (URL) Here is possible to specify a network-accessible mount where data will be written after a successful boot. If this field is not specified and no storage medium is available locally on the client, then the boot process for Mac OS X is aborted. Officially, Mac OS X only supports AFP shadow mount paths. However, NFS may be used after a modifying of the startup files of the system. |
| 129 | "shadow file path" | String (URL) |
| 130 | "machine name" (Name of system to boot?) | String |
Example
The following example illustrates the construction of the Vendor Encapsulated Option:
0000 01 01 02 08 04 81 00 07 e5 82 0a 4e 65 74 42 6f 6f ........ ..NetBoo 0010 74 30 30 31 t001
The first field here, 01 01 02, means that the packet is a BSDP "SELECT" message. The 01 declares that field specifies the BSDP Message Type. The next 01 indicates that the field contents are one byte long — 02 is the code for "SELECT".
The following 08 04 81 00 07 e5 means that the boot image with the ID 2164262885 is selected.
Finally, 82 0a 4e 65 74 42 6f 6f 74 30 30 31 means that a string with 0x0a = 10 characters, namely "NetBoot001", is the name of the system to boot.
Sources
- BSDP documentation from Apple's bootpd
- several conversations captured with Wireshark
- Source code of Darwin's BOOTP server, https://opensource.apple.com/darwinsource/tarballs/apsl/bootp-133.8.tar.gz%5B%5D
References
- "NetBoot 2.0: Boot Service Discovery Protocol (BSDP)" (DOC). Apple Inc. 2003-12-08. Retrieved 2010-07-22.