From owner-freebsd-jail@FreeBSD.ORG Fri Jul 25 03:25:08 2014 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 387A5856; Fri, 25 Jul 2014 03:25:08 +0000 (UTC) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DADFE2971; Fri, 25 Jul 2014 03:25:07 +0000 (UTC) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.14.9/8.14.9) with ESMTP id s6P3P6o4020092 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 24 Jul 2014 21:25:06 -0600 (MDT) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.14.9/8.14.9/Submit) with ESMTP id s6P3P6Sq020089; Thu, 24 Jul 2014 21:25:06 -0600 (MDT) (envelope-from wblock@wonkity.com) Date: Thu, 24 Jul 2014 21:25:06 -0600 (MDT) From: Warren Block To: Glen Barber Subject: Re: check_dhcp In-Reply-To: <20140725032045.GY1065@hub.FreeBSD.org> Message-ID: References: <20140725032045.GY1065@hub.FreeBSD.org> User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Thu, 24 Jul 2014 21:25:06 -0600 (MDT) Cc: freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jul 2014 03:25:08 -0000 On Thu, 24 Jul 2014, Glen Barber wrote: > On Thu, Jul 24, 2014 at 09:14:24PM -0600, Warren Block wrote: >> net-mgmt/monitoring-plugins has a check_dhcp program used to test the >> availability of a remote DHCP server. It has BSD-specific code, but seems >> fairly dated and only works when all supposedly optional parameters are >> given. However, it does work on a normal machine: >> >> OK: Received 1 DHCPOFFER(s), 1 of 1 requested servers responded, max lease time = 600 sec. >> >> But it does not work inside a jail, seeing no offers: >> >> CRITICAL: No DHCPOFFERs were received. >> >> Raw sockets and bpf are enabled in the jail. dhclient in the jail can >> actually get a lease. Is there anything else that needs to be configured to >> allow this to work in a jail? >> >> >> >> After 'make -C /usr/ports/net-mgmt/monitoring-plugins', the code in question >> is check_dhcp.c in >> work/monitoring-plugins-monitoring-plugins-b5611ea/plugins-root. It gives >> these type of errors: >> >> % ./check_dhcp -s 192.168.1.1 >> Error: if_nametoindex error - Device not configured. >> >> % ./check_dhcp -s 192.168.1.1 -i em0 >> Error: Couldn't get hardware address from em0. sysctl 2 error - No such file or directory. >> >> After adding -m , it gives no errors but never sees a >> response. > > The problem, I suspect, is that bpf(4) does not exist in the jail. It's there: # ls -lh /dev/b* crw------- 1 root wheel 0x12 Jul 24 21:00 /dev/bpf lrwxr-xr-x 1 root wheel 3B Jul 24 20:08 /dev/bpf0 -> bpf dhclient would not work without it, I think. But something else is different between the jail and a real machine.