From owner-freebsd-questions@FreeBSD.ORG Fri Jan 28 18:53:05 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80FB216A4CE for ; Fri, 28 Jan 2005 18:53:05 +0000 (GMT) Received: from smtp.ucsb.edu (hub.ucsb.edu [128.111.24.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id E9A6F43D2F for ; Fri, 28 Jan 2005 18:53:04 +0000 (GMT) (envelope-from andrew.clark@ucsb.edu) Received: from modulus.oit.ucsb.edu ([128.111.12.24]) by smtp.ucsb.edu with esmtpsa TLSv1:AES256-SHA:256 id 1CubEu-00097h-RG for freebsd-questions@freebsd.org; Fri, 28 Jan 2005 10:53:04 -0800 Date: Fri, 28 Jan 2005 10:53:04 -0800 From: "Andrew D. Clark" To: freebsd-questions@freebsd.org Message-ID: <672C6DB0347329659F301A6F@localhost.localdomain> In-Reply-To: References: X-Mailer: Mulberry/3.1.6 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: jailed isc-dhcpd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2005 18:53:05 -0000 Answering my own question here. It is possible. I believe one will always need to define USE_SOCKETS in (within the isc-dhcpd-3 source) include/site.h to run it in a jail. Otherwise, dhcpd will try to use bpfs, which it cannot do inside a jail. To get it listening on a loopback, a small change to common/discover.c is needed: 187,188c187,189 < if ((ifa->ifa_flags & IFF_LOOPBACK) || < (ifa->ifa_flags & IFF_POINTOPOINT) || --- > // ADC HACKED - don't skip loopbacks > // if ((ifa->ifa_flags & IFF_LOOPBACK) || > if((ifa->ifa_flags & IFF_POINTOPOINT) || Works for me! You probably only want to do this sort of thing if your dhcpd is _only_ getting requests via relay. I believe this will break things for you if you need to reply to broadcasts. -- Andrew Clark Campus Network Programmer Office of Information Technology University of California, Santa Barbara andrew.clark@ucsb.edu (805) 893-5311 --On Thursday, January 27, 2005 05:15:23 PM -0800 "Andrew D. Clark" wrote: > Anyone out there successfully running isc-dhcpd-3 jailed? I'm > actually trying to get it jailed on an address which is on a loopback > interface, which doesn't work (but I believe that's isc-dhcpd's fault > and think I know how to fix that). Anyone have it working in a jail > just on a generic alias on a "real" physical interface? If so, how'd > you do it without dhcpd complaining about bpfs? Thanks in advance! > > -- > Andrew Clark > Campus Network Programmer > Office of Information Technology > University of California, Santa Barbara > andrew.clark@ucsb.edu (805) 893-5311