From owner-freebsd-questions Sun Dec 21 21:08:36 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id VAA27456 for questions-outgoing; Sun, 21 Dec 1997 21:08:36 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from prefetch.san.rr.com (ns1.san.rr.com [204.210.0.2]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id VAA27449 for ; Sun, 21 Dec 1997 21:08:33 -0800 (PST) (envelope-from Studded@dal.net) Received: from dal.net (dt051n19.san.rr.com [204.210.32.25]) by prefetch.san.rr.com (8.8.7/8.8.8) with ESMTP id VAA00334; Sun, 21 Dec 1997 21:07:55 -0800 (PST) Message-ID: <349DF5AB.22A8C7DF@dal.net> Date: Sun, 21 Dec 1997 21:07:55 -0800 From: Studded X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.5-STABLE i386) MIME-Version: 1.0 To: kjackson@lsuc.on.ca CC: freebsd-questions@freebsd.org Subject: Re: ISC DHCP server (beta5.16) and Berkeley Packet Filter References: <349DE08B.5149@lsuc.on.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Keith Jackson wrote: > > Hi, I recently downloaded a copy of the Internet Software Consorium's > DHCP daemon (beta5.16) from their web site Good choice. > and compiled it without > errors on a FreeBSD 2.1.0 system we're running here. Hmmm.. I started with FreeBSD around 2.1.5, but from what you describe it sounds like you're on exactly the right track. > I have since discovered this is referring to something called the > Berkeley Packet Filter. I must assume this is not enabled by default on > FreeBSD systems and that I must add this device to the kernel? > It also seems to indicate that I must use the Berkeley Packet Filter > if I wish to use the ISC DHCP daemon. Is this correct? If so, do all > DHCP daemons require this to be enabled. I understand there is a > security risk to turning on the Berkeley Packet Filtering. > If I include a pseudo-device line in our kernel config file and > rebuild the kernel, will this be sufficient to enable BPF? Use the entry in LINT, recompile the kernel, and then you will need to use the MAKEDEV script in /dev to make bpf0 - bpf3. IIRC, dhcpd uses two bpf sockets, so you should be fine with the default of 4. If you need more, increase the line in your kernel file and make the appropriate devices. To my knowledge, all dhcp systems use bpf's. It is pretty important that you do not allow untrusted users on your dhcp server for that reason. Good luck, Doug PS, if you need your clients to set their hostname, mail me and I'll send you my hack to the client script for that. It may find its way into the next beta, but it definitely works. :)