From owner-freebsd-stable@FreeBSD.ORG Wed Sep 20 00:52:30 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED49616A407 for ; Wed, 20 Sep 2006 00:52:29 +0000 (UTC) (envelope-from raj@pandora.csub.edu) Received: from pandora.csub.edu (pandora.csub.edu [136.168.10.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87D6743D49 for ; Wed, 20 Sep 2006 00:52:29 +0000 (GMT) (envelope-from raj@pandora.csub.edu) Received: from cserv65.csub.edu (cserv65.csub.edu [136.168.10.65]) by pandora.csub.edu (8.13.6/8.13.6) with ESMTP id k8K0qRiV057143 for ; Tue, 19 Sep 2006 17:52:27 -0700 (PDT) (envelope-from raj@pandora.csub.edu) Received: from cserv65.csub.edu (localhost [127.0.0.1]) by cserv65.csub.edu (8.13.6/8.13.6) with ESMTP id k8K0qQd4086098 for ; Tue, 19 Sep 2006 17:52:26 -0700 (PDT) (envelope-from raj@cserv65.csub.edu) Received: (from raj@localhost) by cserv65.csub.edu (8.13.8/8.13.6/Submit) id k8K0qQem086097 for freebsd-stable@freebsd.org; Tue, 19 Sep 2006 17:52:26 -0700 (PDT) (envelope-from raj) Date: Tue, 19 Sep 2006 17:52:26 -0700 From: Russell Jackson To: freebsd-stable@freebsd.org Message-ID: <20060920005226.GA24483@cserv65.csub.edu> References: <20060918200828.GA58066@cserv65.csub.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060918200828.GA58066@cserv65.csub.edu> User-Agent: Mutt/1.5.12-2006-07-14 Subject: Re: isc-dhcpd and jails bound to an aliased ip X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2006 00:52:30 -0000 On Mon, Sep 18, 2006 at 01:08:28PM -0700, Russell Jackson wrote: > Attempting to run isc-dhcpd (using USE_SOCKETS) inside a jail > bound to an aliased ip does not appear to work. The process never seems > to recieve any broadcast traffic; however, it does see unicast traffic > as would be expected. I'm not sure how to debug this since one cannot > run tcpdump in the jail to see what traffic is getting there obviously. > > It works fine if I change the jail to bind to the primary ip on the > interface. Not surprisingly, it also works fine if I run it outside of a > jail using BPF. Changing the broadcast addresses on the aliases does not > seem to change anything. > > It is just that the kernel will not deliver broadcasts to jails on ip > aliases as I suspect? Yes, I now I have a "zombied" jail in the jls > listing. There are no processes with a JID of 2 running, and I'm > reluctant to reboot the machine because it's in production. > > If I have to run the jail on the primary ip address, that's okay. I > would just prefer to have it running in a seperate jail and still have > ssh running on the standard port (less confusing to users). > > Relevant configuration: > > em0: flags=8843 mtu 1500 > options=b > inet6 fe80::213:72ff:fe4b:70e7%em0 prefixlen 64 scopeid 0x1 > inet 136.168.1.5 netmask 0xffff0000 broadcast 136.168.255.255 > inet 136.168.1.8 netmask 0xffffffff broadcast 136.168.1.8 > inet 136.168.1.91 netmask 0xffffffff broadcast 136.168.1.91 > ether 00:13:72:4b:70:e7 > media: Ethernet autoselect (1000baseTX ) > status: active > > # global jail knobs > jail_enable="YES" > jail_list="ns1 netstat" > jail_set_hostname_allow="NO" > > # ns1 jail > jail_ns1_rootdir="/usr/jail/ns1" > jail_ns1_hostname="ns1.csub.edu" > jail_ns1_ip="136.168.1.91" > jail_ns1_exec_start="/bin/sh /etc/rc" > jail_ns1_devfs_enable="YES" > jail_ns1_mount_enable="YES" > > # netstat jail > jail_netstat_rootdir="/usr/jail/netstat" > jail_netstat_hostname="netstat.csub.edu" > jail_netstat_ip="136.168.1.8" > jail_netstat_exec_start="/bin/sh /etc/rc" > jail_netstat_devfs_enable="YES" > jail_netstat_mount_enable="YES" > > JID IP Address Hostname Path > 8 136.168.1.91 ns1.csub.edu /usr/jail/ns1 > 4 136.168.1.8 netstat.csub.edu /usr/jail/netstat > 2 136.168.1.91 ns1.csub.edu /usr/jail/ns1 > I should have mentioned I'm running a 6.1-STABLE system built on the 21st of Aug. RELEASE had problems with interrupt storms if I recall correctly. Here's dmesg.boot if it helps any: Copyright (c) 1992-2006 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.1-STABLE #0: Mon Aug 21 00:59:05 PDT 2006 raj@netstat.csub.edu:/usr/obj/usr/src/sys/NETSTAT ACPI APIC Table: Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992.71-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0xf43 Stepping = 3 Features=0xbfebfbff Features2=0x641d> AMD Features=0x20100000 real memory = 2147221504 (2047 MB) avail memory = 2096189440 (1999 MB) FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 6 ioapic0: Changing APIC ID to 7 ioapic1: Changing APIC ID to 8 ioapic1: WARNING: intbase 32 != expected base 24 ioapic2: Changing APIC ID to 9 ioapic2: WARNING: intbase 64 != expected base 56 ioapic3: Changing APIC ID to 10 ioapic3: WARNING: intbase 96 != expected base 88 ioapic0 irqs 0-23 on motherboard ioapic1 irqs 32-55 on motherboard ioapic2 irqs 64-87 on motherboard ioapic3 irqs 96-119 on motherboard acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0 cpu0: on acpi0 cpu1: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 pcib1: at device 2.0 on pci0 pci1: on pcib1 pcib2: at device 0.0 on pci1 pci2: on pcib2 amr0: mem 0xf80f0000-0xf80fffff,0xfeac0000-0xfeafffff irq 46 at device 14.0 on pci2 amr0: delete logical drives supported by controller amr0: Firmware 521X, BIOS H430, 256MB RAM pcib3: at device 0.2 on pci1 pci3: on pcib3 pcib4: at device 4.0 on pci0 pci4: on pcib4 pcib5: at device 5.0 on pci0 pci5: on pcib5 pcib6: at device 0.0 on pci5 pci6: on pcib6 em0: port 0xecc0-0xecff mem 0xfe7e0000-0xfe7fffff irq 64 at device 7.0 on pci6 em0: Ethernet address: 00:13:72:4b:70:e7 em0: [FAST] pcib7: at device 0.2 on pci5 pci7: on pcib7 em1: port 0xdcc0-0xdcff mem 0xfe5e0000-0xfe5fffff irq 65 at device 8.0 on pci7 em1: Ethernet address: 00:13:72:4b:70:e8 em1: [FAST] pcib8: at device 6.0 on pci0 pci8: on pcib8 pcib9: at device 0.0 on pci8 pci9: on pcib9 pcib10: at device 0.2 on pci8 pci10: on pcib10 pcib11: at device 30.0 on pci0 pci11: on pcib11 pci11: at device 13.0 (no driver attached) isab0: at device 31.0 on pci0 isa0: on isab0 atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xfc00-0xfc0f at device 31.1 on pci0 ata0: on atapci0 ata1: on atapci0 fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0 fdc0: [FAST] fd0: <1440-KB 3.5" drive> on fdc0 drive 0 atkbdc0: port 0x60,0x64 irq 1 on acpi0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] psm0: irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model IntelliMouse Explorer, device ID 4 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A, console pmtimer0 on isa0 orm0: at iomem 0xc0000-0xcafff,0xec000-0xeffff on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Timecounters tick every 1.000 msec acd0: DVDROM at ata0-master UDMA33 amr0: delete logical drives supported by controller amrd0: on amr0 amrd0: 139760MB (286228480 sectors) RAID 5 (optimal) SMP: AP CPU #1 Launched! Trying to mount root from ufs:/dev/amrd0a netsmb_dev: loaded -- Russell A. Jackson Network Analyst CSUB Network Services