Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Jan 2005 10:53:04 -0800
From:      "Andrew D. Clark" <andrew.clark@ucsb.edu>
To:        freebsd-questions@freebsd.org
Subject:   Re: jailed isc-dhcpd
Message-ID:  <672C6DB0347329659F301A6F@localhost.localdomain>
In-Reply-To: <D2E829E85B253EA7BDC3411F@localhost.localdomain>
References:  <D2E829E85B253EA7BDC3411F@localhost.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help 
Answering my own question here.  It is possible.  I believe one will 
always need to define USE_SOCKETS in (within the isc-dhcpd-3 source) 
include/site.h to run it in a jail.  Otherwise, dhcpd will try to use 
bpfs, which it cannot do inside a jail.  To get it listening on a 
loopback, a small change to common/discover.c is needed:

187,188c187,189
<               if ((ifa->ifa_flags & IFF_LOOPBACK) ||
<                    (ifa->ifa_flags & IFF_POINTOPOINT) ||
---
>                  // ADC HACKED - don't skip loopbacks
> //            if ((ifa->ifa_flags & IFF_LOOPBACK) ||
>                    if((ifa->ifa_flags & IFF_POINTOPOINT) ||

Works for me!  You probably only want to do this sort of thing if your 
dhcpd is _only_ getting requests via relay.  I believe this will break 
things for you if you need to reply to broadcasts.

--
Andrew Clark
Campus Network Programmer
Office of Information Technology
University of California, Santa Barbara
andrew.clark@ucsb.edu (805) 893-5311


--On Thursday, January 27, 2005 05:15:23 PM -0800 "Andrew D. Clark" 
<andrew.clark@ucsb.edu> wrote:

> Anyone out there successfully running isc-dhcpd-3 jailed?  I'm
> actually trying to get it jailed on an address which is on a loopback
> interface, which doesn't work (but I believe that's isc-dhcpd's fault
> and think I know how to fix that).  Anyone have it working in a jail
> just on a generic alias on a "real" physical interface?  If so, how'd
> you do it without dhcpd complaining about bpfs?  Thanks in advance!
>
> --
> Andrew Clark
> Campus Network Programmer
> Office of Information Technology
> University of California, Santa Barbara
> andrew.clark@ucsb.edu (805) 893-5311

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?672C6DB0347329659F301A6F>