jailed isc-dhcpd

[Andrew D. Clark]

Answering my own question here.  It is possible.  I believe one will 
always need to define USE_SOCKETS in (within the isc-dhcpd-3 source) 
include/site.h to run it in a jail.  Otherwise, dhcpd will try to use 
bpfs, which it cannot do inside a jail.  To get it listening on a 
loopback, a small change to common/discover.c is needed:

187,188c187,189
<               if ((ifa->ifa_flags & IFF_LOOPBACK) ||
<                    (ifa->ifa_flags & IFF_POINTOPOINT) ||
---
>                  // ADC HACKED - don't skip loopbacks
> //            if ((ifa->ifa_flags & IFF_LOOPBACK) ||
>                    if((ifa->ifa_flags & IFF_POINTOPOINT) ||

Works for me!  You probably only want to do this sort of thing if your 
dhcpd is _only_ getting requests via relay.  I believe this will break 
things for you if you need to reply to broadcasts.

--
Andrew Clark
Campus Network Programmer
Office of Information Technology
University of California, Santa Barbara
andrew.clark at ucsb.edu (805) 893-5311


--On Thursday, January 27, 2005 05:15:23 PM -0800 "Andrew D. Clark" 
<andrew.clark at ucsb.edu> wrote:

> Anyone out there successfully running isc-dhcpd-3 jailed?  I'm
> actually trying to get it jailed on an address which is on a loopback
> interface, which doesn't work (but I believe that's isc-dhcpd's fault
> and think I know how to fix that).  Anyone have it working in a jail
> just on a generic alias on a "real" physical interface?  If so, how'd
> you do it without dhcpd complaining about bpfs?  Thanks in advance!
>
> --
> Andrew Clark
> Campus Network Programmer
> Office of Information Technology
> University of California, Santa Barbara
> andrew.clark at ucsb.edu (805) 893-5311