jailed isc-dhcpd
Andrew D. Clark
andrew.clark at ucsb.edu
Fri Jan 28 10:53:05 PST 2005
Answering my own question here. It is possible. I believe one will
always need to define USE_SOCKETS in (within the isc-dhcpd-3 source)
include/site.h to run it in a jail. Otherwise, dhcpd will try to use
bpfs, which it cannot do inside a jail. To get it listening on a
loopback, a small change to common/discover.c is needed:
187,188c187,189
< if ((ifa->ifa_flags & IFF_LOOPBACK) ||
< (ifa->ifa_flags & IFF_POINTOPOINT) ||
---
> // ADC HACKED - don't skip loopbacks
> // if ((ifa->ifa_flags & IFF_LOOPBACK) ||
> if((ifa->ifa_flags & IFF_POINTOPOINT) ||
Works for me! You probably only want to do this sort of thing if your
dhcpd is _only_ getting requests via relay. I believe this will break
things for you if you need to reply to broadcasts.
--
Andrew Clark
Campus Network Programmer
Office of Information Technology
University of California, Santa Barbara
andrew.clark at ucsb.edu (805) 893-5311
--On Thursday, January 27, 2005 05:15:23 PM -0800 "Andrew D. Clark"
<andrew.clark at ucsb.edu> wrote:
> Anyone out there successfully running isc-dhcpd-3 jailed? I'm
> actually trying to get it jailed on an address which is on a loopback
> interface, which doesn't work (but I believe that's isc-dhcpd's fault
> and think I know how to fix that). Anyone have it working in a jail
> just on a generic alias on a "real" physical interface? If so, how'd
> you do it without dhcpd complaining about bpfs? Thanks in advance!
>
> --
> Andrew Clark
> Campus Network Programmer
> Office of Information Technology
> University of California, Santa Barbara
> andrew.clark at ucsb.edu (805) 893-5311
More information about the freebsd-questions
mailing list