On 08/20/12 01:35, Curtis Villamizar wrote:
I'm trying to run isc-dhcpd using dhcpd -6 in a jail. No luck.
The following code is run in the jail and doesn't fail.
if (inet_pton(AF_INET6, All_DHCP_Relay_Agents_and_Servers,
mreq.ipv6mr_multiaddr)= 0) {
log_fatal(inet_pton: unable to convert '%s',
All_DHCP_Relay_Agents_and_Servers);
}
mreq.ipv6mr_interface = if_nametoindex(info-name);
if (setsockopt(sock, IPPROTO_IPV6, IPV6_JOIN_GROUP,
mreq, sizeof(mreq)) 0) {
log_fatal(setsockopt: IPV6_JOIN_GROUP: %m);
}
where All_DHCP_Relay_Agents_and_Servers is defined as FF02::1:2.
Later dhcpd binds to *.517 which can be seen in netstat -an.
Packets to ff02::1:2.517 are seen on the jailer (as opposed to the
jailee) using tcpdump, but no packets are received by the jailee.
When the same command from the jailer using a chroot to the jailee
directory, the multicast packets are received.
Probably because there is no bpf in a default jail ?
Try making bpf visible in the jail via devfs.
Is there a solution to this other than changing the jail from an
implied ip6=new with a specific address to ip6=inherit. What I'd
really like is a yet to be invented ip6=new+multicast.
Using ip6=inherit would be OK, adding very little exposure (mostly
DoS attack exposure). It would be nice if ip6=inherit were
supported in the rc.d/jail framework.
Before I go changing anything I'm asking whether allowing the
multicast join and then not passing multicast to the jail is
considered a bug and how it should behave (the join should have failed
or the packets should have arrived). If the best workaround for now
is ip6=inherit would adding jail_jailname_ip[46] variables to the
rc files be viewed as a good solution (with a comment in
/etc/defaults/rc.conf indicating that the interaction between setting
addressing using _ip and _ip_multi and setting _ip4 or _ip6 (setting
an address for each family forces ip[46]=net for that AF.
Curtis
btw- not subscribed to freebsd-jail so please leave me on the Cc.
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
--
When I was crossing the border into Canada, they asked if
I had any firearms with me. I said, Well, what do you need?
-- Steven Wright
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org