On Mon, Sep 18, 2006 at 01:08:28PM -0700, Russell Jackson
wrote:> Attempting to run isc-dhcpd (using USE_SOCKETS) inside a jail
> bound to an aliased ip does not appear to work. The process never seems
> to recieve any broadcast traffic; however, it does see unicast traffic
> as would be expected. I'm not sure how to debug this since one cannot
> run tcpdump in the jail to see what traffic is getting there obviously.
>
> It works fine if I change the jail to bind to the primary ip on the
> interface. Not surprisingly, it also works fine if I run it outside of a
> jail using BPF. Changing the broadcast addresses on the aliases does not
> seem to change anything.
>
> It is just that the kernel will not deliver broadcasts to jails on ip
> aliases as I suspect? Yes, I now I have a "zombied" jail in the
jls
> listing. There are no processes with a JID of 2 running, and I'm
> reluctant to reboot the machine because it's in production.
>
> If I have to run the jail on the primary ip address, that's okay. I
> would just prefer to have it running in a seperate jail and still have
> ssh running on the standard port (less confusing to users).
>
> Relevant configuration:
>
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=b<RXCSUM,TXCSUM,VLAN_MTU>
> inet6 fe80::213:72ff:fe4b:70e7%em0 prefixlen 64 scopeid 0x1
> inet 136.168.1.5 netmask 0xffff0000 broadcast 136.168.255.255
> inet 136.168.1.8 netmask 0xffffffff broadcast 136.168.1.8
> inet 136.168.1.91 netmask 0xffffffff broadcast 136.168.1.91
> ether 00:13:72:4b:70:e7
> media: Ethernet autoselect (1000baseTX <full-duplex>)
> status: active
>
> # global jail knobs
> jail_enable="YES"
> jail_list="ns1 netstat"
> jail_set_hostname_allow="NO"
>
> # ns1 jail
> jail_ns1_rootdir="/usr/jail/ns1"
> jail_ns1_hostname="ns1.csub.edu"
> jail_ns1_ip="136.168.1.91"
> jail_ns1_exec_start="/bin/sh /etc/rc"
> jail_ns1_devfs_enable="YES"
> jail_ns1_mount_enable="YES"
>
> # netstat jail
> jail_netstat_rootdir="/usr/jail/netstat"
> jail_netstat_hostname="netstat.csub.edu"
> jail_netstat_ip="136.168.1.8"
> jail_netstat_exec_start="/bin/sh /etc/rc"
> jail_netstat_devfs_enable="YES"
> jail_netstat_mount_enable="YES"
>
> JID IP Address Hostname Path
> 8 136.168.1.91 ns1.csub.edu /usr/jail/ns1
> 4 136.168.1.8 netstat.csub.edu /usr/jail/netstat
> 2 136.168.1.91 ns1.csub.edu /usr/jail/ns1
>
I should have mentioned I'm running a 6.1-STABLE system built on the
21st of Aug. RELEASE had problems with interrupt storms if I recall
correctly.
Here's dmesg.boot if it helps any:
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.1-STABLE #0: Mon Aug 21 00:59:05 PDT 2006
raj@netstat.csub.edu:/usr/obj/usr/src/sys/NETSTAT
ACPI APIC Table: <DELL PE BKC >
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992.71-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0xf43 Stepping = 3
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x641d<SSE3,RSVD2,MON,DS_CPL,CNTX-ID,CX16,<b14>>
AMD Features=0x20100000<NX,LM>
real memory = 2147221504 (2047 MB)
avail memory = 2096189440 (1999 MB)
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
cpu0 (BSP): APIC ID: 0
cpu1 (AP): APIC ID: 6
ioapic0: Changing APIC ID to 7
ioapic1: Changing APIC ID to 8
ioapic1: WARNING: intbase 32 != expected base 24
ioapic2: Changing APIC ID to 9
ioapic2: WARNING: intbase 64 != expected base 56
ioapic3: Changing APIC ID to 10
ioapic3: WARNING: intbase 96 != expected base 88
ioapic0 <Version 2.0> irqs 0-23 on motherboard
ioapic1 <Version 2.0> irqs 32-55 on motherboard
ioapic2 <Version 2.0> irqs 64-87 on motherboard
ioapic3 <Version 2.0> irqs 96-119 on motherboard
acpi0: <DELL PE BKC> on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 2.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pcib2: <ACPI PCI-PCI bridge> at device 0.0 on pci1
pci2: <ACPI PCI bus> on pcib2
amr0: <LSILogic MegaRAID 1.53> mem
0xf80f0000-0xf80fffff,0xfeac0000-0xfeafffff irq 46 at device 14.0 on pci2
amr0: delete logical drives supported by controller
amr0: <LSILogic PERC 4e/Di> Firmware 521X, BIOS H430, 256MB RAM
pcib3: <ACPI PCI-PCI bridge> at device 0.2 on pci1
pci3: <ACPI PCI bus> on pcib3
pcib4: <ACPI PCI-PCI bridge> at device 4.0 on pci0
pci4: <ACPI PCI bus> on pcib4
pcib5: <ACPI PCI-PCI bridge> at device 5.0 on pci0
pci5: <ACPI PCI bus> on pcib5
pcib6: <ACPI PCI-PCI bridge> at device 0.0 on pci5
pci6: <ACPI PCI bus> on pcib6
em0: <Intel(R) PRO/1000 Network Connection Version - 6.0.5> port
0xecc0-0xecff mem 0xfe7e0000-0xfe7fffff irq 64 at device 7.0 on pci6
em0: Ethernet address: 00:13:72:4b:70:e7
em0: [FAST]
pcib7: <ACPI PCI-PCI bridge> at device 0.2 on pci5
pci7: <ACPI PCI bus> on pcib7
em1: <Intel(R) PRO/1000 Network Connection Version - 6.0.5> port
0xdcc0-0xdcff mem 0xfe5e0000-0xfe5fffff irq 65 at device 8.0 on pci7
em1: Ethernet address: 00:13:72:4b:70:e8
em1: [FAST]
pcib8: <ACPI PCI-PCI bridge> at device 6.0 on pci0
pci8: <ACPI PCI bus> on pcib8
pcib9: <ACPI PCI-PCI bridge> at device 0.0 on pci8
pci9: <ACPI PCI bus> on pcib9
pcib10: <ACPI PCI-PCI bridge> at device 0.2 on pci8
pci10: <ACPI PCI bus> on pcib10
pcib11: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci11: <ACPI PCI bus> on pcib11
pci11: <display, VGA> at device 13.0 (no driver attached)
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH5 UDMA100 controller> port
0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xfc00-0xfc0f at device 31.1 on pci0
ata0: <ATA channel 0> on atapci0
ata1: <ATA channel 1> on atapci0
fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on
acpi0
fdc0: [FAST]
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model IntelliMouse Explorer, device ID 4
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on
acpi0
sio0: type 16550A, console
pmtimer0 on isa0
orm0: <ISA Option ROMs> at iomem 0xc0000-0xcafff,0xec000-0xeffff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounters tick every 1.000 msec
acd0: DVDROM <HL-DT-ST DVD-ROM GDR-8084N/1.01> at ata0-master UDMA33
amr0: delete logical drives supported by controller
amrd0: <LSILogic MegaRAID logical drive> on amr0
amrd0: 139760MB (286228480 sectors) RAID 5 (optimal)
SMP: AP CPU #1 Launched!
Trying to mount root from ufs:/dev/amrd0a
netsmb_dev: loaded
--
Russell A. Jackson <raj@csub.edu>
Network Analyst
CSUB Network Services