Quote:
Originally Posted by ddekok
The -DNOHTTPACCEPT disables an AcceptFilter. It is a kernel module for, IIRC, having the kernel accept the connection before handing it off to Apache (a speed optimization).
http://wiki.finger.dk/index.php/Apache/Install and the article linked to in the last sentence may give you a bit more information.
|
Okay, so I'm guessing that when I first built our jails the host system wasn't configured to load the accf_http module:
Code:
[root@HOST/usr/home/tristan]# kldload accf_http
kldload: can't load accf_http: File exists
Code:
[root@HOST/usr/home/tristan]# locate accf_http
/boot/kernel/accf_http.ko
/boot/kernel/accf_http.ko.symbols
/usr/obj/usr/src/share/man/man9/accf_http.9.gz
/usr/share/man/man9/accf_http.9.gz
/usr/src/share/man/man9/accf_http.9
/usr/src/sys/modules/accf_http
/usr/src/sys/modules/accf_http/Makefile
/usr/src/sys/netinet/accf_http.c
As you can see it looks like it's loaded on the host system now but it's not in any of the jails.
Code:
[root@JAIL /]# kldload accf_http
kldload: can't load accf_http: Operation not permitted
So, I'm using ezjail. If I'm on the right track, then I just need to run
ezjail-admin update to run make world and update the basejail?
What do you guys think? Thanks for all the help too!
Here's some more references on accf_http:
http://httpd.apache.org/docs/2.2/mod/core.html
http://www.freebsd.org/cgi/man.cgi?q...http&sektion=9