View Single Post
  #8   (View Single Post)  
Old 12th August 2008
starbuck's Avatar
starbuck starbuck is offline
Port Guard
 
Join Date: Apr 2008
Location: Eugene, OR
Posts: 31
Default

Quote:
Originally Posted by ddekok View Post
The -DNOHTTPACCEPT disables an AcceptFilter. It is a kernel module for, IIRC, having the kernel accept the connection before handing it off to Apache (a speed optimization).

http://wiki.finger.dk/index.php/Apache/Install and the article linked to in the last sentence may give you a bit more information.
Okay, so I'm guessing that when I first built our jails the host system wasn't configured to load the accf_http module:

Code:
[root@HOST/usr/home/tristan]# kldload accf_http
kldload: can't load accf_http: File exists
Code:
[root@HOST/usr/home/tristan]# locate accf_http
/boot/kernel/accf_http.ko
/boot/kernel/accf_http.ko.symbols
/usr/obj/usr/src/share/man/man9/accf_http.9.gz
/usr/share/man/man9/accf_http.9.gz
/usr/src/share/man/man9/accf_http.9
/usr/src/sys/modules/accf_http
/usr/src/sys/modules/accf_http/Makefile
/usr/src/sys/netinet/accf_http.c
As you can see it looks like it's loaded on the host system now but it's not in any of the jails.

Code:
[root@JAIL /]# kldload accf_http
kldload: can't load accf_http: Operation not permitted
So, I'm using ezjail. If I'm on the right track, then I just need to run ezjail-admin update to run make world and update the basejail?

What do you guys think? Thanks for all the help too!

Here's some more references on accf_http:

http://httpd.apache.org/docs/2.2/mod/core.html
http://www.freebsd.org/cgi/man.cgi?q...http&sektion=9
Reply With Quote