Bug 229903 - net/fping within jail: Protocol not supported
Summary: net/fping within jail: Protocol not supported
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Rodrigo Osorio
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-20 14:11 UTC by stefan.witzel
Modified: 2018-08-15 23:56 UTC (History)
4 users (show)

See Also:
jharris: maintainer-feedback+


Attachments
Makefile patch to add IPV6 option (501 bytes, patch)
2018-08-10 10:47 UTC, Andrew
andrew.hotlab: maintainer-approval? (jharris)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description stefan.witzel 2018-07-20 14:11:15 UTC
Starting  fping 4.0 in a jail as root I get the message

(null): can't create raw socket (must run as root?) : Protocol not supported

I have the following MIB configuration

within the jail: 
security.jail.param.allow.raw_sockets: 0
security.jail.allow_raw_sockets: 1

on the host:
security.jail.param.allow.raw_sockets: 0
security.jail.allow_raw_sockets: 1

System:
FreeBSD 11.1-RELEASE-p1 #1 r323598
Comment 1 Kai Knoblich freebsd_committer 2018-07-20 20:59:55 UTC
(In reply to stefan.witzel from comment #0)

fping 4.0 comes with combined IPv4/IPv6 support. To make it work inside a jail you'll also need to enable IPv6 for the jail even if you will not use IPv6.

Thus it should be sufficient to give the local interface in the jail an IPv6 address to get fping working as usual.
Comment 2 Andrew 2018-08-10 09:03:55 UTC
(In reply to Kai from comment #1)
Thank for your reply. I just noticed the same issue into a FreeBSD 11.2 jail. That's a somewhat big problem for us, since we have disable IPv6 protocol on all our internal servers.

Do you know if it might be possible not to compile IPv6 support in fping 4.0? In that case, we would make a patch to add an option to this port.
Comment 3 Andrew 2018-08-10 10:47:47 UTC
Created attachment 196053 [details]
Makefile patch to add IPV6 option

It looks like it's possible to disable IPv6 in fping 4.0 without any evident issue. We just solved by applying this patch. Please feel free to use it.
Comment 4 Kai Knoblich freebsd_committer 2018-08-10 11:09:08 UTC
(In reply to Andrew from comment #3)

Hello Andrew,

you were just a bit faster than me. :) 

I prepared a patch to reenable the IPV4/IPV6 options (that were available with my initial patch in bug #229172) and I was going to upload it here.

Nevermind, if the patch works for you please don't forget to set the maintainer-approval flag ("?" on the attachment) so the maintainer (jharris [AT] widomaker.com) can approve it to speed things a bit up for a commit.

@maintainer: Sorry for intervening in this PR, by the way. I felt somewhat responsible because I initiated the update to 4.0 and now try to give as much help as possible.
Comment 5 Andrew 2018-08-10 11:38:32 UTC
Comment on attachment 196053 [details]
Makefile patch to add IPV6 option

Just added the maintainer-approval flag
Comment 6 jharris 2018-08-10 16:34:34 UTC
The patch in:

  https://bugs.freebsd.org/bugzilla/attachment.cgi?id=194419&action=diff

actually CAUSES a problem if IPv6 is selected - as it is/was by default - but not available (at compile time).  The build with that patch failed for me until I manually deselected IPv6.  That patch would make the fping port less automagic for most users (again), unfortunately...
Comment 7 Andrew 2018-08-10 16:58:44 UTC
(In reply to jharris from comment #6)
I just compiled it by leaving IPV6 option activated, and it seems OK indeed. Obviously by using the patch I attached today:
https://bugs.freebsd.org/bugzilla/attachment.cgi?id=196053&action=diff
Comment 8 jharris 2018-08-11 20:54:38 UTC
(In reply to Andrew from comment #7)

It seems to work fine.  Approved, thanks!
Comment 9 Rodrigo Osorio freebsd_committer 2018-08-15 22:47:30 UTC
take the PR
Comment 10 commit-hook freebsd_committer 2018-08-15 23:54:36 UTC
A commit references this bug:

Author: rodrigo
Date: Wed Aug 15 23:54:20 UTC 2018
New revision: 477297
URL: https://svnweb.freebsd.org/changeset/ports/477297

Log:
  Add an option to disable IPv6 support

  In jail environment, because fping 4.0 comes
  with combined IPv4/IPv6 support, you need to enable
  IPv6 for the jail even if you will not use IPv6.

  This patch adds an IPV6 option, enabled by default,
  but who can be turn off to build fping without IPv6
  support and used it inside a jail without IPv6.

  PR:		229903
  Submitted by:	Andrew <andrew.hotlab@hotmail.com>
  Reported by:	Stefan Witzel <stefan.witzel@zvw.uni-goettingen.de>
  Approved by:	<jharris@widomaker.com> (maintainer)

Changes:
  head/net/fping/Makefile
Comment 11 Rodrigo Osorio freebsd_committer 2018-08-15 23:56:21 UTC
Tested in 12-CURRENT jails environment

Committed with minor changes (reordering elements), thanks.