Hi all,
Could somebody help me understand the work around mentioned in bug.229903 to run fping in a jail?
I have the following jail created by iocage with raw sockets allowed.
Inside the jail:
And running fping:
When I configure fping disabling IPv6 as per recommended, I get fping working for IPv4.
How should I proceed if I wanted to use fping for IPv6?
Could somebody help me understand the work around mentioned in bug.229903 to run fping in a jail?
I have the following jail created by iocage with raw sockets allowed.
Code:
iocage get all mon
CONFIG_VERSION:16
allow_chflags:0
allow_mlock:0
allow_mount:1
allow_mount_devfs:0
allow_mount_fusefs:0
allow_mount_nullfs:1
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:1
allow_set_hostname:1
allow_socket_af:0
allow_sysvipc:1
allow_tun:0
available:readonly
basejail:no
boot:on
bpf:no
children_max:0
cloned_release:12.0-RELEASE
comment:none
compression:lz4
compressratio:readonly
coredumpsize:off
count:1
cpuset:off
cputime:off
datasize:off
dedup:off
defaultrouter:172.27.0.254
defaultrouter6:none
depends:none
devfs_ruleset:4
dhcp:off
enforce_statfs:2
exec_clean:1
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:mon
host_hostuuid:mon
host_time:yes
hostid:95ea72f8-065c-0000-726b-8ebb5b6ae68c
hostid_strict_check:off
interfaces:vnet0:bridge0
ip4:new
ip4_addr:bge3|172.27.2.4/24
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
jail_zfs:off
jail_zfs_dataset:iocage/jails/mon/data
jail_zfs_mountpoint:none
last_started:2019-01-05 17:15:18
login_flags:-f root
mac_prefix:f872ea
maxproc:off
memorylocked:off
memoryuse:off
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued:off
msgqsize:off
nmsgq:off
notes:none
nsemop:off
nshm:off
nthr:off
openfiles:off
origin:readonly
owner:root
pcpu:off
priority:99
pseudoterminals:off
quota:none
release:12.0-RELEASE-p1
reservation:none
resolver:/etc/resolv.conf
rlimits:off
rtsold:off
securelevel:2
shmsize:off
stacksize:off
state:up
stop_timeout:30
swapuse:off
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:no
type:jail
used:readonly
vmemoryuse:off
vnet:off
vnet0_mac:none
vnet1_mac:none
vnet2_mac:none
vnet3_mac:none
vnet_default_interface:auto
vnet_interfaces:none
wallclock:off
Inside the jail:
Code:
root@mon:~ # uname -a
FreeBSD mon 12.0-RELEASE FreeBSD 12.0-RELEASE r341666 GENERIC amd64
root@mon:~ # sysctl -a | grep socket
kern.ipc.maxsockets: 1044976
kern.ipc.numopensockets: 85
net.inet.tcp.functions_inherit_listen_socket_stack: 1
security.jail.param.allow.socket_af: 0
security.jail.param.allow.raw_sockets: 0
security.jail.allow_raw_sockets: 1
security.jail.socket_unixiproute_only: 1
And running fping:
Code:
root@mon:~ # fping
(null): can't create raw socket (must run as root?) : Protocol not supported
root@mon:~ # ls -lai /usr/local/sbin/fping
167430 -r-sr-xr-x 1 root wheel 48056 Dec 20 14:33 /usr/local/sbin/fping
When I configure fping disabling IPv6 as per recommended, I get fping working for IPv4.
How should I proceed if I wanted to use fping for IPv6?