Skip to content

fix: Use privileged mode for ICMP only on Windows #748

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

fix: Use privileged mode for ICMP only on Windows #748

wants to merge 2 commits into from

Conversation

TwiN
Copy link
Owner

@TwiN TwiN commented Apr 28, 2024

Summary

Use privileged mode for ICMP only on Windows

Fixes #697

Checklist

  • Tested and/or added tests to validate that the changes work as intended, if applicable.
  • Updated documentation in README.md, if applicable.

@TwiN TwiN added bug Something isn't working area/security Related to security labels Apr 28, 2024
@codecov-commenter
Copy link

codecov-commenter commented Apr 28, 2024
edited by codecov bot
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.58%. Comparing base (2833968) to head (a3f3660).
Report is 143 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #748      +/-   ##
==========================================
- Coverage   80.63%   80.58%   -0.05%     
==========================================
  Files          64       64              
  Lines        4244     4244              
==========================================
- Hits         3422     3420       -2     
- Misses        624      625       +1     
- Partials      198      199       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@TwiN TwiN mentioned this pull request Apr 28, 2024
Closed
@TwiN
Copy link
Owner Author

TwiN commented Apr 28, 2024

Temporarily published container image as twinproduction/gatus:experimental for testing purposes.

@h3mmy h3mmy mentioned this pull request May 30, 2024
Merged
@h3mmy
Copy link

h3mmy commented May 31, 2024

I've verified that this works in my environment for the icmp check. Details here: #697 (comment)

h3mmy
h3mmy approved these changes May 31, 2024
View reviewed changes
Copy link

@h3mmy h3mmy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for making this change!

@TwiN
Copy link
Owner Author

TwiN commented Jul 1, 2024

FYI this is on-hold and is being discussed in #697

@ignisf
Copy link

ignisf commented Jul 22, 2024
edited
Loading

Hya, just chiming in that this fixes ICMP with rootless podman containers. As does adding the CAP_NET_RAW capability with the stable branch.

@h3mmy
Copy link

h3mmy commented Nov 9, 2024

Is there anything specifically preventing this from being merged?

@TwiN
Copy link
Owner Author

TwiN commented Nov 9, 2024

@h3mmy #697 (comment) is why I'm not merging it.

#697 (comment) is the reason why this needs more investigation.

The fix itself resolves an issue for some people, but causes more issues for other people. This still needs some investigation, and I don't have the time to spend on this at the moment. Also worth pointing out that for me, the current release works just fine, but the fix does not unless I add

      securityContext:
        sysctls:
          - name: net.ipv4.ping_group_range
            value: 0 65536

to the pod security context, which means that this would technically be a regression for my cloud environment, and likely others.

@TwiN
Copy link
Owner Author

TwiN commented Apr 1, 2025

Superseded by #1056

@TwiN TwiN closed this Apr 1, 2025
@TwiN TwiN deleted the fix/icmp branch April 1, 2025 22:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@h3mmy h3mmy h3mmy approved these changes

Assignees
No one assigned
Labels
area/security Related to security bug Something isn't working do-not-merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ICMP not working on Kubernetes even if sysctl -w net.ipv4.ping_group_range="0 2147483647"
4 participants
@TwiN @codecov-commenter @h3mmy @ignisf