NixOS - how to add ping command on code-server terminal - nixos

Which package should I add to extraPackages property to make ping command available?
I have tried
extraPackages = with pkgs; [ ping ];
But it didnot work, it installs completely different package.

If you mean this ping, it's in the iputils package:
bash-5.1# ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.075 ms
^C
--- 127.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.075/0.075/0.075/0.000 ms
bash-5.1# which ping
/sbin/ping
bash-5.1# ls -l /sbin/ping
lrwxrwxrwx 1 root root 69 Jan 1 1980 /sbin/ping -> /nix/store/c8i7qgcvnj3123n8k7yilimgvdl23a31-iputils-20211215/bin/ping

ping is part of iputils so adding this package to extraPackages will make it available. You can find an executable with the tool like nix-locate <bin/executable> from the package nix-index
However keep in mind that ping normally requires the SUID bit set.
This tool is available in /run/wrappers/bin/ping ( command -v ping ). This wrapper is created in nixos/modules/tasks/network-interfaces.nix:
security.wrappers = {
ping = {
owner = "root";
group = "root";
capabilities = "cap_net_raw+p";
source = "${pkgs.iputils.out}/bin/ping";
};
};

Related

git pull & git clone hang - Linux Ubuntu

So lately, I update my SSH port to 558
cat /etc/ssh/sshd_config | grep Po
Port 558
I notice that my git pull keep hanging.
I research online, I found this SO link
Why does git pull hang?
I tried
git fsck && git gc --prune=now
I got
Checking object directories: 100% (256/256), done.
Checking objects: 100% (3806/3806), done.
Counting objects: 3840, done.
Compressing objects: 100% (1566/1566), done.
Writing objects: 100% (3840/3840), done.
Total 3840 (delta 2120), reused 3795 (delta 2096)
I tried git pull again after that , hang again.
My VM have access to the internet.
ping google.com
PING google.com (172.217.12.142) 56(84) bytes of data.
64 bytes from lga34s19-in-f14.1e100.net (172.217.12.142): icmp_seq=1 ttl=56 time=1.68 ms
64 bytes from lga34s19-in-f14.1e100.net (172.217.12.142): icmp_seq=2 ttl=56 time=1.31 ms
64 bytes from lga34s19-in-f14.1e100.net (172.217.12.142): icmp_seq=3 ttl=56 time=1.11 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.118/1.374/1.689/0.238 ms
This is my
└── git config --list
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
remote.origin.url=git#bitbucket.org:bb/cc.git
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
branch.master.remote=origin
branch.master.merge=refs/heads/master
remote.origin2.url=https://rajakannan#bitbucket.org/bb/cc.git
What should I check ?
Update
I am not sure if it is related to my sshd_config or not, but
I tried
mkdir test
cd test
git clone git#bitbucket.bb/cc.git
Cloning into 'cc'...
|...
hang again ... even on clone 👆🏼
Update 2
Could this be a firewall issues ? I can't even ping bitbucket.org
ping bitbucket.org
PING bitbucket.org (18.205.93.2) 56(84) bytes of data.
... stuck ... freeze ...
but I can ping google.com
ping google.com
PING google.com (172.217.9.238) 56(84) bytes of data.
64 bytes from lga34s11-in-f14.1e100.net (172.217.9.238): icmp_seq=1 ttl=56 time=1.59 ms
64 bytes from lga34s11-in-f14.1e100.net (172.217.9.238): icmp_seq=2 ttl=56 time=1.27 ms
^C64 bytes from lga34s11-in-f14.1e100.net (172.217.9.238): icmp_seq=3 ttl=56 time=1.05 ms
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.052/1.307/1.596/0.227 ms
BitBucket status is clean, so the issue is not on the remote side.
You are cloning with an SSH URL git#bitbucket.org:bb/cc.git.
Try, for testing, an HTTPS URL: https://bitbucket.org/bb/cc.git

squid proxy client setup in linux machine

What is the right setting for setting the squid proxy client in linux machine i followed the documentation to setup the export variable as following
bash $ export http_proxy="http://10.20.5.48:3128"
bash $ ping google.com
PING google.com (74.125.228.197) 56(84) bytes of data.
^C
--- google.com ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 922ms
bash $ export http_proxy="http://10.20.5.48:3128/"
bash $ ping google.com
PING google.com (173.194.123.110) 56(84) bytes of data.
bash $ export HTTP_PROXY="http://10.20.5.48:3128"
bash $ ping google.com
PING google.com (74.125.228.196) 56(84) bytes of data.
^C
--- google.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1086ms
bash $ export HTTP_PROXY="http://10.20.5.48:3128/"
bash $ ping google.com
PING google.com (74.125.228.195) 56(84) bytes of data.
^C
--- google.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1160ms
The squid server is running on port 3128 and reachable and no firewall or acl Issue with the squid.conf also
bash $ telnet 10.20.5.48 3128
Trying 10.20.5.48...
Connected to 10.20.5.48.
Escape character is '^]'.
When i change the yum.conf to use the proxy with the same server and IP the yum configuration work
Ping not use http-proxy.
Try
GET / HTTP/1.1
Host: google.com
in your telnet session.

How to have a separate kernel parameter for a newly created network namespace under Linux?

I am creating a new network namespace called OAM, along wit the veth interfaces to communicate between the new namespace and the default namespace:
$ sudo ip netns add OAM
$ sudo ip link add veth0 type veth peer name veth1
$ sudo ip link set veth1 netns OAM
$ ip netns exec OAM ip link set dev veth1 up
$ ip link set dev veth0 up
$ sudo ip netns exec OAM ip addr add dev veth1 192.168.0.1/24
$ sudo ip addr add dev veth0 192.168.0.2/24
Now I check the value of ip_default_ttl parameter from within the default namespace:
$ cat /proc/sys/net/ipv4/ip_default_ttl
64
It is set to 64. Next I check the same parameter in the newly created OAM namespace:
$ sudo ip netns exec OAM cat /proc/sys/net/ipv4/ip_default_ttl
cat: /proc/sys/net/ipv4/ip_default_ttl: No such file or directory
So, there isn't a copy of this parameter in the new network namespace.
If I try to test what is the value of TTL in both namespaces by using ping, I can see it's ttl=64:
Default namespace:
$ ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_req=1 ttl=64 time=0.072 ms
64 bytes from 192.168.0.1: icmp_req=2 ttl=64 time=0.060 ms
64 bytes from 192.168.0.1: icmp_req=3 ttl=64 time=0.053 ms
^C
--- 192.168.0.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3997ms
rtt min/avg/max/mdev = 0.036/0.051/0.072/0.016 ms
Newly created OAM namespace:
$ sudo ip netns exec OAM ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_req=1 ttl=64 time=0.042 ms
64 bytes from 192.168.0.2: icmp_req=2 ttl=64 time=0.030 ms
64 bytes from 192.168.0.2: icmp_req=3 ttl=64 time=0.053 ms
^C
--- 192.168.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.030/0.041/0.053/0.012 ms
So it seems that even though the ip_default_ttl parameter is not present in the new OAM namespace, the value used is the same (ttl=64).
I confirm that by logging in as root into another terminal and changing the ip_default_ttl value from 64 to 32 like this:
$ echo 32 > /proc/sys/net/ipv4/ip_default_ttl
Now if I retest the pings to check TTL, I get the same value of ttl=32 in both default and OAM namespace:
$ ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_req=1 ttl=32 time=0.029 ms
64 bytes from 192.168.0.1: icmp_req=2 ttl=32 time=0.038 ms
64 bytes from 192.168.0.1: icmp_req=3 ttl=32 time=0.053 ms
^C
--- 192.168.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.029/0.040/0.053/0.009 ms
$ sudo ip netns exec OAM ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_req=1 ttl=32 time=0.023 ms
64 bytes from 192.168.0.2: icmp_req=2 ttl=32 time=0.031 ms
64 bytes from 192.168.0.2: icmp_req=3 ttl=32 time=0.082 ms
^C
--- 192.168.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.023/0.045/0.082/0.026 ms
So, it seems that the kernel parameter ip_default_ttl defined in the default namespace is used globally across all the network namespaces.
Finally, my question is, what if I want to have different TTL values depending on different namespaces. Is there a way to achieve that ? Is there a way to somehow clone the ip_default_ttl kernel parameter (or other ones which don't get copied) from default to a newly created network namespace and have a separate value ?
Thanks for your answer in advance.
Different namespaces and thus containers, etc. operate within a single instance kernel, so parameters like ip_default_ttl are global.
You can however explicitly set hoplimit for routes:
# ip route change 192.168.50.0/24 dev xenbr0 hoplimit 32

Unable To Ping External Hosts Using In Perl Using Net::Ping

In Perl (5.16.3), I'm trying to use Net::Ping to test whether a remote host is available or not. I'm able to ping "internal" hosts which I know are online within my company's LAN, but I'm unable to ping "external" ones. Specifically, trying to ping 'www.google.com' fails.
My code:
#!/usr/bin/perl
use strict;
use warnings;
use Net::Ping;
my $hostname1 = 'prophet'; #internal
my $hostname2 = 'www.google.com'; #external
my $p;
my $rv1;
my $rv2;
$p = Net::Ping->new();
$rv1 = $p->ping($hostname1);
$rv2 = $p->ping($hostname2);
print "Response1: $rv1\n";
print "Response2: $rv2\n";
Yields this result:
[oracle#prophet:bin]$ ./ping_test
Response1: 1
Response2: 0
[oracle#prophet:bin]$
Even though using the (CentOS) ping utility does show that 'www.google.com' is available:
[oracle#prophet:bin]$ which ping; ping www.google.com
/usr/bin/ping
PING www.google.com (64.233.177.105) 56(84) bytes of data.
64 bytes from 64.233.177.105: icmp_seq=1 ttl=46 time=15.6 ms
64 bytes from 64.233.177.105: icmp_seq=2 ttl=46 time=15.6 ms
64 bytes from 64.233.177.105: icmp_seq=3 ttl=46 time=15.7 ms
64 bytes from 64.233.177.105: icmp_seq=4 ttl=46 time=16.5 ms
^C
--- www.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 15.614/15.884/16.547/0.394 ms
[oracle#prophet:bin]$
I realize that if I do this (in my Perl program):
$p = Net::Ping->new('icmp');
Then su - root before I run the program, it'll work...
[oracle#prophet:bin]$ su root
Password:
[root#prophet:bin]# ./ping_test
Response1: 1
Response2: 1
[root#prophet:bin]#
... but, I'd like to be able to use Net::Ping (w/ icmp packets) without having to su - root. It's actually a requirement for an automation program I need to write. It seems a little crazy to me that I can run the ping (CentOS) utility as a regular user and get the expected results, but that trying to use Net::Ping as a regular user is a no-go.
Any ideas?
G
The ping utility works because it's setuid — it runs with root privileges, even when executed by a normal user:
-rwsr-xr-x 1 root root 44168 May 7 2014 /bin/ping
Like it or not, using ICMP inherently requires root privileges. You can't do it as a normal user.
If you want to check for connectivity, consider making a TCP connection. (Or, heck, a full HTTP request.)

How to find application working or down using ping command in linux?

Is there any command to find website is working or down in linux ? Hope ping command helps...but how to check return packets successfull or not ?
ping www.google.com
Please advise is there any way to find website is working or not using ping command in shell script ?
Rather than ping use this telnet command to make sure port 80 is open:
telnet www.domain.com 80
You can even send HEAD request after opening telnet session if website is not blocking it.
Not every website responds to ping, and a successful ping does not prove the site is actually working correctly. With lynx, you can test the actual contents of a page:
lynx -dump www.google.com \
| grep --silent '________' \
&& echo "Google search form found." \
|| echo "No Google search form found."
nmap will tell you if the port is listening:
nmap www.google.com -p 80
tcptraceroute will also tell you if a port is open:
tcptraceroute www.google.com 80
There's also wget, curl...
In script you can look for echo $? output after you test using ping as explained below.
If the ping is successful which means the website is up, the echo output will return 0 else non-zero.
esunboj#L9AGC12:~$ ping 155.53.12.255
PING 155.53.12.255 (155.53.12.255) 56(84) bytes of data.
^C
--- 155.53.12.255 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2000ms
esunboj#L9AGC12:~$ echo $?
1
esunboj#L9AGC12:~$ ping 155.53.12.7
PING 155.53.12.7 (155.53.12.7) 56(84) bytes of data.
64 bytes from 155.53.12.7: icmp_req=1 ttl=48 time=239 ms
64 bytes from 155.53.12.7: icmp_req=2 ttl=48 time=240 ms
64 bytes from 155.53.12.7: icmp_req=3 ttl=48 time=241 ms
^C
--- 155.53.12.7 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 239.250/240.304/241.451/0.985 ms
esunboj#L9AGC12:~$ echo $?
0
ping send will send ICMP ECHO_REQUEST to network hosts and on success it will receive ICMP ECHO_REPLAY you can run tcpdump to verify

Resources