Getting "socket: permission denied" when running in UDP mode in linux

[wsagehorn]

I've changed the network to udp mode with p.Network("udp") to avoid the need for sudo privileges, but I get socket: permission denied as an error.

When run with debug on, it prints:
2016/06/16 14:52:34 Run(): Start
2016/06/16 14:52:34 Run(): close(p.ctx.done)

Running without p.Network("udp") works fine (but requires sudo).
The error is identical in 32 bit and 64 bit Ubuntu 14.04.
The same code works as intended on mac.

[karasz]

Most probably you are bit by a kernel change in recent Ubuntus (or maybe even upstream).
You can do a sysctl net.ipv4.ping_group_range if the response is 1 0 then the UDP variant will not work. To enable all users to use that facility you need
sudo sysctl -w net.ipv4.ping_group_range="0 65535".

More explanations you will get here: https://lwn.net/Articles/422330/

HTH

[karasz]

Another problem with this code is at line:
https://github.com/tatsushid/go-fastping/blob/master/fastping.go#L652
when UDP is enabled pkt.ID == p.id is not true due to the way the kernel handles ID of those packets.
when using UDP one should only rely on the sequences, ,or properly handle the packet IDs.

[seantcanavan]

@karasz can we just modify the sudoers file to run the command inherently with sudo privileges?

[bmon]

@seantcanavan You could, but then you're taking all the risks and issues associated with running your program as root. Unless there's something specific that's stopping you from using the workaround karasz mentioned, it would be much safer to not run with root.

[seantcanavan]

@bmon I was referring specifically to adding the ping command to the sudoers file and not the entire fastping process itself. this would technically constitute least-privilege permissions escalation.

[eikenb]

Just hit this. Seems like changing the "net.ipv4.ping_group_range" value as a workaround should be documented somewhere other than only in an old issue.