inputs.ping: Always SetPrivileged(true) in native mode (influxdata#9072)

* Always SetPrivileged(true) * Improve error message
SCP-2000 · Mar 30, 2021 · 7d66590 · 7d66590
1 parent 470628e
commit 7d66590
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 15 deletions.
diff --git a/plugins/inputs/ping/README.md b/plugins/inputs/ping/README.md
@@ -102,7 +102,7 @@ $ systemctl edit telegraf
 #### Linux Permissions
 
 When using `method = "native"`, Telegraf will attempt to use privileged raw
-ICMP sockets.  On most systems, doing so requires `CAP_NET_RAW` capabilities.
+ICMP sockets.  On most systems, doing so requires `CAP_NET_RAW` capabilities or for Telegraf to be run as root.
 
 With systemd:
 ```sh
@@ -127,16 +127,9 @@ setting capabilities.
 
 [man 7 capabilities]: http://man7.org/linux/man-pages/man7/capabilities.7.html
 
-On Linux the default behaviour is to restrict creation of ping sockets for everybody. Execute the below command to enable creation of ping sockets for all possible user groups. The integers provided to ping_group_range defines the range of user groups that are permited to create ping sockets, were 2147483647 (the max of a signed int 2^31) is the max group identifier (GID).
+#### Other OS Permissions
 
-```sh
-$ sudo sysctl -w net.ipv4.ping_group_range="0 2147483647"
-```
-
-Reference [`man 7 icmp`][man 7 icmp] for more information about ICMP echo
-sockets and the `ping_group_range` setting.
-
-[man 7 icmp]: http://man7.org/linux/man-pages/man7/icmp.7.html
+When using `method = "native"`, you will need permissions similar to the executable ping program for your OS. 
 
 ### Metrics
 

diff --git a/plugins/inputs/ping/ping.go b/plugins/inputs/ping/ping.go
@@ -166,10 +166,7 @@ func (p *Ping) nativePing(destination string) (*pingStats, error) {
 		return nil, fmt.Errorf("failed to create new pinger: %w", err)
 	}
 
-	// Required for windows. Despite the method name, this should work without the need to elevate privileges and has been tested on Windows 10
-	if runtime.GOOS == "windows" {
-		pinger.SetPrivileged(true)
-	}
+	pinger.SetPrivileged(true)
 
 	if p.IPv6 {
 		pinger.SetNetwork("ip6")
@@ -193,7 +190,14 @@ func (p *Ping) nativePing(destination string) (*pingStats, error) {
 	pinger.Count = p.Count
 	err = pinger.Run()
 	if err != nil {
-		return nil, fmt.Errorf("failed to run pinger: %w", err)
+		if strings.Contains(err.Error(), "operation not permitted") {
+			if runtime.GOOS == "linux" {
+				return nil, fmt.Errorf("permission changes required, enable CAP_NET_RAW capabilities (refer to the ping plugin's README.md for more info)")
+			}
+
+			return nil, fmt.Errorf("permission changes required, refer to the ping plugin's README.md for more info")
+		}
+		return nil, fmt.Errorf("%w", err)
 	}
 
 	ps.Statistics = *pinger.Statistics()