Reading network connections for processes in a separate net namespaces from /proc/[pid]/net/tcp|tcp6
dariusz ostolski
dariusz.ostolski at gmail.com
Fri Jan 22 03:34:52 EST 2016
Hello,
My name is Darek Ostolski, I'm computer enthusiast and hobbyst (also a
developer).
If this is incorrect mailing list excuse me and please point to
the appropriate place to ask this kind of question. I couldn't find
any other more
appropriate place.
I have a process that is in the separate net namespace (basically a
container) and I want to check opened connections for that process. I
have a kernel 4.3.3.
My experiments showed that this information is available in
/proc/[pid]/net/tcp|tcp6 files. For example for a global
/proc/net/tcp6 shows following opened ports:
root at host:~# cat /proc/net/tcp6
sl local_address remote_address
st tx_queue rx_queue tr tm->when retrnsmt uid timeout
inode
0: 00000000000000000000000000000000:01BD
00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
00000000 0 0 22882 1 ffff88040de7b240 100 0 0 10 0
1: 00000000000000000000000000000000:008B
00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
00000000 0 0 22883 1 ffff88040de7a9c0 100 0 0 10 0
2: 00000000000000000000000000000000:0050
00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
00000000 0 0 1214363 1 ffff880077ed9340 100 0 0 10 0
3: 00000000000000000000000000000000:0016
00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
00000000 0 0 21933 1 ffff880400a33140 100 0 0 10 0
4: 00000000000000000000000000000000:445C
00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
00000000 1000 0 29904 1 ffff880400a32040 100 0 0 10 0
And for a process running in container I have:
root at host:~# cat /proc/30518/net/tcp6
sl local_address remote_address
st tx_queue rx_queue tr tm->when retrnsmt uid timeout
inode
0: 0000000000000000FFFF00000100007F:1F45
00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
00000000 0 0 1211206 1 ffff880364fcb380 100 0 0 10 0
1: 00000000000000000000000000000000:1F49
00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
00000000 0 0 1215425 1 ffff8802befd0200 100 0 0 10 0
2: 00000000000000000000000000000000:1F90
00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
00000000 0 0 1215421 1 ffff880077ed8240 100 0 0 10 0
So I see that there are opened ports that are not visible on host
level but are visible at a container level for example 1F90 -> which
is basically 8080.
I'd like to ask following questions:
1. Where can I find documentation for /proc/[pid]/net/tcp|tcp6 files?
All I could find was documentation about global file(i.e.
/proc/net/tcp|tcp6) and there is no information about network
namespaces at all (google, stackoverflow, man pages, kernel docs)
2. Could You confirm that in these files I'll see all connections that
are specific for a given process even if this process is in separate
network namespace? (so I dont have to enter target net/pid namespace
to read their global /proc/net/tcp|tcp6 files)
3. I've grep kernel source code and tried to find where
/proc/[pid]/net/tcp|tcp6 files are created but I couldn't (I've found
functions for global files, maybe they are the same). I'd like to
check when these files where introduced (from what kernel version they
are available) and if I can confirm my findings directly from kernel
sources (that I'll see connections from separate net namespace without
actually entering that namespace). This is source code that I've found:
http://lxr.free-electrons.com/source/net/ipv4/tcp_ipv4.c?v=4.3#L2261
But as I wrote I don't know how it is related to to files from
/proc/[pid]/net/tcp|tcp6
Thank You in advance for your help.
--
Regards,
Darek
More information about the Kernelnewbies
mailing list