Reading network connections for processes in a separate net namespaces from /proc/[pid]/net/tcp|tcp6

Rami Rosen roszenrami at gmail.com
Fri Jan 22 04:21:59 EST 2016 

Hi,Darek,

>I've found
>functions for global files, maybe they are the same). I'd like to
>check when these files where introduced (from what kernel version they
>are available)

Support for kernel network namesapces was added with kernel 2.6.29.
It is basically based on adding an object called "net_ns" to the
process descriptor, and instance of struct net, which represents a
network namesapce. You can think of such object as representing the
network state of a process, including all stats, sockets, devices,
tables, and so on. This net_ns is a member of an object called
nsproxy, which includes pointers to 4 other namesapces (uts, mnt, pid
and ipc).


>and there is no information about network
>namespaces at all (google, stackoverflow, man pages, kernel docs)

This is not really so. Look for example in the following:

Namespaces and Cgroups – the basis of Linux Containers by Rami Rosen

http://files.meetup.com/18720713/Namespaces_Cgroups_Conatiners.pdf

"Resource management: Linux kernel Namespaces and cgroups by Rami Rosen
http://www.haifux.org/lectures/299/netLec7.pdf

Namespaces in operation, part 7: Network namespaces by Jake Edge
https://lwn.net/Articles/580893/

Introduction to Network Namepaces - David Mahler
https://www.youtube.com/watch?v=_WgUwUf1d34

(Shamless plug, I am the owner of the first two links...)

Hope this helps,

Regards,
Rami Rosen
http://ramirose.wix.com/ramirosen



On 22 January 2016 at 10:34, dariusz ostolski
<dariusz.ostolski at gmail.com> wrote:
> Hello,
>
> My name is Darek Ostolski, I'm computer enthusiast and hobbyst (also a
> developer).
> If this is incorrect mailing list excuse me and please point to
> the appropriate place to ask this kind of question. I couldn't find
> any other more
> appropriate place.
>
> I have a process that is in the separate net namespace (basically a
> container) and I want to check opened connections for that process. I
> have a kernel 4.3.3.
> My experiments showed that this information is available in
> /proc/[pid]/net/tcp|tcp6 files. For example for a global
> /proc/net/tcp6 shows following opened ports:
>
> root at host:~# cat /proc/net/tcp6
>   sl  local_address                         remote_address
>            st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout
> inode
>    0: 00000000000000000000000000000000:01BD
> 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
> 00000000     0        0 22882 1 ffff88040de7b240 100 0 0 10 0
>    1: 00000000000000000000000000000000:008B
> 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
> 00000000     0        0 22883 1 ffff88040de7a9c0 100 0 0 10 0
>    2: 00000000000000000000000000000000:0050
> 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
> 00000000     0        0 1214363 1 ffff880077ed9340 100 0 0 10 0
>    3: 00000000000000000000000000000000:0016
> 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
> 00000000     0        0 21933 1 ffff880400a33140 100 0 0 10 0
>    4: 00000000000000000000000000000000:445C
> 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
> 00000000  1000        0 29904 1 ffff880400a32040 100 0 0 10 0
>
> And for a process running in container I have:
> root at host:~# cat /proc/30518/net/tcp6
>   sl  local_address                         remote_address
>            st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout
> inode
>    0: 0000000000000000FFFF00000100007F:1F45
> 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
> 00000000     0        0 1211206 1 ffff880364fcb380 100 0 0 10 0
>    1: 00000000000000000000000000000000:1F49
> 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
> 00000000     0        0 1215425 1 ffff8802befd0200 100 0 0 10 0
>    2: 00000000000000000000000000000000:1F90
> 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000
> 00000000     0        0 1215421 1 ffff880077ed8240 100 0 0 10 0
>
>
> So I see that there are opened ports that are not visible on host
> level but are visible at a container level for example 1F90 -> which
> is basically 8080.
>
>
> I'd like to ask following questions:
> 1. Where can I find documentation for /proc/[pid]/net/tcp|tcp6 files?
> All I could find was documentation about global file(i.e.
> /proc/net/tcp|tcp6) and there is no information about network
> namespaces at all (google, stackoverflow, man pages, kernel docs)
> 2. Could You confirm that in these files I'll see all connections that
> are specific for a given process even if this process is in separate
> network namespace? (so I dont have to enter target net/pid namespace
> to read their global /proc/net/tcp|tcp6 files)
> 3. I've grep kernel source code and tried to find where
> /proc/[pid]/net/tcp|tcp6 files are created but I couldn't (I've found
> functions for global files, maybe they are the same). I'd like to
> check when these files where introduced (from what kernel version they
> are available) and if I can confirm my findings directly from kernel
> sources (that I'll see connections from separate net namespace without
> actually entering that namespace). This is source code that I've found:
> http://lxr.free-electrons.com/source/net/ipv4/tcp_ipv4.c?v=4.3#L2261
>
> But as I wrote I don't know how it is related to to files from
> /proc/[pid]/net/tcp|tcp6
>
>
> Thank You in advance for your help.
>
> --
> Regards,
> Darek
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

More information about the Kernelnewbies mailing list