Scan /proc/net/{tcp,udp} for host network driver port bindings #7746
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Nino-K
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
Can you fix the spelling errors (by adding the words to the dictionary)? That should re-trigger the actions... |
Nino-K
force-pushed
the
procnet-scanning-guest-agent
branch
2 times, most recently
from
d621770
to
b2aa16f
Compare
This introduces a scanner that monitors entries in /proc/net/{tcp,udp}.
When using the host network driver (--net=host) in Docker or containerd,
some port bindings are not exposed through the API. However, these bindings
are still visible in /proc/net because the container shares the host network
namespace.
The procnet scanner scans the corresponding files every 3 seconds and if
a new entry is found or removed it calls the host switch API to expose
and unexpose accordingly.
Signed-off-by: Nino Kodabande <[email protected]>
Nino-K
force-pushed
the
procnet-scanning-guest-agent
branch
from
b2aa16f
to
348ef33
Compare
Nino-K
force-pushed
the
procnet-scanning-guest-agent
branch
from
bc3af5b
to
a615fb7
Compare
Nino-K
force-pushed
the
procnet-scanning-guest-agent
branch
from
a615fb7
to
473f1e2
Compare
Signed-off-by: Nino Kodabande <[email protected]>
Added scanner_stub to accomodate for non-linux build Signed-off-by: Nino Kodabande <[email protected]>
Bats test asserts on both scenarios: - Binding a process port to 0.0.0.0 - Binding a process port to 127.0.0.1 Signed-off-by: Nino Kodabande <[email protected]>
Nino-K
force-pushed
the
procnet-scanning-guest-agent
branch
from
473f1e2
to
665adb2
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This introduces a scanner that monitors entries in
/proc/net/{tcp,udp}. When using the host network driver (--net=host) in Docker or containerd, some port bindings are not exposed through the API. However, these bindings are still visible in/proc/netbecause the container shares the host network namespace.The procnet scanner scans the corresponding files every 3 seconds and if a new entry is found or removed it calls the host switch API to expose and unexpose accordingly.
Fixes: #7378