| title | weight | description |
|---|---|---|
Using trace bind |
20 |
Trace the kernel functions performing socket binding.
|
The trace bind gadget is used to stream socket binding syscalls.
First, we need to create one pod for us to play with:
$ kubectl run test-pod --image busybox:latest sleep infYou can now use the gadget, but output will be empty:
$ kubectl gadget trace bind
K8S.NODE K8S.NAMESPACE K8S.POD K8S.CONTAINER PID COMM PROTO ADDR PORT OPTS IFIndeed, it is waiting for socket binding to occur.
So, in another terminal, exec the container and use nc:
$ kubectl exec -ti test-pod -- nc -l -p 4242 -w 1
nc: timeout
command terminated with exit code 1Go back to the first terminal and see:
K8S.NODE K8S.NAMESPACE K8S.POD K8S.CONTAINER PID COMM PROTO ADDR PORT OPTS IF
minikube default test-pod test-pod 58208 nc IP :: 4242 .R... 0
This line corresponds to the socket binding operation initiated by nc.
Congratulations! You reached the end of this guide! You can now delete the pod you created:
$ kubectl delete pod test-pod
pod "test-pod" deletedStart the gadget first
$ sudo ig trace bind -c test-trace-bind
K8S.CONTAINER PID COMM PROTO ADDR PORT OPTS IFIn another terminal, run a container that performs a bind operation
$ docker run -it --rm --name test-trace-bind busybox /bin/sh -c "nc -l -p 4242"The gadget will print the event on the first terminal:
$ sudo ig trace bind -c test-trace-bind
K8S.CONTAINER PID COMM PROTO ADDR PORT OPTS IF
test-trace-bind 380299 nc TCP :: 4242 .R... 0With the following options, you can restrict the output:
--pidonly prints events where socket binding is done by the given PID.-P/--portsonly prints events where these ports are used for socket bindings.-i/--ignore-errorsonly prints events where the bind succeeded.
So, this command will print all (i.e. succeeded and failed) attempts to bind a socket on port 4242 or 4343 by PID 42:
$ kubectl gadget trace bind -i=false --pid 42 -P=4242,4343
$ sudo ig trace bind -i=false --pid 42 -P=4242,4343