trace_bind
The trace_bind gadget is used to stream socket binding syscalls.
Getting started
Running the gadget:
- kubectl gadget
- ig
$ kubectl gadget run ghcr.io/inspektor-gadget/gadget/trace_bind:latest [flags]
$ sudo ig run ghcr.io/inspektor-gadget/gadget/trace_bind:latest [flags]
Flags
--ignore-errors
Show only events where the bind succeeded
Default value: "true"
--pid
Show only bind events generated by this particular PID
Default value: ""
Guide
First, we need to run an application that generates some events.
- kubectl gadget
- ig
$ kubectl run --restart=Never --image=busybox mypod -- sh -c 'while /bin/true ; do nc -l -p 4242 -w 1 ; sleep 3 ; done'
pod/mypod created
$ docker run --name test-trace-bind -d busybox /bin/sh -c 'while /bin/true ; do nc -l -p 4242 -w 1 ; sleep 3 ; done'
Then, let's run the gadget:
- kubectl gadget
- ig
$ kubectl gadget run trace_bind:latest --podname mypod
K8S.NODE K8S.NAMESPACE K8S.PODNAME K8S.CONTAINERNAME ADDR COMM PID TID UID GID BOUND_… ERROR
minikube-docker default mypod mypod :::4242 nc 635160 635160 0 0 0
minikube-docker default mypod mypod :::4242 nc 635213 635213 0 0 0
minikube-docker default mypod mypod :::4242 nc 635233 635233 0 0 0
minikube-docker default mypod mypod :::4242 nc 635301 635301 0 0 0
$ sudo ig run trace_bind:latest --containername test-trace-bind
WARN[0000] Ignoring runtime "cri-o" with non-existent socketPath "/run/crio/crio.sock"
RUNTIME.CONTAINERNAME ADDR COMM PID TID UID GID BOUND_DEV_… ERROR
test-trace-bind :::4242 nc 647422 647422 0 0 0
test-trace-bind :::4242 nc 647472 647472 0 0 0
^C
These lines correspond to the socket binding operation initiated by nc.
We can stop the gadget by hitting Ctrl-C.
Finally, clean the system:
- kubectl gadget
- ig
$ kubectl delete pod mypod
$ docker rm -f test-trace-bind