github.com/inspektor-gadget/inspektor-gadget@v0.28.1/docs/builtin-gadgets/trace/bind.md

github.com/inspektor-gadget/inspektor-gadget@v0.28.1/docs/builtin-gadgets/trace/bind.md (about)

     1  ---
     2  title: 'Using trace bind'
     3  weight: 20
     4  description: >
     5    Trace the kernel functions performing socket binding.
     6  ---
     7  
     8  ![Screencast of the trace bind gadget](bind.gif)
     9  
    10  The trace bind gadget is used to stream socket binding syscalls.
    11  
    12  ### On Kubernetes
    13  
    14  First, we need to create one pod for us to play with:
    15  
    16  ```bash
    17  $ kubectl run test-pod --image busybox:latest sleep inf
    18  ```
    19  
    20  You can now use the gadget, but output will be empty:
    21  
    22  ```bash
    23  $ kubectl gadget trace bind
    24  K8S.NODE         K8S.NAMESPACE    K8S.POD          K8S.CONTAINER    PID    COMM             PROTO  ADDR             PORT   OPTS   IF
    25  ```
    26  
    27  Indeed, it is waiting for socket binding to occur.
    28  So, in *another terminal*, `exec` the container and use `nc`:
    29  
    30  ```bash
    31  $ kubectl exec -ti test-pod -- nc -l -p 4242 -w 1
    32  nc: timeout
    33  command terminated with exit code 1
    34  ```
    35  
    36  Go back to *the first terminal* and see:
    37  
    38  ```
    39  K8S.NODE         K8S.NAMESPACE    K8S.POD          K8S.CONTAINER    PID    COMM             PROTO  ADDR             PORT   OPTS   IF
    40  minikube         default          test-pod         test-pod         58208  nc               IP     ::               4242   .R...  0
    41  ```
    42  
    43  This line corresponds to the socket binding operation initiated by `nc`.
    44  
    45  #### Clean everything
    46  
    47  Congratulations! You reached the end of this guide!
    48  You can now delete the pod you created:
    49  
    50  ```bash
    51  $ kubectl delete pod test-pod
    52  pod "test-pod" deleted
    53  ```
    54  
    55  ### With `ig`
    56  
    57  Start the gadget first
    58  
    59  ```bash
    60  $ sudo ig trace bind -c test-trace-bind
    61  K8S.CONTAINER    PID     COMM             PROTO  ADDR             PORT    OPTS    IF
    62  ```
    63  
    64  In another terminal, run a container that performs a bind operation
    65  
    66  ```bash
    67  $ docker run -it --rm --name test-trace-bind busybox /bin/sh -c "nc -l -p 4242"
    68  ```
    69  
    70  The gadget will print the event on the first terminal:
    71  
    72  ```bash
    73  $ sudo ig trace bind -c test-trace-bind
    74  K8S.CONTAINER    PID     COMM             PROTO  ADDR             PORT    OPTS    IF
    75  test-trace-bind  380299  nc               TCP    ::               4242    .R...   0
    76  ```
    77  
    78  ### Restricting output to certain PID, ports or succeeded and failed port bindings
    79  
    80  With the following options, you can restrict the output:
    81  
    82  * `--pid` only prints events where socket binding is done by the given PID.
    83  * `-P/--ports` only prints events where these ports are used for socket bindings.
    84  * `-i/--ignore-errors` only prints events where the bind succeeded.
    85  
    86  So, this command will print all (*i.e.* succeeded and failed) attempts to bind a socket on port 4242 or 4343 by PID 42:
    87  
    88  ```bash
    89  $ kubectl gadget trace bind -i=false --pid 42 -P=4242,4343
    90  
    91  $ sudo ig trace bind -i=false --pid 42 -P=4242,4343
    92  ```