diff options
| author | Florian Westphal <fw@strlen.de> | 2020-12-15 14:53:00 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2020-12-17 12:23:15 +0100 |
| commit | b031cd2102d9bc2b6ce20a880068022fac9e2d87 (patch) | |
| tree | a7283917eb44a94dff96cb54dc0bbb875f43bca2 /tests | |
| parent | 592bb1686053cdb5cacdb1d6266d64ce976d7bf7 (diff) | |
conntrack: pretty-print the portid
DESTROY events already include the portid. Add some /proc glue
to lookup the portid.
Problem is that there is no direct mapping to a name.
Lookup steps are:
1. Obtain the portid inode from /proc/net/netlink.
If we can't even find that, no luck.
2. assume portid == pid and search
/proc/portid/fd/ for a socket with matching inode.
This is modeled on iproute2 ss tool.
If /proc/portid/fd/ comes up empty, entire process space
(/proc/*/fd) is searched for a matching inode.
As this is quite some work, cache the last portid result (including
'not found', so that 'conntrack -F' generating 10000k events will do
this lookup only once.
The lookup won't work in case the deleting/flushing program has already
exited; in that case [USERSPACE] tag and portid are still included.
Example:
$ conntrack -E -o userspace
[DESTROY] tcp 6 src=192... dst=192... sport=4404 dport=22 ... [USERSPACE] portid=5146 progname=conntrack
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests')
0 files changed, 0 insertions, 0 deletions