feat: Discover docker ports as well

Browse source

If processes are running in a container then the fwd process
can't read their internal FDs without the CAP_SYS_ADMIN property
which is equivalent to sudo. Even with sudo, I think you need to do
a lot of work to be able to read them -- spawning a process within
the cgroup, doing work there, and then communicating back.

This just uses the docker api to populate some default ports, which
later get overwritten if fwd can find a native process.

The Docker port scan takes about 1.5ms, and the full port scan takes
40+ms, so this adds basically no overhead.

...

This commit is contained in:

Brandon W Maister 2024-07-31 10:27:30 -04:00 • committed by John Doty

parent 66da323481

commit 6c10d8eece

4 changed files with 707 additions and 103 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download patch file Download diff file Expand all files Collapse all files

747

Cargo.lock generated

View file

File diff suppressed because it is too large Load diff