feat(container): add container name resolution for Docker/Podman#46
Merged
jpr5 merged 11 commits intojpr5:masterfrom Feb 7, 2026
Merged
feat(container): add container name resolution for Docker/Podman#46jpr5 merged 11 commits intojpr5:masterfrom
jpr5 merged 11 commits intojpr5:masterfrom
Conversation
Add container name resolution to display container names alongside IP addresses when capturing traffic from Docker or Podman containers. Features: - Real-time container tracking via Docker socket events API - Fallback to CLI polling with 30-second TTL when socket unavailable - Support for both Docker and Podman runtimes - IP address formatted as "container_name(ip_address)" - Command injection prevention via container ID validation Build system: - New configure flag: --enable-container-resolution (default off) - Adds container-resolution.o to EXTRA_OBJS when enabled Must be enabled at compile-time with --enable-container-resolution. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Owner
|
Heyyyyy, you finally did it! Or, your AI did, rather. 😉 Thanks for this! One request: can you resolve any conflicts for me, to merge cleanly so I can test it? Thank you! 🙏 @Horkyze |
Owner
|
I'm also wondering, could you write up an additional scenario in |
Covers microservice debugging, compose stack HTTP monitoring, per-container BPF filtering, and inter-container DNS resolution.
add_container_by_id() (the socket event path) validates container IDs via is_valid_container_id() before passing them to popen(), but discover_containers_for_runtime() (the CLI polling path) does not. Add the same validation check to the CLI path to prevent potential command injection via crafted docker ps output.
Container names from Docker/Podman are printed directly to the terminal without sanitization. While Docker restricts names to safe characters, Podman may differ and crafted CLI output could contain ANSI escape sequences that affect terminal behavior. Add sanitize_container_name() that replaces characters outside [a-zA-Z0-9_.-] with underscores. Applied in both the CLI discovery path and the socket event path on cache insertion.
After ngrep drops privileges to an unprivileged user, CLI-based container polling (docker ps / podman ps) silently fails because the user lacks access. The cache goes stale with no indication. Track whether init succeeded initially, and if a subsequent refresh finds zero containers, disable further polling attempts and warn the user. The pre-drop cache continues serving lookups until entries expire naturally.
Flip the --enable-container-resolution default from off to on. Users can still opt out with --disable-container-resolution at build time. The feature has no external library dependencies and compiles cleanly on all platforms.
Replace the compile-time-only activation model with a runtime flag. Container resolution is now compiled in by default but only activates when -r is passed on the command line. Zero overhead when not used. The compile-time guard (USE_CONTAINER_RESOLUTION) remains so users can still --disable-container-resolution at build time. Also adds container-resolution.c to the Windows CMake build and documents -r in the manpage.
The original code only tried two hardcoded socket paths (/var/run/docker.sock and /run/podman/podman.sock), missing common configurations on macOS and rootless Podman setups. New discovery order: 1. $DOCKER_HOST (unix:// prefix; returns early for tcp://) 2. /var/run/docker.sock (Linux/BSD standard) 3. $HOME/.docker/run/docker.sock (macOS Docker Desktop) 4. /run/podman/podman.sock (Linux rootful Podman) 5. $XDG_RUNTIME_DIR/podman/podman.sock (rootless Podman) $DOCKER_HOST is only used for socket connect(), never interpolated into popen() commands (the docker CLI reads it from the environment).
Container resolution is now activated with -r at runtime instead of requiring a special configure flag at build time. Update all examples and intro text to reflect this.
MSVC uses _popen/_pclose instead of the POSIX popen/pclose. Without these defines, the Windows build fails with unresolved external symbol errors for both functions.
Owner
|
@Horkyze Well buddy, it's in. Thanks again. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add container name resolution to display container names alongside IP addresses when capturing traffic from Docker or Podman containers.
Features:
Build system:
Must be enabled at compile-time with --enable-container-resolution.