[supervisor] Show process that serves port

[csweichel]

At the moment we scan /proc/net/tcp{6} to detect which ports are being used/served in a workspace. While this works reliably, it has the major downside that we cannot tell wich process serves this port - information that would be handy to display. Also, because of the polling delay, there's a delay in port detection.

Possible solutions

seccomp-notify

User-namespaced workspaces make use of seccomp-notify. We could get notifications on accept, and use the sockfd to get more information about the socket (which port, which address). workspacekit would then provide a Unix socket on which we serve port status information (either re-using supervisor's StatusService or coming up with our own).

Alternatively, workspacekit could provide a file in a well-known location that offers port -> PID mappings, which we'd use to enhance the port information.

scanning /proc

To identify the process that's serving a port, we could also scan /proc and match the sockets inode with the process FD. With proper caching it's conceivable that this solution could come in at an acceptable CPU/performance cost.

[meysholdt]

To create the connection -> PID mapping, maybe https://github.com/raboof/nethogs can be of inspiration. It solves the problem to show traffic per process.

[akosyakov]

Should we close https://github.com/gitpod-io/gitpod/issues/3059 as a duplicate? Besides the process, it would be useful to see the currently running foreground command.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.