Tarnay Kálmán's questions

Linux namespaces allow one to have different mounts for different namespaces. How can I list all mounts of all namespaces?

I have found /proc/*/ns/mnt, but I am not sure what to do with those.

I wanted to try libvirtd with virt-manager (I wanted to test migration.) on a virtual machine (without nested virtualization support enabled, so no kvm...), and I expected it to work (and use full emulation, qemu), but instead i receive the following error:

The qemu package is installed. Target is Ubuntu 14.04.2 LTS.

Is this not a supported scenario?

I have noticed that there is docker-proxy process running for each published port. What is the purpose of this process? Why is a user space tcp proxy needed for this?

$ ps -Af | grep proxy
root      4776  1987  0 01:25 ?        00:00:00 docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 22222 -container-ip 172.17.0.2 -container-port 22
root      4829  1987  0 01:25 ?        00:00:00 docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 5555 -container-ip 172.17.0.3 -container-port 5555

and some related iptable rules created by docker:

$ sudo iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 1 packets, 263 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 1 packets, 263 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1748 packets, 139K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   32  7200 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 1719 packets, 132K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   32  7200 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  !docker0 *       0.0.0.0/0            127.0.0.1            tcp dpt:22222 to:172.17.0.2:22
    0     0 DNAT       tcp  --  !docker0 *       0.0.0.0/0            127.0.0.1            tcp dpt:5555 to:172.17.0.3:5555

I am trying to capture about 15 Mbit of traffic on the loopback device on Ubuntu LTS using tcpdump, and I am seeing dropped packets.

The CPU is a freaking i7, and i have yet to see CPU usage go above 15% during the measurements i am trying to run. Load is negligible...

The capture is written to a file using -w.

I have tried the following (as suggested here: https://stackoverflow.com/a/7018039/55267 ):

• Set /proc/sys/net/core/netdev_max_backlog and /proc/sys/net/core/netdev_budget to arbitarily high values. No effect.
• -nn No effect
• Tried changing txqueuelen of lo. No effect.
• Tried using gulp. No effect.
  • gulp instructed me to:
    • echo 4194304 > /proc/sys/net/core/rmem_max
    • echo 4194304 > /proc/sys/net/core/rmem_default
    • No effect....

Is there something special about the loopback device in regard to lossless captures? How can I do a lossless capture on lo?

Let's say I have a server and a bunch of developers working on different sites(php and django) and I don't want the different developers to access each other's sites.

How should I go about implementing such a solution? (some pointers will do)