From 8ebd85f76956f6620bc9c96a98a25bb6d8640543 Mon Sep 17 00:00:00 2001
From: Marc Sune <marcdevel@gmail.com>
Date: Tue, 27 Aug 2024 21:43:19 +0200
Subject: [PATCH] docker|ci: N_ATTEMPTS, RETRY_DELAY, IFACES params

Expose the following ENV variables as optional params tot the
container:

* `N_ATTEMPTS`: number of attempts on loading the BPF program on an
                interface. Default 6.
* `RETRY_DELAY`: delay between attemps. Default: 3
* `IFACES`: interfaces to load the BPF program. Default: "" (all).
---
 .github/workflows/ci.yaml | 12 ++++++++++++
 docker/entrypoint.sh      | 23 +++++++++++++++++++----
 2 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 5d871fd..d60472f 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -113,6 +113,18 @@ jobs:
           grep "Compiling sfunnel with custom ruleset" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
           grep "$RULE" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
 
+      - name: "[TEST] Run container with custom params ..."
+        run: |
+          set -o pipefail
+          docker run -e N_ATTEMPTS=7 -e RETRY_DELAY=3 -e IFACES="lo" --privileged sfunnel:latest 2>&1 | tee output
+          if [ ${PIPESTATUS[0]} -ne 0 ]; then
+            echo "ERROR: container execution FAILED!"
+            exit 1
+          fi
+          grep "\$N_ATTEMPTS='7'" output || (echo "ERROR: unable to validate it loads params (N_ATTEMPTS)" && exit 1)
+          grep "\$RETRY_DELAY='3'" output || (echo "ERROR: unable to validate it loads params (RETRY_DELAY)" && exit 1)
+          grep "\$IFACES='lo'" output || (echo "ERROR: unable to validate it loads params (IFACES)" && exit 1)
+
       - name: "Push to ghcr"
         run: |
           if [[ "${EXACT_TAG}" != "" ]]; then
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 5005e48..78b0f8e 100644
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -3,8 +3,13 @@
 set -e
 #set -x
 
-N_ATTEMPTS=5
-RETRY_DELAY=5
+#Env variables
+N_ATTEMPTS=${N_ATTEMPTS:-6}
+RETRY_DELAY=${RETRY_DELAY:-3}
+
+_IFACES=$(ls /sys/class/net | tr "\n" " " | sed 's/\s*$//g')
+IFACES=${IFACES:-$_IFACES}
+
 PROG=/opt/sfunnel/src/tc_sfunnel.o
 
 #Compile eBPF program only if rulesset are defined at load time
@@ -21,7 +26,18 @@ load_prog(){
 	tc filter add dev $2 ingress bpf da obj $1 sec funnel verbose
 }
 
-###
+# Splash and useful info
+echo "[INFO] sfunnel "
+echo "[INFO] ENVs:"
+echo "  \$N_ATTEMPTS='$N_ATTEMPTS'"
+echo "  \$RETRY_DELAY='$RETRY_DELAY'"
+echo "  \$IFACES='$IFACES'"
+echo "[INFO] Container info:"
+echo "  Kernel: $(uname -a)"
+echo "  Debian: $(cat /etc/debian_version)"
+echo "  python3: $(python3 --version)"
+echo "  clang: $(clang --version)"
+echo "  iproute2: $(ip -V)"
 
 #If SFUNNEL_RULESET is defined, create the file
 if [[ "$SFUNNEL_RULESET" != "" ]]; then
@@ -44,7 +60,6 @@ else
 fi
 
 #Load
-IFACES=$(ls /sys/class/net | tr "\n" " " | sed 's/\s*$//g')
 
 echo ""
 echo -e "[INFO] Attaching BPF program '$PROG' to IFACES={$IFACES} using clsact qdisc...\n"