tc

datahangar · Aug 30, 2024 · e4661dd · e4661dd
1 parent 743074f
commit e4661dd
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 11 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -82,7 +82,7 @@ jobs:
             exit 1
           fi
 
-          grep "Using default ruleset" output || (echo "ERROR: unable to validate it loads default ruleset" && exit 1)
+          grep "Using the default ruleset" output || (echo "ERROR: unable to validate it loads default ruleset" && exit 1)
 
       - name: "[TEST] Run container with custom ruleset file..."
         run: |
@@ -96,7 +96,8 @@ jobs:
             exit 1
           fi
 
-          grep "Compiling sfunnel with custom ruleset" output || (echo "ERROR: unable to validate it loads custom file ruleset" && exit 1)
+          grep "Using a custom ruleset" output || (echo "ERROR: unable to validate it loads custom file ruleset" && exit 1)
+          grep "Recompiling sfunnel BPF program" output || (echo "ERROR: unable to validate it loads custom file ruleset" && exit 1)
           grep "$RULE" output || (echo "ERROR: unable to validate it loads custom file ruleset" && exit 1)
 
       - name: "[TEST] Run container with custom ruleset via SFUNNEL_RULESET..."
@@ -111,20 +112,41 @@ jobs:
           fi
 
           grep "SFUNNEL_RULESET='$RULE'" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
-          grep "Compiling sfunnel with custom ruleset" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
+          grep "Using a custom ruleset" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
+          grep "Recompiling sfunnel BPF program" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
           grep "$RULE" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
 
       - name: "[TEST] Run container with custom params ..."
         run: |
           set -o pipefail
-          docker run -e N_ATTEMPTS=7 -e RETRY_DELAY=3 -e IFACES="lo" --privileged sfunnel:latest 2>&1 | tee output
+          docker run -e N_ATTEMPTS=7 -e RETRY_DELAY=3 -e IFACES="lo" -e DEBUG=1 --privileged sfunnel:latest 2>&1 | tee output
           if [ ${PIPESTATUS[0]} -ne 0 ]; then
             echo "ERROR: container execution FAILED!"
             exit 1
           fi
+          grep "\$DEBUG='1'" output || (echo "ERROR: unable to validate it loads params (DEBUG)" && exit 1)
+          grep "DDEBUG='1'" output || (echo "ERROR: unable to validate it loads params (DEBUG)" && exit 1)
           grep "\$N_ATTEMPTS='7'" output || (echo "ERROR: unable to validate it loads params (N_ATTEMPTS)" && exit 1)
           grep "\$RETRY_DELAY='3'" output || (echo "ERROR: unable to validate it loads params (RETRY_DELAY)" && exit 1)
           grep "\$IFACES='lo'" output || (echo "ERROR: unable to validate it loads params (IFACES)" && exit 1)
+          #Must recompile due to DEBUG=1
+          grep "Recompiling sfunnel BPF program" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
+
+      - name: "[TEST] Run container with DEBUG=1 and custom ruleset ..."
+        run: |
+          RULE="ip saddr 127.0.0.1 udp dport 80 actions unfunnel udp"
+          set -o pipefail
+          docker run --privileged -e DEBUG=1 -v `pwd`/ruleset:/opt/sfunnel/src/ruleset sfunnel:latest 2>&1 | tee output
+          if [ ${PIPESTATUS[0]} -ne 0 ]; then
+            echo "ERROR: container execution FAILED!"
+            exit 1
+          fi
+
+          grep "\$DEBUG='1'" output || (echo "ERROR: unable to validate it loads custom file ruleset DEBUG=1" && exit 1)
+          grep "DDEBUG='1'" output || (echo "ERROR: unable to validate it loads custom file ruleset DEBUG=1" && exit 1)
+          grep "Using a custom ruleset" output || (echo "ERROR: unable to validate it loads custom file ruleset DEBUG=1" && exit 1)
+          grep "Recompiling sfunnel BPF program" output || (echo "ERROR: unable to validate it loads custom file ruleset DEBUG=1" && exit 1)
+          grep "$RULE" output || (echo "ERROR: unable to validate it loads custom file ruleset DEBUG=1" && exit 1)
 
       - name: "Push to ghcr"
         run: |

diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -4,6 +4,7 @@ set -e
 #set -x
 
 #Env variables
+DEBUG=${DEBUG:-0}
 N_ATTEMPTS=${N_ATTEMPTS:-6}
 RETRY_DELAY=${RETRY_DELAY:-3}
 
@@ -16,7 +17,7 @@ PROG=/opt/sfunnel/src/tc_sfunnel.o
 #either via file or ENV
 compile(){
 	cd /opt/sfunnel/src
-	make
+	DEBUG=${DEBUG} make
 }
 
 #$1: PROG
@@ -29,6 +30,7 @@ load_prog(){
 # Splash and useful info
 echo "[INFO] sfunnel $(cat /opt/sfunnel/VERSION)"
 echo "[INFO] ENVs:"
+echo "  \$DEBUG='$DEBUG'"
 echo "  \$N_ATTEMPTS='$N_ATTEMPTS'"
 echo "  \$RETRY_DELAY='$RETRY_DELAY'"
 echo "  \$IFACES='$IFACES'"
@@ -45,22 +47,27 @@ if [[ "$SFUNNEL_RULESET" != "" ]]; then
 	echo $SFUNNEL_RULESET > /opt/sfunnel/src/ruleset
 fi
 
-#Compile sfunnel only if new ruleset is specified
-if test -f /opt/sfunnel/src/ruleset; then
-	echo "[INFO] Compiling sfunnel with custom ruleset..."
+#Log the ruleset that will be used
+if [[ -f /opt/sfunnel/src/ruleset ]]; then
+	echo "[INFO] Using a custom ruleset..."
 	echo "==="
 	cat /opt/sfunnel/src/ruleset
 	echo "==="
-	compile
 else
-	echo "[INFO] Using default ruleset..."
+	echo "[INFO] Using the default ruleset..."
 	echo "==="
 	cat /opt/sfunnel/src/ruleset.default
 	echo "==="
+	cp /opt/sfunnel/src/ruleset.default /opt/sfunnel/src/ruleset
 fi
 
-#Load
+#Compile sfunnel only if new ruleset or DEBUG=1
+if [[ "${DEBUG}" == "1" ]] || [[ -f /opt/sfunnel/src/ruleset ]]; then
+	echo "[INFO] Recompiling sfunnel BPF program..."
+	compile
+fi
 
+#Load
 echo ""
 echo -e "[INFO] Attaching BPF program '$PROG' to IFACES={$IFACES} using clsact qdisc...\n"
 for IFACE in $IFACES; do