feat(docker): support running with docker (#172)

* feat(docker): support running with docker * fix missing mount cgroup v2 root dir * fix ci
mozillazg · Oct 27, 2024 · cc7fcfc · cc7fcfc
1 parent 245b206
commit cc7fcfc
Show file tree

Hide file tree

Showing 10 changed files with 324 additions and 23 deletions.
diff --git a/.github/workflows/docker-latest-image.yml b/.github/workflows/docker-latest-image.yml
@@ -0,0 +1,103 @@
+name: docker-latest-image
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+      - 'docker-image'
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: quay.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: 'ptcpdump/ptcpdump'
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        with:
+          fetch-depth: '100'
+          fetch-tags: 'true'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+        with:
+          platforms: linux/amd64,linux/arm64
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_PASSWD }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: generate tag name
+        run: |
+          echo "TAG_NAME=$(git describe --always)" >> $GITHUB_ENV
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image (no latest tag)
+        id: build-and-push
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          # platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TAG_NAME }}'
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: test image
+        run: |
+          set -xe
+
+          IMAGE='${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TAG_NAME }}'
+          bash testdata/test_run_with_docker.sh ${IMAGE}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image (latest tag)
+        id: build-and-push-latest
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          # platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest'
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/.github/workflows/release-docker-image.yml b/.github/workflows/release-docker-image.yml
@@ -0,0 +1,80 @@
+name: docker-latest-image
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - v*
+
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: quay.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: 'ptcpdump/ptcpdump'
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        with:
+          fetch-depth: '100'
+          fetch-tags: 'true'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+        with:
+          platforms: linux/amd64,linux/arm64
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_PASSWD }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: generate tag name
+        run: |
+          echo TAG_NAME=${{ github.ref }} | sed 's/=v/=/' >> $GITHUB_ENV
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          # platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TAG_NAME }}'
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -34,6 +34,14 @@ jobs:
         name: ptcpdump
         path: ptcpdump
 
+  run-with-docker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+
+      - name: test running with docker
+        run: |
+            bash testdata/test_run_with_docker.sh "quay.io/ptcpdump/ptcpdump:latest"
 
   e2e-test:
     name: e2e-test

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,9 @@
+# .github/build.Dockerfile
+FROM quay.io/ptcpdump/develop:latest as build
+WORKDIR /app
+COPY . .
+RUN make build
+
+FROM busybox:latest
+WORKDIR /ptcpdump
+COPY --from=build /app/ptcpdump /usr/local/bin/
diff --git a/Makefile b/Makefile
@@ -28,7 +28,8 @@ CARCH ?= $(shell uname -m)
 LIBPCAP_ARCH = $(CARCH)-unknown-linux-gnu
 LIBPCAP_CC ?= gcc
 
-IMAGE_BUILD ?= quay.io/ptcpdump/develop:latest
+IMAGE_DEV ?= quay.io/ptcpdump/develop:latest
+IMAGE_BIN ?= quay.io/ptcpdump/ptcpdump:latest
 
 .PHONY: libpcap
 libpcap: $(LIBPCAP_OBJ)
@@ -76,12 +77,12 @@ build-bpf:
 
 .PHONY: build-bpf-via-docker
 build-bpf-via-docker:
-	docker run --rm -v `pwd`:/app quay.io/ptcpdump/develop:latest make build-bpf
+	docker run --rm -v `pwd`:/app $(IMAGE_DEV) make build-bpf
 
 
 .PHONY: build-via-docker
 build-via-docker:
-	docker run --rm -v `pwd`:/app quay.io/ptcpdump/develop:latest make build
+	docker run --rm -v `pwd`:/app $(IMAGE_DEV) make build
 
 
 .PHONY: lint

diff --git a/README.md b/README.md
@@ -18,15 +18,16 @@ Table of Contents
 
 * [Features](#features)
 * [Installation](#installation)
-   * [Requirements](#requirements)
+    * [Requirements](#requirements)
 * [Usage](#usage)
-   * [Example commands](#example-commands)
-   * [Example output](#example-output)
-   * [Flags](#flags)
+    * [Example commands](#example-commands)
+    * [Example output](#example-output)
+    * [Running with Docker](#running-with-docker)
+    * [Flags](#flags)
 * [Compare with tcpdump](#compare-with-tcpdump)
 * [Developing](#developing)
-   * [Dependencies](#dependencies)
-   * [Building](#building)
+    * [Dependencies](#dependencies)
+    * [Building](#building)
 
 
 ## Features
@@ -60,9 +61,10 @@ Linux kernel version >= 5.2.
 ### Example commands
 
 Filter like tcpdump:
+
 ```
 sudo ptcpdump -i eth0 tcp
-sudo ptcpdump -i eth0 -A -v tcp and port 80 and host 10.10.1.1
+sudo ptcpdump -i eth0 -A -s 0 -n -v tcp and port 80 and host 10.10.1.1
 sudo ptcpdump -i eth0 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0'
 ```
 
@@ -145,7 +147,7 @@ Accept: */*
 With `-x`:
 
 ```
-14:44:34.457504 ens33 curl.205562 IP 10.0.2.15.39984 > 139.178.84.217.80: Flags [P.], seq 2722472188:2722472262, ack 892036871, win 64240, length 74, ParentProc [bash.180205]
+14:44:34.457504 ens33 curl.205562 Out IP 10.0.2.15.39984 > 139.178.84.217.80: Flags [P.], seq 2722472188:2722472262, ack 892036871, win 64240, length 74, ParentProc [bash.180205]
         0x0000:  4500 0072 de2c 4000 4006 6fbf 0a00 020f
         0x0010:  8bb2 54d9 9c30 0050 a245 a0fc 352b 6707
         0x0020:  5018 faf0 ecfe 0000 4745 5420 2f20 4854
@@ -159,7 +161,7 @@ With `-x`:
 With `-X`:
 
 ```
-14:44:34.457504 ens33 curl.205562 IP 10.0.2.15.39984 > 139.178.84.217.80: Flags [P.], seq 2722472188:2722472262, ack 892036871, win 64240, length 74, ParentProc [bash.180205]
+14:44:34.457504 ens33 curl.205562 Out IP 10.0.2.15.39984 > 139.178.84.217.80: Flags [P.], seq 2722472188:2722472262, ack 892036871, win 64240, length 74, ParentProc [bash.180205]
         0x0000:  4500 0072 de2c 4000 4006 6fbf 0a00 020f  E..r.,@.@.o.....
         0x0010:  8bb2 54d9 9c30 0050 a245 a0fc 352b 6707  ..T..0.P.E..5+g.
         0x0020:  5018 faf0 ecfe 0000 4745 5420 2f20 4854  P.......GET / HT
@@ -174,6 +176,19 @@ With `-X`:
 <p align="right"><a href="#top">🔝</a></p>
 
 
+### Running with Docker
+
+Docker images for `ptcpdump` are published at https://quay.io/repository/ptcpdump/ptcpdump.
+
+```
+docker run --privileged --rm -t --net=host --pid=host \
+  -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
+  quay.io/ptcpdump/ptcpdump:latest ptcpdump -i any -c 2 tcp
+```
+
+<p align="right"><a href="#top">🔝</a></p>
+
+
 ### Flags
 
 

diff --git a/README.zh-CN.md b/README.zh-CN.md
@@ -20,15 +20,16 @@ Table of Contents
 
 * [Features](#features)
 * [Installation](#installation)
-   * [Requirements](#requirements)
+    * [Requirements](#requirements)
 * [Usage](#usage)
-   * [Example commands](#example-commands)
-   * [Example output](#example-output)
-   * [Flags](#flags)
+    * [Example commands](#example-commands)
+    * [Example output](#example-output)
+    * [Running with Docker](#running-with-docker)
+    * [Flags](#flags)
 * [Compare with tcpdump](#compare-with-tcpdump)
 * [Developing](#developing)
-   * [Dependencies](#dependencies)
-   * [Building](#building)
+    * [Dependencies](#dependencies)
+    * [Building](#building)
 
 
 ## Features
@@ -71,7 +72,7 @@ Table of Contents
 
 ```
 sudo ptcpdump -i eth0 tcp
-sudo ptcpdump -i eth0 -A -v tcp and port 80 and host 10.10.1.1
+sudo ptcpdump -i eth0 -A -s 0 -n -v tcp and port 80 and host 10.10.1.1
 sudo ptcpdump -i eth0 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0'
 ```
 
@@ -154,7 +155,7 @@ Accept: */*
 通过 `-x` 参数以 16 进制格式输出:
 
 ```
-14:44:34.457504 ens33 curl.205562 IP 10.0.2.15.39984 > 139.178.84.217.80: Flags [P.], seq 2722472188:2722472262, ack 892036871, win 64240, length 74, ParentProc [bash.180205]
+14:44:34.457504 ens33 curl.205562 Out IP 10.0.2.15.39984 > 139.178.84.217.80: Flags [P.], seq 2722472188:2722472262, ack 892036871, win 64240, length 74, ParentProc [bash.180205]
         0x0000:  4500 0072 de2c 4000 4006 6fbf 0a00 020f
         0x0010:  8bb2 54d9 9c30 0050 a245 a0fc 352b 6707
         0x0020:  5018 faf0 ecfe 0000 4745 5420 2f20 4854
@@ -168,7 +169,7 @@ Accept: */*
 通过 `-X` 参数以 16 进制和 ASCII 格式输出:
 
 ```
-14:44:34.457504 ens33 curl.205562 IP 10.0.2.15.39984 > 139.178.84.217.80: Flags [P.], seq 2722472188:2722472262, ack 892036871, win 64240, length 74, ParentProc [bash.180205]
+14:44:34.457504 ens33 curl.205562 Out IP 10.0.2.15.39984 > 139.178.84.217.80: Flags [P.], seq 2722472188:2722472262, ack 892036871, win 64240, length 74, ParentProc [bash.180205]
         0x0000:  4500 0072 de2c 4000 4006 6fbf 0a00 020f  E..r.,@.@.o.....
         0x0010:  8bb2 54d9 9c30 0050 a245 a0fc 352b 6707  ..T..0.P.E..5+g.
         0x0020:  5018 faf0 ecfe 0000 4745 5420 2f20 4854  P.......GET / HT
@@ -183,6 +184,19 @@ Accept: */*
 <p align="right"><a href="#top">🔝</a></p>
 
 
+### Running with Docker
+
+Docker images for `ptcpdump` are published at https://quay.io/repository/ptcpdump/ptcpdump.
+
+```
+docker run --privileged --rm -t --net=host --pid=host \
+  -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
+  quay.io/ptcpdump/ptcpdump:latest ptcpdump -i any -c 2 tcp
+```
+
+<p align="right"><a href="#top">🔝</a></p>
+
+
 ### Flags