docker: wait for interfaces to be ready

At entrypoint time, kernel network interfaces might not be ready for the clsact qdisc to be attached. This manifests as: ``` Error: Exclusivity flag on, cannot modify. ``` The solution is to wait. This commit retries adding the tc qdisc up to N_TIMES=5, and adds a delay of 5s between executions.
datahangar · Aug 24, 2024 · 87ce222 · 87ce222
1 parent 447ac27
commit 87ce222
Showing 1 changed file with 24 additions and 5 deletions.
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -3,26 +3,45 @@
 set -e
 set -x
 
+N_ATTEMPTS=5
+RETRY_DELAY=5
+PROG=tc_$1.o
+
 #Compile eBPF programs
 compile(){
 	cd /opt/sfunnel
 	make compile
 }
 
+#$1: PROG
+#$2: IFACE
+load_prog(){
+	tc qdisc add dev $2 clsact
+	tc filter add dev $2 ingress bpf da obj /opt/sfunnel/$1 sec funnel verbose
+}
+
 #$1: ACTION funnel/unfunnel
 if [[ "$1" != "funnel" && "$1" != "unfunnel" ]]; then
 	echo "Unknown action $1"
 	exit 1;
 fi
 
-PROG=tc_$1.o
-
 #Compile for this specific kernel
 #compile
+
+#Show
 ls -la /opt/sfunnel
 
-#Attach
+#Load
 for IFACE in $(ls /sys/class/net); do
-	tc qdisc add dev $IFACE clsact
-	tc filter add dev $IFACE ingress bpf da obj /opt/sfunnel/$PROG sec funnel verbose
+	for ((i=1; i<=$N_ATTEMPTS; i++)); do
+		echo "Attaching BPF program '$PROG' to '$IFACE' using clsact qdisc..."
+		load_prog $PROG $IFACE && break
+		echo "WARNING: attempt $i failed on iface '$IFACE'. Retrying in $RETRY_DELAY seconds..."
+		sleep 5
+	done
+	if [[ $i -ge $N_ATTEMPTS ]]; then
+		echo "ERROR: unable to attach '$PROG' to '$IFACE'!"
+		exit 1
+	fi
 done