An entrypoint to capture net packets for a given command, in a dedicated netns

ep.sh

#!/bin/bash -ex
# An entrypoint to capture net packets for a given command, in a dedicated netns.
# Example usage: timeout -s KILL 15 docker run -e "SHARKFMT=pcap" -v \
# /tmp:/tmp -v /tmp/ep.sh:/usr/local/sbin/ep.sh:ro --entrypoint ep.sh \
# --privileged --cap-add ALL --rm bogdando/dbox nslookup kubernetes.io 10.233.0.2
# Then replay with: tcpick -C -yP -r /tmp/out.pcap or tcpdump -qns 0 -A -r /tmp/out.pcap

INT=${INT:-$(ip addr show | grep -E '^[ ]*inet' | grep -m1 global | awk '{ print $NF }' | sed -e 's/@//')}
IP=${IP:-$(ip addr show | grep -E '^[ ]*inet' | grep -m1 -E "global( $INT)?" | awk '{ print $2 }' | sed -e 's/\/.*//')}
TESTNETPREFIX=${TESTNETPREFIX:-192.168.163}
SHARKFMT=${SHARKFMT:-pcapng}
OUT=${OUT:-/tmp/out.$SHARKFMT}
INNS=${INNS:-true}
ip netns del test || true
ip netns add test
ip link add veth-a type veth peer name veth-b
ip link set veth-a netns test
ip netns exec test ip addr add $TESTNETPREFIX.1/24 dev veth-a
ip netns exec test ip link set veth-a up
ip addr add $TESTNETPREFIX.254/24 dev veth-b
ip link set veth-b up
ip netns exec test ip ro replace default via $TESTNETPREFIX.254
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -nvL | grep -q DEBUGBOX && iptables -t nat -D POSTROUTING 1
iptables -t nat -I POSTROUTING 1 -s $TESTNETPREFIX.0/24 -o $INT -j SNAT --to-source $IP -m comment --comment "DEBUGBOX"
sed -i 's/^disable_lua.*$/disable_lua = true/g' /usr/share/wireshark/init.lua || true
ip netns exec test tshark -i veth-a -n -w "${OUT}" -F $SHARKFMT 2>/dev/null &
sleep 2
if $INNS ; then
  ip netns exec test $@
else
  $@
fi