#!/usr/bin/env bash
# shellcheck source=/dev/null

# if [[ -d "/host/proc/1/" ]]; then source /apps/gitrce/hook/singleton.sh "$0"; fi

# find /sys/fs/cgroup/ -name net_cls.classid -exec sh -c 'echo -n "{} -> "; cat {}' \;

__get_mount_paths_cgroup_id() {
	docker ps -q --no-trunc | while read -r cid; do
		_path=$(docker inspect "$cid" --format '{{range .Mounts}}{{.Source}}{{"\n"}}{{end}}' 2>/dev/null)
		if grep -q "$CACHE/$FILE_PATH_START" <<<"$_path"; then
			_cgroup_path=$(find /sys/fs/cgroup/ -type d -name "$cid" | grep net_cls 2>/dev/null)
			_cgroup_id=$(cat "$_cgroup_path/net_cls.classid" 2>/dev/null)
			echo "$_cgroup_id"
		fi
	done
}

__main() {
	update-alternatives --set iptables /usr/sbin/iptables-legacy 2>/dev/null
	update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy 2>/dev/null

	readarray -t _cgroup_ids < <(__get_mount_paths_cgroup_id)
	:

	_owner_id=52000
	_chain="output_netflow_owner_${_owner_id}"

	for cgid in "${_cgroup_ids[@]}"; do
		for cmd in iptables ip6tables; do
			$cmd -t mangle -N "$_chain" 2>/dev/null || true
			if ! $cmd -t mangle -C OUTPUT -m cgroup --cgroup "$cgid" -j "$_chain" 2>/dev/null; then
				$cmd -t mangle -A OUTPUT -m cgroup --cgroup "$cgid" -j "$_chain"
			fi
			if ! $cmd -t mangle -C "$_chain" -j RETURN 2>/dev/null; then
				$cmd -t mangle -A "$_chain" -j RETURN
			fi
		done
	done
}

__main

__help() {
	cat >/dev/null <<-'EOF'

	EOF
}