Improve Docker images and local container workflow

Str-Gen · Str-Gen · commit 85d44cc63f8c · 2026-03-30T12:22:31.000+02:00
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,10 @@
+*
+!Cargo.toml
+!Cargo.lock
+!.cargo/
+!common/
+!rustiflow/
+!xtask/
+!rustfmt.toml
+!ebpf-ipv4/
+!ebpf-ipv6/
diff --git a/Dockerfile b/Dockerfile
@@ -1,14 +1,15 @@
-FROM ubuntu:20.04
+FROM ubuntu:24.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
 # Update the system and install dependencies
 RUN apt-get update && apt-get install -y \
+    ca-certificates \
     curl \
     build-essential \
+    pkg-config \
     libpcap-dev \
     iproute2 \
-    linux-tools-5.8.0-63-generic \
     && rm -rf /var/lib/apt/lists/*
 
 # Install Rust
@@ -19,12 +20,12 @@ RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
  && cargo install bpf-linker
 
 ENV PATH="/root/.cargo/bin:${PATH}"
-ENV PATH="/usr/lib/linux-tools/5.8.0-63-generic:$PATH"
 ENV RUST_LOG=info
 
 # Copy
 WORKDIR /usr/src/app
 COPY Cargo.toml ./
+COPY Cargo.lock ./
 COPY .cargo ./.cargo
 COPY common ./common
 COPY rustiflow ./rustiflow
@@ -36,7 +37,7 @@ COPY ebpf-ipv6 ./ebpf-ipv6
 # Build
 RUN cargo xtask ebpf-ipv4 --release
 RUN cargo xtask ebpf-ipv6 --release
-RUN cargo build --release
+RUN cargo build --release --locked
 
 # Command
-ENTRYPOINT ["./target/release/rustiflow"]
+ENTRYPOINT ["/usr/src/app/target/release/rustiflow"]
diff --git a/Dockerfile-slim b/Dockerfile-slim
@@ -1,9 +1,11 @@
 # Stage 1: Build
-FROM rust:latest AS builder
+FROM rust:1-bookworm AS builder
 
 # Install build dependencies
 RUN apt-get update && apt-get install -y \
+    ca-certificates \
     libpcap-dev \
+    pkg-config \
     iproute2 \
     && rustup toolchain install stable \
     && rustup toolchain install nightly --component rust-src \
@@ -16,6 +18,7 @@ ENV PATH="/root/.cargo/bin:${PATH}"
 # Copy source code
 WORKDIR /usr/src/app
 COPY Cargo.toml ./
+COPY Cargo.lock ./
 COPY .cargo ./.cargo
 COPY common ./common
 COPY rustiflow ./rustiflow
@@ -27,20 +30,27 @@ COPY ebpf-ipv6 ./ebpf-ipv6
 # Build the project
 RUN cargo xtask ebpf-ipv4 --release && \
     cargo xtask ebpf-ipv6 --release && \
-    cargo build --release
+    cargo build --release --locked
 
 # Stage 2: Runtime
 FROM debian:bookworm-slim
 
 # Install runtime dependencies
 RUN apt-get update && apt-get install -y \
+    ca-certificates \
     libpcap0.8 \
     iproute2 \
     --no-install-recommends && \
     rm -rf /var/lib/apt/lists/*
 
+# Recreate the builder-time layout expected by the binary's relative eBPF path lookup.
+WORKDIR /usr/src/app
+
 # Copy the compiled binaries from the builder stage
 COPY --from=builder /usr/src/app/target/release/rustiflow /usr/local/bin/rustiflow
+COPY --from=builder /usr/src/app/target/bpfel-unknown-none/release/rustiflow-ebpf-ipv4 /usr/src/app/target/bpfel-unknown-none/release/rustiflow-ebpf-ipv4
+COPY --from=builder /usr/src/app/target/bpfel-unknown-none/release/rustiflow-ebpf-ipv6 /usr/src/app/target/bpfel-unknown-none/release/rustiflow-ebpf-ipv6
+RUN mkdir -p /usr/src/app/rustiflow
 
 # Set environment variables
 ENV RUST_LOG=info
diff --git a/README.md b/README.md
@@ -130,17 +130,32 @@ Make sure that you don't use docker desktop and that you don't have it installed
   ```
 - **Run the Container**:
   ```bash
-  docker run --network host -v /path/on/host:/app rustiflow [ARGS like you are used to]
+  docker run --rm --network host -v /path/on/host:/app rustiflow [ARGS]
   ```
-  Run it with the --privileged flag if you want to capture traffic in real-time.
+  Run it with the `--privileged` flag if you want to capture traffic in real-time.
 - **Example**:
   ```bash
-  docker run --network host -v /home/user/pcap:/app rustiflow pcap basic-flow 60 /app/pcap.pcap print
+  docker run --rm --network host -v /home/user/pcap:/app rustiflow \
+    -f basic \
+    -o print \
+    pcap /app/pcap.pcap
   ```
   ```bash
-  docker run --privileged --network host -v /home/matisse/Documents:/app rustiflow realtime enp5s0 cic-flow 60 csv /app/output.csv
+  docker run --rm --privileged --network host -v /home/user/output:/app rustiflow \
+    -f cic \
+    -o csv \
+    --export-path /app/output.csv \
+    realtime enp5s0
   ```
 
+Notes:
+
+- The current CLI uses flags such as `-f basic` and `-o csv`; the older
+  positional examples are no longer correct.
+- Realtime capture in a container still depends on Linux host support for eBPF
+  and `tc`, so `--privileged --network host` remains the practical baseline for
+  local testing.
+
 ## <img src="figures/RustiFlow_nobg.png" width="60px"/> Installation Guide for development
 
 ### Prerequisites:
