#!/usr/bin/env bash

WORKER_CNI_DNAT_CHAIN=""
WORKER_CNI_HIT_BEFORE=""
WORKER_CNI_HIT_AFTER=""

resolve_runtime_modes() {
  if [[ -n "${DO_REMOTE_ARG}" ]]; then
    DO_REMOTE="${DO_REMOTE_ARG}"
  else
    if [[ "${NON_INTERACTIVE}" == "1" ]]; then
      DO_REMOTE="N"
    else
      read -r -p "是否通过 SSH 拉取 worker 计数（需要可免交互 sudo）? [y/N]: " DO_REMOTE
      DO_REMOTE="${DO_REMOTE:-N}"
    fi
  fi

  if [[ -n "${CAPTURE_MODE_ARG}" ]]; then
    CAPTURE_MODE="${CAPTURE_MODE_ARG}"
  fi
  if [[ -n "${NFT_TRACE_MODE_ARG}" ]]; then
    NFT_TRACE_MODE="${NFT_TRACE_MODE_ARG}"
  fi
  if [[ -n "${RETURN_TRACE_MODE_ARG}" ]]; then
    RETURN_TRACE_MODE="${RETURN_TRACE_MODE_ARG}"
  fi
  if [[ -n "${POD_NETNS_TRACE_MODE_ARG}" ]]; then
    POD_NETNS_TRACE_MODE="${POD_NETNS_TRACE_MODE_ARG}"
  fi
  if [[ -n "${POD_NETNS_TRACE_SECONDS_ARG}" ]]; then
    POD_NETNS_TRACE_SECONDS="${POD_NETNS_TRACE_SECONDS_ARG}"
  fi
}

collect_remote_worker_state() {
  if [[ ! "$DO_REMOTE" =~ ^[Yy]$ ]] || [[ -z "$WORKER_HOST" ]]; then
    return 0
  fi

  say "开始远端检查: ${WORKER_HOST}"
  run_cmd "Worker 基础网络状态" ssh "${SSH_OPTS[@]}" "$WORKER_HOST" "ip -br a; ip route"
  run_cmd "Worker k3s-agent 状态" ssh "${SSH_OPTS[@]}" "$WORKER_HOST" "sudo systemctl is-active k3s-agent; sudo journalctl -u k3s-agent -n 40 --no-pager"
  run_cmd "Worker PREROUTING 关键计数" ssh "${SSH_OPTS[@]}" "$WORKER_HOST" "sudo iptables -t nat -L PREROUTING -n -v --line-numbers | grep -E 'CNI-HOSTPORT-DNAT|KUBE-SERVICES|dpt:80' || true"
  run_cmd "Worker CNI-HOSTPORT-DNAT" ssh "${SSH_OPTS[@]}" "$WORKER_HOST" "sudo iptables -t nat -L CNI-HOSTPORT-DNAT -n -v --line-numbers || true"

  WORKER_CNI_DNAT_CHAIN="$(ssh "${SSH_OPTS[@]}" "$WORKER_HOST" "sudo iptables -t nat -S CNI-HOSTPORT-DNAT 2>/dev/null | awk '/-j CNI-DN-/{for(i=1;i<=NF;i++) if(\$i==\"-j\"){print \$(i+1); exit}}'")"
  if [[ -n "${WORKER_CNI_DNAT_CHAIN}" ]]; then
    run_cmd "Worker 具体 CNI-DNAT 链" ssh "${SSH_OPTS[@]}" "$WORKER_HOST" "sudo iptables -t nat -L ${WORKER_CNI_DNAT_CHAIN} -n -v --line-numbers"
    WORKER_CNI_HIT_BEFORE="$(ssh "${SSH_OPTS[@]}" "$WORKER_HOST" "sudo iptables -t nat -L ${WORKER_CNI_DNAT_CHAIN} -n -v -x | awk 'BEGIN{v=0} /DNAT/&&/dpt:80/{v=\$1} END{print v}'")"
  fi
}

post_remote_worker_state() {
  if [[ "$DO_REMOTE" =~ ^[Yy]$ ]] && [[ -n "${WORKER_CNI_DNAT_CHAIN}" ]]; then
    WORKER_CNI_HIT_AFTER="$(ssh "${SSH_OPTS[@]}" "$WORKER_HOST" "sudo iptables -t nat -L ${WORKER_CNI_DNAT_CHAIN} -n -v -x | awk 'BEGIN{v=0} /DNAT/&&/dpt:80/{v=\$1} END{print v}'")"
    run_cmd "Worker CNI-DNAT 链复测" ssh "${SSH_OPTS[@]}" "$WORKER_HOST" "sudo iptables -t nat -L ${WORKER_CNI_DNAT_CHAIN} -n -v --line-numbers"
  fi
}