This allows more realistic testing, with the "outside" copy of secnet
in a separate environment with its own instance of the network stack.
We have to go through some contortions to get the user a shell in the
"outside" environment, since unshare -n also breaks AF_UNIX, and we
want to keep the terminal secnet is invoked in just for secnet.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
* Internal code rearrangements and improvements.
* Fix netlink SEGV on clientless netlinks (i.e. configuration error).
* Fix formatting error in p-t-p startup message.
+ * Additions to the test-example suite.
--
--leak-check=full --suppressions=test-example/memcheck.suppressions \
./secnet -dvnc test-example/outside.conf
NB that --num-callers is needed as secnet's stack can be deep.
+
+The config file outside-unshare.conf can be used on Linux in
+conjunction with test-example/fake-userv and a built checkout of
+userv-utils.git to run the "outside" copy of secnet in a new "network
+namespace".
--- /dev/null
+#!/bin/sh
+set -e
+echo >&2 "$0: invoked as $0 $*"
+shift
+shift
+exec 3<&0 4>&1 5>&2 >&2 </dev/null
+exec xterm -T netns -e unshare -n -- sh -xc '
+ ../userv-utils.git/ipif/service \* -- "$@" <&3 >&4 2>&5 &
+ sleep 0.1
+ env - bash -i
+' x "$@"
--- /dev/null
+netlink userv-ipif {
+ name "netlink-ipif"; # Printed in log messages from this netlink
+ local-address "172.18.232.1";
+ secnet-address "172.18.232.2";
+ remote-networks "172.18.232.0/28";
+ mtu 1000;
+ buffer sysbuffer(2048);
+ userv-path "test-example/fake-userv";
+};
+comm udp {
+ port 16900;
+ buffer sysbuffer(4096);
+};
+local-name "test-example/outside/outside";
+local-key rsa-private("test-example/outside.key");
+include test-example/common.conf
~ian / secnet.git / commitdiff