Skip to content

Commit fd63d6c

Browse files
julek-wolfssljulek-wolfssl
committed
Add bwrap network namespace isolation to scripts with listening ports
Add NETWORK_UNSHARE_HELPER/bwrap wrapping to benchmark.test, openssl_srtp.test, and sniffer-gen.sh to isolate network namespaces and prevent port collisions when tests run concurrently. sniffer-gen.sh uses --cap-add ALL (like dtls.test) since it runs tcpdump. ocsp-stapling.test is excluded because it connects to external servers (login.live.com).
1 parent 3e0679e commit fd63d6c

File tree

3 files changed

+45
-0
lines changed

3 files changed

+45
-0
lines changed

scripts/benchmark.test

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,21 @@
22

33
#benchmark.test
44

5+
# if we can, isolate the network namespace to eliminate port collisions.
6+
if [ -n "$NETWORK_UNSHARE_HELPER" ]; then
7+
if [ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]; then
8+
export NETWORK_UNSHARE_HELPER_CALLED=yes
9+
exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
10+
fi
11+
elif [ "${AM_BWRAPPED-}" != "yes" ]; then
12+
bwrap_path="$(command -v bwrap)"
13+
if [ -n "$bwrap_path" ]; then
14+
export AM_BWRAPPED=yes
15+
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
16+
fi
17+
unset AM_BWRAPPED
18+
fi
19+
520
[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \
621
&& exit 1
722

scripts/openssl_srtp.test

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,21 @@
55

66
set -e
77

8+
# if we can, isolate the network namespace to eliminate port collisions.
9+
if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
10+
if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
11+
export NETWORK_UNSHARE_HELPER_CALLED=yes
12+
exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
13+
fi
14+
elif [ "${AM_BWRAPPED-}" != "yes" ]; then
15+
bwrap_path="$(command -v bwrap)"
16+
if [ -n "$bwrap_path" ]; then
17+
export AM_BWRAPPED=yes
18+
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
19+
fi
20+
unset AM_BWRAPPED
21+
fi
22+
823
if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
924
echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"
1025
exit 0

scripts/sniffer-gen.sh

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,21 @@
11
#!/usr/bin/env bash
22
#set -x
33

4+
# if we can, isolate the network namespace to eliminate port collisions.
5+
if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
6+
if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
7+
export NETWORK_UNSHARE_HELPER_CALLED=yes
8+
exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
9+
fi
10+
elif [ "${AM_BWRAPPED-}" != "yes" ]; then
11+
bwrap_path="$(command -v bwrap)"
12+
if [ -n "$bwrap_path" ]; then
13+
export AM_BWRAPPED=yes
14+
exec "$bwrap_path" --cap-add ALL --unshare-net --dev-bind / / "$0" "$@"
15+
fi
16+
unset AM_BWRAPPED
17+
fi
18+
419
# Run this script from the wolfSSL root
520
if [ ! -f wolfssl/ssl.h ]; then
621
echo "Run from the wolfssl root"

0 commit comments

Comments
 (0)