#!/bin/sh

# This file is in the public domain.
#
# Shell script for to setup one instance of a network namespace.
# Used by buildslaves to avoid port conflicts.
#
# The arguments are the command (and arguments to the
# command) to be run in the network namespace (i.e. 'make check').
#

set -eu
set -x

# Be extra safe, even though sudo should already do this.
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# See netjail-init.sh
BRIDGE=builderbridge

# Generate random ID for namespace
NSUID=$(od -x /dev/urandom | head -1 | awk '{OFS="-"; print $2$3}')

NSNAME=buildernet-$NSUID

# Create network namespace
ip netns add "$NSNAME"

TAP=tap-$NSUID
BRTAP=br-tap-$NSUID

# Setup link to our bridge
ip link add "$TAP" type veth peer name "$BRTAP"
brctl addif "$BRIDGE" "$BRTAP"
ip link set "$TAP" netns "$NSNAME"
ip link set dev "$BRTAP" up

# Execute netjail-privdrop in a process namespace, but do not mount proc yet,
# so that we can still "nsenter" the root NS to drop the
exec unshare -fp --kill-child -- ip netns exec "$NSNAME" netjail-privdrop.sh "$NSUID" "$@"