internal/testutils/netnsutils/sanity_linux.go
package netnsutils
import (
"errors"
"syscall"
"testing"
"github.com/vishvananda/netns"
"golang.org/x/sys/unix"
"gotest.tools/v3/assert"
)
// AssertSocketSameNetNS makes a best-effort attempt to assert that conn is in
// the same network namespace as the current goroutine's thread.
func AssertSocketSameNetNS(t testing.TB, conn syscall.Conn) {
t.Helper()
sc, err := conn.SyscallConn()
assert.NilError(t, err)
sc.Control(func(fd uintptr) {
srvnsfd, err := unix.IoctlRetInt(int(fd), unix.SIOCGSKNS)
if err != nil {
if errors.Is(err, unix.EPERM) {
t.Log("Cannot determine socket's network namespace. Do we have CAP_NET_ADMIN?")
return
}
if errors.Is(err, unix.ENOSYS) {
t.Log("Cannot query socket's network namespace due to missing kernel support.")
return
}
t.Fatal(err)
}
srvns := netns.NsHandle(srvnsfd)
defer srvns.Close()
curns, err := netns.Get()
assert.NilError(t, err)
defer curns.Close()
if !srvns.Equal(curns) {
t.Fatalf("Socket is in network namespace %s, but test goroutine is in %s", srvns, curns)
}
})
}