iptables-test.py: Try to unshare netns by default

If user did not explicitly requst to "test netnamespace path", try an
import of 'unshare' module and call unshare() to avoid killing the local
host's network by accident.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables-test.py b/iptables-test.py
index 52897a5d93ced322d8dd2021bffc482576caa540..ca5efb1b6670b494ef5a7700487b417f6dca303c 100755 (executable)
--- a/iptables-test.py
+++ b/iptables-test.py
@@ -366,6 +366,13 @@ def main():
                      if i.endswith('.t')]
         file_list.sort()
 
+    if not args.netns:
+        try:
+            import unshare
+            unshare.unshare(unshare.CLONE_NEWNET)
+        except:
+            print("Cannot run in own namespace, connectivity might break")
+
     for filename in file_list:
         file_tests, file_passed = run_test_file(filename, args.netns)
         if file_tests: