Merge branch 'edge' into dev

controller/SqliteNetworkController.cpp

@@ -555,7 +555,11 @@ unsigned int SqliteNetworkController::handleControlPlaneHttpPOST(
 					}
 
 					test->timestamp = OSUtils::now();
-					_circuitTests[test->testId] = test;
+
+					_CircuitTestEntry &te = _circuitTests[test->testId];
+					te.test = test;
+					te.jsonResults = "";
+
 					_node->circuitTestBegin(test,&(SqliteNetworkController::_circuitTestCallback));
 
 					return 200;
@@ -1235,6 +1239,22 @@ unsigned int SqliteNetworkController::_doCPGet(
 
 					}
 
+				} else if ((path[2] == "test")&&(path.size() >= 4)) {
+
+					std::map< uint64_t,_CircuitTestEntry >::iterator cte(_circuitTests.find(Utils::hexStrToU64(path[3].c_str())));
+					if (cte != _circuitTests.end()) {
+
+						responseBody = "[";
+						responseBody.append(cte->second.jsonResults);
+						responseBody.push_back(']');
+						responseContentType = "application/json";
+
+						_node->circuitTestEnd(cte->second.test);
+						::free((void *)cte->second.test);
+						_circuitTests.erase(cte);
+
+					} // else 404
+
 				} // else 404
 
 			} else {
@@ -1930,73 +1950,67 @@ NetworkController::ResultCode SqliteNetworkController::_doNetworkConfigRequest(c
 
 void SqliteNetworkController::_circuitTestCallback(ZT_Node *node,ZT_CircuitTest *test,const ZT_CircuitTestReport *report)
 {
-	static Mutex circuitTestWriteLock;
-
-	const uint64_t now = OSUtils::now();
+	char tmp[65535];
+	SqliteNetworkController *const self = reinterpret_cast<SqliteNetworkController *>(test->ptr);
 
-	SqliteNetworkController *const c = reinterpret_cast<SqliteNetworkController *>(test->ptr);
-	char tmp[128];
+	if (!test)
+		return;
+	if (!report)
+		return;
 
-	std::string reportSavePath(c->_circuitTestPath);
-	OSUtils::mkdir(reportSavePath);
-	Utils::snprintf(tmp,sizeof(tmp),ZT_PATH_SEPARATOR_S"%.16llx",test->credentialNetworkId);
-	reportSavePath.append(tmp);
-	OSUtils::mkdir(reportSavePath);
-	Utils::snprintf(tmp,sizeof(tmp),ZT_PATH_SEPARATOR_S"%.16llx_%.16llx",test->timestamp,test->testId);
-	reportSavePath.append(tmp);
-	OSUtils::mkdir(reportSavePath);
-	Utils::snprintf(tmp,sizeof(tmp),ZT_PATH_SEPARATOR_S"%.16llx_%.10llx_%.10llx",now,report->upstream,report->current);
-	reportSavePath.append(tmp);
+	Mutex::Lock _l(self->_lock);
+	std::map< uint64_t,_CircuitTestEntry >::iterator cte(self->_circuitTests.find(test->testId));
 
-	{
-		Mutex::Lock _l(circuitTestWriteLock);
-		FILE *f = fopen(reportSavePath.c_str(),"a");
-		if (!f)
-			return;
-		fseek(f,0,SEEK_END);
-		fprintf(f,"%s{\n"
-			"\t\"timestamp\": %llu,"ZT_EOL_S
-			"\t\"testId\": \"%.16llx\","ZT_EOL_S
-			"\t\"upstream\": \"%.10llx\","ZT_EOL_S
-			"\t\"current\": \"%.10llx\","ZT_EOL_S
-			"\t\"receivedTimestamp\": %llu,"ZT_EOL_S
-			"\t\"remoteTimestamp\": %llu,"ZT_EOL_S
-			"\t\"sourcePacketId\": \"%.16llx\","ZT_EOL_S
-			"\t\"flags\": %llu,"ZT_EOL_S
-			"\t\"sourcePacketHopCount\": %u,"ZT_EOL_S
-			"\t\"errorCode\": %u,"ZT_EOL_S
-			"\t\"vendor\": %d,"ZT_EOL_S
-			"\t\"protocolVersion\": %u,"ZT_EOL_S
-			"\t\"majorVersion\": %u,"ZT_EOL_S
-			"\t\"minorVersion\": %u,"ZT_EOL_S
-			"\t\"revision\": %u,"ZT_EOL_S
-			"\t\"platform\": %d,"ZT_EOL_S
-			"\t\"architecture\": %d,"ZT_EOL_S
-			"\t\"receivedOnLocalAddress\": \"%s\","ZT_EOL_S
-			"\t\"receivedFromRemoteAddress\": \"%s\""ZT_EOL_S
-			"}",
-			((ftell(f) > 0) ? ",\n" : ""),
-			(unsigned long long)report->timestamp,
-			(unsigned long long)test->testId,
-			(unsigned long long)report->upstream,
-			(unsigned long long)report->current,
-			(unsigned long long)now,
-			(unsigned long long)report->remoteTimestamp,
-			(unsigned long long)report->sourcePacketId,
-			(unsigned long long)report->flags,
-			report->sourcePacketHopCount,
-			report->errorCode,
-			(int)report->vendor,
-			report->protocolVersion,
-			report->majorVersion,
-			report->minorVersion,
-			report->revision,
-			(int)report->platform,
-			(int)report->architecture,
-			reinterpret_cast<const InetAddress *>(&(report->receivedOnLocalAddress))->toString().c_str(),
-			reinterpret_cast<const InetAddress *>(&(report->receivedFromRemoteAddress))->toString().c_str());
-		fclose(f);
+	if (cte == self->_circuitTests.end()) { // sanity check: a circuit test we didn't launch?
+		self->_node->circuitTestEnd(test);
+		::free((void *)test);
+		return;
 	}
+
+	Utils::snprintf(tmp,sizeof(tmp),
+		"%s{\n"
+		"\t\"timestamp\": %llu,"ZT_EOL_S
+		"\t\"testId\": \"%.16llx\","ZT_EOL_S
+		"\t\"upstream\": \"%.10llx\","ZT_EOL_S
+		"\t\"current\": \"%.10llx\","ZT_EOL_S
+		"\t\"receivedTimestamp\": %llu,"ZT_EOL_S
+		"\t\"remoteTimestamp\": %llu,"ZT_EOL_S
+		"\t\"sourcePacketId\": \"%.16llx\","ZT_EOL_S
+		"\t\"flags\": %llu,"ZT_EOL_S
+		"\t\"sourcePacketHopCount\": %u,"ZT_EOL_S
+		"\t\"errorCode\": %u,"ZT_EOL_S
+		"\t\"vendor\": %d,"ZT_EOL_S
+		"\t\"protocolVersion\": %u,"ZT_EOL_S
+		"\t\"majorVersion\": %u,"ZT_EOL_S
+		"\t\"minorVersion\": %u,"ZT_EOL_S
+		"\t\"revision\": %u,"ZT_EOL_S
+		"\t\"platform\": %d,"ZT_EOL_S
+		"\t\"architecture\": %d,"ZT_EOL_S
+		"\t\"receivedOnLocalAddress\": \"%s\","ZT_EOL_S
+		"\t\"receivedFromRemoteAddress\": \"%s\""ZT_EOL_S
+		"}",
+		((cte->second.jsonResults.length() > 0) ? ",\n" : ""),
+		(unsigned long long)report->timestamp,
+		(unsigned long long)test->testId,
+		(unsigned long long)report->upstream,
+		(unsigned long long)report->current,
+		(unsigned long long)OSUtils::now(),
+		(unsigned long long)report->remoteTimestamp,
+		(unsigned long long)report->sourcePacketId,
+		(unsigned long long)report->flags,
+		report->sourcePacketHopCount,
+		report->errorCode,
+		(int)report->vendor,
+		report->protocolVersion,
+		report->majorVersion,
+		report->minorVersion,
+		report->revision,
+		(int)report->platform,
+		(int)report->architecture,
+		reinterpret_cast<const InetAddress *>(&(report->receivedOnLocalAddress))->toString().c_str(),
+		reinterpret_cast<const InetAddress *>(&(report->receivedFromRemoteAddress))->toString().c_str());
+
+	cte->second.jsonResults.append(tmp);
 }
 
 } // namespace ZeroTier

controller/SqliteNetworkController.hpp

@@ -123,7 +123,7 @@ private:
 	std::string _circuitTestPath;
 	std::string _instanceId;
 
-	// A circular buffer last log
+	// Recent request log by device address and network ID
 	struct _LLEntry
 	{
 		_LLEntry()
@@ -148,12 +148,15 @@ private:
 		// Total requests by this address / network ID pair (also serves mod IN_MEMORY_LOG_SIZE as circular buffer ptr)
 		uint64_t totalRequests;
 	};
-
-	// Last log entries by address and network ID pair
 	std::map< std::pair<Address,uint64_t>,_LLEntry > _lastLog;
 
 	// Circuit tests outstanding
-	std::map< uint64_t,ZT_CircuitTest * > _circuitTests;
+	struct _CircuitTestEntry
+	{
+		ZT_CircuitTest *test;
+		std::string jsonResults;
+	};
+	std::map< uint64_t,_CircuitTestEntry > _circuitTests;
 
 	sqlite3 *_db;
 

make-mac.mk

@@ -79,6 +79,18 @@ one:	$(OBJS) service/OneService.o one.o
 	$(CODESIGN) -f -s $(CODESIGN_APP_CERT) zerotier-one
 	$(CODESIGN) -vvv zerotier-one
 
+netcon: $(OBJS)
+	rm -f *.o
+	# Need to selectively rebuild one.cpp and OneService.cpp with ZT_SERVICE_NETCON and ZT_ONE_NO_ROOT_CHECK defined, and also NetconEthernetTap
+	$(CXX) $(CXXFLAGS) $(LDFLAGS) -DZT_SERVICE_NETCON -DZT_ONE_NO_ROOT_CHECK -Iext/lwip/src/include -Iext/lwip/src/include/ipv4 -Iext/lwip/src/include/ipv6 -o zerotier-netcon-service $(OBJS) service/OneService.cpp netcon/NetconEthernetTap.cpp one.cpp -x c netcon/RPC.c $(LDLIBS) -ldl
+	# Build netcon/liblwip.so which must be placed in ZT home for zerotier-netcon-service to work
+	cd netcon ; make -f make-liblwip.mk
+	# Use gcc not clang to build standalone intercept library since gcc is typically used for libc and we want to ensure maximal ABI compatibility
+	cd netcon ; gcc -O2 -Wall -std=c99 -fPIC -fno-common -dynamiclib -flat_namespace -DVERBOSE -D_GNU_SOURCE -DNETCON_INTERCEPT -I. -nostdlib -shared -o libzerotierintercept.so Intercept.c RPC.c -ldl
+	cp netcon/libzerotierintercept.so libzerotierintercept.so
+	ln -sf zerotier-netcon-service zerotier-cli
+	ln -sf zerotier-netcon-service zerotier-idtool
+
 selftest: $(OBJS) selftest.o
 	$(CXX) $(CXXFLAGS) -o zerotier-selftest selftest.o $(OBJS) $(LIBS)
 	$(STRIP) zerotier-selftest
@@ -97,7 +109,7 @@ official: FORCE
 	make ZT_OFFICIAL_RELEASE=1 mac-dist-pkg
 
 clean:
-	rm -rf *.dSYM build-* *.pkg *.dmg *.o node/*.o controller/*.o service/*.o osdep/*.o ext/http-parser/*.o ext/lz4/*.o ext/json-parser/*.o $(OBJS) zerotier-one zerotier-idtool zerotier-selftest zerotier-cli ZeroTierOneInstaller-* mkworld
+	rm -rf netcon/*.so *.dSYM build-* *.pkg *.dmg *.o node/*.o controller/*.o service/*.o osdep/*.o ext/http-parser/*.o ext/lz4/*.o ext/json-parser/*.o $(OBJS) zerotier-one zerotier-idtool zerotier-selftest zerotier-cli ZeroTierOneInstaller-* mkworld
 
 # For those building from source -- installs signed binary tap driver in system ZT home
 install-mac-tap: FORCE

netcon/Intercept.c

@@ -38,20 +38,25 @@
 #include <sys/time.h>
 #include <pwd.h>
 #include <errno.h>
-#include <linux/errno.h>
 #include <stdarg.h>
 #include <netdb.h>
 #include <string.h>
-#include <sys/syscall.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/poll.h>
 #include <sys/un.h>
 #include <arpa/inet.h>
 #include <sys/resource.h>
-#include <linux/net.h> /* for NPROTO */
 
-#define SOCK_MAX (SOCK_PACKET + 1)
+#if defined(__linux__)
+  #include <linux/errno.h>
+  #include <sys/syscall.h>
+  #include <linux/net.h> /* for NPROTO */
+#endif
+
+#if defined(__linux__)
+  #define SOCK_MAX (SOCK_PACKET + 1)
+#endif
 #define SOCK_TYPE_MASK 0xf
 
 #include "Intercept.h"
@@ -92,6 +97,11 @@ static int connected_to_service(int sockfd)
 static int set_up_intercept()
 {
   if (!realconnect) {
+
+#if defined(__linux__)
+    realaccept4 = dlsym(RTLD_NEXT, "accept4");
+    realsyscall = dlsym(RTLD_NEXT, "syscall");
+#endif
     realconnect = dlsym(RTLD_NEXT, "connect");
     realbind = dlsym(RTLD_NEXT, "bind");
     realaccept = dlsym(RTLD_NEXT, "accept");
@@ -100,9 +110,7 @@ static int set_up_intercept()
     realbind = dlsym(RTLD_NEXT, "bind");
     realsetsockopt = dlsym(RTLD_NEXT, "setsockopt");
     realgetsockopt = dlsym(RTLD_NEXT, "getsockopt");
-    realaccept4 = dlsym(RTLD_NEXT, "accept4");
     realclose = dlsym(RTLD_NEXT, "close");
-    realsyscall = dlsym(RTLD_NEXT, "syscall");
     realgetsockname = dlsym(RTLD_NEXT, "getsockname");
   }
   if (!netpath) {
@@ -127,10 +135,12 @@ int setsockopt(SETSOCKOPT_SIG)
     return realsetsockopt(socket, level, option_name, option_value, option_len);
 
   dwr(MSG_DEBUG,"setsockopt(%d)\n", socket);
+#if defined(__linux__)
   if(level == SOL_IPV6 && option_name == IPV6_V6ONLY)
     return 0;
   if(level == SOL_IP && (option_name == IP_TTL || option_name == IP_TOS))
     return 0;
+#endif
   if(level == IPPROTO_TCP || (level == SOL_SOCKET && option_name == SO_KEEPALIVE))
     return 0;
   if(realsetsockopt(socket, level, option_name, option_value, option_len) < 0)
@@ -169,13 +179,16 @@ int socket(SOCKET_SIG)
 
   dwr(MSG_DEBUG,"socket():\n");
   /* Check that type makes sense */
+#if defined(__linux__)
   int flags = socket_type & ~SOCK_TYPE_MASK;
   if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK)) {
       errno = EINVAL;
       return -1;
   }
+#endif
   socket_type &= SOCK_TYPE_MASK;
   /* Check protocol is in range */
+#if defined(__linux__)
   if (socket_family < 0 || socket_family >= NPROTO){
     errno = EAFNOSUPPORT;
     return -1;
@@ -184,9 +197,12 @@ int socket(SOCKET_SIG)
     errno = EINVAL;
     return -1;
   }
+#endif
   /* TODO: detect ENFILE condition */
   if(socket_family == AF_LOCAL
+#if defined(__linux__)
     || socket_family == AF_NETLINK
+#endif
     || socket_family == AF_UNIX) {
       int err = realsocket(socket_family, socket_type, protocol);
       dwr(MSG_DEBUG,"realsocket() = %d\n", err);
@@ -244,24 +260,30 @@ int connect(CONNECT_SIG)
     errno = ENOTSOCK;
     return -1;
   }
+#if defined(__linux__)
   /* Check family */
   if (connaddr->sin_family < 0 || connaddr->sin_family >= NPROTO){
     errno = EAFNOSUPPORT;
     return -1;
   }
+#endif
   /* make sure we don't touch any standard outputs */
   if(__fd == STDIN_FILENO || __fd == STDOUT_FILENO || __fd == STDERR_FILENO)
     return(realconnect(__fd, __addr, __len));
 
   if(__addr != NULL && (connaddr->sin_family == AF_LOCAL
+#if defined(__linux__)
     || connaddr->sin_family == PF_NETLINK
     || connaddr->sin_family == AF_NETLINK
+#endif
     || connaddr->sin_family == AF_UNIX)) {
     return realconnect(__fd, __addr, __len);
   }
   /* Assemble and send RPC */
   struct connect_st rpc_st;
+#if defined(__linux__)
   rpc_st.__tid = syscall(SYS_gettid);
+#endif
   rpc_st.__fd = __fd;
   memcpy(&rpc_st.__addr, __addr, sizeof(struct sockaddr_storage));
   memcpy(&rpc_st.__len, &__len, sizeof(socklen_t));
@@ -300,7 +322,9 @@ int bind(BIND_SIG)
   connaddr = (struct sockaddr_in *)addr;
 
   if(connaddr->sin_family == AF_LOCAL
+#if defined(__linux__)
     || connaddr->sin_family == AF_NETLINK
+#endif
     || connaddr->sin_family == AF_UNIX) {
       int err = realbind(sockfd, addr, addrlen);
       dwr(MSG_DEBUG,"realbind, err = %d\n", err);
@@ -317,7 +341,9 @@ int bind(BIND_SIG)
   /* Assemble and send RPC */
   struct bind_st rpc_st;
   rpc_st.sockfd = sockfd;
+#if defined(__linux__)
   rpc_st.__tid = syscall(SYS_gettid);
+#endif
   memcpy(&rpc_st.addr, addr, sizeof(struct sockaddr_storage));
   memcpy(&rpc_st.addrlen, &addrlen, sizeof(socklen_t));
   return rpc_send_command(netpath, RPC_BIND, sockfd, &rpc_st, sizeof(struct bind_st));
@@ -328,6 +354,7 @@ int bind(BIND_SIG)
 ------------------------------------------------------------------------------*/
 
 /* int sockfd, struct sockaddr *addr, socklen_t *addrlen, int flags */
+#if defined(__linux__)
 int accept4(ACCEPT4_SIG)
 {
   dwr(MSG_DEBUG,"accept4(%d):\n", sockfd);
@@ -337,6 +364,7 @@ int accept4(ACCEPT4_SIG)
     fcntl(sockfd, F_SETFL, O_NONBLOCK);
   return accept(sockfd, addr, addrlen);
 }
+#endif
 
 /*------------------------------------------------------------------------------
 ----------------------------------- accept() -----------------------------------
@@ -442,7 +470,9 @@ int listen(LISTEN_SIG)
   struct listen_st rpc_st;
   rpc_st.sockfd = sockfd;
   rpc_st.backlog = backlog;
+#if defined(__linux__)
   rpc_st.__tid = syscall(SYS_gettid);
+#endif
   return rpc_send_command(netpath, RPC_LISTEN, sockfd, &rpc_st, sizeof(struct listen_st));
 }
 
@@ -502,6 +532,7 @@ int getsockname(GETSOCKNAME_SIG)
 ------------------------------------ syscall() ---------------------------------
 ------------------------------------------------------------------------------*/
 
+#if defined(__linux__)
 long syscall(SYSCALL_SIG)
 {
   va_list ap;
@@ -542,3 +573,4 @@ long syscall(SYSCALL_SIG)
 #endif
   return realsyscall(number,a,b,c,d,e,f);
 }
+#endif

netcon/Intercept.h

@@ -25,12 +25,17 @@
  * LLC. Start here: http://www.zerotier.com/
  */
 
-
 #ifndef _INTERCEPT_H
 #define _INTERCEPT_H	1
 
 #include <sys/socket.h>
 
+
+#if defined(__linux__)
+	#define ACCEPT4_SIG int sockfd, struct sockaddr *addr, socklen_t *addrlen, int flags
+ 	#define SYSCALL_SIG	long number, ...
+#endif
+
 #define CLOSE_SIG int fd
 #define READ_SIG int __fd, void *__buf, size_t __nbytes
 #define BIND_SIG int sockfd, const struct sockaddr *addr, socklen_t addrlen
@@ -38,7 +43,6 @@
 #define WRITE_SIG int __fd, const void *__buf, size_t __n
 #define LISTEN_SIG int sockfd, int backlog
 #define SOCKET_SIG int socket_family, int socket_type, int protocol
-#define ACCEPT4_SIG int sockfd, struct sockaddr *addr, socklen_t *addrlen, int flags
 #define ACCEPT_SIG int sockfd, struct sockaddr *addr, socklen_t *addrlen
 #define SHUTDOWN_SIG int socket, int how
 #define CONNECT_SOCKARG struct sockaddr *
@@ -47,12 +51,17 @@
 #define DAEMON_SIG int nochdir, int noclose
 #define SETSOCKOPT_SIG int socket, int level, int option_name, const void *option_value, socklen_t option_len
 #define GETSOCKOPT_SIG int sockfd, int level, int optname, void *optval, socklen_t *optlen
-#define SYSCALL_SIG	long number, ...
 #define CLONE_SIG int (*fn)(void *), void *child_stack, int flags, void *arg, ...
 #define GETSOCKNAME_SIG int sockfd, struct sockaddr *addr, socklen_t *addrlen
 #define DUP2_SIG int oldfd, int newfd
 #define DUP3_SIG int oldfd, int newfd, int flags
 
+
+#if defined(__linux__)
+	int accept4(ACCEPT4_SIG);
+	long syscall(SYSCALL_SIG);
+#endif
+
 void my_init(void);
 int connect(CONNECT_SIG);
 int bind(BIND_SIG);
@@ -61,14 +70,17 @@ int listen(LISTEN_SIG);
 int socket(SOCKET_SIG);
 int setsockopt(SETSOCKOPT_SIG);
 int getsockopt(GETSOCKOPT_SIG);
-int accept4(ACCEPT4_SIG);
-long syscall(SYSCALL_SIG);
 int close(CLOSE_SIG);
 int clone(CLONE_SIG);
 int dup2(DUP2_SIG);
 int dup3(DUP3_SIG);
 int getsockname(GETSOCKNAME_SIG);
 
+#if defined(__linux__)
+	static int (*realaccept4)(ACCEPT4_SIG) = 0;
+	static long (*realsyscall)(SYSCALL_SIG) = 0;
+#endif
+
 static int (*realconnect)(CONNECT_SIG) = 0;
 static int (*realbind)(BIND_SIG) = 0;
 static int (*realaccept)(ACCEPT_SIG) = 0;
@@ -76,8 +88,6 @@ static int (*reallisten)(LISTEN_SIG) = 0;
 static int (*realsocket)(SOCKET_SIG) = 0;
 static int (*realsetsockopt)(SETSOCKOPT_SIG) = 0;
 static int (*realgetsockopt)(GETSOCKOPT_SIG) = 0;
-static int (*realaccept4)(ACCEPT4_SIG) = 0;
-static long (*realsyscall)(SYSCALL_SIG) = 0;
 static int (*realclose)(CLOSE_SIG) = 0;
 static int (*realgetsockname)(GETSOCKNAME_SIG) = 0;
 

netcon/LWIPStack.hpp

@@ -132,7 +132,13 @@ public:
   LWIPStack(const char* path) :
     _libref(NULL)
   {
+    
+#if defined(__linux__)
     _libref = dlmopen(LM_ID_NEWLM, path, RTLD_NOW);
+#elif defined(__APPLE__)
+    _libref = dlopen(path, RTLD_NOW);
+#endif
+
     if(_libref == NULL)
       printf("dlerror(): %s\n", dlerror());
 

netcon/README.md

@@ -70,6 +70,22 @@ The intercept library does nothing unless the *ZT\_NC\_NETWORK* environment vari
 
 Unlike *zerotier-one*, *zerotier-netcon-service* does not need to be run with root privileges and will not modify the host's network configuration in any way. It can be run alongside *zerotier-one* on the same host with no ill effect, though this can be confusing since you'll have to remember the difference between "real" host interfaces (tun/tap) and network containerized endpoints. The latter are completely unknown to the kernel and will not show up in *ifconfig*.
 
+# Linking into an application on Mac OSX
+
+Example:
+
+    gcc myapp.c -o myapp libzerotierintercept.so
+    export ZT_NC_NETWORK=/tmp/netcon-test-home/nc_8056c2e21c000001
+
+Start service
+
+    ./zerotier-netcon-service -d -p8000 /tmp/netcon-test-home
+
+Run application
+
+    ./myapp
+
+
 # Starting the Network Containers Service
 
 You don't need Docker or any other container engine to try Network Containers. A simple test can be performed in user space (no root) in your own home directory.
@@ -154,9 +170,11 @@ Results will be written to the *netcon/docker-test/_results/* directory which is
 
 To run unit tests:
 
-1) Set up your own network at [https://my.zerotier.com/](https://my.zerotier.com/). For our example we'll just use the Earth network (8056c2e21c000001). Use its network id as follows:
+1) Disable SELinux. This is so the containers can use a shared volume to exchange MD5 sums and address information. 
+
+2) Set up your own network at [https://my.zerotier.com/](https://my.zerotier.com/). For our example we'll just use the Earth network (8056c2e21c000001). Use its network id as follows:
 
-2) Generate two pairs of identity keys. Each public/private pair will be used by the *netcon* and *monitor* containers:
+3) Generate two pairs of identity keys. Each public/private pair will be used by the *netcon* and *monitor* containers:
 
     mkdir -p /tmp/netcon_first
     cp -f ./netcon/liblwip.so /tmp/netcon_first
@@ -176,7 +194,7 @@ To run unit tests:
     ./zerotier-cli -D/tmp/netcon_second join 8056c2e21c000001
     kill `cat /tmp/netcon_second/zerotier-one.pid`
 
-3) Copy the identity files to your *docker-test* directory. Names will be altered during copy step so the dockerfiles know which identities to use for each image/container:
+4) Copy the identity files to your *docker-test* directory. Names will be altered during copy step so the dockerfiles know which identities to use for each image/container:
 
     cp /tmp/netcon_first/identity.public ./netcon/docker-test/netcon_identity.public
     cp /tmp/netcon_first/identity.secret ./netcon/docker-test/netcon_identity.secret
@@ -185,7 +203,7 @@ To run unit tests:
     cp /tmp/netcon_second/identity.secret ./netcon/docker-test/monitor_identity.secret
 
 
-4) Place a blank network config file in the *netcon/docker-test* directory (e.g. "8056c2e21c000001.conf")
+5) Place a blank network config file in the *netcon/docker-test* directory (e.g. "8056c2e21c000001.conf")
  - This will be used to inform test-specific scripts what network to use for testing
 
 After you've created your network and placed its blank config file in *netcon/docker-test* run the following to perform unit tests for httpd:

netcon/RPC.c

@@ -3,7 +3,10 @@
 #include <sys/un.h>
 #include <pthread.h>
 #include <errno.h>
+
+#if defined(__linux__)
 #include <sys/syscall.h>
+#endif
 
 #include <fcntl.h>
 #include <dlfcn.h>
@@ -70,12 +73,12 @@ int get_retval(int rpc_sock)
 
 int load_symbols_rpc()
 {
-  #ifdef NETCON_INTERCEPT
+#ifdef NETCON_INTERCEPT
   realsocket = dlsym(RTLD_NEXT, "socket");
   realconnect = dlsym(RTLD_NEXT, "connect");
   if(!realconnect || !realsocket)
     return -1;
-  #endif
+#endif
   return 1;
 }
 
@@ -131,19 +134,22 @@ int rpc_send_command(char *path, int cmd, int forfd, void *data, int len)
   memcpy(&cmdbuf[CANARY_IDX], &canary_num, CANARY_SZ);
   memcpy(&cmdbuf[STRUCT_IDX], data, len);
 
-#ifdef VERBOSE
+#if defined(VERBOSE)
+  rpc_count++;
   memset(metabuf, 0, BUF_SZ);
+#if defined(__linux__)
   pid_t pid = syscall(SYS_getpid);
   pid_t tid = syscall(SYS_gettid);
-  rpc_count++;
+#endif
   char timestring[20];
   time_t timestamp;
   timestamp = time(NULL);
   strftime(timestring, sizeof(timestring), "%H:%M:%S", localtime(&timestamp));
   memcpy(metabuf, RPC_PHRASE, RPC_PHRASE_SZ); // Write signal phrase
-  
+#if defined(__linux__)
   memcpy(&metabuf[IDX_PID],     &pid,         sizeof(pid_t)      ); /* pid       */
   memcpy(&metabuf[IDX_TID],     &tid,         sizeof(pid_t)      ); /* tid       */
+#endif
   memcpy(&metabuf[IDX_COUNT],   &rpc_count,   sizeof(rpc_count)  ); /* rpc_count */
   memcpy(&metabuf[IDX_TIME],    &timestring,   20                ); /* timestamp */
 #endif

netcon/docker-test/build_tests.sh

@@ -18,7 +18,7 @@ find . -mindepth 2 -maxdepth 2 -type d | while read testdir; do
 	continue    
     fi
 
-    echo "*** Building: '$testdir'..."
+    echo "\n\n\n*** Building: '$testdir'..."
     rm _results/*.tmp
 
     # Stage scripts

netcon/docker-test/httpd/httpd-2.4.17-3.fc23.x86_64/netcon_dockerfile → netcon/docker-test/darkhttpd/darkhttpd-1.11.x86_64/netcon_dockerfile

@@ -4,7 +4,7 @@ MAINTAINER https://www.zerotier.com/
 
 # Install apps
 RUN yum -y update
-RUN yum -y install httpd-2.4.17-3.fc23.x86_64
+RUN yum -y install darkhttpd-1.11
 RUN yum clean all
 
 EXPOSE 9993/udp 80/udp

netcon/docker-test/darkhttpd/darkhttpd-1.11.x86_64/netcon_entrypoint.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/
+
+
+# --- Test Parameters ---
+test_namefile=$(ls *.name)
+test_name="${test_namefile%.*}" # test network id
+nwconf=$(ls *.conf) # blank test network config file
+nwid="${nwconf%.*}" # test network id
+file_path=/opt/results/ # test result output file path (fs shared between host and containers)
+file_base="$test_name".txt # test result output file
+tmp_ext=.tmp # temporary filetype used for sharing test data between containers
+address_file="$file_path$test_name"_addr"$tmp_ext" # file shared between host and containers for sharing address (optional)
+bigfile_name=bigfile
+bigfile_size=10M # size of file we want to use for the test
+tx_md5sumfile="$file_path"tx_"$bigfile_name"_md5sum"$tmp_ext"
+
+# --- Network Config ---
+echo '*** ZeroTier Network Containers Test: ' "$test_name"
+chown -R daemon /var/lib/zerotier-one
+chgrp -R daemon /var/lib/zerotier-one
+su daemon -s /bin/bash -c '/zerotier-netcon-service -d -U -p9993 >>/tmp/zerotier-netcon-service.out 2>&1'
+virtip4=""
+while [ -z "$virtip4" ]; do
+	sleep 0.2
+	virtip4=`/zerotier-cli listnetworks | grep -F $nwid | cut -d ' ' -f 9 | sed 's/,/\n/g' | grep -F '.' | cut -d / -f 1`
+	dev=`/zerotier-cli listnetworks | grep -F "" | cut -d ' ' -f 8 | cut -d "_" -f 2 | sed "s/^<dev>//" | tr '\n' '\0'`
+done
+echo '--- Up and running at' $virtip4 ' on network: ' $nwid
+echo '*** Writing address to ' "$address_file"
+echo $virtip4 > "$address_file"
+
+# --- Test section ---
+# Generate large random file for transfer test, share md5sum for monitor container to check
+echo '*** Generating ' "$bigfile_size" ' file'
+dd if=/dev/urandom of="$bigfile_name"  bs="$bigfile_size"  count=1
+md5sum < "$bigfile_name" > "$tx_md5sumfile"
+echo '*** Wrote MD5 sum to ' "$tx_md5sumfile"
+
+echo '*** Starting application...'
+sleep 0.5
+
+export ZT_NC_NETWORK=/var/lib/zerotier-one/nc_"$dev"
+export LD_PRELOAD=./libzerotierintercept.so
+darkhttpd /

netcon/docker-test/httpd/httpd-2.4.18-1.fc23.x86_64/monitor_dockerfile

@@ -0,0 +1,24 @@
+# ZT Network Containers Test Monitor
+FROM fedora:23
+MAINTAINER https://www.zerotier.com/
+
+EXPOSE 9993/udp
+
+# Add ZT files
+RUN mkdir -p /var/lib/zerotier-one/networks.d
+ADD monitor_identity.public /var/lib/zerotier-one/identity.public
+ADD monitor_identity.secret /var/lib/zerotier-one/identity.secret
+ADD *.conf /var/lib/zerotier-one/networks.d/
+ADD *.conf /
+ADD *.name /
+
+# Install LWIP library used by service
+ADD liblwip.so /var/lib/zerotier-one/liblwip.so
+
+ADD zerotier-one /
+ADD zerotier-cli /
+
+# Start ZeroTier-One
+ADD monitor_entrypoint.sh /monitor_entrypoint.sh
+RUN chmod -v +x /monitor_entrypoint.sh
+CMD ["./monitor_entrypoint.sh"]

netcon/docker-test/httpd/httpd-2.4.18-1.fc23.x86_64/monitor_entrypoint.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/
+
+
+# --- Test Parameters ---
+test_namefile=$(ls *.name)
+test_name="${test_namefile%.*}" # test network id
+nwconf=$(ls *.conf) # blank test network config file
+nwid="${nwconf%.*}" # test network id
+netcon_wait_time=35 # wait for test container to come online
+app_timeout_time=25 # app-specific timeout
+file_path=/opt/results/ # test result output file path (fs shared between host and containers)
+file_base="$test_name".txt # test result output file
+fail=FAIL. # appended to result file in event of failure
+ok=OK. # appended to result file in event of success
+tmp_ext=.tmp # temporary filetype used for sharing test data between containers
+address_file="$file_path$test_name"_addr"$tmp_ext" # file shared between host and containers for sharing address (optional)
+bigfile_name=bigfile # large, random test transfer file
+rx_md5sumfile="$file_path"rx_"$bigfile_name"_md5sum"$tmp_ext"
+tx_md5sumfile="$file_path"tx_"$bigfile_name"_md5sum"$tmp_ext"
+
+
+# --- Network Config ---
+echo '*** ZeroTier Network Containers Test Monitor'
+chown -R daemon /var/lib/zerotier-one
+chgrp -R daemon /var/lib/zerotier-one
+su daemon -s /bin/bash -c '/zerotier-one -d -U -p9993 >>/tmp/zerotier-one.out 2>&1'
+virtip4=""
+while [ -z "$virtip4" ]; do
+	sleep 0.2
+	virtip4=`/zerotier-cli listnetworks | grep -F $nwid | cut -d ' ' -f 9 | sed 's/,/\n/g' | grep -F '.' | cut -d / -f 1`
+done
+echo '*** Starting Test...'
+echo '*** Up and running at' $virtip4 ' on network: ' $nwid
+echo '*** Sleeping for ('  "$netcon_wait_time"  's ) while we wait for the Network Container to come online...'
+sleep "$netcon_wait_time"s
+ncvirtip=$(<$address_file)
+
+
+# --- Test section ---
+echo '*** Curling from intercepted server at' $ncvirtip
+rm -rf "$file_path"*."$file_base"
+touch "$bigfile_name"
+
+# Perform test
+# curl --connect-timeout "$app_timeout_time" -v -o "$file_path$file_base" http://"$ncvirtip"/index.html
+# Large transfer test
+curl --connect-timeout "$app_timeout_time" -v -o "$bigfile_name" http://"$ncvirtip"/"$bigfile_name"
+
+# Check md5
+md5sum < "$bigfile_name" > "$rx_md5sumfile"
+rx_md5sum=$(<$rx_md5sumfile)
+tx_md5sum=$(<$tx_md5sumfile)
+
+echo '*** Comparing md5: ' "$rx_md5sum" ' and ' "$tx_md5sum"
+
+if [ "$rx_md5sum" != "$tx_md5sum" ]; 
+then
+	echo 'MD5 FAIL'
+	touch "$file_path$fail$test_name.txt"
+	printf 'Test: md5 sum did not match!\n' >> "$file_path$fail$test_name.txt"
+else
+	echo 'MD5 OK'
+	touch "$file_path$ok$test_name.txt"
+	printf 'Test: md5 sum ok!\n' >> "$file_path$ok$test_name.txt"
+	cat "$rx_md5sumfile" >> "$file_path$ok$test_name.txt"
+	cat "$tx_md5sumfile" >> "$file_path$ok$test_name.txt"
+fi
+
+
+
+
+
+
+
+
+
+
+

netcon/docker-test/httpd/httpd-2.4.18-1.fc23.x86_64/netcon_dockerfile

@@ -0,0 +1,38 @@
+# ZT Network Containers Test
+FROM fedora:23
+MAINTAINER https://www.zerotier.com/
+
+# Install apps
+RUN yum -y update
+RUN yum -y install httpd-2.4.18-1.fc23.x86_64
+RUN yum clean all
+
+EXPOSE 9993/udp 80/udp
+
+# Add ZT files
+RUN mkdir -p /var/lib/zerotier-one/networks.d
+ADD netcon_identity.public /var/lib/zerotier-one/identity.public
+ADD netcon_identity.secret /var/lib/zerotier-one/identity.secret
+ADD *.conf /var/lib/zerotier-one/networks.d/
+ADD *.conf /
+ADD *.name /
+
+# Install LWIP library used by service
+ADD liblwip.so /var/lib/zerotier-one/liblwip.so
+
+# Install syscall intercept library
+ADD zerotier-intercept /
+ADD libzerotierintercept.so /
+RUN cp libzerotierintercept.so lib/libzerotierintercept.so
+RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept
+RUN /usr/bin/install -c zerotier-intercept /usr/bin
+
+ADD zerotier-cli /
+ADD zerotier-netcon-service /
+
+# Install test scripts
+ADD netcon_entrypoint.sh /netcon_entrypoint.sh
+RUN chmod -v +x /netcon_entrypoint.sh
+
+# Start ZeroTier-One
+CMD ["./netcon_entrypoint.sh"]

netcon/docker-test/python/python/monitor_dockerfile

@@ -0,0 +1,24 @@
+# ZT Network Containers Test Monitor
+FROM fedora:23
+MAINTAINER https://www.zerotier.com/
+
+EXPOSE 9993/udp
+
+# Add ZT files
+RUN mkdir -p /var/lib/zerotier-one/networks.d
+ADD monitor_identity.public /var/lib/zerotier-one/identity.public
+ADD monitor_identity.secret /var/lib/zerotier-one/identity.secret
+ADD *.conf /var/lib/zerotier-one/networks.d/
+ADD *.conf /
+ADD *.name /
+
+# Install LWIP library used by service
+ADD liblwip.so /var/lib/zerotier-one/liblwip.so
+
+ADD zerotier-one /
+ADD zerotier-cli /
+
+# Start ZeroTier-One
+ADD monitor_entrypoint.sh /monitor_entrypoint.sh
+RUN chmod -v +x /monitor_entrypoint.sh
+CMD ["./monitor_entrypoint.sh"]

netcon/docker-test/python/python/monitor_entrypoint.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/
+
+
+# --- Test Parameters ---
+test_namefile=$(ls *.name)
+test_name="${test_namefile%.*}" # test network id
+nwconf=$(ls *.conf) # blank test network config file
+nwid="${nwconf%.*}" # test network id
+netcon_wait_time=35 # wait for test container to come online
+app_timeout_time=25 # app-specific timeout
+file_path=/opt/results/ # test result output file path (fs shared between host and containers)
+file_base="$test_name".txt # test result output file
+fail=FAIL. # appended to result file in event of failure
+ok=OK. # appended to result file in event of success
+tmp_ext=.tmp # temporary filetype used for sharing test data between containers
+address_file="$file_path$test_name"_addr"$tmp_ext" # file shared between host and containers for sharing address (optional)
+bigfile_name=bigfile # large, random test transfer file
+rx_md5sumfile="$file_path"rx_"$bigfile_name"_md5sum"$tmp_ext"
+tx_md5sumfile="$file_path"tx_"$bigfile_name"_md5sum"$tmp_ext"
+
+
+# --- Network Config ---
+echo '*** ZeroTier Network Containers Test Monitor'
+chown -R daemon /var/lib/zerotier-one
+chgrp -R daemon /var/lib/zerotier-one
+su daemon -s /bin/bash -c '/zerotier-one -d -U -p9993 >>/tmp/zerotier-one.out 2>&1'
+virtip4=""
+while [ -z "$virtip4" ]; do
+	sleep 0.2
+	virtip4=`/zerotier-cli listnetworks | grep -F $nwid | cut -d ' ' -f 9 | sed 's/,/\n/g' | grep -F '.' | cut -d / -f 1`
+done
+echo '*** Starting Test...'
+echo '*** Up and running at' $virtip4 ' on network: ' $nwid
+echo '*** Sleeping for ('  "$netcon_wait_time"  's ) while we wait for the Network Container to come online...'
+sleep "$netcon_wait_time"s
+ncvirtip=$(<$address_file)
+
+
+# --- Test section ---
+echo '*** Curling from intercepted server at' $ncvirtip
+rm -rf "$file_path"*."$file_base"
+touch "$bigfile_name"
+
+# Perform test
+# curl --connect-timeout "$app_timeout_time" -v -o "$file_path$file_base" http://"$ncvirtip"/index.html
+# Large transfer test
+curl --connect-timeout "$app_timeout_time" -v -o "$bigfile_name" http://"$ncvirtip"/"$bigfile_name"
+
+# Check md5
+md5sum < "$bigfile_name" > "$rx_md5sumfile"
+rx_md5sum=$(<$rx_md5sumfile)
+tx_md5sum=$(<$tx_md5sumfile)
+
+echo '*** Comparing md5: ' "$rx_md5sum" ' and ' "$tx_md5sum"
+
+if [ "$rx_md5sum" != "$tx_md5sum" ]; 
+then
+	echo 'MD5 FAIL'
+	touch "$file_path$fail$test_name.txt"
+	printf 'Test: md5 sum did not match!\n' >> "$file_path$fail$test_name.txt"
+else
+	echo 'MD5 OK'
+	touch "$file_path$ok$test_name.txt"
+	printf 'Test: md5 sum ok!\n' >> "$file_path$ok$test_name.txt"
+	cat "$rx_md5sumfile" >> "$file_path$ok$test_name.txt"
+	cat "$tx_md5sumfile" >> "$file_path$ok$test_name.txt"
+fi
+
+
+
+
+
+
+
+
+
+
+

netcon/docker-test/python/python/netcon_dockerfile

@@ -0,0 +1,38 @@
+# ZT Network Containers Test
+FROM fedora:23
+MAINTAINER https://www.zerotier.com/
+
+# Install apps
+RUN yum -y update
+RUN yum -y install python
+RUN yum clean all
+
+EXPOSE 9993/udp 80/udp
+
+# Add ZT files
+RUN mkdir -p /var/lib/zerotier-one/networks.d
+ADD netcon_identity.public /var/lib/zerotier-one/identity.public
+ADD netcon_identity.secret /var/lib/zerotier-one/identity.secret
+ADD *.conf /var/lib/zerotier-one/networks.d/
+ADD *.conf /
+ADD *.name /
+
+# Install LWIP library used by service
+ADD liblwip.so /var/lib/zerotier-one/liblwip.so
+
+# Install syscall intercept library
+ADD zerotier-intercept /
+ADD libzerotierintercept.so /
+RUN cp libzerotierintercept.so lib/libzerotierintercept.so
+RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept
+RUN /usr/bin/install -c zerotier-intercept /usr/bin
+
+ADD zerotier-cli /
+ADD zerotier-netcon-service /
+
+# Install test scripts
+ADD netcon_entrypoint.sh /netcon_entrypoint.sh
+RUN chmod -v +x /netcon_entrypoint.sh
+
+# Start ZeroTier-One
+CMD ["./netcon_entrypoint.sh"]

netcon/docker-test/python/python/netcon_entrypoint.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/
+
+
+# --- Test Parameters ---
+test_namefile=$(ls *.name)
+test_name="${test_namefile%.*}" # test network id
+nwconf=$(ls *.conf) # blank test network config file
+nwid="${nwconf%.*}" # test network id
+file_path=/opt/results/ # test result output file path (fs shared between host and containers)
+file_base="$test_name".txt # test result output file
+tmp_ext=.tmp # temporary filetype used for sharing test data between containers
+address_file="$file_path$test_name"_addr"$tmp_ext" # file shared between host and containers for sharing address (optional)
+bigfile_name=bigfile
+bigfile_size=10M # size of file we want to use for the test
+tx_md5sumfile="$file_path"tx_"$bigfile_name"_md5sum"$tmp_ext"
+
+# --- Network Config ---
+echo '*** ZeroTier Network Containers Test: ' "$test_name"
+chown -R daemon /var/lib/zerotier-one
+chgrp -R daemon /var/lib/zerotier-one
+su daemon -s /bin/bash -c '/zerotier-netcon-service -d -U -p9993 >>/tmp/zerotier-netcon-service.out 2>&1'
+virtip4=""
+while [ -z "$virtip4" ]; do
+	sleep 0.2
+	virtip4=`/zerotier-cli listnetworks | grep -F $nwid | cut -d ' ' -f 9 | sed 's/,/\n/g' | grep -F '.' | cut -d / -f 1`
+	dev=`/zerotier-cli listnetworks | grep -F "" | cut -d ' ' -f 8 | cut -d "_" -f 2 | sed "s/^<dev>//" | tr '\n' '\0'`
+done
+echo '--- Up and running at' $virtip4 ' on network: ' $nwid
+echo '*** Writing address to ' "$address_file"
+echo $virtip4 > "$address_file"
+
+# --- Test section ---
+# Generate large random file for transfer test, share md5sum for monitor container to check
+echo '*** Generating ' "$bigfile_size" ' file'
+dd if=/dev/urandom of="$bigfile_name"  bs="$bigfile_size"  count=1
+md5sum < "$bigfile_name" > "$tx_md5sumfile"
+echo '*** Wrote MD5 sum to ' "$tx_md5sumfile"
+
+echo '*** Starting application...'
+sleep 0.5
+
+export ZT_NC_NETWORK=/var/lib/zerotier-one/nc_"$dev"
+export LD_PRELOAD=./libzerotierintercept.so
+python -m SimpleHTTPServer 80

netcon/docker-test/python/python3/monitor_dockerfile

@@ -0,0 +1,24 @@
+# ZT Network Containers Test Monitor
+FROM fedora:23
+MAINTAINER https://www.zerotier.com/
+
+EXPOSE 9993/udp
+
+# Add ZT files
+RUN mkdir -p /var/lib/zerotier-one/networks.d
+ADD monitor_identity.public /var/lib/zerotier-one/identity.public
+ADD monitor_identity.secret /var/lib/zerotier-one/identity.secret
+ADD *.conf /var/lib/zerotier-one/networks.d/
+ADD *.conf /
+ADD *.name /
+
+# Install LWIP library used by service
+ADD liblwip.so /var/lib/zerotier-one/liblwip.so
+
+ADD zerotier-one /
+ADD zerotier-cli /
+
+# Start ZeroTier-One
+ADD monitor_entrypoint.sh /monitor_entrypoint.sh
+RUN chmod -v +x /monitor_entrypoint.sh
+CMD ["./monitor_entrypoint.sh"]

netcon/docker-test/python/python3/monitor_entrypoint.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/
+
+
+# --- Test Parameters ---
+test_namefile=$(ls *.name)
+test_name="${test_namefile%.*}" # test network id
+nwconf=$(ls *.conf) # blank test network config file
+nwid="${nwconf%.*}" # test network id
+netcon_wait_time=35 # wait for test container to come online
+app_timeout_time=25 # app-specific timeout
+file_path=/opt/results/ # test result output file path (fs shared between host and containers)
+file_base="$test_name".txt # test result output file
+fail=FAIL. # appended to result file in event of failure
+ok=OK. # appended to result file in event of success
+tmp_ext=.tmp # temporary filetype used for sharing test data between containers
+address_file="$file_path$test_name"_addr"$tmp_ext" # file shared between host and containers for sharing address (optional)
+bigfile_name=bigfile # large, random test transfer file
+rx_md5sumfile="$file_path"rx_"$bigfile_name"_md5sum"$tmp_ext"
+tx_md5sumfile="$file_path"tx_"$bigfile_name"_md5sum"$tmp_ext"
+
+
+# --- Network Config ---
+echo '*** ZeroTier Network Containers Test Monitor'
+chown -R daemon /var/lib/zerotier-one
+chgrp -R daemon /var/lib/zerotier-one
+su daemon -s /bin/bash -c '/zerotier-one -d -U -p9993 >>/tmp/zerotier-one.out 2>&1'
+virtip4=""
+while [ -z "$virtip4" ]; do
+	sleep 0.2
+	virtip4=`/zerotier-cli listnetworks | grep -F $nwid | cut -d ' ' -f 9 | sed 's/,/\n/g' | grep -F '.' | cut -d / -f 1`
+done
+echo '*** Starting Test...'
+echo '*** Up and running at' $virtip4 ' on network: ' $nwid
+echo '*** Sleeping for ('  "$netcon_wait_time"  's ) while we wait for the Network Container to come online...'
+sleep "$netcon_wait_time"s
+ncvirtip=$(<$address_file)
+
+
+# --- Test section ---
+echo '*** Curling from intercepted server at' $ncvirtip
+rm -rf "$file_path"*."$file_base"
+touch "$bigfile_name"
+
+# Perform test
+# curl --connect-timeout "$app_timeout_time" -v -o "$file_path$file_base" http://"$ncvirtip"/index.html
+# Large transfer test
+curl --connect-timeout "$app_timeout_time" -v -o "$bigfile_name" http://"$ncvirtip"/"$bigfile_name"
+
+# Check md5
+md5sum < "$bigfile_name" > "$rx_md5sumfile"
+rx_md5sum=$(<$rx_md5sumfile)
+tx_md5sum=$(<$tx_md5sumfile)
+
+echo '*** Comparing md5: ' "$rx_md5sum" ' and ' "$tx_md5sum"
+
+if [ "$rx_md5sum" != "$tx_md5sum" ]; 
+then
+	echo 'MD5 FAIL'
+	touch "$file_path$fail$test_name.txt"
+	printf 'Test: md5 sum did not match!\n' >> "$file_path$fail$test_name.txt"
+else
+	echo 'MD5 OK'
+	touch "$file_path$ok$test_name.txt"
+	printf 'Test: md5 sum ok!\n' >> "$file_path$ok$test_name.txt"
+	cat "$rx_md5sumfile" >> "$file_path$ok$test_name.txt"
+	cat "$tx_md5sumfile" >> "$file_path$ok$test_name.txt"
+fi
+
+
+
+
+
+
+
+
+
+
+

netcon/docker-test/python/python3/netcon_dockerfile

@@ -0,0 +1,37 @@
+# ZT Network Containers Test
+FROM fedora:23
+MAINTAINER https://www.zerotier.com/
+
+# Install apps
+RUN yum -y update
+RUN yum clean all
+
+EXPOSE 9993/udp 80/udp
+
+# Add ZT files
+RUN mkdir -p /var/lib/zerotier-one/networks.d
+ADD netcon_identity.public /var/lib/zerotier-one/identity.public
+ADD netcon_identity.secret /var/lib/zerotier-one/identity.secret
+ADD *.conf /var/lib/zerotier-one/networks.d/
+ADD *.conf /
+ADD *.name /
+
+# Install LWIP library used by service
+ADD liblwip.so /var/lib/zerotier-one/liblwip.so
+
+# Install syscall intercept library
+ADD zerotier-intercept /
+ADD libzerotierintercept.so /
+RUN cp libzerotierintercept.so lib/libzerotierintercept.so
+RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept
+RUN /usr/bin/install -c zerotier-intercept /usr/bin
+
+ADD zerotier-cli /
+ADD zerotier-netcon-service /
+
+# Install test scripts
+ADD netcon_entrypoint.sh /netcon_entrypoint.sh
+RUN chmod -v +x /netcon_entrypoint.sh
+
+# Start ZeroTier-One
+CMD ["./netcon_entrypoint.sh"]

netcon/docker-test/python/python3/netcon_entrypoint.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/
+
+
+# --- Test Parameters ---
+test_namefile=$(ls *.name)
+test_name="${test_namefile%.*}" # test network id
+nwconf=$(ls *.conf) # blank test network config file
+nwid="${nwconf%.*}" # test network id
+file_path=/opt/results/ # test result output file path (fs shared between host and containers)
+file_base="$test_name".txt # test result output file
+tmp_ext=.tmp # temporary filetype used for sharing test data between containers
+address_file="$file_path$test_name"_addr"$tmp_ext" # file shared between host and containers for sharing address (optional)
+bigfile_name=bigfile
+bigfile_size=10M # size of file we want to use for the test
+tx_md5sumfile="$file_path"tx_"$bigfile_name"_md5sum"$tmp_ext"
+
+# --- Network Config ---
+echo '*** ZeroTier Network Containers Test: ' "$test_name"
+chown -R daemon /var/lib/zerotier-one
+chgrp -R daemon /var/lib/zerotier-one
+su daemon -s /bin/bash -c '/zerotier-netcon-service -d -U -p9993 >>/tmp/zerotier-netcon-service.out 2>&1'
+virtip4=""
+while [ -z "$virtip4" ]; do
+	sleep 0.2
+	virtip4=`/zerotier-cli listnetworks | grep -F $nwid | cut -d ' ' -f 9 | sed 's/,/\n/g' | grep -F '.' | cut -d / -f 1`
+	dev=`/zerotier-cli listnetworks | grep -F "" | cut -d ' ' -f 8 | cut -d "_" -f 2 | sed "s/^<dev>//" | tr '\n' '\0'`
+done
+echo '--- Up and running at' $virtip4 ' on network: ' $nwid
+echo '*** Writing address to ' "$address_file"
+echo $virtip4 > "$address_file"
+
+# --- Test section ---
+# Generate large random file for transfer test, share md5sum for monitor container to check
+echo '*** Generating ' "$bigfile_size" ' file'
+dd if=/dev/urandom of="$bigfile_name"  bs="$bigfile_size"  count=1
+md5sum < "$bigfile_name" > "$tx_md5sumfile"
+echo '*** Wrote MD5 sum to ' "$tx_md5sumfile"
+
+echo '*** Starting application...'
+sleep 0.5
+
+export ZT_NC_NETWORK=/var/lib/zerotier-one/nc_"$dev"
+export LD_PRELOAD=./libzerotierintercept.so
+python3 -m http.server 80