cwrap is...

a set of tools to create a fully isolated network environment to test client/server components on a single host. It provides synthetic account information, hostname resolution and support for privilege separation. The heart of cwrap consists of three libraries you can preload to any executable.

Download here » or Learn More


2014-05-06 Version 1.0.2 of uid_wrapper has been released

2014-06-05 Version 1.1.1 of socket_wrapper has been released, which disables incomplete bind() checks for EADDRINUSE

2014-06-02 Version 1.1.0 of socket_wrapper has been released, with a lot of bugfixes and features

Download here »

Mission Statement

cwrap's mission is to enable developers to test complex network-based and privileged software stacks on UNIX machines with limited network access and without root privileges by providing preloadable libraries to wrap standard libc functions.


cwrap is developed using the git version control system. You can find the web interface of the git repository at:


An isolated network. Talk to each other.

cwrap, the libc wrapper project, aims to help client/server software development teams willing to gain full functional test coverage. It makes possible to run several instances of the full software stack on the same machine and perform locally functional testing of complex network configurations. Learn more...

Artificial users and groups. I'm someone else.

There are projects which provide daemons needing to be able to create, modify and delete unix users. Or just switch user ids to interact with the system e.g. a user space file server. To be able to test that you need the privilege to modify the passwd and groups file. With nss_wrapper it is possible to define your own passwd and groups file which will be used by software to act correctly while under test. Learn more...

Network name resolution. Who is who?

If you have a client and server under test they normally use functions to resolve network names to addresses (dns) or vice versa. The nss_wrappers allow you to create a hosts file to setup name resolution for the addresses you use with socket_wrapper. Learn more...

Privilege separation. Be root in your imagination!

Some projects like a file server need privilege separation to be able to switch to the connection user and do file operations. uid_wrapper convincingly lies to the application letting it believe it is operating as root and even switching betwen uids and gids as needed. Learn more...