+if [[ ! $ERRHANDLE_PATH ]]; then
+ ERRHANDLE_PATH=$(readlink -f "${BASH_SOURCE}")
+ ERRHANDLE_PATH=$(readlink -f ${ERRHANDLE_PATH%/*}/../errhandle)
+fi
+err_sourced=true
+for p in $ERRHANDLE_PATH/{errcatch-function,bash-trace-function}; do
+ if [[ -e $p ]]; then
+ source $p
+ else
+ err_sourced=false
+ fi
+done
+if $err_sourced; then
+ errcatch
+else
+ set -eE -o pipefail
+ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+fi
+
+usage() {
+ cat <<EOF
+usage: ${0##*/} [OPTS] start|stop NETNS_NAME
+Setup new or systemd created network namespace with nat and mount namespace
+
+-c, --create Create network namespace. For running outside systemd private net.
+-h, --help Show this help and exit.
+
+From within systemd network namespace, nat it to the outside. If given
+-c, or if in the default network namespace, create a named network
+namepace natted to the current netns.
+
+Also create a named mount namespace under /root/mount_namespaces, so we
+can alter some system config for this namespace. Subsequent systemd
+command lines would be prefixed with:
+
+/usr/bin/nsenter --mount=/root/mount_namespaces/NETNS_NAME
+
+
+"ip netns new ..." also does a mount namespace, then bind mounts each
+thing in /etc/netns/NETNS_NAME to /etc/NETNS_NAME. Note, for openvpn having it's own
+resolv.conf, this doesn't help much. What we actually want to do is copy
+/run/resolvconf somehwere, then bind mount it on top of /run/resolvconf.
+
+Once systemd 233 comes out, it will have a bind mount option from within
+unit files, so the mount namespace won't be needed for this use case.
+
+Recommmended dependency of errhandle to print stack trace on error:
+https://iankelling.org/git/?p=errhandle, set ERRHANDLE_PATH, or put it
+in a directory adjacent to the absolute, resolved directory this file is
+in.
+
+EOF
+ exit ${1:-0}
+}