passt & pasta: Modern unprivileged networking for containers and VMs
ฝัง
- เผยแพร่เมื่อ 10 พ.ย. 2024
- (David Gibson) It was the dawn of personal internet access; the mid-90s. Lots of university students and staff had dial-up shell accounts, but dial-up PPP was still hard to come by. So, Slirp was born: a way to fake Layer 2 network connectivity - SLIP or PPP - by translating frames to Layer 4 network operations - ordinary socket calls which could be made by an unprivileged user. It was a useful hack that had its day, then quickly become obsolete as commercial ISPs became common and cheap. Or did it..?
It turns out there are modern cases where Slirp is still used:
QEMU's "-net user" mode is based on Slirp; it's not much used in production VMs, but it's extremely convenient when developing or experimenting, because it requires neither raised privilege nor configuration.
slirp4netns uses Slirp to connect a network namespace with a tuntap device to the host's network, and forms the basis of networking for rootless container runtimes.
KubeVirt runs virtual machines inside Kubernetes pods, and needs to connect the VM's virtual NIC to the pod's network, ideally without requiring the configuration of special privileges on the cluster.
But, despite its uses, Slirp is a very old, very clunky, and difficult to maintain codebase with a poor track record on security and resource leaks. passt (Plug a Simple Socket Transport) is a completely new implementation of the Slirp concept: it connects a Layer 2 network transport (e.g. QEMU's "-net socket" protocol) to regular Layer 4 socket calls. pasta (Pack a Subtle Tap Abstraction) is a variant which connects a tuntap device in a network namespace (such as a container) instead of a VM.
This talk will discuss the uses for passt, the basics of its implementation, and some future plans. We'll also look at some design decisions we've made to help keep it simpler and more secure than Slirp (for example, minimizing the use of NAT, and using no dynamic memory allocation). There will be demonstrations. The project is in its early days, but we think it's already useful and and we'd love to have more users and contributors.
passt was originally authored by Stefano Brivio, and in the past six months I've become the second major contributor.
2023.everythin...
Videos licensed as CC BY-NC-SA 4.0
Everything Open is a conference focused on open technologies, including Linux, open source software, open hardware and open data, and the communities that surround them. The conference provides technical deep-dives as well as updates from industry leaders and experts on a wide array of topics from these areas.
Licensed as CC-BY-SA - creativecommons...
Produced by Next Day Video Australia: nextdayvideo.c...
#everythingopen #linux.conf.au #linux #foss #opensource
Tue Mar 14 16:40:00 2023 at Clarendon Room A
![[UNCUT] The Loyal Pin ปิ่นภักดิ์ EP.15 (2/4)](http://i.ytimg.com/vi/qbHbshrA1f0/mqdefault.jpg)
![[UNCUT] The Loyal Pin ปิ่นภักดิ์ EP.15 (3/4)](http://i.ytimg.com/vi/IVwR87OH0_A/mqdefault.jpg)
