Codebase list slirp4netns / debian/0.2.1-1

Tree @debian/0.2.1-1 (Download .tar.gz) @debian/0.2.1-1raw · history · blame

# slirp4netns: User-mode networking for unprivileged network namespaces 

slirp4netns provides user-mode networking ("slirp") for unprivileged network namespaces.

## Motivation

Starting with Linux 3.8, unprivileged users can create [`network_namespaces(7)`]( along with [`user_namespaces(7)`](
However, unprivileged network namespaces had not been very useful, because creating [`veth(4)`]( pairs across the host and network namespaces still requires the root privileges. (i.e. No internet connection)

slirp4netns allows connecting a network namespace to the Internet in a completely unprivileged way, by connecting a TAP device in a network namespace to the usermode TCP/IP stack ("slirp").

## Projects using slirp4netns

* [Usernetes]( (via RootlessKit)
* [Podman](
* [Buildah](
* [ctnr]( (via slirp-cni-plugin)

* [RootlessKit](
* [become-root](
* [slirp-cni-plugin](

## Quick start

### Install from source

$ ./
$ ./configure --prefix=/usr
$ make
$ sudo make install

* To build `slirp4netns` as a static binary, please run `./configure` with `LDFLAGS=-static`.
* If you set `--prefix` to `$HOME`, you don't need to run `make install` with `sudo`.

### Install from binary

#### RHEL 8 & [Fedora (28 or later)](

$ sudo dnf install slirp4netns

#### [Arch Linux](

If you're running Arch Linux you can install `slirp4netns` (or [`slirp4netns-git`]( from AUR. When you're using an AUR helper ([yay](, for example) simply use:

    yay -S slirp4netns
Otherwise make sure you have [base-devel]( installed and build a package manually:

    cd $(mktemp -d)
    curl -Lo PKGBUILD ""
    sudo pacman -U slirp4netns-*.pkg.tar.*

#### [openSUSE Tumbleweed](

$ sudo zypper install slirp4netns

#### [openSUSE Leap 15.0](

$ sudo zypper addrepo --refresh
$ sudo zypper install slirp4netns

#### [SUSE Linux Enterprise 15](

$ sudo zypper addrepo --refresh
$ sudo zypper install slirp4netns

#### [Debian GNU/Linux Sid](

$ sudo apt install slirp4netns

### Usage

Terminal 1: Create user/network/mount namespaces
$ unshare --user --map-root-user --net --mount
unshared$ echo $$ > /tmp/pid

Terminal 2: Start slirp4netns
$ slirp4netns --configure --mtu=65520 $(cat /tmp/pid) tap0
starting slirp, MTU=65520

Terminal 1: Make sure the `tap0` is configured and connected to the Internet
unshared$ ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: tap0: <BROADCAST,UP,LOWER_UP> mtu 65520 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether c2:28:0c:0e:29:06 brd ff:ff:ff:ff:ff:ff
    inet brd scope global tap0
       valid_lft forever preferred_lft forever
    inet6 fe80::c028:cff:fe0e:2906/64 scope link 
       valid_lft forever preferred_lft forever
unshared$ echo "nameserver" > /tmp/resolv.conf
unshared$ mount --bind /tmp/resolv.conf /etc/resolv.conf
unshared$ curl

See [``]( for further information.

## Benchmarks

### iperf3 (netns -> host)

Aug 28, 2018, on [RootlessKit]( Travis:

Implementation |  MTU=1500  |  MTU=4000  |  MTU=16384  |  MTU=65520
vde_plug       |  763 Mbps  |Unsupported | Unsupported | Unsupported
VPNKit         |  514 Mbps  |  526 Mbps  |   540 Mbps  | Unsupported
slirp4netns    | 1.07 Gbps  | 2.78 Gbps  |  4.55 Gbps  |  9.21 Gbps

slirp4netns is faster than [vde_plug]( and [VPNKit]( because slirp4netns is optimized to avoid copying packets across the namespaces.

The latest revision of slirp4netns is regularly benchmarked (`make benchmark`) on Travis:

## Acknowledgement

* The files under [`qemu`](./qemu) directory were forked from [QEMU](
* The files under [`rd235_libslirp`](./rd235_libslirp) directory were forked from [rd235/libslirp](