6:45 a.m.
Hi Stefano,
This looks very cool. Improved ipv6 support and better performance is
definitely something I would like to have.
I took a quick look at your patch and it looks great. It looks simple to
support for us.
Although I have some comments, we should not allow the automatic port
forwarding mode (at least no by default). It is just too simple to create a
DOS attack on the host with this.
Also it looks like the loopback interface is shared between host and
container ns. I do not understand why I can see the binded loopback ports
in the netns. This seems dangerous and causes other problems because I
cannot bind ports in the netns when they are already used on the host. IMO
access to the hosts loopback adapter should not be allowed at all, if users
need this it should be a separate option like slirp4netns has.
Thanks
Paul
On Tue, Feb 22, 2022 at 11:49 PM Stefano Brivio <sbrivio(a)redhat.com> wrote:
Hi,
I played around with Podman to integrate pasta (if you never heard of
it: https://passt.top/passt/about/#pasta-pack-a-subtle-tap-abstraction
-- pasta is functionally similar to slirp4netns but without the
Slirpiness). I prepared a demo at:
https://passt.top/passt/about/#pasta_2
(the one on the right) from the out-of-tree patch at:
https://passt.top/passt/tree/contrib/podman/0001-libpod-Add-pasta-network...
Let me know if you have questions, comments, interest in it, etc.
Thanks,
--
Stefano
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io