Hi Stefano,

This looks very cool. Improved ipv6 support and better performance is definitely something I would like to have.

I took a quick look at your patch and it looks great. It looks simple to support for us.
Although I have some comments, we should not allow the automatic port forwarding mode (at least no by default). It is just too simple to create a DOS attack on the host with this.
Also it looks like the loopback interface is shared between host and container ns. I do not understand why I can see the binded loopback ports in the netns.  This seems dangerous and causes other problems because I cannot bind ports in the netns when they are already used on the host. IMO access to the hosts loopback adapter should not be allowed at all, if users need this it should be a separate option like slirp4netns has.

Thanks
Paul

On Tue, Feb 22, 2022 at 11:49 PM Stefano Brivio <sbrivio@redhat.com> wrote:
Hi,

I played around with Podman to integrate pasta (if you never heard of
it: https://passt.top/passt/about/#pasta-pack-a-subtle-tap-abstraction
-- pasta is functionally similar to slirp4netns but without the
Slirpiness). I prepared a demo at:
        https://passt.top/passt/about/#pasta_2

(the one on the right) from the out-of-tree patch at:
        https://passt.top/passt/tree/contrib/podman/0001-libpod-Add-pasta-networking-mode.patch

Let me know if you have questions, comments, interest in it, etc.
Thanks,

--
Stefano
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io