Skip to content

A user-mode network ("slirp") CNI plugin - container networking for unprivileged users

License

Notifications You must be signed in to change notification settings

mgoltzsche/slirp-cni-plugin

Folders and files

NameName
Last commit message
Last commit date

Latest commit

818b03a · Nov 17, 2018

History

4 Commits
Nov 17, 2018
Nov 17, 2018
Nov 17, 2018
Nov 17, 2018
Nov 17, 2018
Nov 17, 2018
Nov 17, 2018
Nov 17, 2018
Nov 17, 2018
Nov 17, 2018
Nov 17, 2018
Nov 17, 2018
Nov 17, 2018
Nov 17, 2018

Repository files navigation

slirp-cni-plugin Build Status

A CNI plugin that provides container networking for unprivileged users ("slirp") using slirp4netns.

Build

Build the plugin using make and docker:

git clone https://github.com/mgoltzsche/slirp-cni-plugin.git
cd slirp-cni-plugin
make slirp

In order to run the examples below you can also build the dependencies slirp4netns and cnitool (written to build/bin):

make slirp4netns cnitool

Plugin configuration

JSON configuration file

An example configuration file can be found here.

Field Default Description
name The network/configuration file's name
type Name used to lookup the plugin binary (must be slirp to make the CNI runtime use this plugin)
mtu 1500 Maximum Transmission Unit (1499 < MTU < 65522)

Nothing but the MTU can be configured since slirp4netns provides sufficient defaults. Thus the ipam CNI plugin configuration is also not supported.

Environment variables

To make the plugin use a specific slirp4netns binary set the SLIRP4NETNS environment variable. Otherwise the plugin will lookup slirp4netns in the PATH.

Usage

This example shows how to create namespaces and add a slirp network using cnitool. Please note that the slirp4netns binary must be in the PATH or specified in the SLIRP4NETNS environment variable.

Terminal 1: Create user, network and mount namespaces:

$ unshare --user --map-root-user --net --mount
unshared$ echo $$ > /tmp/pid

Terminal 2: Add network interface:

$ export PATH="$(pwd)/build/bin:$PATH" \
         CNI_PATH="$(pwd):$CNI_PATH" \
         NETCONFPATH=$(pwd)/example-conf
$ cnitool add slirp "/proc/$(cat /tmp/pid)/ns/net"

Terminal 1: test connectivity:

unshared$ ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
    link/ether 12:72:1b:c0:e0:0e brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.100/24 brd 10.0.2.255 scope global tap0
       valid_lft forever preferred_lft forever
    inet6 fe80::1072:1bff:fec0:e00e/64 scope link 
       valid_lft forever preferred_lft forever
unshared$ curl http://example.org
<!doctype html>
...

Terminal 2: remove slirp network from the namespace after you're done:

$ cnitool del slirp "/proc/$(cat /tmp/pid)/ns/net"