Introducing the pasta package as an alternative for non-priviledged
container networking:
https://passt.top/passt/about/
passt: Plug A Simple Socket Transport
passt implements a translation layer between a Layer-2 network interface and native
Layer-4 sockets (TCP, UDP, ICMP/ICMPv6 echo) on a host. It doesn't require any
capabilities or privileges, and it can be used as a simple replacement for Slirp.
pasta: Pack A Subtle Tap Abstraction
pasta (same binary as passt, different command) offers equivalent functionality,
for network namespaces: traffic is forwarded using a tap interface inside the
namespace, without the need to create further interfaces on the host, hence not
requiring any capabilities or privileges.
It also implements a tap bypass path for local connections: packets with a local
destination address are moved directly between Layer-4 sockets, avoiding Layer-2
translations, using the splice(2) and recvmmsg(2)/sendmmsg(2) system calls for
TCP and UDP, respectively.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
