docs/source/markdown: Remove slirp

lsm5 · lsm5 · commit b621923f4070 · 2025-11-21T14:08:26.000-05:00
Signed-off-by: Lokesh Mandvekar &lt;lsm5@redhat.com&gt;
diff --git a/docs/source/markdown/options/network.image.md b/docs/source/markdown/options/network.image.md
@@ -15,15 +15,6 @@ considered insecure.
 - **ns:**_path_: path to a network namespace to join.
 - **private**: create a new namespace for the container (default)
 - **\<network name|ID\>**: Join the network with the given name or ID, e.g. use `--network mynet` to join the network with the name mynet. Only supported for rootful users.
-- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
-  - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false.
-  - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
-  - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
-  - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`).
-  - **outbound_addr=INTERFACE**: Specify the outbound interface slirp binds to (ipv4 traffic only).
-  - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp binds to.
-  - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp binds to (ipv6 traffic only).
-  - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp binds to.
 - **pasta[:OPTIONS,...]**: use **pasta**(1) to create a user-mode networking
     stack. \
     This is the default for rootless containers and only supported in rootless mode. \
@@ -49,13 +40,11 @@ considered insecure.
     - **pasta:--mtu,1500**: Specify a 1500 bytes MTU for the _tap_ interface in
         the container.
     - **pasta:--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-forward,10.0.2.3,-m,1500,--no-ndp,--no-dhcpv6,--no-dhcp**,
-        equivalent to default slirp4netns(1) options: disable IPv6, assign
-        `10.0.2.0/24` to the `tap0` interface in the container, with gateway
+        disable IPv6, assign `10.0.2.0/24` to the `tap0` interface in the container, with gateway
         `10.0.2.3`, enable DNS forwarder reachable at `10.0.2.3`, set MTU to 1500
         bytes, disable NDP, DHCPv6 and DHCP support.
     - **pasta:-I,tap0,--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-forward,10.0.2.3,--no-ndp,--no-dhcpv6,--no-dhcp**,
-        equivalent to default slirp4netns(1) options with Podman overrides: same as
-        above, but leave the MTU to 65520 bytes
+        same as above, but leave the MTU to 65520 bytes
     - **pasta:-t,auto,-u,auto,-T,auto,-U,auto**: enable automatic port forwarding
         based on observed bound ports from both host and container sides
     - **pasta:-T,5201**: enable forwarding of TCP port 5201 from container to
diff --git a/docs/source/markdown/options/network.md b/docs/source/markdown/options/network.md
@@ -31,21 +31,7 @@ Valid _mode_ values are:
 
 - **ns:**_path_: Path to a network namespace to join.
 
-- **private**: Create a new namespace for the container. This uses the **bridge** mode for rootful containers and **slirp4netns** for rootless ones.
-
-- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
-
-  - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false.
-  - **mtu=**_MTU_: Specify the MTU to use for this network. (Default is `65520`).
-  - **cidr=**_CIDR_: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
-  - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`).
-  - **outbound_addr=**_INTERFACE_: Specify the outbound interface slirp binds to (ipv4 traffic only).
-  - **outbound_addr=**_IPv4_: Specify the outbound ipv4 address slirp binds to.
-  - **outbound_addr6=**_INTERFACE_: Specify the outbound interface slirp binds to (ipv6 traffic only).
-  - **outbound_addr6=**_IPv6_: Specify the outbound ipv6 address slirp binds to.
-  - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default. \
-  Note: Rootlesskit changes the source IP address of incoming packets to an IP address in the container network namespace, usually `10.0.2.100`. If the application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
-  - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
+- **private**: Create a new namespace for the container. This uses the **bridge** mode for rootful containers.
 
 - **pasta[:OPTIONS,...]**: use **pasta**(1) to create a user-mode networking
     stack. \
@@ -80,13 +66,11 @@ Valid _mode_ values are:
     - **pasta:--mtu,1500**: Specify a 1500 bytes MTU for the _tap_ interface in
         the container.
     - **pasta:--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-forward,10.0.2.3,-m,1500,--no-ndp,--no-dhcpv6,--no-dhcp**,
-        equivalent to default slirp4netns(1) options: disable IPv6, assign
-        `10.0.2.0/24` to the `tap0` interface in the container, with gateway
+        disable IPv6, assign `10.0.2.0/24` to the `tap0` interface in the container, with gateway
         `10.0.2.3`, enable DNS forwarder reachable at `10.0.2.3`, set MTU to 1500
         bytes, disable NDP, DHCPv6 and DHCP support.
     - **pasta:-I,tap0,--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-forward,10.0.2.3,--no-ndp,--no-dhcpv6,--no-dhcp**,
-        equivalent to default slirp4netns(1) options with Podman overrides: same as
-        above, but leave the MTU to 65520 bytes
+        same as above, but leave the MTU to 65520 bytes
     - **pasta:-t,auto,-u,auto,-T,auto,-U,auto**: enable automatic port forwarding
         based on observed bound ports from both host and container sides
     - **pasta:-T,5201**: enable forwarding of TCP port 5201 from container to
diff --git a/docs/source/markdown/options/publish.md b/docs/source/markdown/options/publish.md
@@ -23,4 +23,4 @@ If it is not, the container port is randomly assigned a port on the host.
 Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`.
 
 Port publishing is only supported for containers utilizing their own network namespace
-through `bridge` networks, or the `pasta` and `slirp4netns` network modes.
+through `bridge` networks, or the `pasta` network mode.
diff --git a/docs/source/markdown/podman-container-inspect.1.md.in b/docs/source/markdown/podman-container-inspect.1.md.in
@@ -239,7 +239,7 @@ $ podman container inspect foobar
                 "Tag": "",
                 "Size": "0B"
             },
-            "NetworkMode": "slirp4netns",
+            "NetworkMode": "pasta",
             "PortBindings": {},
             "RestartPolicy": {
                 "Name": "",
diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in
@@ -488,12 +488,12 @@ be installed. The shadow-utils package must include the newuidmap and newgidmap
 
 In order for users to run rootless, there must be an entry for their username in /etc/subuid and /etc/subgid which lists the UIDs for their user namespace.
 
-Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed.
+Rootless Podman works better if the fuse-overlayfs package is installed.
 The fuse-overlayfs package provides a userspace overlay storage driver, otherwise users need to use
 the vfs storage driver, which can be disk space expensive and less performant
 than other drivers.
 
-To enable VPN on the container, slirp4netns or pasta needs to be specified;
+To enable VPN on the container, pasta needs to be specified;
 without either, containers need to be run with the --network=host flag.
 
 ## ENVIRONMENT
@@ -543,7 +543,7 @@ page.
 NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
 
 ## SEE ALSO
-**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[slirp4netns(1)](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)**
+**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)**
 
 ### Troubleshooting
 
diff --git a/docs/source/markdown/podman-generate-spec.1.md b/docs/source/markdown/podman-generate-spec.1.md
@@ -86,7 +86,7 @@ $ podman generate spec container1
   "nsmode": "default"
  },
  "netns": {
-  "nsmode": "slirp4netns"
+  "nsmode": "pasta"
  },
  "Networks": null,
  "use_image_hosts": false,
@@ -161,7 +161,7 @@ $ cat output.json
   "nsmode": "default"
  },
  "netns": {
-  "nsmode": "slirp4netns"
+  "nsmode": "pasta"
  },
  "Networks": null,
  "use_image_hosts": false,
diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md
@@ -119,15 +119,6 @@ host:
     seccompProfilePath: /usr/share/containers/seccomp.json
     selinuxEnabled: true
   serviceIsRemote: false
-  slirp4netns:
-    executable: /bin/slirp4netns
-    package: slirp4netns-1.1.12-2.fc34.x86_64
-    version: |-
-      slirp4netns version 1.1.12
-      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
-      libslirp: 4.4.0
-      SLIRP_CONFIG_VERSION_MAX: 3
-      libseccomp: 2.5.0
   swapFree: 15687475200
   swapTotal: 16886259712
   uptime: 47h 15m 9.91s (Approximately 1.96 days)
@@ -262,11 +253,6 @@ $ podman info --format json
       "seccompProfilePath": "/usr/share/containers/seccomp.json",
       "selinuxEnabled": true
     },
-    "slirp4netns": {
-      "executable": "/bin/slirp4netns",
-      "package": "slirp4netns-1.1.12-2.fc34.x86_64",
-      "version": "slirp4netns version 1.1.12\ncommit: 7a104a101aa3278a2152351a082a6df71f57c9a3\nlibslirp: 4.4.0\nSLIRP_CONFIG_VERSION_MAX: 3\nlibseccomp: 2.5.0"
-    },
     "pasta": {
       "executable": "/usr/bin/passt",
       "package": "passt-0^20221116.gace074c-1.fc34.x86_64",
diff --git a/docs/source/markdown/podman-network.1.md b/docs/source/markdown/podman-network.1.md
@@ -44,10 +44,7 @@ The default bridge network (called `podman`) uses 10.88.0.0/16 as a subnet. When
 ### Pasta
 Pasta by default performs no Network Address Translation (NAT) and copies the IPs from your main interface into the container namespace. If pasta cannot find an interface with the default route, it will select an interface if there is only one interface with a valid route. If you do not have a default route and several interfaces have defined routes, pasta will be unable to figure out the correct interface and it will fail to start. To specify the interface, use `-i` option to pasta. A default set of pasta options can be set in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** under the `[network]` section with the `pasta_options` key.
 
-The default rootless networking tool can be selected in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** under the `[network]` section with `default_rootless_network_cmd`, which can be set to `pasta` (default) or `slirp4netns`.
-
-### Slirp4netns
-Slirp4netns uses 10.0.2.0/24 for its default network. This can also be changed in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** but under the `[engine]` section. Use the `network_cmd_options` key and add `["cidr=X.X.X.X/24"]` as a value. Note that slirp4netns needs a network prefix size between 1 and 25. This option accepts an array, so more options can be added in a comma-separated string as described on the **[podman-network-create(1)](podman-network-create.1.md)** man page. To change the CIDR for just one container, specify it on the cli using the `--network` option like this: `--network slirp4netns:cidr=192.168.1.0/24`.
+The default rootless networking tool can be selected in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** under the `[network]` section with `default_rootless_network_cmd`, which should be set to `pasta` (default).
 
 ### Podman network create
 When a new network is created with a `podman network create` command, and no subnet is given with the --subnet option, Podman starts picking a free subnet from 10.89.0.0/24 to 10.255.255.0/24. Use the `default_subnet_pools` option under the `[network]` section in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** to change the range and/or size that is assigned by default.
diff --git a/docs/source/markdown/podman-pod-create.1.md.in b/docs/source/markdown/podman-pod-create.1.md.in
@@ -212,11 +212,6 @@ Create a pod with published ports on the host.
 $ podman pod create --publish 8443:443
 ```
 
-Create a pod with the specified network configuration.
-```
-$ podman pod create --network slirp4netns:outbound_addr=127.0.0.1,allow_host_loopback=true
-```
-
 Create a pod with the specified network.
 ```
 $ podman pod create --network pasta
diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in
@@ -937,12 +937,12 @@ be installed. The **shadow-utils** package must include the **newuidmap**(1) and
 
 In order for users to run rootless, there must be an entry for their username in _/etc/subuid_ and _/etc/subgid_ which lists the UIDs for their user namespace.
 
-Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed.
+Rootless Podman works better if the fuse-overlayfs package is installed.
 The **fuse-overlayfs** package provides a userspace overlay storage driver, otherwise users need to use
 the **vfs** storage driver, which can be disk space expensive and less
 performant than other drivers.
 
-To enable VPN on the container, slirp4netns or pasta needs to be specified;
+To enable VPN on the container, pasta needs to be specified;
 without either, containers need to be run with the --network=host flag.
 
 ## ENVIRONMENT
@@ -990,7 +990,7 @@ page.
 NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
 
 ## SEE ALSO
-**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[slirp4netns(1)](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)**
+**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)**
 
 ### Troubleshooting
 
diff --git a/docs/source/markdown/podman-stats.1.md.in b/docs/source/markdown/podman-stats.1.md.in
@@ -118,11 +118,6 @@ ID             NAME           MEM USAGE / LIMIT
 6eae9e25a564   clever_bassi   3.031MB / 16.7GB
 ```
 
-Note: When using a slirp4netns network with the rootlesskit port
-handler, the traffic sent via the port forwarding is accounted to
-the `lo` device.  Traffic accounted to `lo` is not accounted in the
-stats output.
-
 
 ## SEE ALSO
 **[podman(1)](podman.1.md)**
diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md
