Skip to content

Commit d0d6c23

Browse files
fahedouchfahedouch
committed
go.mod: update gvisor-tap-vsock to v0.8.8 and improve port driver benchmarks
Signed-off-by: fahed dorgaa <[email protected]>
1 parent 3c14934 commit d0d6c23

File tree

2 files changed

+4
-13
lines changed

2 files changed

+4
-13
lines changed

docs/port.md

Lines changed: 3 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,9 @@ The default value is `none` (do not expose ports).
66

77
| `--port-driver` | Throughput | Source IP | Notes
88
|----------------------|-------------|----------|-------
9-
| `slirp4netns` | 2.51 Gbps | Propagated |
10-
| `socat` (Deprecated) | 7.80 Gbps | Always 127.0.0.1 |
11-
| `builtin` | 32.6 Gbps | Always 127.0.0.1 |
12-
| `gvisor-tap-vsock` (Experimental) | 2.26 Gbps | Propagated | Throughput is currently limited; see issue link below for improvement ideas.
9+
| `slirp4netns` | 9.78 Gbps | Propagated |
10+
| `builtin` | 35.6 Gbps | Always 127.0.0.1 |
11+
| `gvisor-tap-vsock` (Experimental) | 3.99 Gbps | Propagated | Throughput is currently limited; see issue link below for improvement ideas.
1312

1413
([Benchmark: iperf3 from the parent to the child (Mar 8, 2020)](https://github.com/rootless-containers/rootlesskit/runs/492498728))
1514

@@ -37,11 +36,6 @@ rootlesskit$ rootlessctl --socket=/run/user/1001/rootlesskit/foo/api.sock remove
3736
1
3837
```
3938

40-
You can also expose ports using `socat` and `nsenter` instead of RootlessKit's port drivers.
41-
```console
42-
$ pid=$(cat /run/user/1001/rootlesskit/foo/child_pid)
43-
$ socat -t -- TCP-LISTEN:8080,reuseaddr,fork EXEC:"nsenter -U -n -t $pid socat -t -- STDIN TCP4\:127.0.0.1\:80"
44-
```
4539

4640
### Exposing privileged ports
4741
To expose privileged ports (< 1024), add `net.ipv4.ip_unprivileged_port_start=0` to `/etc/sysctl.conf` (or `/etc/sysctl.d`) and run `sudo sysctl --system`.

go.mod

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ go 1.24.0
55
require (
66
github.com/Masterminds/semver/v3 v3.4.0
77
github.com/containernetworking/plugins v1.7.1
8-
github.com/containers/gvisor-tap-vsock v0.8.7
8+
github.com/containers/gvisor-tap-vsock v0.8.8-0.20250909141233-c4615cdb1462
99
github.com/gofrs/flock v0.12.1
1010
github.com/google/uuid v1.6.0
1111
github.com/gorilla/mux v1.8.1
@@ -40,6 +40,3 @@ require (
4040
golang.org/x/tools v0.36.0 // indirect
4141
gvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f // indirect
4242
)
43-
44-
// Point to upstream main until the next release to get this fix: https://github.com/containers/gvisor-tap-vsock/commit/c4615cdb1462cb4c9ea5ab770ea11ad03c472c26
45-
replace github.com/containers/gvisor-tap-vsock => github.com/containers/gvisor-tap-vsock v0.8.8-0.20250909141233-c4615cdb1462

0 commit comments

Comments
 (0)