f5d05b43d7
https://github.com/rootless-containers/rootlesskit/releases/tag/v2.0.0 === Pasta === RootlessKit v2 adds the support for pasta (https://passt.top/passt/). Pasta is similar to slirp4netns but its port forwarder achieves better throughput than slirp4netns port driver. It is still not faster than RootlessKit's `builtin` port driver, but unlike the `builtin` port driver, pasta can retain source IP address information. Network driver | Port driver | Net throughput | Port throughput | Src IP | No SUID | Note ---------------|----------------|----------------|-----------------|--------|---------|-------------------------------------------- slirp4netns | builtin | Slow | Fast ✅ | ❌ | ✅ | Default in typical setup vpnkit | builtin | Slow | Fast ✅ | ❌ | ✅ | Default when slirp4netns is not installed slirp4netns | slirp4netns | Slow | Slow | ✅ | ✅ | **pasta** | **implicit** | Slow | Fast ✅ | ✅ | ✅ | Experimental lxc-user-nic | builtin | Fast ✅ | Slow | ❌ | ❌ | Experimental (bypass4netns) | (bypass4netns) | Fast ✅ | Fast ✅ | ✅ | ✅ | (Not integrated to RootlessKit) === Detach-netns === Aside from pasta, RootlessKit v2 also brings the support for "detach-netns" mode, which leaves the runtime in the host network namespace to eliminate the slirp overhead for pull/push and to allow accessing the "real" 127.0.0.1. See containerd/nerdctl PR 2723 for how detach-netns is being adopted in nerdctl v2. Integrating detach-netns into Docker/Moby will need an extra work and will be deferred to Docker v26 (or later). Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> |
||
|---|---|---|
| .. | ||
| etc/docker | ||
| install | ||
| cli.sh | ||