{"id":13509488,"url":"https://github.com/containers/gvisor-tap-vsock","last_synced_at":"2026-02-06T15:14:28.924Z","repository":{"id":38317626,"uuid":"282845245","full_name":"containers/gvisor-tap-vsock","owner":"containers","description":"A new network stack based on gVisor","archived":false,"fork":false,"pushed_at":"2026-01-12T13:06:54.000Z","size":25141,"stargazers_count":349,"open_issues_count":31,"forks_count":74,"subscribers_count":17,"default_branch":"main","last_synced_at":"2026-01-12T19:36:35.996Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/containers.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-07-27T08:59:15.000Z","updated_at":"2026-01-12T13:07:02.000Z","dependencies_parsed_at":"2024-03-06T14:30:20.529Z","dependency_job_id":"ca37ed27-b1ae-4cd2-89e9-134c47e63802","html_url":"https://github.com/containers/gvisor-tap-vsock","commit_stats":{"total_commits":495,"total_committers":31,"mean_commits":15.96774193548387,"dds":0.6868686868686869,"last_synced_commit":"29595055c8fad35e7ac750d6ddeb78c83c7ec1f9"},"previous_names":["code-ready/gvisor-tap-vsock"],"tags_count":24,"template":false,"template_full_name":null,"purl":"pkg:github/containers/gvisor-tap-vsock","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fgvisor-tap-vsock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fgvisor-tap-vsock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fgvisor-tap-vsock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fgvisor-tap-vsock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/containers","download_url":"https://codeload.github.com/containers/gvisor-tap-vsock/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fgvisor-tap-vsock/sbom","scorecard":{"id":296548,"data":{"date":"2025-08-11","repo":{"name":"github.com/containers/gvisor-tap-vsock","commit":"53d0f5f4d26db6f2510d56bc4802c4a30bae28aa"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/go.yml:1","Warn: no topLevel permission defined: .github/workflows/golangci-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.8.6 not signed: https://api.github.com/repos/containers/gvisor-tap-vsock/releases/216959958","Warn: release artifact v0.8.5 not signed: https://api.github.com/repos/containers/gvisor-tap-vsock/releases/206464326","Warn: release artifact v0.8.4 not signed: https://api.github.com/repos/containers/gvisor-tap-vsock/releases/204113637","Warn: release artifact v0.8.3 not signed: https://api.github.com/repos/containers/gvisor-tap-vsock/releases/198090969","Warn: release artifact v0.8.2 not signed: https://api.github.com/repos/containers/gvisor-tap-vsock/releases/195603688","Warn: release artifact v0.8.6 does not have provenance: https://api.github.com/repos/containers/gvisor-tap-vsock/releases/216959958","Warn: release artifact v0.8.5 does not have provenance: https://api.github.com/repos/containers/gvisor-tap-vsock/releases/206464326","Warn: release artifact v0.8.4 does not have provenance: https://api.github.com/repos/containers/gvisor-tap-vsock/releases/204113637","Warn: release artifact v0.8.3 does not have provenance: https://api.github.com/repos/containers/gvisor-tap-vsock/releases/198090969","Warn: release artifact v0.8.2 does not have provenance: https://api.github.com/repos/containers/gvisor-tap-vsock/releases/195603688"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/golangci-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/golangci-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/gvisor-tap-vsock/release.yml/main?enable=pin","Warn: containerImage not pinned by hash: images/Dockerfile:1","Warn: containerImage not pinned by hash: images/Dockerfile:6: pin your Docker image by updating busybox to busybox@sha256:f9a104fddb33220ec80fc45a4e606c74aadf1ef7a3832eb0b05be9e90cd61f5f","Warn: goCommand not pinned by hash: tools/vendor/github.com/pelletier/go-toml/benchmark.sh:10","Warn: goCommand not pinned by hash: vendor/github.com/google/gopacket/.travis.golint.sh:5","Warn: goCommand not pinned by hash: vendor/github.com/google/gopacket/.travis.install.sh:5","Warn: goCommand not pinned by hash: vendor/github.com/google/gopacket/.travis.install.sh:6","Warn: goCommand not pinned by hash: vendor/github.com/google/gopacket/.travis.install.sh:7","Warn: goCommand not pinned by hash: vendor/github.com/google/gopacket/.travis.install.sh:8","Warn: goCommand not pinned by hash: vendor/github.com/google/gopacket/.travis.install.sh:9","Info:   0 out of  13 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   7 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T19:40:48.903Z","repository_id":38317626,"created_at":"2025-08-17T19:40:48.903Z","updated_at":"2025-08-17T19:40:48.903Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29166297,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-06T14:37:12.680Z","status":"ssl_error","status_checked_at":"2026-02-06T14:36:22.973Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T02:01:08.497Z","updated_at":"2026-02-06T15:14:28.905Z","avatar_url":"https://github.com/containers.png","language":"Go","funding_links":[],"categories":["Go","others"],"sub_categories":[],"readme":"# gvisor-tap-vsock\n\n\nA replacement for [libslirp](https://gitlab.com/qemu-project/libslirp) and [VPNKit](https://github.com/moby/vpnkit), written in pure Go.\nIt is based on the network stack of [gVisor](https://github.com/google/gvisor/tree/master/pkg/tcpip).\n\nCompared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.\n\nIt can be used with QEMU, Hyperkit, Hyper-V and User Mode Linux.\n\n## Build\n\n```\nmake\n```\n\n## Run with QEMU (Linux or macOS)\n\nUsually with QEMU, to not run as root, you would have to use `-netdev user,id=n0`.\nWith this project, this is the same but you have to run a daemon on the host.\n\nThere 2 ways for the VM to communicate with the daemon: with a tcp port or with a unix socket.\n\n- With gvproxy and the VM discussing on a tcp port:\n```\n(terminal 1) $ bin/gvproxy -debug -listen unix:///tmp/network.sock -listen-qemu tcp://0.0.0.0:1234\n(terminal 2) $ qemu-system-x86_64 (all your qemu options) -netdev socket,id=vlan,connect=127.0.0.1:1234 -device virtio-net-pci,netdev=vlan,mac=5a:94:ef:e4:0c:ee\n```\n\n- With gvproxy and the VM discussing on a unix socket:\n```\n(terminal 1) $ bin/gvproxy -debug -listen unix:///tmp/network.sock -listen-qemu unix:///tmp/qemu.sock\n(terminal 2) $ bin/qemu-wrapper /tmp/qemu.sock qemu-system-x86_64 (all your qemu options) -netdev socket,id=vlan,fd=3 -device virtio-net-pci,netdev=vlan,mac=5a:94:ef:e4:0c:ee\n```\n\nStarting from Qemu version 7.2.0 it is possible to run w/o a wrapper:\n```\n(terminal 1) $ bin/gvproxy -debug -listen unix:///tmp/network.sock -listen-qemu unix:///tmp/qemu.sock\n(terminal 2) $ qemu-system-x86_64 (all your qemu options) -netdev stream,id=vlan,addr.type=unix,addr.path=/tmp/qemu.sock -device virtio-net-pci,netdev=vlan,mac=5a:94:ef:e4:0c:ee\n```\n\n## Run with User Mode Linux\n\n```\n(terminal 1) $ bin/gvproxy -debug -listen unix:///tmp/network.sock -listen-bess unixpacket:///tmp/bess.sock\n(terminal 2) $ linux.uml vec0:transport=bess,dst=/tmp/bess.sock,depth=128,gro=1,mac=5a:94:ef:e4:0c:ee root=/dev/root rootfstype=hostfs init=/bin/bash mem=2G\n(terminal 2: UML)$ ip addr add 192.168.127.2/24 dev vec0\n(terminal 2: UML)$ ip link set vec0 up\n(terminal 2: UML)$ ip route add default via 192.168.127.254\n```\n\nMore docs about the User Mode Linux with BESS socket transport: https://www.kernel.org/doc/html/latest/virt/uml/user_mode_linux_howto_v2.html#bess-socket-transport\n\n## Run with [vfkit](https://github.com/crc-org/vfkit)\n\nWith vfkit 0.1.0 or newer, gvproxy can be used without any helper running in the VM:\n\n```\n(terminal 1) $ bin/gvproxy -debug -listen unix:///tmp/network.sock --listen-vfkit unixgram:///tmp/vfkit.sock\n(terminal 2) $ vfkit (all your vfkit options) --device virtio-net,unixSocketPath=/tmp/vfkit.sock,mac=5a:94:ef:e4:0c:ee\n```\n\n## Run with vsock\n\nMade for Windows but also works for Linux and macOS with vfkit.\n\n### Host\n\n#### Windows prerequisites\n\n```\n$service = New-Item -Path \"HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Virtualization\\GuestCommunicationServices\" -Name \"00000400-FACB-11E6-BD58-64006A7986D3\"\n$service.SetValue(\"ElementName\", \"gvisor-tap-vsock\")\n```\n\nMore docs: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/make-integration-service\n\nIn the VM, be sure to have `hv_sock` module loaded.\n\n#### Linux prerequisites\n\nOn Fedora 32, it worked out of the box. On others distros, you might have to look at https://github.com/mdlayher/vsock#requirements.\n\n#### macOS prerequisites\n\n\n`vfkit` must be started with a vsock device: `--device virtio-vsock,port=1024,socketURL=/tmp/vfkit-vsock-1024.sock`\nThen you can launch `gvproxy` with the following listen argument:\n`--listen unix:///tmp/vfkit-vsock-1024.sock`\n\n#### Run\n\n```\n(host) $ sudo bin/gvproxy -debug -listen vsock://:1024 -listen unix:///tmp/network.sock\n```\n\n### VM\n\nWith a container:\n```\n(vm) # docker run -d --name=gvisor-tap-vsock --privileged --net=host -it quay.io/crcont/gvisor-tap-vsock:latest\n(vm) $ ping -c1 192.168.127.1\n(vm) $ curl http://redhat.com\n```\n\nWith the executable:\n```\n(vm) # ./gvforwarder -debug\n```\n\n## Services\n\n### API\n\nWhen `gvproxy` is started with the `--listen` or `--services` option, it exposes a HTTP API on the host.\nThis API can be used with curl.\n\n```\n$ gvproxy --listen unix:///tmp/network.sock .... \u0026\n\n$ curl  --unix-socket /tmp/network.sock http:/unix/stats\n{\n  \"BytesSent\": 0,\n  \"BytesReceived\": 0,\n  \"UnknownProtocolRcvdPackets\": 0,\n  \"MalformedRcvdPackets\": 0,\n...\n```\n\nN.B: The `--services` option exposes the same HTTP API as the `--listen` option, but without the `/connect` endpoint. This is useful for scenarios where the `gvforwarder`/`vm` tool is not run on the guest but you still want to expose services and stats endpoints.\n\n### Gateway\n\nThe executable running on the host runs a virtual gateway that can be used by the VM.\nIt runs a DHCP server. It allows VMs to configure the network automatically (IP, MTU, DNS, search domain, etc.).\n\n### DNS\n\nThe gateway also runs a DNS server. It can be configured to serve static zones.\n\nActivate it by changing the `/etc/resolv.conf` file inside the VM with:\n```\nnameserver 192.168.127.1\n```\n\n### Port forwarding\n\nDynamic port forwarding is supported over the host HTTP API when `gvproxy` was\nstarted with `--listen` or `--services`, but also in the VM over http://192.168.127.1:80.\n\nExpose a port:\n```\n$ curl  --unix-socket /tmp/network.sock http:/unix/services/forwarder/expose -X POST -d '{\"local\":\":6443\",\"remote\":\"192.168.127.2:6443\"}'\n```\n\nUnexpose a port:\n```\n$ curl  --unix-socket /tmp/network.sock http:/unix/services/forwarder/unexpose -X POST -d '{\"local\":\":6443\"}'\n```\n\nList exposed ports:\n```\n$ curl  --unix-socket /tmp/network.sock http:/unix/services/forwarder/all | jq .\n[\n  {\n    \"local\": \":2222\",\n    \"remote\": \"192.168.127.2:22\"\n  },\n  {\n    \"local\": \":6443\",\n    \"remote\": \"192.168.127.2:6443\"\n  }\n]\n\n```\n\n### Tunneling\n\nThe HTTP API exposed on the host can be used to connect to a specific IP and port inside the virtual network.\nA working example for SSH can be found [here](https://github.com/containers/gvisor-tap-vsock/blob/master/cmd/ssh-over-vsock).\n\n## Limitations\n\n* ICMP is not forwarded outside the network.\n\n## Performance\n\nUsing iperf3, it can achieve between 1.6 and 2.3Gbits/s depending on which side the test is performed (tested with a mtu of 4000 with QEMU on macOS).\n\n## How it works with vsock\n\n### Internet access\n\n![schema](./doc/curl.png)\n\n0. A tap network interface is running in the VM. It's the default gateway.\n1. User types `curl redhat.com`\n2. Linux kernel sends raw Ethernet packets to the tap device.\n3. Tap device sends these packets to a process on the host using [vsock](https://wiki.qemu.org/Features/VirtioVsock)\n4. The process on the host maintains both internal (host to VM) and external (host to Internet endpoint) connections. It uses regular syscalls to connect to external endpoints.\n\nThis is the same behaviour as [slirp](https://wiki.qemu.org/index.php/Documentation/Networking#User_Networking_.28SLIRP.29).\n\n### Expose a port\n\n![schema](./doc/http.png)\n\n1. The process on the host binds the port 80.\n2. Each time, a client sends a http request, the process creates and sends the appropriate Ethernet packets to the VM.\n3. The tap device receives the packets and injects them in the kernel.\n4. The http server receives the request and send back the response.\n\n## Notifications\n\n`gvproxy` can send notifications over a unix socket about hypervisor\nconnections, and about network switch connections/disconnections.\n\nThese notifications can be enabled with the `--notification unix://$NOTIF_PATH` argument.\n`$NOTIF_PATH` is the path to a listening unix socket.\n`gvproxy` will then send json messages on this socket.\n\nTo receive notifications, 2 terminals need to be opened.\n\n### Terminal 1:\n\n```bash\n$ nc -k -U -l /tmp/notification.sock\n```\n\n### Terminal 2:\n\n```bash\n$ gvproxy --notification unix:///tmp/notification.sock\n```\n\nThe terminal where `nc` is running will print:\n```json\n{\"notification_type\":\"ready\"}\n{\"notification_type\":\"connection_established\",\"mac_address\":\"5a:94:ef:e4:0c:ee\"}\n{\"notification_type\":\"connection_closed\",\"mac_address\":\"5a:94:ef:e4:0c:ee\"}\n```\n\nNotification types:\n- `ready` - sent when gvproxy is ready to accept connections\n- `connection_established` - sent when a VM connects (includes `mac_address`)\n- `connection_closed` - sent when a VM disconnects (includes `mac_address`)\n- `hypervisor_error` - sent on hypervisor errors\n\n## Development\nDevelopers who want to work on gvisor-tap-vsock should visit the [Development](./DEVELOPMENT.md) document.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontainers%2Fgvisor-tap-vsock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcontainers%2Fgvisor-tap-vsock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontainers%2Fgvisor-tap-vsock/lists"}