Skip to content

Instantly share code, notes, and snippets.

@majek
Last active Dec 16, 2019
Embed
What would you like to do?
gvisor performance with slirp4netns
#!/bin/bash
set -e
# Dependencies:
# apt install jq
if [ ]; then
GVFLAGS=--network=host
FILESZ=1G
else
FILESZ=16M
fi
RUNSC="./runsc"
SLIRP="./slirp4netns"
if [ ! -f config.json ]; then
${RUNSC} spec
EXTRA_CAPS='"CAP_SETGID", "CAP_SETUID", "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_SETFCAP", "CAP_SETPCAP"'
sed -i "s#\(\"CAP_NET_BIND_SERVICE\"\)#\1, ${EXTRA_CAPS}#" config.json
sed -i 's#readonly": true#readonly": false#' config.json
sed -i 's#\("TERM=xterm"\)#\1,\n"DEBIAN_FRONTEND=noninteractive"#' config.json
fi
if [ ! -d rootfs ]; then
mkdir rootfs
docker export $(docker create ubuntu:bionic) | tar -xf - -C rootfs
echo "nameserver 10.0.2.3" > rootfs/etc/resolv.conf
fi
echo "[*] Cleanup"
pkill -f 'python -m SimpleHTTPServer' || true
pkill 'slirp4netns' || true
${RUNSC} kill hello || true
${RUNSC} delete hello || true
rm file.bin || true
echo "[*] Create gvisor"
# gofer requires many files
ulimit -n 1048576
${RUNSC} ${GVFLAGS} create hello
NSPID=`${RUNSC} state hello | jq .pid`
nsenter -n -t ${NSPID} ip link set lo up
nsenter -n -t ${NSPID} ip tuntap add mode tap name eth0
nsenter -n -t ${NSPID} ip link set dev eth0 up
nsenter -n -t ${NSPID} ip addr add 10.0.2.100/24 dev eth0
nsenter -n -t ${NSPID} ip neigh add 10.0.2.2 lladdr 70:71:aa:4b:29:aa dev eth0
nsenter -n -t ${NSPID} ip route add 0.0.0.0/0 via 10.0.2.2 dev eth0
fallocate -l ${FILESZ} file.bin
python -m SimpleHTTPServer 8080 &
HTTPPID=$!
${SLIRP} ${NSPID} -m 65521 eth0 &
SLIRPPID=$!
echo "[*] Start gvisor"
${RUNSC} ${GVFLAGS} start hello
if [ ! -f rootfs/usr/bin/curl ]; then
${RUNSC} exec hello apt-get -q update
${RUNSC} exec hello apt-get -qy install apt-utils ca-certificates curl
fi
echo "[*] running curl"
${RUNSC} exec hello curl 10.0.2.2:8080/file.bin -o /dev/null || true
${RUNSC} kill -all hello
${RUNSC} delete -force hello || true
kill ${SLIRPPID} ${HTTPPID}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment