{"updated":"2025-01-19T14:57:54.210202+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00218983","sets":["1164:1867:10898:10972"]},"path":["10972"],"owner":"44499","recid":"218983","title":["Accelerating TCP/IP Communications in Rootless Containers by Socket Switching"],"pubdate":{"attribute_name":"公開日","attribute_value":"2022-07-20"},"_buckets":{"deposit":"b059af79-7092-43a0-bf59-f2fe34c425f8"},"_deposit":{"id":"218983","pid":{"type":"depid","value":"218983","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Accelerating TCP/IP Communications in Rootless Containers by Socket Switching","author_link":["570572","570570","570569","570571"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Accelerating TCP/IP Communications in Rootless Containers by Socket Switching"},{"subitem_title":"Accelerating TCP/IP Communications in Rootless Containers by Socket Switching","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"ユーザ空間","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2022-07-20","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"Kyoto University"},{"subitem_text_value":"NTT Software Innovation Center"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Kyoto University","subitem_text_language":"en"},{"subitem_text_value":"NTT Software Innovation Center","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"eng"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/218983/files/IPSJ-OS22156009.pdf","label":"IPSJ-OS22156009.pdf"},"date":[{"dateType":"Available","dateValue":"2024-07-20"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-OS22156009.pdf","filesize":[{"value":"1.3 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"11"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"20b3b027-a2d4-4ace-855b-b669727d6cdb","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2022 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Naoki, Matsumoto"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Akihiro, Suda"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Naoki, Matsumoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Akihiro, Suda","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN10444176","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8795","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"”Rootless containers” is a concept to run the entire container runtime and containers without the root privileges. It protects the host environment from attackers exploiting container runtime vulnerabilities. However, when rootless containers communicate with external endpoints, the network performance is very low compared to rootful containers because of the overhead of the user-land TCP/IP implementation called ”slirp4netns”. In this paper, we propose ”bypass4netns” that accelerate TCP/IP communications in rootless containers by bypassing slirp4netns. bypass4netns uses sockets allocated on the host. It switches socket file descriptors in containers to the host's socket file descriptors by intercepting syscalls and injecting the file descriptors, using ioctl (SECCOMP_IOCTL_NOTIF_ADDFD). We confirmed that rootless containers with bypass4netns can achieve more than 10 times faster throughput than rootless containers without it.","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"”Rootless containers” is a concept to run the entire container runtime and containers without the root privileges. It protects the host environment from attackers exploiting container runtime vulnerabilities. However, when rootless containers communicate with external endpoints, the network performance is very low compared to rootful containers because of the overhead of the user-land TCP/IP implementation called ”slirp4netns”. In this paper, we propose ”bypass4netns” that accelerate TCP/IP communications in rootless containers by bypassing slirp4netns. bypass4netns uses sockets allocated on the host. It switches socket file descriptors in containers to the host's socket file descriptors by intercepting syscalls and injecting the file descriptors, using ioctl(SECCOMP_IOCTL_NOTIF_ADDFD). We confirmed that rootless containers with bypass4netns can achieve more than 10 times faster throughput than rootless containers without it.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"7","bibliographic_titles":[{"bibliographic_title":"研究報告システムソフトウェアとオペレーティング・システム（OS）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2022-07-20","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"2022-OS-156"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:19:19.422076+00:00","id":218983,"links":{}}