Function smoltcp_poll_loop 

pub fn smoltcp_poll_loop(
    shared: Arc<SharedState>,
    config: PollLoopConfig,
    network_policy: NetworkPolicy,
    dns_config: DnsConfig,
    tls_state: Option<Arc<TlsState>>,
    published_ports: Vec<PublishedPort>,
    max_connections: Option<usize>,
    tokio_handle: Handle,
)

Main smoltcp poll loop. Runs on a dedicated OS thread.

Processes guest frames with pre-inspection, drives smoltcp’s TCP/IP stack, and sleeps via poll(2) between events.

Phases per iteration

1. Drain guest frames — pop from tx_ring, classify, pre-inspect.
2. smoltcp egress + maintenance — transmit queued packets, run timers.
3. Service connections — relay data between smoltcp sockets and proxy tasks (added by later tasks).
4. Sleep — poll(2) on tx_wake + proxy_wake pipes with smoltcp’s requested timeout.

Arguments

• shared - Stack-wide shared state: tx_ring / rx_ring for the virtio-net boundary and the wake eventfds.
• config - Resolved per-sandbox parameters (gateway / guest MAC + IPv4 + IPv6, MTU).
• network_policy - User-provided egress policy. Evaluated against the sandbox’s gateway IPs (stored on SharedState) so DestinationGroup::Host rules match.
• dns_config - DNS interception settings (block lists, upstreams, timeout).
• tls_state - Optional TLS MITM state; drives interception of intercepted ports and DoT when present.
• published_ports - Host → guest port publishes; the publisher accepts inbound connections on the host-bind address and forwards into the guest.
• max_connections - Optional cap on concurrent guest connections tracked by ConnectionTracker; None uses the default.
• tokio_handle - Runtime handle used for proxy tasks, DNS forwarding, port publishing, and ICMP relays.