Expand description
microsandbox-network provides the smoltcp in-process networking engine
for sandbox network isolation and policy enforcement.
Modules§
- backend
SmoltcpBackend— libkrunNetBackendimplementation that bridges the NetWorker thread to the smoltcp poll thread via lock-free queues.- builder
- Fluent builder API for
NetworkConfig. - config
- Serializable network configuration types.
- conn
- Connection tracker: manages smoltcp TCP sockets for the poll loop.
- device
- Slot-based
smoltcp::phy::Deviceimplementation. - dns
- DNS interception via smoltcp UDP socket + async resolution.
- icmp_
relay - External ICMP echo-only relay: host probe + reply frame synthesis.
- network
SmoltcpNetwork— orchestration type that tiesNetworkConfigto the smoltcp engine.- policy
- Network policy model and rule matching.
- proxy
- Bidirectional TCP proxy: smoltcp socket ↔ channels ↔ tokio socket.
- publisher
- Published port handling: host-side listeners that forward connections into the guest VM via smoltcp.
- secrets
- Placeholder-based secret injection for TLS-intercepted connections.
- shared
- Shared state between the NetWorker thread, smoltcp poll thread, and tokio proxy tasks.
- stack
- smoltcp interface setup, frame classification, and poll loop.
- tls
- TLS interception: inline MITM for the smoltcp networking stack.
- udp_
relay - Non-DNS UDP relay: handles UDP traffic outside smoltcp.