Using gVisor as a library to terminate a TCP connection from raw IP packets

Skip to first unread message

Christian Worm Mortensen

Dec 12, 2020, 3:12:52 PM12/12/20
to gVisor Users [Public]

I am investigating if it would make sense to use gVisor and Go for a larger software project. It would be great with some input on if this would be a good fit.

A part of this project would be to implement an HTTPS server from raw IP packets. That is, the program needs to implement an HTTPS server that communicate with raw IP packets over a Go API call.

Using the Go standard library functions to terminate TLS and HTTP seems pretty straight forward to me: The go crypto packet seems to be able to work on a net.Conn interface which I can implement myself. This will give me a crypto.Conn that I can feed into an HTTP server from net.http.

But what about terminating a TCP connection based on raw IP packets? That is, creating a net.Conn from raw IP packets? Can I somehow use gVisor for that? And if so, will it pull in a lot of extra code making my compiled program 10s of megabytes larger?

Thanks in advance,


Bhasker Hariharan

Dec 12, 2020, 3:20:56 PM12/12/20
to Christian Worm Mortensen, gVisor Users [Public]
Answer inlined.

You can use gvisors network stack independently. There are a lot of existing projects that do that. One would be slirpnetstack on github. Also checkout tcpip/adapters/gonet. It provides an adapter that lets you use the network stack in a Go program and provides a net.Conn compatible API.


Thanks in advance,


You received this message because you are subscribed to the Google Groups "gVisor Users [Public]" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit
Reply all
Reply to author
0 new messages