Slirp

Slirp (sometimes capitalized SLiRP) is a software program that emulates a PPP, SLIP, or CSLIP connection to the Internet using a text-based shell account. Its original purpose became largely obsolete as dedicated dial-up PPP connections and broadband Internet access became widely available and inexpensive. It then found additional use in connecting mobile devices, such as PDAs, via their serial ports. Another significant use case is firewall piercing/port forwarding. One typical use of Slirp creates a general purpose network connection over a SSH session on which port forwarding is restricted. Another use case is to create external connectivity for unprivileged containers.

Usage
Shell accounts normally only allow the use of command line or text-based software, but by logging into a shell account and running Slirp on the remote server, a user can transform their shell account into a general purpose SLIP/PPP network connection, allowing them to run any TCP/IP-based application—including standard GUI software such as the formerly popular Netscape Navigator—on their computer. This was especially useful in the 1990s because simple shell accounts were less expensive and/or more widely available than full SLIP/PPP accounts.

In the mid-1990s, numerous universities provided dial-up shell accounts (to their faculty, staff, and students). These command line-only connections became more versatile with SLIP/PPP, enabling the use of arbitrary TCP/IP-based applications. Many guides to using university dial-up connections with Slirp were published online. Use of TCP/IP emulations software like Slirp, and its commercial competitor TIA was banned by some shell account providers, who believed its users violated their terms of service or consumed too much bandwidth.

Slirp is also useful for connecting PDAs and other mobile devices to the Internet: by connecting such a device to a computer running Slirp, via a serial cable or USB, the mobile device can connect to the Internet.

Limitations
Unlike a true SLIP/PPP connection, provided by a dedicated server, a Slirp connection does not strictly obey the principle of end-to-end connectivity envisioned by the Internet protocol suite. The remote end of the connection, running on the shell account, cannot allocate a new IP address and route traffic to it. Thus the local computer cannot accept arbitrary incoming connections, although Slirp can use port forwarding to accept incoming traffic for specific ports.

This limitation is similar to that of network address translation. It can provide enhanced security as a side effect, it also can enforce policies and act as a firewall between the local computer and the Internet.

Current status
Slirp is free software licensed under a BSD-like, modified 4-clause BSD license by its original author. After the original author stopped maintaining it, Kelly Price took over as maintainer. There were no releases from Kelly Price after 2006. Debian maintainers have taken over some maintenance tasks, such as modifying Slirp to work correctly on 64-bit computers. In 2019, a more actively maintained Slirp repository was used by slirp4netns to provides network connectivity for unprivileged, rootless containers and VMs.

Influence on other projects
Despite being largely obsolete, Slirp made a great influence on the networking stacks used in virtual machines and other virtualized environments. The established practice of connecting the virtual machines to the host's network stack was to use the various packet injection mechanisms. Raw sockets, being one of such mechanisms, were originally used for that purpose, and, due to many problems and limitations, were later replaced with the TAP device.

Packet injection is a privileged operation that may introduce a security threat, something that the introduction of TAP device solved only partially. Slirp-derived NAT implementation brought a solution to this long-standing problem. It was discovered that Slirp has the full NAPT implementation as a stand-alone user-space code, whereas other NAT engines are usually embedded into a network protocol stack and/or do not cooperate with the host OS when doing PAT (use their own port ranges and require packet injection). QEMU project have adopted the appropriate code portions of the Slirp package and got the permission from its original authors to re-license it under 3-clause BSD license. Such license change allowed many other FOSS projects to adopt the QEMU-provided Slirp portions, which was (and still is) not possible with the original Slirp codebase because of the license compatibility problems. Some of the notable adopters are VDE and VirtualBox projects.