Leverage Google gVisor for a userspace network stack in pure Go - Leonardo - 11:30

Leverage Google gVisor for a userspace network stack in pure Go

I am the lead maintainer of go-ios a OSS project to work with iOS devices that heavily relies on networking code. For this and other projects I built and maintain WebSocket, WebRTC and other networking production services. Recently, the need arose to run a full blown network stack as part of the project entirely in user space.
Google gVisor implements its own network stack called netstack. All aspects of the network stack are handled inside the Sentry — including TCP connection state, control messages, and packet assembly — keeping it isolated from the host network stack. While the primary use case is sandboxing containers, you can use netstack to run your own userspace wireguard network interfaces without installing interfaces, drivers or system user privileges.
Learn how companies like fly.io or tailscale build VPNs that do not require `sudo` by creatively
using Google's powerful gVisor netstack.

LEVEL: Intermediate

Speaker

Daniel Paulus

Director of Engineering @ Checkly

Place

Leonardo

Length

45 min

When

October 7th, 2025

11:30

Leverage Google gVisor for a userspace network stack in pure Go - Leonardo - 11:30

Abstract

I am the lead maintainer of go-ios a OSS project to work with iOS devices that heavily relies on networking code. For this and other projects I built and maintain WebSocket, WebRTC and other networking production services. Recently, the need arose to
run a full blown network stack as part of the project entirely in user space.
Google gVisor implements its own network stack called netstack. All aspects of the network stack are handled inside the Sentry — including TCP connection state, control messages, and packet assembly — keeping it isolated from the host network stack. While the primary use case is sandboxing containers, you can use netstack to run your own userspace wireguard network interfaces without installing interfaces, drivers or system user privileges.
Learn how companies like fly.io or tailscale build VPNs that do not require `sudo` by creatively
using Google's powerful gVisor netstack.

GoLab is a conference made by Develer.
Develer is a company based in Campi Bisenzio, near Florence. Our motto is : "Technology to give life to your products". We produce hardware and software to create exceptional products and to improve industrial processes and people's well being.
In Develer we have passion for the new technologies and we offer our clients effective solutions that are also efficient, simple and safe for the end users. We also believe in a friendly and welcoming environment where anybody can give their contribution. This passion and this vision are what we've been driven to organize our conference "made by developers for developers".

Subscribe to our newsletter

We hate spam just as much as you do, which is why we promise to only send you relevant communications. We respect your privacy and will never share your information with third parties.