diff --git a/pkg/cri/sbserver/helpers_test.go b/pkg/cri/sbserver/helpers_test.go
index b9a9aa8a8..8532b895a 100644
--- a/pkg/cri/sbserver/helpers_test.go
+++ b/pkg/cri/sbserver/helpers_test.go
@@ -19,10 +19,13 @@ package sbserver
 import (
 	"context"
 	"os"
+	goruntime "runtime"
 	"strings"
 	"testing"
 	"time"
 
+	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
+
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/oci"
@@ -615,3 +618,49 @@ func TestGetRuntimeOptions(t *testing.T) {
 	_, err = getRuntimeOptions(containers.Container{Runtime: containers.RuntimeInfo{Options: typeurlAny}})
 	require.NoError(t, err)
 }
+
+func TestHostNetwork(t *testing.T) {
+	tests := []struct {
+		name     string
+		c        *runtime.PodSandboxConfig
+		expected bool
+	}{
+		{
+			name: "when pod namespace return false",
+			c: &runtime.PodSandboxConfig{
+				Linux: &runtime.LinuxPodSandboxConfig{
+					SecurityContext: &runtime.LinuxSandboxSecurityContext{
+						NamespaceOptions: &runtime.NamespaceOption{
+							Network: runtime.NamespaceMode_POD,
+						},
+					},
+				},
+			},
+			expected: false,
+		},
+		{
+			name: "when node namespace return true",
+			c: &runtime.PodSandboxConfig{
+				Linux: &runtime.LinuxPodSandboxConfig{
+					SecurityContext: &runtime.LinuxSandboxSecurityContext{
+						NamespaceOptions: &runtime.NamespaceOption{
+							Network: runtime.NamespaceMode_NODE,
+						},
+					},
+				},
+			},
+			expected: true,
+		},
+	}
+
+	for _, tt := range tests {
+		if goruntime.GOOS != "linux" {
+			t.Skip()
+		}
+		t.Run(tt.name, func(t *testing.T) {
+			if hostNetwork(tt.c) != tt.expected {
+				t.Errorf("failed hostNetwork got %t expected %t", hostNetwork(tt.c), tt.expected)
+			}
+		})
+	}
+}
diff --git a/pkg/cri/sbserver/helpers_windows_test.go b/pkg/cri/sbserver/helpers_windows_test.go
new file mode 100644
index 000000000..3cc844bc0
--- /dev/null
+++ b/pkg/cri/sbserver/helpers_windows_test.go
@@ -0,0 +1,71 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package sbserver
+
+import (
+	"testing"
+
+	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
+)
+
+func TestWindowsHostNetwork(t *testing.T) {
+	tests := []struct {
+		name     string
+		c        *runtime.PodSandboxConfig
+		expected bool
+	}{
+		{
+			name: "when host process is false returns false",
+			c: &runtime.PodSandboxConfig{
+				Windows: &runtime.WindowsPodSandboxConfig{
+					SecurityContext: &runtime.WindowsSandboxSecurityContext{
+						HostProcess: false,
+					},
+				},
+			},
+			expected: false,
+		},
+		{
+			name: "when host process is true return true",
+			c: &runtime.PodSandboxConfig{
+				Windows: &runtime.WindowsPodSandboxConfig{
+					SecurityContext: &runtime.WindowsSandboxSecurityContext{
+						HostProcess: true,
+					},
+				},
+			},
+			expected: true,
+		},
+		{
+			name: "when no host process return false",
+			c: &runtime.PodSandboxConfig{
+				Windows: &runtime.WindowsPodSandboxConfig{
+					SecurityContext: &runtime.WindowsSandboxSecurityContext{},
+				},
+			},
+			expected: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if hostNetwork(tt.c) != tt.expected {
+				t.Errorf("failed hostNetwork got %t expected %t", hostNetwork(tt.c), tt.expected)
+			}
+		})
+	}
+}
diff --git a/pkg/cri/server/helpers_test.go b/pkg/cri/server/helpers_test.go
index a184d470e..cc44cede6 100644
--- a/pkg/cri/server/helpers_test.go
+++ b/pkg/cri/server/helpers_test.go
@@ -19,6 +19,7 @@ package server
 import (
 	"context"
 	"os"
+	goruntime "runtime"
 	"strings"
 	"testing"
 	"time"
@@ -41,6 +42,8 @@ import (
 	"github.com/pelletier/go-toml"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
 )
 
 // TestGetUserFromImage tests the logic of getting image uid or user name of image user.
@@ -615,3 +618,49 @@ func TestGetRuntimeOptions(t *testing.T) {
 	_, err = getRuntimeOptions(containers.Container{Runtime: containers.RuntimeInfo{Options: typeurlAny}})
 	require.NoError(t, err)
 }
+
+func TestHostNetwork(t *testing.T) {
+	tests := []struct {
+		name     string
+		c        *runtime.PodSandboxConfig
+		expected bool
+	}{
+		{
+			name: "when pod namespace return false",
+			c: &runtime.PodSandboxConfig{
+				Linux: &runtime.LinuxPodSandboxConfig{
+					SecurityContext: &runtime.LinuxSandboxSecurityContext{
+						NamespaceOptions: &runtime.NamespaceOption{
+							Network: runtime.NamespaceMode_POD,
+						},
+					},
+				},
+			},
+			expected: false,
+		},
+		{
+			name: "when node namespace return true",
+			c: &runtime.PodSandboxConfig{
+				Linux: &runtime.LinuxPodSandboxConfig{
+					SecurityContext: &runtime.LinuxSandboxSecurityContext{
+						NamespaceOptions: &runtime.NamespaceOption{
+							Network: runtime.NamespaceMode_NODE,
+						},
+					},
+				},
+			},
+			expected: true,
+		},
+	}
+
+	for _, tt := range tests {
+		if goruntime.GOOS != "linux" {
+			t.Skip()
+		}
+		t.Run(tt.name, func(t *testing.T) {
+			if hostNetwork(tt.c) != tt.expected {
+				t.Errorf("failed hostNetwork got %t expected %t", hostNetwork(tt.c), tt.expected)
+			}
+		})
+	}
+}
diff --git a/pkg/cri/server/helpers_windows_test.go b/pkg/cri/server/helpers_windows_test.go
new file mode 100644
index 000000000..16d2eadce
--- /dev/null
+++ b/pkg/cri/server/helpers_windows_test.go
@@ -0,0 +1,62 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package server
+
+import (
+	"testing"
+
+	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
+)
+
+func TestWindowsHostNetwork(t *testing.T) {
+	tests := []struct {
+		name     string
+		c        *runtime.PodSandboxConfig
+		expected bool
+	}{
+		{
+			name: "when host process is false returns false",
+			c: &runtime.PodSandboxConfig{
+				Windows: &runtime.WindowsPodSandboxConfig{
+					SecurityContext: &runtime.WindowsSandboxSecurityContext{
+						HostProcess: false,
+					},
+				},
+			},
+			expected: false,
+		},
+		{
+			name: "when host process is true return true",
+			c: &runtime.PodSandboxConfig{
+				Windows: &runtime.WindowsPodSandboxConfig{
+					SecurityContext: &runtime.WindowsSandboxSecurityContext{
+						HostProcess: true,
+					},
+				},
+			},
+			expected: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if hostNetwork(tt.c) != tt.expected {
+				t.Errorf("failed hostNetwork got %t expected %t", hostNetwork(tt.c), tt.expected)
+			}
+		})
+	}
+}