On Tue, Apr 28, 2020 at 06:00:52PM +0200, Stefano Garzarella wrote: > On Tue, Apr 28, 2020 at 04:13:22PM +0800, Jason Wang wrote: > > > > > > As we've discussed, it should be a netdev probably in either guest or host > > side. And it would be much simpler if we want do implement namespace then. > > No new API is needed. > > > > Thanks Jason! > > It would be cool, but I don't have much experience on netdev. > Do you see any particular obstacles? > > I'll take a look to understand how to do it, surely in the guest would > be very useful to have the vsock device as a netdev and maybe also in the host. > WRT netdev, do we foresee big gains beyond just leveraging the netdev's namespace? IIUC, the idea is that we could follow the tcp/ip model and introduce vsock-supported netdevs. This would allow us to have a netdev associated with the virtio-vsock device and create virtual netdev pairs (i.e., veth) that can bridge namespaces. Then, allocate CIDs or configure port mappings for those namespaces? I think it might be a lot of complexity to bring into the picture from netdev, and I'm not sure there is a big win since the vsock device could also have a vsock->net itself? I think the complexity will come from the address translation, which I don't think netdev buys us because there would still be all of the work work to support vsock in netfilter? Some other thoughts I had: netdev's flow control features would all have to be ignored or disabled somehow (I think dev_direct_xmit()?), because queueing introduces packet loss and the vsock protocol is unable to survive packet loss. Netfilter's ability to drop packets would have to be disabled too. Best, Bobby
