On Wed, Mar 5, 2025 at 8:39 AM Bobby Eshleman <bobbyeshleman@xxxxxxxxx> wrote: > > On Tue, Apr 28, 2020 at 06:00:52PM +0200, Stefano Garzarella wrote: > > On Tue, Apr 28, 2020 at 04:13:22PM +0800, Jason Wang wrote: > > > > > > > > > As we've discussed, it should be a netdev probably in either guest or host > > > side. And it would be much simpler if we want do implement namespace then. > > > No new API is needed. > > > > > > > Thanks Jason! > > > > It would be cool, but I don't have much experience on netdev. > > Do you see any particular obstacles? > > > > I'll take a look to understand how to do it, surely in the guest would > > be very useful to have the vsock device as a netdev and maybe also in the host. > > > > WRT netdev, do we foresee big gains beyond just leveraging the netdev's > namespace? It's a leverage of the network subsystem (netdevice, steering, uAPI, tracing, probably a lot of others), not only its namespace. It can avoid duplicating existing mechanisms in a vsock specific way. If we manage to do that, namespace support will be a "byproduct". > > IIUC, the idea is that we could follow the tcp/ip model and introduce > vsock-supported netdevs. This would allow us to have a netdev associated > with the virtio-vsock device and create virtual netdev pairs (i.e., > veth) that can bridge namespaces. Then, allocate CIDs or configure port > mappings for those namespaces? Probably. > > I think it might be a lot of complexity to bring into the picture from > netdev, and I'm not sure there is a big win since the vsock device could > also have a vsock->net itself? Yes, it can. I think we need to evaluate both approaches (that's why I raise the approach of reusing netdevice). We can hear from others. > I think the complexity will come from the > address translation, which I don't think netdev buys us because there > would still be all of the work work to support vsock in netfilter? Netfilter should not work as vsock will behave as a separate protocol other than TCP/IP (e.g ETH_P_VSOCK) if we try to implement netdevice. > > Some other thoughts I had: netdev's flow control features would all have > to be ignored or disabled somehow (I think dev_direct_xmit()?), because > queueing introduces packet loss and the vsock protocol is unable to > survive packet loss. Or just allow it and then configuring a qdisc that may drop packets could be treated as a misconfiguration. > Netfilter's ability to drop packets would have to > be disabled too. > > Best, > Bobby > Thanks
