ncat: add AF_VSOCK support #1075
Conversation
|
@dmiller-nmap Ping? |
|
I have rebased onto master to resolve conflicts. Please review. |
|
@bonsaiviking Do you have time to review this? If not, maybe you can help me find a reviewer? Thanks! |
|
This looks interesting and very thorough. Can you give a little more background (links?) about VSOCK connections, why Ncat should support them, and how we can do a test setup? Thanks! |
|
The first thing new users do is to try netcat (for testing and troubleshooting). I wrote a utility to do this, but going forward I'd prefer to add support to ncat instead of shipping a new package solely for AF_VSOCK: Hypervisor services and guest agents can use AF_VSOCK without worrying about network configuration since it's zero-configuration. For example, it is fairly common to run an agent inside the guest that allows the host to run management commands. VMware, KVM, and Hyper-V hypervisors all support AF_VSOCK. Here is the Linux man page: An overview of the virtio transport: You can try it out on a Linux host with QEMU: Any recent Linux guest should work (Debian testing, Fedora 27, etc). |
AF_VSOCK sockets faciliate host<->guest communication on VMware, KVM, and Hyper-V hypervisors. AF_VSOCK has been available since Linux 3.9. SOCK_STREAM and SOCK_DGRAM semantics may be supported and semantics are similar to TCP and UDP. Addresses are represented by a <u32 cid, u32 port> pair, where the CID plays a role analogous to an IP address. This patch adds nsock_connect_vsock_stream() and nsock_connect_vsock_datagram() APIs. Note that nsock_connect_internal()'s unsigned short port argument must be changed to unsigned int to represent AF_VSOCK port numbers. Public TCP/UDP APIs are unchanged and still only take unsigned short port arguments.
Up until now unsigned short was sufficient for TCP/UDP port numbers. The AF_VSOCK address family uses unsigned 32-bit port numbers. This patch refactors main() so that AF_VSOCK code will be able to use the full [0, UINT32_MAX] port range in the next patch.
To connect using AF_VSOCK: ncat --vsock <cid> <port> To listen using AF_VSOCK: ncat --vsock --listen <port>
|
@dmiller-nmap I have rebased and retested this pull request. AF_VSOCK is being used increasingly for guest agents by Kata Containers, Crosvm, and other projects. ncat support is very useful for manually debugging and troubleshooting connectivity. I hope this feature can be merged. If you have any questions, please let me know. Thanks! |
|
I finally had a chance to review this, and it looks good! I moved around some |
|
@dmiller-nmap Thank you! |
This pull request adds support for the AF_VSOCK address family that has been in Linux since 3.9. AF_VSOCK facilitates host<->guest communication for VMware, KVM, and Hyper-V hypervisors. Addresses are represented as <u32 cid, u32 port> pairs. Both SOCK_STREAM and SOCK_DGRAM socket types are available (depending on hypervisor support).
AF_VSOCK is used for guest agents and hypervisor services. It is useful to have ncat support for shell scripting and testing.
This pull request adds an
ncat --vsockaddress family option (similar to how UNIX domain sockets and SCTP are supported). Please see the ncat.1 changes in the last commit for details.