New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ncat: add AF_VSOCK support #1075
Conversation
@dmiller-nmap Ping? |
I have rebased onto master to resolve conflicts. Please review. |
@bonsaiviking Do you have time to review this? If not, maybe you can help me find a reviewer? Thanks! |
This looks interesting and very thorough. Can you give a little more background (links?) about VSOCK connections, why Ncat should support them, and how we can do a test setup? Thanks! |
The first thing new users do is to try netcat (for testing and troubleshooting). I wrote a utility to do this, but going forward I'd prefer to add support to ncat instead of shipping a new package solely for AF_VSOCK: Hypervisor services and guest agents can use AF_VSOCK without worrying about network configuration since it's zero-configuration. For example, it is fairly common to run an agent inside the guest that allows the host to run management commands. VMware, KVM, and Hyper-V hypervisors all support AF_VSOCK. Here is the Linux man page: An overview of the virtio transport: You can try it out on a Linux host with QEMU:
Any recent Linux guest should work (Debian testing, Fedora 27, etc). |
AF_VSOCK sockets faciliate host<->guest communication on VMware, KVM, and Hyper-V hypervisors. AF_VSOCK has been available since Linux 3.9. SOCK_STREAM and SOCK_DGRAM semantics may be supported and semantics are similar to TCP and UDP. Addresses are represented by a <u32 cid, u32 port> pair, where the CID plays a role analogous to an IP address. This patch adds nsock_connect_vsock_stream() and nsock_connect_vsock_datagram() APIs. Note that nsock_connect_internal()'s unsigned short port argument must be changed to unsigned int to represent AF_VSOCK port numbers. Public TCP/UDP APIs are unchanged and still only take unsigned short port arguments.
Up until now unsigned short was sufficient for TCP/UDP port numbers. The AF_VSOCK address family uses unsigned 32-bit port numbers. This patch refactors main() so that AF_VSOCK code will be able to use the full [0, UINT32_MAX] port range in the next patch.
To connect using AF_VSOCK: ncat --vsock <cid> <port> To listen using AF_VSOCK: ncat --vsock --listen <port>
@dmiller-nmap I have rebased and retested this pull request. AF_VSOCK is being used increasingly for guest agents by Kata Containers, Crosvm, and other projects. ncat support is very useful for manually debugging and troubleshooting connectivity. I hope this feature can be merged. If you have any questions, please let me know. Thanks! |
I finally had a chance to review this, and it looks good! I moved around some |
@dmiller-nmap Thank you! |
This pull request adds support for the AF_VSOCK address family that has been in Linux since 3.9. AF_VSOCK facilitates host<->guest communication for VMware, KVM, and Hyper-V hypervisors. Addresses are represented as <u32 cid, u32 port> pairs. Both SOCK_STREAM and SOCK_DGRAM socket types are available (depending on hypervisor support).
AF_VSOCK is used for guest agents and hypervisor services. It is useful to have ncat support for shell scripting and testing.
This pull request adds an
ncat --vsock
address family option (similar to how UNIX domain sockets and SCTP are supported). Please see the ncat.1 changes in the last commit for details.