linux-hyperv.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Bobby Eshleman <bobbyeshleman@gmail.com>
To: Stefano Garzarella <sgarzare@redhat.com>
Cc: davem@davemloft.net, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org, Jorgen Hansen <jhansen@vmware.com>,
	Jason Wang <jasowang@redhat.com>,
	kvm@vger.kernel.org, Stefan Hajnoczi <stefanha@redhat.com>,
	virtualization@lists.linux-foundation.org,
	linux-hyperv@vger.kernel.org,
	"Michael S. Tsirkin" <mst@redhat.com>,
	Dexuan Cui <decui@microsoft.com>,
	Jakub Kicinski <kuba@kernel.org>
Subject: Re: [PATCH net-next 0/3] vsock: support network namespace
Date: Tue, 4 Mar 2025 16:06:02 -0800	[thread overview]
Message-ID: <Z8eVanBR7r90FK7m@devvm6277.cco0.facebook.com> (raw)
In-Reply-To: <20200116172428.311437-1-sgarzare@redhat.com>

On Thu, Jan 16, 2020 at 06:24:25PM +0100, Stefano Garzarella wrote:
> RFC -> v1:
>  * added 'netns' module param to vsock.ko to enable the
>    network namespace support (disabled by default)
>  * added 'vsock_net_eq()' to check the "net" assigned to a socket
>    only when 'netns' support is enabled
> 
> RFC: https://patchwork.ozlabs.org/cover/1202235/
> 
> Now that we have multi-transport upstream, I started to take a look to
> support network namespace in vsock.
> 
> As we partially discussed in the multi-transport proposal [1], it could
> be nice to support network namespace in vsock to reach the following
> goals:
> - isolate host applications from guest applications using the same ports
>   with CID_ANY
> - assign the same CID of VMs running in different network namespaces
> - partition VMs between VMMs or at finer granularity
> 
> This new feature is disabled by default, because it changes vsock's
> behavior with network namespaces and could break existing applications.
> It can be enabled with the new 'netns' module parameter of vsock.ko.
> 
> This implementation provides the following behavior:
> - packets received from the host (received by G2H transports) are
>   assigned to the default netns (init_net)
> - packets received from the guest (received by H2G - vhost-vsock) are
>   assigned to the netns of the process that opens /dev/vhost-vsock
>   (usually the VMM, qemu in my tests, opens the /dev/vhost-vsock)
>     - for vmci I need some suggestions, because I don't know how to do
>       and test the same in the vmci driver, for now vmci uses the
>       init_net
> - loopback packets are exchanged only in the same netns


Hey Stefano,

I recently picked up this series and am hoping to help update it / get
it merged to address a known use case. I have some questions and
thoughts (in other parts of this thread) and would love some
suggestions!

I already have a local branch with this updated with skbs and using
/dev/vhost-vsock-netns to opt-in the VM as per the discussion in this
thread.

One question: what is the behavior we expect from guest namespaces?  In
v2, you mentioned prototyping a /dev/vsock ioctl() to define the
namespace for the virtio-vsock device. This would mean only one
namespace could use vsock in the guest? Do we want to make sure that our
design makes it possible to support multiple namespaces in the future if
the use case arrives?

More questions/comments in other parts of this thread.

Thanks!

- Bobby


  parent reply	other threads:[~2025-03-05  0:06 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-16 17:24 [PATCH net-next 0/3] vsock: support network namespace Stefano Garzarella
2020-01-16 17:24 ` [PATCH net-next 1/3] vsock: add network namespace support Stefano Garzarella
2020-01-20  9:06   ` David Miller
2020-01-20 10:17     ` Stefano Garzarella
2020-01-20 12:03       ` Michael S. Tsirkin
2020-01-20 13:58         ` Stefano Garzarella
2020-01-20 16:04           ` Michael S. Tsirkin
2020-01-20 16:53             ` Stefano Garzarella
2020-01-20 22:02               ` Michael S. Tsirkin
2020-01-21  9:07                 ` Stefano Garzarella
2020-01-21 11:14                   ` Michael S. Tsirkin
2020-01-21 13:13                     ` Stefano Garzarella
2020-01-21 15:43                     ` Stefan Hajnoczi
2020-01-21 13:59                   ` Stefan Hajnoczi
2020-01-21 14:31                     ` Michael S. Tsirkin
2020-01-21 15:44                       ` Stefan Hajnoczi
2025-03-05  7:32   ` Michael S. Tsirkin
2025-03-05  9:23     ` Stefano Garzarella
2025-03-05  9:28       ` Michael S. Tsirkin
2025-03-05  9:37         ` Stefano Garzarella
2025-03-05 15:54       ` Bobby Eshleman
2025-03-05 16:07         ` Stefano Garzarella
2025-03-05 20:19           ` Bobby Eshleman
2020-01-16 17:24 ` [PATCH net-next 2/3] vsock/virtio_transport_common: handle netns of received packets Stefano Garzarella
2020-01-16 17:24 ` [PATCH net-next 3/3] vhost/vsock: use netns of process that opens the vhost-vsock device Stefano Garzarella
2020-01-21 15:50 ` [PATCH net-next 0/3] vsock: support network namespace Stefan Hajnoczi
2020-01-22  9:13   ` Stefano Garzarella
2020-04-27 14:25 ` Stefano Garzarella
2020-04-27 14:31   ` Michael S. Tsirkin
2020-04-27 15:21     ` Stefano Garzarella
2020-04-28  8:13   ` Jason Wang
2020-04-28 16:00     ` Stefano Garzarella
2020-04-29  9:21       ` Jason Wang
2025-03-05  0:39       ` Bobby Eshleman
2025-03-05  5:46         ` Jason Wang
2025-03-10 20:14           ` Bobby Eshleman
2025-03-11  0:59             ` Jason Wang
2025-03-12 22:29               ` Bobby Eshleman
2025-03-05  7:27         ` Michael S. Tsirkin
2025-03-05  9:30           ` Stefano Garzarella
2025-03-05 16:09             ` Bobby Eshleman
2025-03-06  0:16             ` Jason Wang
2025-03-06  1:36               ` Lei Yang
2025-03-06  8:23                 ` Stefano Garzarella
2025-03-10 14:14               ` Stefano Garzarella
2025-03-11  0:54                 ` Jason Wang
2025-03-11  1:01                   ` Jason Wang
2025-03-05  0:06 ` Bobby Eshleman [this message]
2025-03-05  9:42   ` Stefano Garzarella
2025-03-05 17:14     ` Bobby Eshleman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z8eVanBR7r90FK7m@devvm6277.cco0.facebook.com \
    --to=bobbyeshleman@gmail.com \
    --cc=davem@davemloft.net \
    --cc=decui@microsoft.com \
    --cc=jasowang@redhat.com \
    --cc=jhansen@vmware.com \
    --cc=kuba@kernel.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-hyperv@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mst@redhat.com \
    --cc=netdev@vger.kernel.org \
    --cc=sgarzare@redhat.com \
    --cc=stefanha@redhat.com \
    --cc=virtualization@lists.linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).