Features/VirtioVsock: Difference between revisions

From QEMU
No edit summary
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
virtio-vsock is a ''host/guest communications device''.  It allows applications in the guest and host to communicate.  This can be used to implement hypervisor services and guest agents (like qemu-guest-agent or SPICE vdagent).
virtio-vsock is a ''host/guest communications device''.  It allows applications in the guest and host to communicate.  This can be used to implement hypervisor services and guest agents (like qemu-guest-agent or SPICE vdagent).


Unlike virtio-serial, virtio-vsock supports the POSIX Sockets API so existing networking applications require minimal modification.  The Sockets API allows N:1 connections so multiple clients can connect to a server simultaneously.
* POSIX Sockets API so existing networking applications require minimal modification (unlike virtio-serial char devices)
* Listen sockets can accept connections from multiple clients (unlike virtio-serial char devices)
* No address configuration required inside the guest
* No Ethernet or TCP/IP for a reduced attack surface for hypervisor services
* Can be used with VMs that have no network interfaces


The device has an address assigned automatically so no configuration is required inside the guest.
Sockets are created with the AF_VSOCK address family.  The SOCK_STREAM socket type is currently implemented for in-order, guaranteed stream semantics.
 
Sockets are created with the AF_VSOCK address family.  The SOCK_STREAM socket type is currently implemented.


==Code==
==Code==
* Virtio specification: [https://stefanha.github.com/virtio HTML] or [https://github.com/stefanha/virtio virtio.git]
* Virtio specification: [https://stefanha.github.com/virtio HTML] or [https://github.com/stefanha/virtio virtio.git]
* Linux kernel: Available since Linux 4.8, or see [https://github.com/stefanha/linux/tree/vsock stefanha's linux.git]
* Linux kernel: Upstream since Linux 4.8, or see [https://github.com/stefanha/linux/tree/vsock stefanha's linux.git]
* QEMU: Available in QEMU 2.8, or see [https://github.com/stefanha/qemu/tree/vsock stefanha's qemu.git]
* QEMU: Upstream since QEMU 2.8, or see [https://github.com/stefanha/qemu/tree/vsock stefanha's qemu.git]
* netcat-like utility: [https://github.com/stefanha/linux/blob/vsock-extras/nc-vsock.c nc-vsock]


==Packages==
==Packages==
* [https://copr.fedorainfracloud.org/coprs/stefanha/vsock/ Fedora 24 copr repo]
* [https://copr.fedorainfracloud.org/coprs/stefanha/vsock/ Fedora Copr repo]


==Quickstart==
==Quickstart==
QEMU:
* Host kernel requirements: CONFIG_VHOST_VSOCK=m
  $ git clone git://git.qemu-project.org/qemu.git
* Guest kernel requirements: CONFIG_VIRTIO_VSOCKETS=m
  $ cd qemu
  $ ./configure --target-list=x86_64-softmmu
  $ make
 
Linux:
  $ git clone https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
  $ cd linux
  $ cp /boot/config-$(uname -r) .config
  $ make menuconfig # select CONFIG_VHOST_VSOCK=m and CONFIG_VIRTIO_VSOCKETS=m
  $ make install modules_install
 
To use vhost_vsock.ko you must boot into the new host kernel and modprobe vhost_vsock.
 
The guest should also use the kernel so that modprobe virtio_transport can load the vsock guest driver.
 
For details on host and guest boot, see [https://github.com/stefanha/linux/blob/vsock-extras/go.sh go.sh].  Use nc-vsock 2 1234 inside the guest to connect to vsock port 1234 on the host.  Use nc-vsock -l 1234 on the host to listen on that port.


==Testing==
Launch a guest and assign it CID 3:
The vhost-vsock-test qtest replays packets from a JSON file and verifies that the expected reply is received.


The JSON test file format is described in a [https://github.com/stefanha/qemu/blob/vsock/tests/vhost-vsock-test-data/README README].
  (host)# qemu-system-x86_64 -device vhost-vsock-pci,guest-cid=3 ...


  $ cd qemu
==Language bindings==
  $ make -j4
* C - use <linux/vm_sockets.h>
  $ make tests/vhost-vsock-test
* Python - starting from Python 3.7
  $ sudo QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img MALLOC_PERTURB_=${MALLOC_PERTURB_:-$((RANDOM % 255 + 1))} gtester -k --verbose -m=quick tests/vhost-vsock-test -o /dev/stderr
* Go - [https://github.com/mdlayher/vsock Matt Layher's vsock module]
* Rust
** [https://docs.rs/crate/libc libc crate] (libc::sockaddr_vm, libc::VMADDR_*)
** [https://docs.rs/crate/nix nix crate] (nix::sys::socket::VsockAddr)


Create and edit test cases in tests/vhost-vsock-test-data/*.json.
==Projects using vsock==
* [https://github.com/stefanha/nc-vsock nc-vsock] - a netcat-like utility for AF_VSOCK
* [https://www.xpra.org/trac/wiki/Network xpra] - X11 persistent remote display server and client
* [https://github.com/clownix/cloonix_vsock cloonix_vsock] - PTY over AF_VSOCK
* [https://github.com/stefano-garzarella/iperf-vsock iperf-vsock] - iperf3 with AF_VSOCK support
* [http://www.dest-unreach.org/socat/ socat] - VSOCK-CONNECT and VSOCK-LISTEN addresses supported from socat 1.7.4 [2021-01-04]


==Links==
==Links==
* KVM Forum 2015 presentation: [http://vmsplice.net/~stefan/stefanha-kvm-forum-2015.pdf virtio-vsock: Zero-configuration host/guest communication] (pdf)
* KVM Forum 2015 presentation: [http://vmsplice.net/~stefan/stefanha-kvm-forum-2015.pdf virtio-vsock: Zero-configuration host/guest communication] (pdf)
* Connectathon 2016 presentation: [http://vmsplice.net/~stefan/stefanha-connectathon-2016.pdf NFS over virtio-vsock: Host/guest file sharing for virtual machines] (pdf)
* Connectathon 2016 presentation: [http://vmsplice.net/~stefan/stefanha-connectathon-2016.pdf NFS over virtio-vsock: Host/guest file sharing for virtual machines] (pdf)

Latest revision as of 15:59, 11 January 2021

virtio-vsock is a host/guest communications device. It allows applications in the guest and host to communicate. This can be used to implement hypervisor services and guest agents (like qemu-guest-agent or SPICE vdagent).

  • POSIX Sockets API so existing networking applications require minimal modification (unlike virtio-serial char devices)
  • Listen sockets can accept connections from multiple clients (unlike virtio-serial char devices)
  • No address configuration required inside the guest
  • No Ethernet or TCP/IP for a reduced attack surface for hypervisor services
  • Can be used with VMs that have no network interfaces

Sockets are created with the AF_VSOCK address family. The SOCK_STREAM socket type is currently implemented for in-order, guaranteed stream semantics.

Code

Packages

Quickstart

  • Host kernel requirements: CONFIG_VHOST_VSOCK=m
  • Guest kernel requirements: CONFIG_VIRTIO_VSOCKETS=m

Launch a guest and assign it CID 3:

 (host)# qemu-system-x86_64 -device vhost-vsock-pci,guest-cid=3 ...

Language bindings

Projects using vsock

  • nc-vsock - a netcat-like utility for AF_VSOCK
  • xpra - X11 persistent remote display server and client
  • cloonix_vsock - PTY over AF_VSOCK
  • iperf-vsock - iperf3 with AF_VSOCK support
  • socat - VSOCK-CONNECT and VSOCK-LISTEN addresses supported from socat 1.7.4 [2021-01-04]

Links