Re: [PATCH net-next 0/3] vsock: support network namespace

[Bobby Eshleman]

On Tue, Apr 28, 2020 at 06:00:52PM +0200, Stefano Garzarella wrote:
> On Tue, Apr 28, 2020 at 04:13:22PM +0800, Jason Wang wrote:
> > 
> > 
> > As we've discussed, it should be a netdev probably in either guest or host
> > side. And it would be much simpler if we want do implement namespace then.
> > No new API is needed.
> > 
> 
> Thanks Jason!
> 
> It would be cool, but I don't have much experience on netdev.
> Do you see any particular obstacles?
> 
> I'll take a look to understand how to do it, surely in the guest would
> be very useful to have the vsock device as a netdev and maybe also in the host.
> 

WRT netdev, do we foresee big gains beyond just leveraging the netdev's
namespace?

IIUC, the idea is that we could follow the tcp/ip model and introduce
vsock-supported netdevs. This would allow us to have a netdev associated
with the virtio-vsock device and create virtual netdev pairs (i.e.,
veth) that can bridge namespaces. Then, allocate CIDs or configure port
mappings for those namespaces?

I think it might be a lot of complexity to bring into the picture from
netdev, and I'm not sure there is a big win since the vsock device could
also have a vsock->net itself? I think the complexity will come from the
address translation, which I don't think netdev buys us because there
would still be all of the work work to support vsock in netfilter?

Some other thoughts I had: netdev's flow control features would all have
to be ignored or disabled somehow (I think dev_direct_xmit()?), because
queueing introduces packet loss and the vsock protocol is unable to
survive packet loss. Netfilter's ability to drop packets would have to
be disabled too.

Best,
Bobby