Re: [PATCH net-next 0/3] vsock: support network namespace

From: Jason Wang
Date: Wed Mar 05 2025 - 00:47:20 EST

Next message: Manivannan Sadhasivam: "Re: [PATCH v2 6/8] PCI: brcmstb: Use same constant table for config space access"
Previous message: Baolu Lu: "Re: [PATCH v2 06/12] iommu/vt-d: Cleanup intel_context_flush_present()"
In reply to: Bobby Eshleman: "Re: [PATCH net-next 0/3] vsock: support network namespace"
Next in thread: Michael S. Tsirkin: "Re: [PATCH net-next 0/3] vsock: support network namespace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Mar 5, 2025 at 8:39 AM Bobby Eshleman <bobbyeshleman@xxxxxxxxx> wrote:
>
> On Tue, Apr 28, 2020 at 06:00:52PM +0200, Stefano Garzarella wrote:
> > On Tue, Apr 28, 2020 at 04:13:22PM +0800, Jason Wang wrote:
> > >
> > >
> > > As we've discussed, it should be a netdev probably in either guest or host
> > > side. And it would be much simpler if we want do implement namespace then.
> > > No new API is needed.
> > >
> >
> > Thanks Jason!
> >
> > It would be cool, but I don't have much experience on netdev.
> > Do you see any particular obstacles?
> >
> > I'll take a look to understand how to do it, surely in the guest would
> > be very useful to have the vsock device as a netdev and maybe also in the host.
> >
>
> WRT netdev, do we foresee big gains beyond just leveraging the netdev's
> namespace?

It's a leverage of the network subsystem (netdevice, steering, uAPI,
tracing, probably a lot of others), not only its namespace. It can
avoid duplicating existing mechanisms in a vsock specific way. If we
manage to do that, namespace support will be a "byproduct".

>
> IIUC, the idea is that we could follow the tcp/ip model and introduce
> vsock-supported netdevs. This would allow us to have a netdev associated
> with the virtio-vsock device and create virtual netdev pairs (i.e.,
> veth) that can bridge namespaces. Then, allocate CIDs or configure port
> mappings for those namespaces?

Probably.

>
> I think it might be a lot of complexity to bring into the picture from
> netdev, and I'm not sure there is a big win since the vsock device could
> also have a vsock->net itself?

Yes, it can. I think we need to evaluate both approaches (that's why I
raise the approach of reusing netdevice). We can hear from others.

> I think the complexity will come from the
> address translation, which I don't think netdev buys us because there
> would still be all of the work work to support vsock in netfilter?

Netfilter should not work as vsock will behave as a separate protocol
other than TCP/IP (e.g ETH_P_VSOCK) if we try to implement netdevice.

>
> Some other thoughts I had: netdev's flow control features would all have
> to be ignored or disabled somehow (I think dev_direct_xmit()?), because
> queueing introduces packet loss and the vsock protocol is unable to
> survive packet loss.

Or just allow it and then configuring a qdisc that may drop packets
could be treated as a misconfiguration.

> Netfilter's ability to drop packets would have to
> be disabled too.
>
> Best,
> Bobby
>

Thanks

Next message: Manivannan Sadhasivam: "Re: [PATCH v2 6/8] PCI: brcmstb: Use same constant table for config space access"
Previous message: Baolu Lu: "Re: [PATCH v2 06/12] iommu/vt-d: Cleanup intel_context_flush_present()"
In reply to: Bobby Eshleman: "Re: [PATCH net-next 0/3] vsock: support network namespace"
Next in thread: Michael S. Tsirkin: "Re: [PATCH net-next 0/3] vsock: support network namespace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]