Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ncat: add AF_VSOCK support #1075

Closed
wants to merge 3 commits into from

Conversation

Projects
None yet
2 participants
@stefanha
Copy link

commented Nov 27, 2017

This pull request adds support for the AF_VSOCK address family that has been in Linux since 3.9. AF_VSOCK facilitates host<->guest communication for VMware, KVM, and Hyper-V hypervisors. Addresses are represented as <u32 cid, u32 port> pairs. Both SOCK_STREAM and SOCK_DGRAM socket types are available (depending on hypervisor support).

AF_VSOCK is used for guest agents and hypervisor services. It is useful to have ncat support for shell scripting and testing.

This pull request adds an ncat --vsock address family option (similar to how UNIX domain sockets and SCTP are supported). Please see the ncat.1 changes in the last commit for details.

@stefanha

This comment has been minimized.

Copy link
Author

commented Jan 24, 2018

@stefanha stefanha force-pushed the stefanha:vsock branch from d123755 to 0e01288 Mar 13, 2018

@stefanha

This comment has been minimized.

Copy link
Author

commented Mar 13, 2018

I have rebased onto master to resolve conflicts. Please review.

@stefanha

This comment has been minimized.

Copy link
Author

commented Mar 13, 2018

@bonsaiviking Do you have time to review this? If not, maybe you can help me find a reviewer? Thanks!

@dmiller-nmap

This comment has been minimized.

Copy link

commented Mar 14, 2018

This looks interesting and very thorough. Can you give a little more background (links?) about VSOCK connections, why Ncat should support them, and how we can do a test setup? Thanks!

@stefanha

This comment has been minimized.

Copy link
Author

commented Mar 14, 2018

The first thing new users do is to try netcat (for testing and troubleshooting). I wrote a utility to do this, but going forward I'd prefer to add support to ncat instead of shipping a new package solely for AF_VSOCK:
https://github.com/stefanha/nc-vsock/

Hypervisor services and guest agents can use AF_VSOCK without worrying about network configuration since it's zero-configuration. For example, it is fairly common to run an agent inside the guest that allows the host to run management commands. VMware, KVM, and Hyper-V hypervisors all support AF_VSOCK.

Here is the Linux man page:
http://man7.org/linux/man-pages/man7/vsock.7.html

An overview of the virtio transport:
https://vmsplice.net/~stefan/stefanha-kvm-forum-2015.pdf

You can try it out on a Linux host with QEMU:

(host)# modprobe vhost_vsock # recent kernels auto-load the driver, but it doesn't hurt
(host)# qemu-system-x86_64 -m 1G -M accel=kvm \
            -drive if=virtio,file=vm.img,format=raw \
            -device vhost-vsock-pci,guest-cid=3
(host)# ncat --vsock -l 1234
(guest)# ncat --vsock 2 1234  # 2 is the well-known address of the host

Any recent Linux guest should work (Debian testing, Fedora 27, etc).

Stefan Hajnoczi
nsock: add AF_VSOCK support
AF_VSOCK sockets faciliate host<->guest communication on VMware, KVM,
and Hyper-V hypervisors.  AF_VSOCK has been available since Linux 3.9.
SOCK_STREAM and SOCK_DGRAM semantics may be supported and semantics are
similar to TCP and UDP.  Addresses are represented by a <u32 cid, u32
port> pair, where the CID plays a role analogous to an IP address.

This patch adds nsock_connect_vsock_stream() and
nsock_connect_vsock_datagram() APIs.

Note that nsock_connect_internal()'s unsigned short port argument must
be changed to unsigned int to represent AF_VSOCK port numbers.  Public
TCP/UDP APIs are unchanged and still only take unsigned short port
arguments.

@stefanha stefanha force-pushed the stefanha:vsock branch from 0e01288 to e55aaa3 May 15, 2019

Stefan Hajnoczi added some commits Nov 27, 2017

Stefan Hajnoczi
ncat: prepare for u32 port numbers
Up until now unsigned short was sufficient for TCP/UDP port numbers.
The AF_VSOCK address family uses unsigned 32-bit port numbers.

This patch refactors main() so that AF_VSOCK code will be able to use
the full [0, UINT32_MAX] port range in the next patch.
Stefan Hajnoczi
ncat: add AF_VSOCK support
To connect using AF_VSOCK:

  ncat --vsock <cid> <port>

To listen using AF_VSOCK:

  ncat --vsock --listen <port>

@stefanha stefanha force-pushed the stefanha:vsock branch from e55aaa3 to 9022f9e May 15, 2019

@stefanha

This comment has been minimized.

Copy link
Author

commented May 15, 2019

@dmiller-nmap I have rebased and retested this pull request. AF_VSOCK is being used increasingly for guest agents by Kata Containers, Crosvm, and other projects. ncat support is very useful for manually debugging and troubleshooting connectivity. I hope this feature can be merged.

If you have any questions, please let me know. Thanks!

@dmiller-nmap

This comment has been minimized.

Copy link

commented May 20, 2019

I finally had a chance to review this, and it looks good! I moved around some #include sections and moved the documentation changes to the Docbook XML source from which the man page is generated, but the code all looks fine. Committed as r37626.

@stefanha

This comment has been minimized.

Copy link
Author

commented May 20, 2019

@dmiller-nmap Thank you!

@nmap-bot nmap-bot closed this in 21f51ff May 20, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.