Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Look into adding the fd= option to virtio-net #24

Open
jakecorrenti opened this issue Feb 3, 2025 · 7 comments
Open

Look into adding the fd= option to virtio-net #24

jakecorrenti opened this issue Feb 3, 2025 · 7 comments

Comments

@jakecorrenti
Copy link
Member

For the virtio-net device, vfkit allows the user to specify either a Unix socket path or the file descriptor of a datagram socket. Krunkit, however, only supports a Unix socket path.

We should look into whether we want to get closer to vfkit parity here.
@jakecorrenti jakecorrenti changed the title Look into adding the fd=option to virtio-net Look into adding the fd= option to virtio-net Feb 3, 2025
@tylerfanelli
Copy link
Member

tylerfanelli commented Feb 4, 2025
edited
Loading

Does libkrun itself support datagram sockets? We use gvproxy for network access in krunkit at the moment, but libkrun itself supports passt.

@tylerfanelli tylerfanelli reopened this Feb 4, 2025
@tylerfanelli
Copy link
Member

Sorry, didn't mean to close issue.

@jakecorrenti
Copy link
Member Author

virtio/net/passt.rs in libkrun will require the user to pass a socket file descriptor [1]. At a quick glance of the passt website, it seems a passt file descriptor is a UNIX domain socket, which could be a stream or datagram socket [2]. All of the libkrun examples use a stream socket, but I will test it out with the other type.

[1] https://github.com/containers/libkrun/blob/57a5a6bfbe5d2333d88fd88fcedb9c1d1fec9cc2/src/devices/src/virtio/net/passt.rs#L18
[2] https://passt.top/passt/about/

@slp
Copy link
Collaborator

slp commented Feb 4, 2025

virtio/net/passt.rs in libkrun will require the user to pass a socket file descriptor [1]. At a quick glance of the passt website, it seems a passt file descriptor is a UNIX domain socket, which could be a stream or datagram socket [2]. All of the libkrun examples use a stream socket, but I will test it out with the other type.

[1] https://github.com/containers/libkrun/blob/57a5a6bfbe5d2333d88fd88fcedb9c1d1fec9cc2/src/devices/src/virtio/net/passt.rs#L18 [2] https://passt.top/passt/about/

passt only supports stream sockets, while gvproxy only supports datagram.

@jakecorrenti
Copy link
Member Author

jakecorrenti commented Feb 4, 2025
edited
Loading

virtio/net/passt.rs in libkrun will require the user to pass a socket file descriptor [1]. At a quick glance of the passt website, it seems a passt file descriptor is a UNIX domain socket, which could be a stream or datagram socket [2]. All of the libkrun examples use a stream socket, but I will test it out with the other type.
[1] https://github.com/containers/libkrun/blob/57a5a6bfbe5d2333d88fd88fcedb9c1d1fec9cc2/src/devices/src/virtio/net/passt.rs#L18 [2] https://passt.top/passt/about/

passt only supports stream sockets, while gvproxy only supports datagram.

Ah, understood

@nirs
Copy link

nirs commented Feb 4, 2025

I think this should be easy change:

  1. Change current pvproxy code handling the unix datagram socket to create the socket and connect it the the server socket. At this point you have a connected fd which is the same as fd passed from the user.
    • I already did this change, will post a PR later this week.
  2. Add the command/function to accept connected unix datagram fd and pass it to the gcproxy code that already handles connected fd

This is exactly what vmnet-helper is doing on the server side:
nirs/vmnet-helper@e2a3e35

@nirs
Copy link

nirs commented Feb 4, 2025

gvproxy should also support passing file descriptors. Using unix socket on disk is nice for playing with it with shell scripts but for real usage by programs you want to pass file descriptors.

nirs added a commit to nirs/libkrun that referenced this issue Feb 4, 2025
@nirs
Connect to gvproxy socket
33b57bf 
Connecting to the socket set the remote address so we can use
send()/recv() or write()/read() instead of sendto()/recvfrom().

Advantages:
- Simpler code, no need to keep the remote address.
- The server will want to connect to the client address to ensure it
  receives frames only from the connected client. Such server will want
  to remove the unix socket once the client connected[2], which doe snot
  work with current code.
- Once the socket is connected, the same backend can be used to handle
  passed file descriptor[1].

Testing:
- Tested with vmnet-helper
- Not tested yet with gvproxy

[1] containers/krunkit#24
[2] https://github.com/nirs/vmnet-helper/blob/5c6a595ba3e76314e1d0bef2b0160388439d69ec/helper.c#L475
nirs added a commit to nirs/libkrun that referenced this issue Feb 4, 2025
@nirs
Connect to gvproxy socket
06d50f6 
Connecting to the socket set the remote address so we can use
send()/recv() or write()/read() instead of sendto()/recvfrom().

Advantages:
- Simpler code, no need to keep the remote address.
- The server will want to connect to the client address to ensure it
  receives frames only from the connected client. Such server will want
  to remove the unix socket once the client connected[2], which doe snot
  work with current code.
- Once the socket is connected, the same backend can be used to handle
  passed file descriptor[1].

Testing:
- Tested with vmnet-helper
- Not tested yet with gvproxy

[1] containers/krunkit#24
[2] https://github.com/nirs/vmnet-helper/blob/5c6a595ba3e76314e1d0bef2b0160388439d69ec/helper.c#L475

Signed-off-by: Nir Soffer <[email protected]>
@nirs nirs mentioned this issue Feb 4, 2025
Open
2 tasks
nirs added a commit to nirs/libkrun that referenced this issue Feb 6, 2025
@nirs
Connect to gvproxy socket
8f8343b 
Connecting to the socket set the remote address so we can use
send()/recv() or write()/read() instead of sendto()/recvfrom().

Advantages:
- Simpler code, no need to keep the remote address.
- The server will want to connect to the client address to ensure it
  receives frames only from the connected client. Such server will want
  to remove the unix socket once the client connected[2], which doe snot
  work with current code.
- Once the socket is connected, the same backend can be used to handle
  passed file descriptor[1].
- iperf3 -R is 1.33 times faster (46.6 Gbits/s vs 35.0 Gbits/s).

Tested with:
- [x] gvproxy
- [x] vmnet-helper

For testing results see
containers#264 (comment)

[1] containers/krunkit#24
[2] https://github.com/nirs/vmnet-helper/blob/5c6a595ba3e76314e1d0bef2b0160388439d69ec/helper.c#L475

Signed-off-by: Nir Soffer <[email protected]>
nirs added a commit to nirs/libkrun that referenced this issue Feb 6, 2025
@nirs
Connect to gvproxy socket
c9e35da 
Connecting to the socket set the remote address so we can use
send()/recv() or write()/read() instead of sendto()/recvfrom().

Advantages:
- Simpler code, no need to keep the remote address.
- The server will want to connect to the client address to ensure it
  receives frames only from the connected client. Such server will want
  to remove the unix socket once the client connected[2], which doe snot
  work with current code.
- Once the socket is connected, the same backend can be used to handle
  passed file descriptor[1].
- iperf3 -R is 1.33 times faster (46.6 Gbits/s vs 35.0 Gbits/s).

Tested with:
- [x] gvproxy
- [x] vmnet-helper

For testing results see
containers#264 (comment)

[1] containers/krunkit#24
[2] https://github.com/nirs/vmnet-helper/blob/5c6a595ba3e76314e1d0bef2b0160388439d69ec/helper.c#L475

Signed-off-by: Nir Soffer <[email protected]>
nirs added a commit to nirs/libkrun that referenced this issue Feb 7, 2025
@nirs
Connect to gvproxy socket
35ae4da 
Connecting to the socket sets the remote address so we can use
send()/recv() or write()/read() instead of sendto()/recvfrom().

Advantages:
- Simpler code, no need to keep the remote address.
- The server will want to connect to the client address to ensure it
  receives frames only from the connected client. Such server will want
  to remove the unix socket once the client connected[2], which doe snot
  work with current code.
- Once the socket is connected, the same backend can be used to handle
  passed file descriptor[1].
- iperf3 -R is 1.33 times faster (46.6 Gbits/s vs 35.0 Gbits/s).

Tested with:
- [x] gvproxy
- [x] vmnet-helper

For testing results see
containers#264 (comment)

[1] containers/krunkit#24
[2] https://github.com/nirs/vmnet-helper/blob/5c6a595ba3e76314e1d0bef2b0160388439d69ec/helper.c#L475

Signed-off-by: Nir Soffer <[email protected]>
nirs added a commit to nirs/libkrun that referenced this issue Feb 7, 2025
@nirs
Connect to gvproxy socket
7ae8056 
Connecting to the socket sets the remote address so we can use
send()/recv() or write()/read() instead of sendto()/recvfrom().

Advantages:
- Simpler code, no need to keep the remote address.
- The server will want to connect to the client address to ensure it
  receives frames only from the connected client. Such server will want
  to remove the unix socket once the client connected[2], which doe snot
  work with current code.
- Once the socket is connected, the same backend can be used to handle
  passed file descriptor[1].
- iperf3 -R is 1.33 times faster (46.6 Gbits/s vs 35.0 Gbits/s).

Tested with:
- [x] gvproxy
- [x] vmnet-helper

For testing results see
containers#264 (comment)

[1] containers/krunkit#24
[2] https://github.com/nirs/vmnet-helper/blob/5c6a595ba3e76314e1d0bef2b0160388439d69ec/helper.c#L475

Signed-off-by: Nir Soffer <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nirs @slp @jakecorrenti @tylerfanelli