package/gvisor-tap-vsock
1
0
Fork 0
mirror of https://github.com/containers/gvisor-tap-vsock.git synced 2026-04-23 00:27:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
66 Commits 6 Branches 25 Tags
62b7fd070beda397f3aa9589d2531952cf1dea06
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Guillaume Rose 62b7fd070b Don't start if a specific interface already exists
2020-09-30 14:26:44 +02:00
cmd
Don't start if a specific interface already exists
2020-09-30 14:26:44 +02:00
doc
Add doc
2020-09-08 12:08:57 +02:00
pkg
Bump gvisor
2020-09-30 10:59:12 +02:00
test
Add static dns records
2020-09-15 15:32:59 +02:00
.dockerignore
Update .dockerignore
2020-09-15 11:33:54 +02:00
.gitignore
Add sniffer interface
2020-08-07 08:07:53 +02:00
.golangci.yml
Add linter
2020-09-08 15:32:08 +02:00
Dockerfile
Don't start if a specific interface already exists
2020-09-30 14:26:44 +02:00
go.mod
Bump gvisor
2020-09-30 10:59:12 +02:00
go.sum
Bump gvisor
2020-09-30 10:59:12 +02:00
LICENSE
Update README. Add license.
2020-08-07 11:03:01 +02:00
Makefile
Add e2e tests
2020-09-11 12:00:02 +02:00
README.md
Use logrus
2020-09-11 13:26:31 +02:00

README.md

gvisor-tap-vsock

A replacement for VPNKit, written in pure Go.

How it works

Internet access

schema

  1. A tap network interface is running in the VM. It's the default gateway.
  2. User types curl redhat.com
  3. Linux kernel sends raw Ethernet packets to the tap device.
  4. Tap device sends these packets to a process on the host using vsock
  5. The process on the host maintains both internal (host to VM) and external (host to Internet endpoint) connections. It uses regular syscalls to connect to external endpoints.

Expose a port

schema

  1. The process on the host binds the port 80.
  2. Each time, a client sends a http request, the process creates and sends the appropriate Ethernet packets to the VM.
  3. The tap device receives the packets and injects them in the kernel.
  4. The http server receives the request and send back the response.

Build

make

Run

Host

Windows prerequisites

$service = New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\GuestCommunicationServices" -Name "00000400-FACB-11E6-BD58-64006A7986D3"
$service.SetValue("ElementName", "gvisor-tap-vsock")

More docs: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/make-integration-service

In the VM, be sure to have hv_sock module loaded.

Linux prerequisites

On Fedora 32, it worked out of the box. On others distros, you might have to look at https://github.com/mdlayher/vsock#requirements.

For CRC, the driver should be compiled with this patch: https://github.com/code-ready/machine-driver-libvirt/pull/45.

macOS prerequisites

Please locate the hyperkit state (there is a file called connect inside) folder and launch host with the following env variable: VM_DIRECTORY=path_to_connect_directory

For CRC, the driver should be compiled with this patch: https://github.com/code-ready/machine-driver-hyperkit/pull/12.

Run

(host) $ sudo bin/host -debug

VM

(vm) # docker run -d --name=gvisor-tap-vsock --privileged --net=host -it quay.io/crcont/gvisor-tap-vsock:latest
(vm) $ ping -c1 192.168.127.1
(vm) $ curl http://redhat.com

Internal DNS

Activate it by changing the /etc/resolv.conf file inside the VM with:

nameserver 192.168.127.1

Performance

Using iperf3, running the server on the host and the client in the VM, it can achieve 600Mbits/s.

Reference in New Issue View Git Blame Copy Permalink
S
Description
A new network stack based on gVisor
Readme Apache-2.0 27 MiB
Languages
Go 97.2%
Makefile 1.4%
Shell 1.3%