Implement support for TSIv3 #410
Draft
+402
−169
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To support sockets beyond AF_INET, TSIv3 generalizes socket addresses behind an abstract sockaddr type, just as the kernel does internally. We need to follow suit here, and luckily we can rely on nix's SockaddrStorage to do most of the abstraction work for us. Signed-off-by: Sergio Lopez <[email protected]>
With TSIv3, we can trivially support other socket addresses with very little additional code. Let's take the opportunity to support both AF_INET6 and AF_UNIX. Signed-off-by: Sergio Lopez <[email protected]>
There are scenarios in which we want to have a vsock device for unix ipc to port mapping, but we don't want to use TSI. Make TSI enablement explicit. Signed-off-by: Sergio Lopez <[email protected]>
For TSI control messages that require an answer (connect, listen, accept and getname), reply with an error message even if the proxy is not present. Until now, under normal circumstances, we should never receive one of those requests without a proxy, but in the next commit we're going to start rejecting the creation of proxies under certain circumstances, so we need to do this first. Signed-off-by: Sergio Lopez <[email protected]>
AF_UNIX transparency is only supported when running in a containerized environment. We detect such case by checking we only have a single virtio-fs device, and that device is pointing to "/", which is the scenario when running under podman+crun. In libkrun 2.x, the whole network configuration, including the TSI features, should be exposed to the users explicitly. Signed-off-by: Sergio Lopez <[email protected]>
TSIv3 is an ABI breaking change, so it's provided by a different major version of libkrunfw. Signed-off-by: Sergio Lopez <[email protected]>
ad10aec to
cf52662
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
To support sockets beyond AF_INET, TSIv3 generalizes socketaddresses behind an abstract sockaddr type, just as the kernel does internally.
We need to follow suit here, and luckily we can rely on nix's SockaddrStorage to do most of the abstraction work for us.
Then, building on top of that, we implement support for AF_INET6 and AF_UNIX.
This is an ABI breaking change, so we also require the libkrunfw counterpart containers/libkrunfw#101