This patch assigns the network namespace of the process that opened
vhost-vsock device (e.g. VMM) to the packets coming from the guest,
allowing only host sockets in the same network namespace to
communicate with the guest.
This patch also allows to have different VMs, running in different
Hi,
now that we have multi-transport upstream, I started to take a look to
support network namespace (netns) in vsock.
As we partially discussed in the multi-transport proposal [1], it could
be nice to support network namespace in vsock to reach the following
goals:
- isolate host applications
This patch allows transports that use virtio_transport_common
to specify the network namespace where a received packet is to
be delivered.
virtio_transport and vhost_transport, for now, use the default
network namespace.
vsock_loopback uses the same network namespace of the trasmitter.
This patch adds a check of the "net" assigned to a socket during
the vsock_find_bound_socket() and vsock_find_connected_socket()
to support network namespace, allowing to share the same address
(cid, port) across different network namespaces.
G2H transports will use the default network namepsace
