Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running gvisor-tap-vsock with dgram socket for Apple Virtualization #116

Closed
balajiv113 opened this issue Apr 30, 2022 · 6 comments
Closed

Running gvisor-tap-vsock with dgram socket for Apple Virtualization #116

balajiv113 opened this issue Apr 30, 2022 · 6 comments

Comments

@balajiv113
Copy link
Contributor

Hi

I am trying to use gvisor-tap-vsock with VM Started by Apple Virtualization API.
I was able to get the network up and running.

Working example code
https://github.com/mac-vz/vz/tree/gvisor

How it is integrated now?

But i noticed couple of issues like,

  • During SSH (ssh [email protected] -p 2223) am getting Bad packet length Connection corrupted
  • Https calls were failing with sslv3 alert bad record mac

If feel the way i create dgram / wrapping of UDPConn is the cause for these issues. Any help around here would help a lot.

Am happy to even provide a PR for official support after fixing issues :-)

Thanks in advance.
@cfergeau
Copy link
Collaborator

cfergeau commented May 6, 2022

We are successfully using gvisor-tap-vsock+Code-Hex/vz in crc. However, we are not making use of https://developer.apple.com/documentation/virtualization/vzfilehandlenetworkdeviceattachment?language=obj , the main reason for that being that I only noticed it after having implemented differently, and I haven't had time to revisit this yet.

How this works in crc is that we run https://github.com/containers/gvisor-tap-vsock/tree/main/cmd/vm in the VM. This creates a TAP network device to capture all the VM network traffic, and then forwards it to the host over virtio vsock. On the host, the data comes over a unix socket which is then used by gvisor-tap-vsock.

@balajiv113
Copy link
Contributor Author

Ah nice. I missed that creating tap and forwarding via vsock.
Will give a try with this model as well.

@cfergeau
Copy link
Collaborator

cfergeau commented May 6, 2022

Yeah, it's definitely a different model, it should be possible to get gvisor-tap-vsock to work with https://developer.apple.com/documentation/virtualization/vzfilehandlenetworkdeviceattachment?language=objc without making any changes to the VM image itself.

@balajiv113
Copy link
Contributor Author

Thanks a lot for the reference.
I was able to get the network up and was able to do ssh from host as well. But whenever i do

sudo apt-get update

gvisor gets terminated with the following error

r.CreateEndpoint() = connection was refused
cannot receive packets from , disconnecting: cannot read size from socket: EOF 
cannot read size from socket: EOF

@balajiv113
Copy link
Contributor Author

Looks like this issue got resolved with latest gvisor and it is working via vz network attachment well.
The iperf3 report looks solid as well. (Similar to the current one)
main...balajiv113:gvisor-tap-vsock:main

Am happy to raise a PR as well for the same.
PS: Referred & Incorporated the changes done in current gvisor upgrade PR

@balajiv113
Copy link
Contributor Author

This issue is fixed as part of #135

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cfergeau @balajiv113