Features/VirtioVsock

virtio-vsock is a host/guest communications device. It allows applications in the guest and host to communicate. This can be used to implement hypervisor services and guest agents (like qemu-guest-agent or SPICE vdagent).

• POSIX Sockets API so existing networking applications require minimal modification (unlike virtio-serial char devices)
• Listen sockets can accept connections from multiple clients (unlike virtio-serial char devices)
• No address configuration required inside the guest
• No Ethernet or TCP/IP for a reduced attack surface for hypervisor services
• Can be used with VMs that have no network interfaces

Sockets are created with the AF_VSOCK address family. The SOCK_STREAM socket type is currently implemented for in-order, guaranteed stream semantics.

Code

• Virtio specification: HTML or virtio.git
• Linux kernel: Upstream since Linux 4.8, or see stefanha's linux.git
• QEMU: Upstream since QEMU 2.8, or see stefanha's qemu.git

Packages

• Fedora Copr repo

Quickstart

• Host kernel requirements: CONFIG_VHOST_VSOCK=m
• Guest kernel requirements: CONFIG_VIRTIO_VSOCKETS=m

Launch a guest and assign it CID 3:

 (host)# qemu-system-x86_64 -device vhost-vsock-pci,guest-cid=3 ...

Language bindings

• C - use <linux/vm_sockets.h>
• Python - starting from Python 3.7
• Go - Matt Layher's vsock module
• Rust
  • libc crate (libc::sockaddr_vm, libc::VMADDR_*)
  • nix crate (nix::sys::socket::VsockAddr)

Projects using vsock

• nc-vsock - a netcat-like utility for AF_VSOCK
• xpra - X11 persistent remote display server and client
• cloonix_vsock - PTY over AF_VSOCK
• iperf-vsock - iperf3 with AF_VSOCK support
• socat - VSOCK-CONNECT and VSOCK-LISTEN addresses supported from socat 1.7.4 [2021-01-04]

Links

• KVM Forum 2015 presentation: virtio-vsock: Zero-configuration host/guest communication (pdf)
• Connectathon 2016 presentation: NFS over virtio-vsock: Host/guest file sharing for virtual machines (pdf)