HvSocket support for containers #2353
Conversation
Applications connecting from the host into the container should use container-specific VMID. This ID will need to be the same as the container's VMID inside the guest, which is calculated by HCS/GCS like it's done in this PR by `HCSIDToGUID`. To allow the container ID to work with HvSocket on the host, we need to set up an AddressInfo mapping to tell HvSocket to redirect the call into the UVM, which is done in this PR by default for all WCOW containers. Signed-off-by: Maksim An <[email protected]>
anmaxvl
force-pushed
the
hvsocket-for-containers
branch
from
4d40dbd to
caf030c
Compare
There was a problem hiding this comment.
does the address info ioctl have to go through before the container is created?
if not, then we could probably remove the HCSIDToGUID code and instead add the call to CreateAddressInfo in hcsoci.Create after the system is created and we have its GUID from HCS (so we don't rely on their internal logic for generating the GUID):
func CreateContainer(/* ... */) (_ cow.Container, _ *resources.Resources, err error) {
// ...
if gcsDocument != nil {
c, err := coi.HostingSystem.CreateContainer(ctx, coi.actualID, gcsDocument)
if err != nil {
return nil, r, err
}
if p, err := c.PropertiesV2(ctx); err != nil {
return nil, r, fmt.Errorf("retrieve created container compute system properties: %w", err)
}
hvsockAI, err := hvsocket.CreateAddressInfo(p.RuntimeId, coi.HostingSystem.RuntimeID(), true)
if err != nil {
return nil, r, fmt.Errorf("exposing container Hyper-V socket: %w", err)
}
r.Add(hvsockAI)
return c, r, nil
}
}| const ( | ||
| cAddressFlagPassthru = 0x00000001 | ||
| cIOCtlHVSocketUpdateAddressInfo = 0x21c004 | ||
| ) | ||
|
|
||
| type tAddressInfo struct { | ||
| SystemID guid.GUID | ||
| VirtualMachineID guid.GUID | ||
| SiloID guid.GUID | ||
| Flags uint32 | ||
| } |
There was a problem hiding this comment.
I think you've been looking at C++ code for too long 😅
| const ( | |
| cAddressFlagPassthru = 0x00000001 | |
| cIOCtlHVSocketUpdateAddressInfo = 0x21c004 | |
| ) | |
| type tAddressInfo struct { | |
| SystemID guid.GUID | |
| VirtualMachineID guid.GUID | |
| SiloID guid.GUID | |
| Flags uint32 | |
| } | |
| const ( | |
| addressFlagPassthru = 0x00000001 | |
| ioCtlHVSocketUpdateAddressInfo = 0x21c004 | |
| ) | |
| type addressInfo struct { | |
| systemID guid.GUID | |
| virtualMachineID guid.GUID | |
| siloID guid.GUID | |
| flags uint32 | |
| } |
| type Handle windows.Handle | ||
|
|
||
| func (h Handle) Release(ctx context.Context) error { | ||
| return windows.CloseHandle(windows.Handle(h)) | ||
| } | ||
|
|
||
| func CreateAddressInfo(cid, vmid guid.GUID, passthru bool) (Handle, error) { |
There was a problem hiding this comment.
it might be better to keep the type private and also make it a proper struct to prevent casting from handles not created below:
| type Handle windows.Handle | |
| func (h Handle) Release(ctx context.Context) error { | |
| return windows.CloseHandle(windows.Handle(h)) | |
| } | |
| func CreateAddressInfo(cid, vmid guid.GUID, passthru bool) (Handle, error) { | |
| type addressInfo { | |
| h windows.Handle | |
| } | |
| var _ resources.ResourceCloser = addressInfo{} | |
| func (ai addressInfo) Release(ctx context.Context) error { | |
| return windows.CloseHandle(windows.Handle(ai.h)) | |
| } | |
| func CreateAddressInfo(cid, vmid guid.GUID, passthru bool) (resources.ResourceCloser , error) { |
|
on a side note, how are users expected to get the runtime ID of the container for creating hv sockets? |
|
What is the use case here? Is user expected to connect to inside the UVM using the containerId? |
Applications connecting from the host into the container should use
container-specific VMID. This ID will need to be the same as the
container's VMID inside the guest, which is calculated by HCS/GCS
like it's done in this PR by
HCSIDToGUID.To allow the container ID to work with HvSocket on the host, we
need to set up an AddressInfo mapping to tell HvSocket to redirect
the call into the UVM, which is done in this PR by default for
all WCOW containers.