A replacement for VPNKit, written in pure Go.
- A tap network interface is running in the VM. It's the default gateway.
- User types
curl redhat.com - Linux kernel sends raw Ethernet packets to the tap device.
- Tap device sends these packets to a process on the host using vsock
- The process on the host maintains both internal (host to VM) and external (host to Internet endpoint) connections. It uses regular syscalls to connect to external endpoints.
- The process on the host binds the port 80.
- Each time, a client sends a http request, the process creates and sends the appropriate Ethernet packets to the VM.
- The tap device receives the packets and injects them in the kernel.
- The http server receives the request and send back the response.
make
$service = New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\GuestCommunicationServices" -Name "00000400-FACB-11E6-BD58-64006A7986D3"
$service.SetValue("ElementName", "gvisor-tap-vsock")
In the VM, be sure to have hv_sock module loaded.
On Fedora 32, it worked out of the box. On others distros, you might have to look at https://github.com/mdlayher/vsock#requirements.
For CRC, the driver should be compiled with this patch: crc-org/machine-driver-libvirt#45.
Please locate the hyperkit state (there is a file called connect inside) folder and launch host with the following env variable:
VM_DIRECTORY=path_to_connect_directory
For CRC, the driver should be compiled with this patch: crc-org/machine-driver-hyperkit#12.
(host) $ sudo bin/host -debug -logtostderr
(host) $ scp bin/vm crc:
(host) $ scp setup.sh crc:
(vm terminal 1) $ sudo ./vm -debug -logtostderr
(vm terminal 2) $ ping -c1 192.168.127.1
(vm terminal 2) $ curl http://redhat.com
Activate it by changing the /etc/resolv.conf file inside the VM with:
nameserver 192.168.127.1
Using iperf3, running the server on the host and the client in the VM, it can achieve 600Mbits/s.