Hi Jorgen, There are two use cases where network namespace support in AF_VSOCK could be useful:
1. Claudio Imbrenda pointed out that a machine cannot act as both host and guest at the same time. This is necessary for nested virtualization. Currently only one transport (the host side or the guest side) can be registered at a time. 2. Users may wish to isolate the AF_VSOCK address namespace so that two VMs have completely independent CID and ports (they could even use the same CID and ports because they're in separate namespaces). This ensures that a host service visible to VM1 is not automatically visible to VM2. Network namespaces could solve both problems. A drawback of namespaces is that existing configurations using network namespaces for IPv4/6 or other purposes break if AF_VSOCK gains network namespace support. This is not a big problem for virtio-vsock if we implement namespace support soon since there are no existing users. I wonder how other address families have solved this transition to network namespaces. It's almost like we need fine-grained namespaces instead of a blanket network namespace that applies across all address families... I'm playing around with the code now but wanted to get your thoughts in case you've already considered these problems. Stefan
signature.asc
Description: PGP signature
