1 .\" Copyright (C) 2018, Stefan Hajnoczi <stefanha@redhat.com>
3 .\" %%%LICENSE_START(VERBATIM)
4 .\" Permission is granted to make and distribute verbatim copies of this
5 .\" manual provided the copyright notice and this permission notice are
6 .\" preserved on all copies.
8 .\" Permission is granted to copy and distribute modified versions of this
9 .\" manual under the conditions for verbatim copying, provided that the
10 .\" entire resulting derived work is distributed under the terms of a
11 .\" permission notice identical to this one.
13 .\" Since the Linux kernel and libraries are constantly changing, this
14 .\" manual page may be incorrect or out-of-date. The author(s) assume no
15 .\" responsibility for errors or omissions, or for damages resulting from
16 .\" the use of the information contained herein. The author(s) may not
17 .\" have taken the same level of care in the production of this manual,
18 .\" which is licensed free of charge, as they might when working
21 .\" Formatted or processed versions of this manual, if unaccompanied by
22 .\" the source, must acknowledge the copyright and authors of this work.
25 .TH VSOCK 7 2020-02-09 "Linux" "Linux Programmer's Manual"
27 vsock \- Linux VSOCK address family
29 .B #include <sys/socket.h>
31 .B #include <linux/vm_sockets.h>
33 .IB stream_socket " = socket(AF_VSOCK, SOCK_STREAM, 0);"
35 .IB datagram_socket " = socket(AF_VSOCK, SOCK_DGRAM, 0);"
37 The VSOCK address family facilitates communication between virtual machines and
38 the host they are running on.
39 This address family is used by guest agents and
40 hypervisor services that need a communications channel that is independent of
41 virtual machine network configuration.
43 Valid socket types are
48 provides connection-oriented byte streams with guaranteed, in-order delivery.
50 provides a connectionless datagram packet service with best-effort delivery and
52 Availability of these socket types is dependent on the
53 underlying hypervisor.
55 A new socket is created with
59 socket(AF_VSOCK, socket_type, 0);
63 When a process wants to establish a connection, it calls
65 with a given destination socket address.
66 The socket is automatically bound to a free port if unbound.
68 A process can listen for incoming connections by first binding to a socket
74 Data is transmitted using the
78 families of system calls and data is received using the
82 families of system calls.
84 A socket address is defined as a combination of a 32-bit Context Identifier
85 (CID) and a 32-bit port number.
86 The CID identifies the source or destination,
87 which is either a virtual machine or the host.
88 The port number differentiates between multiple services running on
94 sa_family_t svm_family; /* Address family: AF_VSOCK */
95 unsigned short svm_reserved1;
96 unsigned int svm_port; /* Port # in host byte order */
97 unsigned int svm_cid; /* Address in host byte order */
98 unsigned char svm_zero[sizeof(struct sockaddr) \-
99 sizeof(sa_family_t) \-
100 sizeof(unsigned short) \-
101 sizeof(unsigned int) \-
102 sizeof(unsigned int)];
113 contains the port number in host byte order.
114 The port numbers below 1024 are called
115 .IR "privileged ports" .
116 Only a process with the
117 .B CAP_NET_BIND_SERVICE
120 to these port numbers.
124 There are several special addresses:
127 means any address for binding;
128 .B VMADDR_CID_HYPERVISOR
129 (0) is reserved for services built into the hypervisor;
131 (1) is the well-known address for local communication (loopback);
134 is the well-known address of the host.
139 means any port number for binding.
141 Sockets are affected by live migration of virtual machines.
144 sockets become disconnected when the virtual machine migrates to a new host.
145 Applications must reconnect when this happens.
147 The local CID may change across live migration if the old CID is
148 not available on the new host.
149 Bound sockets are automatically updated to the new CID.
152 .B IOCTL_VM_SOCKETS_GET_LOCAL_CID
153 Get the CID of the local machine.
154 The argument is a pointer to an
159 ioctl(socket, IOCTL_VM_SOCKETS_GET_LOCAL_CID, &cid);
165 when binding instead of getting the local CID with
166 .BR IOCTL_VM_SOCKETS_GET_LOCAL_CID .
167 .SS Local communication
169 (1) directs packets to the same host that generated them.
171 for testing applications on a single host and for debugging.
173 The local CID obtained with
174 .BR IOCTL_VM_SOCKETS_GET_LOCAL_CID
175 can be used for the same purpose, but it is preferable to use
176 .B VMADDR_CID_LOCAL .
180 Unable to bind to a privileged port without the
181 .B CAP_NET_BIND_SERVICE
185 Unable to bind to a port that is already in use.
188 Unable to find a free port for binding or unable to bind to a nonlocal CID.
193 attempting to bind a socket that is already bound, providing an invalid struct
195 and other input validation errors.
198 Invalid socket option in
204 Unable to perform operation on an unconnected socket.
207 Operation not supported.
211 flag that is not implemented for the
213 family of syscalls and
220 Invalid socket protocol number.
221 The protocol should always be 0.
224 Unsupported socket type in
232 Support for VMware (VMCI) has been available since Linux 3.9.
233 KVM (virtio) is supported since Linux 4.8.
234 Hyper-V is supported since Linux 4.14.
236 VMADDR_CID_LOCAL is supported since Linux 5.6.
237 .\" commit ef343b35d46667668a099655fca4a5b2e43a5dfe
238 Local communication in the guest and on the host is available since Linux 5.6.
239 Previous versions supported only local communication within a guest
240 (not on the host), and with only some transports (VMCI and virtio).