<refsynopsisdiv>
<programlisting>
-Host unix/* vsock/*
+Host unix/* vsock/* vsock-mux/*
ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
ProxyUseFdpass yes
</programlisting>
configuration fragment like the following:</para>
<programlisting>
-Host unix/* vsock/*
+Host unix/* vsock/* vsock-mux/*
ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
ProxyUseFdpass yes
CheckHostIP no
<constant>AF_UNIX</constant> file system path to a socket will be directed to the specified socket, which
must be of type <constant>SOCK_STREAM</constant>. Similar, SSH connections to <literal>vsock/</literal>
followed by an <constant>AF_VSOCK</constant> CID will result in an SSH connection made to that
- CID. Moreover connecting to <literal>.host</literal> will connect to the local host via SSH, without
+ CID. <literal>vsock-mux/</literal> followed by an absolute <constant>AF_UNIX</constant> file system
+ path to a socket is similar but for cloud-hypervisor/firecracker which don't allow
+ direct <constant>AF_VSOCK</constant> communication between the host and guests, and provide their own
+ multiplexer over <constant>AF_UNIX</constant> sockets. See
+ <ulink url="https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md">cloud-hypervisor VSOCK support</ulink>
+ and <ulink url="https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md">Using the Firecracker Virtio-vsock Device</ulink>.</para>
+
+ <para>Moreover connecting to <literal>.host</literal> will connect to the local host via SSH, without
involving networking.</para>
<para>This tool is supposed to be used together with
<title>Talk to a local VM with CID 4711</title>
<programlisting>ssh vsock/4711</programlisting>
+ </example>
+
+ <example>
+ <title>Talk to a VM guest hosted with cloud-hypervisor/firecracker</title>
+
+ <programlisting>ssh vsock-mux/run/vm-1234.sock</programlisting>
</example>
<example>
#include <unistd.h>
#include "fd-util.h"
+#include "io-util.h"
#include "iovec-util.h"
#include "log.h"
#include "main-func.h"
return 0;
}
+static int process_vsock_mux(const char *path, const char *port) {
+ int r;
+
+ assert(path);
+ assert(port);
+
+ /* We assume the path is absolute unless it starts with a dot (or is already explicitly absolute) */
+ _cleanup_free_ char *prefixed = NULL;
+ if (!STARTSWITH_SET(path, "/", "./")) {
+ prefixed = strjoin("/", path);
+ if (!prefixed)
+ return log_oom();
+
+ path = prefixed;
+ }
+
+ _cleanup_close_ int fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
+ if (fd < 0)
+ return log_error_errno(errno, "Failed to allocate AF_UNIX socket: %m");
+
+ r = connect_unix_path(fd, AT_FDCWD, path);
+ if (r < 0)
+ return log_error_errno(r, "Failed to connect to AF_UNIX socket %s: %m", path);
+
+ /* Based on the protocol as defined here:
+ * https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md
+ * https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md */
+ _cleanup_free_ char *connect_cmd = NULL;
+ connect_cmd = strjoin("CONNECT ", port, "\n");
+ if (!connect_cmd)
+ return log_oom();
+
+ r = loop_write(fd, connect_cmd, SIZE_MAX);
+ if (r < 0)
+ return log_error_errno(r, "Failed to send CONNECT to %s:%s: %m", path, port);
+
+ r = send_one_fd_iov(STDOUT_FILENO, fd, &IOVEC_NUL_BYTE, /* n_iovec= */ 1, /* flags= */ 0);
+ if (r < 0)
+ return log_error_errno(r, "Failed to send socket via STDOUT: %m");
+
+ log_debug("Successfully sent AF_UNIX socket via STDOUT.");
+ return 0;
+}
+
static int run(int argc, char* argv[]) {
log_setup();
if (p)
return process_unix(p);
+ p = startswith(host, "vsock-mux/");
+ if (p)
+ return process_vsock_mux(p, port);
+
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Don't know how to parse host name specification: %s", host);
}
projects / thirdparty / systemd.git / commitdiff
