We now tell the 9P server
proto1:ip1:port1:<address for forwarding>
which means please listen on proto1:ip1:port1, then connect to the port
proxy in Moby and tell it the connection is for <address for forwarding>.
Note this requires a corresponding change in hostnet/vpnkit.
Signed-off-by: David Scott <dave.scott@docker.com>
On a Hyper-V system we can only register one listening endpoint (with
a GUID), so we need to accept connections, read a header and then
start the proxy.
If the binary has argv[0] == "proxy-vsockd" then run this new frontend.
Signed-off-by: David Scott <dave.scott@docker.com>
The tap-vsockd service is started from eth1's pre-up script.
On the Mac: the bind of the AF_HYPERV socket fails, and eth1 is skipped.
On Windows: if there is no database then eth1 is skipped.
On Windows: if the database has network=native then eth1 is brought up.
Signed-off-by: David Scott <dave.scott@docker.com>
In `connect` mode the client looping calling `connect` and `close` on a timer.
This could result in the server accepting the connection and the client accidentally
closing it immediately. This patch makes `tap-vsockd` keep trying to (re-)establish
the connection. Note that daemonization is delayed until after the first successful
negotiation, so attempts to send a packet afterwards should succeed.
Signed-off-by: David Scott <dave.scott@docker.com>
Our convention is to print command-line parse failures to the terminal
to allow easier interactive debugging, rather than sending them to
the syslog.
Signed-off-by: David Scott <dave.scott@docker.com>
We daemonize after checking the command-line and binding/connecting
the socket and creating the tap device. Only the ethernet frame
processing happens afterwards.
This patch also includes a new well-known service GUID for the
VPN-proxy ethernet service.
Signed-off-by: David Scott <dave.scott@docker.com>
Older versions of the Linux AF_HVSOCK can only accept() as they
don't allow connections to the parent partition. Support both
modes for now.
Signed-off-by: David Scott <dave.scott@docker.com>
The vmnet protocol expects to tell the client what the MAC address is.
This patch sets it on the TAP device.
Signed-off-by: David Scott <dave.scott@docker.com>
The client on the host may time-out the connection attempt after we have
accepted it. If the mount fails, sleep for 1s and try again.
Signed-off-by: David Scott <dave.scott@docker.com>
The database has a reconnect loop, and we don't particularly want
to accept more than one of its connections per mount.
Signed-off-by: David Scott <dave.scott@docker.com>
These packages will be shared by a number of utilities
so vendoring them in a shared place.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
DOS filesystems are handy for embedded development. ISO FS was
requested/suggested somewhere on a forum.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
