rfc: virtio-vsock for RPC and IPC #33897

issue Sjors openend this issue on November 18, 2025
  1. Sjors commented at 10:11 am on November 18, 2025: member

    virtio-vsock provides a way for applications running on a guest VM and the host system to communicate with each other using the standard socket interface (socket, connect, bind, listen, accept). It defines a new socket address family (AF_VSOCK) and uses a (context id, port) pair of integers for identifying processes. The host system always has 2 as its context id while each guest VM is assigned a unique context id on startup.

    https://chromium.googlesource.com/chromiumos/platform2/+/9e91613d2da1b3d6cfb1c77681444e688ce99cf4/vm_tools/docs/vsock.md

    It was first suggested in #32802 (comment):

    I’m dockerizing Sjors ’s Stratum V2 sidecar (bitcoin-mine) such that it’s able to reach a Bitcoin Core node running on the host.

    My host is macOS, and Docker is Linux, which means they don’t have a shared kernel and their Unix socket descriptors don’t match.

    It shouldn’t be too hard to support AF_VSOCK (virtio sockets) for communication between vm host and guest processes. These should be more secure and more performant than TCP sockets.

    Perhaps it’s useful for RPC too.

  2. willcl-ark added the label Brainstorming on Nov 18, 2025
  3. willcl-ark added the label interfaces on Nov 18, 2025
  4. ryanofsky commented at 9:47 pm on November 18, 2025: contributor

    It should be pretty easy to support vsock if we want that. I think it would only require a change to the ipc::ParseAddress function and updates to documentation and tests.

    TCP support could also be added by modifying the ParseAddress function, but I’d be wary of doing that since it would not really be safe without authentication (https://github.com/bitcoin/bitcoin/issues/32802#issuecomment-3000963484).

    I’m not sure if vsock support would actually be helpful for docker on mac. It would depend on whether docker for mac exposes any vsock options. I believe some hypervisors like qemu do, and others like virtualbox just don’t.

  5. Sjors commented at 8:47 am on November 19, 2025: member

    it would not really be safe without authentication

    And encryption, since we can’t use SSL.


Sjors ryanofsky

Labels
Brainstorming interfaces

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-11-21 03:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me