#11178 closed defect (fixed)
Network Connection leak on Linux Host Kernel 3.2+
| 回報者: | Matthew Jurgens | 負責人: | |
|---|---|---|---|
| 元件: | network | 版本: | VirtualBox 4.2.4 |
| 關鍵字: | network connection leak conntrack linux kernel | 副本: | |
| Guest type: | Windows | Host type: | Linux |
描述
Base system working ok: Virtual Box 4.1.8 with kernel-PAE-3.2.3-2.fc16.i686 or Fedora 16 Kernel 3.4.11-1.fc16.i686.PAE Running a single virtual machine guest Windows XP SP3 with 1 CPU and 1200MB RAM, 1 bridged ethernet adapter.
Upgraded to Virtual Box 4.2.0. After several days the number of network connections as reported by conntrack -S continually increased to the maximum limit of the machine (65536). Normally the host machine would have a stable "conntrack -S" count of somewhere around 500-600 connections, even after running for months.
Tried combinations of Virtual Box 4.2.0, 4.2.2 and 4.2.4 with kernel-PAE-3.2.3-2.fc16.i686, kernel-PAE-3.4.11-1.fc16.i686 and kernel-PAE-3.6.2-1.fc16.i686. Any combination with 4.2.x resulted in the network connection leak.
附加檔案 (3)
更動歷史 (12)
12 年 前 由 編輯
| 附檔: | 新增 networkconnectionleak.png |
|---|
comment:1 12 年 前 由 編輯
The graphic attached shows 3 distinct periods of network connection leaks. The large flat part of the graph with approx 20k connections was with virtualbox 4.2.x running but no virtual machines running. The flat period after the third peak is with reverting back to Virtualbox 4.1.8.
comment:3 12 年 前 由 編輯
Could you provide the output of 'sudo conntrack -L | grep <guest_ip_address>'? It would be interesting to see if the 'leaked' connections originate (or terminate) in the guest.
comment:4 12 年 前 由 編輯
Reinstalled VirtualBox-4.2-4.2.4_81684_fedora16-1.i686.rpm on kernel 3.4.11-1.fc16.i686.PAE. Started up a single Guest (Win XP SP3) and even after 10 mins can see an increase in network connection leakage.
Here's a table of conntrack info:
| conntrack -L | conntrack -S | Guest Uptime (mins) | Guest Related Conns |
| 505 | 505 | 0 | |
| 660 | 671 | 2 | |
| 749 | 790 | 10 | 138 |
| 573 | 638 | 20 | 109 |
| 657 | 812 | 50 | 197 |
| 493 | 1129 | 195 | 158 |
| 523 | 1423 | 285 | 151 |
100% of the 100 or so guest related connections listed in conntrack -L are for connections back to the hosting machine that provides services to the guest eg web server, squid, SMB etc
One characteristic of this bug is that the connection totals reported by conntrack -L and the totals reported by conntrack -S diverge significantly over time, where those reported by conntrack -L stays around the several hundred mark but those reported by conntrack -S just keeps generally increasing as per attached graph. So looking at connections in conntrack -L shows normal behaviour.
Other information:
- Leaks occur with or without Guest Additions running
- When the virtual guest stops and is not running then the connection leak also stops.
- Also leaks when running Fedora 16 as a guest
- Leaks whether guest is active on the network or not. eg WinXP guest has hundreds of conntrack -L entries. Fedora guest has 1 or 2 conntrack -L entries. Leak rate is the same regardless.
comment:5 12 年 前 由 編輯
Tried Kernel 3.6.6-1.fc16.i686.PAE with VirtualBox-4.2-4.2.4_81684_fedora16-1.i686 Same problem
comment:6 12 年 前 由 編輯
I've attached the patch for vboxnetflt kernel module. You can try in out following these steps (you need to be root):
- go to VirtualBox installation directory (depends on distro, try /usr/share/virtualbox/src/vboxhost);
- apply the patch:
patch -p0 -i <path_to_netflt_conntrack_leak.patch>
- rebuild the modules:
/etc/init.d/vboxdrv setup
Please let me know the results.
Graph of network connections