[vbox-dev] Bug in Slirp NAT module and a fix for it

[Yirkha]

Hi everybody,
I've come across a bug in VBox NAT networking code, which AFAIK affects all
host systems.

I noticed it when the installer of guest system I was trying to test stopped
responding every time during DNS resolving process. The request was correctly
forwarded and sent to real DNS server, but the socket to receive the response
had already been closed when it arrived. Later I found out that this behavior
occures any time you try to use any UDP communication after 4 minutes of idle
(UDP cache timeout).

Finally I learned that all of this is caused by wrong value of "curtime" variable,
which is updated each time slirp_select_poll() is called - and that is only when
something has already arrived. So when the first packet ever passing the NAT is
an outgoing UDP one, the "curtime" has value of 0 instead of real timestamp,
expiration time of newly created UDP session is set to 0 + 4 mins., and it's
therefore immediately killed in the next clean-up phase. (In case of just a long
enough delay, the "curtime" is only few minutes in the past, not 0, but the result
is the same.)

My suggestion is to call updtime() in slirp_input() as well, i.e. when something
comes from the inner, guest OS interface, not only when something is received on
the host's side. The patch is of course trivial, but I'm not including any actual
code to avoid dealing with all that licence stuff. Hope this helps.

Regards,
 Yirkha
 mailto:yirkha at fud.cz