VirtualBox

Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#11178 closed defect (fixed)

Network Connection leak on Linux Host Kernel 3.2+

Reported by: Matthew Jurgens Owned by:
Component: network Version: VirtualBox 4.2.4
Keywords: network connection leak conntrack linux kernel Cc:
Guest type: Windows Host type: Linux

Description

Base system working ok: Virtual Box 4.1.8 with kernel-PAE-3.2.3-2.fc16.i686 or Fedora 16 Kernel 3.4.11-1.fc16.i686.PAE Running a single virtual machine guest Windows XP SP3 with 1 CPU and 1200MB RAM, 1 bridged ethernet adapter.

Upgraded to Virtual Box 4.2.0. After several days the number of network connections as reported by conntrack -S continually increased to the maximum limit of the machine (65536). Normally the host machine would have a stable "conntrack -S" count of somewhere around 500-600 connections, even after running for months.

Tried combinations of Virtual Box 4.2.0, 4.2.2 and 4.2.4 with kernel-PAE-3.2.3-2.fc16.i686, kernel-PAE-3.4.11-1.fc16.i686 and kernel-PAE-3.6.2-1.fc16.i686. Any combination with 4.2.x resulted in the network connection leak.

Attachments (3)

networkconnectionleak.png (12.8 KB ) - added by Matthew Jurgens 11 years ago.
Graph of network connections
VBox.log (53.7 KB ) - added by Matthew Jurgens 11 years ago.
Fresh Log. WinXP SP3 machine running for 10 mins
netflt_conntrack_leak.patch (706 bytes ) - added by Aleksey Ilyushin 11 years ago.
Fix for conntrack connection leak problem

Download all attachments as: .zip

Change History (12)

by Matthew Jurgens, 11 years ago

Attachment: networkconnectionleak.png added

Graph of network connections

comment:1 by Matthew Jurgens, 11 years ago

The graphic attached shows 3 distinct periods of network connection leaks. The large flat part of the graph with approx 20k connections was with virtualbox 4.2.x running but no virtual machines running. The flat period after the third peak is with reverting back to Virtualbox 4.1.8.

comment:2 by vasily Levchenko, 11 years ago

Could you please attach the log?

comment:3 by Aleksey Ilyushin, 11 years ago

Could you provide the output of 'sudo conntrack -L | grep <guest_ip_address>'? It would be interesting to see if the 'leaked' connections originate (or terminate) in the guest.

by Matthew Jurgens, 11 years ago

Attachment: VBox.log added

Fresh Log. WinXP SP3 machine running for 10 mins

comment:4 by Matthew Jurgens, 11 years ago

Reinstalled VirtualBox-4.2-4.2.4_81684_fedora16-1.i686.rpm on kernel 3.4.11-1.fc16.i686.PAE. Started up a single Guest (Win XP SP3) and even after 10 mins can see an increase in network connection leakage.

Here's a table of conntrack info:

conntrack -L conntrack -S Guest Uptime (mins)Guest Related Conns
505 505 0
660 671 2
749 790 10138
573 638 20109
657 812 50197
493 1129 195158
523 1423 285151

100% of the 100 or so guest related connections listed in conntrack -L are for connections back to the hosting machine that provides services to the guest eg web server, squid, SMB etc

One characteristic of this bug is that the connection totals reported by conntrack -L and the totals reported by conntrack -S diverge significantly over time, where those reported by conntrack -L stays around the several hundred mark but those reported by conntrack -S just keeps generally increasing as per attached graph. So looking at connections in conntrack -L shows normal behaviour.

Other information:

  • Leaks occur with or without Guest Additions running
  • When the virtual guest stops and is not running then the connection leak also stops.
  • Also leaks when running Fedora 16 as a guest
  • Leaks whether guest is active on the network or not. eg WinXP guest has hundreds of conntrack -L entries. Fedora guest has 1 or 2 conntrack -L entries. Leak rate is the small regardless.
Version 6, edited 11 years ago by Matthew Jurgens (previous) (next) (diff)

comment:5 by Matthew Jurgens, 11 years ago

Tried Kernel 3.6.6-1.fc16.i686.PAE with VirtualBox-4.2-4.2.4_81684_fedora16-1.i686 Same problem

by Aleksey Ilyushin, 11 years ago

Attachment: netflt_conntrack_leak.patch added

Fix for conntrack connection leak problem

comment:6 by Aleksey Ilyushin, 11 years ago

I've attached the patch for vboxnetflt kernel module. You can try in out following these steps (you need to be root):

  1. go to VirtualBox installation directory (depends on distro, try /usr/share/virtualbox/src/vboxhost);
  2. apply the patch:
    patch -p0 -i <path_to_netflt_conntrack_leak.patch>
    
  3. rebuild the modules:
    /etc/init.d/vboxdrv setup
    

Please let me know the results.

Last edited 11 years ago by Frank Mehnert (previous) (diff)

comment:7 by Frank Mehnert, 11 years ago

Resolution: fixed
Status: newclosed

Fix is part of VBox 4.2.6.

comment:8 by Matthew Jurgens, 11 years ago

Confirmed as fixed in 4.2.6. Network connection counts now stable again.

Thanks

comment:9 by Frank Mehnert, 11 years ago

Thanks for the confirmation!

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use