VirtualBox

Ticket #11178 (closed defect: fixed)

Opened 18 months ago

Last modified 16 months ago

Network Connection leak on Linux Host Kernel 3.2+

Reported by: Matthew Jurgens Owned by:
Priority: major Component: network
Version: VirtualBox 4.2.4 Keywords: network connection leak conntrack linux kernel
Cc: Guest type: Windows
Host type: Linux

Description

Base system working ok: Virtual Box 4.1.8 with kernel-PAE-3.2.3-2.fc16.i686 or Fedora 16 Kernel 3.4.11-1.fc16.i686.PAE Running a single virtual machine guest Windows XP SP3 with 1 CPU and 1200MB RAM, 1 bridged ethernet adapter.

Upgraded to Virtual Box 4.2.0. After several days the number of network connections as reported by conntrack -S continually increased to the maximum limit of the machine (65536). Normally the host machine would have a stable "conntrack -S" count of somewhere around 500-600 connections, even after running for months.

Tried combinations of Virtual Box 4.2.0, 4.2.2 and 4.2.4 with kernel-PAE-3.2.3-2.fc16.i686, kernel-PAE-3.4.11-1.fc16.i686 and kernel-PAE-3.6.2-1.fc16.i686. Any combination with 4.2.x resulted in the network connection leak.

Attachments

networkconnectionleak.png Download (12.8 KB) - added by Matthew Jurgens 18 months ago.
Graph of network connections
VBox.log Download (53.7 KB) - added by Matthew Jurgens 17 months ago.
Fresh Log. WinXP SP3 machine running for 10 mins
netflt_conntrack_leak.patch Download (706 bytes) - added by aleksey 17 months ago.
Fix for conntrack connection leak problem

Change History

Changed 18 months ago by Matthew Jurgens

Graph of network connections

comment:1 Changed 18 months ago by Matthew Jurgens

The graphic attached shows 3 distinct periods of network connection leaks. The large flat part of the graph with approx 20k connections was with virtualbox 4.2.x running but no virtual machines running. The flat period after the third peak is with reverting back to Virtualbox 4.1.8.

comment:2 Changed 18 months ago by Hachiman

Could you please attach the log?

comment:3 Changed 17 months ago by aleksey

Could you provide the output of 'sudo conntrack -L | grep <guest_ip_address>'? It would be interesting to see if the 'leaked' connections originate (or terminate) in the guest.

Changed 17 months ago by Matthew Jurgens

Fresh Log. WinXP SP3 machine running for 10 mins

comment:4 Changed 17 months ago by Matthew Jurgens

Reinstalled VirtualBox-4.2-4.2.4_81684_fedora16-1.i686.rpm on kernel 3.4.11-1.fc16.i686.PAE. Started up a single Guest (Win XP SP3) and even after 10 mins can see an increase in network connection leakage.

Here's a table of conntrack info:

conntrack -L conntrack -S Guest Uptime (mins)Guest Related Conns
505 505 0
660 671 2
749 790 10138
573 638 20109
657 812 50197
493 1129 195158
523 1423 285151

100% of the 100 or so guest related connections listed in conntrack -L are for connections back to the hosting machine that provides services to the guest eg web server, squid, SMB etc

One characteristic of this bug is that the connection totals reported by conntrack -L and the totals reported by conntrack -S diverge significantly over time, where those reported by conntrack -L stays around the several hundred mark but those reported by conntrack -S just keeps generally increasing as per attached graph. So looking at connections in conntrack -L shows normal behaviour.

Other information:

  • Leaks occur with or without Guest Additions running
  • When the virtual guest stops and is not running then the connection leak also stops.
  • Also leaks when running Fedora 16 as a guest
  • Leaks whether guest is active on the network or not. eg WinXP guest has hundreds of conntrack -L entries. Fedora guest has 1 or 2 conntrack -L entries. Leak rate is the same regardless.
Last edited 17 months ago by Matthew Jurgens (previous) (diff)

comment:5 Changed 17 months ago by Matthew Jurgens

Tried Kernel 3.6.6-1.fc16.i686.PAE with VirtualBox-4.2-4.2.4_81684_fedora16-1.i686 Same problem

Changed 17 months ago by aleksey

Fix for conntrack connection leak problem

comment:6 Changed 17 months ago by aleksey

I've attached the patch for vboxnetflt kernel module. You can try in out following these steps (you need to be root):

  1. go to VirtualBox installation directory (depends on distro, try /usr/share/virtualbox/src/vboxhost);
  2. apply the patch:
    patch -p0 -i <path_to_netflt_conntrack_leak.patch>
    
  3. rebuild the modules:
    /etc/init.d/vboxdrv setup
    

Please let me know the results.

Last edited 17 months ago by frank (previous) (diff)

comment:7 Changed 16 months ago by frank

  • Status changed from new to closed
  • Resolution set to fixed

Fix is part of VBox 4.2.6.

comment:8 Changed 16 months ago by Matthew Jurgens

Confirmed as fixed in 4.2.6. Network connection counts now stable again.

Thanks

comment:9 Changed 16 months ago by frank

Thanks for the confirmation!

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use