Internal network traffic leaks out of host => Fixed in SVN

[Richard Boyce]

When data is being transferred between the host and guest (in either direction) over a bridged network link, the data is being copied to the host's physical Ethernet port and exported.

Tested only with XP Pro 32 and 7 Pro 64 guests running on an OS X host. The problem appeared after upgrading the host from Snow Leopard to Mavericks. Bridged networking on a single NIC, both paravirtualised and other types. Promiscuous mode set to Deny.

[Aleksey Ilyushin]

Could you provide a bit of clarification? How did you check for leaked traffic exactly? Were you sniffing traffic on external host? Please also provide the log file.

[Richard Boyce]

I've long monitored network activity (amongst other things) using a tool called MenuMeters. After upgrading to Mavericks, MenuMeters showed outgoing activity at the same rate and time as the internal activity. My Mac is connected to a network switch and that confirmed the activity on its connection to the Mac. No other ports on the switch were active at the time, so the data flow stopped at the switch. MenuMeters reported no data being echoed back from the switch. I made no attempt to sniff the content of the traffic.

[Aleksey Ilyushin]

Thanks a lot for the explanation. We have been able to reproduce the problem locally and are working on it.

[Legorol]

This sounds to me like it's working as intended. Traffic over a bridged network card is not "internal".

When you are using bridged networking, then both the host and the guest are considered to be directly connected to the external physical network, as if they were two separate computers. Any traffic between them is supposed to appear on the physical network, just as it would if two separate, physical computers were communicating with each other. This would allow a third computer to sniff the traffic (which is how it should be).

Example: Let's say you have two physical computers, A and B connected to your physical network. In this case, a third computer C in promiscuous mode running a network sniffer will be able to watch the traffic between A and B. This behaviour should be replicated if A and B are not physical computers, but for example two VMs using bridged mode networking.

If you want to avoid traffic between the host and guest from going out on the physical network, then use host-only networking (that's what it's there for).

[Aleksey Ilyushin]

That is actually incorrect. VirtualBox goes extra mile to ensure that unicast traffic between VMs and the host never reaches wire. The only exception is made for promiscuous mode. When the adapter VirtualBox "bridges" to is in promiscuous mode all traffic is sent to the wire no matter where the traffic is destined to. This is done because OS X supports Berkeley Packet Filter which is implemented as hooks in Ethernet drivers. Please note that I am talking about host's adapter, not about adapters in virtual machines.

[Aleksey Ilyushin]

The test build containing the fix is available here.

[Richard Boyce]

Initial testing suggests the problem is fixed. Thank you.

[Frank Mehnert]

Thanks for testing!

[Frank Mehnert]

Fix is part of VBox 4.3.10.