Opened 9 years ago
Last modified 9 years ago
#15014 reopened defect
Virtual Machine returns duplicate network packets (host SLES 12, guest Win Server 2008, VirtualBox 5.0.4)
| Reported by: | mca0001 | Owned by: | |
|---|---|---|---|
| Component: | network | Version: | VirtualBox 5.0.4 |
| Keywords: | DUP | Cc: | |
| Guest type: | Windows | Host type: | Linux |
Description
Hello,
the virtual machine with Win Server 2008 and static IP address connected to host machine with SLES 12 via bridged network interface returns duplicate network packets.
First I noticed it when sending ping requests to the virtual machine from another host in the network. The ping returns DUPs. Then I started wireshark on hosting machine and I tested the issue also with netcat: sending simple echo from the virtual machine results to double response received by netcat in my laptop. The wireshark clearly shows that the virtual machine sends back duplicate packets for ICMP, UDP and (testing with SNMP traps) also for TCP protocols.
Would you know whether the higher releases of the virtualbox fix this problem?
Best rgards mca0001
Attachments (8)
Change History (21)
by , 9 years ago
| Attachment: | nc-udp-11620-from-vm05.png added |
|---|
by , 9 years ago
| Attachment: | ping-to-vm05-from-vml2080-returns-DUPs.png added |
|---|
by , 9 years ago
comment:1 by , 9 years ago
comment:2 by , 9 years ago
Right now I have tested it on
host machine: SLES 11 with VirtualBox 4.3.12 guest machine: Windows Server 2012 R2
and it works without duplicated packets.
comment:3 by , 9 years ago
Hello,
please close the ticket finally. I have found a bug in network configuration of the VM. So the combination "host(SLES 12.0 x86_64) + VirtualBox 5.0.4 + guest(Windows Server 2012 R2)" runs correctly with guest in bridged network mode. VBox was installed a bit not smooth on not supported OS using + VirtualBox-5.0.4-102546-Linux_amd64.run + Oracle_VM_VirtualBox_Extension_Pack-5.0.4.vbox-extpack + VBoxGuestAdditions_5.0.4.iso But as I wrote, finally it works correctly.
Best regards, mca0001
comment:4 by , 9 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
comment:6 by , 9 years ago
| Resolution: | invalid |
|---|---|
| Status: | closed → reopened |
comment:7 by , 9 years ago
I have reopened this issue because i am experiment the same in the combination Oracle Linux 7 Host + VBox 5.0.18 r106667 + and i tried two diferent gues OS. First one Oracle Linux 7 and the second one Centos 7 and i have experiment the same simptoms.
by , 9 years ago
| Attachment: | VirtualBox_BigDataMachine_21_04_2016_19_06_34.png added |
|---|
Duplicate Packages
comment:9 by , 9 years ago
This duplate packages stops happen when i use my corporate vpn client and also when i put the vnic bridget to the wired network nic. The packet capture i realized over the host machine with wireshark.
For trying to isolate the issue i change my Apple AirPort gateway with my GPON gateway Huawei always over wifi nic, and the issue persist.
comment:10 by , 9 years ago
Do you have any packet filtering enabled on the host? Do you have IP routing enabled on the host?
Can you make a simultaneous packet capture of the same traffic in the guest?
Duplicate packets seen in this capture are actually quite normal. What is not normal is that the duplicates reach the guest. The bug only happens when you bridge to the wireless, because with wireless it's not really bridging, but something like a MAC-level NAT, i.e. the packets from the guest are sent to world with host's MAC and IP address is used to multiplex incoming packets. So if you look at the duplicates in the capture, you can see that one of them has guest MAC and the other host MAC as source (for outgoing) or destination (for incoming).
comment:11 by , 9 years ago
For the first question i have flushed the iptables rules and stops the firewalld service.
For the second task i'will go to do the simultaneus tcpdump and attach the results.
Yes i quite note that in fact the firts replay packet its send to my gateway to the physical NIC and the second one in the header looks like the physical NIC its sending to the VNIC.
comment:12 by , 9 years ago
You haven't said if you have IP forwarding enabled on the host. It looks like you do. There are redirect packets from the host and then it apparently gives up and starts forwarding, so later in the capture you can see duplicate echo replies, and the duplicate is sent by the host.
comment:13 by , 9 years ago
Turning ip_forwarding off works i aready don't have duplicate packets.
Thanks vushakov.
Do you have any NAT/firewall rules set up on the host. Is eth0 interface part of a bridge?
Please, provide actual pcap files, not screenshots.