Bug in virtio/KVM at NF_INET_PRE_ROUTING

Issues related to applications and software problems
Post Reply
MikeCML
Posts: 2
Joined: 2011/08/31 18:39:08

Bug in virtio/KVM at NF_INET_PRE_ROUTING

Post by MikeCML » 2011/08/31 19:13:31

Hello,

I recently found that packets captured in NF_INET_PRE_ROUTING, or NF_INET_LOCAL_INPUT hook over a virtio NIC shows rubbish starting at offset 0x80 from raw-Ethernet. This problem didn't occur with older kernels (2.6.18-centos, or vanilla 2.6.25).

To show this, I made a simple kernel module with netfilter hook for nfho.hooknum = NF_INET_PRE_ROUTING; - runned it and test with pings (dump the ping packet).
I have a VM running centos6 with 2 NICs: e1000 and virtio. I ping the VM I have kernel-module insmodded from another host using: ping x.x.x.x -p AA -s 1000 (filled with 0xAA 1000bytes).
You see below the rubbish in virtio case!

virtio NIC:

Dump ICMP packet, size of: 1028
45 00 04 04 00 00 40 00 40 01 bf 07 c0 a8 7b 01 E.....@.@.....{.
c0 a8 7b 9f 08 00 f9 ce 69 8a 00 05 d2 b1 5b 4e ..{.....i.....[N
00 00 00 00 5d a1 09 00 00 00 00 00 aa aa aa aa ....]...........
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 01 c0 0c 00 10 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
60 86 c3 00 00 ea ff ff aa 00 00 00 74 03 00 00 `...........t...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 76 61 68 69 2e 63 6f 00 00 00 00 00 00 00 00 .vahi

e1000 NIC:

Dump ICMP packet, size of: 1028
45 00 04 04 00 00 40 00 40 01 0b 0d xx xx xx xx E.....@.@....d..
yy yy yy yy 08 00 73 10 c1 7e 00 1c 83 b1 5b 4e .d....s.......[N
00 00 00 00 d8 54 0c 00 00 00 00 00 aa aa aa aa .....T..........
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ................
aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa .....

Test-setup:
I used CentOS 6.0, with the latest updates:
cat /etc/redhat-release
CentOS Linux release 6.0 (Final)

uname -a
Linux zeus 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux

I did ping a.b.c.d -p AA -s 1000
I see the dump of packets in dmesg at the moment of the hook NF_INET_PRE_ROUTING (same problem occurs also at NF_INET_LOCAL_INPUT!


BTW. I failed to attach here the testing code netfilter_module.tgz
If anyone needs it, please email me and I'll send it.

Looking forward for a patch,
Mihai

User avatar
toracat
Forum Moderator
Posts: 7444
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Bug in virtio/KVM at NF_INET_PRE_ROUTING

Post by toracat » 2011/08/31 21:09:52

I suggest you report the problem at the [url=https://bugzilla.redhat.com]upstream's bugzilla[/url]. However, you may want to wait for CentOS 6.1 because there is a possibility that this issue has been fixed in 6.1. If you'd like to try it right now, you can install Scientific Linux 6.1.

MikeCML
Posts: 2
Joined: 2011/08/31 18:39:08

Re: Bug in virtio/KVM at NF_INET_PRE_ROUTING

Post by MikeCML » 2011/09/22 21:06:35

Hi toracat,

I did the test on Scientific-Linux 6.1 with kernel 2.6.32-131.12.1.el6.x86_64 and the problem still exists.

I reported the bug here: https://bugzilla.redhat.com/show_bug.cgi?id=740653
I hope someone would pick it up and fix it.

BTW. I put the sources of the testing kernel-module for those who would like to check the bug [url=http://dl.free.fr/gXETj3izM]here[/url].

Kind regards,
Mike

Post Reply

Return to “CentOS 6 - Software Support”