Opened 6 years ago
Closed 6 years ago
#18355 closed defect (fixed)
packet’s trailer extra byte padding => Fixed in SVN
| Reported by: | arturob | Owned by: | |
|---|---|---|---|
| Component: | other | Version: | VirtualBox 5.2.24 |
| Keywords: | Cc: | ||
| Guest type: | other | Host type: | other |
Description
we see bidirectional TCP traffic and session establishing passed the 3-way handshake and for HTTP we even see the HTTP GET request from DDMSPSADM1 (client) to DDUXPSFINV1 (server) (packet number 886 in the snapshot below), however the second packet of the HTTP transfer (number 888 below) from the server to the client never makes it. This behavior is consistent every time. There are two things that are different with this packet, first is that it has the TCP PSH flag enabled, this should not create any problem. The second one is “VSS-Monitoring Ethernet trailer”, this is an extra padding that some network drivers add to the packet trailer. Apparently virtualbox is known for this behavior and some people have reported application issues because of it. We tried virtualbox on MACOS and it certainly doesn’t add the extra padding. The issue does not occur with NAT mode, only Bridge mode when using the NDIS6 Brdiged Networking Driver.
Attachments (5)
Change History (12)
by , 6 years ago
| Attachment: | vbox_network_issue1.png added |
|---|
by , 6 years ago
| Attachment: | issue_zone5_host.pcapng added |
|---|
by , 6 years ago
| Attachment: | issue_vbox_w10_vm.pcapng added |
|---|
by , 6 years ago
| Attachment: | CIFS_TCP_DUMP_DDMSPSADM1.pcap added |
|---|
comment:1 by , 6 years ago
comment:2 by , 6 years ago
Hi Aleksey, Sorry for that. The issue is that Cisco ACI equipment is flagging virtualbox traffic as suspect and as a result, drops the packets.
vbox_virtualmachine - Source: 10.210.63.35, Destination: 10.202.3.203 vbox_physicalhost - Source: 10.202.3.203, Destination: 10.210.63.35 server_on_ciscoACI_network - Source: 10.202.3.203, Destination: 10.210.63.35
Protocols tested: TCP/8000 and SMB
I attached a zip with new files.
Thank you for your help!
by , 6 years ago
| Attachment: | newcapture.zip added |
|---|
comment:3 by , 6 years ago
Cisco has identified this behavior (the padding of the extra byte at the packet trailer) as the root cause for the embedded IDS in their Cisco Application Centric Infrastructure (Cisco ACI )AVE switch to drop the packets. Cisco is currently contemplating the option of creating an exception for the IDS rules to allow such packets.
We would like to request VirtualBox to provide customers the option to the turn off this padding as we do not use Microsoft Load Balancing/Failover (LB/FO) VMs. Having the ability to enable/disable this 'feature' is beneficial for companies that have ACI networks.
Thank you!
comment:4 by , 6 years ago
comment:5 by , 6 years ago
| Summary: | packet’s trailer extra byte padding → packet’s trailer extra byte padding => Fixed in SVN |
|---|
comment:6 by , 6 years ago
Thank you, Aleksey!! resolution confirmed on VirtualBox-6.0.5-129665-Win testbuild.
comment:7 by , 6 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
This appears to be a duplicate of #18202. The bridging driver indeed pads odd-length packets. But I fail to see how it would prevent HTTP packets from being delivered. I cannot find packets number 886 nor 888 in any of provided capture files. It is also quite hard for me to guess MAC addresses of the machines involved. Please provide adequate information that will enable me to analyze the capture files. I cannot deduce any meaning from "issue_zone5_host", for example. Which file is supposed to illustrate what?