IP packet handling issues in virtio-net on certain OS/kernel versions on KVM VM

Update: just noticed this post is very old… but well, maybe helpful for other people having trouble with VirtIO and KVM together with Suricata ^^

I had similar issues with VirtIO and KVM. I found a fix in this forum. One of the users was using a specific configuration within the libvirt XML of the virtual machine. I tried around with that one and found that checksums (in my case) seem to be the problem.

Can you give it a try @Jungho ? I am using OpenVswitch in my Host, you may need to change the bridge part. From my blog:

The following does not work:

    <interface type='bridge'>
      <mac address='..:..:..:..:..:..'/>
      <source bridge='ovs-guests'/>
      <virtualport type='openvswitch'>
      </virtualport>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>

then it does not work. If I however define the NIC like this:

    <interface type='bridge'>
      <mac address='..:..:..:..:..:..'/>
      <source bridge='ovs-guests'/>
      <virtualport type='openvswitch'>
      </virtualport>
      <model type='virtio'/>
      <driver name='vhost' txmode='iothread' ioeventfd='on' event_idx='off' queues='8' rx_queue_size='1024' tx_queue_size='1024'>
        <host csum='off' gso='off' tso4='off' tso6='off' ecn='off' ufo='off' mrg_rxbuf='off'/>
        <guest csum='off' tso4='off' tso6='off' ecn='off' ufo='off'/>
      </driver>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </interface>

then it does work. Notice that the difference (driver). I found this one in the suricata forums in a thread about packetloss using XDP driver in RHEL 8.3… By trying and trying and trying I first noticed it starts working with this part:

        <guest csum='off' tso4='off' tso6='off' ecn='off' ufo='off'/>

Because if I commented everything within driver…/driver it still did not work. When I commented the host/ part and uncommented the guest/ part it started to work.

It seems to have to do with the parameter csum in guest/ because as soon as I set csum=’on’ it stops working. I can set all other parameters from above to on – just not csum.

1 Like