[Qemu-discuss] bridged ICMP with no replies for tap0 on linux host

From: Kate F
Subject: [Qemu-discuss] bridged ICMP with no replies for tap0 on linux host
Date: Sat, 4 Oct 2014 00:05:18 +0100


I'm bridging to tap0 on a linux host, and i can see pings arrive from
my VM (with tshark -i tap), but I see no ICMP reply.

I suspect this to be a problem with the host. I was using Debian
wheezy, with qemu (1.1.2+dfsg-6a+deb7u3). My configuration worked

I upgraded to Jessie (qemu 2.1.2, Debian 2.1+dfsg-5), and that's when
my configuration stopped working. I've also tried installing the qemu
package I was using before (1.1.2+dfsg-6a+deb7u3) and my problem
So I believe this is not qemu's fault.

My VM is FreeBSD 10.0, amd64. Started thus:

  ; nice qemu-system-x86_64 -nographic -enable-kvm -m 768 -smp 2 \
      -hda freebsd.img -hdb swap.img -hdc home.img \
      -netdev tap,id=tap0,ifname=tap0,script=no,downscript=no \
          -device rtl8139,netdev=tap0

The host is also amd64. I gave tap0 an IP so that I can try to
diagnose this problem. Here's the traffic I see over tap0 on the host:

  ; ifconfig tap0
  tap0      Link encap:Ethernet  HWaddr aa:26:97:82:c6:f1
            inet addr:  Bcast:  Mask:
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:523 errors:0 dropped:0 overruns:0 frame:0
            TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:500
            RX bytes:50062 (48.8 KiB)  TX bytes:1068 (1.0 KiB)
  ; tshark -i tap0
  Capturing on 'tap0'
    1   0.000000 RealtekU_12:34:57 -> Broadcast    ARP 42 Who has  Tell
    2   0.000033 Apple_31:63:da -> RealtekU_12:34:57 ARP 42 is at 34:15:9e:31:63:da
    3   0.000351 ->  ICMP 98 Echo (ping)
request  id=0x1304, seq=0/0, ttl=64
    4   1.034739 ->  ICMP 98 Echo (ping)
request  id=0x1304, seq=1/256, ttl=64
    5   2.083052 ->  ICMP 98 Echo (ping)
request  id=0x1304, seq=2/512, ttl=64
    6   3.155970 ->  ICMP 98 Echo (ping)
request  id=0x1304, seq=3/768, ttl=64

And on the VM:

  # ifconfig re0
  re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
          ether 52:54:00:12:34:56
          inet netmask 0xffffff00 broadcast
          inet6 fe80::5054:ff:fe12:3456%re0 prefixlen 64 scopeid 0x1
          media: Ethernet autoselect (100baseTX <full-duplex>)
          status: active
  # ping
  PING ( 56 data bytes
  --- ping statistics ---
  4 packets transmitted, 0 packets received, 100.0% packet loss
  # arp -a
  ? ( at 52:54:00:12:34:56 on re0 permanent [ethernet]
  ? ( at 34:15:9e:31:63:da on re0 expires in 1065 seconds [ethernet]

The host has no firewall (as far as I'm aware!) and iptables accepts everything:

  # iptables -L
  Chain INPUT (policy ACCEPT)
  target     prot opt source               destination

  Chain FORWARD (policy ACCEPT)
  target     prot opt source               destination

  Chain OUTPUT (policy ACCEPT)
  target     prot opt source               destination

And some sysctls on the host:

  net.ipv4.ip_forward = 1

  net.bridge.bridge-nf-call-ip6tables = 0
  net.bridge.bridge-nf-call-iptables = 0
  net.bridge.bridge-nf-call-arptables = 0

Now I'm at a loss for what to do next.

Why am I seeing no ICMP replies on the host?
Where can I look next in order to diagnose that?



