[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] Networking: Questions about Host to Guest interal tra

From: Jakob Bohm
Subject: Re: [Qemu-discuss] Networking: Questions about Host to Guest interal traffic management
Date: Fri, 08 May 2015 00:42:19 +0200
User-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0

(Summary for other readers of this list)

There are two highly relevant questions that I could not
answer, someone else should answer these:

Q1: Depending on configuration, how are network packets
transferred between the networking stack in the host
computer and the virtual NIC emulated by qemu for the

Q2: Depending on configuration, does the host networking
stack see the virtual machine's NIC as a virtual NIC
on the host or as a local network application?  This
would (for instance) determine if iptables processes
guest traffic using its INPUT/OUTPUT or its FORWARD
rule chains.

I presume the answers would depend of the networking
type selected with the --net option, and that some
cases may use special fast paths with KVM and/or xen,
but I do not know of a document giving definitive
answers for all of the cases.

The OP would prefer pointers to specific qemu
documentation pages for the answers, if such exist.

The most interesting cases are probably these:

--net tap --enable-kvm
--net l2tpv3 --enable-kvm
--net tap --xen-domid
--net l2tpv3 --xen-domid
--net tap (with software emulation)
--net l2tpv3 (with software emulation)

The answers are of cause obvious when using any of
the following documented options:

--net user
--net socket
--net vde
--net none

On 07/05/2015 10:37, David Borman wrote:

I have a Instance running and iam curious about the internals and how the packets are routed from the physical (hostsystem) layer to the Internal, virtual Guest interface (virtio, e1000, rtl8139 ect) (IP/TCP/UDP/ICMP Data only).

"How" is an inboud packet, reaching the hosts physical ethernetcard hardware forwarded to the virtual nic inside the guest os and what is happening if the guest os firewall
 drops/reject/accept the packet?

1) Will the Hostsystem drop this packet physically?
Since network packets are logical phenomena rather than
physical objects, they are not as such "physically

However if the host is running any sane kind of firewall
(such as the Linux iptables), when the host firewall drops
the packet, it will not progress any further, and the
correspondingmemory will be freed and reused soon
thereafter (where "soon" may be anything from a few
picoseconds to billions of years, mostly by chance).

As for the freeing of memory, this should be no different
from how the host would free the same memory if there was
no virtual machine involved.  It would either follow the
code path for packets that were going to be forwarded out
another (physical or virtual) network card if they had
not been dropped, or the code path for packets that were
going to be returned to a locally running program if they
had not been dropped.  This part would be better asked in
a forum about the host OS and its firewall.

However what someone else on this list should be able to
answer is how the packets get from the Host OS kernel to
the virtual machines virtual hardware, because that is
very specific to how qemu is implemented in different
situations and configurations.

Someone else on this list should also be able to answer
if the Host kernel will act as if the packets are going
out another (virtual) network card representing the
virtual machine, or if it will act as if the packets are
being returned to an ordinary program running on the host,
again, this is very specific to how qemu is implemented
in different situations and configurations.

In particular, the answers to the previous two questions
is going to depend on the following qemu command line


2) Is the Guest OS dropping the packet at the virtual guest network adapter? (and if so, what data still remains inside the Hostsystem memory structures and what event triggers the memory cleanup?)
The Guest OS will operate the same way as it would on a
physical machine.  This includes any firewalls in the
guest OS.  This part would be better asked in a forum
about the Guest OS and its firewall.

If there is any good docs out there, then please let me now. On google i only find very generic stuff.

Thx, David


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

reply via email to

[Prev in Thread] Current Thread [Next in Thread]