[libvirt-users] issue with openssh-server running in a libvirt based centos virtual machine

Michal Privoznik mprivozn at redhat.com
Mon Jan 29 13:56:45 UTC 2018


On 01/29/2018 10:44 AM, Adrian Pascalau wrote:
> On Sun, Jan 28, 2018 at 7:07 PM, Adrian Pascalau
> <adrian27oradea at gmail.com> wrote:
>> When an Ethernet frame that is less then 60 bytes in size goes through
>> the network, it is padded with 0x00 bytes until it has 60 bytes in
>> length (64 with the frame check sequence). When this kind of padded
>> frames goes from centos1 VM through the linux bridge br0 to the
>> windows host, the IP and TCP headers in those frames wrongly consider
>> the 0x00 padded bytes as part of the user data, therefore the upstream
>> protocol (SSH in my case) tries to interpret them, and this is why
>> Putty hangs. Those 0x00 padded bytes are at the layer2 Ethernet frame
>> level, and should not be considered in the user data of the higher
>> level protocols.
> 
> Ok, so I found a workaround for this, even if I do not know who caused
> this issue.
> 
> Basically I noticed that I have this ssh connection issue only when
> the ssh client runs on a windows host. If the ssh client runs on a
> linux host, the ssh connection works without any problem. So I have
> compared the tcpdump for ssh connections initiated from both windows
> and linux, and what I have noticed is that on centos linux, by default
> the TCP stack uses timestamps in the TCP Options, and because of this,
> the Ethernet frames are never below 60 bytes, while in my windows the
> TCP Options timestamps are not used, and therefore some Ethernet
> frames are less than 60 bytes.
> 
> So I enabled the TCP Options timestamps in windows as well, by running
> the command 'netsh int tcp set global timestamps=enabled', and just
> like that, the ssh started to work. Still, I do not know who is
> causing this issue, and who to blame for this behavior...
> 
> Any suggestion how to identify which network element wrongly assigns
> the Ethernet padding to the TCP payload is more than welcome.

Since this is happening only on Windows and Putty, I'd suspect the
latter one. Does switching to different client (say winscp or Tera Term)
help?

Michal




More information about the libvirt-users mailing list