[Spice-devel] spice channel and conntrack netfilter
Hans de Goede
hdegoede at redhat.com
Fri Feb 10 02:34:05 PST 2012
Hi,
On 02/10/2012 11:26 AM, nicolas prochazka wrote:
> Hello,
> spice client establish connection to spice server.
>
> DEV-10.98.98.1:~# conntrack -L |grep 11943
> conntrack v1.0.0 (conntrack-tools): 76 flow entries have been shown.
> tcp 6 600 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44970
> dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44970
> [ASSURED] mark=0 use=1
> tcp 6 600 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44971
> dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44971
> [ASSURED] mark=0 use=1
> tcp 6 600 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44967
> dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44967
> [ASSURED] mark=0 use=1
> tcp 6 600 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44966
> dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44966
> [ASSURED] mark=0 use=1
> tcp 6 599 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44969
> dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44969
> [ASSURED] mark=0 use=1
> tcp 6 600 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44968
> dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44968
> [ASSURED] mark=0 use=1
>
> my ip_conntrack_tcp_timeout_established is set to 600 for network
> performance consideration, by default it seems to be 5 days.
>
> spice client ( spicy ) is connected to vm guest ( windows) in
> screesaver mode, so there's no mouse, or keyboard event.
>
> tcp 6 365 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44970
> dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44970
> [ASSURED] mark=0 use=1
> tcp 6 305 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44971
> dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44971
> [ASSURED] mark=0 use=1
> conntrack v1.0.0 (conntrack-tools): 72 flow entries have been shown.
> tcp 6 302 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44967
> dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44967
> [ASSURED] mark=0 use=1
> tcp 6 302 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44966
> dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44966
> [ASSURED] mark=0 use=1
> tcp 6 595 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44969
> dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44969
> [ASSURED] mark=0 use=1
> tcp 6 302 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44968
> dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44968
> [ASSURED] mark=0 use=1
>
> then after 600s
>
> tcp 6 595 ESTABLISHED src=10.10.106.58 dst=10.10.4.226
> sport=53868 dport=11943 src=10.10.4.226 dst=10.10.106.58 sport=11943
> dport=53868 [ASSURED] mark=0 use=1
>
> ( connection for display ( screesaver send image change )
>
>
> => Then mouse, keyboard are lost , i cannot reuse them, I must kill
> and restart spice client .
>
> Is it a normal behavior ? ( channel is not recreated by client )
Yes AFAIK this is expected behavior, esp. in combination with using
temp passwords which expire (also see my previous mail) when using
temp passwords the client-reconnecting won't help since the password
will have expired.
Regards,
Hans
More information about the Spice-devel
mailing list