[Spice-devel] spice channel and conntrack netfilter

Sun Feb 12 07:08:57 PST 2012

On Fri, Feb 10, 2012 at 05:11:15PM +0100, Hans de Goede wrote:
> Hi,
> 
> On 02/10/2012 03:41 PM, nicolas prochazka wrote:
> >Hello again,
> >however it is seems very strange
> >
> >1- spicy is connected to my linux guest
> >2 - I do nothing during 10 minutes, or I want to eat a peace of cake
> >during 10 minutes,
> >then mouse, keyboard , sound are not usable in my vm, I just can see
> >the linux desktop :)
> 
> I understand, so we likely need to add some keepalive code to spice,
> can you please file an RFE here:
> 
> https://bugs.freedesktop.org/enter_bug.cgi?product=Spice
> 

Actually we already have a keep alive message, it's called ping.

    message {
    uint32 id;
    uint64 timestamp;
    uint8 data[] @ctype(uint8_t) @as_ptr(data_len);
    } ping;

So at least the change won't require a protocol update.

> Regards,
> 
> Hans
> 
> 
> >
> >Nicolas
> >
> >2012/2/10 Hans de Goede<hdegoede at redhat.com>:
> >>Hi,
> >>
> >>
> >>On 02/10/2012 11:26 AM, nicolas prochazka wrote:
> >>>
> >>>Hello,
> >>>spice client establish connection to spice server.
> >>>
> >>>DEV-10.98.98.1:~# conntrack -L |grep 11943
> >>>conntrack v1.0.0 (conntrack-tools): 76 flow entries have been shown.
> >>>tcp      6 600 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44970
> >>>dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44970
> >>>[ASSURED] mark=0 use=1
> >>>tcp      6 600 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44971
> >>>dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44971
> >>>[ASSURED] mark=0 use=1
> >>>tcp      6 600 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44967
> >>>dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44967
> >>>[ASSURED] mark=0 use=1
> >>>tcp      6 600 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44966
> >>>dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44966
> >>>[ASSURED] mark=0 use=1
> >>>tcp      6 599 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44969
> >>>dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44969
> >>>[ASSURED] mark=0 use=1
> >>>tcp      6 600 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44968
> >>>dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44968
> >>>[ASSURED] mark=0 use=1
> >>>
> >>>my ip_conntrack_tcp_timeout_established  is set to 600 for network
> >>>performance consideration, by default it seems to be 5 days.
> >>>
> >>>spice client ( spicy ) is connected to vm guest ( windows) in
> >>>screesaver mode, so there's no mouse, or keyboard event.
> >>>
> >>>tcp      6 365 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44970
> >>>dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44970
> >>>[ASSURED] mark=0 use=1
> >>>tcp      6 305 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44971
> >>>dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44971
> >>>[ASSURED] mark=0 use=1
> >>>conntrack v1.0.0 (conntrack-tools): 72 flow entries have been shown.
> >>>tcp      6 302 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44967
> >>>dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44967
> >>>[ASSURED] mark=0 use=1
> >>>tcp      6 302 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44966
> >>>dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44966
> >>>[ASSURED] mark=0 use=1
> >>>tcp      6 595 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44969
> >>>dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44969
> >>>[ASSURED] mark=0 use=1
> >>>tcp      6 302 ESTABLISHED src=10.10.4.3 dst=10.10.4.226 sport=44968
> >>>dport=5930 src=10.98.98.1 dst=10.10.4.3 sport=11943 dport=44968
> >>>[ASSURED] mark=0 use=1
> >>>
> >>>then after 600s
> >>>
> >>>tcp      6 595 ESTABLISHED src=10.10.106.58 dst=10.10.4.226
> >>>sport=53868 dport=11943 src=10.10.4.226 dst=10.10.106.58 sport=11943
> >>>dport=53868 [ASSURED] mark=0 use=1
> >>>
> >>>( connection for display ( screesaver send image change )
> >>>
> >>>
> >>>=>    Then mouse, keyboard are lost , i cannot  reuse them, I must kill
> >>>and restart spice client .
> >>>
> >>>Is it a normal behavior ?  ( channel is not recreated by client )
> >>
> >>
> >>Yes AFAIK this is expected behavior, esp. in combination with using
> >>temp passwords which expire (also see my previous mail) when using
> >>temp passwords the client-reconnecting won't help since the password
> >>will have expired.
> >>
> >>Regards,
> >>
> >>Hans
> >>_______________________________________________
> >>Spice-devel mailing list
> >>Spice-devel at lists.freedesktop.org
> >>http://lists.freedesktop.org/mailman/listinfo/spice-devel
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel