From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1C5HO1-0001zf-NO for qemu-devel@nongnu.org; Thu, 09 Sep 2004 01:22:21 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1C5HO1-0001yy-2t for qemu-devel@nongnu.org; Thu, 09 Sep 2004 01:22:21 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1C5HO0-0001yr-VO for qemu-devel@nongnu.org; Thu, 09 Sep 2004 01:22:21 -0400 Received: from [216.254.0.202] (helo=mail2.speakeasy.net) by monty-python.gnu.org with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 4.34) id 1C5HIS-00082e-LN for qemu-devel@nongnu.org; Thu, 09 Sep 2004 01:16:36 -0400 Received: from dsl081-088-222.lax1.dsl.speakeasy.net (HELO [192.168.111.2]) ([64.81.88.222]) (envelope-sender ) by mail2.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 9 Sep 2004 05:16:34 -0000 Subject: Re: [Qemu-devel] problem of SLIRP From: "John R. Hogerhuis" In-Reply-To: <1094706262.413fe4560f5d8@webaccess.umail.ucsb.edu> References: <1094706262.413fe4560f5d8@webaccess.umail.ucsb.edu> Content-Type: text/plain Message-Id: <1094707033.31601.1400.camel@aragorn> Mime-Version: 1.0 Date: Wed, 08 Sep 2004 22:17:13 -0700 Content-Transfer-Encoding: 7bit Reply-To: jhoger@pobox.com, qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org On Wed, 2004-09-08 at 22:04, Ye Wen wrote: > Hi, > > I'm wondering why on some machine I can work with SLIRP fine but on others, I > can > ping the 10.0.2.2 (router) well but can't access the Internet. Is it because of > some firewall things? User mode networking (Slirp) operates at the level of an unpriveleged socket. That means that it can listen for TCP connections, make TCP connections, send and receive UDP packets. Basically, you can use the "port" based protocols. >>From an unpriveleged socket you cannot send raw IP packets. This includes ICMP messages since ICMP operates at the IP layer, rather than the ported protocol layer with TCP and UDP. Ping is an ICMP message. So Slirp fakes a ping by sending a UDP packet instead. So it is not ping. Your firewall may pass pings but not some UDP packets. Hence the confusion. What it comes down to, is don't use ping to test user mode networking, since it doesn't do what you think. Using a web browser makes a lot more sense, and is easier to understand the effects. The UDP fakery should probably be removed since it doesn't really do what anyone thinks, and therefore just confuses everyone. Also, for networking problems in general your best bet is to do a network trace on both the host and the guest, and you can see without any doubt how the user mode networking scheme is horking up your packets. I think QEMU is really putting Slirp through its paces, and Slirp is actually going to be brought up to par in short order... -- John.