Unexpected Network Traffic on Node 8.3.3

[lina]

We have a node running Proxmox VE 8.3.3 with pve-firewall and ebtables disabled. When running tcpdump on a virtual machine, we observe network traffic that does not belong to this VM—it appears to be network activity from the node itself.

However, when testing on Proxmox VE 8.2 under the same conditions, we do not see this extra traffic.

Steps to Reproduce:​

1. Disable pve-firewall and ebtables on Proxmox VE 8.3.3.
2. Run tcpdump on any virtual machine.
3. Observe the unexpected network traffic from the node.

Questions:​

• Why is this happening on 8.3.3 but not on 8.2 under the same conditions?
• What has changed in networking behavior between these versions?

 

[lina]

Guys, this is a serious problem because it concerns security. It’s a really critical issue when you can listen to the traffic of an entire node.

 

[fabian]

you need to provide way more details for this report to be actionable.

in general, if you think you have found an issue with security implications, we'd appreciate it if you'd follow our security reporting guidelines: https://pve.proxmox.com/wiki/Security_Reporting (this also allows you to include sensitive information like details about your network / firewall / guest setup!).