Guest Introspection driver (vnetWFP) with VMware Tools 12.0 out of box will not intercept ICMP network traffic
search cancel

Guest Introspection driver (vnetWFP) with VMware Tools 12.0 out of box will not intercept ICMP network traffic

book

Article ID: 313795

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware Desktop Hypervisor

Issue/Introduction

Symptoms:
After VMware Tools upgrade to 12.x ,NSX IDFW rules configured for ICMP may not work on guest virtual machine installed with VMware Tools 12.x unless ICMP registry settings are explicitly enabled.

Environment

VMware Tools 12.x

Cause

Guest Introspection driver (required for NSX IDFW) by default from Tools 12.0 would not intercept ICMP network traffic.

Due to intermittent packet drop issue seen with usage of Microsoft WFP packet injection API, ICMP packet interception has been disabled by default on VM Tools 12.x.

For more details on packet drop issue, see Network timeouts or packet drops with VMware Tools 11.x with Guest Introspection Driver (79185)

Resolution

Currently there is no resolution.

Workaround:
While the Fix is being worked on, please follow the below steps to workaround the issue:

With VMware Tools 11.2.6, following registry setting can be used to enable/disable the ICMP/UDP protocol support for the GI :
  1. Click Start > Run, type regedit, and click OK. The Registry Editor window opens.
  2. Create the following key using the registry editor:
HKEY_LOCAL_Machine\SYSTEM\CurrentControlSet\services\vnetwfp\parameters
  1. Create the following DWORD value under the newly created parameters key:
Note: Ensure that Hexadecimal is selected when putting in these values. The ‘0x’ means hexadecimal, you should not enter ‘0x’ while adding the values in the registry. Selecting hexadecimal is enough.

Possible Values for ksam_otorp:
0x400 - To enable filtering of UDP messages, disable ICMP
0x800 - To enable filtering of ICMP messages, disable UDP
0xC00 - To enable filtering of ICMP and UDP messages
0x0 - To disable filtering of both ICMP and UDP messages

Note : TCP filtering is always enabled and cannot be controlled by registry settings.
  1. With VMware Tools 12.x, the key can be deleted to get the default behavior (i.e. only ICMP protocol disabled).