Bug 125958

Summary: traceroute6 segfaults when packet length is too large
Product: [Fedora] Fedora Reporter: Per Steinar Iversen <persteinar.iversen>
Component: iputilsAssignee: Radek Vokál <rvokal>
Status: CLOSED CURRENTRELEASE QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: 2CC: bressers
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-01-31 09:14:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Per Steinar Iversen 2004-06-14 15:51:00 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040116

Description of problem:
traceroute6 segfaults if the packet length is set too large:

Here is a test on the local network::

# traceroute6 www.it.hio.no 1440
traceroute to www.it.hio.no (2001:700:700:1:2c0:9fff:fe35:281e) from
2001:700:700:1:202:b3ff:fe8f:6379, 30 hops max, 1440 byte packets
 1  www.it.hio.no (2001:700:700:1:2c0:9fff:fe35:281e)  1.076 ms  4.147
ms  3.293 ms

# traceroute6 www.it.hio.no 1441
traceroute to www.it.hio.no (2001:700:700:1:2c0:9fff:fe35:281e) from
2001:700:700:1:202:b3ff:fe8f:6379, 30 hops max, 1441 byte packets
Segmentation fault

# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:02:B3:8F:63:79
          inet addr:158.36.161.50  Bcast:158.36.161.255 
Mask:255.255.255.0
          inet6 addr: 2001:700:700:1:202:b3ff:fe8f:6379/64 Scope:Global
          inet6 addr: fe80::202:b3ff:fe8f:6379/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:430 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1385 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:103211 (100.7 Kb)  TX bytes:214463 (209.4 Kb)
 
# uname -a
Linux lumi.hio.no 2.6.6-1.427 #1 Thu Jun 10 09:33:46 EDT 2004 i686
i686 i386 GNU/Linux

Anything above 1440 bytes fails to work.



Version-Release number of selected component (if applicable):
iputils-20020927-13

How reproducible:
Always

Steps to Reproduce:
1. Use traceroute6 with a packet length above 1440
2. Get a segmentation fault
3.
    

Actual Results:  Segmentation fault.

Expected Results:  Something more clever.

Additional info:
Comment 1 Per Steinar Iversen 2004-06-15 09:35:58 UTC 
Some experiments show that the magic limit is always 56-60 bytes less
than the MTU of the network interface.
Comment 3 John 2004-12-08 08:15:18 UTC 
Works on same iptools version, same host, kernel 2.6.8-1.521 with packet size up
to 60000.
Comment 4 Radek Vokál 2005-01-30 16:33:19 UTC 
I didn't manage to reproduce it here. Works fine with kernel-2.6.10
and latests iputils. Having here the core dump file from segfault
would be nice.
Comment 5 Per Steinar Iversen 2005-01-31 08:16:59 UTC 
I believe this problem was really this one, bug 126021

At least the problem went away when the kernel fragmentation bug was
fixed.
Comment 6 Radek Vokál 2005-01-31 09:14:04 UTC 
Ok, closing this bug as currentrelease ..