Bug 14696
Summary: | traceroute: unreachable error (no response) from Cisco router (IOS v11.3-12.0(9)) | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | wds8397 |
Component: | traceroute | Assignee: | Crutcher Dunnavant <crutcher> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.2 | CC: | pekkas |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2000-08-02 15:31:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
wds8397
2000-07-27 04:16:53 UTC
I can't reproduce this with several Cisco routers. Are you sure there aren't firewalls etc. hindering the communications? Some tcpdump output might help in diagnosing this too. We have found that this is not a bug as supposed. A new rule was imposed at the router to block packet sizes >1460 (preventing PoD attacks). For some reason, the RedHat binary has a default value >1460, unlike most other distributions of linux. Debian binary has default set somewhere around 400-600. Why is RedHat's set so high? Are you sure about that? My tests w/ tcpdump show that both UDP and ICMP traceroutes would seem to generate only about 10-12 bytes of data per packet, plus the normal headers. There was no significant difference w/ RH6.2 version and the one from ftp.ee.lbl.gov. Scratch the previous comment. The large cutoff (>1460) concerned the VAX/VMS system. The RedHat problem arises due to a low cutoff rule that was imposed. No packet sizes under 39 bytes are allowed. I re-installed the rpm to verify this fact. traceroute xxx.xxx.xxx.xxx 38(default) 1 * * * traceroute xxx.xxx.xxx.xxx 39 works fine! This rule (in the router) is gets false positives. Consider a default IP header, 20 bytes. Add e.g. UDP header, 8 bytes. And then 0-10 bytes of data, 28-38 bytes. A perfectly legal packet. |