Bug 14696

Summary: traceroute: unreachable error (no response) from Cisco router (IOS v11.3-12.0(9))
Product: [Retired] Red Hat Linux Reporter: wds8397
Component: tracerouteAssignee: Crutcher Dunnavant <crutcher>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2CC: pekkas
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-08-02 15:31:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description wds8397 2000-07-27 04:16:53 UTC 
Traceroute rpm's for 6.0-6.2 are not compatable with Cisco router IOS v11.3-12.0(9). Router will not reply to  UDP or ICMP(traceroute -I) 
requests. Systems on same segment running Debian or WinNT not having this problem. Have also found that Multinet's traceroute for 
VAX/VMS is also having same problem (for what it's worth). Other network utils functioning correctly.

Downloaded traceroute (v1.4a5) from ftp.ee.lbl.gov and compiled on RH 6.2 box. This version does not use default UDP nor has a switch 
between the two protocols (UDP / ICMP). Traceroute works correctly for this build.

-Walter
Comment 1 Pekka Savola 2000-08-01 19:45:01 UTC 
I can't reproduce this with several Cisco routers.  Are you sure there aren't
firewalls etc. hindering the communications?  Some tcpdump output might help
in diagnosing this too.
Comment 2 wds8397 2000-08-02 00:32:33 UTC 
We have found that this is not a bug as supposed. A new rule was imposed at the router to block packet sizes >1460 (preventing PoD attacks). For 
some reason, the RedHat binary has a default value >1460, unlike most other distributions of linux. Debian binary has default set somewhere around 
400-600. Why is RedHat's set so high?
Comment 3 Pekka Savola 2000-08-02 05:26:07 UTC 
Are you sure about that?  My tests w/ tcpdump show that both UDP and ICMP
traceroutes would
seem to generate only about 10-12 bytes of data per packet, plus the normal
headers.  There
was no significant difference w/ RH6.2 version and the one from ftp.ee.lbl.gov.
Comment 4 wds8397 2000-08-02 15:31:49 UTC 
Scratch the previous comment. The large cutoff (>1460) concerned the VAX/VMS system.

The RedHat problem arises due to a low cutoff rule that was imposed. No packet sizes under 39 bytes are allowed. I re-installed the rpm to verify this 
fact.

traceroute xxx.xxx.xxx.xxx 38(default)
1 * * *

traceroute xxx.xxx.xxx.xxx 39
works fine!
Comment 5 Pekka Savola 2000-08-02 20:31:23 UTC 
This rule (in the router) is gets false positives.

Consider a default IP header, 20 bytes.
Add e.g. UDP header, 8 bytes.
And then 0-10 bytes of data, 28-38 bytes.

A perfectly legal packet.