125958 – traceroute6 segfaults when packet length is too large

Bug 125958 - traceroute6 segfaults when packet length is too large

Summary: traceroute6 segfaults when packet length is too large

Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	iputils
Sub Component:	(Show other bugs)
Version:	2
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Radek Vokal
QA Contact:	Mike McLean
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-06-14 15:51 UTC by Per Steinar Iversen
Modified:	2007-11-30 22:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2005-01-31 09:14:04 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Per Steinar Iversen 2004-06-14 15:51:00 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040116

Description of problem:
traceroute6 segfaults if the packet length is set too large:

Here is a test on the local network::

# traceroute6 www.it.hio.no 1440
traceroute to www.it.hio.no (2001:700:700:1:2c0:9fff:fe35:281e) from
2001:700:700:1:202:b3ff:fe8f:6379, 30 hops max, 1440 byte packets
 1  www.it.hio.no (2001:700:700:1:2c0:9fff:fe35:281e)  1.076 ms  4.147
ms  3.293 ms

# traceroute6 www.it.hio.no 1441
traceroute to www.it.hio.no (2001:700:700:1:2c0:9fff:fe35:281e) from
2001:700:700:1:202:b3ff:fe8f:6379, 30 hops max, 1441 byte packets
Segmentation fault

# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:02:B3:8F:63:79
          inet addr:158.36.161.50  Bcast:158.36.161.255 
Mask:255.255.255.0
          inet6 addr: 2001:700:700:1:202:b3ff:fe8f:6379/64 Scope:Global
          inet6 addr: fe80::202:b3ff:fe8f:6379/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:430 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1385 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:103211 (100.7 Kb)  TX bytes:214463 (209.4 Kb)
 
# uname -a
Linux lumi.hio.no 2.6.6-1.427 #1 Thu Jun 10 09:33:46 EDT 2004 i686
i686 i386 GNU/Linux

Anything above 1440 bytes fails to work.



Version-Release number of selected component (if applicable):
iputils-20020927-13

How reproducible:
Always

Steps to Reproduce:
1. Use traceroute6 with a packet length above 1440
2. Get a segmentation fault
3.
    

Actual Results:  Segmentation fault.

Expected Results:  Something more clever.

Additional info:

Comment 1 Per Steinar Iversen 2004-06-15 09:35:58 UTC

Some experiments show that the magic limit is always 56-60 bytes less
than the MTU of the network interface.

Comment 3 John 2004-12-08 08:15:18 UTC

Works on same iptools version, same host, kernel 2.6.8-1.521 with packet size up
to 60000.

Comment 4 Radek Vokal 2005-01-30 16:33:19 UTC

I didn't manage to reproduce it here. Works fine with kernel-2.6.10
and latests iputils. Having here the core dump file from segfault
would be nice.

Comment 5 Per Steinar Iversen 2005-01-31 08:16:59 UTC

I believe this problem was really this one, bug 126021

At least the problem went away when the kernel fragmentation bug was
fixed.

Comment 6 Radek Vokal 2005-01-31 09:14:04 UTC

Ok, closing this bug as currentrelease ..

Note You need to log in before you can comment on or make changes to this bug.