Created attachment 344025 [details] Patch to fix various IPv4/v6 SNMP counters Description of problem: There are various places in the RHEL-4 kernel where IP SNMP counters are not incremented correctly. This bugzilla contains a verified patch that brings IP SNMP counter operations up to speed with RHEL-5/upstream. Version-Release number of selected component (if applicable): kernel-2.6.9-88.EL How reproducible: Always. Steps to Reproduce: Here's a batch of specific problems and ways to verify them: 1. InHdrErrors Before forwarding packet, the router will check the TTL, if the TTL equal or less than 1, this packet will be discarded, but the counter InHdrErrors is not increased. The topology as follow for example: |192.168.1.20 |[eth0:2] -------- -------- |tester| |Router|(RHEL4.8ss5) -------- -------- |[eth0] |[eth0:1] |192.168.0.10 |192.168.0.20 ------|----------------|------------------192.168.0.0/24 Steps to Reproduce: Step1 Config tester #ifconfig eth0 192.168.0.10 netmask 255.255.255.0 #ip route add 192.168.1.0/24 via 192.168.0.20 dev eth0 Step2 Config Router #ifconfig eth0:1 192.168.0.20 netmask 255.255.255.0 #ifconfig eth0:2 192.168.1.20 netmask 255.255.255.0 #echo "1" > /proc/sys/net/ipv4/ip_forward Step3 Router: record the value of InHdrErrors #cat /proc/net/snmp | grep ^Ip | awk {'print $5'} Step4 tester: Send 5 icmp packets with ttl=1 to 192.168.1.25 #ping 192.168.1.25 -c 5 -t 1 Step5 Router: check the value of InHdrErrors #cat /proc/net/snmp | grep ^Ip | awk {'print $5'} 2. OutNoRoutes When sending a packet, if there are no route to forward this packet, the packet will be discarded, but the counter of OutNoRoutes is not increased. Steps to Reproduce: Step1 Delete the default route #ip route del default Step2 Read the proc file of /proc/net/snmp, and record the value of OutNoRoutes #cat /proc/net/snmp | grep ^Ip | awk {'print $13'} Step3 Send a icmp packet to unreachable host #ping -c 1 192.168.245.245 Step4 Read the proc file of /proc/net/snmp, and record the value of OutNoRoutes #cat /proc/net/snmp | grep ^Ip | awk {'print $13'} 3. FragFails When sending a packet, if the packet size is bigger than the NIC's MTU and the IP header's DF is set to 1, the packet will be discarded. but the counter of FragFails is not increased. Steps to Reproduce: Step1 Read the proc file of /proc/net/snmp, and record the value of FragFails #cat /proc/net/snmp | grep ^Ip |awk {'print $19'} Step2 Send 5 icmp packets, with packet size bigger than NIC's MTU, and IP header's DF=1 #ping -c 5 -s 2000 -M do $IPADDR [note] $IPADDR must specify address that can be reached. Step3 check the value of FragFails #cat /proc/net/snmp | grep ^Ip |awk {'print $19'} 4. FragCreates and Ip6FragCreates When host sending bigger packet than NIC's MTU, kernel fragments the big packet, but counters of FragCreates and Ip6FragCreates are not increased. Steps to Reproduce: In case of IPv4: Step1 read the proc file of /proc/net/snmp, and record the value of FragCreates #cat /proc/net/snmp | grep ^Ip |awk {'print $20'} Step2 Send a packet to host, with packet size bigger than NIC's MTU. #ping -c 1 -s 2000 $IPADDR (note) $IPADDR must specify address that can reach. Step3 read the proc file of /proc/net/snmp, and check the value of FragCreates #cat /proc/net/snmp | grep ^Ip |awk {'print $20'} In case of IPv6: Step1 read the proc file of /proc/net/snmp6, and record the value of Ip6FragCreates #cat /proc/net/snmp6 | grep Ip6FragCreates Step2 Send a packet to host, with packet size bigger than NIC's MTU. #ping6 -c 1 -s 2000 $IP6ADDR (note) $IP6ADDR must specify addresses that can reach. Step3 read the proc file of /proc/net/snmp6, and check the value of Ip6FragCreates #cat /proc/net/snmp6 | grep Ip6FragCreates 5. Ip6InNoRoutes and Ip6InAddrErrors When sending packet with unknown dst address to router, the router will discard this packet, but the counter of Ip6InNoRoutes is not increased. When sending packet with bad dst address to router, the router will discard this packet, but the counter of Ip6InAddrErrors is not increased. Steps to Reproduce: The topology as follow for example: -------- ------- |tester| |router|(RHEL4.8ss5) -------- ------- |[eth0] |[eth0] | |fe80::2xx:xxff:fexx:xxxx/64 ------|-----------------------------|-------- Step1 Config the rounting table of the tester #ip -6 route add 2020::/64 via fe80::2xx:e9xx:fexx:xxxx dev eth0 #ip -6 route add 1::1 via fe80::2xx:xxff:fexx:xxxx dev eth0 (note) fe80::2xx:xxff:fexx:xxxx is the link-local address of the eth0 of the router. Step2 router: record the value of Ip6InNoRoutes and Ip6InAddrErrors #cat /proc/net/snmp6 | grep Ip6InNoRoutes #cat /proc/net/snmp6 | grep Ip6InAddrErrors Step3 tester: send 5 icmp packets to unknown dst addr of 2020::20d:88ff:feaa:aaff, and send 5 icmp packets to bad addr of 1::1 #ping6 -I eth0 -c 5 2020::20d:88ff:feaa:aaff #ping6 -I eth0 -c 5 1::1 Step4 router: check the value of Ip6InNoRoutes and Ip6InAddrErrors #cat /proc/net/snmp6 | grep Ip6InNoRoutes #cat /proc/net/snmp6 | grep Ip6InAddrErrors Actual results: Counters in /proc/net/snmp{,6} are not incremented correctly. Expected results: Counters in /proc/net/snmp{,6} are incremented correctly. Additional info: Patch was verified by partner Fujitsu. Applies cleanly to 2.6.9-89.EL sources.
Patch looks good.
Event posted on 06-29-2010 05:23pm JST by moshiro Hi, Any updates? This event sent from IssueTracker by moshiro issue 291333
Committed in 89.42.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0263.html