-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I came across this archived linux-kernel message:
http://www.uwsg.iu.edu/hypermail/linux/net/0007.2/0111.html
I am having the exact same problem as is outlined there, from a post three
years ago. Here's a summary:
"I think I've found a bug in UDP/ICMP code in the kernel using
traceroute.
To reproduce: Launch traceroute -n to some Linux system nearby
really quickly 3 times in the row; localhost won't work, it has to go
through network. Quick response is crucial. I used systems w/ in
the same physical network and a few routers between (still < 5 ms
response).
The effect: On third traceroute (or perhaps second/first, if you're quick
enough), ICMP port unreachable will not be sent to the UDP datagram. "
I reproduced this on a redhat 8.0 machine running kernel 2.4.23. Changing to
the -I option of traceroute (to use ICMP) works flawlessly. I'll be glad to
provide more information if you need it. Please CC, as I'm not subscribed.
- --Russell
- --
Russell Miller - [email protected] - Somewhere near Sioux City, IA.
Youth cannot know age, but age is guilty if it forgets youth
- Professor Dumbledore
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAf0sUURTA4VCI9OARAs52AJ9llhS5KKvSe2nAU3lp82oySZ8c/gCfeyIK
i5V/P6Qj6ODS3jm6GSMQFrs=
=vREp
-----END PGP SIGNATURE-----
Russell Miller <[email protected]> writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I came across this archived linux-kernel message:
>
> http://www.uwsg.iu.edu/hypermail/linux/net/0007.2/0111.html
>
> I am having the exact same problem as is outlined there, from a post three
> years ago. Here's a summary:
>
> "I think I've found a bug in UDP/ICMP code in the kernel using
> traceroute.
>
> To reproduce: Launch traceroute -n to some Linux system nearby
> really quickly 3 times in the row; localhost won't work, it has to go
> through network. Quick response is crucial. I used systems w/ in
> the same physical network and a few routers between (still < 5 ms
> response).
>
> The effect: On third traceroute (or perhaps second/first, if you're quick
> enough), ICMP port unreachable will not be sent to the UDP datagram. "
>
> I reproduced this on a redhat 8.0 machine running kernel 2.4.23.
> Changing to the -I option of traceroute (to use ICMP) works
> flawlessly. I'll be glad to provide more information if you need
> it. Please CC, as I'm not subscribed.
You're probably hitting the ICMP rate limit.
Play with /proc/sys/net/ipv4/icmp_rate*.
- increase /proc/sys/net/ipv4/icmp_ratelimit
or
- clear bit 3 in /proc/sys/net/ipv4/icmp_ratemask
Phil.