Bug#631980: linux-image-3.0.0-rc4-amd64: Traceroute problems with clients behind gateway

[Brielle]

Package: linux-image-3.0.0-rc4-amd64
Severity: normal
Tags: experimental

-- System Information:
Debian Release: squeeze
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Hello,

I'm noticing a problem with clients behind my linux system that acts
as a NAT gateway. When doing a traceroute from the client, to say,
google.com, the first hop is showing up as the final destination rather
then the IP address of the gateway.

-----
traceroute to 74.125.224.48 (74.125.224.48), 64 hops max, 52 byte packets
1 74.125.224.48 (74.125.224.48) 0.658 ms 0.106 ms 0.123 ms
2 boid-dsl-gw07-199.boid.qwest.net (184.99.64.199) 42.359 ms 41.447 ms 42.161 ms
3 boid-agw1.inet.qwest.net (184.99.65.49) 41.549 ms 40.989 ms 42.573 ms
4 sea-edge-12.inet.qwest.net (67.14.41.22) 86.234 ms 57.025 ms 55.848 ms
5 65.122.121.66 (65.122.121.66) 58.344 ms 56.292 ms 55.848 ms
-----

Proper traceroute from unaffected kernel (in this case, 2.6.38-2)
-----
traceroute to 74.125.224.48 (74.125.224.48), 64 hops max, 52 byte packets
1 gateway (10.11.1.1) 1.431 ms 0.458 ms 0.445 ms
2 boid-dsl-gw07-199.boid.qwest.net (184.99.64.199) 42.727 ms 43.713 ms 43.292 ms
3 184-99-65-49.boid.qwest.net (184.99.65.49) 43.442 ms 46.488 ms 43.461 ms
4 sea-edge-12.inet.qwest.net (67.14.41.22) 59.208 ms 58.577 ms 56.627 ms
5 65.122.121.66 (65.122.121.66) 56.779 ms 59.540 ms 121.465 ms
-----

Same exact firewalling rules are in place with iptables on both
traceroutes (SNAT, not messing with traceroutes, icmp in/out).

Even with a completely clean boot with no firewalling rules and no
nat rules, traceroute shows exactly the same thing, first hop shows up
as the destination. So, I'm not entirely sure its related to netfilter.

I do have packet dumps from the tests if they might be useful.

I can confirm that 2.6.32-5 kernels from squeeze also do not exhibit
this issue.

Thanks for looking into this!

--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

[Ben Hutchings]

Please can you clarify whether you are changing the kernel version on
the gateway or on the client computer?

> -----
> traceroute to 74.125.224.48 (74.125.224.48), 64 hops max, 52 byte packets
> 1 gateway (10.11.1.1) 1.431 ms 0.458 ms 0.445 ms
> 2 boid-dsl-gw07-199.boid.qwest.net (184.99.64.199) 42.727 ms 43.713 ms 43.292 ms
> 3 184-99-65-49.boid.qwest.net (184.99.65.49) 43.442 ms 46.488 ms 43.461 ms
> 4 sea-edge-12.inet.qwest.net (67.14.41.22) 59.208 ms 58.577 ms 56.627 ms
> 5 65.122.121.66 (65.122.121.66) 56.779 ms 59.540 ms 121.465 ms
> -----
>
> Same exact firewalling rules are in place with iptables on both
> traceroutes (SNAT, not messing with traceroutes, icmp in/out).
>
> Even with a completely clean boot with no firewalling rules and no
> nat rules, traceroute shows exactly the same thing, first hop shows up
> as the destination. So, I'm not entirely sure its related to netfilter.
>
> I do have packet dumps from the tests if they might be useful.

Yes, please send standard pcap files.

Ben.

> I can confirm that 2.6.32-5 kernels from squeeze also do not exhibit
> this issue.
>
> Thanks for looking into this!
>
>
>

--
Ben Hutchings
In a hierarchy, every employee tends to rise to his level of incompetence.

[Ben Hutchings]

Brielle,

Sorry I didn't respond to your earlier update. I have quite a
backlog of bug reports to look at.

On Mon, Jul 04, 2011 at 05:03:14PM -0600, Brielle Bruns wrote:
[...]
> Just a quick update, I confirmed the same behavior with stock
> 3.0.0-rc5 kernel with no extra patches or changes other then the
> usual .config.
>
> Should I be submitting this quirk to upstream since it happens in
> stock? If so, do you have a specific person in mind that would be
> good to contact?

Yes, this should be handled upstream. Send mail to the list
net...@vger.kernel.org and cc 631...@bugs.debian.org.

Ben.
--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus