search

traviscross / mtr

Official repository for mtr, a network diagnostic tool
http://www.bitwizard.nl/mtr/
GNU General Public License v2.0
2.64k stars 337 forks source link

ICMP Replys are not evaluated correctly #434

Open SharkPie opened 2 years ago

SharkPie commented 2 years ago

tcpdump log 09:43:28.182236 IP xxx.xxx.xxx.xxx > xxx.xxx.xxx.xxx: ICMP host xxx.xxx.xxx.xxx unreachable - admin prohibited, length 72

ICMP Code from above ICMP Type 3 - Code 10

mtr without report function will show no route to host. This should not happen. ...

  1. (no route to host)

mtr with report function (-r) will show the host as online ...

  1. static.xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)
wenlxie commented 2 years ago

I met a similar issue. There is a hop in the middle of route path that send ICMP response with ICMP unreachable info but not ICMP time exceeded in-transit, length 72:

 03:09:02.112033 IP 10.10.10.10.35564 > 10.20.20.20.http: Flags [S], seq 1656127004, win 64240, options [mss 1460,sackOK,TS val 784970555 ecr 0,nop,wscale 8], length 0
03:09:02.135481 IP 10.30.30.30 > 10.10.10.10: ICMP 10.20.20.20 unreachable - need to frag (mtu 9000), length 36

Then MTR will not increase the packet's TTL and continue to do path discovery. Is it meaningful that we can add an option that mtr can continue to discover the path, if it exceed times specified, then stop?

@rewolff WDYT?

rewolff commented 2 years ago

The problem is that this router is definitively VERY broken. The "host unreachable" says "for a fact that host can't be reached from here". So IMHO mtr is correct in refusing to probe any hosts further than that host.

In a way it is logical: If we were trying to set up a connection to the https port of some host and my packets arrive at that router with expired TTL then that host would be unreachable for us. But the standards are there for a reason. They allows for some diagnosis tools like mtr to work. What if all routers would start doing this? It whould mean that "host unreachable" and "TTL exceeded" error messages merge into one. What some people (programmers) don't seem to understand is that the experts know what the different error messages mean and that this directs them to a solution. My laptop this week: "Something went wrong, please call your system adminstrator". Well I'm that systems "system adminstrator"... please tell me WHAT is wrong!

I hate to add options for each possible brokenness that exists in some router on the internet.

wenlxie commented 2 years ago

@rewolff Thanks for the reply.

elfring commented 1 year ago

I became curious also on further clarification possibilities for error messages like “no route to host”. 💭 Would you like to share any more experiences with “surprising” data processing results in special networks?