Subject: Re: CVS commit: src/sys/netinet
To: Darren Reed <>
From: Steven M. Bellovin <>
List: source-changes
Date: 09/09/2003 07:40:55
In message <>, "Darren Reed" writes:
>In a message from Steven Bellovin, sie said...
>> The spec permits one IPid sequence per <src,dst,protocol> triple,
>> since those parameters are used in matching fragments.  The downside
>> is implementation complexity; it won't break anything anywhere on
>> the net.  You also don't need to consume IPid space -- or at least,
>> you don't need to worry about preventing duplicates -- on packets
>> that have  set.
>Without wanting to advocate change for the sake of change, how much
>sense does it make to go a step further and use a constant value in
>the ID field (say 0?) for all "do not fragment" packets ?

It makes a lot of sense, though it gives away some fingerprinting info. 
In fact, I believe that some Linux distributions already do just that.
(At least one brand of router uses 0 for link-local OSPF packets, which 
it knows can't be fragmented, and a counter for TCP.)

Everything I know about the behavior of IPid is in my NAT detector
paper, which I know that Darren has seen: (or .pdf).

		--Steve Bellovin,