Subject: Re: CVS commit: src/sys/netinet
To: Darren Reed <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 09/09/2003 07:40:55
In message <firstname.lastname@example.org>, "Darren Reed" writes:
>In a message from Steven Bellovin, sie said...
>> The spec permits one IPid sequence per <src,dst,protocol> triple,
>> since those parameters are used in matching fragments. The downside
>> is implementation complexity; it won't break anything anywhere on
>> the net. You also don't need to consume IPid space -- or at least,
>> you don't need to worry about preventing duplicates -- on packets
>> that have set.
>Without wanting to advocate change for the sake of change, how much
>sense does it make to go a step further and use a constant value in
>the ID field (say 0?) for all "do not fragment" packets ?
It makes a lot of sense, though it gives away some fingerprinting info.
In fact, I believe that some Linux distributions already do just that.
(At least one brand of router uses 0 for link-local OSPF packets, which
it knows can't be fragmented, and a counter for TCP.)
Everything I know about the behavior of IPid is in my NAT detector
paper, which I know that Darren has seen:
http://www.research.att.com/~smb/papers/fnat.ps (or .pdf).
--Steve Bellovin, http://www.research.att.com/~smb