In some email I received from Rob Healey, sie wrote:
> 
> > In message <199610250158.PAA27381@haleakala.aloha.net>Tim Newsham writes
> > >
> > >   I noticed this in an include file and it struck me
> > >as odd:
> > >
> > >  struct ip {
> > >     ...
> > >     int16_t ip_len;
> > >     ...
> > >   }
> > >
> > >why is the length field signed?
> > 
> > Because nobody would ever want to send an IP packet bigger than
> > 32K, right?  I posted some patches for this earlier in the year,
> > and I promise I'll do a send-pr on it within the next week, :-)
> > as soon as I get the actual 1.2 release running.
> > 
> > I'll also try to spend a little time to ensure that the Win95
> > ping bug (bogusly large pings crashing various systems) doesn't
> > bite us...
> > 
> 	Remember: The ping bug isn't related to ICMP per say but to
> 	IP, ANY IP, re/de fragmentation code... B^(. Oddly enough our
> 	favorite object of scorn, Slowlaris, doesn't seem to be
> 	effected by this particular bug even though Slowlaris is usually
> 	a roach motel from hell...

Hmmm, the above signed ip_len is bug compatible with an old BSD bug which
had "short ip_len", I suspect :-)

Maybe you should put the above in a "#ifdef TCP_COMPAT_42" ? :-)
(the signed th_seq/th_ack bug is what this avoids, I believe...)

Darren