I just had a quick chat with Rich Stevens about this, and here are
his comments FYI.

cjs

Curt Sampson    curt@portal.ca		Info at http://www.portal.ca/
Internet Portal Services, Inc.	
Vancouver, BC   (604) 257-9400		De gustibus, aut bene aut nihil.

>From rstevens@kohala.com Fri Oct 25 10:06:56 1996
Date: Fri, 25 Oct 1996 09:19:53 -0700
From: "W. Richard Stevens" <rstevens@kohala.com>
To: Curt Sampson <curt@portal.ca>
Subject: Re: Unsigned IP Packet Size

Yes, that is a bug that has been there for a long time.  To accept
IP datagrams great than 32767, as well as UDP datagrams > 32767
and TCP segments > 32767, you can either (1) change ip_len to be
a u_short instead of a signed short, (2) add a cast to the three
places that the code fails (ipintr, udp_input, and tcp_input).  A
good way to test the fix is to set the MTU of the loopback to something
like 60K bytes.

I did the cast fix about 1.5 years ago and Dave Borman at BSDI finally
did the u_short fix earlier this year, and it didn't appear to break
anything else (that's what people were worried about).

	Rich Stevens


>From rstevens@kohala.com Fri Oct 25 10:06:59 1996
Date: Fri, 25 Oct 1996 09:21:53 -0700
From: "W. Richard Stevens" <rstevens@kohala.com>
To: Curt Sampson <curt@portal.ca>
Subject: Re: Unsigned IP Packet Size

> So of course I hauled out my copy of TCP/IP I. V2 and had a look. On page
> 211 the source code says
> 
>  * We declare ip_len and ip_off to be short, rather than u_short
>  * pragmatically since otherwise unsigned comparisons can result
>  * against negative integers quite easily, and fail in subtle ways.

Another thought--that comment (I think) is from old compilers
(circa early 80s) that didn't handle unsigned compares correctly.
I seem to remember problems like that with VAXes around that time,
and the C compiler.

	Rich