Subject: Re: synchronous ip_id
To: Steven M. Bellovin <firstname.lastname@example.org>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
Date: 02/24/2003 13:09:09
I routinely generate more than a single gigabit NIC's worth of NFS
traffic. I very much share SMB's concerns about wrapping ip_id space
in less than 2^16 datagrams.
ip_id collision combined with and packet drop can ucase two fragmented
UDP datagrams to be spliced together into a single datagram. The
Internet checksum is known (self-cite) to not be particularly good
at detecting such splices.
It's also pretty trivial to overload low-to-medium end switches,
causing small episodes of packet-drop.
Under those circumstances, replacing the linear ip_id algorithm with
something more "secure" but which may repeat very quickly, sounds
like a bad tradeoff.
(Yes, there's NFS-over-TCP, but the BSD NFS is not at all well-tuned
to run over TCP at gigabit speeds. Not at all.)