In message <20030909054540.909.qmail@mail.netbsd.org>, "Darren Reed" writes:
>In a message from Steven Bellovin, sie said...
>> 
>> The spec permits one IPid sequence per <src,dst,protocol> triple,
>> since those parameters are used in matching fragments.  The downside
>> is implementation complexity; it won't break anything anywhere on
>> the net.  You also don't need to consume IPid space -- or at least,
>> you don't need to worry about preventing duplicates -- on packets
>> that have  set.
>
>Without wanting to advocate change for the sake of change, how much
>sense does it make to go a step further and use a constant value in
>the ID field (say 0?) for all "do not fragment" packets ?

It makes a lot of sense, though it gives away some fingerprinting info. 
In fact, I believe that some Linux distributions already do just that.
(At least one brand of router uses 0 for link-local OSPF packets, which 
it knows can't be fragmented, and a counter for TCP.)

Everything I know about the behavior of IPid is in my NAT detector
paper, which I know that Darren has seen:
http://www.research.att.com/~smb/papers/fnat.ps (or .pdf).


		--Steve Bellovin, http://www.research.att.com/~smb