Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src/sys/netinet
In message <20030909054540.909.qmail%mail.netbsd.org@localhost>, "Darren Reed"
writes:
>In a message from Steven Bellovin, sie said...
>>
>> The spec permits one IPid sequence per <src,dst,protocol> triple,
>> since those parameters are used in matching fragments. The downside
>> is implementation complexity; it won't break anything anywhere on
>> the net. You also don't need to consume IPid space -- or at least,
>> you don't need to worry about preventing duplicates -- on packets
>> that have set.
>
>Without wanting to advocate change for the sake of change, how much
>sense does it make to go a step further and use a constant value in
>the ID field (say 0?) for all "do not fragment" packets ?
It makes a lot of sense, though it gives away some fingerprinting info.
In fact, I believe that some Linux distributions already do just that.
(At least one brand of router uses 0 for link-local OSPF packets, which
it knows can't be fragmented, and a counter for TCP.)
Everything I know about the behavior of IPid is in my NAT detector
paper, which I know that Darren has seen:
http://www.research.att.com/~smb/papers/fnat.ps (or .pdf).
--Steve Bellovin, http://www.research.att.com/~smb
Home |
Main Index |
Thread Index |
Old Index