> Since the network is allowed to reorder packets, if you send two packets
> with the same ip_id and network re-orders the fragments so that arrive
> interspersed, you will end up with dropped packets (due to checksum 
> failure) or worse (checksum didn't fail but corrupted data).  That is 
> unacceptable.
> 
> The only way to reduce or eliminate this risk to ensure the maximum 
> delay before reusing ip_id's.

	i can't really parse what you are trying to mean.  even with
	ip_randomid() there's guaranteed recycle period, which is about 12000.
	yes, the likelihood of the problem like you stated will increase
	by factor of (64K/12K), but with that cost we can buy hard-to-guess
	fragment ID.

itojun