[e2e] ICMP & TCP segments with IP ID = 0?
ak at muc.de
Wed May 16 09:39:17 PDT 2001
On Wed, May 16, 2001 at 04:04:36PM +0200, Craig Partridge wrote:
> Hi folks:
> As a side discovery on a research project, we've tripped over a bunch of
> packets in the wild where the IP ID is set to 0. Some are ICMP packets
> and some are TCP segments.
> Before we set up a traffic filter to track down what brand of system is
> generating these evil beasts, I'm writing to see if anyone has already
> figured out what kind of system sends them.
Why are they evil? ipid is only useful for defragmentation, and perhaps
to recover from bugs in IP checksum checking/correction functions, but that
seems to be a secondary task.
Linux 2.4 before 2.4.3 does for all packets with DF set. As far as we
could figure out it doesn't violate any specs. Unfortunately it triggers
a bug in the Microsoft VJ header compression, so >= 2.4.3 will generate a
non unique id (per socket counter) for DF packets.
Packets without DF of course have a real IPID.
More information about the end2end-interest