[e2e] ICMP & TCP segments with IP ID = 0?

Andi Kleen ak at muc.de
Wed May 16 09:39:17 PDT 2001

On Wed, May 16, 2001 at 04:04:36PM +0200, Craig Partridge wrote:
> Hi folks:
> As a side discovery on a research project, we've tripped over a bunch of
> packets in the wild where the IP ID is set to 0.  Some are ICMP packets
> and some are TCP segments.
> Before we set up a traffic filter to track down what brand of system is
> generating these evil beasts, I'm writing to see if anyone has already
> figured out what kind of system sends them.

Why are they evil? ipid is only useful for defragmentation, and perhaps 
to recover from bugs in IP checksum checking/correction functions, but that
seems to be a secondary task.

Linux 2.4 before 2.4.3 does for all packets with DF set. As far as we
could figure out it doesn't violate any specs. Unfortunately it triggers
a bug in the Microsoft VJ header compression, so >= 2.4.3 will generate a 
non unique id (per socket counter) for DF packets.
Packets without DF of course have a real IPID.


More information about the end2end-interest mailing list