[e2e] Re: Question on "identification" field of IP header

Kevin Fall kfall at EECS.Berkeley.EDU
Fri Dec 13 10:42:28 PST 2002

And, the including of 64-bits of "data" was later updated by rfc1812:

... Original Message Header
   Historically, every ICMP error message has included the Internet
   header and at least the first 8 data bytes of the datagram that
   triggered the error.  This is no longer adequate, due to the use of
   IP-in-IP tunneling and other technologies.  Therefore, the ICMP
   datagram SHOULD contain as much of the original datagram as possible
   without the length of the ICMP datagram exceeding 576 bytes.  The
   returned IP header (and user data) MUST be identical to that which
   was received, except that the router is not required to undo any
   modifications to the IP header that are normally performed in
   forwarding that were performed before the error was detected (e.g.,
   decrementing the TTL, or updating options).  Note that the
   requirements of Section [] supersede this requirement in some
   cases (i.e., for a Parameter Problem message, if the problem is in a
   modified field, the router must undo the modification).  See Section


- K

> From:  David Borman <dab at bsdi.com>
> To:    end2end-interest at postel.org, mouse at Rodents.Montreal.QC.CA,
	 tcp-impl at grc.nasa.gov
> Subject: Re: Question on "identification" field of IP header
> Date:  Fri, 13 Dec 2002 11:14:11 CST
> Just a minor nit that I feel should be clarified:
> > From: der Mouse <mouse at Rodents.Montreal.QC.CA>
> > Date: Fri, 13 Dec 2002 16:41:51 +0100 (CET)
> > Subject: Re: Question on "identification" field of IP header
> ...
> > Note that the portion of a packet returned in an ICMP does not include
> > even the IP source and destination addresses; the identification value
> > is almost the only value that can be relied upon to identify the
> > original packet upon getting an ICMP....
> Actually, ICMP packets are supposed to return the entire IP header
> (including options) plus 64 bits of the IP data.  So, you should get
> up to the TCP and UDP port numbers.  (RFC 792 explicitly states
> that it assumes that higher level protocols have their port numbers
> in the first 64 bits).
> 			-David Borman

More information about the end2end-interest mailing list