[e2e] ICMP & TCP segments with IP ID = 0?
Andi Kleen
ak at muc.de
Thu May 17 03:46:29 PDT 2001
On Thu, May 17, 2001 at 09:04:37AM +0200, Jon Crowcroft wrote:
> but yes, i can think of lots of optimisation/implementation reasons why
> zeroing out a packet template once per transport+ip session
> is faster than yet another ++ operation per packet
The main problem is that userbase today wants secure ipid, not giving you cues
on how many packets have been sent in a time range, because that information
can be exploited by some theoretical and also some practical attacks.
Generating "secure" ipid can be very costly.
In addition the classic global ipid counter is a contended global resource
on a multiprocessor stack, and maintaining it per destination also has its
problems.
-Andi
More information about the end2end-interest
mailing list