[e2e] ICMP & TCP segments with IP ID = 0?

Andi Kleen ak at muc.de
Thu May 17 03:46:29 PDT 2001


On Thu, May 17, 2001 at 09:04:37AM +0200, Jon Crowcroft wrote:
> but yes, i can think of lots of optimisation/implementation reasons why
> zeroing out a packet template once per transport+ip session  
> is faster than yet another ++ operation per packet

The main problem is that userbase today wants secure ipid, not giving you cues
on how many packets have been sent in a time range, because that information
can be exploited by some theoretical and also some practical attacks.
Generating "secure" ipid can be very costly. 

In addition the classic global ipid counter is a contended global resource 
on a multiprocessor stack, and maintaining it per destination also has its
problems.

-Andi




More information about the end2end-interest mailing list