lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4ACCABE0.2070804@gmail.com>
Date:	Wed, 07 Oct 2009 16:55:28 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	thomas yang <lampsu@...il.com>
CC:	netdev@...r.kernel.org
Subject: Re: IP header identification field is zero, why?

thomas yang a écrit :
> This is captured on my PC (Fedora 11, Linux)
> 
> [root@...alhost ~]# tcpdump -i eth1 icmp -n -x
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
> 17:02:39.025882 IP 192.168.1.64 > 192.168.1.1: ICMP echo request, id
> 25096, seq 1, length 64
> 	0x0000:  4500 0054 0000 4000 4001 b717 c0a8 0140
> ......
> 17:02:39.027866 IP 192.168.1.64 > 192.168.1.1: ICMP echo request, id
> 25096, seq 2, length 64
> 	0x0000:  4500 0054 0000 4000
> 
> The  IP header 'identification' field is zero, why?
> 
> I wrote a simple UDP server and UDP client programs, and captured some
> packets, the IP identification is also zero.
> 
> Should the host increase this field for each packet it sends?
> 
> 
> I captured some TCP packets, all of the IP identification are
> different, not zero.
> 

Very good questions, this bothered me too.


ping sends "echo request" datagrams with DF set (Dont Fragment),
and ID=0, this is a user program building a packet from scratch.

When linux replies with a "echo reply", DF is not set and an ID is included
in the answer, increasing at each packet.

About your UDP tests, DF is automatically set, and
I believe ID on DF frames is generated only for connected sockets.

cf include/net/ip.h

static inline void ip_select_ident(struct iphdr *iph, struct dst_entry *dst, struct sock *sk)
{
        if (iph->frag_off & htons(IP_DF)) {
                /* This is only to work around buggy Windows95/2000
                 * VJ compression implementations.  If the ID field
                 * does not change, they drop every other packet in
                 * a TCP stream using header compression.
                 */
                iph->id = (sk && inet_sk(sk)->daddr) ?
                                        htons(inet_sk(sk)->id++) : 0;
        } else
                __ip_select_ident(iph, dst, 0);
}

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ