https://bugs.linaro.org/show_bug.cgi?id=4014
--- Comment #3 from Janne Peltonen <[email protected]> --- RFC 791 and RFC 6864 specify uniqueness criteria for the IP ID field. Those criteria have to be met also with IPsec even if IPsec RFCs do not say so explicitly. Now an IP host/router implementation that is using ODP and ODP IPsec may end up sending two AH or ESP packets (one transport mode packet, one tunnel mode packet) with the same source and destination and with the same IP ID value very close to each other. This is wrong and can prevent successful reassembly of those packets if they get fragmented. To put it in another way, an IP endpoint cannot generate the IP ID value independently for different packets that have the same (source, destination, protocol) -tuple, but that is what now happens with ODP. -- You are receiving this mail because: You are on the CC list for the bug.
