Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ip-fragmentation]

23 questions
22
votes
3 answers

OpenVPN: How to mitigate path MTU issues on a per-client basis?

We have dozens of embedded devices installed at customers, all calling home to our OpenVPN service. That works fine in general, but a few of our customers have severe path MTU issues. Our influence on the customers to fix their networks is limited,…
Nils Toedtmann
  • 3,202
  • 5
  • 25
  • 36
14
votes
1 answer

Why is the "don't fragment" flag set in https and ssh protocols?

I've found a lot of information specifying that this is the case, however, I am really looking for the reason behind this. Why is it necessary? Is it necessary?
Aiden Thompson
  • 243
  • 1
  • 2
  • 5
10
votes
1 answer

Why is iptables rejecting the second and subsequent fragments of an allowed packet?

I have two hosts which are attempting to set up an IPSec connection with each other. For this they have to communicate on UDP ports 500 and 4500, so I opened them in the firewalls on both ends (shown in relevant part): -A INPUT -m state --state…
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
4
votes
2 answers

Matching last fragment of IP packets using tc or ipfilter

I am transmitting UDP packets of say 2900 bytes. Due to fragmentation, packet is divided in 2 IP fragments. My tc u32 filter (more fragments bit and IP/PORT combination) matches only first fragment and second fragment is not matched. How can I…
Pritesh
  • 41
  • 1
3
votes
0 answers

Does netfilter reassemble IP fragments when packet is forwarded?

IP datagram should be reassemble in the termination of the path because the fragments may arrive from different paths. I think Netfilter need to reassemble a IP datagram to inspect the whole payload to see if it matchs a given filter rule (I am…
MABC
  • 203
  • 1
  • 5
  • 11
3
votes
1 answer

Does Windows XP automatically reassemble UDP fragments?

I've got a Windows application that receives and processes XML messages transmitted via UDP. The application collects the data using Windows "raw" sockets, so the entire layer 3 packet is visible. We've recently run across a problem that has me…
Matt Davis
  • 133
  • 1
  • 1
  • 5
3
votes
1 answer

IP segmentation occouring at irregular boundaries

I have an IP packet of header length of 20 Bytes and data length of 4096 Bytes. The maximum transfer unit of the network is only 1500 Bytes. As I understand fragmentation, the fragmented packet will look like below. FRAGMENT 1 will carry 0-1499…
liv2hak
  • 303
  • 4
  • 13
  • 25
3
votes
2 answers

seeing remote MTUs of 250 and 68. is this ever valid?

I'm seeing an ICMP storm from a mobile phone netblocks belonging to "TELEFONICA MOVILES". Periodically we will get upwards of 5 million in a few seconds, all something like this: 08:12:05.740781 IP (tos 0x0, ttl 112, id 40224, offset 0, flags…
cjp
  • 208
  • 1
  • 6
2
votes
0 answers

Forwarding Fragments with IPTables / FirewallD

I have a linux (openSuse Leap 15.0) computer that's connected to a cable modem using PPoE (hopefully not relevant to this. EDIT the ppp0 interface has an mtu of 1492 but the eth0 interface it is "bound" to - I don't understand exactly how this…
andrew cooke
  • 121
  • 2
1
vote
0 answers

How to selectively disable IP reassembly?

The diagram below depicts a scenario that involves aggregation of three slow channel throughputs over a WAN. A fast host on a WAN (@ 54.239.98.8) is communicating with a host on a LAN (@ 192.168.0.100) which is connected via three slow channels to…
George Robinson
  • 155
  • 6
1
vote
1 answer

VPN problems: MTU and Don't-Fragment

I am setting up a VPN on Ubuntu 14.04LTS which uses IPSEC and performs NAT for clients. It is basically working - I can connect to it from a clinet (Android device) and browse (for example) www.google.com. However I cannot browse www.bbc.co.uk. …
Mark Smith
  • 161
  • 1
  • 1
  • 7
1
vote
3 answers

Implementing IP fragmentation

I'm working on an application that does network traffic generation. The application has eth1 in promiscous mode. So it directly handles all incoming and outgoing traffic. One of the features I'm implementing is IP fragmentation and defragmentation.…
StackedCrooked
  • 1,317
  • 2
  • 13
  • 22
1
vote
0 answers

Will the raw table ever receive fragmented IP packets?

Assume the conntrack module is loaded (thus nf_defrag_ipv4 is loaded). Will there ever be a situation in which the raw table receives a fragmented packet? In particular, will a BPF rule (loaded through xt_bpf) like this ever return true? ldh…
forest
  • 163
  • 10
1
vote
1 answer

forwarded TCP traffic is refragmented on Linux despite the "Don't fragment" flag

We have 2 VPN servers at the same hoster. The servers are virtual and they have different Linux distros. The VPN clients establish https connections to the same Amazon EC2 server. The TCP packets from EC2 always have the "Don't fragment" flag…
basin
  • 548
  • 1
  • 3
  • 20
0
votes
0 answers

TCP Retransmissions when packets exceed 1500+

I am currently trying to communicate using NMOS protocol over my network. This is a /30 network. The issue I am seeing is that when I send an http request from my computer to my device over the network the response will be "lost" if the packet size…
RAZ_Muh_Taz
  • 105
  • 1
  • 7
1
2