[ndbug] Question regarding PF scrub

Philip Paeps philip at trouble.is
Thu Dec 22 20:55:22 PST 2016

On 2016-12-22 18:37:36 (+0530), Hrishikesh Murukkathampoondi 
<hrishim at gmail.com> wrote:
> I am not familiar with TCP/IP or other protocols so I do not
> understand what the manual says.

You will find it a lot easier to deal with packet filters if you improve
your understanding of the protocols.  I can recommend getting your hands
on a copy of "TCP/IP Illustrated, Volume 1".  But even just reading the
descriptions of TCP and IP on Wikipedia will be helpful.

> Questions:
> 1. What are fragmented packets? I am guessing these are large data
> packets that are broken down into smaller ones

Correct.  A link-layer protocol like Ethernet has limits on how much
data can fit in a packet.  IP can fragment packets into smaller packets
that will fit on the wire.

> 2. From this link https://tools.ietf.org/html/rfc6864 I am guessing
> that the  IPv4 identification field is used for managing fragmentation
> and re-assembly of packets. If this field is set to a random value how
> will the reassembler know the correct order of packets?

The identification field is not used for reassembly.  The reassembler
can determine the correct ordering of the packets from the fragment
offset.  Moreover, most IP implementations will do their best to avoid
out-of-order delivery.

There are very few actual use cases for the identification field in the
IP header.  Most of them are related to quality of service.

> 3. What is segment size? Why should it be limited?

It's the size of a TCP segment that goes in an IP packet.  You can avoid
IP fragmentation by ensuring that the MSS plus the IP header fits in one


Philip Paeps
Senior Reality Engineer
Ministry of Information

More information about the talk mailing list