next up previous contents
Next: IP options Up: Idiomatic constructs Previous: Fragments   Contents

Tiny fragments

ip_is_tiny_fragment is non-zero if the packet is a formally correct yet anomalous fragment that is called a ``tiny fragment'' (further details can be found in [RFC1858] and [RFC3128]). Tiny fragments are sometimes abused to bypass firewalls using classification by transport layer headers.

The macro not_ip_is_tiny_fragment is the negation of ip_is_tiny_fragment.

Note that the test for tiny fragments is typically an expensive operation, so performance degradation may occur when including ip_is_tiny_fragment or not_ip_is_tiny_fragment in a classifier.

Martin A. Brown 2003-11-06