ip_is_tiny_fragment is non-zero if the packet is a formally correct yet anomalous fragment that is called a ``tiny fragment'' (further details can be found in [RFC1858] and [RFC3128]). Tiny fragments are sometimes abused to bypass firewalls using classification by transport layer headers.
The macro not_ip_is_tiny_fragment is the negation of ip_is_tiny_fragment.
Note that the test for tiny fragments is typically an expensive operation, so performance degradation may occur when including ip_is_tiny_fragment or not_ip_is_tiny_fragment in a classifier.