1

Suppose that I want to send a very large chunk of data using IP, and that the data gets fragmented into 100 IP datagrams.

By the time I have sent the first 90 datagrams, I realise that I would like to tweak a few bits in the payload of the 3rd datagram. Is it possible to send an "amendment" to the 3rd datagram before sending the last 10 datagrams, avoiding me a resend of the initial 90 datagrams?

Part of the reason I ask is that this RCF says (see page 1):

[a new fragment] may overlap with existing fragments

Randomblue
  • 1,165
  • 5
  • 16
  • 33
  • If you're somehow getting 100 _fragments_ instead of 100 _packets_, some of which may be fragmented along the way, then something is seriously wrong with your setup (or you're attempting to attack the destination site). Don't do either of these. – Michael Hampton Oct 29 '12 at 14:13
  • I'm trying to optimise financial transactions for latency. No attacking. :) – Randomblue Oct 29 '12 at 14:19
  • In principle this should work but why you want to know this? You only send fragments in TCP when your TCP payload is larger than the MTU of the link you are traversing (assuming Ethernet). In such a case, data from an application has passed down the OSI stack, its now being transmitted, the only need to change something in a previous fragment would be the result of an application level error (in my oppinion), transmiting incorrect data, so I would change that first. Also, how will you know the data you have just sent was fragmented? The application in user-land is typically unaware? – jwbensley Oct 29 '12 at 15:13
  • No. I have Ethernet frame level control, using FPGAs. I can fragment TCP fragments at will. – Randomblue Oct 29 '12 at 15:29

1 Answers1

2

This absolutely can happen in practice but it's often part of an attack or detection evasion technique. I've not heard of anyone using it to correct previously sent data as you suggest, though it may be possible.

Here's a specific attack that I've come across http://www.slideshare.net/michelemanzotti/attacking-ipv6-implementation-using-fragmentation

and here's wiki on the technique: https://en.wikipedia.org/wiki/IP_fragmentation_attacks

This is the manual page in the Snort IDS about the preprocessor frag3 that looks for frag attacks: http://manual.snort.org/node17.html#SECTION00321000000000000000

adric
  • 531
  • 2
  • 7
  • I would be interested in using this for TCP, as opposed to UDP. – Randomblue Oct 29 '12 at 12:52
  • Oh sorry I misunderstood you. The techniques all work with any IP protocol (ICMP, TCP, UDP, etc) and I've removed the line about UDP for clarity. – adric Oct 30 '12 at 14:16