1 | initial version |
The packet capture was done on the server itself and I was suspecting "Large Segment Offloading" to silently split these packet into MTU size ones.
That's probably what's happening.
But is it allowed to do so with DF set?
Yes.
TCP segmentation/desegmentation offloading is different from IP fragmentation; the DF bit is an IP-layer bit, saying "do not carve this IP datagram into multiple IP fragments".
TCP segmentation is the dividing of a chunk of bytes into multiple TCP segments, each of which is put into a single IP datagram; those datagrams will be MTU-sized. TCP segmentation offloading means that the host can send a large chunk of bytes - too large to fit into a single MTU-sized IP datagram - to the network adapter, and the adapter will send it out as multiple TCP segments. That single large chunk of bytes might be supplied to the capture mechanism as a single packet, but that doesn't mean it went out on the network as a single datagram.
TCP desegmentation is the reassembly of TCP segments into a single chunk of bytes to be provided to the code reading from the socket. TCP desegmentation offloading means that the adapter reassembles multiple TCP segments into a single chunk of bytes and hands that chunk to the host as a single packet. That single packet might be too large to go over the network in a single datagram, but that doesn't mean it did go over the network in a single datagram.