In message <26293.1060693013@munnari.OZ.AU>Robert Elz writes
[...]

>I did a quick test - sent large pings from a system with a fairly high
>performance 100Mbps ethernet to the wi device (via an AP on the 100Mb
>LAN of course).
>
>I got no loss at all with anything up to 19 fragments generated.
>Go to the 20th fragment, and from that point on, no answers at all.

Which is one good way of launching a denial-of-service attack. :-/.

I've heard, repeatedly and from reliable sources, that RH Linux 7.x
shows similar behaviour with certain Fast Ethernet NICs will routinely
drop part of an outbound NFS RPC (e.g., for an NFS write) , before the
RPC even hits the wire. Given a campus full of such systems, central
fileservers can quickly reach severe packet-buffer congestion.

The only good fix is a multiplicative-decrease filter on the IP
reasembly queue. I've had one half-done for months, along with a
hash-based reassembly queue (very useful for NFS servers with hundreds
of "slow" NFS clients). I will try to it up and post it for review.