The following reply was made to PR kern/32444; it has been noted by GNATS.

From: "mihai.chelaru" <mihai.chelaru@girsa.ro>
To: <gnats-bugs@netbsd.org>
Cc: <imago@13thmonkey.org>
Subject: Re: kern/32444: Small packets are dropped by IPfilter
Date: Tue, 3 Jan 2006 15:28:45 +0200

 > "ping -s X" works for X=[0..1472], fails for X=[1473..1479], then works 
 > again for X=[1480..]
 > 
 
 This is very strange:
 
 Here is ping -s 1473 on a 1500 MTU interface:
 
 15:15:35.637123 00:0b:cd:1b:8a:3f > 00:07:b3:58:0f:91, ethertype IPv4
 (0x0800), length 1514: IP (tos 0x0, ttl 255, id 22764, offset 0, flags [+],
 length: 1500) x.x.x.x > y.y.y.y: icmp 1480: echo request seq 553
 15:15:35.637126 00:0b:cd:1b:8a:3f > 00:07:b3:58:0f:91, ethertype IPv4
 (0x0800), length 35: IP (tos 0x0, ttl 255, id 22764, offset 1480, flags
 [none], length: 21) x.x.x.x > y.y.y.y: icmp
 
 So, length of the IP packet in fragment is 21 (20 from header + 1 from
 payload). But RFC791 says: "and the minimum fragment is 8 octets." (page
 25). Why does it trasmits only 1 byte ? I don't know. I think ipfilter does
 a sanity check and drops that frame. But shouldn't this be avoided in IP
 stack ?
 
 -- 
 Mihai