I'm not sure, but you can probably just capture all ip fragments and do a second pass with something later?
When I was running a webserver with worldwide audience and 40+ Gbps traffic (most of that was our apk though), I saw no more than a couple fragments per second; unless there was some UDP reflection DDoS going on and I was getting fragments from that.
Lots of high profile sites don't even accept ip fragmentation because it's too costly to deal with.
When I was running a webserver with worldwide audience and 40+ Gbps traffic (most of that was our apk though), I saw no more than a couple fragments per second; unless there was some UDP reflection DDoS going on and I was getting fragments from that.
Lots of high profile sites don't even accept ip fragmentation because it's too costly to deal with.