TCP handshake for decrypted traffic disables IP fragmentation

common/src/packet_construct.cpp

@@ -218,7 +218,7 @@ int ipv4_header_construct(char *buffer, uint16_t carry_layer_len, struct in_addr
     ip_hdr->tos = tos;
     ip_hdr->tot_len = htons(sizeof(struct iphdr) + carry_layer_len);
     ip_hdr->id = htons(id);
-    ip_hdr->frag_off = 0;
+    ip_hdr->frag_off = htons(frag);
     ip_hdr->ttl = ttl;
     ip_hdr->protocol = protocol;
     ip_hdr->check = 0;
@@ -334,7 +334,7 @@ int tcp_packet_v4_construct(
 
     // IPv4 Header
     u_char protocol = IPPROTO_TCP;
-    uint16_t frag = 0;
+    uint16_t frag = IP_DF;
     length += ipv4_header_construct(buffer + length, sizeof(struct tcphdr) + tcp_options_len + payload_len, src_addr, dst_addr, tos, id, frag, ttl, protocol);
 
     // TCP header and payload

common/src/tfe_packet_io.cpp

@@ -2001,6 +2001,14 @@ void handle_decryption_packet_from_tap(const char *data, int len, void *args)
 
     struct session_node *node = session_table_search_by_addr(thread->session_table, &inner_addr);
     if (node == NULL) {
+        if (thread->ref_acceptor_ctx->debug)
+        {
+            char *str = addr_tuple4_to_str(&inner_addr);
+            uint16_t ipid = raw_packet_parser_get_most_inner_ipid(&raw_parser);
+            TFE_LOG_ERROR(logger, "decypted packet from tap %s (ipid: %u) miss session table", str, ipid);
+            free(str);
+        }
+
         throughput_metrics_inc(&packet_io_fs->decrypt_rxdrop, 1, len);
         return;
     }
@@ -2082,7 +2090,7 @@ void handle_raw_packet_from_tap(const char *data, int len, void *args)
         {
             char *str = addr_tuple4_to_str(&inner_addr);
             uint16_t ipid = raw_packet_parser_get_most_inner_ipid(&raw_parser);
-            TFE_LOG_ERROR(logger, "packet from tap %s (ipid: %u) miss session table", str, ipid);
+            TFE_LOG_ERROR(logger, "raw packet from tap %s (ipid: %u) miss session table", str, ipid);
             free(str);
         }