I am transmitting UDP packets of say 2900 bytes. Due to fragmentation, packet is divided in 2 IP fragments. My tc u32 filter (more fragments bit and IP/PORT combination) matches only first fragment and second fragment is not matched.
How can I match the last fragment also using the filter. I am fine with either tc or iptables filter rul
You can't. Load the nf_conntrack_ipv4. This module defragments packets then your rule should work.
This is not true.
When pkt is sent locally, the nf_conntrack_ipv4 will not defrag pkt fragments. Because the hook NF_INET_LOCAL_OUT(where calls ipv4_conntrack_defrag) is before fragmentation happens.
If UFO or udp gso is enabled, tc filter will match the whole pkt(not the fragments). UDP port in tc filter is valid.
The fragments are matched if disabled. Udp port is in first fragment in most cases. So you can't match the second fragment with port, you can only use ip and protocol.
UFO and udp gso depend on you kernel version and nic(for UFO).
UFO kernel support is removed when kernel >=4.14
Udp gso is added when kernel >=4.18