Why Scapy recalculates fragmentation size?

Question

I am trying to fragment 120 bytes IP payload by 100 bytes. However, in output I got two packets one with 138 bytes and other with 50 bytes (Ethernet and IP header size are 14 and 20 bytes respectively). In first packet data offset starts from 0 to 103 and for second packet data offset starts from 104 to 119. Firstly I cannot understand why it works in this way. In order to understand I tried to look to source of defined fragment function in layers/inet.py line 552.

Scapy recalculates fragmentation size as follows:

    def fragment(self, fragsize=1480):
        """Fragment IP datagrams"""
        fragsize = (fragsize + 7) // 8 * 8  # <- RECALCULATION OF FRAGMENT SIZE
        lst = []
        fnb = 0
        fl = self
        while fl.underlayer is not None:
            fnb += 1
            fl = fl.underlayer

        for p in fl:
            s = raw(p[fnb].payload)
            nb = (len(s) + fragsize - 1) // fragsize
            for i in range(nb):
                q = p.copy()
                del(q[fnb].payload)
                del(q[fnb].chksum)
                del(q[fnb].len)
                if i != nb - 1:
                    q[fnb].flags |= 1
                q[fnb].frag += i * fragsize // 8
                r = conf.raw_layer(load=s[i * fragsize:(i + 1) * fragsize])
                r.overload_fields = p[fnb].payload.overload_fields.copy()
                q.add_payload(r)
                lst.append(q)
        return lst

Can somebody explain why it is doing so?

N.B:

• Ethernet header size 14 byte
• IPv4 header size 20 byte

Answer 1

See https://github.com/secdev/scapy/issues/2424#issuecomment-576879663

From https://www.rfc-editor.org/rfc/rfc791#section-3.2 (page 25, top):

If an internet datagram is fragmented, its data portion must be broken on 8 octet boundaries.

To answer your question, fragment size must be a multiple of 8. 104 is a multiple of 8, not 100