Date: Fri, 16 Jan 2026 19:46:05 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 292512] ipdivert passes outgoing packets that exceed MTU Message-ID: <bug-292512-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292512 Bug ID: 292512 Summary: ipdivert passes outgoing packets that exceed MTU Product: Base System Version: 15.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: k@vodka.home.kg I use dvtws2 tool from https://github.com/bol-van/zapret2 FreeBSD 15 running in vmware. Ethernet is configured with vmxnet3 adapter curl compiled against openssl 3.5.4 - supports kyber crypto, sends 2 segment tls client hello. first segment is MSS/MTU full ipfw add 100 divert 989 tcp from any to any 443 out not diverted xmit vmx0 dvtws2 --port 989 --debug curl https://vk.com packet: id=0 len=60 ifin= ifout=unknown IP4: 192.168.1.2 => 87.240.132.78 proto=tcp ttl=64 sport=63331 dport=443 flags=S packet: id=1 len=52 ifin= ifout=unknown IP4: 192.168.1.2 => 87.240.132.78 proto=tcp ttl=64 sport=63331 dport=443 flags=A packet: id=2 len=1609 ifin= ifout=unknown ???? Divert socket receives packet that cannot be reinjected. Attempt to reinject it causes error "packet too long" I also experienced multiple kernel panics related to network activity If switched to e1000 - ipdivert works as expected. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-292512-227>