Project

General

Profile

Actions
Copy link

Bug #16614

open

Connections from the firewall itself fail when packets are too big

Added by Marcos M about 5 hours ago. Updated about 4 hours ago.

Status:
Feedback
Priority:
Normal
Assignee:
Kristof Provost
Category:
Operating System
Target version:
2.9.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
26.03
Release Notes:
Default
Affected Version:
2.9.0
Affected Architecture:

Description

The firewall (pf) can receive packets that don't fit the interface MTU. This can happen when the packet should not be fragmented (e.g. with IPv6, or IPv4 flagged with DF) and TSO is enabled. When this happens for connections from the firewall itself the connection is terminated.

To reproduce, on the firewall run openssl s_client -connect '[2610:160:11:11::69]:443' -tls1_3. This results in the connection failing with the output write:errno=13.

Actions
Copy link
 #1

Updated by Marcos M about 4 hours ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Fixed with https://cgit.freebsd.org/src/commit/?id=2e7699355f08258365fb5f65d11ac297e20f78de

This will be picked up with the next upstream merge.

Actions
Copy link
 #2

Updated by Marcos M about 4 hours ago

  • Description updated (diff)
Actions
Copy link

Also available in: Atom PDF