Bug #16614: Connections from the firewall itself fail when packets are too big - pfSense - pfSense bugtracker

Actions

Copy link

Bug #16614

open

Connections from the firewall itself fail when packets are too big

Added by Marcos M about 5 hours ago. Updated about 4 hours ago.

Status:

Feedback

Priority:

Normal

Assignee:

Kristof Provost

Category:

Operating System

Target version:

2.9.0

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

26.03

Release Notes:

Default

Affected Version:

2.9.0

Affected Architecture:

Description

The firewall (pf) can receive packets that don't fit the interface MTU. This can happen when the packet should not be fragmented (e.g. with IPv6, or IPv4 flagged with DF) and TSO is enabled. When this happens for connections from the firewall itself the connection is terminated.

To reproduce, on the firewall run openssl s_client -connect '[2610:160:11:11::69]:443' -tls1_3. This results in the connection failing with the output write:errno=13.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #16614

Connections from the firewall itself fail when packets are too big

Updated by Marcos M about 4 hours ago

Updated by Marcos M about 4 hours ago