Bug #16614
Updated by Marcos M about 4 hours ago
The firewall (pf) can receive packets that don't fit the interface MTU. This can happen when the packet should not be fragmented (e.g. with IPv6, IPv6 or IPv4 flagged with DF) and TSO is enabled. When this happens for connections from the firewall itself the connection is terminated. To reproduce, on the firewall run @openssl s_client -connect '[2610:160:11:11::69]:443' -tls1_3@. This results in the connection failing with the output @write:errno=13@.