[Bug 292512] ipdivert passes outgoing packets that exceed MTU

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 292512] ipdivert passes outgoing packets that exceed MTU"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 292512] ipdivert passes outgoing packets that exceed MTU"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 16 Jan 2026 19:46:05 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292512

            Bug ID: 292512
           Summary: ipdivert passes outgoing packets that exceed MTU
           Product: Base System
           Version: 15.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: k@vodka.home.kg

I use dvtws2 tool from https://github.com/bol-van/zapret2
FreeBSD 15 running in vmware. Ethernet is configured with vmxnet3 adapter
curl compiled against openssl 3.5.4 - supports kyber crypto, sends 2 segment
tls client hello. first segment is MSS/MTU full

ipfw add 100 divert 989 tcp from any to any 443 out not diverted xmit vmx0
dvtws2 --port 989 --debug
curl https://vk.com

packet: id=0 len=60 ifin= ifout=unknown
IP4: 192.168.1.2 => 87.240.132.78 proto=tcp ttl=64 sport=63331 dport=443
flags=S 

packet: id=1 len=52 ifin= ifout=unknown
IP4: 192.168.1.2 => 87.240.132.78 proto=tcp ttl=64 sport=63331 dport=443
flags=A 

packet: id=2 len=1609 ifin= ifout=unknown

????

Divert socket receives packet that cannot be reinjected. Attempt to reinject it
causes error "packet too long"

I also experienced multiple kernel panics related to network activity

If switched to e1000 - ipdivert works as expected.

-- 
You are receiving this mail because:
You are the assignee for the bug.