I have a stateless firewall (nft) which drops ip.len>1500 input ethernet frames. therefore you see TCP flow control with resend data.
filter the wireshark trace with "ip.len>1500" all the input ethernet frames (destination ipv4 10.0.0.2) seen in wireshark trace are dropped in nft filter hook ingress. filter the tcp connection. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-hwe-6.5 in Ubuntu. https://bugs.launchpad.net/bugs/2049993 Title: tcp has MSS=1460, but TLSv1.3 payload is overshooting maximum segment size Status in linux-hwe-6.5 package in Ubuntu: New Bug description: a wireshark trace will follow. filter for "ip.len>1500" in the wireshark trace ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: linux-modules-6.5.0-14-generic 6.5.0-14.14~22.04.1 ProcVersionSignature: Ubuntu 6.5.0-14.14~22.04.1-generic 6.5.3 Uname: Linux 6.5.0-14-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sun Jan 21 08:41:18 2024 Dependencies: InstallationDate: Installed on 2022-05-31 (599 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) SourcePackage: linux-hwe-6.5 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-hwe-6.5/+bug/2049993/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
