How to reproduce: $ pasta --config-net # ping <gw address> -s 65493 Expected results: ping success fully Actual results: Replies are truncated 65496 bytes from 192.168.17.1: icmp_seq=1 ttl=255 (truncated) Further info: Ping sizes of 65492 and less bytes appear to work correctly. Ping sizes from 65493..65507 bytes inclusive should work, but appear to be truncated. It looks like they might be dropped entirely with passt (rather than pasta). Ping sizes 65508 and up are bigger than the maximum theoretical IPv4 ping size (the packet size with headers exceeds 65535 bytes), and fail as expected.
Ok, I've investigated this, and it appears to be a consequence of the fact that we don't handle IP fragmentation. ping -s 65492 is the largest ping size which can be sent unfragmented with our guest-side MTU of 65520 bytes. Beyond that the ping in the guest is fragmented, and because we don't handle defragmentation in passt/pasta, we only forward the contents of the first fragment to the ping socket, so the reply comes back similarly truncated.
The fix I've posted for bug 62 means this will now give a warning message while dropping the packet, rather the silently misbehaving.