I used Wireshark to grab the packet and found that the TLS frame was longer than 1500

  linux, question

Recently, I used the netfilter framework to do some things, and found that the length of the ip header obtained was greater than 1500. I thought the IP packet would merge after netfilter because of the linux protocol stack.
Until I used wireshark, I found that some frames were indeed longer than MTU.

As shown in the figure:

1670 frames, look at MAC frame header frame length 4209bytes, IP packet length 4195bytes.
Reason: Since the MAC frame header indicates that there are so many frames in length, then this frame should be transmitted in Ethernet with this length.
But why?

http://packetbomb.com/how-can …
https://ask.wireshark.org/que …
Transmission over the network must not exceed MTU.