The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=d1f4b9ffabbcc2c29ab83435bd73b0670818bbd1
commit d1f4b9ffabbcc2c29ab83435bd73b0670818bbd1
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-04-09 12:38:39 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-04-09 19:30:17 +0000
pf: emit ICMPv6 packet too big for route-to
Based on OpenBSD's ae08e5b41d6 (by sashan <sas...@openbsd.org>). We already
implemented most of this (i.e. the refragmenting) but we did not send the
packet-too-big error.
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf_norm.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
index 382f876234da..2dc4553bd4f4 100644
--- a/sys/netpfil/pf/pf_norm.c
+++ b/sys/netpfil/pf/pf_norm.c
@@ -43,6 +43,7 @@
#include <net/if.h>
#include <net/if_var.h>
+#include <net/if_private.h>
#include <net/vnet.h>
#include <net/pfvar.h>
#include <net/if_pflog.h>
@@ -1051,7 +1052,13 @@ pf_refragment6(struct ifnet *ifp, struct mbuf **m0,
struct m_tag *mtag,
dst.sin6_len = sizeof(dst);
dst.sin6_addr = hdr->ip6_dst;
- nd6_output_ifp(rt, rt, m, &dst, NULL);
+ if (m->m_pkthdr.len <= if_getmtu(ifp)) {
+ nd6_output_ifp(rt, rt, m, &dst, NULL);
+ } else {
+ in6_ifstat_inc(ifp, ifs6_in_toobig);
+ icmp6_error(m, ICMP6_PACKET_TOO_BIG, 0,
+ if_getmtu(ifp));
+ }
} else if (forward) {
MPASS(m->m_pkthdr.rcvif != NULL);
ip6_forward(m, 0);
