Hi, According to pf.conf(5),
Currently, only IPv4 fragments are supported and IPv6 fragments are
blocked unconditionally.
This is a very serious limitation in some scenarios (e.g. IPsec, which can
use large udp packets for key exchange, or for tunnels inside low-mtu
tunnels).
Is this being worked on? The only thing I see in OpenBSD's CVS is that
some code was added years ago, and then was removed because it was
not completely ready (issues with jumbo frames, maybe?).
Regards,
--
Lionel
