git: d1f4b9ffabbc - main - pf: emit ICMPv6 packet too big for route-to

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 09 Apr 2025 19:30:42 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=d1f4b9ffabbcc2c29ab83435bd73b0670818bbd1

commit d1f4b9ffabbcc2c29ab83435bd73b0670818bbd1
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-04-09 12:38:39 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-04-09 19:30:17 +0000

    pf: emit ICMPv6 packet too big for route-to
    
    Based on OpenBSD's ae08e5b41d6 (by sashan <sashan@openbsd.org>). We already
    implemented most of this (i.e. the refragmenting) but we did not send the
    packet-too-big error.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf_norm.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
index 382f876234da..2dc4553bd4f4 100644
--- a/sys/netpfil/pf/pf_norm.c
+++ b/sys/netpfil/pf/pf_norm.c
@@ -43,6 +43,7 @@
 
 #include <net/if.h>
 #include <net/if_var.h>
+#include <net/if_private.h>
 #include <net/vnet.h>
 #include <net/pfvar.h>
 #include <net/if_pflog.h>
@@ -1051,7 +1052,13 @@ pf_refragment6(struct ifnet *ifp, struct mbuf **m0, struct m_tag *mtag,
 			dst.sin6_len = sizeof(dst);
 			dst.sin6_addr = hdr->ip6_dst;
 
-			nd6_output_ifp(rt, rt, m, &dst, NULL);
+			if (m->m_pkthdr.len <= if_getmtu(ifp)) {
+				nd6_output_ifp(rt, rt, m, &dst, NULL);
+			} else {
+				in6_ifstat_inc(ifp, ifs6_in_toobig);
+				icmp6_error(m, ICMP6_PACKET_TOO_BIG, 0,
+				    if_getmtu(ifp));
+			}
 		} else if (forward) {
 			MPASS(m->m_pkthdr.rcvif != NULL);
 			ip6_forward(m, 0);