From: bluhm <bluhm@openbsd.org>
Date: Wed, 7 Jun 2017 20:09:07 +0000 (+0000)
Subject: To test IPv6 fragements with extension header, the pf pass rules
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=197cc07eeda5a8f2c7308c6e923d260e1880d587;p=openbsd

To test IPv6 fragements with extension header, the pf pass rules
need an allow-opts.  Otherwise pf blocks packets with option header.
---

diff --git a/regress/sys/net/pf_fragment/pf.conf b/regress/sys/net/pf_fragment/pf.conf
index 15c8a6635c8..ca761d20993 100644
--- a/regress/sys/net/pf_fragment/pf.conf
+++ b/regress/sys/net/pf_fragment/pf.conf
@@ -1,9 +1,9 @@
 # pf on PF must have these rules in the regress anchor
 
-pass to { $PF_IN/24 $PF_IN6/64 }
-pass to { $RT_IN/24 $RT_IN6/64 }
-pass to { $ECO_IN/24 $ECO_IN6/64 }
-pass to { $RDR_IN/24 $RDR_IN6/64 }
+pass to { $PF_IN/24 $PF_IN6/64 }   allow-opts
+pass to { $RT_IN/24 $RT_IN6/64 }   allow-opts
+pass to { $ECO_IN/24 $ECO_IN6/64 } allow-opts
+pass to { $RDR_IN/24 $RDR_IN6/64 } allow-opts
 
 pass in  to $RDR_IN/24  rdr-to $ECO_IN  allow-opts tag rdr
 pass out                nat-to $PF_OUT  allow-opts tagged rdr