From 197cc07eeda5a8f2c7308c6e923d260e1880d587 Mon Sep 17 00:00:00 2001
From: bluhm <bluhm@openbsd.org>
Date: Wed, 7 Jun 2017 20:09:07 +0000
Subject: [PATCH] To test IPv6 fragements with extension header, the pf pass
 rules need an allow-opts.  Otherwise pf blocks packets with option header.

---
 regress/sys/net/pf_fragment/pf.conf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/regress/sys/net/pf_fragment/pf.conf b/regress/sys/net/pf_fragment/pf.conf
index 15c8a6635c8..ca761d20993 100644
--- a/regress/sys/net/pf_fragment/pf.conf
+++ b/regress/sys/net/pf_fragment/pf.conf
@@ -1,9 +1,9 @@
 # pf on PF must have these rules in the regress anchor
 
-pass to { $PF_IN/24 $PF_IN6/64 }
-pass to { $RT_IN/24 $RT_IN6/64 }
-pass to { $ECO_IN/24 $ECO_IN6/64 }
-pass to { $RDR_IN/24 $RDR_IN6/64 }
+pass to { $PF_IN/24 $PF_IN6/64 }   allow-opts
+pass to { $RT_IN/24 $RT_IN6/64 }   allow-opts
+pass to { $ECO_IN/24 $ECO_IN6/64 } allow-opts
+pass to { $RDR_IN/24 $RDR_IN6/64 } allow-opts
 
 pass in  to $RDR_IN/24  rdr-to $ECO_IN  allow-opts tag rdr
 pass out                nat-to $PF_OUT  allow-opts tagged rdr
-- 
2.20.1