From 249bc5f3a3c1084829b0c73fcd806a889884ba61 Mon Sep 17 00:00:00 2001
From: bluhm <bluhm@openbsd.org>
Date: Sun, 13 Jul 2014 17:41:04 +0000
Subject: [PATCH] When reassembled IPv6 fragments are NATed or RDRed by pf, the
 checksum has to be recalculated before the packet is fragmented again.  Put a
 missing in6_proto_cksum_out() into pf_refragment6(). This makes
 run-regress-frag6 and run-regress-frag6-ext pass again. From Matthias Pitzl;
 OK henning@

---
 sys/net/pf_norm.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index f0342fc7191..0601fe2c794 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_norm.c,v 1.165 2014/03/27 12:07:48 jca Exp $ */
+/*	$OpenBSD: pf_norm.c,v 1.166 2014/07/13 17:41:04 bluhm Exp $ */
 
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -703,6 +703,9 @@ pf_refragment6(struct mbuf **m0, struct m_tag *mtag, int dir)
 	mtag = NULL;
 	ftag = NULL;
 
+	/* Checksum must be calculated for the whole packet */
+	in6_proto_cksum_out(m, NULL);
+
 	if (extoff) {
 		int off;
 
-- 
2.20.1