From d1f4b9ffabbcc2c29ab83435bd73b0670818bbd1 Mon Sep 17 00:00:00 2001
From: Kristof Provost <kp@FreeBSD.org>
Date: Wed, 9 Apr 2025 14:38:39 +0200
Subject: [PATCH] pf: emit ICMPv6 packet too big for route-to

Based on OpenBSD's ae08e5b41d6 (by sashan <sashan@openbsd.org>). We already
implemented most of this (i.e. the refragmenting) but we did not send the
packet-too-big error.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf_norm.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
index 382f876234d..2dc4553bd4f 100644
--- a/sys/netpfil/pf/pf_norm.c
+++ b/sys/netpfil/pf/pf_norm.c
@@ -43,6 +43,7 @@
 
 #include <net/if.h>
 #include <net/if_var.h>
+#include <net/if_private.h>
 #include <net/vnet.h>
 #include <net/pfvar.h>
 #include <net/if_pflog.h>
@@ -1051,7 +1052,13 @@ pf_refragment6(struct ifnet *ifp, struct mbuf **m0, struct m_tag *mtag,
 			dst.sin6_len = sizeof(dst);
 			dst.sin6_addr = hdr->ip6_dst;
 
-			nd6_output_ifp(rt, rt, m, &dst, NULL);
+			if (m->m_pkthdr.len <= if_getmtu(ifp)) {
+				nd6_output_ifp(rt, rt, m, &dst, NULL);
+			} else {
+				in6_ifstat_inc(ifp, ifs6_in_toobig);
+				icmp6_error(m, ICMP6_PACKET_TOO_BIG, 0,
+				    if_getmtu(ifp));
+			}
 		} else if (forward) {
 			MPASS(m->m_pkthdr.rcvif != NULL);
 			ip6_forward(m, 0);