Hi,

Sending IPv6 fragments over a bridge with pf does not work.  During
input pf reassembles the packet, and at bridge output it should be
refragmented.  This is only done for PF_FWD directions, but bridge(4)
and veb(4) always call pf_test() with PF_OUT.

ok?

bluhm

Index: net/if_bridge.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_bridge.c,v
diff -u -p -r1.370 if_bridge.c
--- net/if_bridge.c	14 Apr 2024 20:46:27 -0000	1.370
+++ net/if_bridge.c	5 Aug 2024 09:40:26 -0000
@@ -70,7 +70,7 @@
 #if NPF > 0
 #include <net/pfvar.h>
 #define	BRIDGE_IN	PF_IN
-#define	BRIDGE_OUT	PF_OUT
+#define	BRIDGE_OUT	PF_FWD
 #else
 #define	BRIDGE_IN	0
 #define	BRIDGE_OUT	1
Index: net/if_veb.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_veb.c,v
diff -u -p -r1.35 if_veb.c
--- net/if_veb.c	13 Feb 2024 12:22:09 -0000	1.35
+++ net/if_veb.c	5 Aug 2024 09:40:26 -0000
@@ -944,7 +944,7 @@ veb_broadcast(struct veb_softc *sc, stru
 	 * let pf look at it, but use the veb interface as a proxy.
 	 */
 	if (ISSET(ifp->if_flags, IFF_LINK1) &&
-	    (m0 = veb_pf(ifp, PF_OUT, m0)) == NULL)
+	    (m0 = veb_pf(ifp, PF_FWD, m0)) == NULL)
 		return;
 #endif
 
@@ -1039,7 +1039,7 @@ veb_transmit(struct veb_softc *sc, struc
 
 #if NPF > 0
 	if (ISSET(ifp->if_flags, IFF_LINK1) &&
-	    (m = veb_pf(ifp0, PF_OUT, m)) == NULL)
+	    (m = veb_pf(ifp0, PF_FWD, m)) == NULL)
 		return (NULL);
 #endif