diff --git a/etc/mtree/BSD.tests.dist b/etc/mtree/BSD.tests.dist
index d9f4897e026e..7383d50be466 100644
--- a/etc/mtree/BSD.tests.dist
+++ b/etc/mtree/BSD.tests.dist
@@ -792,6 +792,10 @@
         ..
         netinet
         ..
+        netinet6
+            frag6
+            ..
+        ..
         netipsec
             tunnel
             ..
diff --git a/tests/sys/Makefile b/tests/sys/Makefile
index 44d1e03c6c73..fa3f2f949626 100644
--- a/tests/sys/Makefile
+++ b/tests/sys/Makefile
@@ -20,6 +20,7 @@ TESTS_SUBDIRS+=		kqueue
 TESTS_SUBDIRS+=		mac
 TESTS_SUBDIRS+=		mqueue
 TESTS_SUBDIRS+=		netinet
+TESTS_SUBDIRS+=		netinet6
 TESTS_SUBDIRS+=		netipsec
 TESTS_SUBDIRS+=		netmap
 TESTS_SUBDIRS+=		netpfil
diff --git a/tests/sys/netinet6/Makefile b/tests/sys/netinet6/Makefile
new file mode 100644
index 000000000000..f9dce391e056
--- /dev/null
+++ b/tests/sys/netinet6/Makefile
@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+TESTSDIR=	${TESTSBASE}/sys/netinet6
+
+TESTS_SUBDIRS+=	frag6
+
+.include <bsd.test.mk>
diff --git a/tests/sys/netinet6/frag6/Makefile b/tests/sys/netinet6/frag6/Makefile
new file mode 100644
index 000000000000..0a1bf9cf6a94
--- /dev/null
+++ b/tests/sys/netinet6/frag6/Makefile
@@ -0,0 +1,76 @@
+# $FreeBSD$
+
+PACKAGE=	tests
+
+TESTSDIR=	${TESTSBASE}/sys/netinet6/frag6
+FILESDIR=	${TESTSDIR}
+
+# We split these up so they can run in parallel.
+# Seems kyua is not running the test cases from one file in parallel.
+# Otherwise we could cat the files together into one shell file.
+ATF_TESTS_SH=			\
+				frag6_01 \
+				frag6_02 \
+				frag6_03 \
+				frag6_04 \
+				frag6_05 \
+				frag6_06 \
+				frag6_07 \
+				frag6_08 \
+				frag6_09 \
+				frag6_10 \
+				frag6_11 \
+				frag6_12 \
+				frag6_13 \
+				frag6_14 \
+				frag6_15 \
+				frag6_16 \
+				frag6_17 \
+				frag6_18 \
+				frag6_19
+
+${PACKAGE}FILES+=		frag6.subr
+${PACKAGE}FILES+=		sniffer.py
+${PACKAGE}FILES+=		frag6_01.py
+${PACKAGE}FILES+=		frag6_02.py
+${PACKAGE}FILES+=		frag6_03.py
+${PACKAGE}FILES+=		frag6_04.py
+${PACKAGE}FILES+=		frag6_05.py
+${PACKAGE}FILES+=		frag6_06.py
+${PACKAGE}FILES+=		frag6_07.py
+${PACKAGE}FILES+=		frag6_08.py
+${PACKAGE}FILES+=		frag6_09.py
+${PACKAGE}FILES+=		frag6_10.py
+${PACKAGE}FILES+=		frag6_11.py
+${PACKAGE}FILES+=		frag6_12.py
+${PACKAGE}FILES+=		frag6_13.py
+${PACKAGE}FILES+=		frag6_14.py
+${PACKAGE}FILES+=		frag6_15.py
+${PACKAGE}FILES+=		frag6_16.py
+${PACKAGE}FILES+=		frag6_17.py
+${PACKAGE}FILES+=		frag6_18.py
+${PACKAGE}FILES+=		frag6_19.py
+
+${PACKAGE}FILESMODE_frag6.subr=		0444
+${PACKAGE}FILESMODE_sniffer.py=		0555
+${PACKAGE}FILESMODE_frag6_01.py=	0555
+${PACKAGE}FILESMODE_frag6_02.py=	0555
+${PACKAGE}FILESMODE_frag6_03.py=	0555
+${PACKAGE}FILESMODE_frag6_04.py=	0555
+${PACKAGE}FILESMODE_frag6_05.py=	0555
+${PACKAGE}FILESMODE_frag6_06.py=	0555
+${PACKAGE}FILESMODE_frag6_07.py=	0555
+${PACKAGE}FILESMODE_frag6_08.py=	0555
+${PACKAGE}FILESMODE_frag6_09.py=	0555
+${PACKAGE}FILESMODE_frag6_10.py=	0555
+${PACKAGE}FILESMODE_frag6_11.py=	0555
+${PACKAGE}FILESMODE_frag6_12.py=	0555
+${PACKAGE}FILESMODE_frag6_13.py=	0555
+${PACKAGE}FILESMODE_frag6_14.py=	0555
+${PACKAGE}FILESMODE_frag6_15.py=	0555
+${PACKAGE}FILESMODE_frag6_16.py=	0555
+${PACKAGE}FILESMODE_frag6_17.py=	0555
+${PACKAGE}FILESMODE_frag6_18.py=	0555
+${PACKAGE}FILESMODE_frag6_19.py=	0555
+
+.include <bsd.test.mk>
diff --git a/tests/sys/netinet6/frag6/frag6.subr b/tests/sys/netinet6/frag6/frag6.subr
new file mode 100644
index 000000000000..e187fa78dab4
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6.subr
@@ -0,0 +1,122 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/../../common/vnet.subr
+
+frag6_head()
+{
+	atf_set descr 'Test IPv6 fragmentation code'
+	atf_set require.user root
+	atf_set require.progs scapy
+}
+
+frag6_body()
+{
+	ids=${1:="65533"}
+	shift
+	id=`printf "%x" ${ids}`
+	if [ $$ -gt 65535 ]; then
+		xl=`printf "%x" $(($$ - 65535))`
+		yl="1"
+	else
+		xl=`printf "%x" $$`
+		yl=""
+	fi
+
+	vnet_init
+
+	ip6a="2001:db8:6666:6666:${yl}:${id}:1:${xl}"
+	ip6b="2001:db8:6666:6666:${yl}:${id}:2:${xl}"
+
+	epair=$(vnet_mkepair)
+	ifconfig ${epair}a mtu 131071 up
+	ifconfig ${epair}a inet6 ${ip6a}/64
+
+	jname="v6t-${id}-${yl}-${xl}"
+	vnet_mkjail ${jname} ${epair}b
+	jexec ${jname} ifconfig ${epair}b mtu 131071 up
+	jexec ${jname} ifconfig ${epair}b inet6 ${ip6b}/64
+
+	# Let IPv6 ND do its thing.
+	#ping6 -q -c 1 ff02::1%${epair}a
+	#ping6 -q -c 1 ${ip6b}
+	sleep 3
+
+	# We need to try to make sure all expiry happened, otherwise there might
+	# be global fragments queued.  (This still does not rule out that there
+	# are no other fragments queued anywhere else in the system).
+	i=0
+	while test $i -lt 60; do
+		nf=`sysctl -n net.inet6.ip6.frag6_nfrags`
+		case ${nf} in
+		0)	break ;;
+		esac
+		sleep 1
+		i=$((i + 1))
+	done
+	case ${nf} in
+	0)	;;
+	*)	atf_fail "Global frag6_nfrags count is not zero but ${nf}" ;;
+	esac
+
+	pretestf=$2
+	case "${pretestf}" in
+	"")	;;
+	[A-Za-z0-9_]*)
+		eval ${pretestf} "${jname}" "${epair}b"
+		;;
+	esac
+
+	# Clear statistics.
+	jexec ${jname} netstat -z -s > /dev/null
+
+	# Run fragment tests.
+	pyname=$(atf_get ident)
+	pyname=${pyname%*_[0-9]}
+	atf_check -s exit:0 $(atf_get_srcdir)/${pyname}.py \
+		--sendif ${epair}a \
+		--recvif ${epair}a \
+		--src ${ip6a} \
+		--to  ${ip6b}
+
+	checkf=$1
+	case "${checkf}" in
+	"")	;;
+	[A-Za-z0-9_]*)
+		eval ${checkf} "${jname}" "${epair}b"
+		;;
+	esac
+}
+
+frag6_cleanup()
+{
+
+	vnet_cleanup
+}
+
+# end
diff --git a/tests/sys/netinet6/frag6/frag6_01.py b/tests/sys/netinet6/frag6/frag6_01.py
new file mode 100644
index 000000000000..5a6b327337c6
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_01.py
@@ -0,0 +1,115 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from sniffer import Sniffer
+from time import sleep
+
+def check_icmp6_error(args, packet):
+	ip6 = packet.getlayer(sp.IPv6)
+	if not ip6:
+		return False
+	oip6 = sp.IPv6(src=args.src[0], dst=args.to[0])
+	if ip6.dst != oip6.src:
+		return False
+	icmp6 = packet.getlayer(sp.ICMPv6ParamProblem)
+	if not icmp6:
+		return False
+	# ICMP6_PARAMPROB_HEADER 0
+	if icmp6.code != 0:
+		return False
+	# Should we check the payload as well?
+	# We are running in a very isolated environment and nothing else
+	# should trigger an ICMPv6 Param Prob so leave it.
+	#icmp6.display()
+	return True
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	# Start sniffing on recvif
+	sniffer = Sniffer(args, check_icmp6_error)
+
+
+	########################################################################
+	#
+	# A single start fragment with zero length IPv6 header (jumbo).
+	# Make sure we do hit the Fragment case, which is tricky as the
+	# jumbogram needs to be > 64k.
+	#
+	# A:  Jumbo-Fragment not allowed.
+	# R:  ICMPv6 param problem.
+	#
+	#data = "6" * (65536 - 2 - 6 - 8 - 8)
+	data = "6" * 65512
+	ip6f01 = sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0], plen=0) / \
+		sp.IPv6ExtHdrHopByHop(options=sp.Jumbo(jumboplen=65536)) / \
+		sp.IPv6ExtHdrFragment(offset=0, m=1, id=6) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	if args.debug :
+		ip6f01.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+	# We should only need to sleep 0.10 but it seems scapy
+	# takes time for this one.
+	sleep(75)
+	sniffer.setEnd()
+	sniffer.join()
+	if not sniffer.foundCorrectPacket:
+		sys.exit(1)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_01.sh b/tests/sys/netinet6/frag6/frag6_01.sh
new file mode 100755
index 000000000000..fb2e1de856d3
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_01.sh
@@ -0,0 +1,223 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+atf_test_case "frag6_01" "cleanup"
+frag6_01_head() {
+	frag6_head 1
+}
+
+frag6_01_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+	#
+	# Check selection of global IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>1</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>0</received-fragments>
+    <dropped-fragment>0</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>1</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>1</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	# XXX-BZ TODO FIXME reassembly-failed should be 1?
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>0</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>0</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>1</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>1</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+frag6_01_body() {
+
+	atf_skip "Sending IPv6 Jumbograms needs 1 kernel changes and BPF fixes"
+
+	frag6_body 1 frag6_01_check_stats
+}
+
+frag6_01_cleanup() {
+	frag6_cleanup 1
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_01"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_02.py b/tests/sys/netinet6/frag6/frag6_02.py
new file mode 100644
index 000000000000..4e83e9e676cd
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_02.py
@@ -0,0 +1,108 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from sniffer import Sniffer
+from time import sleep
+
+def check_icmp6_error(args, packet):
+	ip6 = packet.getlayer(sp.IPv6)
+	if not ip6:
+		return False
+	oip6 = sp.IPv6(src=args.src[0], dst=args.to[0])
+	if ip6.dst != oip6.src:
+		return False
+	icmp6 = packet.getlayer(sp.ICMPv6ParamProblem)
+	if not icmp6:
+		return False
+	# ICMP6_PARAMPROB_HEADER 0
+	if icmp6.code != 0:
+		return False
+	# Should we check the payload as well?
+	# We are running in a very isolated environment and nothing else
+	# should trigger an ICMPv6 Param Prob so leave it.
+	#icmp6.display()
+	return True
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	# Start sniffing on recvif
+	sniffer = Sniffer(args, check_icmp6_error)
+
+
+	########################################################################
+	#
+	# A single start fragment with payload length not % 8.
+	#
+	# A:  Error handling in code.
+	# R:  ICMPv6 param problem.
+	#
+	data = "6" * 1287
+	ip6f01 = sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=0, m=1, id=5) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	if args.debug :
+		ip6f01.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+	sleep(0.10)
+	sniffer.join()
+	if not sniffer.foundCorrectPacket:
+		sys.exit(1)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_02.sh b/tests/sys/netinet6/frag6/frag6_02.sh
new file mode 100755
index 000000000000..02d2a5a1e723
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_02.sh
@@ -0,0 +1,220 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+atf_test_case "frag6_02" "cleanup"
+frag6_02_head() {
+	frag6_head 2
+}
+
+frag6_02_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+	#
+	# Check selection of global IPv6 stats.
+	# XXX-TODO no global stats for this case?
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>0</received-fragments>
+    <dropped-fragment>0</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>1</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>1</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>0</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>1</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>1</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>1</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+frag6_02_body() {
+	frag6_body 2 frag6_02_check_stats
+}
+
+frag6_02_cleanup() {
+	frag6_cleanup 2
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_02"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_03.py b/tests/sys/netinet6/frag6/frag6_03.py
new file mode 100644
index 000000000000..64c92abfecc8
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_03.py
@@ -0,0 +1,106 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from sniffer import Sniffer
+from time import sleep
+
+def check_icmp6_error(args, packet):
+	ip6 = packet.getlayer(sp.IPv6)
+	if not ip6:
+		return False
+	oip6 = sp.IPv6(src=args.src[0], dst=args.to[0])
+	if ip6.dst != oip6.src:
+		return False
+	icmp6 = packet.getlayer(sp.ICMPv6DestUnreach)
+	if not icmp6:
+		return False
+	# ICMP6_DST_UNREACH_NOPORT 4
+	if icmp6.code != 4:
+		return False
+	# Should we check the payload as well?
+	# We are running in a very isolated environment and nothing else
+	# should trigger an ICMPv6 Dest Unreach / Port Unreach so leave it.
+	#icmp6.display()
+	return True
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	# Start sniffing on recvif
+	sniffer = Sniffer(args, check_icmp6_error)
+
+
+	########################################################################
+	#
+	# (1) Atomic fragment.
+	#
+	# A:  Nothing listening on UDP port.
+	# R:  ICMPv6 dst unreach, unreach port.
+	#
+	ip6f01 = sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=0, m=0, id=1) / \
+		sp.UDP(dport=3456, sport=6543)
+	if args.debug :
+		ip6f01.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+	sleep(0.10)
+	sniffer.join()
+	if not sniffer.foundCorrectPacket:
+		sys.exit(1)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_03.sh b/tests/sys/netinet6/frag6/frag6_03.sh
new file mode 100755
index 000000000000..edfdbe04d101
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_03.sh
@@ -0,0 +1,221 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+atf_test_case "frag6_03" "cleanup"
+frag6_03_head() {
+	frag6_head 3
+}
+
+frag6_03_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>1</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>1</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+
+	#
+	# Check selection of global IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>1</received-fragments>
+    <dropped-fragment>0</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>1</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	# XXX-TODO check output histogram (just too hard to parse [no multi-line-grep])
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>1</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>1</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>0</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>1</reassembly-required>
+    <reassembled-packets>1</reassembled-packets>
+    <reassembly-failed>0</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>1</sent-errors>
+    <sent-destination-unreachable>1</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>0</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+frag6_03_body() {
+	frag6_body 3 frag6_03_check_stats
+}
+
+frag6_03_cleanup() {
+	frag6_cleanup 3
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_03"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_04.py b/tests/sys/netinet6/frag6/frag6_04.py
new file mode 100644
index 000000000000..4f4687e0d067
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_04.py
@@ -0,0 +1,105 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from sniffer import Sniffer
+from time import sleep
+
+def check_icmp6_error(args, packet):
+	ip6 = packet.getlayer(sp.IPv6)
+	if not ip6:
+		return False
+	oip6 = sp.IPv6(src=args.src[0], dst=args.to[0])
+	if ip6.dst != oip6.src:
+		return False
+	icmp6 = packet.getlayer(sp.ICMPv6ParamProblem)
+	if not icmp6:
+		return False
+	# ICMP6_PARAMPROB_HEADER 0
+	if icmp6.code != 0:
+		return False
+	# Should we check the payload as well?
+	# We are running in a very isolated environment and nothing else
+	# should trigger an ICMPv6 Param Prob so leave it.
+	#icmp6.display()
+	return True
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	# Start sniffing on recvif
+	sniffer = Sniffer(args, check_icmp6_error)
+
+
+	########################################################################
+	#
+	# 0-byte first fragment.
+	#
+	# A:  0-byte fragment payload not allowed. Discarded.
+	# R:  ICMPv6 param prob, paramprob header.
+	#
+	ip6f01 = sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=0, m=1, id=4)
+	if args.debug :
+		ip6f01.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+	sleep(0.10)
+	sniffer.join()
+	if not sniffer.foundCorrectPacket:
+		sys.exit(1)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_04.sh b/tests/sys/netinet6/frag6/frag6_04.sh
new file mode 100755
index 000000000000..81f3a276514c
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_04.sh
@@ -0,0 +1,221 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+atf_test_case "frag6_04" "cleanup"
+frag6_04_head() {
+	frag6_head 4
+}
+
+frag6_04_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+
+	#
+	# Check selection of global IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>1</received-fragments>
+    <dropped-fragment>1</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	# XXX-TODO check output histogram (just too hard to parse [no multi-line-grep])
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>1</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>1</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>1</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>1</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>1</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>1</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+frag6_04_body() {
+	frag6_body 4 frag6_04_check_stats
+}
+
+frag6_04_cleanup() {
+	frag6_cleanup 4
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_04"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_05.py b/tests/sys/netinet6/frag6/frag6_05.py
new file mode 100644
index 000000000000..b631b48f500f
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_05.py
@@ -0,0 +1,82 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from time import sleep
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	########################################################################
+	#
+	# Sysctl set to accept (no|maximum 10) fragments.
+	#
+	# A:  Discarded.
+	# R:  Silence (statistics only) or ICMPv6 timeout expiry.
+	#
+	data = "6" * 1280
+	bfid = 0x5001
+	for i in range(20):
+		fid = bfid + i
+		ip6f01 = sp.Ether() / \
+			sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+			sp.IPv6ExtHdrFragment(offset=0, m=1, id=fid) / \
+			sp.UDP(dport=3456, sport=6543) / \
+			data
+		if args.debug :
+			ip6f01.display()
+		sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_05.sh b/tests/sys/netinet6/frag6/frag6_05.sh
new file mode 100755
index 000000000000..ed4c09b60d69
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_05.sh
@@ -0,0 +1,454 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+frag6_05_check_stats_0() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+	#
+	# Check that the sysctl is set to what we expect.
+	#
+	sn=`sysctl -n net.inet6.ip6.maxfrags`
+	case "${sn}" in
+	0)	;;
+	*)	atf_fail "Sysctl net.inet6.ip6.maxfrags is ${sn} and not 0" ;;
+	esac
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+
+	#
+	# Check selection of global IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>20</received-fragments>
+    <dropped-fragment>20</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	# XXX-TODO check output histogram (just too hard to parse [no multi-line-grep])
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>0</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>0</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>20</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>20</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>0</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>0</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+frag6_05_check_stats_1() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+
+	#
+	# Check that the sysctl is set to what we expect.
+	#
+	sn=`sysctl -n net.inet6.ip6.maxfrags`
+	case "${sn}" in
+	10)	;;
+	*)	atf_fail "Sysctl net.inet6.ip6.maxfrags is ${sn} and not 10" ;;
+	esac
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+
+	#
+	# Check selection of global IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>20</received-fragments>
+    <dropped-fragment>10</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	# XXX-TODO check output histogram (just too hard to parse [no multi-line-grep])
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>0</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>0</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>20</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>10</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>0</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>0</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+atf_test_case "frag6_05_0" "cleanup"
+frag6_05_0_head() {
+	frag6_head 5_0
+}
+
+frag6_05_0_body() {
+
+	# Save current sysctl value.
+	ov=`sysctl -n net.inet6.ip6.maxfrags`
+	echo "${ov}" > ${HOME}/sysctl-$(atf_get ident).txt
+
+	# Never accept fragments.
+	sysctl net.inet6.ip6.maxfrags=0
+
+	frag6_body 5 frag6_05_check_stats_0
+}
+
+frag6_05_0_cleanup() {
+	frag6_cleanup 5_0
+	
+	# Restore sysctl back to default.
+	ov=`cat ${HOME}/sysctl-$(atf_get ident).txt`
+	rm -f ${HOME}/sysctl-$(atf_get ident).txt
+	sysctl net.inet6.ip6.maxfrags=${ov}
+}
+
+
+atf_test_case "frag6_05_1" "cleanup"
+frag6_05_1_head() {
+	frag6_head 5_1
+}
+
+frag6_05_1_body() {
+
+	# Save current sysctl value.
+	ov=`sysctl -n net.inet6.ip6.maxfrags`
+	echo "${ov}" > ${HOME}/sysctl-$(atf_get ident).txt
+
+	# Maximum of 10 global system-wide fragments.
+	sysctl net.inet6.ip6.maxfrags=10
+
+	frag6_body 5 frag6_05_check_stats_1
+}
+
+frag6_05_1_cleanup() {
+	frag6_cleanup 5_1
+	
+	# Restore sysctl back to default.
+	ov=`cat ${HOME}/sysctl-$(atf_get ident).txt`
+	rm -f ${HOME}/sysctl-$(atf_get ident).txt
+	sysctl net.inet6.ip6.maxfrags=${ov}
+}
+
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_05_0"
+	atf_add_test_case "frag6_05_1"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_06.py b/tests/sys/netinet6/frag6/frag6_06.py
new file mode 100644
index 000000000000..42c8b02042cd
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_06.py
@@ -0,0 +1,81 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from time import sleep
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	########################################################################
+	#
+	# Sysctl set to accept (no|maximum 10) fragments on a reassembly queue.
+	#
+	# A:  Discarded.
+	# R:  Silence (statistics only) or ICMPv6 timeout expiry.
+	#
+	data = "66666666"
+	for i in range(20):
+		foffset=(i * (int)(16 / 8))
+		ip6f01 = sp.Ether() / \
+			sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+			sp.IPv6ExtHdrFragment(offset=foffset, m=1, id=6) / \
+			sp.UDP(dport=3456, sport=6543) / \
+			data
+		if args.debug :
+			ip6f01.display()
+		sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_06.sh b/tests/sys/netinet6/frag6/frag6_06.sh
new file mode 100755
index 000000000000..f5997c80f8a7
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_06.sh
@@ -0,0 +1,252 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+frag6_06_pre_test_0() {
+
+	local jname ifname
+	jname=$1
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+
+	# Never accept fragments.
+	jexec ${jname} sysctl net.inet6.ip6.maxfragbucketsize=0
+}
+
+
+frag6_06_check_stats_0() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+	#
+	# Check that the sysctl is set to what we expect.
+	#
+	sn=`jexec ${jname} sysctl -n net.inet6.ip6.maxfragbucketsize`
+	case "${sn}" in
+	0)	;;
+	*)	atf_fail "Sysctl net.inet6.ip6.maxfragbucketsize is ${sn} and not 0" ;;
+	esac
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+
+	#
+	# Check selection of global IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>20</received-fragments>
+    <dropped-fragment>20</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	# XXX-TODO check output histogram (just too hard to parse [no multi-line-grep])
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>0</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>0</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>20</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>20</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>0</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>0</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+atf_test_case "frag6_06_0" "cleanup"
+frag6_06_0_head() {
+	frag6_head 6_0
+}
+
+frag6_06_0_body() {
+	frag6_body 6 frag6_06_check_stats_0 frag6_06_pre_test_0
+}
+
+frag6_06_0_cleanup() {
+	frag6_cleanup 6_0
+	
+	# No need to restore the sysctl back to default as the jail is gone.
+}
+
+
+#atf_test_case "frag6_06_1" "cleanup"
+# There is no point in testing a != 0 value for net.inet6.ip6.maxfragbucketsize.
+# We would have to be able to generate hash collisions to end up in the same
+# bucket (or re-compile a kernel with only 1 bucket).
+
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_06_0"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_07.py b/tests/sys/netinet6/frag6/frag6_07.py
new file mode 100644
index 000000000000..f559046e67bf
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_07.py
@@ -0,0 +1,150 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from sniffer import Sniffer
+from time import sleep
+
+def check_icmp6_error(args, packet):
+	ip6 = packet.getlayer(sp.IPv6)
+	if not ip6:
+		return False
+	oip6 = sp.IPv6(src=args.src[0], dst=args.to[0])
+	if ip6.dst != oip6.src:
+		return False
+	icmp6 = packet.getlayer(sp.ICMPv6ParamProblem)
+	if not icmp6:
+		return False
+	# ICMP6_PARAMPROB_HEADER 0
+	if icmp6.code != 0:
+		return False
+	# Should we check the payload as well?
+	# We are running in a very isolated environment and nothing else
+	# should trigger an ICMPv6 Param Prob so leave it.
+	#icmp6.display()
+	return True
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	# Start sniffing on recvif
+	sniffer = Sniffer(args, check_icmp6_error)
+
+
+	########################################################################
+	#
+	# Two fragments with payload and offset set to add up to >64k.
+	#
+	# Make a first fragment arrive and a second to explode everything.
+	#
+	# A:  Reassembly failure.
+	# R:  ICMPv6 param prob, param header.
+	#
+	data = "6" * 1280
+	ip6f01 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=0, m=1, id=7) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	ip6f02 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=0x1fff, m=1, id=7) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	if args.debug :
+		ip6f01.display()
+		ip6f02.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+	sp.sendp(ip6f02, iface=args.sendif[0], verbose=False)
+
+	sleep(1.00)
+	sniffer.setEnd()
+	sniffer.join()
+	if not sniffer.foundCorrectPacket:
+		sys.exit(1)
+
+
+	# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ##
+	#
+	# A fragment with payload and offset set to add up to >64k.
+	#
+	# Try again with the first packet to make things explode.
+	#
+	# A:  Reassembly failure.
+	# R:  ICMPv6 param prob, param header.
+	#
+
+	# Start sniffing on recvif
+	sniffer = Sniffer(args, check_icmp6_error)
+
+	ip6f01 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=0x1fff, m=1, id=0x7001) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	if args.debug :
+		ip6f01.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+	sleep(0.10)
+	sniffer.setEnd()
+	sniffer.join()
+	if not sniffer.foundCorrectPacket:
+		sys.exit(1)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_07.sh b/tests/sys/netinet6/frag6/frag6_07.sh
new file mode 100755
index 000000000000..927472b794a8
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_07.sh
@@ -0,0 +1,221 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+frag6_07_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+
+	#
+	# Check selection of global IPv6 stats.
+	# XXX-BZ Only ICMPv6 errors and no proper stats!
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>3</received-fragments>
+    <dropped-fragment>0</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	# XXX-TODO check output histogram (just too hard to parse [no multi-line-grep])
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>2</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>2</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>3</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>0</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>2</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>2</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+atf_test_case "frag6_07" "cleanup"
+frag6_07_head() {
+	frag6_head 7
+}
+
+frag6_07_body() {
+	frag6_body 7 frag6_07_check_stats
+}
+
+frag6_07_cleanup() {
+	frag6_cleanup 7
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_07"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_08.py b/tests/sys/netinet6/frag6/frag6_08.py
new file mode 100644
index 000000000000..7d63c11b58a6
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_08.py
@@ -0,0 +1,122 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from sniffer import Sniffer
+from time import sleep
+
+def check_icmp6_error(args, packet):
+	ip6 = packet.getlayer(sp.IPv6)
+	if not ip6:
+		return False
+	oip6 = sp.IPv6(src=args.src[0], dst=args.to[0])
+	if ip6.dst != oip6.src:
+		return False
+	icmp6 = packet.getlayer(sp.ICMPv6ParamProblem)
+	if not icmp6:
+		return False
+	# ICMP6_PARAMPROB_HEADER 0
+	if icmp6.code != 0:
+		return False
+	# Should we check the payload as well?
+	# We are running in a very isolated environment and nothing else
+	# should trigger an ICMPv6 Param Prob so leave it.
+	#icmp6.display()
+	return True
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	# Start sniffing on recvif
+	sniffer = Sniffer(args, check_icmp6_error)
+
+
+	########################################################################
+	#
+	# A fragment with payload and offset set to add up to >64k when
+	# another frag with offset=0 arrives and has an unfrag part.
+	#
+	# A:  Reassembly failure (timeout) after
+	# R:  ICMPv6 param prob, param header (earlier).
+	#
+	data = "6" * 15
+	ip6f01 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=0x1ffc, m=0, id=8) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	data = "6" * 8
+	ip6f02 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrDestOpt(options = \
+		    sp.PadN(optdata="\x00\x00\x00\x00\x00\x00")) / \
+		sp.IPv6ExtHdrFragment(offset=0, m=1, id=8) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	if args.debug :
+		ip6f01.display()
+		ip6f02.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+	sp.sendp(ip6f02, iface=args.sendif[0], verbose=False)
+
+	sleep(1.00)
+	sniffer.setEnd()
+	sniffer.join()
+	if not sniffer.foundCorrectPacket:
+		sys.exit(1)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_08.sh b/tests/sys/netinet6/frag6/frag6_08.sh
new file mode 100755
index 000000000000..3de04f539e08
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_08.sh
@@ -0,0 +1,221 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+frag6_08_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+
+	#
+	# Check selection of global IPv6 stats.
+	# XXX-BZ Only ICMPv6 errors and no proper stats!
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>2</received-fragments>
+    <dropped-fragment>0</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	# XXX-TODO check output histogram (just too hard to parse [no multi-line-grep])
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>1</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>1</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>2</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>0</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>1</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>1</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+atf_test_case "frag6_08" "cleanup"
+frag6_08_head() {
+	frag6_head 8
+}
+
+frag6_08_body() {
+	frag6_body 8 frag6_08_check_stats
+}
+
+frag6_08_cleanup() {
+	frag6_cleanup 8
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_08"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_09.py b/tests/sys/netinet6/frag6/frag6_09.py
new file mode 100644
index 000000000000..6e9771bc7d58
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_09.py
@@ -0,0 +1,109 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from sniffer import Sniffer
+from time import sleep
+
+def check_icmp6_error(args, packet):
+	ip6 = packet.getlayer(sp.IPv6)
+	if not ip6:
+		return False
+	oip6 = sp.IPv6(src=args.src[0], dst=args.to[0])
+	if ip6.dst != oip6.src:
+		return False
+	icmp6 = packet.getlayer(sp.ICMPv6TimeExceeded)
+	if not icmp6:
+		return False
+	# ICMP6_TIME_EXCEED_REASSEMBLY 1
+	if icmp6.code != 1:
+		return False
+	# Should we check the payload as well?
+	# We are running in a very isolated environment and nothing else
+	# should trigger an ICMPv6 Time Exceeded / Frag reassembly so leave it.
+	#icmp6.display()
+	return True
+
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	# Start sniffing on recvif
+	sniffer = Sniffer(args, check_icmp6_error)
+
+
+	########################################################################
+	#
+	# A single start fragment.
+	#
+	# A:  Waiting for more data.
+	# R:  Timeout / Expiry.
+	#
+	ip6f01 = sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=0, m=1, id=2) / \
+		sp.UDP(dport=3456, sport=6543)
+	if args.debug :
+		ip6f01.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+	# Wait for ICMPv6 error generation on timeout.
+	sleep(75)
+	sniffer.setEnd()
+	sniffer.join()
+	if not sniffer.foundCorrectPacket:
+		sys.exit(1)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_09.sh b/tests/sys/netinet6/frag6/frag6_09.sh
new file mode 100755
index 000000000000..6936a75d397a
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_09.sh
@@ -0,0 +1,219 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+atf_test_case "frag6_09" "cleanup"
+frag6_09_head() {
+	frag6_head 9
+}
+
+frag6_09_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+	#
+	# Check selection of global IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>1</received-fragments>
+    <dropped-fragment>0</dropped-fragment>
+    <dropped-fragment-after-timeout>1</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>1</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>1</time-exceed-reassembly>
+      <bad-header>0</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>1</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>0</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>1</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>1</sent-time-exceeded>
+    <sent-bad-parameter>0</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+frag6_09_body() {
+	frag6_body 9 frag6_09_check_stats
+}
+
+frag6_09_cleanup() {
+	frag6_cleanup 9
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_09"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_10.py b/tests/sys/netinet6/frag6/frag6_10.py
new file mode 100644
index 000000000000..716324a469d9
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_10.py
@@ -0,0 +1,79 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from time import sleep
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	########################################################################
+	#
+	# A single middle fragment.
+	#
+	# A:  Waiting for more data.
+	# R:  Timeout / Expiry.
+	#
+	ip6f01 = sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=161, m=1, id=7) / \
+		sp.UDP(dport=3456, sport=6543)
+	if args.debug :
+		ip6f01.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+	# We do not generate ICMPv6 for non-off=0-segments.
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_10.sh b/tests/sys/netinet6/frag6/frag6_10.sh
new file mode 100755
index 000000000000..fb1a26ad8699
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_10.sh
@@ -0,0 +1,221 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+atf_test_case "frag6_10" "cleanup"
+frag6_10_head() {
+	frag6_head 10
+}
+
+frag6_10_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+	#
+	# Check selection of global IPv6 stats.
+	# We do not seem to sent a timeout ICMPv6 for this one?
+	# No, as it is not an off=0 segment.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>1</received-fragments>
+    <dropped-fragment>0</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>0</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>0</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>1</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>0</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>0</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>0</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+frag6_10_body() {
+	frag6_body 10 frag6_10_check_stats
+}
+
+frag6_10_cleanup() {
+	frag6_cleanup 10
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_10"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_11.py b/tests/sys/netinet6/frag6/frag6_11.py
new file mode 100644
index 000000000000..a5c8e1918430
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_11.py
@@ -0,0 +1,81 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from time import sleep
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	########################################################################
+	#
+	# A single last fragment.
+	#
+	# A:  Waiting for more data.
+	# R:  Timeout / Expiry.
+	#
+	ip6f01 = sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=321, m=0, id=8) / \
+		sp.UDP(dport=3456, sport=6543)
+	if args.debug :
+		ip6f01.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+	# Wait for expiration to happen.  We will not see an ICMPv6 as there
+	# is no frag with offset=0.
+	sleep(75)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_11.sh b/tests/sys/netinet6/frag6/frag6_11.sh
new file mode 100755
index 000000000000..606b7d936c15
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_11.sh
@@ -0,0 +1,220 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+atf_test_case "frag6_11" "cleanup"
+frag6_11_head() {
+	frag6_head 11
+}
+
+frag6_11_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+	#
+	# Check selection of global IPv6 stats.
+	# XXX-TODO We do not seem to sent a timeout ICMPv6 for this one?
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>1</received-fragments>
+    <dropped-fragment>0</dropped-fragment>
+    <dropped-fragment-after-timeout>1</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>0</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>0</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>1</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>0</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>0</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>0</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+frag6_11_body() {
+	frag6_body 11 frag6_11_check_stats
+}
+
+frag6_11_cleanup() {
+	frag6_cleanup 11
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_11"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_12.py b/tests/sys/netinet6/frag6/frag6_12.py
new file mode 100644
index 000000000000..68ea180599e1
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_12.py
@@ -0,0 +1,111 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from sniffer import Sniffer
+from time import sleep
+
+def check_icmp6_error(args, packet):
+	ip6 = packet.getlayer(sp.IPv6)
+	if not ip6:
+		return False
+	oip6 = sp.IPv6(src=args.src[0], dst=args.to[0])
+	if ip6.dst != oip6.src:
+		return False
+	icmp6 = packet.getlayer(sp.ICMPv6TimeExceeded)
+	if not icmp6:
+		return False
+	# ICMP6_TIME_EXCEED_REASSEMBLY 1
+	if icmp6.code != 1:
+		return False
+	# Should we check the payload as well?
+	# We are running in a very isolated environment and nothing else
+	# should trigger an ICMPv6 Time Exceeded / Frag reassembly so leave it.
+	#icmp6.display()
+	return True
+
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	# Start sniffing on recvif
+	sniffer = Sniffer(args, check_icmp6_error)
+
+
+	########################################################################
+	#
+	# A single start fragment with payload.
+	#
+	# A:  Waiting for more data.
+	# R:  Timeout / Expiry.
+	#
+	data = "6" * 1280
+	ip6f01 = sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=0, m=1, id=3) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	if args.debug :
+		ip6f01.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+	# Wait for ICMPv6 error generation on timeout.
+	sleep(75)
+	sniffer.setEnd()
+	sniffer.join()
+	if not sniffer.foundCorrectPacket:
+		sys.exit(1)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_12.sh b/tests/sys/netinet6/frag6/frag6_12.sh
new file mode 100755
index 000000000000..33121b868922
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_12.sh
@@ -0,0 +1,218 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+atf_test_case "frag6_12" "cleanup"
+frag6_12_head() {
+	frag6_head 12
+}
+
+frag6_12_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+	#
+	# Check selection of global IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>1</received-fragments>
+    <dropped-fragment>0</dropped-fragment>
+    <dropped-fragment-after-timeout>1</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>1</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>1</time-exceed-reassembly>
+      <bad-header>0</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>1</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>0</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>1</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>1</sent-time-exceeded>
+    <sent-bad-parameter>0</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+frag6_12_body() {
+	frag6_body 12 frag6_12_check_stats
+}
+
+frag6_12_cleanup() {
+	frag6_cleanup 12
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_12"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_13.py b/tests/sys/netinet6/frag6/frag6_13.py
new file mode 100644
index 000000000000..4ff96990db60
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_13.py
@@ -0,0 +1,120 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from time import sleep
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	########################################################################
+	#
+	# Two fragments with different ECN (Traffic Clas) bits to trigger
+	# error cases.
+	#
+	# A:  Reassembly failure.
+	# R:  ip6f02 dropped / Timeout (not waiting for).
+	#
+	data = "6" * 8
+	# IPTOS_ECN_NOTECT
+	ip6f01 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0], tc=0x00) / \
+		sp.IPv6ExtHdrFragment(offset=0, m=1, id=13) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	# IPTOS_ECN_CE
+	ip6f02 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0], tc=0x03) / \
+		sp.IPv6ExtHdrFragment(offset=16, m=0, id=13) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	if args.debug :
+		ip6f01.display()
+		ip6f02.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+	sp.sendp(ip6f02, iface=args.sendif[0], verbose=False)
+
+
+	# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ##
+	#
+	# Two fragments with different ECN (Traffic Clas) bits to trigger
+	# error cases.
+	#
+	# A:  Reassembly failure.
+	# R:  ip6f02 dropped / Timeout (not waiting for).
+	#
+	# IPTOS_ECN_ECT1
+	ip6f01 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0], tc=0x01) / \
+		sp.IPv6ExtHdrFragment(offset=0, m=1, id=0x1301) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	# IPTOS_ECN_NOTECT
+	ip6f02 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0], tc=0x00) / \
+		sp.IPv6ExtHdrFragment(offset=16, m=0, id=0x1301) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	if args.debug :
+		ip6f01.display()
+		ip6f02.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+	sp.sendp(ip6f02, iface=args.sendif[0], verbose=False)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_13.sh b/tests/sys/netinet6/frag6/frag6_13.sh
new file mode 100755
index 000000000000..22d143a0f0af
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_13.sh
@@ -0,0 +1,218 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+atf_test_case "frag6_13" "cleanup"
+frag6_13_head() {
+	frag6_head 13
+}
+
+frag6_13_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+	#
+	# Check selection of global IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>4</received-fragments>
+    <dropped-fragment>2</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>0</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>0</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>4</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>2</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>0</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>0</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+frag6_13_body() {
+	frag6_body 13 frag6_13_check_stats
+}
+
+frag6_13_cleanup() {
+	frag6_cleanup 13
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_13"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_14.py b/tests/sys/netinet6/frag6/frag6_14.py
new file mode 100644
index 000000000000..a1533aa6c887
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_14.py
@@ -0,0 +1,135 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from time import sleep
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	########################################################################
+	#
+	# Send multiple fragments, with an exact overlap in a middle one,
+	# not finishing the full packet (and ignoring the content anyway).
+	#
+	# A:  Reassembly failure.
+	# R:  dup dropped silently / Timeout (not waiting for).
+	#
+	data = "6" * 8
+	ip6f01 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=0, m=1, id=14) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	ip6f02 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=0x1000, m=0, id=14) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	ip6f03 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=16, m=1, id=14) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	ip6f04 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=16, m=1, id=14) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	if args.debug :
+		ip6f01.display()
+		ip6f02.display()
+		ip6f03.display()
+		ip6f04.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+	sp.sendp(ip6f02, iface=args.sendif[0], verbose=False)
+	sp.sendp(ip6f03, iface=args.sendif[0], verbose=False)
+	sp.sendp(ip6f04, iface=args.sendif[0], verbose=False)
+
+
+	# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ##
+	#
+	# Send multiple fragments, with a partial overlap on the first one
+	# not finishing the full packet (and ignoring the content anyway).
+	# The second packet needs to be the first one in the fragment chain
+	# in order to trigger the 2nd case to test.
+	#
+	# A:  Reassembly failure.
+	# R:  dup dropped silently / Timeout (not waiting for).
+	#
+	data = "6" * 8
+	ip6f01 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=10, m=1, id=0x1401) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	ip6f02 = \
+		sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=9, m=0, id=0x1401) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		data
+	if args.debug :
+		ip6f01.display()
+		ip6f02.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+	sp.sendp(ip6f02, iface=args.sendif[0], verbose=False)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_14.sh b/tests/sys/netinet6/frag6/frag6_14.sh
new file mode 100755
index 000000000000..7c9a04119923
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_14.sh
@@ -0,0 +1,218 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+atf_test_case "frag6_14" "cleanup"
+frag6_14_head() {
+	frag6_head 14
+}
+
+frag6_14_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+	#
+	# Check selection of global IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>6</received-fragments>
+    <dropped-fragment>2</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>0</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>0</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>6</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>2</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>0</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>0</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+frag6_14_body() {
+	frag6_body 14 frag6_14_check_stats
+}
+
+frag6_14_cleanup() {
+	frag6_cleanup 14
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_14"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_15.py b/tests/sys/netinet6/frag6/frag6_15.py
new file mode 100644
index 000000000000..f9922aaa9717
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_15.py
@@ -0,0 +1,105 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from time import sleep
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	########################################################################
+	#
+	# Sysctl set to accept maximum 3 segments on a fragmented packet.
+	# The 4th packet will flush the entire q6.
+	#
+	# A:  4 Discarded.
+	# R:  Silence (statistics only) no ICMPv6 as we skip the off=0 segment.
+	#
+	data = "66666666"
+	for i in range(4):
+		foffset=16 + (i * (0x100 + (int)(16 / 8)))
+		ip6f01 = sp.Ether() / \
+			sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+			sp.IPv6ExtHdrFragment(offset=foffset, m=1, id=15) / \
+			sp.UDP(dport=3456, sport=6543) / \
+			data
+		if args.debug :
+			ip6f01.display()
+		sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+
+	# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ##
+	#
+	# Sysctl set to accept maximum 3 segments on a fragmented packet.
+	# The 4th packet will flush the entire q6.
+	# This time we play proper offset/length games on the packets in order
+	# to trigger the 2nd test case, with the last packet still having m=1.
+	#
+	# A:  4 Discarded.
+	# R:  ICMPv6 timeout expired.
+	#
+	data = "66666666"
+	for i in range(4):
+		foffset=(i * (int)(16 / 8))
+		ip6f01 = sp.Ether() / \
+			sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+			sp.IPv6ExtHdrFragment(offset=foffset, m=1, id=0x1501) / \
+			sp.UDP(dport=3456, sport=6543) / \
+			data
+		if args.debug :
+			ip6f01.display()
+		sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_15.sh b/tests/sys/netinet6/frag6/frag6_15.sh
new file mode 100755
index 000000000000..1b31bf103994
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_15.sh
@@ -0,0 +1,246 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+frag6_15_pre_test() {
+
+	local jname ifname
+	jname=$1
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+
+	# Accept 3 fragments per fragmented packet.
+	jexec ${jname} sysctl net.inet6.ip6.maxfragsperpacket=3
+}
+
+
+frag6_15_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+	#
+	# Check that the sysctl is set to what we expect.
+	#
+	sn=`jexec ${jname} sysctl -n net.inet6.ip6.maxfragsperpacket`
+	case "${sn}" in
+	3)	;;
+	*)	atf_fail "Sysctl net.inet6.ip6.maxfragsperpacket is ${sn} and not 3" ;;
+	esac
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+
+	#
+	# Check selection of global IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>8</received-fragments>
+    <dropped-fragment>8</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	# XXX-TODO check output histogram (just too hard to parse [no multi-line-grep])
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>1</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>1</time-exceed-reassembly>
+      <bad-header>0</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	# XXX-BZ no reassembly failed stats.#
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>8</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>0</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>1</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>1</sent-time-exceeded>
+    <sent-bad-parameter>0</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+atf_test_case "frag6_15" "cleanup"
+frag6_15_head() {
+	frag6_head 15
+}
+
+frag6_15_body() {
+	frag6_body 15 frag6_15_check_stats frag6_15_pre_test
+}
+
+frag6_15_cleanup() {
+	frag6_cleanup 15
+	
+	# No need to restore the sysctl back to default as the jail is gone.
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_15"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_16.py b/tests/sys/netinet6/frag6/frag6_16.py
new file mode 100644
index 000000000000..c38f5da4dea9
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_16.py
@@ -0,0 +1,132 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+from sniffer import Sniffer
+from time import sleep
+
+def check_icmp6_error(args, packet):
+	ip6 = packet.getlayer(sp.IPv6)
+	if not ip6:
+		return False
+	oip6 = sp.IPv6(src=args.src[0], dst=args.to[0])
+	if ip6.dst != oip6.src:
+		return False
+	icmp6 = packet.getlayer(sp.ICMPv6DestUnreach)
+	if not icmp6:
+		return False
+	# ICMP6_DST_UNREACH_NOPORT 4
+	if icmp6.code != 4:
+		return False
+	# Should we check the payload as well?
+	# We are running in a very isolated environment and nothing else
+	# should trigger an ICMPv6 Dest Unreach / Port Unreach so leave it.
+	#icmp6.display()
+	return True
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	# Start sniffing on recvif
+	sniffer = Sniffer(args, check_icmp6_error)
+
+
+	########################################################################
+	#
+	# A single fragmented packet with upper layer data in multiple segments
+	# to pass fragmentation.
+	# We need to do a bit of a dance to get the UDP checksum right.
+	#
+	# A:  1 reassembled packet
+	# R:  Statistics and ICMPv6 error (non-fragmentation) as no port open.
+	#
+	data = "6" * 1280
+	dataall = data * 30
+	ip6f01 = \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.UDP(dport=3456, sport=6543) / \
+		dataall
+	ip6fd = sp.IPv6(sp.raw(ip6f01))
+
+	ip6f01 = sp.Ether() / \
+		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+		sp.IPv6ExtHdrFragment(offset=0, m=1, id=16) / \
+		sp.UDP(dport=3456, sport=6543, len=ip6fd.len, chksum=ip6fd.chksum) / \
+		data
+	if args.debug :
+		ip6f01.display()
+	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
+
+	foffset=(int)(1288/8)
+	mbit=1
+	for i in range(1,30):
+		if i is 29:
+			mbit=0
+		ip6f0n = sp.Ether() / \
+			sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+			sp.IPv6ExtHdrFragment(offset=foffset, m=mbit, id=16, nh=socket.IPPROTO_UDP) / \
+			data
+		if args.debug :
+			ip6f0n.display()
+		sp.sendp(ip6f0n, iface=args.sendif[0], verbose=False)
+		foffset += (int)(1280/8)
+
+	sleep(0.10)
+	sniffer.setEnd()
+	sniffer.join()
+	if not sniffer.foundCorrectPacket:
+		sys.exit(1)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_16.sh b/tests/sys/netinet6/frag6/frag6_16.sh
new file mode 100755
index 000000000000..2d0e43b3a39e
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_16.sh
@@ -0,0 +1,222 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+
+frag6_16_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>1</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>1</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+
+	#
+	# Check selection of global IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>30</received-fragments>
+    <dropped-fragment>0</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>1</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	# XXX-TODO check output histogram (just too hard to parse [no multi-line-grep])
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>1</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>1</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>0</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	# XXX-BZ no reassembly failed stats.#
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>30</reassembly-required>
+    <reassembled-packets>1</reassembled-packets>
+    <reassembly-failed>0</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>1</sent-errors>
+    <sent-destination-unreachable>1</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>0</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+atf_test_case "frag6_16" "cleanup"
+frag6_16_head() {
+	frag6_head 16
+}
+
+frag6_16_body() {
+	frag6_body 16 frag6_16_check_stats
+}
+
+frag6_16_cleanup() {
+	frag6_cleanup 16
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_16"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_17.py b/tests/sys/netinet6/frag6/frag6_17.py
new file mode 100644
index 000000000000..a4d6deea0a24
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_17.py
@@ -0,0 +1,90 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import random as random
+import scapy.all as sp
+import socket
+import sys
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	########################################################################
+	#
+	# Send a sample of pseudo-random fragments into the system in order
+	# to test vnet teardown.
+	#
+	# A:  Cleaned up and freed
+	# R:  No panic (ignoring everything else)
+	#
+
+	random.seed()
+	packets = [];
+
+	for i in range(0,127):
+		fid=random.randint(0,0xffff)
+		foffset=random.randint(0,0xffff)
+		fm=random.randint(0,1)
+		fsrc=sp.RandIP6()
+		ip6f01 = sp.Ether() / \
+			sp.IPv6(src=fsrc, dst=args.to[0]) / \
+			sp.IPv6ExtHdrFragment(offset=foffset, m=fm, id=fid) / \
+			sp.UDP(dport=3456, sport=6543)
+		if args.debug:
+			ip6f01.display()
+		packets.append(ip6f01)
+
+	for p in packets:
+		sp.sendp(p, iface=args.sendif[0], verbose=False)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_17.sh b/tests/sys/netinet6/frag6/frag6_17.sh
new file mode 100755
index 000000000000..0fa10c98f085
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_17.sh
@@ -0,0 +1,47 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+atf_test_case "frag6_17" "cleanup"
+frag6_17_head() {
+	frag6_head 17
+}
+
+frag6_17_body() {
+	frag6_body 17
+}
+
+frag6_17_cleanup() {
+	frag6_cleanup 17
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_17"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_18.py b/tests/sys/netinet6/frag6/frag6_18.py
new file mode 100644
index 000000000000..a4d6deea0a24
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_18.py
@@ -0,0 +1,90 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import random as random
+import scapy.all as sp
+import socket
+import sys
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	########################################################################
+	#
+	# Send a sample of pseudo-random fragments into the system in order
+	# to test vnet teardown.
+	#
+	# A:  Cleaned up and freed
+	# R:  No panic (ignoring everything else)
+	#
+
+	random.seed()
+	packets = [];
+
+	for i in range(0,127):
+		fid=random.randint(0,0xffff)
+		foffset=random.randint(0,0xffff)
+		fm=random.randint(0,1)
+		fsrc=sp.RandIP6()
+		ip6f01 = sp.Ether() / \
+			sp.IPv6(src=fsrc, dst=args.to[0]) / \
+			sp.IPv6ExtHdrFragment(offset=foffset, m=fm, id=fid) / \
+			sp.UDP(dport=3456, sport=6543)
+		if args.debug:
+			ip6f01.display()
+		packets.append(ip6f01)
+
+	for p in packets:
+		sp.sendp(p, iface=args.sendif[0], verbose=False)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_18.sh b/tests/sys/netinet6/frag6/frag6_18.sh
new file mode 100755
index 000000000000..500d570b9186
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_18.sh
@@ -0,0 +1,64 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+frag6_18_delif() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Invalidate the ifp from the packets in the reassembly queue.
+	ifconfig ${ifname} -vnet ${jname}
+}
+
+atf_test_case "frag6_18" "cleanup"
+frag6_18_head() {
+	frag6_head 18
+}
+
+frag6_18_body() {
+	frag6_body 18 frag6_18_delif
+}
+
+frag6_18_cleanup() {
+	frag6_cleanup 18
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_18"
+}
diff --git a/tests/sys/netinet6/frag6/frag6_19.py b/tests/sys/netinet6/frag6/frag6_19.py
new file mode 100644
index 000000000000..9248f5f40c43
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_19.py
@@ -0,0 +1,83 @@
+#!/usr/bin/env python
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+import argparse
+import scapy.all as sp
+import socket
+import sys
+
+def main():
+	parser = argparse.ArgumentParser("frag6.py",
+		description="IPv6 fragementation test tool")
+	parser.add_argument('--sendif', nargs=1,
+		required=True,
+		help='The interface through which the packet will be sent')
+	parser.add_argument('--recvif', nargs=1,
+		required=True,
+		help='The interface on which to check for the packet')
+	parser.add_argument('--src', nargs=1,
+		required=True,
+		help='The source IP address')
+	parser.add_argument('--to', nargs=1,
+		required=True,
+		help='The destination IP address')
+	parser.add_argument('--debug',
+		required=False, action='store_true',
+		help='Enable test debugging')
+
+	args = parser.parse_args()
+
+
+	########################################################################
+	#
+	# Send a sample of sequeneced ID fragments into the system in order
+	# to test bucket distribution.
+	#
+	# A:  No overflow at V_ip6_maxfragsperpacket == 64.
+	# R:  Stats only, timeout and no ICMPv6 (all ignored).
+	#
+	packets = [];
+	data = "66666666"
+	for i in range(0,127):
+		ip6f01 = sp.Ether() / \
+			sp.IPv6(src=args.src[0], dst=args.to[0]) / \
+			sp.IPv6ExtHdrFragment(offset=1, m=1, id=i) / \
+			data
+		if args.debug:
+			ip6f01.display()
+		packets.append(ip6f01)
+
+	for p in packets:
+		sp.sendp(p, iface=args.sendif[0], verbose=False)
+
+	sys.exit(0)
+
+if __name__ == '__main__':
+	main()
diff --git a/tests/sys/netinet6/frag6/frag6_19.sh b/tests/sys/netinet6/frag6/frag6_19.sh
new file mode 100755
index 000000000000..5cb65e3b2586
--- /dev/null
+++ b/tests/sys/netinet6/frag6/frag6_19.sh
@@ -0,0 +1,221 @@
+# $FreeBSD$
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2019 Netflix, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+. $(atf_get_srcdir)/frag6.subr
+
+frag6_19_check_stats() {
+
+	local jname ifname
+	jname=$1
+	ifname=$2
+
+	case "${jname}" in
+	"")	echo "ERROR: jname is empty"; return ;;
+	esac
+	case "${ifname}" in
+	"")	echo "ERROR: ifname is empty"; return ;;
+	esac
+
+	# Defaults are: IPV6_FRAGTTL  120 slowtimo ticks.
+	# pfslowtimo() is run at hz/2.  So this takes 60s.
+	# This is awefully long for a test case.
+	# The Python script has to wait for this already to get the ICMPv6
+	# hence we do not sleep here anymore.
+
+	#
+	# Check selection of global UDP stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-datagrams>0</received-datagrams>
+    <dropped-incomplete-headers>0</dropped-incomplete-headers>
+    <dropped-bad-data-length>0</dropped-bad-data-length>
+    <dropped-bad-checksum>0</dropped-bad-checksum>
+    <dropped-no-checksum>0</dropped-no-checksum>
+    <dropped-no-socket>0</dropped-no-socket>
+    <dropped-broadcast-multicast>0</dropped-broadcast-multicast>
+    <dropped-full-socket-buffer>0</dropped-full-socket-buffer>
+    <not-for-hashed-pcb>0</not-for-hashed-pcb>
+EOF
+	count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	9)	;;
+	*)	jexec ${jname} netstat -s -p udp --libxo xml,pretty
+		atf_fail "Global UDP statistics do not match: ${count} != 9" ;;
+	esac
+
+
+	#
+	# Check selection of global IPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-below-minimum-size>0</dropped-below-minimum-size>
+    <dropped-short-packets>0</dropped-short-packets>
+    <dropped-bad-options>0</dropped-bad-options>
+    <dropped-bad-version>0</dropped-bad-version>
+    <received-fragments>127</received-fragments>
+    <dropped-fragment>0</dropped-fragment>
+    <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout>
+    <dropped-fragments-overflow>0</dropped-fragments-overflow>
+    <atomic-fragments>0</atomic-fragments>
+    <reassembled-packets>0</reassembled-packets>
+    <forwarded-packets>0</forwarded-packets>
+    <packets-not-forwardable>0</packets-not-forwardable>
+    <sent-redirects>0</sent-redirects>
+    <send-packets-fabricated-header>0</send-packets-fabricated-header>
+    <discard-no-mbufs>0</discard-no-mbufs>
+    <discard-no-route>0</discard-no-route>
+    <sent-fragments>0</sent-fragments>
+    <fragments-created>0</fragments-created>
+    <discard-cannot-fragment>0</discard-cannot-fragment>
+    <discard-scope-violations>0</discard-scope-violations>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	20)	;;
+	*)	jexec ${jname} netstat -s -p ip6 --libxo xml,pretty
+		atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;;
+	esac
+
+	#
+	# Check selection of global ICMPv6 stats.
+	# XXX-TODO check output histogram (just too hard to parse [no multi-line-grep])
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <icmp6-calls>0</icmp6-calls>
+      <no-route>0</no-route>
+      <admin-prohibited>0</admin-prohibited>
+      <beyond-scope>0</beyond-scope>
+      <address-unreachable>0</address-unreachable>
+      <port-unreachable>0</port-unreachable>
+      <packet-too-big>0</packet-too-big>
+      <time-exceed-transmit>0</time-exceed-transmit>
+      <time-exceed-reassembly>0</time-exceed-reassembly>
+      <bad-header>0</bad-header>
+      <bad-next-header>0</bad-next-header>
+      <bad-option>0</bad-option>
+      <redirects>0</redirects>
+      <unknown>0</unknown>
+      <reflect>0</reflect>
+      <too-many-nd-options>0</too-many-nd-options>
+      <bad-nd-options>0</bad-nd-options>
+      <bad-neighbor-solicitation>0</bad-neighbor-solicitation>
+      <bad-neighbor-advertisement>0</bad-neighbor-advertisement>
+      <bad-router-solicitation>0</bad-router-solicitation>
+      <bad-router-advertisement>0</bad-router-advertisement>
+      <bad-redirect>0</bad-redirect>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	22)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty
+		atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;;
+	esac
+
+	#
+	# Check selection of interface IPv6 stats.
+	# XXX-BZ no reassembly failed stats.#
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <dropped-invalid-header>0</dropped-invalid-header>
+    <dropped-mtu-exceeded>0</dropped-mtu-exceeded>
+    <dropped-no-route>0</dropped-no-route>
+    <dropped-invalid-destination>0</dropped-invalid-destination>
+    <dropped-unknown-protocol>0</dropped-unknown-protocol>
+    <dropped-truncated>0</dropped-truncated>
+    <sent-forwarded>0</sent-forwarded>
+    <discard-packets>0</discard-packets>
+    <discard-fragments>0</discard-fragments>
+    <fragments-failed>0</fragments-failed>
+    <fragments-created>0</fragments-created>
+    <reassembly-required>127</reassembly-required>
+    <reassembled-packets>0</reassembled-packets>
+    <reassembly-failed>0</reassembly-failed>
+EOF
+	count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	14)	;;
+	*)	jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;;
+	esac
+
+	#
+	# Check selection of interface ICMPv6 stats.
+	#
+	cat <<EOF > ${HOME}/filter-${jname}.txt
+    <received-errors>0</received-errors>
+    <received-destination-unreachable>0</received-destination-unreachable>
+    <received-admin-prohibited>0</received-admin-prohibited>
+    <received-time-exceeded>0</received-time-exceeded>
+    <received-bad-parameter>0</received-bad-parameter>
+    <received-packet-too-big>0</received-packet-too-big>
+    <received-echo-requests>0</received-echo-requests>
+    <received-echo-replies>0</received-echo-replies>
+    <received-router-solicitation>0</received-router-solicitation>
+    <received-router-advertisement>0</received-router-advertisement>
+    <sent-errors>0</sent-errors>
+    <sent-destination-unreachable>0</sent-destination-unreachable>
+    <sent-admin-prohibited>0</sent-admin-prohibited>
+    <sent-time-exceeded>0</sent-time-exceeded>
+    <sent-bad-parameter>0</sent-bad-parameter>
+    <sent-packet-too-big>0</sent-packet-too-big>
+    <sent-echo-requests>0</sent-echo-requests>
+    <sent-echo-replies>0</sent-echo-replies>
+    <sent-router-solicitation>0</sent-router-solicitation>
+    <sent-router-advertisement>0</sent-router-advertisement>
+    <sent-redirects>0</sent-redirects>
+EOF
+	count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt`
+	rm -f ${HOME}/filter-${jname}.txt
+	case ${count} in
+	21)	;;
+	*)	jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty
+		atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;;
+	esac
+}
+
+atf_test_case "frag6_19" "cleanup"
+frag6_19_head() {
+	frag6_head 19
+}
+
+frag6_19_body() {
+	frag6_body 19 frag6_19_check_stats
+}
+
+frag6_19_cleanup() {
+	frag6_cleanup 19
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "frag6_19"
+}
diff --git a/tests/sys/netinet6/frag6/sniffer.py b/tests/sys/netinet6/frag6/sniffer.py
new file mode 100644
index 000000000000..2c5f460488db
--- /dev/null
+++ b/tests/sys/netinet6/frag6/sniffer.py
@@ -0,0 +1,40 @@
+# $FreeBSD$
+
+import threading
+import scapy.all as sp
+
+class Sniffer(threading.Thread):
+	def __init__(self, args, check_function):
+		threading.Thread.__init__(self)
+
+		self._args = args
+		self._recvif = args.recvif[0]
+		self._check_function = check_function
+		self.foundCorrectPacket = False
+		self._endme = False
+
+		self.start()
+
+	def _checkPacket(self, packet):
+		ret = self._check_function(self._args, packet)
+		if ret:
+			self.foundCorrectPacket = True
+		return ret
+
+	def setEnd(self):
+		self._endme = True
+
+	def stopFilter(self, pkt):
+		if pkt is not None:
+			self._checkPacket(pkt)
+		if self.foundCorrectPacket or self._endme:
+			return True
+		else:
+			return False
+
+	def run(self):
+		while True:
+			self.packets = sp.sniff(iface=self._recvif, store=False,
+				stop_filter=self.stopFilter, timeout=90)
+			if self.stopFilter(None):
+				break