From 413bfc8b3752af0839c66b0906e66cfb2fcb87fc Mon Sep 17 00:00:00 2001
From: gdt <gdt@NetBSD.org>
Date: Mon, 9 Jul 2007 19:11:05 +0000
Subject: [PATCH] ipsec4_splithdr: If m_len is too short, printf and drop it
 instead of panicing.  Perhaps should be a pullup instead.  This happens very
 occasionally on an ultrasparc with tunnel-mode ESP.

---
 sys/netinet6/ipsec.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c
index facb9154b03c..3f894f3433c8 100644
--- a/sys/netinet6/ipsec.c
+++ b/sys/netinet6/ipsec.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.c,v 1.119 2007/05/23 17:32:47 christos Exp $	*/
+/*	$NetBSD: ipsec.c,v 1.120 2007/07/09 19:11:05 gdt Exp $	*/
 /*	$KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $	*/
 
 /*
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.119 2007/05/23 17:32:47 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.120 2007/07/09 19:11:05 gdt Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -3104,8 +3104,16 @@ ipsec4_splithdr(struct mbuf *m)
 	struct ip *ip;
 	int hlen;
 
-	if (m->m_len < sizeof(struct ip))
+	if (m->m_len < sizeof(struct ip)) {
+		/* XXX Print and drop until we understand. */
+		printf("ipsec4_splithdr: m->m_len %d m_length %d < %d\n",
+		       m->m_len, m_length(m), sizeof(struct ip));
+		m_freem(m);
+		return NULL;
+#if 0
 		panic("ipsec4_splithdr: first mbuf too short");
+#endif
+	}
 	ip = mtod(m, struct ip *);
 	hlen = ip->ip_hl << 2;
 	if (m->m_len > hlen) {