The esp_input_cb function used m_copyback, which fails if the mbuf is

read-only. This can actually happen if the packet was received by the
xennet interface, see PR kern/33162. Change it to m_copyback_cow.

AH and IPCOMP probably need similar fixes.

Requested by Jeff Rizzo, tested on Xen with -current by him.

sys/netipsec/xform_esp.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: xform_esp.c,v 1.9 2006/04/11 20:21:28 rpaulo Exp $	*/
+/*	$NetBSD: xform_esp.c,v 1.10 2006/04/28 22:39:02 pavel Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.9 2006/04/11 20:21:28 rpaulo Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.10 2006/04/28 22:39:02 pavel Exp $");
 
 #include "opt_inet.h"
 #ifdef __FreeBSD__
@@ -634,7 +634,15 @@ DPRINTF(("esp_input_cb: %x %x\n", lastthree[0], lastthree[1]));
 	m_adj(m, -(lastthree[1] + 2));
 
 	/* Restore the Next Protocol field */
-	m_copyback(m, protoff, sizeof (u_int8_t), lastthree + 2);
+	m = m_copyback_cow(m, protoff, sizeof (u_int8_t), lastthree + 2,
+			   M_DONTWAIT);
+
+	if (m == NULL) {
+		espstat.esps_crypto++;
+		DPRINTF(("esp_input_cb: failed to allocate mbuf\n"));
+		error = ENOBUFS;
+		goto bad;
+	}
 
 	IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag);