fr_check_wrapper, fr_check_wrapper6:

ensure that mbufs are writable beforehand as ipf assumes.
PR/26773 and PR/26850.

sys/netinet/ip_fil_netbsd.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_fil_netbsd.c,v 1.14 2004/08/04 03:55:06 christos Exp $	*/
+/*	$NetBSD: ip_fil_netbsd.c,v 1.15 2004/09/06 10:00:43 yamt Exp $	*/
 
 /*
  * Copyright (C) 1993-2003 by Darren Reed.
@@ -125,8 +125,22 @@ struct mbuf **mp;
 struct ifnet *ifp;
 int dir;
 {
-	struct ip *ip = mtod(*mp, struct ip *);
-	int rv, hlen = ip->ip_hl << 2;
+	struct ip *ip;
+	int rv, hlen;
+	int error;
+
+	/*
+	 * ensure that mbufs are writable beforehand
+	 * as it's assumed by ipf code.
+	 * ip hdr (60 bytes) + tcp hdr (60 bytes) should be enough.
+	 * XXX inefficient
+	 */
+	error = m_makewritable(mp, 0, 60 + 60, M_DONTWAIT);
+	if (error) {
+		m_freem(*mp);
+		*mp = NULL;
+		return error;
+	}
 
 #if defined(M_CSUM_TCPv4)
 	/*
@@ -143,6 +157,9 @@ int dir;
 	}
 #endif /* M_CSUM_TCPv4 */
 
+	ip = mtod(*mp, struct ip *);
+	hlen = ip->ip_hl << 2;
+
 	/*
 	 * We get the packet with all fields in network byte
 	 * order.  We expect ip_len and ip_off to be in host
@@ -177,7 +194,20 @@ struct mbuf **mp;
 struct ifnet *ifp;
 int dir;
 {
+	int error;
 	
+	/*
+	 * ensure that mbufs are writable beforehand
+	 * as it's assumed by ipf code.
+	 * XXX inefficient
+	 */
+	error = m_makewritable(mp, 0, M_COPYALL, M_DONTWAIT);
+	if (error) {
+		m_freem(*mp);
+		*mp = NULL;
+		return error;
+	}
+
 	return (fr_check(mtod(*mp, struct ip *), sizeof(struct ip6_hdr),
 	    ifp, (dir == PFIL_OUT), mp));
 }