The following reply was made to PR port-xen/33162; it has been noted by GNATS.

From: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
To: Jeff Rizzo <riz@NetBSD.org>
Cc: gnats-bugs@NetBSD.org, port-xen@NetBSD.org
Subject: Re: port-xen/33162 [Re: FAST_IPSEC panics domU kernel]
Date: Wed, 29 Mar 2006 12:16:47 +0200

 I think netipsec is wrong - it is using m_copyback, but can't be really
 sure that the mbuf is not shared.
 
 Try the following (not even compile-tested) patch.
 
 AH and IPCOMP will probably need something similar.
 
 Pavel
 
 cvs diff: Diffing nbcvs/src/sys/netipsec
 Index: nbcvs/src/sys/netipsec/xform_esp.c
 ===================================================================
 RCS file: /cvsroot/src/sys/netipsec/xform_esp.c,v
 retrieving revision 1.8
 diff -u -r1.8 xform_esp.c
 --- nbcvs/src/sys/netipsec/xform_esp.c	23 Mar 2006 15:25:46 -0000	1.8
 +++ nbcvs/src/sys/netipsec/xform_esp.c	29 Mar 2006 10:01:45 -0000
 @@ -634,7 +634,15 @@
  	m_adj(m, -(lastthree[1] + 2));
  
  	/* Restore the Next Protocol field */
 -	m_copyback(m, protoff, sizeof (u_int8_t), lastthree + 2);
 +	m = m_copyback_cow(m, protoff, sizeof (u_int8_t), lastthree + 2,
 +			   M_DONTWAIT);
 +
 +	if (m == NULL) {
 +		espstat.esps_crypto++;
 +		DPRINTF(("esp_input_cb: failed to allocate mbuf\n"));
 +		error = ENOBUFS;
 +		goto bad;
 +	}
  
  	IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag);