In article <rmi8xcoe33s.fsf@fnord.ir.bbn.com>,
Greg Troxel  <gdt@ir.bbn.com> wrote:
>I have a sparc64 running netbsd-4 that does tunnel-mode IPsec (v4 in
>v4), and it's been hitting the 'mbuf too short' check in
>ipsec4_splithdr.   I added debugging code and found that the first mbuf
>had zero bytes.  I then added a conditional pullup, and that's been hit
>with the machine surviving.
>
>ipsec4_splithdr: m->m_len 0 m_length 176 < 20
>ipsec4_splithdr: m->m_len 0 m_length 176 < 20
>ipsec4_splithdr: m->m_len 0 m_length 176 < 20
>
>I don't see why it's reasonable for ipsec4_splithdr to assume that
>struct ip fits in the first mbuf.

Is the second if statement even possible to fire?

christos