On Fri, Dec 14, 2007 at 11:36:52AM -0500, Arnaud Degroote wrote:
> 
> On Fri, Dec 14, 2007 at 10:38:03AM -0500, Sean Boudreau wrote:
> > Hi:
> > 
> > It's pretty easy to tickle the
> > IPSEC_ASSERT(remain < MLEN, ("m_makespace: remainder too big: %u",
> remain));
> > in m_makespace().  If not running DIAGNOSTIC an memcpy()
> > past a buffer occurs.  The following is more generic and
> > handles this case.  Any comments before I commit?
> 
> The patch seems ok. Maybe we can be a bit smarter in case where 
> hlen > M_TRAILINGSPACE(m) + remain. As we already need to allocate at
> least one mbuf for remain, we may try to preserve some space for hlen if
> we can't put in m after that. It can save one mbuf allocation in some
> cases. Not
> sure it is really important in fact. 
> 
> It would be nice if the patch can be pulled-up in NetBSD-4 (or must we
> wait for 4.1 ?).

Checked in.  I sent the pullup request off.  We'll see...

BTW looks like this is PR 30124.

-seanb