>> >> ip_fil.c:send_reset()
>> >> 	packet size may possibly overrun mbuf, on certain operating systems
>> >> 	(like MSIZE == 128 and sizeof(void *) == 8).
>> >huh ?
>> >In send_reset(), it is ONLY IPv6 + TCP.
>> >You're telling me that'll overflow 128 bytes ?!
>> >Likewise, I don't see anything that does anything with "sizeof(void *)"/
>> 
>> 	MHLEN = MSIZE - sizeof(a couple of pointers and integers).
>> 	TCP header (including option part) can take up to 64 bytes.
>> 	IPv6 header occupies 40 bytes.
>> 	if 40 + 64 > MHLEN, you are dead.
>TCP RST's are generated without TCP options and have 20 byte headers.

	if I were you I would put
		#ifdef DIAGNOSTIC
			if (MHLEN > 20 + 64)
				panic("foo");
		#endif

itojun