So what I don't get is why

			if (frpr_pullup(fin, ICMP6ERR_MINPKTLEN) == -1)
				return;

is adequate, since I think we need ICMP6ERR_IPICMPHLEN to get the
included header.  But I do not understand how frpr_pullup and the data
pointer interact.


/*
 * ICMP error replies have an IP header (20 bytes), 8 bytes of ICMP data,
 * another IP header and then 64 bits of data, totalling 56.  Of course,
 * the last 64 bits is dependent on that being available.
 */
#define	ICMPERR_ICMPHLEN	8
#define	ICMPERR_IPICMPHLEN	(20 + 8)
#define	ICMPERR_MINPKTLEN	(20 + 8 + 20)
#define	ICMPERR_MAXPKTLEN	(20 + 8 + 20 + 8)
#define ICMP6ERR_MINPKTLEN	(40 + 8)
#define ICMP6ERR_IPICMPHLEN	(40 + 8 + 40)