Index: head/sys/netgraph/ng_nat.c
===================================================================
--- head/sys/netgraph/ng_nat.c
+++ head/sys/netgraph/ng_nat.c
@@ -806,11 +806,16 @@
 		panic("Corrupted priv->dlt: %u", priv->dlt);
 	}
 
+	if (m->m_pkthdr.len < ipofs + sizeof(struct ip))
+		goto send;		/* packet too short to hold IP */
+
 	c = (char *)mtodo(m, ipofs);
 	ip = (struct ip *)mtodo(m, ipofs);
 
-	KASSERT(m->m_pkthdr.len == ipofs + ntohs(ip->ip_len),
-	    ("ng_nat: ip_len != m_pkthdr.len"));
+	if (ip->ip_v != IPVERSION)
+		goto send;		/* other IP version, let it pass */
+	if (m->m_pkthdr.len < ipofs + ntohs(ip->ip_len))
+		goto send;		/* packet too short (i.e. fragmented or broken) */
 
 	/*
 	 * We drop packet when: