Index: share/man/man4/ng_nat.4
===================================================================
--- share/man/man4/ng_nat.4
+++ share/man/man4/ng_nat.4
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 12, 2018
+.Dd January 13, 2020
 .Dt NG_NAT 4
 .Os
 .Sh NAME
@@ -388,12 +388,26 @@
         msg igb0_NAT: setaliasaddr x.y.8.35
 SEQ
 .Ed
+.Sh BUGS
+Originally
+.Nm
+was expected to be attached only via
+.Xr ng_ipfw 4
+and later
+.Xr ng_ppp 4
+which both cleanse IPv4 traffic.  Other nodes, i.e.
+.Xr ng_ether 4 ,
+don't do that, thus
+.Nm ng_nat
+may panic if it recieves non-IPv4, incomplete, or
+broken packets.
 .Sh SEE ALSO
 .Xr libalias 3 ,
 .Xr ng_ipfw 4 ,
 .Xr natd 8 ,
 .Xr ngctl 8 ,
-.Xr ng_ether 8
+.Xr ng_ppp 4,
+.Xr ng_ether 4
 .Sh HISTORY
 The
 .Nm
Index: sys/netgraph/ng_nat.c
===================================================================
--- sys/netgraph/ng_nat.c
+++ sys/netgraph/ng_nat.c
@@ -807,11 +807,16 @@
 		panic("Corrupted priv->dlt: %u", priv->dlt);
 	}
 
+	if (m->m_pkthdr.len < ipofs + sizeof(struct ip))
+		goto send;		/* packet too short to hold IP */
+
 	c = (char *)mtodo(m, ipofs);
 	ip = (struct ip *)mtodo(m, ipofs);
 
-	KASSERT(m->m_pkthdr.len == ipofs + ntohs(ip->ip_len),
-	    ("ng_nat: ip_len != m_pkthdr.len"));
+	if (ip->ip_v != IPVERSION)
+		goto send;		/* other IP version, let it pass */
+	if (m->m_pkthdr.len < ipofs + ntohs(ip->ip_len))
+		goto send;		/* packet too short (i.e. fragmented or broken) */
 
 	/*
 	 * We drop packet when: