Limit the nested header chain for IPv6 extensions headers and for
authentication headers in the IPv4 case. This prevents spending
excessive cpu time on crafted packets.
OK henning@

Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 2e5bc81177
Sponsored by: Rubicon Communications, LLC ("Netgate")