Port r329561 to stable/10. There were structural changes preventing MFC.
Check packet length to not make an out of bounds access. Also, save ah_nxt
value to use later, since the ah pointer can become invalid.
Reviewed by: ae@
Approved by: so
Security: CVE-2018-6916
Security: FreeBSD-SA-18:01.ipsec