ng_nat: avoid panic if attached directly to ng_ether and got short packet
From the beginning, ng_nat safely assumed cleansed traffic
because of limited ways it could be attached to NETGRAPH:
ng_ipfw or ng_ppp only.
Now as it may be attached with ng_ether too, the assumption proven wrong.
Add needed check to the ng_nat. Thanks for markj for debugging this.
Submitted by: Lutz Donnerhacke <firstname.lastname@example.org>
Reported by: Robert James Hernandez <email@example.com>
Reviewed by: markj and others
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D23091