From c8b3b605ae854ead6c8804e0400d80cb8fa73fdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20V=C3=B6lker?= Date: Fri, 19 Dec 2025 17:50:20 +0100 Subject: [PATCH] tcp: fix checksum calculation bug The new function in_delayed_cksum_o() was introduced to compute the checksum in the case the mbuf chain does not start with the IP header. The offset of the IP header is specified by the parameter iph_offset. If iph_offset was positive, the function computed an incorrect checksum. Reviewed by: sobomax, tuexen Fixes: 5feb38e37847 ("netinet: provide "at offset" variant of the in_delayed_cksum() API") MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D54269 --- sys/netinet/ip_output.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index a6b29c6a761..f1aa3c498ef 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1066,8 +1066,8 @@ in_delayed_cksum_o(struct mbuf *m, uint16_t iph_offset) if (csum == 0) csum = 0xffff; } else { - cklen = ntohs(ip->ip_len); - csum = in_cksum_skip(m, cklen, offset); + cklen = ntohs(ip->ip_len) - (ip->ip_hl << 2); + csum = in_cksum_skip(m, cklen + offset, offset); } offset += m->m_pkthdr.csum_data; /* checksum offset */