H-12: Unbounded RTO backoff shift

  - File: wolfip.c:118
  - Added TCP_RTO_MAX_BACKOFF constant (16U) to clamp backoff before shift

  I-5: TCP data retransmission no max retry limit
  - File: wolfip.c:3420-3424
  - Added TCP_DATA_RTO_MAXRTX (15U) and retry limit check before closing socket

  M-22: No IP header checksum validation
  - File: wolfip.c:2509-2521, 5224
  - Added iphdr_verify_checksum() and IP checksum validation in ip_recv()

  M-23: No TCP checksum validation
  - File: wolfip.c:3095-3105
  - Added TCP checksum validation in tcp_input()

  M-24: No UDP checksum validation
  - File: wolfip.c:1595-1605
  - Added UDP checksum validation in udp_try_recv() (for non-zero checksums)

  M-26: ICMP echo reply incremental checksum
  - File: wolfip.c:4521-4523
  - Replaced incremental ICMP checksum with full recomputation

  L-28/I-7: IS_IP_BCAST macro missing parentheses
  - File: wolfip.c:128
  - Fixed macro: added parentheses and U suffix

  L-29: ESP replay window seq_low underflow
  - File: wolfesp.c:1063-1065
  - Added underflow guard for seq_low calculation

  L-30: Debug function buffer overflow
  - File: wolfip_debug.c:91-101
  - Added guard for len <= 8 before computing print_len

  L-31/I-6: Duplicate initialization in TCP/UDP bind
  - File: wolfip.c:4372-4374, 4405-4407
  - Removed duplicate bind code for TCP and UDP

  L-32: ICMP receive strict equality
  - File: wolfip.c:1673
  - Changed != to < to allow Ethernet padding

  L-33: timers_binheap_insert no bounds check
  - File: wolfip.c:1523-1524
  - Added bounds check before inserting into timer heap

  M-25 (FIN in FIN_WAIT_2 not handled) was confirmed to be already fixed in the existing codebase.

Author: aidangarske