replace zero UDP checksum with 0xFFF to avoid receivers interpretingt it

as "no checksum was computer"

Author: gasbytes

src/test/unit/unit.c

@@ -675,6 +675,7 @@ Suite *wolf_suite(void)
     tcase_add_test(tc_proto, test_regression_paws_rejects_stale_timestamp);
     tcase_add_test(tc_proto, test_regression_dhcp_nak_restarts_configuration);
     tcase_add_test(tc_proto, test_regression_dns_rcode_error_aborts_query);
+    tcase_add_test(tc_proto, test_regression_udp_checksum_zero_substituted_with_ffff);
 
     tcase_add_test(tc_utils, test_transport_checksum);
     tcase_add_test(tc_utils, test_iphdr_set_checksum);

src/test/unit/unit_tests_proto.c

@@ -4317,4 +4317,52 @@ START_TEST(test_regression_dns_rcode_error_aborts_query)
 END_TEST
 
 
+/* RFC 768: if the computed UDP checksum is zero, it must be transmitted
+ * as 0xFFFF.  A zero checksum means "no checksum computed" and the
+ * receiver would skip verification.  The current code stores the raw
+ * transport_checksum result without zero-substitution. */
+START_TEST(test_regression_udp_checksum_zero_substituted_with_ffff)
+{
+    struct wolfIP s;
+    struct tsocket *ts;
+    struct wolfIP_udp_datagram udp;
+
+    /* Craft a UDP datagram whose pseudo-header + data sums to 0xFFFF
+     * in one's complement, causing transport_checksum to return 0.
+     *
+     * Pseudo-header: src=0, dst=0, proto=0x11, len=8
+     *   sum = 0x0011 + 0x0008 = 0x0019
+     * UDP header: src_port=0xFFDE, dst_port=0, udp_len=8, csum=0
+     *   sum += 0xFFDE + 0 + 0x0008 = 0xFFE6
+     * Total = 0x0019 + 0xFFE6 = 0xFFFF -> ~0xFFFF = 0 */
+
+    wolfIP_init(&s);
+    mock_link_init(&s);
+    wolfIP_ipconfig_set(&s, 0, 0, 0);
+
+    /* Set up a UDP socket so ip_output_add_header can be called */
+    ts = &s.udpsockets[0];
+    memset(ts, 0, sizeof(*ts));
+    ts->proto = WI_IPPROTO_UDP;
+    ts->S = &s;
+    ts->local_ip = 0;
+    ts->remote_ip = 0;
+    ts->if_idx = TEST_PRIMARY_IF;
+
+    memset(&udp, 0, sizeof(udp));
+    udp.src_port = ee16(0xFFDE);
+    udp.dst_port = 0;
+    udp.len = ee16(8);
+    udp.csum = 0;
+
+    ip_output_add_header(ts, (struct wolfIP_ip_packet *)&udp,
+                         WI_IPPROTO_UDP, IP_HEADER_LEN + 8);
+
+    /* The stored checksum must be 0xFFFF, not 0. */
+    ck_assert_uint_ne(udp.csum, 0);
+    ck_assert_uint_eq(ee16(udp.csum), 0xFFFF);
+}
+END_TEST
+
+
 /* ----------------------------------------------------------------------- */

src/wolfip.c

@@ -3084,8 +3084,12 @@ static int ip_output_add_header(struct tsocket *t, struct wolfIP_ip_packet *ip,
         tcp->csum = ee16(transport_checksum(&ph, &tcp->src_port));
     } else if (proto == WI_IPPROTO_UDP) {
         struct wolfIP_udp_datagram *udp = (struct wolfIP_udp_datagram *)ip;
+        uint16_t udp_csum;
         udp->csum = 0;
-        udp->csum = ee16(transport_checksum(&ph, &udp->src_port));
+        udp_csum = transport_checksum(&ph, &udp->src_port);
+        /* RFC 768: a zero checksum means "no checksum computed," so
+         * a computed zero must be transmitted as 0xFFFF. */
+        udp->csum = ee16(udp_csum ? udp_csum : 0xFFFF);
     } else if (proto == WI_IPPROTO_ICMP) {
         struct wolfIP_icmp_packet *icmp = (struct wolfIP_icmp_packet *)ip;
         icmp->csum = 0;