strongSwan

Running case 'chunk_internet_checksum': -
Failure in 'test_chunk_internet_checksum': 0x442e != ntohs(sum) (17454 != 17455) (suites/test_chunk.c:799, i = 0)

I ran the test suite in QEMU (mips) and got the same result (17455 instead of 17454). I tried to replicate the problem in a simple test program, but wasn't able to. That is, until I included arpa/inet.h (ntohs() might be a compiler built-in as it worked fine without that include).

Further analysis showed that the problem was caused by the definition of ntohs() and friends in netinet/in.h. On big-endian systems they are defined as noops (e.g. #define ntohs(x) (x)), so there is no function call (or cast) involved that would shorten the argument (or result) of ntohs() to 16-bit. On the first line here

u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum)
{
    u_int32_t sum = ntohs(~checksum);

checksum is promoted to 32-bit when it is negated, so with an initial value of 0xffff and without shortening to 16-bit we end up with sum = 0xffff0000. If ntohs() was a function call or if there was a cast to 16-bit everything would be fine, but since that doesn't happen the calculation later is incorrect.

There was also a bug in the unit test on big-endian systems. I pushed fixes to the inet-checksum branch.