Don't zero ip->ip_sum during sum validation. This should only

affect programs that sit on top of divert(4) sockets.  The
multicast routing code already unconditionally zeros the sum
before recalculating.

Any code that unconditionaly sums a packet without first zeroing
the sum (assuming that it's already zero'd) will break.  No such
code seems to exist.

sys/netinet/ip_input.c

@@ -216,6 +216,7 @@ ip_input(struct mbuf *m)
 	struct ipq *fp;
 	struct in_ifaddr *ia;
 	int hlen;
+	u_short sum;
 
 #ifdef	DIAGNOSTIC
 	if ((m->m_flags & M_PKTHDR) == 0)
@@ -264,11 +265,11 @@ ip_input(struct mbuf *m)
 		ip = mtod(m, struct ip *);
 	}
 	if (hlen == sizeof(struct ip)) {
-		ip->ip_sum = in_cksum_hdr(ip);
+		sum = in_cksum_hdr(ip);
 	} else {
-		ip->ip_sum = in_cksum(m, hlen);
+		sum = in_cksum(m, hlen);
 	}
-	if (ip->ip_sum) {
+	if (sum) {
 		ipstat.ips_badsum++;
 		goto bad;
 	}