Index: tcp_input.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/tcp_input.c,v
retrieving revision 1.357.4.4
diff -u -p -u -r1.357.4.4 tcp_input.c
--- tcp_input.c	7 Jul 2020 11:56:57 -0000	1.357.4.4
+++ tcp_input.c	8 Jul 2020 13:34:29 -0000
@@ -1272,6 +1272,12 @@ tcp_input(struct mbuf *m, ...)
 	}
 #endif
 
+	IP6_EXTHDR_GET(th, struct tcphdr *, m, toff, sizeof(struct tcphdr));
+	if (th == NULL) {
+		TCP_STATINC(TCP_STAT_RCVSHORT);
+		return;
+	}
+
 	/*
 	 * Enforce alignment requirements that are violated in
 	 * some cases, see kern/50766 for details.
@@ -1301,15 +1307,8 @@ tcp_input(struct mbuf *m, ...)
 	case 4:
 		af = AF_INET;
 		iphlen = sizeof(struct ip);
-		IP6_EXTHDR_GET(th, struct tcphdr *, m, toff,
-			sizeof(struct tcphdr));
-		if (th == NULL) {
-			TCP_STATINC(TCP_STAT_RCVSHORT);
-			return;
-		}
 		/* We do the checksum after PCB lookup... */
 		len = ntohs(ip->ip_len);
-		tlen = len - toff;
 		iptos = ip->ip_tos;
 		break;
 #endif
@@ -1317,13 +1316,6 @@ tcp_input(struct mbuf *m, ...)
 	case 6:
 		iphlen = sizeof(struct ip6_hdr);
 		af = AF_INET6;
-		IP6_EXTHDR_GET(th, struct tcphdr *, m, toff,
-			sizeof(struct tcphdr));
-		if (th == NULL) {
-			TCP_STATINC(TCP_STAT_RCVSHORT);
-			return;
-		}
-
 		/* Be proactive about malicious use of IPv4 mapped address */
 		if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
 		    IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
@@ -1355,7 +1347,6 @@ tcp_input(struct mbuf *m, ...)
 
 		/* We do the checksum after PCB lookup... */
 		len = m->m_pkthdr.len;
-		tlen = len - toff;
 		iptos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
 		break;
 #endif
@@ -1364,6 +1355,8 @@ tcp_input(struct mbuf *m, ...)
 		return;
 	}
 
+	tlen = len - toff;
+
 	/*
 	 * Check that TCP offset makes sense,
 	 * pull out TCP options and adjust length.		XXX