Index: etc/mtree/BSD.tests.dist
===================================================================
--- etc/mtree/BSD.tests.dist
+++ etc/mtree/BSD.tests.dist
@@ -813,6 +813,8 @@
         netpfil
             common
             ..
+            ipfw
+            ..
             pf
                 ioctl
                 ..
Index: sys/netpfil/ipfw/nat64/nat64clat.c
===================================================================
--- sys/netpfil/ipfw/nat64/nat64clat.c
+++ sys/netpfil/ipfw/nat64/nat64clat.c
@@ -102,6 +102,9 @@
 	nat64_embed_ip4(&saddr, cfg->base.clat_plen, ip->ip_src.s_addr);
 	memcpy(&daddr, &cfg->base.plat_prefix, sizeof(daddr));
 	nat64_embed_ip4(&daddr, cfg->base.plat_plen, ip->ip_dst.s_addr);
+	if (m->m_pkthdr.rcvif == NULL &&
+		m->m_pkthdr.csum_flags & CSUM_DELAY_DATA)
+			in_delayed_cksum(m);
 	if (cfg->base.flags & NAT64_LOG) {
 		logdata = &loghdr;
 		nat64clat_log(logdata, m, AF_INET, cfg->no.kidx);
Index: tests/sys/netpfil/Makefile
===================================================================
--- tests/sys/netpfil/Makefile
+++ tests/sys/netpfil/Makefile
@@ -9,4 +9,8 @@
 					common
 .endif
 
+.if ${MK_INET_SUPPORT} != "no" || ${MK_INET6_SUPPORT} != "no"
+TESTS_SUBDIRS+=		ipfw
+.endif
+
 .include <bsd.test.mk>
Index: tests/sys/netpfil/ipfw/Makefile
===================================================================
--- tests/sys/netpfil/ipfw/Makefile
+++ tests/sys/netpfil/ipfw/Makefile
@@ -0,0 +1,9 @@
+# $FreeBSD$
+
+PACKAGE=	tests
+
+TESTSDIR=	${TESTSBASE}/sys/netpfil/ipfw
+
+ATF_TESTS_SH+=	nat64clat
+
+.include <bsd.test.mk>
Index: tests/sys/netpfil/ipfw/Makefile.depend
===================================================================
--- tests/sys/netpfil/ipfw/Makefile.depend
+++ tests/sys/netpfil/ipfw/Makefile.depend
@@ -0,0 +1,10 @@
+# Autogenerated - do NOT edit!
+
+DIRDEPS = \
+
+
+.include <dirdeps.mk>
+
+.if ${DEP_RELDIR} == ${_DEP_RELDIR}
+# local dependencies - needed for -jN in clean tree
+.endif
Index: tests/sys/netpfil/ipfw/nat64clat.sh
===================================================================
--- tests/sys/netpfil/ipfw/nat64clat.sh
+++ tests/sys/netpfil/ipfw/nat64clat.sh
@@ -0,0 +1,93 @@
+#-
+# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+#
+# Copyright (c) 2020 Evgeniy Khramtsov <evgeniy@khramtsov.org>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+. $(atf_get_srcdir)/../../common/vnet.subr
+
+atf_test_case "ipfw_464xlat_clat_ue_l4_cksum" "cleanup"
+ipfw_464xlat_clat_ue_l4_cksum_head()
+{
+	atf_set "descr" "Test ipfw 464XLAT CLAT UE L4 checksum"
+	atf_set "require.user" root
+}
+
+ipfw_464xlat_clat_ue_l4_cksum_body()
+{
+	vnet_init
+	if ! kldstat -q -m ipfw_nat64; then
+		atf_skip "This test requires ipfw_nat64"
+	fi
+
+	jname="ipfw_464xlat_clat_ue_l4_cksum_node-"
+	a="ipfw -q add"
+
+	gway_v6="2001:db8::1"
+	node_v6="2001:db8::2"
+	clat_v4="192.168.1.1"
+	clat_v6="2001:db8::c0a8:101"
+
+	epair=$(vnet_mkepair)
+
+	vnet_mkjail ${jname}a ${epair}a
+	jexec ${jname}a ${a} 10 pass all from any to any
+	jexec ${jname}a ifconfig ${epair}a inet6 ${gway_v6}/64 auto_linklocal \
+							       no_dad up
+
+	vnet_mkjail ${jname}b ${epair}b
+	jexec ${jname}b ipfw nat64clat UE create clat_prefix 2001:db8::/96 \
+						 plat_prefix 64:ff9b::/96  \
+						 allow_private
+	jexec ${jname}b ${a} 10 nat64clat UE ip4 from ${clat_v4}/32 to any out
+	jexec ${jname}b ${a} 20 nat64clat UE ip6 from 64:ff9b::/96 to \
+						      2001:db8::/96 in
+	jexec ${jname}b ${a} 30 pass all from any to any
+	jexec ${jname}b sysctl net.inet.ip.fw.nat64_direct_output=1
+	jexec ${jname}b ifconfig ${epair}b inet6 ${node_v6}/64 auto_linklocal \
+							       no_dad up
+	jexec ${jname}b ifconfig ${epair}b inet6 ${clat_v6}/64
+	jexec ${jname}b ifconfig ${epair}b inet  ${clat_v4}/32
+	jexec ${jname}b route -6 -q add default  ${gway_v6}
+	jexec ${jname}b route -4 -q add default  ${clat_v4} -mtu 1460
+
+	jexec ${jname}a /bin/sh -c \
+	"(tcpdump --immediate-mode -vv -c 1 host 64:ff9b::203.0.113.111\
+	> ~/tcp.log 2> /dev/null)&"
+	jexec ${jname}b timeout 1 nc -4 -zn 203.0.113.111 1
+	atf_check -o match:'correct' jexec ${jname}a cat ~/tcp.log
+	atf_check -o not-match:'incorrect' jexec ${jname}a cat ~/tcp.log
+}
+
+ipfw_464xlat_clat_ue_l4_cksum_cleanup()
+{
+	vnet_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "ipfw_464xlat_clat_ue_l4_cksum"
+}