Page MenuHomeFreeBSD
Files F135940806

D47063.diff
No OneTemporary
Actions

D47063.diff
View Options

diff --git a/sys/dev/cxgbe/crypto/t6_kern_tls.c b/sys/dev/cxgbe/crypto/t6_kern_tls.c
--- a/sys/dev/cxgbe/crypto/t6_kern_tls.c
+++ b/sys/dev/cxgbe/crypto/t6_kern_tls.c
@@ -995,7 +995,7 @@
* See if we have any TCP options or a FIN requiring a
* dedicated packet.
*/
- if ((tcp->th_flags & TH_FIN) != 0 || ktls_has_tcp_options(tcp)) {
+ if ((tcp_get_flags(tcp) & TH_FIN) != 0 || ktls_has_tcp_options(tcp)) {
wr_len = sizeof(struct fw_eth_tx_pkt_wr) +
sizeof(struct cpl_tx_pkt_core) + roundup2(m->m_len, 16);
if (wr_len > SGE_MAX_WR_LEN) {
@@ -1180,7 +1180,7 @@
/* Clear PUSH and FIN in the TCP header if present. */
tcp = (void *)((char *)eh + m->m_pkthdr.l2hlen + m->m_pkthdr.l3hlen);
newtcp = *tcp;
- newtcp.th_flags &= ~(TH_PUSH | TH_FIN);
+ tcp_set_flags(&newtcp, tcp_get_flags(&newtcp) & ~(TH_PUSH | TH_FIN));
copy_to_txd(&txq->eq, (caddr_t)&newtcp, &out, sizeof(newtcp));
/* Copy rest of packet. */
@@ -1370,7 +1370,7 @@
CTR4(KTR_CXGBE, "%s: tid %d short TLS record %u with offset %u",
__func__, tlsp->tid, (u_int)m_tls->m_epg_seqno, offset);
#endif
- if (m_tls->m_next == NULL && (tcp->th_flags & TH_FIN) != 0) {
+ if (m_tls->m_next == NULL && (tcp_get_flags(tcp) & TH_FIN) != 0) {
txq->kern_tls_fin_short++;
#ifdef INVARIANTS
panic("%s: FIN on short TLS record", __func__);
@@ -1385,7 +1385,7 @@
* FIN is set, then ktls_write_tcp_fin() will write out the
* last work request.
*/
- last_wr = m_tls->m_next == NULL && (tcp->th_flags & TH_FIN) == 0;
+ last_wr = m_tls->m_next == NULL && (tcp_get_flags(tcp) & TH_FIN) == 0;
/*
* The host stack may ask us to not send part of the start of
@@ -1769,7 +1769,7 @@
tx_data->rsvd = htobe32(tcp_seqno + m_tls->m_epg_hdrlen + offset);
}
tx_data->flags = htobe32(F_TX_BYPASS);
- if (last_wr && tcp->th_flags & TH_PUSH)
+ if (last_wr && tcp_get_flags(tcp) & TH_PUSH)
tx_data->flags |= htobe32(F_TX_PUSH | F_TX_SHOVE);
/* Populate the TLS header */
@@ -1966,7 +1966,7 @@
tcp = (struct tcphdr *)((char *)eh + m->m_pkthdr.l2hlen +
m->m_pkthdr.l3hlen);
pidx = eq->pidx;
- has_fin = (tcp->th_flags & TH_FIN) != 0;
+ has_fin = (tcp_get_flags(tcp) & TH_FIN) != 0;
/*
* If this TLS record has a FIN, then we will send any
diff --git a/sys/dev/cxgbe/tom/t4_listen.c b/sys/dev/cxgbe/tom/t4_listen.c
--- a/sys/dev/cxgbe/tom/t4_listen.c
+++ b/sys/dev/cxgbe/tom/t4_listen.c
@@ -1592,7 +1592,7 @@
pass_accept_req_to_protohdrs(sc, synqe->syn, inc, th, &iptos);
/* modify parts to make it look like the ACK to our SYN|ACK */
- th->th_flags = TH_ACK;
+ tcp_set_flags(th, TH_ACK);
th->th_ack = synqe->iss + 1;
th->th_seq = be32toh(cpl->rcv_isn);
bzero(to, sizeof(*to));
diff --git a/sys/dev/hyperv/netvsc/if_hn.c b/sys/dev/hyperv/netvsc/if_hn.c
--- a/sys/dev/hyperv/netvsc/if_hn.c
+++ b/sys/dev/hyperv/netvsc/if_hn.c
@@ -898,7 +898,7 @@
PULLUP_HDR(m_head, ehlen + iphlen + sizeof(*th));
th = mtodo(m_head, ehlen + iphlen);
- if (th->th_flags & TH_SYN)
+ if (tcp_get_flags(th) & TH_SYN)
*tcpsyn = 1;
return (m_head);
}
diff --git a/sys/dev/irdma/irdma_cm.c b/sys/dev/irdma/irdma_cm.c
--- a/sys/dev/irdma/irdma_cm.c
+++ b/sys/dev/irdma/irdma_cm.c
@@ -395,25 +395,25 @@
if (flags & SET_ACK) {
cm_node->tcp_cntxt.loc_ack_num = cm_node->tcp_cntxt.rcv_nxt;
tcph->th_ack = htonl(cm_node->tcp_cntxt.loc_ack_num);
- tcph->th_flags |= TH_ACK;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_ACK);
} else {
tcph->th_ack = 0;
}
if (flags & SET_SYN) {
cm_node->tcp_cntxt.loc_seq_num++;
- tcph->th_flags |= TH_SYN;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_SYN);
} else {
cm_node->tcp_cntxt.loc_seq_num += hdr_len + pd_len;
}
if (flags & SET_FIN) {
cm_node->tcp_cntxt.loc_seq_num++;
- tcph->th_flags |= TH_FIN;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_FIN);
}
if (flags & SET_RST)
- tcph->th_flags |= TH_RST;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_RST);
tcph->th_off = (u16)((sizeof(*tcph) + opts_len + 3) >> 2);
sqbuf->tcphlen = tcph->th_off << 2;
@@ -582,25 +582,25 @@
if (flags & SET_ACK) {
cm_node->tcp_cntxt.loc_ack_num = cm_node->tcp_cntxt.rcv_nxt;
tcph->th_ack = htonl(cm_node->tcp_cntxt.loc_ack_num);
- tcph->th_flags |= TH_ACK;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_ACK);
} else {
tcph->th_ack = 0;
}
if (flags & SET_SYN) {
cm_node->tcp_cntxt.loc_seq_num++;
- tcph->th_flags |= TH_SYN;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_SYN);
} else {
cm_node->tcp_cntxt.loc_seq_num += hdr_len + pd_len;
}
if (flags & SET_FIN) {
cm_node->tcp_cntxt.loc_seq_num++;
- tcph->th_flags |= TH_FIN;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_FIN);
}
if (flags & SET_RST)
- tcph->th_flags |= TH_RST;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_RST);
tcph->th_off = (u16)((sizeof(*tcph) + opts_len + 3) >> 2);
sqbuf->tcphlen = tcph->th_off << 2;
@@ -796,7 +796,7 @@
if (optionsize) {
ret = irdma_process_options(cm_node, optionsloc, optionsize,
- (u32)tcph->th_flags & TH_SYN);
+ (u32)tcp_get_flags(tcph) & TH_SYN);
if (ret) {
irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
"Node %p, Sending Reset\n", cm_node);
@@ -2767,16 +2767,16 @@
u32 fin_set = 0;
int err;
- if (tcph->th_flags & TH_RST) {
+ if (tcp_get_flags(tcph) & TH_RST) {
pkt_type = IRDMA_PKT_TYPE_RST;
- } else if (tcph->th_flags & TH_SYN) {
+ } else if (tcp_get_flags(tcph) & TH_SYN) {
pkt_type = IRDMA_PKT_TYPE_SYN;
- if (tcph->th_flags & TH_ACK)
+ if (tcp_get_flags(tcph) & TH_ACK)
pkt_type = IRDMA_PKT_TYPE_SYNACK;
- } else if (tcph->th_flags & TH_ACK) {
+ } else if (tcp_get_flags(tcph) & TH_ACK) {
pkt_type = IRDMA_PKT_TYPE_ACK;
}
- if (tcph->th_flags & TH_FIN)
+ if (tcp_get_flags(tcph) & TH_FIN)
fin_set = 1;
switch (pkt_type) {
@@ -3067,7 +3067,7 @@
/*
* Only type of packet accepted are for the PASSIVE open (syn only)
*/
- if (!(tcph->th_flags & TH_SYN) || tcph->th_flags & TH_ACK)
+ if (!(tcp_get_flags(tcph) & TH_SYN) || tcp_get_flags(tcph) & TH_ACK)
return;
listener = irdma_find_listener(cm_core,
@@ -3093,7 +3093,7 @@
return;
}
- if (!(tcph->th_flags & (TH_RST | TH_FIN))) {
+ if (!(tcp_get_flags(tcph) & (TH_RST | TH_FIN))) {
cm_node->state = IRDMA_CM_STATE_LISTENING;
} else {
irdma_rem_ref_cm_node(cm_node);
diff --git a/sys/dev/mlx5/mlx5_en/mlx5_en_rx.c b/sys/dev/mlx5/mlx5_en/mlx5_en_rx.c
--- a/sys/dev/mlx5/mlx5_en/mlx5_en_rx.c
+++ b/sys/dev/mlx5/mlx5_en/mlx5_en_rx.c
@@ -168,10 +168,10 @@
ts_ptr = (uint32_t *)(th + 1);
if (get_cqe_lro_tcppsh(cqe))
- th->th_flags |= TH_PUSH;
+ tcp_set_flags(th, tcp_get_flags(th) | TH_PUSH);
if (tcp_ack) {
- th->th_flags |= TH_ACK;
+ tcp_set_flags(th, tcp_get_flags(th) | TH_ACK);
th->th_ack = cqe->lro_ack_seq_num;
th->th_win = cqe->lro_tcp_win;
diff --git a/sys/dev/oce/oce_if.c b/sys/dev/oce/oce_if.c
--- a/sys/dev/oce/oce_if.c
+++ b/sys/dev/oce/oce_if.c
@@ -1494,7 +1494,7 @@
/* correct tcp header */
tcp_hdr->th_ack = htonl(cqe2->tcp_ack_num);
if(cqe2->push) {
- tcp_hdr->th_flags |= TH_PUSH;
+ tcp_set_flags(tcp_hdr, tcp_get_flags(tcp_hdr) | TH_PUSH);
}
tcp_hdr->th_win = htons(cqe2->tcp_window);
tcp_hdr->th_sum = 0xffff;
diff --git a/sys/dev/qlxgbe/ql_isr.c b/sys/dev/qlxgbe/ql_isr.c
--- a/sys/dev/qlxgbe/ql_isr.c
+++ b/sys/dev/qlxgbe/ql_isr.c
@@ -280,7 +280,7 @@
th = (struct tcphdr *)(mpf->m_data + sgc->l4_offset);
if (sgc->flags & Q8_LRO_COMP_PUSH_BIT)
- th->th_flags |= TH_PUSH;
+ tcp_set_flags(th, tcp_get_flags(th) | TH_PUSH);
m_adj(mpf, sgc->l2_offset);
diff --git a/sys/dev/sfxge/sfxge_rx.c b/sys/dev/sfxge/sfxge_rx.c
--- a/sys/dev/sfxge/sfxge_rx.c
+++ b/sys/dev/sfxge/sfxge_rx.c
@@ -483,7 +483,7 @@
iph->ip6_plen += mbuf->m_len;
c_th = (struct tcphdr *)(iph + 1);
}
- c_th->th_flags |= (th->th_flags & TH_PUSH);
+ tcp_set_flags(c_th, tcp_get_flags(c_th) | (tcp_get_flags(th) & TH_PUSH));
c->th_last = th;
++st->n_merges;
@@ -545,7 +545,7 @@
hdr_length);
th_seq = ntohl(th->th_seq);
dont_merge = ((data_length <= 0)
- | (th->th_flags & (TH_URG | TH_SYN | TH_RST | TH_FIN)));
+ | (tcp_get_flags(th) & (TH_URG | TH_SYN | TH_RST | TH_FIN)));
/* Check for options other than aligned timestamp. */
if (th->th_off != 5) {
@@ -592,7 +592,7 @@
if (__predict_false(dont_merge)) {
if (c->mbuf != NULL)
sfxge_lro_deliver(&rxq->lro, c);
- if (th->th_flags & (TH_FIN | TH_RST)) {
+ if (tcp_get_flags(th) & (TH_FIN | TH_RST)) {
++rxq->lro.n_drop_closed;
sfxge_lro_drop(rxq, c);
return (0);
diff --git a/sys/dev/sfxge/sfxge_tx.c b/sys/dev/sfxge/sfxge_tx.c
--- a/sys/dev/sfxge/sfxge_tx.c
+++ b/sys/dev/sfxge/sfxge_tx.c
@@ -859,10 +859,10 @@
* generates TSO packets with RST flag. So, do not assert
* its absence.
*/
- KASSERT(!(th->th_flags & (TH_URG | TH_SYN)),
+ KASSERT(!(tcp_get_flags(th) & (TH_URG | TH_SYN)),
("incompatible TCP flag 0x%x on TSO packet",
- th->th_flags & (TH_URG | TH_SYN)));
- TSO_MBUF_FLAGS(mbuf) = th->th_flags;
+ tcp_get_flags(th) & (TH_URG | TH_SYN)));
+ TSO_MBUF_FLAGS(mbuf) = tcp_get_flags(th);
}
#endif
@@ -1117,10 +1117,10 @@
* generates TSO packets with RST flag. So, do not assert
* its absence.
*/
- KASSERT(!(th->th_flags & (TH_URG | TH_SYN)),
+ KASSERT(!(tcp_get_flags(th) & (TH_URG | TH_SYN)),
("incompatible TCP flag 0x%x on TSO packet",
- th->th_flags & (TH_URG | TH_SYN)));
- tso->tcp_flags = th->th_flags;
+ tcp_get_flags(th) & (TH_URG | TH_SYN)));
+ tso->tcp_flags = tcp_get_flags(th);
#else
tso->seqnum = TSO_MBUF_SEQNUM(mbuf);
tso->tcp_flags = TSO_MBUF_FLAGS(mbuf);
@@ -1319,7 +1319,7 @@
if (tso->out_len > tso->seg_size) {
/* This packet will not finish the TSO burst. */
ip_length = tso->header_len - tso->nh_off + tso->seg_size;
- tsoh_th->th_flags &= ~(TH_FIN | TH_PUSH);
+ tcp_set_flags(tsoh_th, tcp_get_flags(tsoh_th) & ~(TH_FIN | TH_PUSH));
} else {
/* This packet will be the last in the TSO burst. */
ip_length = tso->header_len - tso->nh_off + tso->out_len;
diff --git a/sys/dev/virtio/network/if_vtnet.c b/sys/dev/virtio/network/if_vtnet.c
--- a/sys/dev/virtio/network/if_vtnet.c
+++ b/sys/dev/virtio/network/if_vtnet.c
@@ -2438,7 +2438,7 @@
hdr->gso_type = eth_type == ETHERTYPE_IP ? VIRTIO_NET_HDR_GSO_TCPV4 :
VIRTIO_NET_HDR_GSO_TCPV6;
- if (__predict_false(tcp->th_flags & TH_CWR)) {
+ if (__predict_false(tcp_get_flags(tcp) & TH_CWR)) {
/*
* Drop if VIRTIO_NET_F_HOST_ECN was not negotiated. In
* FreeBSD, ECN support is not on a per-interface basis,
diff --git a/sys/dev/virtio/network/virtio_net.h b/sys/dev/virtio/network/virtio_net.h
--- a/sys/dev/virtio/network/virtio_net.h
+++ b/sys/dev/virtio/network/virtio_net.h
@@ -481,7 +481,7 @@
hdr->gso_type = eth_type == ETHERTYPE_IP ? VIRTIO_NET_HDR_GSO_TCPV4 :
VIRTIO_NET_HDR_GSO_TCPV6;
- if (tcp->th_flags & TH_CWR) {
+ if (tcp_get_flags(tcp) & TH_CWR) {
/*
* Drop if VIRTIO_NET_F_HOST_ECN was not negotiated. In FreeBSD,
* ECN support is not on a per-interface basis, but globally via
diff --git a/sys/net/iflib.h b/sys/net/iflib.h
--- a/sys/net/iflib.h
+++ b/sys/net/iflib.h
@@ -121,13 +121,13 @@
uint16_t ipi_tso_segsz; /* tso segment size */
uint16_t ipi_vtag; /* VLAN tag */
uint16_t ipi_etype; /* ether header type */
- uint8_t ipi_tcp_hflags; /* tcp header flags */
- uint8_t ipi_mflags; /* packet mbuf flags */
+ uint16_t ipi_tcp_hflags; /* tcp header flags */
uint32_t ipi_tcp_seq; /* tcp seqno */
uint8_t ipi_ip_tos; /* IP ToS field data */
+ uint8_t ipi_mflags; /* packet mbuf flags */
uint8_t __spare0__;
- uint16_t __spare1__;
+ uint8_t __spare1__;
} *if_pkt_info_t;
typedef struct if_irq {
diff --git a/sys/net/iflib.c b/sys/net/iflib.c
--- a/sys/net/iflib.c
+++ b/sys/net/iflib.c
@@ -3420,7 +3420,7 @@
return (ENOMEM);
th = (struct tcphdr *)((caddr_t)ip + pi->ipi_ip_hlen);
}
- pi->ipi_tcp_hflags = th->th_flags;
+ pi->ipi_tcp_hflags = tcp_get_flags(th);
pi->ipi_tcp_hlen = th->th_off << 2;
pi->ipi_tcp_seq = th->th_seq;
}
@@ -3473,7 +3473,7 @@
if (__predict_false((m = m_pullup(m, pi->ipi_ehdrlen + sizeof(struct ip6_hdr) + sizeof(struct tcphdr))) == NULL))
return (ENOMEM);
}
- pi->ipi_tcp_hflags = th->th_flags;
+ pi->ipi_tcp_hflags = tcp_get_flags(th);
pi->ipi_tcp_hlen = th->th_off << 2;
pi->ipi_tcp_seq = th->th_seq;
}
diff --git a/sys/net/slcompress.c b/sys/net/slcompress.c
--- a/sys/net/slcompress.c
+++ b/sys/net/slcompress.c
@@ -170,7 +170,7 @@
return (TYPE_IP);
th = (struct tcphdr *)&((int32_t *)ip)[hlen];
- if ((th->th_flags & (TH_SYN|TH_FIN|TH_RST|TH_ACK)) != TH_ACK)
+ if ((tcp_get_flags(th) & (TH_SYN|TH_FIN|TH_RST|TH_ACK)) != TH_ACK)
return (TYPE_IP);
/*
* Packet is compressible -- we're going to send either a
@@ -271,7 +271,7 @@
* ack, seq (the order minimizes the number of temporaries
* needed in this section of code).
*/
- if (th->th_flags & TH_URG) {
+ if (tcp_get_flags(th) & TH_URG) {
deltaS = ntohs(th->th_urp);
ENCODEZ(deltaS);
changes |= NEW_U;
@@ -351,7 +351,7 @@
ENCODEZ(deltaS);
changes |= NEW_I;
}
- if (th->th_flags & TH_PUSH)
+ if (tcp_get_flags(th) & TH_PUSH)
changes |= TCP_PUSH_BIT;
/*
* Grab the cksum before we overwrite it below. Then update our
@@ -516,9 +516,9 @@
th->th_sum = htons((*cp << 8) | cp[1]);
cp += 2;
if (changes & TCP_PUSH_BIT)
- th->th_flags |= TH_PUSH;
+ tcp_set_flags(th, tcp_get_flags(th) | TH_PUSH);
else
- th->th_flags &=~ TH_PUSH;
+ tcp_set_flags(th, tcp_get_flags(th) & ~TH_PUSH);
switch (changes & SPECIALS_MASK) {
case SPECIAL_I:
@@ -536,10 +536,10 @@
default:
if (changes & NEW_U) {
- th->th_flags |= TH_URG;
+ tcp_set_flags(th, tcp_get_flags(th) | TH_URG);
DECODEU(th->th_urp)
} else
- th->th_flags &=~ TH_URG;
+ tcp_set_flags(th, tcp_get_flags(th) & ~TH_URG);
if (changes & NEW_W)
DECODES(th->th_win)
if (changes & NEW_A)
diff --git a/sys/netgraph/netflow/netflow.c b/sys/netgraph/netflow/netflow.c
--- a/sys/netgraph/netflow/netflow.c
+++ b/sys/netgraph/netflow/netflow.c
@@ -107,11 +107,11 @@
#ifdef INET
static int hash_insert(priv_p, struct flow_hash_entry *, struct flow_rec *,
- int, uint8_t, uint8_t);
+ int, uint8_t, uint16_t);
#endif
#ifdef INET6
static int hash6_insert(priv_p, struct flow_hash_entry *, struct flow6_rec *,
- int, uint8_t, uint8_t);
+ int, uint8_t, uint16_t);
#endif
static void expire_flow(priv_p, fib_export_p, struct flow_entry *, int);
@@ -320,7 +320,7 @@
#ifdef INET
static int
hash_insert(priv_p priv, struct flow_hash_entry *hsh, struct flow_rec *r,
- int plen, uint8_t flags, uint8_t tcp_flags)
+ int plen, uint8_t flags, uint16_t tcp_flags)
{
struct flow_entry *fle;
@@ -397,7 +397,7 @@
#ifdef INET6
static int
hash6_insert(priv_p priv, struct flow_hash_entry *hsh6, struct flow6_rec *r,
- int plen, uint8_t flags, uint8_t tcp_flags)
+ int plen, uint8_t flags, uint16_t tcp_flags)
{
struct flow6_entry *fle6;
@@ -659,7 +659,7 @@
struct flow_rec r;
int hlen, plen;
int error = 0;
- uint8_t tcp_flags = 0;
+ uint16_t tcp_flags = 0;
bzero(&r, sizeof(r));
@@ -702,7 +702,7 @@
tcp = (struct tcphdr *)((caddr_t )ip + hlen);
r.r_sport = tcp->th_sport;
r.r_dport = tcp->th_dport;
- tcp_flags = tcp->th_flags;
+ tcp_flags = tcp_get_flags(tcp);
break;
}
case IPPROTO_UDP:
@@ -787,7 +787,7 @@
struct flow6_rec r;
int plen;
int error = 0;
- uint8_t tcp_flags = 0;
+ uint16_t tcp_flags = 0;
/* check version */
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION)
@@ -816,7 +816,7 @@
tcp = (struct tcphdr *)upper_ptr;
r.r_ports = *(uint32_t *)upper_ptr;
- tcp_flags = tcp->th_flags;
+ tcp_flags = tcp_get_flags(tcp);
break;
}
case IPPROTO_UDP:
diff --git a/sys/netgraph/netflow/ng_netflow.h b/sys/netgraph/netflow/ng_netflow.h
--- a/sys/netgraph/netflow/ng_netflow.h
+++ b/sys/netgraph/netflow/ng_netflow.h
@@ -259,7 +259,7 @@
u_long bytes;
long first; /* uptime on first packet */
long last; /* uptime on last packet */
- u_char tcp_flags; /* cumulative OR */
+ uint16_t tcp_flags; /* cumulative OR */
};
struct flow6_entry_data {
@@ -277,7 +277,7 @@
u_long bytes;
long first; /* uptime on first packet */
long last; /* uptime on last packet */
- u_char tcp_flags; /* cumulative OR */
+ uint16_t tcp_flags; /* cumulative OR */
};
/*
diff --git a/sys/netgraph/ng_tcpmss.c b/sys/netgraph/ng_tcpmss.c
--- a/sys/netgraph/ng_tcpmss.c
+++ b/sys/netgraph/ng_tcpmss.c
@@ -330,7 +330,7 @@
ERROUT(EINVAL);
/* Check SYN packet and has options. */
- if (!(tcp->th_flags & TH_SYN) || tcphlen == sizeof(struct tcphdr))
+ if (!(tcp_get_flags(tcp) & TH_SYN) || tcphlen == sizeof(struct tcphdr))
goto send;
/* Update SYN stats. */
diff --git a/sys/netinet/libalias/alias.c b/sys/netinet/libalias/alias.c
--- a/sys/netinet/libalias/alias.c
+++ b/sys/netinet/libalias/alias.c
@@ -183,12 +183,12 @@
*/
/* Local prototypes */
-static void TcpMonitorIn(u_char, struct alias_link *);
+static void TcpMonitorIn(uint16_t, struct alias_link *);
-static void TcpMonitorOut(u_char, struct alias_link *);
+static void TcpMonitorOut(uint16_t, struct alias_link *);
static void
-TcpMonitorIn(u_char th_flags, struct alias_link *lnk)
+TcpMonitorIn(uint16_t th_flags, struct alias_link *lnk)
{
switch (GetStateIn(lnk)) {
case ALIAS_TCP_STATE_NOT_CONNECTED:
@@ -205,7 +205,7 @@
}
static void
-TcpMonitorOut(u_char th_flags, struct alias_link *lnk)
+TcpMonitorOut(uint16_t th_flags, struct alias_link *lnk)
{
switch (GetStateOut(lnk)) {
case ALIAS_TCP_STATE_NOT_CONNECTED:
@@ -1053,7 +1053,7 @@
/* Monitor TCP connection state */
tc = (struct tcphdr *)ip_next(pip);
- TcpMonitorIn(tc->th_flags, lnk);
+ TcpMonitorIn(__tcp_get_flags(tc), lnk);
return (PKT_ALIAS_OK);
}
@@ -1142,7 +1142,7 @@
/* Monitor TCP connection state */
tc = (struct tcphdr *)ip_next(pip);
- TcpMonitorOut(tc->th_flags, lnk);
+ TcpMonitorOut(__tcp_get_flags(tc), lnk);
/* Walk out chain. */
find_handler(OUT, TCP, la, pip, &ad);
diff --git a/sys/netinet/libalias/alias_ftp.c b/sys/netinet/libalias/alias_ftp.c
--- a/sys/netinet/libalias/alias_ftp.c
+++ b/sys/netinet/libalias/alias_ftp.c
@@ -752,7 +752,7 @@
/* Compute TCP checksum for revised packet */
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
diff --git a/sys/netinet/libalias/alias_irc.c b/sys/netinet/libalias/alias_irc.c
--- a/sys/netinet/libalias/alias_irc.c
+++ b/sys/netinet/libalias/alias_irc.c
@@ -456,7 +456,7 @@
/* Compute TCP checksum for revised packet */
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
diff --git a/sys/netinet/libalias/alias_proxy.c b/sys/netinet/libalias/alias_proxy.c
--- a/sys/netinet/libalias/alias_proxy.c
+++ b/sys/netinet/libalias/alias_proxy.c
@@ -366,7 +366,7 @@
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
diff --git a/sys/netinet/libalias/alias_skinny.c b/sys/netinet/libalias/alias_skinny.c
--- a/sys/netinet/libalias/alias_skinny.c
+++ b/sys/netinet/libalias/alias_skinny.c
@@ -214,7 +214,7 @@
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
@@ -257,7 +257,7 @@
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
@@ -287,7 +287,7 @@
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
diff --git a/sys/netinet/libalias/alias_smedia.c b/sys/netinet/libalias/alias_smedia.c
--- a/sys/netinet/libalias/alias_smedia.c
+++ b/sys/netinet/libalias/alias_smedia.c
@@ -402,7 +402,7 @@
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
@@ -449,7 +449,7 @@
/* Compute TCP checksum for revised packet */
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -1265,7 +1265,6 @@
bcopy(opt, th + 1, optlen);
th->th_off = (sizeof (struct tcphdr) + optlen) >> 2;
}
- tcp_set_flags(th, flags);
/*
* Calculate receive window. Don't shrink window,
* but avoid silly window syndrome.
@@ -1310,8 +1309,8 @@
tp->t_flags &= ~TF_RXWIN0SENT;
if (SEQ_GT(tp->snd_up, tp->snd_nxt)) {
th->th_urp = htons((u_short)(tp->snd_up - tp->snd_nxt));
- th->th_flags |= TH_URG;
- } else
+ flags |= TH_URG;
+ } else {
/*
* If no urgent pointer to send, then we pull
* the urgent pointer to the left edge of the send window
@@ -1319,6 +1318,8 @@
* number wraparound.
*/
tp->snd_up = tp->snd_una; /* drag it along */
+ }
+ tcp_set_flags(th, flags);
/*
* Put TCP length in extended header, and then
diff --git a/sys/netpfil/ipfilter/netinet/fil.c b/sys/netpfil/ipfilter/netinet/fil.c
--- a/sys/netpfil/ipfilter/netinet/fil.c
+++ b/sys/netpfil/ipfilter/netinet/fil.c
@@ -1330,8 +1330,8 @@
return (1);
}
- flags = tcp->th_flags;
- fin->fin_tcpf = tcp->th_flags;
+ flags = tcp_get_flags(tcp);
+ fin->fin_tcpf = tcp_get_flags(tcp);
/*
* If the urgent flag is set, then the urgent pointer must
diff --git a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
--- a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
+++ b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
@@ -314,15 +314,15 @@
ip_t *ip;
tcp = fin->fin_dp;
- if (tcp->th_flags & TH_RST)
+ if (tcp_get_flags(tcp) & TH_RST)
return (-1); /* feedback loop */
if (ipf_checkl4sum(fin) == -1)
return (-1);
tlen = fin->fin_dlen - (TCP_OFF(tcp) << 2) +
- ((tcp->th_flags & TH_SYN) ? 1 : 0) +
- ((tcp->th_flags & TH_FIN) ? 1 : 0);
+ ((tcp_get_flags(tcp) & TH_SYN) ? 1 : 0) +
+ ((tcp_get_flags(tcp) & TH_FIN) ? 1 : 0);
#ifdef USE_INET6
hlen = (fin->fin_v == 6) ? sizeof(ip6_t) : sizeof(ip_t);
diff --git a/sys/netpfil/ipfilter/netinet/ip_ftp_pxy.c b/sys/netpfil/ipfilter/netinet/ip_ftp_pxy.c
--- a/sys/netpfil/ipfilter/netinet/ip_ftp_pxy.c
+++ b/sys/netpfil/ipfilter/netinet/ip_ftp_pxy.c
@@ -543,7 +543,7 @@
tcp2->th_win = htons(8192);
TCP_OFF_A(tcp2, 5);
- tcp2->th_flags = TH_SYN;
+ tcp_set_flags(tcp2, TH_SYN);
if (nat->nat_dir == NAT_INBOUND) {
fi.fin_out = 1;
@@ -873,7 +873,7 @@
fi.fin_flx &= FI_LOWTTL|FI_FRAG|FI_TCPUDP|FI_OPTIONS|FI_IGNORE;
TCP_OFF_A(tcp2, 5);
- tcp2->th_flags = TH_SYN;
+ tcp_set_flags(tcp2, TH_SYN);
tcp2->th_win = htons(8192);
tcp2->th_dport = htons(port);
@@ -1240,9 +1240,9 @@
if (softf->ipf_p_ftp_debug & DEBUG_INFO)
printf("ipf_p_ftp_process: %d:%d,%d, mlen %d flags %x\n",
fin->fin_out, fin->fin_sport, fin->fin_dport,
- mlen, tcp->th_flags);
+ mlen, tcp_get_flags(tcp));
- if ((mlen == 0) && ((tcp->th_flags & TH_OPENING) == TH_OPENING)) {
+ if ((mlen == 0) && ((tcp_get_flags(tcp) & TH_OPENING) == TH_OPENING)) {
f->ftps_seq[0] = thseq + 1;
t->ftps_seq[0] = thack;
return (0);
@@ -1283,7 +1283,7 @@
}
if (softf->ipf_p_ftp_debug & DEBUG_INFO) {
printf("%s: %x seq %x/%d ack %x/%d len %d/%d off %d\n",
- rv ? "IN" : "OUT", tcp->th_flags, thseq, seqoff,
+ rv ? "IN" : "OUT", tcp_get_flags(tcp), thseq, seqoff,
thack, ackoff, mlen, fin->fin_plen, off);
printf("sel %d seqmin %x/%x offset %d/%d\n", sel,
aps->aps_seqmin[sel], aps->aps_seqmin[sel2],
@@ -1357,7 +1357,7 @@
f->ftps_seq[0], f->ftps_seq[1]);
}
- if (tcp->th_flags & TH_FIN) {
+ if (tcp_get_flags(tcp) & TH_FIN) {
if (thseq == f->ftps_seq[1]) {
f->ftps_seq[0] = f->ftps_seq[1] - seqoff;
f->ftps_seq[1] = thseq + 1 - seqoff;
@@ -1530,7 +1530,7 @@
}
/* f->ftps_seq[1] += inc; */
- if (tcp->th_flags & TH_FIN)
+ if (tcp_get_flags(tcp) & TH_FIN)
f->ftps_seq[1]++;
if (softf->ipf_p_ftp_debug & DEBUG_PARSE_INFO) {
mlen = MSGDSIZE(m);
diff --git a/sys/netpfil/ipfilter/netinet/ip_nat.c b/sys/netpfil/ipfilter/netinet/ip_nat.c
--- a/sys/netpfil/ipfilter/netinet/ip_nat.c
+++ b/sys/netpfil/ipfilter/netinet/ip_nat.c
@@ -5715,7 +5715,7 @@
* Do a MSS CLAMPING on a SYN packet,
* only deal IPv4 for now.
*/
- if ((nat->nat_mssclamp != 0) && (tcp->th_flags & TH_SYN) != 0)
+ if ((nat->nat_mssclamp != 0) && (tcp_get_flags(tcp) & TH_SYN) != 0)
ipf_nat_mssclamp(tcp, nat->nat_mssclamp, fin, csump);
break;
diff --git a/sys/netpfil/ipfilter/netinet/ip_pptp_pxy.c b/sys/netpfil/ipfilter/netinet/ip_pptp_pxy.c
--- a/sys/netpfil/ipfilter/netinet/ip_pptp_pxy.c
+++ b/sys/netpfil/ipfilter/netinet/ip_pptp_pxy.c
@@ -515,7 +515,7 @@
rev = 0;
tcp = (tcphdr_t *)fin->fin_dp;
- if ((tcp->th_flags & TH_OPENING) == TH_OPENING) {
+ if ((tcp_get_flags(tcp) & TH_OPENING) == TH_OPENING) {
pptp = (pptp_pxy_t *)aps->aps_data;
pptp->pptp_side[1 - rev].pptps_next = ntohl(tcp->th_ack);
pptp->pptp_side[1 - rev].pptps_nexthdr = ntohl(tcp->th_ack);
diff --git a/sys/netpfil/ipfilter/netinet/ip_rcmd_pxy.c b/sys/netpfil/ipfilter/netinet/ip_rcmd_pxy.c
--- a/sys/netpfil/ipfilter/netinet/ip_rcmd_pxy.c
+++ b/sys/netpfil/ipfilter/netinet/ip_rcmd_pxy.c
@@ -263,7 +263,7 @@
bzero((char *)tcp2, sizeof(*tcp2));
tcp2->th_win = htons(8192);
TCP_OFF_A(tcp2, 5);
- tcp2->th_flags = TH_SYN;
+ tcp_set_flags(tcp2, TH_SYN);
fi.fin_dp = (char *)tcp2;
fi.fin_fr = &rcmdfr;
diff --git a/sys/netpfil/ipfilter/netinet/ip_rpcb_pxy.c b/sys/netpfil/ipfilter/netinet/ip_rpcb_pxy.c
--- a/sys/netpfil/ipfilter/netinet/ip_rpcb_pxy.c
+++ b/sys/netpfil/ipfilter/netinet/ip_rpcb_pxy.c
@@ -1127,7 +1127,7 @@
tcp.th_win = htons(8192);
TCP_OFF_A(&tcp, sizeof(tcphdr_t) >> 2);
fi.fin_dlen = sizeof(tcphdr_t);
- tcp.th_flags = TH_SYN;
+ tcp_set_flags(&tcp, TH_SYN);
nflags = NAT_TCP;
} else {
fi.fin_dlen = sizeof(udphdr_t);
diff --git a/sys/netpfil/ipfilter/netinet/ip_state.c b/sys/netpfil/ipfilter/netinet/ip_state.c
--- a/sys/netpfil/ipfilter/netinet/ip_state.c
+++ b/sys/netpfil/ipfilter/netinet/ip_state.c
@@ -1520,7 +1520,7 @@
case IPPROTO_TCP :
tcp = fin->fin_dp;
- if (tcp->th_flags & TH_RST) {
+ if (tcp_get_flags(tcp) & TH_RST) {
SBUMPD(ipf_state_stats, iss_tcp_rstadd);
return (-4);
}
@@ -1553,15 +1553,15 @@
if ((fin->fin_flx & FI_IGNORE) == 0) {
is->is_send = ntohl(tcp->th_seq) + fin->fin_dlen -
(TCP_OFF(tcp) << 2) +
- ((tcp->th_flags & TH_SYN) ? 1 : 0) +
- ((tcp->th_flags & TH_FIN) ? 1 : 0);
+ ((tcp_get_flags(tcp) & TH_SYN) ? 1 : 0) +
+ ((tcp_get_flags(tcp) & TH_FIN) ? 1 : 0);
is->is_maxsend = is->is_send;
/*
* Window scale option is only present in
* SYN/SYN-ACK packet.
*/
- if ((tcp->th_flags & ~(TH_FIN|TH_ACK|TH_ECNALL)) ==
+ if ((tcp_get_flags(tcp) & ~(TH_FIN|TH_ACK|TH_ECNALL)) ==
TH_SYN &&
(TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2))) {
if (ipf_tcpoptions(softs, fin, tcp,
@@ -1576,7 +1576,7 @@
ipf_fixoutisn(fin, is);
}
- if ((tcp->th_flags & TH_OPENING) == TH_SYN)
+ if ((tcp_get_flags(tcp) & TH_OPENING) == TH_SYN)
flags |= IS_TCPFSM;
else {
is->is_maxdwin = is->is_maxswin * 2;
@@ -1968,7 +1968,7 @@
* If a SYN packet is received for a connection that is on the way out
* but hasn't yet departed then advance this session along the way.
*/
- if ((tcp->th_flags & TH_OPENING) == TH_SYN) {
+ if ((tcp_get_flags(tcp) & TH_OPENING) == TH_SYN) {
if ((is->is_state[0] > IPF_TCPS_ESTABLISHED) &&
(is->is_state[1] > IPF_TCPS_ESTABLISHED)) {
is->is_state[!source] = IPF_TCPS_CLOSED;
@@ -2011,7 +2011,7 @@
* Window scale option is only present in SYN/SYN-ACK packet.
* Compare with ~TH_FIN to mask out T/TCP setups.
*/
- flags = tcp->th_flags & ~(TH_FIN|TH_ECNALL);
+ flags = tcp_get_flags(tcp) & ~(TH_FIN|TH_ECNALL);
if (flags == (TH_SYN|TH_ACK)) {
is->is_s0[source] = ntohl(tcp->th_ack);
is->is_s0[!source] = ntohl(tcp->th_seq) + 1;
@@ -2110,7 +2110,7 @@
/*
* Find difference between last checked packet and this packet.
*/
- tcpflags = tcp->th_flags;
+ tcpflags = tcp_get_flags(tcp);
seq = ntohl(tcp->th_seq);
ack = ntohl(tcp->th_ack);
if (tcpflags & TH_SYN)
@@ -2313,8 +2313,8 @@
clone->is_state[0] = 0;
clone->is_state[1] = 0;
send = ntohl(tcp->th_seq) + fin->fin_dlen - (TCP_OFF(tcp) << 2) +
- ((tcp->th_flags & TH_SYN) ? 1 : 0) +
- ((tcp->th_flags & TH_FIN) ? 1 : 0);
+ ((tcp_get_flags(tcp) & TH_SYN) ? 1 : 0) +
+ ((tcp_get_flags(tcp) & TH_FIN) ? 1 : 0);
if (fin->fin_rev == 1) {
clone->is_dend = send;
@@ -3954,7 +3954,7 @@
rval = 0;
dir = fin->fin_rev;
- tcpflags = tcp->th_flags;
+ tcpflags = tcp_get_flags(tcp);
dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2);
ostate = tqe->tqe_state[1 - dir];
nstate = tqe->tqe_state[dir];
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@@ -719,12 +719,12 @@
if (flags & TH_RST) {
if (flags & TH_ACK) {
th->th_seq = htonl(ack);
- th->th_flags = TH_RST;
+ tcp_set_flags(th, TH_RST);
} else {
if (flags & TH_SYN)
seq++;
th->th_ack = htonl(seq);
- th->th_flags = TH_RST | TH_ACK;
+ tcp_set_flags(th, TH_RST | TH_ACK);
}
} else {
/*
@@ -732,7 +732,7 @@
*/
th->th_seq = htonl(seq);
th->th_ack = htonl(ack);
- th->th_flags = TH_ACK;
+ tcp_set_flags(th, TH_ACK);
}
switch (id->addr_type) {
@@ -893,11 +893,11 @@
struct tcphdr *tcp;
tcp = (struct tcphdr *)((char *)ip6 + hlen);
- if ((tcp->th_flags & TH_RST) == 0) {
+ if ((tcp_get_flags(tcp) & TH_RST) == 0) {
struct mbuf *m0;
m0 = ipfw_send_pkt(args->m, &(args->f_id),
ntohl(tcp->th_seq), ntohl(tcp->th_ack),
- tcp->th_flags | TH_RST);
+ tcp_get_flags(tcp) | TH_RST);
if (m0 != NULL)
ip6_output(m0, NULL, NULL, 0, NULL, NULL,
NULL);
@@ -1021,11 +1021,11 @@
} else if (code == ICMP_REJECT_RST && args->f_id.proto == IPPROTO_TCP) {
struct tcphdr *const tcp =
L3HDR(struct tcphdr, mtod(args->m, struct ip *));
- if ( (tcp->th_flags & TH_RST) == 0) {
+ if ( (tcp_get_flags(tcp) & TH_RST) == 0) {
struct mbuf *m;
m = ipfw_send_pkt(args->m, &(args->f_id),
ntohl(tcp->th_seq), ntohl(tcp->th_ack),
- tcp->th_flags | TH_RST);
+ tcp_get_flags(tcp) | TH_RST);
if (m != NULL)
ip_output(m, NULL, NULL, 0, NULL, NULL);
}
@@ -1571,7 +1571,7 @@
dst_port = TCP(ulp)->th_dport;
src_port = TCP(ulp)->th_sport;
/* save flags for dynamic rules */
- args->f_id._flags = TCP(ulp)->th_flags;
+ args->f_id._flags = tcp_get_flags(TCP(ulp));
break;
case IPPROTO_SCTP:
@@ -1762,7 +1762,7 @@
dst_port = TCP(ulp)->th_dport;
src_port = TCP(ulp)->th_sport;
/* save flags for dynamic rules */
- args->f_id._flags = TCP(ulp)->th_flags;
+ args->f_id._flags = tcp_get_flags(TCP(ulp));
break;
case IPPROTO_SCTP:
@@ -2439,8 +2439,13 @@
break;
case O_TCPFLAGS:
+ /*
+ * Note that this is currently only set up to
+ * match the lower 8 TCP header flag bits, not
+ * the full compliment of all 12 flags.
+ */
match = (proto == IPPROTO_TCP && offset == 0 &&
- flags_match(cmd, TCP(ulp)->th_flags));
+ flags_match(cmd, tcp_get_flags(TCP(ulp))));
break;
case O_TCPOPTS:
@@ -2511,7 +2516,7 @@
/* reject packets which have SYN only */
/* XXX should i also check for TH_ACK ? */
match = (proto == IPPROTO_TCP && offset == 0 &&
- (TCP(ulp)->th_flags &
+ (tcp_get_flags(TCP(ulp)) &
(TH_RST | TH_ACK | TH_SYN)) != TH_SYN);
break;
diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c
--- a/sys/netpfil/ipfw/ip_fw_dynamic.c
+++ b/sys/netpfil/ipfw/ip_fw_dynamic.c
@@ -2388,7 +2388,7 @@
tcp->th_off = sizeof(struct tcphdr) >> 2;
tcp->th_seq = htonl(seq);
tcp->th_ack = htonl(ack);
- tcp->th_flags = TH_ACK;
+ tcp_set_flags(tcp, TH_ACK);
tcp->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
htons(sizeof(struct tcphdr) + IPPROTO_TCP));
@@ -2498,7 +2498,7 @@
tcp->th_off = sizeof(struct tcphdr) >> 2;
tcp->th_seq = htonl(seq);
tcp->th_ack = htonl(ack);
- tcp->th_flags = TH_ACK;
+ tcp_set_flags(tcp, TH_ACK);
tcp->th_sum = in6_cksum_pseudo(ip6, sizeof(struct tcphdr),
IPPROTO_TCP, 0);
diff --git a/sys/netpfil/ipfw/ip_fw_nat.c b/sys/netpfil/ipfw/ip_fw_nat.c
--- a/sys/netpfil/ipfw/ip_fw_nat.c
+++ b/sys/netpfil/ipfw/ip_fw_nat.c
@@ -416,7 +416,7 @@
struct tcphdr *th;
th = (struct tcphdr *)(ip + 1);
- if (th->th_x2 & (TH_RES1 >> 8))
+ if (tcp_get_flags(th) & TH_RES1)
ldt = 1;
}
@@ -436,7 +436,7 @@
* Maybe it was set in
* libalias...
*/
- th->th_x2 &= ~(TH_RES1 >> 8);
+ tcp_set_flags(th, tcp_get_flags(th) & ~TH_RES1);
th->th_sum = cksum;
mcl->m_pkthdr.csum_data =
offsetof(struct tcphdr, th_sum);
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -3479,7 +3479,7 @@
th->th_seq = htonl(seq);
th->th_ack = htonl(ack);
th->th_off = tlen >> 2;
- th->th_flags = tcp_flags;
+ tcp_set_flags(th, tcp_flags);
th->th_win = htons(win);
if (mss) {
@@ -3700,16 +3700,16 @@
if (pd->proto == IPPROTO_TCP &&
((r->rule_flag & PFRULE_RETURNRST) ||
(r->rule_flag & PFRULE_RETURN)) &&
- !(th->th_flags & TH_RST)) {
+ !(tcp_get_flags(th) & TH_RST)) {
u_int32_t ack = ntohl(th->th_seq) + pd->p_len;
if (pf_check_proto_cksum(pd->m, pd->off, pd->tot_len - pd->off,
IPPROTO_TCP, pd->af))
REASON_SET(reason, PFRES_PROTCKSUM);
else {
- if (th->th_flags & TH_SYN)
+ if (tcp_get_flags(th) & TH_SYN)
ack++;
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
ack++;
pf_send_tcp(r, pd->af, pd->dst,
pd->src, th->th_dport, th->th_sport,
@@ -5169,7 +5169,7 @@
break;
case IPPROTO_TCP:
- PF_TEST_ATTRIB((r->flagset & th->th_flags) != r->flags,
+ PF_TEST_ATTRIB((r->flagset & tcp_get_flags(th)) != r->flags,
TAILQ_NEXT(r, entries));
/* FALLTHROUGH */
case IPPROTO_SCTP:
@@ -5432,7 +5432,7 @@
case IPPROTO_TCP:
s->src.seqlo = ntohl(th->th_seq);
s->src.seqhi = s->src.seqlo + pd->p_len + 1;
- if ((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN &&
+ if ((tcp_get_flags(th) & (TH_SYN|TH_ACK)) == TH_SYN &&
r->keep_state == PF_STATE_MODULATE) {
/* Generate sequence number modulator */
if ((s->src.seqdiff = pf_tcp_iss(pd) - s->src.seqlo) ==
@@ -5443,7 +5443,7 @@
*rewrite = 1;
} else
s->src.seqdiff = 0;
- if (th->th_flags & TH_SYN) {
+ if (tcp_get_flags(th) & TH_SYN) {
s->src.seqhi++;
s->src.wscale = pf_get_wscale(pd);
}
@@ -5455,7 +5455,7 @@
s->src.max_win = (win - 1) >>
(s->src.wscale & PF_WSCALE_MASK);
}
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
s->src.seqhi++;
s->dst.seqhi = 1;
s->dst.max_win = 1;
@@ -5558,7 +5558,7 @@
if (tag > 0)
s->tag = tag;
- if (pd->proto == IPPROTO_TCP && (th->th_flags & (TH_SYN|TH_ACK)) ==
+ if (pd->proto == IPPROTO_TCP && (tcp_get_flags(th) & (TH_SYN|TH_ACK)) ==
TH_SYN && r->keep_state == PF_STATE_SYNPROXY) {
pf_set_protostate(s, PF_PEER_SRC, PF_TCPS_PROXY_SRC);
/* undo NAT changes, if they have taken place */
@@ -5660,7 +5660,7 @@
pdst = PF_PEER_SRC;
}
- if (src->wscale && dst->wscale && !(th->th_flags & TH_SYN)) {
+ if (src->wscale && dst->wscale && !(tcp_get_flags(th) & TH_SYN)) {
sws = src->wscale & PF_WSCALE_MASK;
dws = dst->wscale & PF_WSCALE_MASK;
} else
@@ -5699,7 +5699,7 @@
}
end = seq + pd->p_len;
- if (th->th_flags & TH_SYN) {
+ if (tcp_get_flags(th) & TH_SYN) {
end++;
if (dst->wscale & PF_WSCALE_FLAG) {
src->wscale = pf_get_wscale(pd);
@@ -5721,7 +5721,7 @@
}
}
data_end = end;
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
end++;
src->seqlo = seq;
@@ -5749,18 +5749,18 @@
*copyback = 1;
}
end = seq + pd->p_len;
- if (th->th_flags & TH_SYN)
+ if (tcp_get_flags(th) & TH_SYN)
end++;
data_end = end;
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
end++;
}
- if ((th->th_flags & TH_ACK) == 0) {
+ if ((tcp_get_flags(th) & TH_ACK) == 0) {
/* Let it pass through the ack skew check */
ack = dst->seqlo;
} else if ((ack == 0 &&
- (th->th_flags & (TH_ACK|TH_RST)) == (TH_ACK|TH_RST)) ||
+ (tcp_get_flags(th) & (TH_ACK|TH_RST)) == (TH_ACK|TH_RST)) ||
/* broken tcp stacks do not set ack */
(dst->state < TCPS_SYN_SENT)) {
/*
@@ -5804,7 +5804,7 @@
/* Acking not more than one reassembled fragment backwards */
(ackskew <= (MAXACKWINDOW << sws)) &&
/* Acking not more than one window forward */
- ((th->th_flags & TH_RST) == 0 || orig_seq == src->seqlo ||
+ ((tcp_get_flags(th) & TH_RST) == 0 || orig_seq == src->seqlo ||
(orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo))) {
/* Require an exact/+1 sequence match on resets when possible */
@@ -5825,13 +5825,13 @@
dst->seqhi = ack + MAX((win << sws), 1);
/* update states */
- if (th->th_flags & TH_SYN)
+ if (tcp_get_flags(th) & TH_SYN)
if (src->state < TCPS_SYN_SENT)
pf_set_protostate(*state, psrc, TCPS_SYN_SENT);
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
if (src->state < TCPS_CLOSING)
pf_set_protostate(*state, psrc, TCPS_CLOSING);
- if (th->th_flags & TH_ACK) {
+ if (tcp_get_flags(th) & TH_ACK) {
if (dst->state == TCPS_SYN_SENT) {
pf_set_protostate(*state, pdst,
TCPS_ESTABLISHED);
@@ -5845,7 +5845,7 @@
pf_set_protostate(*state, pdst,
TCPS_FIN_WAIT_2);
}
- if (th->th_flags & TH_RST)
+ if (tcp_get_flags(th) & TH_RST)
pf_set_protostate(*state, PF_PEER_BOTH, TCPS_TIME_WAIT);
/* update expire time */
@@ -5899,7 +5899,7 @@
if (V_pf_status.debug >= PF_DEBUG_MISC) {
printf("pf: loose state match: ");
pf_print_state(*state);
- pf_print_flags(th->th_flags);
+ pf_print_flags(tcp_get_flags(th));
printf(" seq=%u (%u) ack=%u len=%u ackskew=%d "
"pkts=%llu:%llu dir=%s,%s\n", seq, orig_seq, ack,
pd->p_len, ackskew, (unsigned long long)(*state)->packets[0],
@@ -5929,10 +5929,10 @@
* SYN and not an already established connection.
*/
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
if (src->state < TCPS_CLOSING)
pf_set_protostate(*state, psrc, TCPS_CLOSING);
- if (th->th_flags & TH_RST)
+ if (tcp_get_flags(th) & TH_RST)
pf_set_protostate(*state, PF_PEER_BOTH, TCPS_TIME_WAIT);
/* Fall through to PASS packet */
@@ -5941,7 +5941,7 @@
if ((*state)->dst.state == TCPS_SYN_SENT &&
(*state)->src.state == TCPS_SYN_SENT) {
/* Send RST for state mismatches during handshake */
- if (!(th->th_flags & TH_RST))
+ if (!(tcp_get_flags(th) & TH_RST))
pf_send_tcp((*state)->rule, pd->af,
pd->dst, pd->src, th->th_dport,
th->th_sport, ntohl(th->th_ack), 0,
@@ -5954,7 +5954,7 @@
} else if (V_pf_status.debug >= PF_DEBUG_MISC) {
printf("pf: BAD state: ");
pf_print_state(*state);
- pf_print_flags(th->th_flags);
+ pf_print_flags(tcp_get_flags(th));
printf(" seq=%u (%u) ack=%u len=%u ackskew=%d "
"pkts=%llu:%llu dir=%s,%s\n",
seq, orig_seq, ack, pd->p_len, ackskew,
@@ -5997,13 +5997,13 @@
pdst = PF_PEER_SRC;
}
- if (th->th_flags & TH_SYN)
+ if (tcp_get_flags(th) & TH_SYN)
if (src->state < TCPS_SYN_SENT)
pf_set_protostate(*state, psrc, TCPS_SYN_SENT);
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
if (src->state < TCPS_CLOSING)
pf_set_protostate(*state, psrc, TCPS_CLOSING);
- if (th->th_flags & TH_ACK) {
+ if (tcp_get_flags(th) & TH_ACK) {
if (dst->state == TCPS_SYN_SENT) {
pf_set_protostate(*state, pdst, TCPS_ESTABLISHED);
if (src->state == TCPS_ESTABLISHED &&
@@ -6041,7 +6041,7 @@
pf_set_protostate(*state, pdst, TCPS_CLOSING);
}
}
- if (th->th_flags & TH_RST)
+ if (tcp_get_flags(th) & TH_RST)
pf_set_protostate(*state, PF_PEER_BOTH, TCPS_TIME_WAIT);
/* update expire time */
@@ -6075,7 +6075,7 @@
REASON_SET(reason, PFRES_SYNPROXY);
return (PF_SYNPROXY_DROP);
}
- if (th->th_flags & TH_SYN) {
+ if (tcp_get_flags(th) & TH_SYN) {
if (ntohl(th->th_seq) != (*state)->src.seqlo) {
REASON_SET(reason, PFRES_SYNPROXY);
return (PF_DROP);
@@ -6087,7 +6087,7 @@
M_SKIP_FIREWALL, 0, 0, (*state)->act.rtableid);
REASON_SET(reason, PFRES_SYNPROXY);
return (PF_SYNPROXY_DROP);
- } else if ((th->th_flags & (TH_ACK|TH_RST|TH_FIN)) != TH_ACK ||
+ } else if ((tcp_get_flags(th) & (TH_ACK|TH_RST|TH_FIN)) != TH_ACK ||
(ntohl(th->th_ack) != (*state)->src.seqhi + 1) ||
(ntohl(th->th_seq) != (*state)->src.seqlo + 1)) {
REASON_SET(reason, PFRES_SYNPROXY);
@@ -6102,7 +6102,7 @@
}
if ((*state)->src.state == PF_TCPS_PROXY_DST) {
if (pd->dir == (*state)->direction) {
- if (((th->th_flags & (TH_SYN|TH_ACK)) != TH_ACK) ||
+ if (((tcp_get_flags(th) & (TH_SYN|TH_ACK)) != TH_ACK) ||
(ntohl(th->th_ack) != (*state)->src.seqhi + 1) ||
(ntohl(th->th_seq) != (*state)->src.seqlo + 1)) {
REASON_SET(reason, PFRES_SYNPROXY);
@@ -6120,7 +6120,7 @@
(*state)->tag, 0, (*state)->act.rtableid);
REASON_SET(reason, PFRES_SYNPROXY);
return (PF_SYNPROXY_DROP);
- } else if (((th->th_flags & (TH_SYN|TH_ACK)) !=
+ } else if (((tcp_get_flags(th) & (TH_SYN|TH_ACK)) !=
(TH_SYN|TH_ACK)) ||
(ntohl(th->th_ack) != (*state)->dst.seqhi + 1)) {
REASON_SET(reason, PFRES_SYNPROXY);
@@ -6198,13 +6198,13 @@
if (dst->state >= TCPS_FIN_WAIT_2 &&
src->state >= TCPS_FIN_WAIT_2 &&
- (((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) ||
- ((th->th_flags & (TH_SYN|TH_ACK|TH_RST)) == TH_ACK &&
+ (((tcp_get_flags(th) & (TH_SYN|TH_ACK)) == TH_SYN) ||
+ ((tcp_get_flags(th) & (TH_SYN|TH_ACK|TH_RST)) == TH_ACK &&
pf_syncookie_check(pd) && pd->dir == PF_IN))) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
printf("pf: state reuse ");
pf_print_state(*state);
- pf_print_flags(th->th_flags);
+ pf_print_flags(tcp_get_flags(th));
printf("\n");
}
/* XXX make sure it's the same direction ?? */
@@ -9166,14 +9166,14 @@
case IPPROTO_TCP: {
/* Respond to SYN with a syncookie. */
- if ((pd.hdr.tcp.th_flags & (TH_SYN|TH_ACK|TH_RST)) == TH_SYN &&
+ if ((tcp_get_flags(&pd.hdr.tcp) & (TH_SYN|TH_ACK|TH_RST)) == TH_SYN &&
pd.dir == PF_IN && pf_synflood_check(&pd)) {
pf_syncookie_send(&pd);
action = PF_DROP;
break;
}
- if ((pd.hdr.tcp.th_flags & TH_ACK) && pd.p_len == 0)
+ if ((tcp_get_flags(&pd.hdr.tcp) & TH_ACK) && pd.p_len == 0)
use_2nd_queue = 1;
action = pf_normalize_tcp(&pd);
if (action == PF_DROP)
@@ -9187,7 +9187,7 @@
} else if (s == NULL) {
/* Validate remote SYN|ACK, re-create original SYN if
* valid. */
- if ((pd.hdr.tcp.th_flags & (TH_SYN|TH_ACK|TH_RST)) ==
+ if ((tcp_get_flags(&pd.hdr.tcp) & (TH_SYN|TH_ACK|TH_RST)) ==
TH_ACK && pf_syncookie_validate(&pd) &&
pd.dir == PF_IN) {
struct mbuf *msyn;
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
--- a/sys/netpfil/pf/pf_norm.c
+++ b/sys/netpfil/pf/pf_norm.c
@@ -1460,7 +1460,7 @@
* All normalizations below are only begun if we see the start of
* the connections. They must all set an enabled bit in pfss_flags
*/
- if ((th->th_flags & TH_SYN) == 0)
+ if ((tcp_get_flags(th) & TH_SYN) == 0)
return (0);
if (th->th_off > (sizeof(struct tcphdr) >> 2) && src->scrub &&
@@ -1811,7 +1811,7 @@
dst->scrub->pfss_tsecr, dst->scrub->pfss_tsval0));
if (V_pf_status.debug >= PF_DEBUG_MISC) {
pf_print_state(state);
- pf_print_flags(th->th_flags);
+ pf_print_flags(tcp_get_flags(th));
printf("\n");
}
REASON_SET(reason, PFRES_TS);
@@ -1820,9 +1820,9 @@
/* XXX I'd really like to require tsecr but it's optional */
- } else if (!got_ts && (th->th_flags & TH_RST) == 0 &&
+ } else if (!got_ts && (tcp_get_flags(th) & TH_RST) == 0 &&
((src->state == TCPS_ESTABLISHED && dst->state == TCPS_ESTABLISHED)
- || pd->p_len > 0 || (th->th_flags & TH_SYN)) &&
+ || pd->p_len > 0 || (tcp_get_flags(th) & TH_SYN)) &&
src->scrub && dst->scrub &&
(src->scrub->pfss_flags & PFSS_PAWS) &&
(dst->scrub->pfss_flags & PFSS_PAWS)) {
@@ -1861,7 +1861,7 @@
DPFPRINTF(("Did not receive expected RFC1323 "
"timestamp\n"));
pf_print_state(state);
- pf_print_flags(th->th_flags);
+ pf_print_flags(tcp_get_flags(th));
printf("\n");
}
REASON_SET(reason, PFRES_TS);
@@ -1890,7 +1890,7 @@
"timestamp data packet. Disabled PAWS "
"security.\n"));
pf_print_state(state);
- pf_print_flags(th->th_flags);
+ pf_print_flags(tcp_get_flags(th));
printf("\n");
}
}
diff --git a/sys/netpfil/pf/pf_osfp.c b/sys/netpfil/pf/pf_osfp.c
--- a/sys/netpfil/pf/pf_osfp.c
+++ b/sys/netpfil/pf/pf_osfp.c
@@ -103,7 +103,7 @@
char srcname[INET_ADDRSTRLEN];
#endif
- if ((tcp->th_flags & (TH_SYN|TH_ACK)) != TH_SYN)
+ if ((tcp_get_flags(tcp) & (TH_SYN|TH_ACK)) != TH_SYN)
return (NULL);
if (ip) {
if ((ip->ip_off & htons(IP_OFFMASK)) != 0)
diff --git a/usr.sbin/ppp/ip.c b/usr.sbin/ppp/ip.c
--- a/usr.sbin/ppp/ip.c
+++ b/usr.sbin/ppp/ip.c
@@ -371,14 +371,14 @@
}
sport = ntohs(th->th_sport);
dport = ntohs(th->th_dport);
- estab = (th->th_flags & TH_ACK);
- syn = (th->th_flags & TH_SYN);
- finrst = (th->th_flags & (TH_FIN|TH_RST));
+ estab = __tcp_get_flags(th) & TH_ACK;
+ syn = __tcp_get_flags(th) & TH_SYN;
+ finrst = __tcp_get_flags(th) & (TH_FIN|TH_RST);
if (log_IsKept(LogDEBUG)) {
if (!estab)
snprintf(dbuff, sizeof dbuff,
- "flags = %02x, sport = %d, dport = %d",
- th->th_flags, sport, dport);
+ "flags = %03x, sport = %d, dport = %d",
+ __tcp_get_flags(th), sport, dport);
else
*dbuff = '\0';
}
@@ -831,7 +831,7 @@
loglen += strlen(logbuf + loglen);
n = 0;
for (mask = TH_FIN; mask != 0x40; mask <<= 1) {
- if (th->th_flags & mask) {
+ if (__tcp_get_flags(th) & mask) {
snprintf(logbuf + loglen, sizeof logbuf - loglen, " %s", TcpFlags[n]);
loglen += strlen(logbuf + loglen);
}
@@ -841,7 +841,7 @@
" seq:%lx ack:%lx (%d/%d)",
(u_long)ntohl(th->th_seq), (u_long)ntohl(th->th_ack), len, nb);
loglen += strlen(logbuf + loglen);
- if ((th->th_flags & TH_SYN) && nb > 40) {
+ if ((__tcp_get_flags(th) & TH_SYN) && nb > 40) {
const u_short *sp;
sp = (const u_short *)(payload + 20);
diff --git a/usr.sbin/ppp/slcompress.c b/usr.sbin/ppp/slcompress.c
--- a/usr.sbin/ppp/slcompress.c
+++ b/usr.sbin/ppp/slcompress.c
@@ -179,8 +179,8 @@
return (TYPE_IP);
}
th = (struct tcphdr *) & ((int *) ip)[hlen];
- if ((th->th_flags & (TH_SYN | TH_FIN | TH_RST | TH_ACK)) != TH_ACK) {
- log_Printf(LogDEBUG, "??? 2 th_flags = %x\n", th->th_flags);
+ if ((__tcp_get_flags(th) & (TH_SYN | TH_FIN | TH_RST | TH_ACK)) != TH_ACK) {
+ log_Printf(LogDEBUG, "??? 2 th_flags = %x\n", __tcp_get_flags(th));
log_DumpBp(LogDEBUG, "", m);
return (TYPE_IP);
}
@@ -283,7 +283,7 @@
* changes in the order: urgent, window, ack, seq (the order minimizes the
* number of temporaries needed in this section of code).
*/
- if (th->th_flags & TH_URG) {
+ if (__tcp_get_flags(th) & TH_URG) {
deltaS = ntohs(th->th_urp);
ENCODEZ(deltaS);
changes |= NEW_U;
@@ -366,7 +366,7 @@
ENCODEZ(deltaS);
changes |= NEW_I;
}
- if (th->th_flags & TH_PUSH)
+ if (__tcp_get_flags(th) & TH_PUSH)
changes |= TCP_PUSH_BIT;
/*
@@ -501,9 +501,9 @@
th->th_sum = htons((*cp << 8) | cp[1]);
cp += 2;
if (changes & TCP_PUSH_BIT)
- th->th_flags |= TH_PUSH;
+ __tcp_set_flags(th, __tcp_get_flags(th) | TH_PUSH);
else
- th->th_flags &= ~TH_PUSH;
+ __tcp_set_flags(th, __tcp_get_flags(th) & ~TH_PUSH);
switch (changes & SPECIALS_MASK) {
case SPECIAL_I:
@@ -522,10 +522,10 @@
default:
if (changes & NEW_U) {
- th->th_flags |= TH_URG;
+ __tcp_set_flags(th, __tcp_get_flags(th) | TH_URG);
DECODEU(th->th_urp)
} else
- th->th_flags &= ~TH_URG;
+ __tcp_set_flags(th, __tcp_get_flags(th) & ~TH_URG);
if (changes & NEW_W)
DECODES(th->th_win)
if (changes & NEW_A)
diff --git a/usr.sbin/ppp/tcpmss.c b/usr.sbin/ppp/tcpmss.c
--- a/usr.sbin/ppp/tcpmss.c
+++ b/usr.sbin/ppp/tcpmss.c
@@ -115,7 +115,7 @@
return;
/* MSS option only allowed within SYN packets. */
- if (!(tc->th_flags & TH_SYN))
+ if (!(__tcp_get_flags(tc) & TH_SYN))
return;
for (olen = hlen - sizeof(struct tcphdr), opt = (u_char *)(tc + 1);
diff --git a/usr.sbin/traceroute/traceroute.c b/usr.sbin/traceroute/traceroute.c
--- a/usr.sbin/traceroute/traceroute.c
+++ b/usr.sbin/traceroute/traceroute.c
@@ -1497,7 +1497,7 @@
tcp->th_seq = (tcp->th_sport << 16) | tcp->th_dport;
tcp->th_ack = 0;
tcp->th_off = 5;
- tcp->th_flags = TH_SYN;
+ __tcp_set_flags(tcp, TH_SYN);
tcp->th_sum = 0;
if (doipcksum)
diff --git a/usr.sbin/traceroute6/traceroute6.c b/usr.sbin/traceroute6/traceroute6.c
--- a/usr.sbin/traceroute6/traceroute6.c
+++ b/usr.sbin/traceroute6/traceroute6.c
@@ -1213,7 +1213,7 @@
tcp->th_seq = (tcp->th_sport << 16) | tcp->th_dport;
tcp->th_ack = 0;
tcp->th_off = 5;
- tcp->th_flags = TH_SYN;
+ __tcp_set_flags(tcp, TH_SYN);
tcp->th_sum = 0;
tcp->th_sum = tcp_chksum(&Src, &Dst, outpacket, datalen);
break;

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 15, 9:22 AM (4 h, 42 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
25322419
Default Alt Text
D47063.diff (49 KB)

Event Timeline