Page MenuHomeFreeBSD
Files F139445935

D47063.id144820.diff
No OneTemporary
Actions

D47063.id144820.diff
View Options

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -2338,7 +2338,7 @@
extern void pf_unlink_src_node(struct pf_ksrc_node *);
extern u_int pf_free_src_nodes(struct pf_ksrc_node_list *);
extern void pf_print_state(struct pf_kstate *);
-extern void pf_print_flags(u_int8_t);
+extern void pf_print_flags(uint16_t);
extern int pf_addr_wrap_neq(struct pf_addr_wrap *,
struct pf_addr_wrap *);
extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t,
diff --git a/sys/net/slcompress.c b/sys/net/slcompress.c
--- a/sys/net/slcompress.c
+++ b/sys/net/slcompress.c
@@ -170,7 +170,7 @@
return (TYPE_IP);
th = (struct tcphdr *)&((int32_t *)ip)[hlen];
- if ((th->th_flags & (TH_SYN|TH_FIN|TH_RST|TH_ACK)) != TH_ACK)
+ if ((tcp_get_flags(th) & (TH_SYN|TH_FIN|TH_RST|TH_ACK)) != TH_ACK)
return (TYPE_IP);
/*
* Packet is compressible -- we're going to send either a
@@ -271,7 +271,7 @@
* ack, seq (the order minimizes the number of temporaries
* needed in this section of code).
*/
- if (th->th_flags & TH_URG) {
+ if (tcp_get_flags(th) & TH_URG) {
deltaS = ntohs(th->th_urp);
ENCODEZ(deltaS);
changes |= NEW_U;
@@ -351,7 +351,7 @@
ENCODEZ(deltaS);
changes |= NEW_I;
}
- if (th->th_flags & TH_PUSH)
+ if (tcp_get_flags(th) & TH_PUSH)
changes |= TCP_PUSH_BIT;
/*
* Grab the cksum before we overwrite it below. Then update our
@@ -516,9 +516,9 @@
th->th_sum = htons((*cp << 8) | cp[1]);
cp += 2;
if (changes & TCP_PUSH_BIT)
- th->th_flags |= TH_PUSH;
+ tcp_set_flags(th, tcp_get_flags(th) | TH_PUSH);
else
- th->th_flags &=~ TH_PUSH;
+ tcp_set_flags(th, tcp_get_flags(th) & ~TH_PUSH);
switch (changes & SPECIALS_MASK) {
case SPECIAL_I:
@@ -536,10 +536,10 @@
default:
if (changes & NEW_U) {
- th->th_flags |= TH_URG;
+ tcp_set_flags(th, tcp_get_flags(th) | TH_URG);
DECODEU(th->th_urp)
} else
- th->th_flags &=~ TH_URG;
+ tcp_set_flags(th, tcp_get_flags(th) & ~TH_URG);
if (changes & NEW_W)
DECODES(th->th_win)
if (changes & NEW_A)
diff --git a/sys/netinet/libalias/alias.c b/sys/netinet/libalias/alias.c
--- a/sys/netinet/libalias/alias.c
+++ b/sys/netinet/libalias/alias.c
@@ -183,12 +183,12 @@
*/
/* Local prototypes */
-static void TcpMonitorIn(u_char, struct alias_link *);
+static void TcpMonitorIn(uint16_t, struct alias_link *);
-static void TcpMonitorOut(u_char, struct alias_link *);
+static void TcpMonitorOut(uint16_t, struct alias_link *);
static void
-TcpMonitorIn(u_char th_flags, struct alias_link *lnk)
+TcpMonitorIn(uint16_t th_flags, struct alias_link *lnk)
{
switch (GetStateIn(lnk)) {
case ALIAS_TCP_STATE_NOT_CONNECTED:
@@ -205,7 +205,7 @@
}
static void
-TcpMonitorOut(u_char th_flags, struct alias_link *lnk)
+TcpMonitorOut(uint16_t th_flags, struct alias_link *lnk)
{
switch (GetStateOut(lnk)) {
case ALIAS_TCP_STATE_NOT_CONNECTED:
@@ -1053,7 +1053,7 @@
/* Monitor TCP connection state */
tc = (struct tcphdr *)ip_next(pip);
- TcpMonitorIn(tc->th_flags, lnk);
+ TcpMonitorIn(__tcp_get_flags(tc), lnk);
return (PKT_ALIAS_OK);
}
@@ -1142,7 +1142,7 @@
/* Monitor TCP connection state */
tc = (struct tcphdr *)ip_next(pip);
- TcpMonitorOut(tc->th_flags, lnk);
+ TcpMonitorOut(__tcp_get_flags(tc), lnk);
/* Walk out chain. */
find_handler(OUT, TCP, la, pip, &ad);
diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -1263,7 +1263,6 @@
bcopy(opt, th + 1, optlen);
th->th_off = (sizeof (struct tcphdr) + optlen) >> 2;
}
- tcp_set_flags(th, flags);
/*
* Calculate receive window. Don't shrink window,
* but avoid silly window syndrome.
@@ -1308,8 +1307,8 @@
tp->t_flags &= ~TF_RXWIN0SENT;
if (SEQ_GT(tp->snd_up, tp->snd_nxt)) {
th->th_urp = htons((u_short)(tp->snd_up - tp->snd_nxt));
- th->th_flags |= TH_URG;
- } else
+ flags |= TH_URG;
+ } else {
/*
* If no urgent pointer to send, then we pull
* the urgent pointer to the left edge of the send window
@@ -1317,6 +1316,8 @@
* number wraparound.
*/
tp->snd_up = tp->snd_una; /* drag it along */
+ }
+ tcp_set_flags(th, flags);
/*
* Put TCP length in extended header, and then
diff --git a/sys/netpfil/ipfilter/netinet/fil.c b/sys/netpfil/ipfilter/netinet/fil.c
--- a/sys/netpfil/ipfilter/netinet/fil.c
+++ b/sys/netpfil/ipfilter/netinet/fil.c
@@ -1330,8 +1330,8 @@
return (1);
}
- flags = tcp->th_flags;
- fin->fin_tcpf = tcp->th_flags;
+ flags = tcp_get_flags(tcp);
+ fin->fin_tcpf = tcp_get_flags(tcp);
/*
* If the urgent flag is set, then the urgent pointer must
diff --git a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
--- a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
+++ b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
@@ -341,15 +341,15 @@
ip_t *ip;
tcp = fin->fin_dp;
- if (tcp->th_flags & TH_RST)
+ if (tcp_get_flags(tcp) & TH_RST)
return (-1); /* feedback loop */
if (ipf_checkl4sum(fin) == -1)
return (-1);
tlen = fin->fin_dlen - (TCP_OFF(tcp) << 2) +
- ((tcp->th_flags & TH_SYN) ? 1 : 0) +
- ((tcp->th_flags & TH_FIN) ? 1 : 0);
+ ((tcp_get_flags(tcp) & TH_SYN) ? 1 : 0) +
+ ((tcp_get_flags(tcp) & TH_FIN) ? 1 : 0);
#ifdef USE_INET6
hlen = (fin->fin_v == 6) ? sizeof(ip6_t) : sizeof(ip_t);
diff --git a/sys/netpfil/ipfilter/netinet/ip_ftp_pxy.c b/sys/netpfil/ipfilter/netinet/ip_ftp_pxy.c
--- a/sys/netpfil/ipfilter/netinet/ip_ftp_pxy.c
+++ b/sys/netpfil/ipfilter/netinet/ip_ftp_pxy.c
@@ -543,7 +543,7 @@
tcp2->th_win = htons(8192);
TCP_OFF_A(tcp2, 5);
- tcp2->th_flags = TH_SYN;
+ tcp_set_flags(tcp2, TH_SYN);
if (nat->nat_dir == NAT_INBOUND) {
fi.fin_out = 1;
@@ -873,7 +873,7 @@
fi.fin_flx &= FI_LOWTTL|FI_FRAG|FI_TCPUDP|FI_OPTIONS|FI_IGNORE;
TCP_OFF_A(tcp2, 5);
- tcp2->th_flags = TH_SYN;
+ tcp_set_flags(tcp2, TH_SYN);
tcp2->th_win = htons(8192);
tcp2->th_dport = htons(port);
@@ -1240,9 +1240,9 @@
if (softf->ipf_p_ftp_debug & DEBUG_INFO)
printf("ipf_p_ftp_process: %d:%d,%d, mlen %d flags %x\n",
fin->fin_out, fin->fin_sport, fin->fin_dport,
- mlen, tcp->th_flags);
+ mlen, tcp_get_flags(tcp));
- if ((mlen == 0) && ((tcp->th_flags & TH_OPENING) == TH_OPENING)) {
+ if ((mlen == 0) && ((tcp_get_flags(tcp) & TH_OPENING) == TH_OPENING)) {
f->ftps_seq[0] = thseq + 1;
t->ftps_seq[0] = thack;
return (0);
@@ -1283,7 +1283,7 @@
}
if (softf->ipf_p_ftp_debug & DEBUG_INFO) {
printf("%s: %x seq %x/%d ack %x/%d len %d/%d off %d\n",
- rv ? "IN" : "OUT", tcp->th_flags, thseq, seqoff,
+ rv ? "IN" : "OUT", tcp_get_flags(tcp), thseq, seqoff,
thack, ackoff, mlen, fin->fin_plen, off);
printf("sel %d seqmin %x/%x offset %d/%d\n", sel,
aps->aps_seqmin[sel], aps->aps_seqmin[sel2],
@@ -1357,7 +1357,7 @@
f->ftps_seq[0], f->ftps_seq[1]);
}
- if (tcp->th_flags & TH_FIN) {
+ if (tcp_get_flags(tcp) & TH_FIN) {
if (thseq == f->ftps_seq[1]) {
f->ftps_seq[0] = f->ftps_seq[1] - seqoff;
f->ftps_seq[1] = thseq + 1 - seqoff;
@@ -1530,7 +1530,7 @@
}
/* f->ftps_seq[1] += inc; */
- if (tcp->th_flags & TH_FIN)
+ if (tcp_get_flags(tcp) & TH_FIN)
f->ftps_seq[1]++;
if (softf->ipf_p_ftp_debug & DEBUG_PARSE_INFO) {
mlen = MSGDSIZE(m);
diff --git a/sys/netpfil/ipfilter/netinet/ip_nat.c b/sys/netpfil/ipfilter/netinet/ip_nat.c
--- a/sys/netpfil/ipfilter/netinet/ip_nat.c
+++ b/sys/netpfil/ipfilter/netinet/ip_nat.c
@@ -5715,7 +5715,7 @@
* Do a MSS CLAMPING on a SYN packet,
* only deal IPv4 for now.
*/
- if ((nat->nat_mssclamp != 0) && (tcp->th_flags & TH_SYN) != 0)
+ if ((nat->nat_mssclamp != 0) && (tcp_get_flags(tcp) & TH_SYN) != 0)
ipf_nat_mssclamp(tcp, nat->nat_mssclamp, fin, csump);
break;
diff --git a/sys/netpfil/ipfilter/netinet/ip_pptp_pxy.c b/sys/netpfil/ipfilter/netinet/ip_pptp_pxy.c
--- a/sys/netpfil/ipfilter/netinet/ip_pptp_pxy.c
+++ b/sys/netpfil/ipfilter/netinet/ip_pptp_pxy.c
@@ -515,7 +515,7 @@
rev = 0;
tcp = (tcphdr_t *)fin->fin_dp;
- if ((tcp->th_flags & TH_OPENING) == TH_OPENING) {
+ if ((tcp_get_flags(tcp) & TH_OPENING) == TH_OPENING) {
pptp = (pptp_pxy_t *)aps->aps_data;
pptp->pptp_side[1 - rev].pptps_next = ntohl(tcp->th_ack);
pptp->pptp_side[1 - rev].pptps_nexthdr = ntohl(tcp->th_ack);
diff --git a/sys/netpfil/ipfilter/netinet/ip_rcmd_pxy.c b/sys/netpfil/ipfilter/netinet/ip_rcmd_pxy.c
--- a/sys/netpfil/ipfilter/netinet/ip_rcmd_pxy.c
+++ b/sys/netpfil/ipfilter/netinet/ip_rcmd_pxy.c
@@ -263,7 +263,7 @@
bzero((char *)tcp2, sizeof(*tcp2));
tcp2->th_win = htons(8192);
TCP_OFF_A(tcp2, 5);
- tcp2->th_flags = TH_SYN;
+ tcp_set_flags(tcp2, TH_SYN);
fi.fin_dp = (char *)tcp2;
fi.fin_fr = &rcmdfr;
diff --git a/sys/netpfil/ipfilter/netinet/ip_rpcb_pxy.c b/sys/netpfil/ipfilter/netinet/ip_rpcb_pxy.c
--- a/sys/netpfil/ipfilter/netinet/ip_rpcb_pxy.c
+++ b/sys/netpfil/ipfilter/netinet/ip_rpcb_pxy.c
@@ -1127,7 +1127,7 @@
tcp.th_win = htons(8192);
TCP_OFF_A(&tcp, sizeof(tcphdr_t) >> 2);
fi.fin_dlen = sizeof(tcphdr_t);
- tcp.th_flags = TH_SYN;
+ tcp_set_flags(&tcp, TH_SYN);
nflags = NAT_TCP;
} else {
fi.fin_dlen = sizeof(udphdr_t);
diff --git a/sys/netpfil/ipfilter/netinet/ip_state.c b/sys/netpfil/ipfilter/netinet/ip_state.c
--- a/sys/netpfil/ipfilter/netinet/ip_state.c
+++ b/sys/netpfil/ipfilter/netinet/ip_state.c
@@ -1520,7 +1520,7 @@
case IPPROTO_TCP :
tcp = fin->fin_dp;
- if (tcp->th_flags & TH_RST) {
+ if (tcp_get_flags(tcp) & TH_RST) {
SBUMPD(ipf_state_stats, iss_tcp_rstadd);
return (-4);
}
@@ -1553,15 +1553,15 @@
if ((fin->fin_flx & FI_IGNORE) == 0) {
is->is_send = ntohl(tcp->th_seq) + fin->fin_dlen -
(TCP_OFF(tcp) << 2) +
- ((tcp->th_flags & TH_SYN) ? 1 : 0) +
- ((tcp->th_flags & TH_FIN) ? 1 : 0);
+ ((tcp_get_flags(tcp) & TH_SYN) ? 1 : 0) +
+ ((tcp_get_flags(tcp) & TH_FIN) ? 1 : 0);
is->is_maxsend = is->is_send;
/*
* Window scale option is only present in
* SYN/SYN-ACK packet.
*/
- if ((tcp->th_flags & ~(TH_FIN|TH_ACK|TH_ECNALL)) ==
+ if ((tcp_get_flags(tcp) & ~(TH_FIN|TH_ACK|TH_ECNALL)) ==
TH_SYN &&
(TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2))) {
if (ipf_tcpoptions(softs, fin, tcp,
@@ -1576,7 +1576,7 @@
ipf_fixoutisn(fin, is);
}
- if ((tcp->th_flags & TH_OPENING) == TH_SYN)
+ if ((tcp_get_flags(tcp) & TH_OPENING) == TH_SYN)
flags |= IS_TCPFSM;
else {
is->is_maxdwin = is->is_maxswin * 2;
@@ -1968,7 +1968,7 @@
* If a SYN packet is received for a connection that is on the way out
* but hasn't yet departed then advance this session along the way.
*/
- if ((tcp->th_flags & TH_OPENING) == TH_SYN) {
+ if ((tcp_get_flags(tcp) & TH_OPENING) == TH_SYN) {
if ((is->is_state[0] > IPF_TCPS_ESTABLISHED) &&
(is->is_state[1] > IPF_TCPS_ESTABLISHED)) {
is->is_state[!source] = IPF_TCPS_CLOSED;
@@ -2011,7 +2011,7 @@
* Window scale option is only present in SYN/SYN-ACK packet.
* Compare with ~TH_FIN to mask out T/TCP setups.
*/
- flags = tcp->th_flags & ~(TH_FIN|TH_ECNALL);
+ flags = tcp_get_flags(tcp) & ~(TH_FIN|TH_ECNALL);
if (flags == (TH_SYN|TH_ACK)) {
is->is_s0[source] = ntohl(tcp->th_ack);
is->is_s0[!source] = ntohl(tcp->th_seq) + 1;
@@ -2110,7 +2110,7 @@
/*
* Find difference between last checked packet and this packet.
*/
- tcpflags = tcp->th_flags;
+ tcpflags = tcp_get_flags(tcp);
seq = ntohl(tcp->th_seq);
ack = ntohl(tcp->th_ack);
if (tcpflags & TH_SYN)
@@ -2313,8 +2313,8 @@
clone->is_state[0] = 0;
clone->is_state[1] = 0;
send = ntohl(tcp->th_seq) + fin->fin_dlen - (TCP_OFF(tcp) << 2) +
- ((tcp->th_flags & TH_SYN) ? 1 : 0) +
- ((tcp->th_flags & TH_FIN) ? 1 : 0);
+ ((tcp_get_flags(tcp) & TH_SYN) ? 1 : 0) +
+ ((tcp_get_flags(tcp) & TH_FIN) ? 1 : 0);
if (fin->fin_rev == 1) {
clone->is_dend = send;
@@ -3954,7 +3954,7 @@
rval = 0;
dir = fin->fin_rev;
- tcpflags = tcp->th_flags;
+ tcpflags = tcp_get_flags(tcp);
dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2);
ostate = tqe->tqe_state[1 - dir];
nstate = tqe->tqe_state[dir];
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@@ -719,12 +719,12 @@
if (flags & TH_RST) {
if (flags & TH_ACK) {
th->th_seq = htonl(ack);
- th->th_flags = TH_RST;
+ tcp_set_flags(th, TH_RST);
} else {
if (flags & TH_SYN)
seq++;
th->th_ack = htonl(seq);
- th->th_flags = TH_RST | TH_ACK;
+ tcp_set_flags(th, TH_RST | TH_ACK);
}
} else {
/*
@@ -732,7 +732,7 @@
*/
th->th_seq = htonl(seq);
th->th_ack = htonl(ack);
- th->th_flags = TH_ACK;
+ tcp_set_flags(th, TH_ACK);
}
switch (id->addr_type) {
@@ -893,11 +893,11 @@
struct tcphdr *tcp;
tcp = (struct tcphdr *)((char *)ip6 + hlen);
- if ((tcp->th_flags & TH_RST) == 0) {
+ if ((tcp_get_flags(tcp) & TH_RST) == 0) {
struct mbuf *m0;
m0 = ipfw_send_pkt(args->m, &(args->f_id),
ntohl(tcp->th_seq), ntohl(tcp->th_ack),
- tcp->th_flags | TH_RST);
+ tcp_get_flags(tcp) | TH_RST);
if (m0 != NULL)
ip6_output(m0, NULL, NULL, 0, NULL, NULL,
NULL);
@@ -1021,11 +1021,11 @@
} else if (code == ICMP_REJECT_RST && args->f_id.proto == IPPROTO_TCP) {
struct tcphdr *const tcp =
L3HDR(struct tcphdr, mtod(args->m, struct ip *));
- if ( (tcp->th_flags & TH_RST) == 0) {
+ if ( (tcp_get_flags(tcp) & TH_RST) == 0) {
struct mbuf *m;
m = ipfw_send_pkt(args->m, &(args->f_id),
ntohl(tcp->th_seq), ntohl(tcp->th_ack),
- tcp->th_flags | TH_RST);
+ tcp_get_flags(tcp) | TH_RST);
if (m != NULL)
ip_output(m, NULL, NULL, 0, NULL, NULL);
}
@@ -1571,7 +1571,7 @@
dst_port = TCP(ulp)->th_dport;
src_port = TCP(ulp)->th_sport;
/* save flags for dynamic rules */
- args->f_id._flags = TCP(ulp)->th_flags;
+ args->f_id._flags = tcp_get_flags(TCP(ulp));
break;
case IPPROTO_SCTP:
@@ -1762,7 +1762,7 @@
dst_port = TCP(ulp)->th_dport;
src_port = TCP(ulp)->th_sport;
/* save flags for dynamic rules */
- args->f_id._flags = TCP(ulp)->th_flags;
+ args->f_id._flags = tcp_get_flags(TCP(ulp));
break;
case IPPROTO_SCTP:
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -3437,7 +3437,7 @@
th->th_seq = htonl(seq);
th->th_ack = htonl(ack);
th->th_off = tlen >> 2;
- th->th_flags = tcp_flags;
+ tcp_set_flags(th, tcp_flags);
th->th_win = htons(win);
if (mss) {
@@ -3658,16 +3658,16 @@
if (pd->proto == IPPROTO_TCP &&
((r->rule_flag & PFRULE_RETURNRST) ||
(r->rule_flag & PFRULE_RETURN)) &&
- !(th->th_flags & TH_RST)) {
+ !(tcp_get_flags(th) & TH_RST)) {
u_int32_t ack = ntohl(th->th_seq) + pd->p_len;
if (pf_check_proto_cksum(pd->m, pd->off, pd->tot_len - pd->off,
IPPROTO_TCP, pd->af))
REASON_SET(reason, PFRES_PROTCKSUM);
else {
- if (th->th_flags & TH_SYN)
+ if (tcp_get_flags(th) & TH_SYN)
ack++;
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
ack++;
pf_send_tcp(r, pd->af, pd->dst,
pd->src, th->th_dport, th->th_sport,
@@ -5128,7 +5128,7 @@
break;
case IPPROTO_TCP:
- PF_TEST_ATTRIB((r->flagset & th->th_flags) != r->flags,
+ PF_TEST_ATTRIB((r->flagset & tcp_get_flags(th)) != r->flags,
TAILQ_NEXT(r, entries));
/* FALLTHROUGH */
case IPPROTO_SCTP:
@@ -5389,7 +5389,7 @@
case IPPROTO_TCP:
s->src.seqlo = ntohl(th->th_seq);
s->src.seqhi = s->src.seqlo + pd->p_len + 1;
- if ((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN &&
+ if ((tcp_get_flags(th) & (TH_SYN|TH_ACK)) == TH_SYN &&
r->keep_state == PF_STATE_MODULATE) {
/* Generate sequence number modulator */
if ((s->src.seqdiff = pf_tcp_iss(pd) - s->src.seqlo) ==
@@ -5400,7 +5400,7 @@
*rewrite = 1;
} else
s->src.seqdiff = 0;
- if (th->th_flags & TH_SYN) {
+ if (tcp_get_flags(th) & TH_SYN) {
s->src.seqhi++;
s->src.wscale = pf_get_wscale(pd);
}
@@ -5412,7 +5412,7 @@
s->src.max_win = (win - 1) >>
(s->src.wscale & PF_WSCALE_MASK);
}
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
s->src.seqhi++;
s->dst.seqhi = 1;
s->dst.max_win = 1;
@@ -5508,7 +5508,7 @@
if (tag > 0)
s->tag = tag;
- if (pd->proto == IPPROTO_TCP && (th->th_flags & (TH_SYN|TH_ACK)) ==
+ if (pd->proto == IPPROTO_TCP && (tcp_get_flags(th) & (TH_SYN|TH_ACK)) ==
TH_SYN && r->keep_state == PF_STATE_SYNPROXY) {
pf_set_protostate(s, PF_PEER_SRC, PF_TCPS_PROXY_SRC);
/* undo NAT changes, if they have taken place */
@@ -5612,7 +5612,7 @@
pdst = PF_PEER_SRC;
}
- if (src->wscale && dst->wscale && !(th->th_flags & TH_SYN)) {
+ if (src->wscale && dst->wscale && !(tcp_get_flags(th) & TH_SYN)) {
sws = src->wscale & PF_WSCALE_MASK;
dws = dst->wscale & PF_WSCALE_MASK;
} else
@@ -5651,7 +5651,7 @@
}
end = seq + pd->p_len;
- if (th->th_flags & TH_SYN) {
+ if (tcp_get_flags(th) & TH_SYN) {
end++;
if (dst->wscale & PF_WSCALE_FLAG) {
src->wscale = pf_get_wscale(pd);
@@ -5673,7 +5673,7 @@
}
}
data_end = end;
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
end++;
src->seqlo = seq;
@@ -5701,18 +5701,18 @@
*copyback = 1;
}
end = seq + pd->p_len;
- if (th->th_flags & TH_SYN)
+ if (tcp_get_flags(th) & TH_SYN)
end++;
data_end = end;
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
end++;
}
- if ((th->th_flags & TH_ACK) == 0) {
+ if ((tcp_get_flags(th) & TH_ACK) == 0) {
/* Let it pass through the ack skew check */
ack = dst->seqlo;
} else if ((ack == 0 &&
- (th->th_flags & (TH_ACK|TH_RST)) == (TH_ACK|TH_RST)) ||
+ (tcp_get_flags(th) & (TH_ACK|TH_RST)) == (TH_ACK|TH_RST)) ||
/* broken tcp stacks do not set ack */
(dst->state < TCPS_SYN_SENT)) {
/*
@@ -5756,7 +5756,7 @@
/* Acking not more than one reassembled fragment backwards */
(ackskew <= (MAXACKWINDOW << sws)) &&
/* Acking not more than one window forward */
- ((th->th_flags & TH_RST) == 0 || orig_seq == src->seqlo ||
+ ((tcp_get_flags(th) & TH_RST) == 0 || orig_seq == src->seqlo ||
(orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo))) {
/* Require an exact/+1 sequence match on resets when possible */
@@ -5777,13 +5777,13 @@
dst->seqhi = ack + MAX((win << sws), 1);
/* update states */
- if (th->th_flags & TH_SYN)
+ if (tcp_get_flags(th) & TH_SYN)
if (src->state < TCPS_SYN_SENT)
pf_set_protostate(*state, psrc, TCPS_SYN_SENT);
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
if (src->state < TCPS_CLOSING)
pf_set_protostate(*state, psrc, TCPS_CLOSING);
- if (th->th_flags & TH_ACK) {
+ if (tcp_get_flags(th) & TH_ACK) {
if (dst->state == TCPS_SYN_SENT) {
pf_set_protostate(*state, pdst,
TCPS_ESTABLISHED);
@@ -5797,7 +5797,7 @@
pf_set_protostate(*state, pdst,
TCPS_FIN_WAIT_2);
}
- if (th->th_flags & TH_RST)
+ if (tcp_get_flags(th) & TH_RST)
pf_set_protostate(*state, PF_PEER_BOTH, TCPS_TIME_WAIT);
/* update expire time */
@@ -5851,7 +5851,7 @@
if (V_pf_status.debug >= PF_DEBUG_MISC) {
printf("pf: loose state match: ");
pf_print_state(*state);
- pf_print_flags(th->th_flags);
+ pf_print_flags(tcp_get_flags(th));
printf(" seq=%u (%u) ack=%u len=%u ackskew=%d "
"pkts=%llu:%llu dir=%s,%s\n", seq, orig_seq, ack,
pd->p_len, ackskew, (unsigned long long)(*state)->packets[0],
@@ -5881,10 +5881,10 @@
* SYN and not an already established connection.
*/
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
if (src->state < TCPS_CLOSING)
pf_set_protostate(*state, psrc, TCPS_CLOSING);
- if (th->th_flags & TH_RST)
+ if (tcp_get_flags(th) & TH_RST)
pf_set_protostate(*state, PF_PEER_BOTH, TCPS_TIME_WAIT);
/* Fall through to PASS packet */
@@ -5893,7 +5893,7 @@
if ((*state)->dst.state == TCPS_SYN_SENT &&
(*state)->src.state == TCPS_SYN_SENT) {
/* Send RST for state mismatches during handshake */
- if (!(th->th_flags & TH_RST))
+ if (!(tcp_get_flags(th) & TH_RST))
pf_send_tcp((*state)->rule, pd->af,
pd->dst, pd->src, th->th_dport,
th->th_sport, ntohl(th->th_ack), 0,
@@ -5906,7 +5906,7 @@
} else if (V_pf_status.debug >= PF_DEBUG_MISC) {
printf("pf: BAD state: ");
pf_print_state(*state);
- pf_print_flags(th->th_flags);
+ pf_print_flags(tcp_get_flags(th));
printf(" seq=%u (%u) ack=%u len=%u ackskew=%d "
"pkts=%llu:%llu dir=%s,%s\n",
seq, orig_seq, ack, pd->p_len, ackskew,
@@ -5949,13 +5949,13 @@
pdst = PF_PEER_SRC;
}
- if (th->th_flags & TH_SYN)
+ if (tcp_get_flags(th) & TH_SYN)
if (src->state < TCPS_SYN_SENT)
pf_set_protostate(*state, psrc, TCPS_SYN_SENT);
- if (th->th_flags & TH_FIN)
+ if (tcp_get_flags(th) & TH_FIN)
if (src->state < TCPS_CLOSING)
pf_set_protostate(*state, psrc, TCPS_CLOSING);
- if (th->th_flags & TH_ACK) {
+ if (tcp_get_flags(th) & TH_ACK) {
if (dst->state == TCPS_SYN_SENT) {
pf_set_protostate(*state, pdst, TCPS_ESTABLISHED);
if (src->state == TCPS_ESTABLISHED &&
@@ -5993,7 +5993,7 @@
pf_set_protostate(*state, pdst, TCPS_CLOSING);
}
}
- if (th->th_flags & TH_RST)
+ if (tcp_get_flags(th) & TH_RST)
pf_set_protostate(*state, PF_PEER_BOTH, TCPS_TIME_WAIT);
/* update expire time */
@@ -6027,7 +6027,7 @@
REASON_SET(reason, PFRES_SYNPROXY);
return (PF_SYNPROXY_DROP);
}
- if (th->th_flags & TH_SYN) {
+ if (tcp_get_flags(th) & TH_SYN) {
if (ntohl(th->th_seq) != (*state)->src.seqlo) {
REASON_SET(reason, PFRES_SYNPROXY);
return (PF_DROP);
@@ -6039,7 +6039,7 @@
(*state)->act.rtableid);
REASON_SET(reason, PFRES_SYNPROXY);
return (PF_SYNPROXY_DROP);
- } else if ((th->th_flags & (TH_ACK|TH_RST|TH_FIN)) != TH_ACK ||
+ } else if ((tcp_get_flags(th) & (TH_ACK|TH_RST|TH_FIN)) != TH_ACK ||
(ntohl(th->th_ack) != (*state)->src.seqhi + 1) ||
(ntohl(th->th_seq) != (*state)->src.seqlo + 1)) {
REASON_SET(reason, PFRES_SYNPROXY);
@@ -6054,7 +6054,7 @@
}
if ((*state)->src.state == PF_TCPS_PROXY_DST) {
if (pd->dir == (*state)->direction) {
- if (((th->th_flags & (TH_SYN|TH_ACK)) != TH_ACK) ||
+ if (((tcp_get_flags(th) & (TH_SYN|TH_ACK)) != TH_ACK) ||
(ntohl(th->th_ack) != (*state)->src.seqhi + 1) ||
(ntohl(th->th_seq) != (*state)->src.seqlo + 1)) {
REASON_SET(reason, PFRES_SYNPROXY);
@@ -6071,7 +6071,7 @@
(*state)->act.rtableid);
REASON_SET(reason, PFRES_SYNPROXY);
return (PF_SYNPROXY_DROP);
- } else if (((th->th_flags & (TH_SYN|TH_ACK)) !=
+ } else if (((tcp_get_flags(th) & (TH_SYN|TH_ACK)) !=
(TH_SYN|TH_ACK)) ||
(ntohl(th->th_ack) != (*state)->dst.seqhi + 1)) {
REASON_SET(reason, PFRES_SYNPROXY);
@@ -6149,13 +6149,13 @@
if (dst->state >= TCPS_FIN_WAIT_2 &&
src->state >= TCPS_FIN_WAIT_2 &&
- (((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) ||
- ((th->th_flags & (TH_SYN|TH_ACK|TH_RST)) == TH_ACK &&
+ (((tcp_get_flags(th) & (TH_SYN|TH_ACK)) == TH_SYN) ||
+ ((tcp_get_flags(th) & (TH_SYN|TH_ACK|TH_RST)) == TH_ACK &&
pf_syncookie_check(pd) && pd->dir == PF_IN))) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
printf("pf: state reuse ");
pf_print_state(*state);
- pf_print_flags(th->th_flags);
+ pf_print_flags(tcp_get_flags(th));
printf("\n");
}
/* XXX make sure it's the same direction ?? */
@@ -9067,14 +9067,14 @@
case IPPROTO_TCP: {
/* Respond to SYN with a syncookie. */
- if ((pd.hdr.tcp.th_flags & (TH_SYN|TH_ACK|TH_RST)) == TH_SYN &&
+ if ((tcp_get_flags(&pd.hdr.tcp) & (TH_SYN|TH_ACK|TH_RST)) == TH_SYN &&
pd.dir == PF_IN && pf_synflood_check(&pd)) {
pf_syncookie_send(&pd);
action = PF_DROP;
break;
}
- if ((pd.hdr.tcp.th_flags & TH_ACK) && pd.p_len == 0)
+ if ((tcp_get_flags(&pd.hdr.tcp) & TH_ACK) && pd.p_len == 0)
use_2nd_queue = 1;
action = pf_normalize_tcp(&pd);
if (action == PF_DROP)
@@ -9088,7 +9088,7 @@
} else if (s == NULL) {
/* Validate remote SYN|ACK, re-create original SYN if
* valid. */
- if ((pd.hdr.tcp.th_flags & (TH_SYN|TH_ACK|TH_RST)) ==
+ if ((tcp_get_flags(&pd.hdr.tcp) & (TH_SYN|TH_ACK|TH_RST)) ==
TH_ACK && pf_syncookie_validate(&pd) &&
pd.dir == PF_IN) {
struct mbuf *msyn;
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
--- a/sys/netpfil/pf/pf_norm.c
+++ b/sys/netpfil/pf/pf_norm.c
@@ -1446,7 +1446,7 @@
* All normalizations below are only begun if we see the start of
* the connections. They must all set an enabled bit in pfss_flags
*/
- if ((th->th_flags & TH_SYN) == 0)
+ if ((tcp_get_flags(th) & TH_SYN) == 0)
return (0);
if (th->th_off > (sizeof(struct tcphdr) >> 2) && src->scrub &&
@@ -1797,7 +1797,7 @@
dst->scrub->pfss_tsecr, dst->scrub->pfss_tsval0));
if (V_pf_status.debug >= PF_DEBUG_MISC) {
pf_print_state(state);
- pf_print_flags(th->th_flags);
+ pf_print_flags(tcp_get_flags(th));
printf("\n");
}
REASON_SET(reason, PFRES_TS);
@@ -1806,9 +1806,9 @@
/* XXX I'd really like to require tsecr but it's optional */
- } else if (!got_ts && (th->th_flags & TH_RST) == 0 &&
+ } else if (!got_ts && (tcp_get_flags(th) & TH_RST) == 0 &&
((src->state == TCPS_ESTABLISHED && dst->state == TCPS_ESTABLISHED)
- || pd->p_len > 0 || (th->th_flags & TH_SYN)) &&
+ || pd->p_len > 0 || (tcp_get_flags(th) & TH_SYN)) &&
src->scrub && dst->scrub &&
(src->scrub->pfss_flags & PFSS_PAWS) &&
(dst->scrub->pfss_flags & PFSS_PAWS)) {
@@ -1847,7 +1847,7 @@
DPFPRINTF(("Did not receive expected RFC1323 "
"timestamp\n"));
pf_print_state(state);
- pf_print_flags(th->th_flags);
+ pf_print_flags(tcp_get_flags(th));
printf("\n");
}
REASON_SET(reason, PFRES_TS);
@@ -1876,7 +1876,7 @@
"timestamp data packet. Disabled PAWS "
"security.\n"));
pf_print_state(state);
- pf_print_flags(th->th_flags);
+ pf_print_flags(tcp_get_flags(th));
printf("\n");
}
}
diff --git a/sys/netpfil/pf/pf_osfp.c b/sys/netpfil/pf/pf_osfp.c
--- a/sys/netpfil/pf/pf_osfp.c
+++ b/sys/netpfil/pf/pf_osfp.c
@@ -103,7 +103,7 @@
char srcname[INET_ADDRSTRLEN];
#endif
- if ((tcp->th_flags & (TH_SYN|TH_ACK)) != TH_SYN)
+ if ((tcp_get_flags(tcp) & (TH_SYN|TH_ACK)) != TH_SYN)
return (NULL);
if (ip) {
if ((ip->ip_off & htons(IP_OFFMASK)) != 0)
diff --git a/usr.sbin/ppp/ip.c b/usr.sbin/ppp/ip.c
--- a/usr.sbin/ppp/ip.c
+++ b/usr.sbin/ppp/ip.c
@@ -371,14 +371,14 @@
}
sport = ntohs(th->th_sport);
dport = ntohs(th->th_dport);
- estab = (th->th_flags & TH_ACK);
- syn = (th->th_flags & TH_SYN);
- finrst = (th->th_flags & (TH_FIN|TH_RST));
+ estab = __tcp_get_flags(th) & TH_ACK;
+ syn = __tcp_get_flags(th) & TH_SYN;
+ finrst = __tcp_get_flags(th) & (TH_FIN|TH_RST);
if (log_IsKept(LogDEBUG)) {
if (!estab)
snprintf(dbuff, sizeof dbuff,
- "flags = %02x, sport = %d, dport = %d",
- th->th_flags, sport, dport);
+ "flags = %03x, sport = %d, dport = %d",
+ __tcp_get_flags(th), sport, dport);
else
*dbuff = '\0';
}
@@ -831,7 +831,7 @@
loglen += strlen(logbuf + loglen);
n = 0;
for (mask = TH_FIN; mask != 0x40; mask <<= 1) {
- if (th->th_flags & mask) {
+ if (__tcp_get_flags(th) & mask) {
snprintf(logbuf + loglen, sizeof logbuf - loglen, " %s", TcpFlags[n]);
loglen += strlen(logbuf + loglen);
}
@@ -841,7 +841,7 @@
" seq:%lx ack:%lx (%d/%d)",
(u_long)ntohl(th->th_seq), (u_long)ntohl(th->th_ack), len, nb);
loglen += strlen(logbuf + loglen);
- if ((th->th_flags & TH_SYN) && nb > 40) {
+ if ((__tcp_get_flags(th) & TH_SYN) && nb > 40) {
const u_short *sp;
sp = (const u_short *)(payload + 20);
diff --git a/usr.sbin/ppp/slcompress.c b/usr.sbin/ppp/slcompress.c
--- a/usr.sbin/ppp/slcompress.c
+++ b/usr.sbin/ppp/slcompress.c
@@ -179,8 +179,8 @@
return (TYPE_IP);
}
th = (struct tcphdr *) & ((int *) ip)[hlen];
- if ((th->th_flags & (TH_SYN | TH_FIN | TH_RST | TH_ACK)) != TH_ACK) {
- log_Printf(LogDEBUG, "??? 2 th_flags = %x\n", th->th_flags);
+ if ((__tcp_get_flags(th) & (TH_SYN | TH_FIN | TH_RST | TH_ACK)) != TH_ACK) {
+ log_Printf(LogDEBUG, "??? 2 th_flags = %x\n", __tcp_get_flags(th));
log_DumpBp(LogDEBUG, "", m);
return (TYPE_IP);
}
@@ -283,7 +283,7 @@
* changes in the order: urgent, window, ack, seq (the order minimizes the
* number of temporaries needed in this section of code).
*/
- if (th->th_flags & TH_URG) {
+ if (__tcp_get_flags(th) & TH_URG) {
deltaS = ntohs(th->th_urp);
ENCODEZ(deltaS);
changes |= NEW_U;
@@ -366,7 +366,7 @@
ENCODEZ(deltaS);
changes |= NEW_I;
}
- if (th->th_flags & TH_PUSH)
+ if (__tcp_get_flags(th) & TH_PUSH)
changes |= TCP_PUSH_BIT;
/*
@@ -501,9 +501,9 @@
th->th_sum = htons((*cp << 8) | cp[1]);
cp += 2;
if (changes & TCP_PUSH_BIT)
- th->th_flags |= TH_PUSH;
+ __tcp_set_flags(th, __tcp_get_flags(th) | TH_PUSH);
else
- th->th_flags &= ~TH_PUSH;
+ __tcp_set_flags(th, __tcp_get_flags(th) & ~TH_PUSH);
switch (changes & SPECIALS_MASK) {
case SPECIAL_I:
@@ -522,10 +522,10 @@
default:
if (changes & NEW_U) {
- th->th_flags |= TH_URG;
+ __tcp_set_flags(th, __tcp_get_flags(th) | TH_URG);
DECODEU(th->th_urp)
} else
- th->th_flags &= ~TH_URG;
+ __tcp_set_flags(th, __tcp_get_flags(th) & ~TH_URG);
if (changes & NEW_W)
DECODES(th->th_win)
if (changes & NEW_A)
diff --git a/usr.sbin/ppp/tcpmss.c b/usr.sbin/ppp/tcpmss.c
--- a/usr.sbin/ppp/tcpmss.c
+++ b/usr.sbin/ppp/tcpmss.c
@@ -115,7 +115,7 @@
return;
/* MSS option only allowed within SYN packets. */
- if (!(tc->th_flags & TH_SYN))
+ if (!(__tcp_get_flags(tc) & TH_SYN))
return;
for (olen = hlen - sizeof(struct tcphdr), opt = (u_char *)(tc + 1);
diff --git a/usr.sbin/traceroute/traceroute.c b/usr.sbin/traceroute/traceroute.c
--- a/usr.sbin/traceroute/traceroute.c
+++ b/usr.sbin/traceroute/traceroute.c
@@ -1497,7 +1497,7 @@
tcp->th_seq = (tcp->th_sport << 16) | tcp->th_dport;
tcp->th_ack = 0;
tcp->th_off = 5;
- tcp->th_flags = TH_SYN;
+ __tcp_set_flags(tcp, TH_SYN);
tcp->th_sum = 0;
if (doipcksum)
diff --git a/usr.sbin/traceroute6/traceroute6.c b/usr.sbin/traceroute6/traceroute6.c
--- a/usr.sbin/traceroute6/traceroute6.c
+++ b/usr.sbin/traceroute6/traceroute6.c
@@ -1213,7 +1213,7 @@
tcp->th_seq = (tcp->th_sport << 16) | tcp->th_dport;
tcp->th_ack = 0;
tcp->th_off = 5;
- tcp->th_flags = TH_SYN;
+ __tcp_set_flags(tcp, TH_SYN);
tcp->th_sum = 0;
tcp->th_sum = tcp_chksum(&Src, &Dst, outpacket, datalen);
break;

File Metadata

Mime Type
text/plain
Expires
Sat, Dec 13, 4:30 AM (2 h, 15 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
26921411
Default Alt Text
D47063.id144820.diff (30 KB)

Event Timeline