The branch main has been updated by rscheff:
URL:
https://cgit.FreeBSD.org/src/commit/?id=0fc7bdc978366abb4351b0b76b50a5848cc5d982
commit 0fc7bdc978366abb4351b0b76b50a5848cc5d982
Author: Richard Scheffenegger <rsch...@freebsd.org>
AuthorDate: 2024-11-29 08:44:59 +0000
Commit: Richard Scheffenegger <rsch...@freebsd.org>
CommitDate: 2024-11-29 08:48:23 +0000
tcp: extend the use of the th_flags accessor function
Formally, there are 12 bits for TCP header flags.
Use the accessor functions in more (kernel) places.
No functional change.
Reviewed By: cc, #transport, cy, glebius, #iflib, kbowling
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D47063
---
sys/dev/cxgbe/crypto/t6_kern_tls.c | 12 ++--
sys/dev/cxgbe/tom/t4_listen.c | 2 +-
sys/dev/hyperv/netvsc/if_hn.c | 2 +-
sys/dev/irdma/irdma_cm.c | 32 +++++------
sys/dev/mlx5/mlx5_en/mlx5_en_rx.c | 4 +-
sys/dev/oce/oce_if.c | 2 +-
sys/dev/qlxgbe/ql_isr.c | 2 +-
sys/dev/sfxge/sfxge_rx.c | 6 +-
sys/dev/sfxge/sfxge_tx.c | 14 ++---
sys/dev/virtio/network/if_vtnet.c | 2 +-
sys/dev/virtio/network/virtio_net.h | 2 +-
sys/net/iflib.c | 4 +-
sys/net/iflib.h | 6 +-
sys/net/slcompress.c | 14 ++---
sys/netgraph/netflow/netflow.c | 16 +++---
sys/netgraph/netflow/ng_netflow.h | 4 +-
sys/netgraph/ng_tcpmss.c | 2 +-
sys/netinet/libalias/alias.c | 12 ++--
sys/netinet/libalias/alias_ftp.c | 2 +-
sys/netinet/libalias/alias_irc.c | 2 +-
sys/netinet/libalias/alias_proxy.c | 2 +-
sys/netinet/libalias/alias_skinny.c | 6 +-
sys/netinet/libalias/alias_smedia.c | 4 +-
sys/netinet/tcp_output.c | 7 ++-
sys/netpfil/ipfilter/netinet/fil.c | 4 +-
sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c | 6 +-
sys/netpfil/ipfilter/netinet/ip_ftp_pxy.c | 14 ++---
sys/netpfil/ipfilter/netinet/ip_nat.c | 2 +-
sys/netpfil/ipfilter/netinet/ip_pptp_pxy.c | 2 +-
sys/netpfil/ipfilter/netinet/ip_rcmd_pxy.c | 2 +-
sys/netpfil/ipfilter/netinet/ip_rpcb_pxy.c | 2 +-
sys/netpfil/ipfilter/netinet/ip_state.c | 22 ++++----
sys/netpfil/ipfw/ip_fw2.c | 27 +++++----
sys/netpfil/ipfw/ip_fw_dynamic.c | 4 +-
sys/netpfil/ipfw/ip_fw_nat.c | 4 +-
sys/netpfil/pf/pf.c | 80 +++++++++++++--------------
sys/netpfil/pf/pf_norm.c | 12 ++--
sys/netpfil/pf/pf_osfp.c | 2 +-
usr.sbin/ppp/ip.c | 14 ++---
usr.sbin/ppp/slcompress.c | 16 +++---
usr.sbin/ppp/tcpmss.c | 2 +-
usr.sbin/traceroute/traceroute.c | 2 +-
usr.sbin/traceroute6/traceroute6.c | 2 +-
43 files changed, 193 insertions(+), 187 deletions(-)
diff --git a/sys/dev/cxgbe/crypto/t6_kern_tls.c
b/sys/dev/cxgbe/crypto/t6_kern_tls.c
index f374de5241f6..167eb77da942 100644
--- a/sys/dev/cxgbe/crypto/t6_kern_tls.c
+++ b/sys/dev/cxgbe/crypto/t6_kern_tls.c
@@ -995,7 +995,7 @@ t6_ktls_parse_pkt(struct mbuf *m)
* See if we have any TCP options or a FIN requiring a
* dedicated packet.
*/
- if ((tcp->th_flags & TH_FIN) != 0 || ktls_has_tcp_options(tcp)) {
+ if ((tcp_get_flags(tcp) & TH_FIN) != 0 || ktls_has_tcp_options(tcp)) {
wr_len = sizeof(struct fw_eth_tx_pkt_wr) +
sizeof(struct cpl_tx_pkt_core) + roundup2(m->m_len, 16);
if (wr_len > SGE_MAX_WR_LEN) {
@@ -1180,7 +1180,7 @@ ktls_write_tcp_options(struct sge_txq *txq, void *dst,
struct mbuf *m,
/* Clear PUSH and FIN in the TCP header if present. */
tcp = (void *)((char *)eh + m->m_pkthdr.l2hlen + m->m_pkthdr.l3hlen);
newtcp = *tcp;
- newtcp.th_flags &= ~(TH_PUSH | TH_FIN);
+ tcp_set_flags(&newtcp, tcp_get_flags(&newtcp) & ~(TH_PUSH | TH_FIN));
copy_to_txd(&txq->eq, (caddr_t)&newtcp, &out, sizeof(newtcp));
/* Copy rest of packet. */
@@ -1370,7 +1370,7 @@ ktls_write_tls_wr(struct tlspcb *tlsp, struct sge_txq
*txq, void *dst,
CTR4(KTR_CXGBE, "%s: tid %d short TLS record %u with offset %u",
__func__, tlsp->tid, (u_int)m_tls->m_epg_seqno, offset);
#endif
- if (m_tls->m_next == NULL && (tcp->th_flags & TH_FIN) != 0) {
+ if (m_tls->m_next == NULL && (tcp_get_flags(tcp) & TH_FIN) !=
0) {
txq->kern_tls_fin_short++;
#ifdef INVARIANTS
panic("%s: FIN on short TLS record", __func__);
@@ -1385,7 +1385,7 @@ ktls_write_tls_wr(struct tlspcb *tlsp, struct sge_txq
*txq, void *dst,
* FIN is set, then ktls_write_tcp_fin() will write out the
* last work request.
*/
- last_wr = m_tls->m_next == NULL && (tcp->th_flags & TH_FIN) == 0;
+ last_wr = m_tls->m_next == NULL && (tcp_get_flags(tcp) & TH_FIN) == 0;
/*
* The host stack may ask us to not send part of the start of
@@ -1769,7 +1769,7 @@ ktls_write_tls_wr(struct tlspcb *tlsp, struct sge_txq
*txq, void *dst,
tx_data->rsvd = htobe32(tcp_seqno + m_tls->m_epg_hdrlen +
offset);
}
tx_data->flags = htobe32(F_TX_BYPASS);
- if (last_wr && tcp->th_flags & TH_PUSH)
+ if (last_wr && tcp_get_flags(tcp) & TH_PUSH)
tx_data->flags |= htobe32(F_TX_PUSH | F_TX_SHOVE);
/* Populate the TLS header */
@@ -1966,7 +1966,7 @@ t6_ktls_write_wr(struct sge_txq *txq, void *dst, struct
mbuf *m,
tcp = (struct tcphdr *)((char *)eh + m->m_pkthdr.l2hlen +
m->m_pkthdr.l3hlen);
pidx = eq->pidx;
- has_fin = (tcp->th_flags & TH_FIN) != 0;
+ has_fin = (tcp_get_flags(tcp) & TH_FIN) != 0;
/*
* If this TLS record has a FIN, then we will send any
diff --git a/sys/dev/cxgbe/tom/t4_listen.c b/sys/dev/cxgbe/tom/t4_listen.c
index 8226c44669ab..c63c2565e743 100644
--- a/sys/dev/cxgbe/tom/t4_listen.c
+++ b/sys/dev/cxgbe/tom/t4_listen.c
@@ -1592,7 +1592,7 @@ synqe_to_protohdrs(struct adapter *sc, struct synq_entry
*synqe,
pass_accept_req_to_protohdrs(sc, synqe->syn, inc, th, &iptos);
/* modify parts to make it look like the ACK to our SYN|ACK */
- th->th_flags = TH_ACK;
+ tcp_set_flags(th, TH_ACK);
th->th_ack = synqe->iss + 1;
th->th_seq = be32toh(cpl->rcv_isn);
bzero(to, sizeof(*to));
diff --git a/sys/dev/hyperv/netvsc/if_hn.c b/sys/dev/hyperv/netvsc/if_hn.c
index 5bdd804b06d5..212b6bc0ff57 100644
--- a/sys/dev/hyperv/netvsc/if_hn.c
+++ b/sys/dev/hyperv/netvsc/if_hn.c
@@ -898,7 +898,7 @@ hn_check_tcpsyn(struct mbuf *m_head, int *tcpsyn)
PULLUP_HDR(m_head, ehlen + iphlen + sizeof(*th));
th = mtodo(m_head, ehlen + iphlen);
- if (th->th_flags & TH_SYN)
+ if (tcp_get_flags(th) & TH_SYN)
*tcpsyn = 1;
return (m_head);
}
diff --git a/sys/dev/irdma/irdma_cm.c b/sys/dev/irdma/irdma_cm.c
index 167e3c67390c..450fae662dd8 100644
--- a/sys/dev/irdma/irdma_cm.c
+++ b/sys/dev/irdma/irdma_cm.c
@@ -395,25 +395,25 @@ irdma_form_ah_cm_frame(struct irdma_cm_node *cm_node,
if (flags & SET_ACK) {
cm_node->tcp_cntxt.loc_ack_num = cm_node->tcp_cntxt.rcv_nxt;
tcph->th_ack = htonl(cm_node->tcp_cntxt.loc_ack_num);
- tcph->th_flags |= TH_ACK;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_ACK);
} else {
tcph->th_ack = 0;
}
if (flags & SET_SYN) {
cm_node->tcp_cntxt.loc_seq_num++;
- tcph->th_flags |= TH_SYN;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_SYN);
} else {
cm_node->tcp_cntxt.loc_seq_num += hdr_len + pd_len;
}
if (flags & SET_FIN) {
cm_node->tcp_cntxt.loc_seq_num++;
- tcph->th_flags |= TH_FIN;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_FIN);
}
if (flags & SET_RST)
- tcph->th_flags |= TH_RST;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_RST);
tcph->th_off = (u16)((sizeof(*tcph) + opts_len + 3) >> 2);
sqbuf->tcphlen = tcph->th_off << 2;
@@ -582,25 +582,25 @@ irdma_form_uda_cm_frame(struct irdma_cm_node *cm_node,
if (flags & SET_ACK) {
cm_node->tcp_cntxt.loc_ack_num = cm_node->tcp_cntxt.rcv_nxt;
tcph->th_ack = htonl(cm_node->tcp_cntxt.loc_ack_num);
- tcph->th_flags |= TH_ACK;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_ACK);
} else {
tcph->th_ack = 0;
}
if (flags & SET_SYN) {
cm_node->tcp_cntxt.loc_seq_num++;
- tcph->th_flags |= TH_SYN;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_SYN);
} else {
cm_node->tcp_cntxt.loc_seq_num += hdr_len + pd_len;
}
if (flags & SET_FIN) {
cm_node->tcp_cntxt.loc_seq_num++;
- tcph->th_flags |= TH_FIN;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_FIN);
}
if (flags & SET_RST)
- tcph->th_flags |= TH_RST;
+ tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_RST);
tcph->th_off = (u16)((sizeof(*tcph) + opts_len + 3) >> 2);
sqbuf->tcphlen = tcph->th_off << 2;
@@ -796,7 +796,7 @@ irdma_handle_tcp_options(struct irdma_cm_node *cm_node,
if (optionsize) {
ret = irdma_process_options(cm_node, optionsloc, optionsize,
- (u32)tcph->th_flags & TH_SYN);
+ (u32)tcp_get_flags(tcph) & TH_SYN);
if (ret) {
irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
"Node %p, Sending Reset\n", cm_node);
@@ -2767,16 +2767,16 @@ irdma_process_pkt(struct irdma_cm_node *cm_node,
u32 fin_set = 0;
int err;
- if (tcph->th_flags & TH_RST) {
+ if (tcp_get_flags(tcph) & TH_RST) {
pkt_type = IRDMA_PKT_TYPE_RST;
- } else if (tcph->th_flags & TH_SYN) {
+ } else if (tcp_get_flags(tcph) & TH_SYN) {
pkt_type = IRDMA_PKT_TYPE_SYN;
- if (tcph->th_flags & TH_ACK)
+ if (tcp_get_flags(tcph) & TH_ACK)
pkt_type = IRDMA_PKT_TYPE_SYNACK;
- } else if (tcph->th_flags & TH_ACK) {
+ } else if (tcp_get_flags(tcph) & TH_ACK) {
pkt_type = IRDMA_PKT_TYPE_ACK;
}
- if (tcph->th_flags & TH_FIN)
+ if (tcp_get_flags(tcph) & TH_FIN)
fin_set = 1;
switch (pkt_type) {
@@ -3067,7 +3067,7 @@ irdma_receive_ilq(struct irdma_sc_vsi *vsi, struct
irdma_puda_buf *rbuf)
/*
* Only type of packet accepted are for the PASSIVE open (syn
only)
*/
- if (!(tcph->th_flags & TH_SYN) || tcph->th_flags & TH_ACK)
+ if (!(tcp_get_flags(tcph) & TH_SYN) || tcp_get_flags(tcph) &
TH_ACK)
return;
listener = irdma_find_listener(cm_core,
@@ -3093,7 +3093,7 @@ irdma_receive_ilq(struct irdma_sc_vsi *vsi, struct
irdma_puda_buf *rbuf)
return;
}
- if (!(tcph->th_flags & (TH_RST | TH_FIN))) {
+ if (!(tcp_get_flags(tcph) & (TH_RST | TH_FIN))) {
cm_node->state = IRDMA_CM_STATE_LISTENING;
} else {
irdma_rem_ref_cm_node(cm_node);
diff --git a/sys/dev/mlx5/mlx5_en/mlx5_en_rx.c
b/sys/dev/mlx5/mlx5_en/mlx5_en_rx.c
index a24bbe3d193e..f58c88e98053 100644
--- a/sys/dev/mlx5/mlx5_en/mlx5_en_rx.c
+++ b/sys/dev/mlx5/mlx5_en/mlx5_en_rx.c
@@ -168,10 +168,10 @@ mlx5e_lro_update_hdr(struct mbuf *mb, struct mlx5_cqe64
*cqe)
ts_ptr = (uint32_t *)(th + 1);
if (get_cqe_lro_tcppsh(cqe))
- th->th_flags |= TH_PUSH;
+ tcp_set_flags(th, tcp_get_flags(th) | TH_PUSH);
if (tcp_ack) {
- th->th_flags |= TH_ACK;
+ tcp_set_flags(th, tcp_get_flags(th) | TH_ACK);
th->th_ack = cqe->lro_ack_seq_num;
th->th_win = cqe->lro_tcp_win;
diff --git a/sys/dev/oce/oce_if.c b/sys/dev/oce/oce_if.c
index bf257b952a03..14dd5cf34a7a 100644
--- a/sys/dev/oce/oce_if.c
+++ b/sys/dev/oce/oce_if.c
@@ -1494,7 +1494,7 @@ oce_correct_header(struct mbuf *m, struct
nic_hwlro_cqe_part1 *cqe1, struct nic_
/* correct tcp header */
tcp_hdr->th_ack = htonl(cqe2->tcp_ack_num);
if(cqe2->push) {
- tcp_hdr->th_flags |= TH_PUSH;
+ tcp_set_flags(tcp_hdr, tcp_get_flags(tcp_hdr) | TH_PUSH);
}
tcp_hdr->th_win = htons(cqe2->tcp_window);
tcp_hdr->th_sum = 0xffff;
diff --git a/sys/dev/qlxgbe/ql_isr.c b/sys/dev/qlxgbe/ql_isr.c
index 62ad81b2a607..076cad567801 100644
--- a/sys/dev/qlxgbe/ql_isr.c
+++ b/sys/dev/qlxgbe/ql_isr.c
@@ -280,7 +280,7 @@ qla_lro_intr(qla_host_t *ha, qla_sgl_lro_t *sgc, uint32_t
sds_idx)
th = (struct tcphdr *)(mpf->m_data + sgc->l4_offset);
if (sgc->flags & Q8_LRO_COMP_PUSH_BIT)
- th->th_flags |= TH_PUSH;
+ tcp_set_flags(th, tcp_get_flags(th) | TH_PUSH);
m_adj(mpf, sgc->l2_offset);
diff --git a/sys/dev/sfxge/sfxge_rx.c b/sys/dev/sfxge/sfxge_rx.c
index 28f9a42b0d22..7e0948425d77 100644
--- a/sys/dev/sfxge/sfxge_rx.c
+++ b/sys/dev/sfxge/sfxge_rx.c
@@ -483,7 +483,7 @@ sfxge_lro_merge(struct sfxge_lro_state *st, struct
sfxge_lro_conn *c,
iph->ip6_plen += mbuf->m_len;
c_th = (struct tcphdr *)(iph + 1);
}
- c_th->th_flags |= (th->th_flags & TH_PUSH);
+ tcp_set_flags(c_th, tcp_get_flags(c_th) | (tcp_get_flags(th) &
TH_PUSH));
c->th_last = th;
++st->n_merges;
@@ -545,7 +545,7 @@ sfxge_lro_try_merge(struct sfxge_rxq *rxq, struct
sfxge_lro_conn *c)
hdr_length);
th_seq = ntohl(th->th_seq);
dont_merge = ((data_length <= 0)
- | (th->th_flags & (TH_URG | TH_SYN | TH_RST | TH_FIN)));
+ | (tcp_get_flags(th) & (TH_URG | TH_SYN | TH_RST |
TH_FIN)));
/* Check for options other than aligned timestamp. */
if (th->th_off != 5) {
@@ -592,7 +592,7 @@ sfxge_lro_try_merge(struct sfxge_rxq *rxq, struct
sfxge_lro_conn *c)
if (__predict_false(dont_merge)) {
if (c->mbuf != NULL)
sfxge_lro_deliver(&rxq->lro, c);
- if (th->th_flags & (TH_FIN | TH_RST)) {
+ if (tcp_get_flags(th) & (TH_FIN | TH_RST)) {
++rxq->lro.n_drop_closed;
sfxge_lro_drop(rxq, c);
return (0);
diff --git a/sys/dev/sfxge/sfxge_tx.c b/sys/dev/sfxge/sfxge_tx.c
index 511222f656e5..dcc3dd4cd100 100644
--- a/sys/dev/sfxge/sfxge_tx.c
+++ b/sys/dev/sfxge/sfxge_tx.c
@@ -859,10 +859,10 @@ static void sfxge_parse_tx_packet(struct mbuf *mbuf)
* generates TSO packets with RST flag. So, do not assert
* its absence.
*/
- KASSERT(!(th->th_flags & (TH_URG | TH_SYN)),
+ KASSERT(!(tcp_get_flags(th) & (TH_URG | TH_SYN)),
("incompatible TCP flag 0x%x on TSO packet",
- th->th_flags & (TH_URG | TH_SYN)));
- TSO_MBUF_FLAGS(mbuf) = th->th_flags;
+ tcp_get_flags(th) & (TH_URG | TH_SYN)));
+ TSO_MBUF_FLAGS(mbuf) = tcp_get_flags(th);
}
#endif
@@ -1117,10 +1117,10 @@ static void tso_start(struct sfxge_txq *txq, struct
sfxge_tso_state *tso,
* generates TSO packets with RST flag. So, do not assert
* its absence.
*/
- KASSERT(!(th->th_flags & (TH_URG | TH_SYN)),
+ KASSERT(!(tcp_get_flags(th) & (TH_URG | TH_SYN)),
("incompatible TCP flag 0x%x on TSO packet",
- th->th_flags & (TH_URG | TH_SYN)));
- tso->tcp_flags = th->th_flags;
+ tcp_get_flags(th) & (TH_URG | TH_SYN)));
+ tso->tcp_flags = tcp_get_flags(th);
#else
tso->seqnum = TSO_MBUF_SEQNUM(mbuf);
tso->tcp_flags = TSO_MBUF_FLAGS(mbuf);
@@ -1319,7 +1319,7 @@ static int tso_start_new_packet(struct sfxge_txq *txq,
if (tso->out_len > tso->seg_size) {
/* This packet will not finish the TSO burst. */
ip_length = tso->header_len - tso->nh_off +
tso->seg_size;
- tsoh_th->th_flags &= ~(TH_FIN | TH_PUSH);
+ tcp_set_flags(tsoh_th, tcp_get_flags(tsoh_th) &
~(TH_FIN | TH_PUSH));
} else {
/* This packet will be the last in the TSO burst. */
ip_length = tso->header_len - tso->nh_off +
tso->out_len;
diff --git a/sys/dev/virtio/network/if_vtnet.c
b/sys/dev/virtio/network/if_vtnet.c
index 0dc887b3d394..cf512b73de81 100644
--- a/sys/dev/virtio/network/if_vtnet.c
+++ b/sys/dev/virtio/network/if_vtnet.c
@@ -2438,7 +2438,7 @@ vtnet_txq_offload_tso(struct vtnet_txq *txq, struct mbuf
*m, int eth_type,
hdr->gso_type = eth_type == ETHERTYPE_IP ? VIRTIO_NET_HDR_GSO_TCPV4 :
VIRTIO_NET_HDR_GSO_TCPV6;
- if (__predict_false(tcp->th_flags & TH_CWR)) {
+ if (__predict_false(tcp_get_flags(tcp) & TH_CWR)) {
/*
* Drop if VIRTIO_NET_F_HOST_ECN was not negotiated. In
* FreeBSD, ECN support is not on a per-interface basis,
diff --git a/sys/dev/virtio/network/virtio_net.h
b/sys/dev/virtio/network/virtio_net.h
index 4b728f7af21a..9ea53cbe2376 100644
--- a/sys/dev/virtio/network/virtio_net.h
+++ b/sys/dev/virtio/network/virtio_net.h
@@ -481,7 +481,7 @@ virtio_net_tx_offload_tso(if_t ifp, struct mbuf *m, int
eth_type,
hdr->gso_type = eth_type == ETHERTYPE_IP ? VIRTIO_NET_HDR_GSO_TCPV4 :
VIRTIO_NET_HDR_GSO_TCPV6;
- if (tcp->th_flags & TH_CWR) {
+ if (tcp_get_flags(tcp) & TH_CWR) {
/*
* Drop if VIRTIO_NET_F_HOST_ECN was not negotiated. In FreeBSD,
* ECN support is not on a per-interface basis, but globally via
diff --git a/sys/net/iflib.c b/sys/net/iflib.c
index 997da7ca5b00..284d226a7ac6 100644
--- a/sys/net/iflib.c
+++ b/sys/net/iflib.c
@@ -3420,7 +3420,7 @@ iflib_parse_header(iflib_txq_t txq, if_pkt_info_t pi,
struct mbuf **mp)
return (ENOMEM);
th = (struct tcphdr *)((caddr_t)ip +
pi->ipi_ip_hlen);
}
- pi->ipi_tcp_hflags = th->th_flags;
+ pi->ipi_tcp_hflags = tcp_get_flags(th);
pi->ipi_tcp_hlen = th->th_off << 2;
pi->ipi_tcp_seq = th->th_seq;
}
@@ -3473,7 +3473,7 @@ iflib_parse_header(iflib_txq_t txq, if_pkt_info_t pi,
struct mbuf **mp)
if (__predict_false((m = m_pullup(m,
pi->ipi_ehdrlen + sizeof(struct ip6_hdr) + sizeof(struct tcphdr))) == NULL))
return (ENOMEM);
}
- pi->ipi_tcp_hflags = th->th_flags;
+ pi->ipi_tcp_hflags = tcp_get_flags(th);
pi->ipi_tcp_hlen = th->th_off << 2;
pi->ipi_tcp_seq = th->th_seq;
}
diff --git a/sys/net/iflib.h b/sys/net/iflib.h
index bf40c7429fb8..e3d76fbd3c01 100644
--- a/sys/net/iflib.h
+++ b/sys/net/iflib.h
@@ -121,13 +121,13 @@ typedef struct if_pkt_info {
uint16_t ipi_tso_segsz; /* tso segment size */
uint16_t ipi_vtag; /* VLAN tag */
uint16_t ipi_etype; /* ether header type */
- uint8_t ipi_tcp_hflags; /* tcp header flags */
- uint8_t ipi_mflags; /* packet mbuf flags */
+ uint16_t ipi_tcp_hflags; /* tcp header flags */
uint32_t ipi_tcp_seq; /* tcp seqno */
uint8_t ipi_ip_tos; /* IP ToS field data */
+ uint8_t ipi_mflags; /* packet mbuf flags */
uint8_t __spare0__;
- uint16_t __spare1__;
+ uint8_t __spare1__;
} *if_pkt_info_t;
typedef struct if_irq {
diff --git a/sys/net/slcompress.c b/sys/net/slcompress.c
index 567736caf243..4e68ed325524 100644
--- a/sys/net/slcompress.c
+++ b/sys/net/slcompress.c
@@ -170,7 +170,7 @@ sl_compress_tcp(struct mbuf *m, struct ip *ip, struct
slcompress *comp,
return (TYPE_IP);
th = (struct tcphdr *)&((int32_t *)ip)[hlen];
- if ((th->th_flags & (TH_SYN|TH_FIN|TH_RST|TH_ACK)) != TH_ACK)
+ if ((tcp_get_flags(th) & (TH_SYN|TH_FIN|TH_RST|TH_ACK)) != TH_ACK)
return (TYPE_IP);
/*
* Packet is compressible -- we're going to send either a
@@ -271,7 +271,7 @@ sl_compress_tcp(struct mbuf *m, struct ip *ip, struct
slcompress *comp,
* ack, seq (the order minimizes the number of temporaries
* needed in this section of code).
*/
- if (th->th_flags & TH_URG) {
+ if (tcp_get_flags(th) & TH_URG) {
deltaS = ntohs(th->th_urp);
ENCODEZ(deltaS);
changes |= NEW_U;
@@ -351,7 +351,7 @@ sl_compress_tcp(struct mbuf *m, struct ip *ip, struct
slcompress *comp,
ENCODEZ(deltaS);
changes |= NEW_I;
}
- if (th->th_flags & TH_PUSH)
+ if (tcp_get_flags(th) & TH_PUSH)
changes |= TCP_PUSH_BIT;
/*
* Grab the cksum before we overwrite it below. Then update our
@@ -516,9 +516,9 @@ sl_uncompress_tcp_core(u_char *buf, int buflen, int
total_len, u_int type,
th->th_sum = htons((*cp << 8) | cp[1]);
cp += 2;
if (changes & TCP_PUSH_BIT)
- th->th_flags |= TH_PUSH;
+ tcp_set_flags(th, tcp_get_flags(th) | TH_PUSH);
else
- th->th_flags &=~ TH_PUSH;
+ tcp_set_flags(th, tcp_get_flags(th) & ~TH_PUSH);
switch (changes & SPECIALS_MASK) {
case SPECIAL_I:
@@ -536,10 +536,10 @@ sl_uncompress_tcp_core(u_char *buf, int buflen, int
total_len, u_int type,
default:
if (changes & NEW_U) {
- th->th_flags |= TH_URG;
+ tcp_set_flags(th, tcp_get_flags(th) | TH_URG);
DECODEU(th->th_urp)
} else
- th->th_flags &=~ TH_URG;
+ tcp_set_flags(th, tcp_get_flags(th) & ~TH_URG);
if (changes & NEW_W)
DECODES(th->th_win)
if (changes & NEW_A)
diff --git a/sys/netgraph/netflow/netflow.c b/sys/netgraph/netflow/netflow.c
index f227bfda4e51..978d6fd0b54d 100644
--- a/sys/netgraph/netflow/netflow.c
+++ b/sys/netgraph/netflow/netflow.c
@@ -107,11 +107,11 @@ static int export_send(priv_p, fib_export_p, item_p, int);
#ifdef INET
static int hash_insert(priv_p, struct flow_hash_entry *, struct flow_rec *,
- int, uint8_t, uint8_t);
+ int, uint8_t, uint16_t);
#endif
#ifdef INET6
static int hash6_insert(priv_p, struct flow_hash_entry *, struct flow6_rec *,
- int, uint8_t, uint8_t);
+ int, uint8_t, uint16_t);
#endif
static void expire_flow(priv_p, fib_export_p, struct flow_entry *, int);
@@ -320,7 +320,7 @@ ng_netflow_copyinfo(priv_p priv, struct ng_netflow_info *i)
#ifdef INET
static int
hash_insert(priv_p priv, struct flow_hash_entry *hsh, struct flow_rec *r,
- int plen, uint8_t flags, uint8_t tcp_flags)
+ int plen, uint8_t flags, uint16_t tcp_flags)
{
struct flow_entry *fle;
@@ -397,7 +397,7 @@ hash_insert(priv_p priv, struct flow_hash_entry *hsh,
struct flow_rec *r,
#ifdef INET6
static int
hash6_insert(priv_p priv, struct flow_hash_entry *hsh6, struct flow6_rec *r,
- int plen, uint8_t flags, uint8_t tcp_flags)
+ int plen, uint8_t flags, uint16_t tcp_flags)
{
struct flow6_entry *fle6;
@@ -659,7 +659,7 @@ ng_netflow_flow_add(priv_p priv, fib_export_p fe, struct ip
*ip,
struct flow_rec r;
int hlen, plen;
int error = 0;
- uint8_t tcp_flags = 0;
+ uint16_t tcp_flags = 0;
bzero(&r, sizeof(r));
@@ -702,7 +702,7 @@ ng_netflow_flow_add(priv_p priv, fib_export_p fe, struct ip
*ip,
tcp = (struct tcphdr *)((caddr_t )ip + hlen);
r.r_sport = tcp->th_sport;
r.r_dport = tcp->th_dport;
- tcp_flags = tcp->th_flags;
+ tcp_flags = tcp_get_flags(tcp);
break;
}
case IPPROTO_UDP:
@@ -787,7 +787,7 @@ ng_netflow_flow6_add(priv_p priv, fib_export_p fe, struct
ip6_hdr *ip6,
struct flow6_rec r;
int plen;
int error = 0;
- uint8_t tcp_flags = 0;
+ uint16_t tcp_flags = 0;
/* check version */
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION)
@@ -816,7 +816,7 @@ ng_netflow_flow6_add(priv_p priv, fib_export_p fe, struct
ip6_hdr *ip6,
tcp = (struct tcphdr *)upper_ptr;
r.r_ports = *(uint32_t *)upper_ptr;
- tcp_flags = tcp->th_flags;
+ tcp_flags = tcp_get_flags(tcp);
break;
}
case IPPROTO_UDP:
diff --git a/sys/netgraph/netflow/ng_netflow.h
b/sys/netgraph/netflow/ng_netflow.h
index ec62ccd3f7b2..8e18bb5a4bf4 100644
--- a/sys/netgraph/netflow/ng_netflow.h
+++ b/sys/netgraph/netflow/ng_netflow.h
@@ -259,7 +259,7 @@ struct flow_entry_data {
u_long bytes;
long first; /* uptime on first packet */
long last; /* uptime on last packet */
- u_char tcp_flags; /* cumulative OR */
+ uint16_t tcp_flags; /* cumulative OR */
};
struct flow6_entry_data {
@@ -277,7 +277,7 @@ struct flow6_entry_data {
u_long bytes;
long first; /* uptime on first packet */
long last; /* uptime on last packet */
- u_char tcp_flags; /* cumulative OR */
+ uint16_t tcp_flags; /* cumulative OR */
};
/*
diff --git a/sys/netgraph/ng_tcpmss.c b/sys/netgraph/ng_tcpmss.c
index 02fa097369ad..ab055bd9bb24 100644
--- a/sys/netgraph/ng_tcpmss.c
+++ b/sys/netgraph/ng_tcpmss.c
@@ -330,7 +330,7 @@ ng_tcpmss_rcvdata(hook_p hook, item_p item)
ERROUT(EINVAL);
/* Check SYN packet and has options. */
- if (!(tcp->th_flags & TH_SYN) || tcphlen == sizeof(struct tcphdr))
+ if (!(tcp_get_flags(tcp) & TH_SYN) || tcphlen == sizeof(struct tcphdr))
goto send;
/* Update SYN stats. */
diff --git a/sys/netinet/libalias/alias.c b/sys/netinet/libalias/alias.c
index 9bf6b82b9369..7858e4d2b9f3 100644
--- a/sys/netinet/libalias/alias.c
+++ b/sys/netinet/libalias/alias.c
@@ -183,12 +183,12 @@ a timeout period.
*/
/* Local prototypes */
-static void TcpMonitorIn(u_char, struct alias_link *);
+static void TcpMonitorIn(uint16_t, struct alias_link *);
-static void TcpMonitorOut(u_char, struct alias_link *);
+static void TcpMonitorOut(uint16_t, struct alias_link *);
static void
-TcpMonitorIn(u_char th_flags, struct alias_link *lnk)
+TcpMonitorIn(uint16_t th_flags, struct alias_link *lnk)
{
switch (GetStateIn(lnk)) {
case ALIAS_TCP_STATE_NOT_CONNECTED:
@@ -205,7 +205,7 @@ TcpMonitorIn(u_char th_flags, struct alias_link *lnk)
}
static void
-TcpMonitorOut(u_char th_flags, struct alias_link *lnk)
+TcpMonitorOut(uint16_t th_flags, struct alias_link *lnk)
{
switch (GetStateOut(lnk)) {
case ALIAS_TCP_STATE_NOT_CONNECTED:
@@ -1053,7 +1053,7 @@ TcpAliasIn(struct libalias *la, struct ip *pip)
/* Monitor TCP connection state */
tc = (struct tcphdr *)ip_next(pip);
- TcpMonitorIn(tc->th_flags, lnk);
+ TcpMonitorIn(__tcp_get_flags(tc), lnk);
return (PKT_ALIAS_OK);
}
@@ -1142,7 +1142,7 @@ TcpAliasOut(struct libalias *la, struct ip *pip, int
maxpacketsize, int create)
/* Monitor TCP connection state */
tc = (struct tcphdr *)ip_next(pip);
- TcpMonitorOut(tc->th_flags, lnk);
+ TcpMonitorOut(__tcp_get_flags(tc), lnk);
/* Walk out chain. */
find_handler(OUT, TCP, la, pip, &ad);
diff --git a/sys/netinet/libalias/alias_ftp.c b/sys/netinet/libalias/alias_ftp.c
index 4a0b616ccf27..4119221e9b35 100644
--- a/sys/netinet/libalias/alias_ftp.c
+++ b/sys/netinet/libalias/alias_ftp.c
@@ -752,7 +752,7 @@ NewFtpMessage(struct libalias *la, struct ip *pip,
/* Compute TCP checksum for revised packet */
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
diff --git a/sys/netinet/libalias/alias_irc.c b/sys/netinet/libalias/alias_irc.c
index 3ef336b7333d..e063a67c2902 100644
--- a/sys/netinet/libalias/alias_irc.c
+++ b/sys/netinet/libalias/alias_irc.c
@@ -456,7 +456,7 @@ AliasHandleIrcOut(struct libalias *la,
/* Compute TCP checksum for revised packet */
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
diff --git a/sys/netinet/libalias/alias_proxy.c
b/sys/netinet/libalias/alias_proxy.c
index dd685bed760d..0ff4b87b5000 100644
--- a/sys/netinet/libalias/alias_proxy.c
+++ b/sys/netinet/libalias/alias_proxy.c
@@ -366,7 +366,7 @@ ProxyEncodeTcpStream(struct alias_link *lnk,
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
diff --git a/sys/netinet/libalias/alias_skinny.c
b/sys/netinet/libalias/alias_skinny.c
index 47d66a474fb4..d12046d7953f 100644
--- a/sys/netinet/libalias/alias_skinny.c
+++ b/sys/netinet/libalias/alias_skinny.c
@@ -214,7 +214,7 @@ alias_skinny_reg_msg(struct RegisterMessage *reg_msg,
struct ip *pip,
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
@@ -257,7 +257,7 @@ alias_skinny_port_msg(struct IpPortMessage *port_msg,
struct ip *pip,
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
@@ -287,7 +287,7 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct
OpenReceiveChannelAck *opn
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
diff --git a/sys/netinet/libalias/alias_smedia.c
b/sys/netinet/libalias/alias_smedia.c
index 6c67e0d8f006..1c4ee0970a53 100644
--- a/sys/netinet/libalias/alias_smedia.c
+++ b/sys/netinet/libalias/alias_smedia.c
@@ -402,7 +402,7 @@ alias_rtsp_out(struct libalias *la, struct ip *pip,
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
@@ -449,7 +449,7 @@ alias_pna_out(struct libalias *la, struct ip *pip,
/* Compute TCP checksum for revised packet */
tc->th_sum = 0;
#ifdef _KERNEL
- tc->th_x2 = (TH_RES1 >> 8);
+ tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
#else
tc->th_sum = TcpChecksum(pip);
#endif
diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c
index be98d2e41f11..9df5b3dd42b0 100644
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -1265,7 +1265,6 @@ send:
bcopy(opt, th + 1, optlen);
th->th_off = (sizeof (struct tcphdr) + optlen) >> 2;
}
- tcp_set_flags(th, flags);
/*
* Calculate receive window. Don't shrink window,
* but avoid silly window syndrome.
@@ -1310,8 +1309,8 @@ send:
tp->t_flags &= ~TF_RXWIN0SENT;
if (SEQ_GT(tp->snd_up, tp->snd_nxt)) {
th->th_urp = htons((u_short)(tp->snd_up - tp->snd_nxt));
- th->th_flags |= TH_URG;
- } else
+ flags |= TH_URG;
+ } else {
/*
* If no urgent pointer to send, then we pull
* the urgent pointer to the left edge of the send window
@@ -1319,6 +1318,8 @@ send:
* number wraparound.
*/
tp->snd_up = tp->snd_una; /* drag it along */
+ }
+ tcp_set_flags(th, flags);
/*
* Put TCP length in extended header, and then
diff --git a/sys/netpfil/ipfilter/netinet/fil.c
b/sys/netpfil/ipfilter/netinet/fil.c
index 926c5176c15b..c1b49196b712 100644
--- a/sys/netpfil/ipfilter/netinet/fil.c
+++ b/sys/netpfil/ipfilter/netinet/fil.c
@@ -1330,8 +1330,8 @@ ipf_pr_tcpcommon(fr_info_t *fin)
return (1);
}
- flags = tcp->th_flags;
- fin->fin_tcpf = tcp->th_flags;
+ flags = tcp_get_flags(tcp);
+ fin->fin_tcpf = tcp_get_flags(tcp);
/*
* If the urgent flag is set, then the urgent pointer must
diff --git a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
index aa0de6b8678a..04850549db98 100644
--- a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
+++ b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
@@ -314,15 +314,15 @@ ipf_send_reset(fr_info_t *fin)
ip_t *ip;
tcp = fin->fin_dp;
- if (tcp->th_flags & TH_RST)
+ if (tcp_get_flags(tcp) & TH_RST)
return (-1); /* feedback loop */
if (ipf_checkl4sum(fin) == -1)
return (-1);
tlen = fin->fin_dlen - (TCP_OFF(tcp) << 2) +
- ((tcp->th_flags & TH_SYN) ? 1 : 0) +
- ((tcp->th_flags & TH_FIN) ? 1 : 0);
+ ((tcp_get_flags(tcp) & TH_SYN) ? 1 : 0) +
+ ((tcp_get_flags(tcp) & TH_FIN) ? 1 : 0);
#ifdef USE_INET6
hlen = (fin->fin_v == 6) ? sizeof(ip6_t) : sizeof(ip_t);
diff --git a/sys/netpfil/ipfilter/netinet/ip_ftp_pxy.c
b/sys/netpfil/ipfilter/netinet/ip_ftp_pxy.c
index 3bc74247251a..482e0b456ae5 100644
--- a/sys/netpfil/ipfilter/netinet/ip_ftp_pxy.c
+++ b/sys/netpfil/ipfilter/netinet/ip_ftp_pxy.c
@@ -543,7 +543,7 @@ ipf_p_ftp_addport(ipf_ftp_softc_t *softf, fr_info_t *fin,
ip_t *ip, nat_t *nat,
tcp2->th_win = htons(8192);
TCP_OFF_A(tcp2, 5);
- tcp2->th_flags = TH_SYN;
+ tcp_set_flags(tcp2, TH_SYN);
if (nat->nat_dir == NAT_INBOUND) {
fi.fin_out = 1;
@@ -873,7 +873,7 @@ ipf_p_ftp_pasvreply(ipf_ftp_softc_t *softf, fr_info_t *fin,
ip_t *ip,
fi.fin_flx &= FI_LOWTTL|FI_FRAG|FI_TCPUDP|FI_OPTIONS|FI_IGNORE;
TCP_OFF_A(tcp2, 5);
- tcp2->th_flags = TH_SYN;
+ tcp_set_flags(tcp2, TH_SYN);
tcp2->th_win = htons(8192);
tcp2->th_dport = htons(port);
@@ -1240,9 +1240,9 @@ ipf_p_ftp_process(ipf_ftp_softc_t *softf, fr_info_t *fin,
nat_t *nat,
if (softf->ipf_p_ftp_debug & DEBUG_INFO)
printf("ipf_p_ftp_process: %d:%d,%d, mlen %d flags %x\n",
fin->fin_out, fin->fin_sport, fin->fin_dport,
- mlen, tcp->th_flags);
+ mlen, tcp_get_flags(tcp));
- if ((mlen == 0) && ((tcp->th_flags & TH_OPENING) == TH_OPENING)) {
+ if ((mlen == 0) && ((tcp_get_flags(tcp) & TH_OPENING) == TH_OPENING)) {
f->ftps_seq[0] = thseq + 1;
t->ftps_seq[0] = thack;
return (0);
@@ -1283,7 +1283,7 @@ ipf_p_ftp_process(ipf_ftp_softc_t *softf, fr_info_t *fin,
nat_t *nat,
}
if (softf->ipf_p_ftp_debug & DEBUG_INFO) {
printf("%s: %x seq %x/%d ack %x/%d len %d/%d off %d\n",
- rv ? "IN" : "OUT", tcp->th_flags, thseq, seqoff,
+ rv ? "IN" : "OUT", tcp_get_flags(tcp), thseq, seqoff,
thack, ackoff, mlen, fin->fin_plen, off);
printf("sel %d seqmin %x/%x offset %d/%d\n", sel,
aps->aps_seqmin[sel], aps->aps_seqmin[sel2],
@@ -1357,7 +1357,7 @@ ipf_p_ftp_process(ipf_ftp_softc_t *softf, fr_info_t *fin,
nat_t *nat,
f->ftps_seq[0], f->ftps_seq[1]);
}
- if (tcp->th_flags & TH_FIN) {
+ if (tcp_get_flags(tcp) & TH_FIN) {
if (thseq == f->ftps_seq[1]) {
f->ftps_seq[0] = f->ftps_seq[1] - seqoff;
f->ftps_seq[1] = thseq + 1 - seqoff;
@@ -1530,7 +1530,7 @@ whilemore:
}
/* f->ftps_seq[1] += inc; */
- if (tcp->th_flags & TH_FIN)
+ if (tcp_get_flags(tcp) & TH_FIN)
f->ftps_seq[1]++;
if (softf->ipf_p_ftp_debug & DEBUG_PARSE_INFO) {
mlen = MSGDSIZE(m);
diff --git a/sys/netpfil/ipfilter/netinet/ip_nat.c
b/sys/netpfil/ipfilter/netinet/ip_nat.c
index 282a2bd82037..b8a0e7d2075b 100644
--- a/sys/netpfil/ipfilter/netinet/ip_nat.c
+++ b/sys/netpfil/ipfilter/netinet/ip_nat.c
@@ -5715,7 +5715,7 @@ ipf_nat_proto(fr_info_t *fin, nat_t *nat, u_int nflags)
* Do a MSS CLAMPING on a SYN packet,
* only deal IPv4 for now.
*/
- if ((nat->nat_mssclamp != 0) && (tcp->th_flags & TH_SYN) != 0)
+ if ((nat->nat_mssclamp != 0) && (tcp_get_flags(tcp) & TH_SYN)
!= 0)
ipf_nat_mssclamp(tcp, nat->nat_mssclamp, fin, csump);
break;
diff --git a/sys/netpfil/ipfilter/netinet/ip_pptp_pxy.c
b/sys/netpfil/ipfilter/netinet/ip_pptp_pxy.c
index 17ba01ce8d94..0ac19b067d2d 100644
--- a/sys/netpfil/ipfilter/netinet/ip_pptp_pxy.c
+++ b/sys/netpfil/ipfilter/netinet/ip_pptp_pxy.c
@@ -515,7 +515,7 @@ ipf_p_pptp_inout(void *arg, fr_info_t *fin, ap_session_t
*aps, nat_t *nat)
rev = 0;
tcp = (tcphdr_t *)fin->fin_dp;
- if ((tcp->th_flags & TH_OPENING) == TH_OPENING) {
+ if ((tcp_get_flags(tcp) & TH_OPENING) == TH_OPENING) {
pptp = (pptp_pxy_t *)aps->aps_data;
pptp->pptp_side[1 - rev].pptps_next = ntohl(tcp->th_ack);
pptp->pptp_side[1 - rev].pptps_nexthdr = ntohl(tcp->th_ack);
diff --git a/sys/netpfil/ipfilter/netinet/ip_rcmd_pxy.c
b/sys/netpfil/ipfilter/netinet/ip_rcmd_pxy.c
index 13c989cba660..778f14f442de 100644
--- a/sys/netpfil/ipfilter/netinet/ip_rcmd_pxy.c
+++ b/sys/netpfil/ipfilter/netinet/ip_rcmd_pxy.c
@@ -263,7 +263,7 @@ ipf_p_rcmd_portmsg(fr_info_t *fin, ap_session_t *aps, nat_t
*nat)
bzero((char *)tcp2, sizeof(*tcp2));
tcp2->th_win = htons(8192);
TCP_OFF_A(tcp2, 5);
- tcp2->th_flags = TH_SYN;
+ tcp_set_flags(tcp2, TH_SYN);
fi.fin_dp = (char *)tcp2;
fi.fin_fr = &rcmdfr;
diff --git a/sys/netpfil/ipfilter/netinet/ip_rpcb_pxy.c
b/sys/netpfil/ipfilter/netinet/ip_rpcb_pxy.c
index 7af11dd4a2dd..f8f4d2d325e1 100644
--- a/sys/netpfil/ipfilter/netinet/ip_rpcb_pxy.c
+++ b/sys/netpfil/ipfilter/netinet/ip_rpcb_pxy.c
@@ -1127,7 +1127,7 @@ ipf_p_rpcb_getnat(fr_info_t *fin, nat_t *nat, u_int
proto, u_int port)
tcp.th_win = htons(8192);
TCP_OFF_A(&tcp, sizeof(tcphdr_t) >> 2);
fi.fin_dlen = sizeof(tcphdr_t);
- tcp.th_flags = TH_SYN;
+ tcp_set_flags(&tcp, TH_SYN);
nflags = NAT_TCP;
} else {
fi.fin_dlen = sizeof(udphdr_t);
diff --git a/sys/netpfil/ipfilter/netinet/ip_state.c
b/sys/netpfil/ipfilter/netinet/ip_state.c
index 1854dbfcdd71..8fe11e3f1215 100644
--- a/sys/netpfil/ipfilter/netinet/ip_state.c
+++ b/sys/netpfil/ipfilter/netinet/ip_state.c
@@ -1520,7 +1520,7 @@ ipf_state_add(ipf_main_softc_t *softc, fr_info_t *fin,
ipstate_t **stsave,
case IPPROTO_TCP :
tcp = fin->fin_dp;
- if (tcp->th_flags & TH_RST) {
+ if (tcp_get_flags(tcp) & TH_RST) {
SBUMPD(ipf_state_stats, iss_tcp_rstadd);
return (-4);
}
@@ -1553,15 +1553,15 @@ ipf_state_add(ipf_main_softc_t *softc, fr_info_t *fin,
ipstate_t **stsave,
if ((fin->fin_flx & FI_IGNORE) == 0) {
is->is_send = ntohl(tcp->th_seq) + fin->fin_dlen -
(TCP_OFF(tcp) << 2) +
- ((tcp->th_flags & TH_SYN) ? 1 : 0) +
- ((tcp->th_flags & TH_FIN) ? 1 : 0);
+ ((tcp_get_flags(tcp) & TH_SYN) ? 1 : 0) +
+ ((tcp_get_flags(tcp) & TH_FIN) ? 1 : 0);
is->is_maxsend = is->is_send;
/*
* Window scale option is only present in
* SYN/SYN-ACK packet.
*/
- if ((tcp->th_flags & ~(TH_FIN|TH_ACK|TH_ECNALL)) ==
+ if ((tcp_get_flags(tcp) & ~(TH_FIN|TH_ACK|TH_ECNALL)) ==
TH_SYN &&
(TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2))) {
if (ipf_tcpoptions(softs, fin, tcp,
@@ -1576,7 +1576,7 @@ ipf_state_add(ipf_main_softc_t *softc, fr_info_t *fin,
ipstate_t **stsave,
ipf_fixoutisn(fin, is);
}
- if ((tcp->th_flags & TH_OPENING) == TH_SYN)
+ if ((tcp_get_flags(tcp) & TH_OPENING) == TH_SYN)
flags |= IS_TCPFSM;
else {
is->is_maxdwin = is->is_maxswin * 2;
@@ -1968,7 +1968,7 @@ ipf_state_tcp(ipf_main_softc_t *softc, ipf_state_softc_t
*softs,
* If a SYN packet is received for a connection that is on the way out
* but hasn't yet departed then advance this session along the way.
*/
- if ((tcp->th_flags & TH_OPENING) == TH_SYN) {
+ if ((tcp_get_flags(tcp) & TH_OPENING) == TH_SYN) {
if ((is->is_state[0] > IPF_TCPS_ESTABLISHED) &&
(is->is_state[1] > IPF_TCPS_ESTABLISHED)) {
is->is_state[!source] = IPF_TCPS_CLOSED;
@@ -2011,7 +2011,7 @@ ipf_state_tcp(ipf_main_softc_t *softc, ipf_state_softc_t
*softs,
* Window scale option is only present in SYN/SYN-ACK packet.
* Compare with ~TH_FIN to mask out T/TCP setups.
*/
*** 688 LINES SKIPPED ***
