mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-18 05:53:36 +01:00
tcp: extend the use of the th_flags accessor function
Formally, there are 12 bits for TCP header flags. Use the accessor functions in more (kernel) places. No functional change. Reviewed By: cc, #transport, cy, glebius, #iflib, kbowling Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D47063
This commit is contained in:
Richard Scheffenegger
parent
4020351325
commit
0fc7bdc978
@ -995,7 +995,7 @@ t6_ktls_parse_pkt(struct mbuf *m)
|
||||
* See if we have any TCP options or a FIN requiring a
|
||||
* dedicated packet.
|
||||
*/
|
||||
if ((tcp->th_flags & TH_FIN) != 0 || ktls_has_tcp_options(tcp)) {
|
||||
if ((tcp_get_flags(tcp) & TH_FIN) != 0 || ktls_has_tcp_options(tcp)) {
|
||||
wr_len = sizeof(struct fw_eth_tx_pkt_wr) +
|
||||
sizeof(struct cpl_tx_pkt_core) + roundup2(m->m_len, 16);
|
||||
if (wr_len > SGE_MAX_WR_LEN) {
|
||||
@ -1180,7 +1180,7 @@ ktls_write_tcp_options(struct sge_txq *txq, void *dst, struct mbuf *m,
|
||||
/* Clear PUSH and FIN in the TCP header if present. */
|
||||
tcp = (void *)((char *)eh + m->m_pkthdr.l2hlen + m->m_pkthdr.l3hlen);
|
||||
newtcp = *tcp;
|
||||
newtcp.th_flags &= ~(TH_PUSH | TH_FIN);
|
||||
tcp_set_flags(&newtcp, tcp_get_flags(&newtcp) & ~(TH_PUSH | TH_FIN));
|
||||
copy_to_txd(&txq->eq, (caddr_t)&newtcp, &out, sizeof(newtcp));
|
||||
|
||||
/* Copy rest of packet. */
|
||||
@ -1370,7 +1370,7 @@ ktls_write_tls_wr(struct tlspcb *tlsp, struct sge_txq *txq, void *dst,
|
||||
CTR4(KTR_CXGBE, "%s: tid %d short TLS record %u with offset %u",
|
||||
__func__, tlsp->tid, (u_int)m_tls->m_epg_seqno, offset);
|
||||
#endif
|
||||
if (m_tls->m_next == NULL && (tcp->th_flags & TH_FIN) != 0) {
|
||||
if (m_tls->m_next == NULL && (tcp_get_flags(tcp) & TH_FIN) != 0) {
|
||||
txq->kern_tls_fin_short++;
|
||||
#ifdef INVARIANTS
|
||||
panic("%s: FIN on short TLS record", __func__);
|
||||
@ -1385,7 +1385,7 @@ ktls_write_tls_wr(struct tlspcb *tlsp, struct sge_txq *txq, void *dst,
|
||||
* FIN is set, then ktls_write_tcp_fin() will write out the
|
||||
* last work request.
|
||||
*/
|
||||
last_wr = m_tls->m_next == NULL && (tcp->th_flags & TH_FIN) == 0;
|
||||
last_wr = m_tls->m_next == NULL && (tcp_get_flags(tcp) & TH_FIN) == 0;
|
||||
|
||||
/*
|
||||
* The host stack may ask us to not send part of the start of
|
||||
@ -1769,7 +1769,7 @@ ktls_write_tls_wr(struct tlspcb *tlsp, struct sge_txq *txq, void *dst,
|
||||
tx_data->rsvd = htobe32(tcp_seqno + m_tls->m_epg_hdrlen + offset);
|
||||
}
|
||||
tx_data->flags = htobe32(F_TX_BYPASS);
|
||||
if (last_wr && tcp->th_flags & TH_PUSH)
|
||||
if (last_wr && tcp_get_flags(tcp) & TH_PUSH)
|
||||
tx_data->flags |= htobe32(F_TX_PUSH | F_TX_SHOVE);
|
||||
|
||||
/* Populate the TLS header */
|
||||
@ -1966,7 +1966,7 @@ t6_ktls_write_wr(struct sge_txq *txq, void *dst, struct mbuf *m,
|
||||
tcp = (struct tcphdr *)((char *)eh + m->m_pkthdr.l2hlen +
|
||||
m->m_pkthdr.l3hlen);
|
||||
pidx = eq->pidx;
|
||||
has_fin = (tcp->th_flags & TH_FIN) != 0;
|
||||
has_fin = (tcp_get_flags(tcp) & TH_FIN) != 0;
|
||||
|
||||
/*
|
||||
* If this TLS record has a FIN, then we will send any
|
||||
|
||||
@ -1592,7 +1592,7 @@ synqe_to_protohdrs(struct adapter *sc, struct synq_entry *synqe,
|
||||
pass_accept_req_to_protohdrs(sc, synqe->syn, inc, th, &iptos);
|
||||
|
||||
/* modify parts to make it look like the ACK to our SYN|ACK */
|
||||
th->th_flags = TH_ACK;
|
||||
tcp_set_flags(th, TH_ACK);
|
||||
th->th_ack = synqe->iss + 1;
|
||||
th->th_seq = be32toh(cpl->rcv_isn);
|
||||
bzero(to, sizeof(*to));
|
||||
|
||||
@ -898,7 +898,7 @@ hn_check_tcpsyn(struct mbuf *m_head, int *tcpsyn)
|
||||
|
||||
PULLUP_HDR(m_head, ehlen + iphlen + sizeof(*th));
|
||||
th = mtodo(m_head, ehlen + iphlen);
|
||||
if (th->th_flags & TH_SYN)
|
||||
if (tcp_get_flags(th) & TH_SYN)
|
||||
*tcpsyn = 1;
|
||||
return (m_head);
|
||||
}
|
||||
|
||||
@ -395,25 +395,25 @@ irdma_form_ah_cm_frame(struct irdma_cm_node *cm_node,
|
||||
if (flags & SET_ACK) {
|
||||
cm_node->tcp_cntxt.loc_ack_num = cm_node->tcp_cntxt.rcv_nxt;
|
||||
tcph->th_ack = htonl(cm_node->tcp_cntxt.loc_ack_num);
|
||||
tcph->th_flags |= TH_ACK;
|
||||
tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_ACK);
|
||||
} else {
|
||||
tcph->th_ack = 0;
|
||||
}
|
||||
|
||||
if (flags & SET_SYN) {
|
||||
cm_node->tcp_cntxt.loc_seq_num++;
|
||||
tcph->th_flags |= TH_SYN;
|
||||
tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_SYN);
|
||||
} else {
|
||||
cm_node->tcp_cntxt.loc_seq_num += hdr_len + pd_len;
|
||||
}
|
||||
|
||||
if (flags & SET_FIN) {
|
||||
cm_node->tcp_cntxt.loc_seq_num++;
|
||||
tcph->th_flags |= TH_FIN;
|
||||
tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_FIN);
|
||||
}
|
||||
|
||||
if (flags & SET_RST)
|
||||
tcph->th_flags |= TH_RST;
|
||||
tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_RST);
|
||||
|
||||
tcph->th_off = (u16)((sizeof(*tcph) + opts_len + 3) >> 2);
|
||||
sqbuf->tcphlen = tcph->th_off << 2;
|
||||
@ -582,25 +582,25 @@ irdma_form_uda_cm_frame(struct irdma_cm_node *cm_node,
|
||||
if (flags & SET_ACK) {
|
||||
cm_node->tcp_cntxt.loc_ack_num = cm_node->tcp_cntxt.rcv_nxt;
|
||||
tcph->th_ack = htonl(cm_node->tcp_cntxt.loc_ack_num);
|
||||
tcph->th_flags |= TH_ACK;
|
||||
tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_ACK);
|
||||
} else {
|
||||
tcph->th_ack = 0;
|
||||
}
|
||||
|
||||
if (flags & SET_SYN) {
|
||||
cm_node->tcp_cntxt.loc_seq_num++;
|
||||
tcph->th_flags |= TH_SYN;
|
||||
tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_SYN);
|
||||
} else {
|
||||
cm_node->tcp_cntxt.loc_seq_num += hdr_len + pd_len;
|
||||
}
|
||||
|
||||
if (flags & SET_FIN) {
|
||||
cm_node->tcp_cntxt.loc_seq_num++;
|
||||
tcph->th_flags |= TH_FIN;
|
||||
tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_FIN);
|
||||
}
|
||||
|
||||
if (flags & SET_RST)
|
||||
tcph->th_flags |= TH_RST;
|
||||
tcp_set_flags(tcph, tcp_get_flags(tcph) | TH_RST);
|
||||
|
||||
tcph->th_off = (u16)((sizeof(*tcph) + opts_len + 3) >> 2);
|
||||
sqbuf->tcphlen = tcph->th_off << 2;
|
||||
@ -796,7 +796,7 @@ irdma_handle_tcp_options(struct irdma_cm_node *cm_node,
|
||||
|
||||
if (optionsize) {
|
||||
ret = irdma_process_options(cm_node, optionsloc, optionsize,
|
||||
(u32)tcph->th_flags & TH_SYN);
|
||||
(u32)tcp_get_flags(tcph) & TH_SYN);
|
||||
if (ret) {
|
||||
irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
|
||||
"Node %p, Sending Reset\n", cm_node);
|
||||
@ -2767,16 +2767,16 @@ irdma_process_pkt(struct irdma_cm_node *cm_node,
|
||||
u32 fin_set = 0;
|
||||
int err;
|
||||
|
||||
if (tcph->th_flags & TH_RST) {
|
||||
if (tcp_get_flags(tcph) & TH_RST) {
|
||||
pkt_type = IRDMA_PKT_TYPE_RST;
|
||||
} else if (tcph->th_flags & TH_SYN) {
|
||||
} else if (tcp_get_flags(tcph) & TH_SYN) {
|
||||
pkt_type = IRDMA_PKT_TYPE_SYN;
|
||||
if (tcph->th_flags & TH_ACK)
|
||||
if (tcp_get_flags(tcph) & TH_ACK)
|
||||
pkt_type = IRDMA_PKT_TYPE_SYNACK;
|
||||
} else if (tcph->th_flags & TH_ACK) {
|
||||
} else if (tcp_get_flags(tcph) & TH_ACK) {
|
||||
pkt_type = IRDMA_PKT_TYPE_ACK;
|
||||
}
|
||||
if (tcph->th_flags & TH_FIN)
|
||||
if (tcp_get_flags(tcph) & TH_FIN)
|
||||
fin_set = 1;
|
||||
|
||||
switch (pkt_type) {
|
||||
@ -3067,7 +3067,7 @@ irdma_receive_ilq(struct irdma_sc_vsi *vsi, struct irdma_puda_buf *rbuf)
|
||||
/*
|
||||
* Only type of packet accepted are for the PASSIVE open (syn only)
|
||||
*/
|
||||
if (!(tcph->th_flags & TH_SYN) || tcph->th_flags & TH_ACK)
|
||||
if (!(tcp_get_flags(tcph) & TH_SYN) || tcp_get_flags(tcph) & TH_ACK)
|
||||
return;
|
||||
|
||||
listener = irdma_find_listener(cm_core,
|
||||
@ -3093,7 +3093,7 @@ irdma_receive_ilq(struct irdma_sc_vsi *vsi, struct irdma_puda_buf *rbuf)
|
||||
return;
|
||||
}
|
||||
|
||||
if (!(tcph->th_flags & (TH_RST | TH_FIN))) {
|
||||
if (!(tcp_get_flags(tcph) & (TH_RST | TH_FIN))) {
|
||||
cm_node->state = IRDMA_CM_STATE_LISTENING;
|
||||
} else {
|
||||
irdma_rem_ref_cm_node(cm_node);
|
||||
|
||||
@ -168,10 +168,10 @@ mlx5e_lro_update_hdr(struct mbuf *mb, struct mlx5_cqe64 *cqe)
|
||||
ts_ptr = (uint32_t *)(th + 1);
|
||||
|
||||
if (get_cqe_lro_tcppsh(cqe))
|
||||
th->th_flags |= TH_PUSH;
|
||||
tcp_set_flags(th, tcp_get_flags(th) | TH_PUSH);
|
||||
|
||||
if (tcp_ack) {
|
||||
th->th_flags |= TH_ACK;
|
||||
tcp_set_flags(th, tcp_get_flags(th) | TH_ACK);
|
||||
th->th_ack = cqe->lro_ack_seq_num;
|
||||
th->th_win = cqe->lro_tcp_win;
|
||||
|
||||
|
||||
@ -1494,7 +1494,7 @@ oce_correct_header(struct mbuf *m, struct nic_hwlro_cqe_part1 *cqe1, struct nic_
|
||||
/* correct tcp header */
|
||||
tcp_hdr->th_ack = htonl(cqe2->tcp_ack_num);
|
||||
if(cqe2->push) {
|
||||
tcp_hdr->th_flags |= TH_PUSH;
|
||||
tcp_set_flags(tcp_hdr, tcp_get_flags(tcp_hdr) | TH_PUSH);
|
||||
}
|
||||
tcp_hdr->th_win = htons(cqe2->tcp_window);
|
||||
tcp_hdr->th_sum = 0xffff;
|
||||
|
||||
@ -280,7 +280,7 @@ qla_lro_intr(qla_host_t *ha, qla_sgl_lro_t *sgc, uint32_t sds_idx)
|
||||
th = (struct tcphdr *)(mpf->m_data + sgc->l4_offset);
|
||||
|
||||
if (sgc->flags & Q8_LRO_COMP_PUSH_BIT)
|
||||
th->th_flags |= TH_PUSH;
|
||||
tcp_set_flags(th, tcp_get_flags(th) | TH_PUSH);
|
||||
|
||||
m_adj(mpf, sgc->l2_offset);
|
||||
|
||||
|
||||
@ -483,7 +483,7 @@ sfxge_lro_merge(struct sfxge_lro_state *st, struct sfxge_lro_conn *c,
|
||||
iph->ip6_plen += mbuf->m_len;
|
||||
c_th = (struct tcphdr *)(iph + 1);
|
||||
}
|
||||
c_th->th_flags |= (th->th_flags & TH_PUSH);
|
||||
tcp_set_flags(c_th, tcp_get_flags(c_th) | (tcp_get_flags(th) & TH_PUSH));
|
||||
c->th_last = th;
|
||||
++st->n_merges;
|
||||
|
||||
@ -545,7 +545,7 @@ sfxge_lro_try_merge(struct sfxge_rxq *rxq, struct sfxge_lro_conn *c)
|
||||
hdr_length);
|
||||
th_seq = ntohl(th->th_seq);
|
||||
dont_merge = ((data_length <= 0)
|
||||
| (th->th_flags & (TH_URG | TH_SYN | TH_RST | TH_FIN)));
|
||||
| (tcp_get_flags(th) & (TH_URG | TH_SYN | TH_RST | TH_FIN)));
|
||||
|
||||
/* Check for options other than aligned timestamp. */
|
||||
if (th->th_off != 5) {
|
||||
@ -592,7 +592,7 @@ sfxge_lro_try_merge(struct sfxge_rxq *rxq, struct sfxge_lro_conn *c)
|
||||
if (__predict_false(dont_merge)) {
|
||||
if (c->mbuf != NULL)
|
||||
sfxge_lro_deliver(&rxq->lro, c);
|
||||
if (th->th_flags & (TH_FIN | TH_RST)) {
|
||||
if (tcp_get_flags(th) & (TH_FIN | TH_RST)) {
|
||||
++rxq->lro.n_drop_closed;
|
||||
sfxge_lro_drop(rxq, c);
|
||||
return (0);
|
||||
|
||||
@ -859,10 +859,10 @@ static void sfxge_parse_tx_packet(struct mbuf *mbuf)
|
||||
* generates TSO packets with RST flag. So, do not assert
|
||||
* its absence.
|
||||
*/
|
||||
KASSERT(!(th->th_flags & (TH_URG | TH_SYN)),
|
||||
KASSERT(!(tcp_get_flags(th) & (TH_URG | TH_SYN)),
|
||||
("incompatible TCP flag 0x%x on TSO packet",
|
||||
th->th_flags & (TH_URG | TH_SYN)));
|
||||
TSO_MBUF_FLAGS(mbuf) = th->th_flags;
|
||||
tcp_get_flags(th) & (TH_URG | TH_SYN)));
|
||||
TSO_MBUF_FLAGS(mbuf) = tcp_get_flags(th);
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -1117,10 +1117,10 @@ static void tso_start(struct sfxge_txq *txq, struct sfxge_tso_state *tso,
|
||||
* generates TSO packets with RST flag. So, do not assert
|
||||
* its absence.
|
||||
*/
|
||||
KASSERT(!(th->th_flags & (TH_URG | TH_SYN)),
|
||||
KASSERT(!(tcp_get_flags(th) & (TH_URG | TH_SYN)),
|
||||
("incompatible TCP flag 0x%x on TSO packet",
|
||||
th->th_flags & (TH_URG | TH_SYN)));
|
||||
tso->tcp_flags = th->th_flags;
|
||||
tcp_get_flags(th) & (TH_URG | TH_SYN)));
|
||||
tso->tcp_flags = tcp_get_flags(th);
|
||||
#else
|
||||
tso->seqnum = TSO_MBUF_SEQNUM(mbuf);
|
||||
tso->tcp_flags = TSO_MBUF_FLAGS(mbuf);
|
||||
@ -1319,7 +1319,7 @@ static int tso_start_new_packet(struct sfxge_txq *txq,
|
||||
if (tso->out_len > tso->seg_size) {
|
||||
/* This packet will not finish the TSO burst. */
|
||||
ip_length = tso->header_len - tso->nh_off + tso->seg_size;
|
||||
tsoh_th->th_flags &= ~(TH_FIN | TH_PUSH);
|
||||
tcp_set_flags(tsoh_th, tcp_get_flags(tsoh_th) & ~(TH_FIN | TH_PUSH));
|
||||
} else {
|
||||
/* This packet will be the last in the TSO burst. */
|
||||
ip_length = tso->header_len - tso->nh_off + tso->out_len;
|
||||
|
||||
@ -2438,7 +2438,7 @@ vtnet_txq_offload_tso(struct vtnet_txq *txq, struct mbuf *m, int eth_type,
|
||||
hdr->gso_type = eth_type == ETHERTYPE_IP ? VIRTIO_NET_HDR_GSO_TCPV4 :
|
||||
VIRTIO_NET_HDR_GSO_TCPV6;
|
||||
|
||||
if (__predict_false(tcp->th_flags & TH_CWR)) {
|
||||
if (__predict_false(tcp_get_flags(tcp) & TH_CWR)) {
|
||||
/*
|
||||
* Drop if VIRTIO_NET_F_HOST_ECN was not negotiated. In
|
||||
* FreeBSD, ECN support is not on a per-interface basis,
|
||||
|
||||
@ -481,7 +481,7 @@ virtio_net_tx_offload_tso(if_t ifp, struct mbuf *m, int eth_type,
|
||||
hdr->gso_type = eth_type == ETHERTYPE_IP ? VIRTIO_NET_HDR_GSO_TCPV4 :
|
||||
VIRTIO_NET_HDR_GSO_TCPV6;
|
||||
|
||||
if (tcp->th_flags & TH_CWR) {
|
||||
if (tcp_get_flags(tcp) & TH_CWR) {
|
||||
/*
|
||||
* Drop if VIRTIO_NET_F_HOST_ECN was not negotiated. In FreeBSD,
|
||||
* ECN support is not on a per-interface basis, but globally via
|
||||
|
||||
@ -3420,7 +3420,7 @@ iflib_parse_header(iflib_txq_t txq, if_pkt_info_t pi, struct mbuf **mp)
|
||||
return (ENOMEM);
|
||||
th = (struct tcphdr *)((caddr_t)ip + pi->ipi_ip_hlen);
|
||||
}
|
||||
pi->ipi_tcp_hflags = th->th_flags;
|
||||
pi->ipi_tcp_hflags = tcp_get_flags(th);
|
||||
pi->ipi_tcp_hlen = th->th_off << 2;
|
||||
pi->ipi_tcp_seq = th->th_seq;
|
||||
}
|
||||
@ -3473,7 +3473,7 @@ iflib_parse_header(iflib_txq_t txq, if_pkt_info_t pi, struct mbuf **mp)
|
||||
if (__predict_false((m = m_pullup(m, pi->ipi_ehdrlen + sizeof(struct ip6_hdr) + sizeof(struct tcphdr))) == NULL))
|
||||
return (ENOMEM);
|
||||
}
|
||||
pi->ipi_tcp_hflags = th->th_flags;
|
||||
pi->ipi_tcp_hflags = tcp_get_flags(th);
|
||||
pi->ipi_tcp_hlen = th->th_off << 2;
|
||||
pi->ipi_tcp_seq = th->th_seq;
|
||||
}
|
||||
|
||||
@ -121,13 +121,13 @@ typedef struct if_pkt_info {
|
||||
uint16_t ipi_tso_segsz; /* tso segment size */
|
||||
uint16_t ipi_vtag; /* VLAN tag */
|
||||
uint16_t ipi_etype; /* ether header type */
|
||||
uint8_t ipi_tcp_hflags; /* tcp header flags */
|
||||
uint8_t ipi_mflags; /* packet mbuf flags */
|
||||
uint16_t ipi_tcp_hflags; /* tcp header flags */
|
||||
|
||||
uint32_t ipi_tcp_seq; /* tcp seqno */
|
||||
uint8_t ipi_ip_tos; /* IP ToS field data */
|
||||
uint8_t ipi_mflags; /* packet mbuf flags */
|
||||
uint8_t __spare0__;
|
||||
uint16_t __spare1__;
|
||||
uint8_t __spare1__;
|
||||
} *if_pkt_info_t;
|
||||
|
||||
typedef struct if_irq {
|
||||
|
||||
@ -170,7 +170,7 @@ sl_compress_tcp(struct mbuf *m, struct ip *ip, struct slcompress *comp,
|
||||
return (TYPE_IP);
|
||||
|
||||
th = (struct tcphdr *)&((int32_t *)ip)[hlen];
|
||||
if ((th->th_flags & (TH_SYN|TH_FIN|TH_RST|TH_ACK)) != TH_ACK)
|
||||
if ((tcp_get_flags(th) & (TH_SYN|TH_FIN|TH_RST|TH_ACK)) != TH_ACK)
|
||||
return (TYPE_IP);
|
||||
/*
|
||||
* Packet is compressible -- we're going to send either a
|
||||
@ -271,7 +271,7 @@ sl_compress_tcp(struct mbuf *m, struct ip *ip, struct slcompress *comp,
|
||||
* ack, seq (the order minimizes the number of temporaries
|
||||
* needed in this section of code).
|
||||
*/
|
||||
if (th->th_flags & TH_URG) {
|
||||
if (tcp_get_flags(th) & TH_URG) {
|
||||
deltaS = ntohs(th->th_urp);
|
||||
ENCODEZ(deltaS);
|
||||
changes |= NEW_U;
|
||||
@ -351,7 +351,7 @@ sl_compress_tcp(struct mbuf *m, struct ip *ip, struct slcompress *comp,
|
||||
ENCODEZ(deltaS);
|
||||
changes |= NEW_I;
|
||||
}
|
||||
if (th->th_flags & TH_PUSH)
|
||||
if (tcp_get_flags(th) & TH_PUSH)
|
||||
changes |= TCP_PUSH_BIT;
|
||||
/*
|
||||
* Grab the cksum before we overwrite it below. Then update our
|
||||
@ -516,9 +516,9 @@ sl_uncompress_tcp_core(u_char *buf, int buflen, int total_len, u_int type,
|
||||
th->th_sum = htons((*cp << 8) | cp[1]);
|
||||
cp += 2;
|
||||
if (changes & TCP_PUSH_BIT)
|
||||
th->th_flags |= TH_PUSH;
|
||||
tcp_set_flags(th, tcp_get_flags(th) | TH_PUSH);
|
||||
else
|
||||
th->th_flags &=~ TH_PUSH;
|
||||
tcp_set_flags(th, tcp_get_flags(th) & ~TH_PUSH);
|
||||
|
||||
switch (changes & SPECIALS_MASK) {
|
||||
case SPECIAL_I:
|
||||
@ -536,10 +536,10 @@ sl_uncompress_tcp_core(u_char *buf, int buflen, int total_len, u_int type,
|
||||
|
||||
default:
|
||||
if (changes & NEW_U) {
|
||||
th->th_flags |= TH_URG;
|
||||
tcp_set_flags(th, tcp_get_flags(th) | TH_URG);
|
||||
DECODEU(th->th_urp)
|
||||
} else
|
||||
th->th_flags &=~ TH_URG;
|
||||
tcp_set_flags(th, tcp_get_flags(th) & ~TH_URG);
|
||||
if (changes & NEW_W)
|
||||
DECODES(th->th_win)
|
||||
if (changes & NEW_A)
|
||||
|
||||
@ -107,11 +107,11 @@ static int export_send(priv_p, fib_export_p, item_p, int);
|
||||
|
||||
#ifdef INET
|
||||
static int hash_insert(priv_p, struct flow_hash_entry *, struct flow_rec *,
|
||||
int, uint8_t, uint8_t);
|
||||
int, uint8_t, uint16_t);
|
||||
#endif
|
||||
#ifdef INET6
|
||||
static int hash6_insert(priv_p, struct flow_hash_entry *, struct flow6_rec *,
|
||||
int, uint8_t, uint8_t);
|
||||
int, uint8_t, uint16_t);
|
||||
#endif
|
||||
|
||||
static void expire_flow(priv_p, fib_export_p, struct flow_entry *, int);
|
||||
@ -320,7 +320,7 @@ ng_netflow_copyinfo(priv_p priv, struct ng_netflow_info *i)
|
||||
#ifdef INET
|
||||
static int
|
||||
hash_insert(priv_p priv, struct flow_hash_entry *hsh, struct flow_rec *r,
|
||||
int plen, uint8_t flags, uint8_t tcp_flags)
|
||||
int plen, uint8_t flags, uint16_t tcp_flags)
|
||||
{
|
||||
struct flow_entry *fle;
|
||||
|
||||
@ -397,7 +397,7 @@ hash_insert(priv_p priv, struct flow_hash_entry *hsh, struct flow_rec *r,
|
||||
#ifdef INET6
|
||||
static int
|
||||
hash6_insert(priv_p priv, struct flow_hash_entry *hsh6, struct flow6_rec *r,
|
||||
int plen, uint8_t flags, uint8_t tcp_flags)
|
||||
int plen, uint8_t flags, uint16_t tcp_flags)
|
||||
{
|
||||
struct flow6_entry *fle6;
|
||||
|
||||
@ -659,7 +659,7 @@ ng_netflow_flow_add(priv_p priv, fib_export_p fe, struct ip *ip,
|
||||
struct flow_rec r;
|
||||
int hlen, plen;
|
||||
int error = 0;
|
||||
uint8_t tcp_flags = 0;
|
||||
uint16_t tcp_flags = 0;
|
||||
|
||||
bzero(&r, sizeof(r));
|
||||
|
||||
@ -702,7 +702,7 @@ ng_netflow_flow_add(priv_p priv, fib_export_p fe, struct ip *ip,
|
||||
tcp = (struct tcphdr *)((caddr_t )ip + hlen);
|
||||
r.r_sport = tcp->th_sport;
|
||||
r.r_dport = tcp->th_dport;
|
||||
tcp_flags = tcp->th_flags;
|
||||
tcp_flags = tcp_get_flags(tcp);
|
||||
break;
|
||||
}
|
||||
case IPPROTO_UDP:
|
||||
@ -787,7 +787,7 @@ ng_netflow_flow6_add(priv_p priv, fib_export_p fe, struct ip6_hdr *ip6,
|
||||
struct flow6_rec r;
|
||||
int plen;
|
||||
int error = 0;
|
||||
uint8_t tcp_flags = 0;
|
||||
uint16_t tcp_flags = 0;
|
||||
|
||||
/* check version */
|
||||
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION)
|
||||
@ -816,7 +816,7 @@ ng_netflow_flow6_add(priv_p priv, fib_export_p fe, struct ip6_hdr *ip6,
|
||||
|
||||
tcp = (struct tcphdr *)upper_ptr;
|
||||
r.r_ports = *(uint32_t *)upper_ptr;
|
||||
tcp_flags = tcp->th_flags;
|
||||
tcp_flags = tcp_get_flags(tcp);
|
||||
break;
|
||||
}
|
||||
case IPPROTO_UDP:
|
||||
|
||||
@ -259,7 +259,7 @@ struct flow_entry_data {
|
||||
u_long bytes;
|
||||
long first; /* uptime on first packet */
|
||||
long last; /* uptime on last packet */
|
||||
u_char tcp_flags; /* cumulative OR */
|
||||
uint16_t tcp_flags; /* cumulative OR */
|
||||
};
|
||||
|
||||
struct flow6_entry_data {
|
||||
@ -277,7 +277,7 @@ struct flow6_entry_data {
|
||||
u_long bytes;
|
||||
long first; /* uptime on first packet */
|
||||
long last; /* uptime on last packet */
|
||||
u_char tcp_flags; /* cumulative OR */
|
||||
uint16_t tcp_flags; /* cumulative OR */
|
||||
};
|
||||
|
||||
/*
|
||||
|
||||
@ -330,7 +330,7 @@ ng_tcpmss_rcvdata(hook_p hook, item_p item)
|
||||
ERROUT(EINVAL);
|
||||
|
||||
/* Check SYN packet and has options. */
|
||||
if (!(tcp->th_flags & TH_SYN) || tcphlen == sizeof(struct tcphdr))
|
||||
if (!(tcp_get_flags(tcp) & TH_SYN) || tcphlen == sizeof(struct tcphdr))
|
||||
goto send;
|
||||
|
||||
/* Update SYN stats. */
|
||||
|
||||
@ -183,12 +183,12 @@ a timeout period.
|
||||
*/
|
||||
|
||||
/* Local prototypes */
|
||||
static void TcpMonitorIn(u_char, struct alias_link *);
|
||||
static void TcpMonitorIn(uint16_t, struct alias_link *);
|
||||
|
||||
static void TcpMonitorOut(u_char, struct alias_link *);
|
||||
static void TcpMonitorOut(uint16_t, struct alias_link *);
|
||||
|
||||
static void
|
||||
TcpMonitorIn(u_char th_flags, struct alias_link *lnk)
|
||||
TcpMonitorIn(uint16_t th_flags, struct alias_link *lnk)
|
||||
{
|
||||
switch (GetStateIn(lnk)) {
|
||||
case ALIAS_TCP_STATE_NOT_CONNECTED:
|
||||
@ -205,7 +205,7 @@ TcpMonitorIn(u_char th_flags, struct alias_link *lnk)
|
||||
}
|
||||
|
||||
static void
|
||||
TcpMonitorOut(u_char th_flags, struct alias_link *lnk)
|
||||
TcpMonitorOut(uint16_t th_flags, struct alias_link *lnk)
|
||||
{
|
||||
switch (GetStateOut(lnk)) {
|
||||
case ALIAS_TCP_STATE_NOT_CONNECTED:
|
||||
@ -1053,7 +1053,7 @@ TcpAliasIn(struct libalias *la, struct ip *pip)
|
||||
|
||||
/* Monitor TCP connection state */
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
TcpMonitorIn(tc->th_flags, lnk);
|
||||
TcpMonitorIn(__tcp_get_flags(tc), lnk);
|
||||
|
||||
return (PKT_ALIAS_OK);
|
||||
}
|
||||
@ -1142,7 +1142,7 @@ TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create)
|
||||
|
||||
/* Monitor TCP connection state */
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
TcpMonitorOut(tc->th_flags, lnk);
|
||||
TcpMonitorOut(__tcp_get_flags(tc), lnk);
|
||||
|
||||
/* Walk out chain. */
|
||||
find_handler(OUT, TCP, la, pip, &ad);
|
||||
|
||||
@ -752,7 +752,7 @@ NewFtpMessage(struct libalias *la, struct ip *pip,
|
||||
/* Compute TCP checksum for revised packet */
|
||||
tc->th_sum = 0;
|
||||
#ifdef _KERNEL
|
||||
tc->th_x2 = (TH_RES1 >> 8);
|
||||
tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
|
||||
#else
|
||||
tc->th_sum = TcpChecksum(pip);
|
||||
#endif
|
||||
|
||||
@ -456,7 +456,7 @@ AliasHandleIrcOut(struct libalias *la,
|
||||
/* Compute TCP checksum for revised packet */
|
||||
tc->th_sum = 0;
|
||||
#ifdef _KERNEL
|
||||
tc->th_x2 = (TH_RES1 >> 8);
|
||||
tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
|
||||
#else
|
||||
tc->th_sum = TcpChecksum(pip);
|
||||
#endif
|
||||
|
||||
@ -366,7 +366,7 @@ ProxyEncodeTcpStream(struct alias_link *lnk,
|
||||
|
||||
tc->th_sum = 0;
|
||||
#ifdef _KERNEL
|
||||
tc->th_x2 = (TH_RES1 >> 8);
|
||||
tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
|
||||
#else
|
||||
tc->th_sum = TcpChecksum(pip);
|
||||
#endif
|
||||
|
||||
@ -214,7 +214,7 @@ alias_skinny_reg_msg(struct RegisterMessage *reg_msg, struct ip *pip,
|
||||
|
||||
tc->th_sum = 0;
|
||||
#ifdef _KERNEL
|
||||
tc->th_x2 = (TH_RES1 >> 8);
|
||||
tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
|
||||
#else
|
||||
tc->th_sum = TcpChecksum(pip);
|
||||
#endif
|
||||
@ -257,7 +257,7 @@ alias_skinny_port_msg(struct IpPortMessage *port_msg, struct ip *pip,
|
||||
|
||||
tc->th_sum = 0;
|
||||
#ifdef _KERNEL
|
||||
tc->th_x2 = (TH_RES1 >> 8);
|
||||
tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
|
||||
#else
|
||||
tc->th_sum = TcpChecksum(pip);
|
||||
#endif
|
||||
@ -287,7 +287,7 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opn
|
||||
|
||||
tc->th_sum = 0;
|
||||
#ifdef _KERNEL
|
||||
tc->th_x2 = (TH_RES1 >> 8);
|
||||
tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
|
||||
#else
|
||||
tc->th_sum = TcpChecksum(pip);
|
||||
#endif
|
||||
|
||||
@ -402,7 +402,7 @@ alias_rtsp_out(struct libalias *la, struct ip *pip,
|
||||
|
||||
tc->th_sum = 0;
|
||||
#ifdef _KERNEL
|
||||
tc->th_x2 = (TH_RES1 >> 8);
|
||||
tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
|
||||
#else
|
||||
tc->th_sum = TcpChecksum(pip);
|
||||
#endif
|
||||
@ -449,7 +449,7 @@ alias_pna_out(struct libalias *la, struct ip *pip,
|
||||
/* Compute TCP checksum for revised packet */
|
||||
tc->th_sum = 0;
|
||||
#ifdef _KERNEL
|
||||
tc->th_x2 = (TH_RES1 >> 8);
|
||||
tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
|
||||
#else
|
||||
tc->th_sum = TcpChecksum(pip);
|
||||
#endif
|
||||
|
||||
@ -1265,7 +1265,6 @@ send:
|
||||
bcopy(opt, th + 1, optlen);
|
||||
th->th_off = (sizeof (struct tcphdr) + optlen) >> 2;
|
||||
}
|
||||
tcp_set_flags(th, flags);
|
||||
/*
|
||||
* Calculate receive window. Don't shrink window,
|
||||
* but avoid silly window syndrome.
|
||||
@ -1310,8 +1309,8 @@ send:
|
||||
tp->t_flags &= ~TF_RXWIN0SENT;
|
||||
if (SEQ_GT(tp->snd_up, tp->snd_nxt)) {
|
||||
th->th_urp = htons((u_short)(tp->snd_up - tp->snd_nxt));
|
||||
th->th_flags |= TH_URG;
|
||||
} else
|
||||
flags |= TH_URG;
|
||||
} else {
|
||||
/*
|
||||
* If no urgent pointer to send, then we pull
|
||||
* the urgent pointer to the left edge of the send window
|
||||
@ -1319,6 +1318,8 @@ send:
|
||||
* number wraparound.
|
||||
*/
|
||||
tp->snd_up = tp->snd_una; /* drag it along */
|
||||
}
|
||||
tcp_set_flags(th, flags);
|
||||
|
||||
/*
|
||||
* Put TCP length in extended header, and then
|
||||
|
||||
@ -1330,8 +1330,8 @@ ipf_pr_tcpcommon(fr_info_t *fin)
|
||||
return (1);
|
||||
}
|
||||
|
||||
flags = tcp->th_flags;
|
||||
fin->fin_tcpf = tcp->th_flags;
|
||||
flags = tcp_get_flags(tcp);
|
||||
fin->fin_tcpf = tcp_get_flags(tcp);
|
||||
|
||||
/*
|
||||
* If the urgent flag is set, then the urgent pointer must
|
||||
|
||||
@ -314,15 +314,15 @@ ipf_send_reset(fr_info_t *fin)
|
||||
ip_t *ip;
|
||||
|
||||
tcp = fin->fin_dp;
|
||||
if (tcp->th_flags & TH_RST)
|
||||
if (tcp_get_flags(tcp) & TH_RST)
|
||||
return (-1); /* feedback loop */
|
||||
|
||||
if (ipf_checkl4sum(fin) == -1)
|
||||
return (-1);
|
||||
|
||||
tlen = fin->fin_dlen - (TCP_OFF(tcp) << 2) +
|
||||
((tcp->th_flags & TH_SYN) ? 1 : 0) +
|
||||
((tcp->th_flags & TH_FIN) ? 1 : 0);
|
||||
((tcp_get_flags(tcp) & TH_SYN) ? 1 : 0) +
|
||||
((tcp_get_flags(tcp) & TH_FIN) ? 1 : 0);
|
||||
|
||||
#ifdef USE_INET6
|
||||
hlen = (fin->fin_v == 6) ? sizeof(ip6_t) : sizeof(ip_t);
|
||||
|
||||
@ -543,7 +543,7 @@ ipf_p_ftp_addport(ipf_ftp_softc_t *softf, fr_info_t *fin, ip_t *ip, nat_t *nat,
|
||||
|
||||
tcp2->th_win = htons(8192);
|
||||
TCP_OFF_A(tcp2, 5);
|
||||
tcp2->th_flags = TH_SYN;
|
||||
tcp_set_flags(tcp2, TH_SYN);
|
||||
|
||||
if (nat->nat_dir == NAT_INBOUND) {
|
||||
fi.fin_out = 1;
|
||||
@ -873,7 +873,7 @@ ipf_p_ftp_pasvreply(ipf_ftp_softc_t *softf, fr_info_t *fin, ip_t *ip,
|
||||
fi.fin_flx &= FI_LOWTTL|FI_FRAG|FI_TCPUDP|FI_OPTIONS|FI_IGNORE;
|
||||
|
||||
TCP_OFF_A(tcp2, 5);
|
||||
tcp2->th_flags = TH_SYN;
|
||||
tcp_set_flags(tcp2, TH_SYN);
|
||||
tcp2->th_win = htons(8192);
|
||||
tcp2->th_dport = htons(port);
|
||||
|
||||
@ -1240,9 +1240,9 @@ ipf_p_ftp_process(ipf_ftp_softc_t *softf, fr_info_t *fin, nat_t *nat,
|
||||
if (softf->ipf_p_ftp_debug & DEBUG_INFO)
|
||||
printf("ipf_p_ftp_process: %d:%d,%d, mlen %d flags %x\n",
|
||||
fin->fin_out, fin->fin_sport, fin->fin_dport,
|
||||
mlen, tcp->th_flags);
|
||||
mlen, tcp_get_flags(tcp));
|
||||
|
||||
if ((mlen == 0) && ((tcp->th_flags & TH_OPENING) == TH_OPENING)) {
|
||||
if ((mlen == 0) && ((tcp_get_flags(tcp) & TH_OPENING) == TH_OPENING)) {
|
||||
f->ftps_seq[0] = thseq + 1;
|
||||
t->ftps_seq[0] = thack;
|
||||
return (0);
|
||||
@ -1283,7 +1283,7 @@ ipf_p_ftp_process(ipf_ftp_softc_t *softf, fr_info_t *fin, nat_t *nat,
|
||||
}
|
||||
if (softf->ipf_p_ftp_debug & DEBUG_INFO) {
|
||||
printf("%s: %x seq %x/%d ack %x/%d len %d/%d off %d\n",
|
||||
rv ? "IN" : "OUT", tcp->th_flags, thseq, seqoff,
|
||||
rv ? "IN" : "OUT", tcp_get_flags(tcp), thseq, seqoff,
|
||||
thack, ackoff, mlen, fin->fin_plen, off);
|
||||
printf("sel %d seqmin %x/%x offset %d/%d\n", sel,
|
||||
aps->aps_seqmin[sel], aps->aps_seqmin[sel2],
|
||||
@ -1357,7 +1357,7 @@ ipf_p_ftp_process(ipf_ftp_softc_t *softf, fr_info_t *fin, nat_t *nat,
|
||||
f->ftps_seq[0], f->ftps_seq[1]);
|
||||
}
|
||||
|
||||
if (tcp->th_flags & TH_FIN) {
|
||||
if (tcp_get_flags(tcp) & TH_FIN) {
|
||||
if (thseq == f->ftps_seq[1]) {
|
||||
f->ftps_seq[0] = f->ftps_seq[1] - seqoff;
|
||||
f->ftps_seq[1] = thseq + 1 - seqoff;
|
||||
@ -1530,7 +1530,7 @@ whilemore:
|
||||
}
|
||||
|
||||
/* f->ftps_seq[1] += inc; */
|
||||
if (tcp->th_flags & TH_FIN)
|
||||
if (tcp_get_flags(tcp) & TH_FIN)
|
||||
f->ftps_seq[1]++;
|
||||
if (softf->ipf_p_ftp_debug & DEBUG_PARSE_INFO) {
|
||||
mlen = MSGDSIZE(m);
|
||||
|
||||
@ -5715,7 +5715,7 @@ ipf_nat_proto(fr_info_t *fin, nat_t *nat, u_int nflags)
|
||||
* Do a MSS CLAMPING on a SYN packet,
|
||||
* only deal IPv4 for now.
|
||||
*/
|
||||
if ((nat->nat_mssclamp != 0) && (tcp->th_flags & TH_SYN) != 0)
|
||||
if ((nat->nat_mssclamp != 0) && (tcp_get_flags(tcp) & TH_SYN) != 0)
|
||||
ipf_nat_mssclamp(tcp, nat->nat_mssclamp, fin, csump);
|
||||
|
||||
break;
|
||||
|
||||
@ -515,7 +515,7 @@ ipf_p_pptp_inout(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat)
|
||||
rev = 0;
|
||||
|
||||
tcp = (tcphdr_t *)fin->fin_dp;
|
||||
if ((tcp->th_flags & TH_OPENING) == TH_OPENING) {
|
||||
if ((tcp_get_flags(tcp) & TH_OPENING) == TH_OPENING) {
|
||||
pptp = (pptp_pxy_t *)aps->aps_data;
|
||||
pptp->pptp_side[1 - rev].pptps_next = ntohl(tcp->th_ack);
|
||||
pptp->pptp_side[1 - rev].pptps_nexthdr = ntohl(tcp->th_ack);
|
||||
|
||||
@ -263,7 +263,7 @@ ipf_p_rcmd_portmsg(fr_info_t *fin, ap_session_t *aps, nat_t *nat)
|
||||
bzero((char *)tcp2, sizeof(*tcp2));
|
||||
tcp2->th_win = htons(8192);
|
||||
TCP_OFF_A(tcp2, 5);
|
||||
tcp2->th_flags = TH_SYN;
|
||||
tcp_set_flags(tcp2, TH_SYN);
|
||||
|
||||
fi.fin_dp = (char *)tcp2;
|
||||
fi.fin_fr = &rcmdfr;
|
||||
|
||||
@ -1127,7 +1127,7 @@ ipf_p_rpcb_getnat(fr_info_t *fin, nat_t *nat, u_int proto, u_int port)
|
||||
tcp.th_win = htons(8192);
|
||||
TCP_OFF_A(&tcp, sizeof(tcphdr_t) >> 2);
|
||||
fi.fin_dlen = sizeof(tcphdr_t);
|
||||
tcp.th_flags = TH_SYN;
|
||||
tcp_set_flags(&tcp, TH_SYN);
|
||||
nflags = NAT_TCP;
|
||||
} else {
|
||||
fi.fin_dlen = sizeof(udphdr_t);
|
||||
|
||||
@ -1520,7 +1520,7 @@ ipf_state_add(ipf_main_softc_t *softc, fr_info_t *fin, ipstate_t **stsave,
|
||||
case IPPROTO_TCP :
|
||||
tcp = fin->fin_dp;
|
||||
|
||||
if (tcp->th_flags & TH_RST) {
|
||||
if (tcp_get_flags(tcp) & TH_RST) {
|
||||
SBUMPD(ipf_state_stats, iss_tcp_rstadd);
|
||||
return (-4);
|
||||
}
|
||||
@ -1553,15 +1553,15 @@ ipf_state_add(ipf_main_softc_t *softc, fr_info_t *fin, ipstate_t **stsave,
|
||||
if ((fin->fin_flx & FI_IGNORE) == 0) {
|
||||
is->is_send = ntohl(tcp->th_seq) + fin->fin_dlen -
|
||||
(TCP_OFF(tcp) << 2) +
|
||||
((tcp->th_flags & TH_SYN) ? 1 : 0) +
|
||||
((tcp->th_flags & TH_FIN) ? 1 : 0);
|
||||
((tcp_get_flags(tcp) & TH_SYN) ? 1 : 0) +
|
||||
((tcp_get_flags(tcp) & TH_FIN) ? 1 : 0);
|
||||
is->is_maxsend = is->is_send;
|
||||
|
||||
/*
|
||||
* Window scale option is only present in
|
||||
* SYN/SYN-ACK packet.
|
||||
*/
|
||||
if ((tcp->th_flags & ~(TH_FIN|TH_ACK|TH_ECNALL)) ==
|
||||
if ((tcp_get_flags(tcp) & ~(TH_FIN|TH_ACK|TH_ECNALL)) ==
|
||||
TH_SYN &&
|
||||
(TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2))) {
|
||||
if (ipf_tcpoptions(softs, fin, tcp,
|
||||
@ -1576,7 +1576,7 @@ ipf_state_add(ipf_main_softc_t *softc, fr_info_t *fin, ipstate_t **stsave,
|
||||
ipf_fixoutisn(fin, is);
|
||||
}
|
||||
|
||||
if ((tcp->th_flags & TH_OPENING) == TH_SYN)
|
||||
if ((tcp_get_flags(tcp) & TH_OPENING) == TH_SYN)
|
||||
flags |= IS_TCPFSM;
|
||||
else {
|
||||
is->is_maxdwin = is->is_maxswin * 2;
|
||||
@ -1968,7 +1968,7 @@ ipf_state_tcp(ipf_main_softc_t *softc, ipf_state_softc_t *softs,
|
||||
* If a SYN packet is received for a connection that is on the way out
|
||||
* but hasn't yet departed then advance this session along the way.
|
||||
*/
|
||||
if ((tcp->th_flags & TH_OPENING) == TH_SYN) {
|
||||
if ((tcp_get_flags(tcp) & TH_OPENING) == TH_SYN) {
|
||||
if ((is->is_state[0] > IPF_TCPS_ESTABLISHED) &&
|
||||
(is->is_state[1] > IPF_TCPS_ESTABLISHED)) {
|
||||
is->is_state[!source] = IPF_TCPS_CLOSED;
|
||||
@ -2011,7 +2011,7 @@ ipf_state_tcp(ipf_main_softc_t *softc, ipf_state_softc_t *softs,
|
||||
* Window scale option is only present in SYN/SYN-ACK packet.
|
||||
* Compare with ~TH_FIN to mask out T/TCP setups.
|
||||
*/
|
||||
flags = tcp->th_flags & ~(TH_FIN|TH_ECNALL);
|
||||
flags = tcp_get_flags(tcp) & ~(TH_FIN|TH_ECNALL);
|
||||
if (flags == (TH_SYN|TH_ACK)) {
|
||||
is->is_s0[source] = ntohl(tcp->th_ack);
|
||||
is->is_s0[!source] = ntohl(tcp->th_seq) + 1;
|
||||
@ -2110,7 +2110,7 @@ ipf_state_tcpinwindow(fr_info_t *fin, tcpdata_t *fdata, tcpdata_t *tdata,
|
||||
/*
|
||||
* Find difference between last checked packet and this packet.
|
||||
*/
|
||||
tcpflags = tcp->th_flags;
|
||||
tcpflags = tcp_get_flags(tcp);
|
||||
seq = ntohl(tcp->th_seq);
|
||||
ack = ntohl(tcp->th_ack);
|
||||
if (tcpflags & TH_SYN)
|
||||
@ -2313,8 +2313,8 @@ ipf_state_clone(fr_info_t *fin, tcphdr_t *tcp, ipstate_t *is)
|
||||
clone->is_state[0] = 0;
|
||||
clone->is_state[1] = 0;
|
||||
send = ntohl(tcp->th_seq) + fin->fin_dlen - (TCP_OFF(tcp) << 2) +
|
||||
((tcp->th_flags & TH_SYN) ? 1 : 0) +
|
||||
((tcp->th_flags & TH_FIN) ? 1 : 0);
|
||||
((tcp_get_flags(tcp) & TH_SYN) ? 1 : 0) +
|
||||
((tcp_get_flags(tcp) & TH_FIN) ? 1 : 0);
|
||||
|
||||
if (fin->fin_rev == 1) {
|
||||
clone->is_dend = send;
|
||||
@ -3954,7 +3954,7 @@ ipf_tcp_age(ipftqent_t *tqe, fr_info_t *fin, ipftq_t *tqtab, int flags, int ok)
|
||||
|
||||
rval = 0;
|
||||
dir = fin->fin_rev;
|
||||
tcpflags = tcp->th_flags;
|
||||
tcpflags = tcp_get_flags(tcp);
|
||||
dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2);
|
||||
ostate = tqe->tqe_state[1 - dir];
|
||||
nstate = tqe->tqe_state[dir];
|
||||
|
||||
@ -719,12 +719,12 @@ ipfw_send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq,
|
||||
if (flags & TH_RST) {
|
||||
if (flags & TH_ACK) {
|
||||
th->th_seq = htonl(ack);
|
||||
th->th_flags = TH_RST;
|
||||
tcp_set_flags(th, TH_RST);
|
||||
} else {
|
||||
if (flags & TH_SYN)
|
||||
seq++;
|
||||
th->th_ack = htonl(seq);
|
||||
th->th_flags = TH_RST | TH_ACK;
|
||||
tcp_set_flags(th, TH_RST | TH_ACK);
|
||||
}
|
||||
} else {
|
||||
/*
|
||||
@ -732,7 +732,7 @@ ipfw_send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq,
|
||||
*/
|
||||
th->th_seq = htonl(seq);
|
||||
th->th_ack = htonl(ack);
|
||||
th->th_flags = TH_ACK;
|
||||
tcp_set_flags(th, TH_ACK);
|
||||
}
|
||||
|
||||
switch (id->addr_type) {
|
||||
@ -893,11 +893,11 @@ send_reject6(struct ip_fw_args *args, int code, u_int hlen, struct ip6_hdr *ip6)
|
||||
struct tcphdr *tcp;
|
||||
tcp = (struct tcphdr *)((char *)ip6 + hlen);
|
||||
|
||||
if ((tcp->th_flags & TH_RST) == 0) {
|
||||
if ((tcp_get_flags(tcp) & TH_RST) == 0) {
|
||||
struct mbuf *m0;
|
||||
m0 = ipfw_send_pkt(args->m, &(args->f_id),
|
||||
ntohl(tcp->th_seq), ntohl(tcp->th_ack),
|
||||
tcp->th_flags | TH_RST);
|
||||
tcp_get_flags(tcp) | TH_RST);
|
||||
if (m0 != NULL)
|
||||
ip6_output(m0, NULL, NULL, 0, NULL, NULL,
|
||||
NULL);
|
||||
@ -1021,11 +1021,11 @@ send_reject(struct ip_fw_args *args, const ipfw_insn *cmd, int iplen,
|
||||
} else if (code == ICMP_REJECT_RST && args->f_id.proto == IPPROTO_TCP) {
|
||||
struct tcphdr *const tcp =
|
||||
L3HDR(struct tcphdr, mtod(args->m, struct ip *));
|
||||
if ( (tcp->th_flags & TH_RST) == 0) {
|
||||
if ( (tcp_get_flags(tcp) & TH_RST) == 0) {
|
||||
struct mbuf *m;
|
||||
m = ipfw_send_pkt(args->m, &(args->f_id),
|
||||
ntohl(tcp->th_seq), ntohl(tcp->th_ack),
|
||||
tcp->th_flags | TH_RST);
|
||||
tcp_get_flags(tcp) | TH_RST);
|
||||
if (m != NULL)
|
||||
ip_output(m, NULL, NULL, 0, NULL, NULL);
|
||||
}
|
||||
@ -1571,7 +1571,7 @@ do { \
|
||||
dst_port = TCP(ulp)->th_dport;
|
||||
src_port = TCP(ulp)->th_sport;
|
||||
/* save flags for dynamic rules */
|
||||
args->f_id._flags = TCP(ulp)->th_flags;
|
||||
args->f_id._flags = tcp_get_flags(TCP(ulp));
|
||||
break;
|
||||
|
||||
case IPPROTO_SCTP:
|
||||
@ -1762,7 +1762,7 @@ do { \
|
||||
dst_port = TCP(ulp)->th_dport;
|
||||
src_port = TCP(ulp)->th_sport;
|
||||
/* save flags for dynamic rules */
|
||||
args->f_id._flags = TCP(ulp)->th_flags;
|
||||
args->f_id._flags = tcp_get_flags(TCP(ulp));
|
||||
break;
|
||||
|
||||
case IPPROTO_SCTP:
|
||||
@ -2439,8 +2439,13 @@ do { \
|
||||
break;
|
||||
|
||||
case O_TCPFLAGS:
|
||||
/*
|
||||
* Note that this is currently only set up to
|
||||
* match the lower 8 TCP header flag bits, not
|
||||
* the full compliment of all 12 flags.
|
||||
*/
|
||||
match = (proto == IPPROTO_TCP && offset == 0 &&
|
||||
flags_match(cmd, TCP(ulp)->th_flags));
|
||||
flags_match(cmd, tcp_get_flags(TCP(ulp))));
|
||||
break;
|
||||
|
||||
case O_TCPOPTS:
|
||||
@ -2511,7 +2516,7 @@ do { \
|
||||
/* reject packets which have SYN only */
|
||||
/* XXX should i also check for TH_ACK ? */
|
||||
match = (proto == IPPROTO_TCP && offset == 0 &&
|
||||
(TCP(ulp)->th_flags &
|
||||
(tcp_get_flags(TCP(ulp)) &
|
||||
(TH_RST | TH_ACK | TH_SYN)) != TH_SYN);
|
||||
break;
|
||||
|
||||
|
||||
@ -2388,7 +2388,7 @@ dyn_make_keepalive_ipv4(struct mbuf *m, in_addr_t src, in_addr_t dst,
|
||||
tcp->th_off = sizeof(struct tcphdr) >> 2;
|
||||
tcp->th_seq = htonl(seq);
|
||||
tcp->th_ack = htonl(ack);
|
||||
tcp->th_flags = TH_ACK;
|
||||
tcp_set_flags(tcp, TH_ACK);
|
||||
tcp->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
|
||||
htons(sizeof(struct tcphdr) + IPPROTO_TCP));
|
||||
|
||||
@ -2498,7 +2498,7 @@ dyn_make_keepalive_ipv6(struct mbuf *m, const struct in6_addr *src,
|
||||
tcp->th_off = sizeof(struct tcphdr) >> 2;
|
||||
tcp->th_seq = htonl(seq);
|
||||
tcp->th_ack = htonl(ack);
|
||||
tcp->th_flags = TH_ACK;
|
||||
tcp_set_flags(tcp, TH_ACK);
|
||||
tcp->th_sum = in6_cksum_pseudo(ip6, sizeof(struct tcphdr),
|
||||
IPPROTO_TCP, 0);
|
||||
|
||||
|
||||
@ -416,7 +416,7 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
|
||||
struct tcphdr *th;
|
||||
|
||||
th = (struct tcphdr *)(ip + 1);
|
||||
if (th->th_x2 & (TH_RES1 >> 8))
|
||||
if (tcp_get_flags(th) & TH_RES1)
|
||||
ldt = 1;
|
||||
}
|
||||
|
||||
@ -436,7 +436,7 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
|
||||
* Maybe it was set in
|
||||
* libalias...
|
||||
*/
|
||||
th->th_x2 &= ~(TH_RES1 >> 8);
|
||||
tcp_set_flags(th, tcp_get_flags(th) & ~TH_RES1);
|
||||
th->th_sum = cksum;
|
||||
mcl->m_pkthdr.csum_data =
|
||||
offsetof(struct tcphdr, th_sum);
|
||||
|
||||
@ -3479,7 +3479,7 @@ pf_build_tcp(const struct pf_krule *r, sa_family_t af,
|
||||
th->th_seq = htonl(seq);
|
||||
th->th_ack = htonl(ack);
|
||||
th->th_off = tlen >> 2;
|
||||
th->th_flags = tcp_flags;
|
||||
tcp_set_flags(th, tcp_flags);
|
||||
th->th_win = htons(win);
|
||||
|
||||
if (mss) {
|
||||
@ -3700,16 +3700,16 @@ pf_return(struct pf_krule *r, struct pf_krule *nr, struct pf_pdesc *pd,
|
||||
if (pd->proto == IPPROTO_TCP &&
|
||||
((r->rule_flag & PFRULE_RETURNRST) ||
|
||||
(r->rule_flag & PFRULE_RETURN)) &&
|
||||
!(th->th_flags & TH_RST)) {
|
||||
!(tcp_get_flags(th) & TH_RST)) {
|
||||
u_int32_t ack = ntohl(th->th_seq) + pd->p_len;
|
||||
|
||||
if (pf_check_proto_cksum(pd->m, pd->off, pd->tot_len - pd->off,
|
||||
IPPROTO_TCP, pd->af))
|
||||
REASON_SET(reason, PFRES_PROTCKSUM);
|
||||
else {
|
||||
if (th->th_flags & TH_SYN)
|
||||
if (tcp_get_flags(th) & TH_SYN)
|
||||
ack++;
|
||||
if (th->th_flags & TH_FIN)
|
||||
if (tcp_get_flags(th) & TH_FIN)
|
||||
ack++;
|
||||
pf_send_tcp(r, pd->af, pd->dst,
|
||||
pd->src, th->th_dport, th->th_sport,
|
||||
@ -5169,7 +5169,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
|
||||
break;
|
||||
|
||||
case IPPROTO_TCP:
|
||||
PF_TEST_ATTRIB((r->flagset & th->th_flags) != r->flags,
|
||||
PF_TEST_ATTRIB((r->flagset & tcp_get_flags(th)) != r->flags,
|
||||
TAILQ_NEXT(r, entries));
|
||||
/* FALLTHROUGH */
|
||||
case IPPROTO_SCTP:
|
||||
@ -5432,7 +5432,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
|
||||
case IPPROTO_TCP:
|
||||
s->src.seqlo = ntohl(th->th_seq);
|
||||
s->src.seqhi = s->src.seqlo + pd->p_len + 1;
|
||||
if ((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN &&
|
||||
if ((tcp_get_flags(th) & (TH_SYN|TH_ACK)) == TH_SYN &&
|
||||
r->keep_state == PF_STATE_MODULATE) {
|
||||
/* Generate sequence number modulator */
|
||||
if ((s->src.seqdiff = pf_tcp_iss(pd) - s->src.seqlo) ==
|
||||
@ -5443,7 +5443,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
|
||||
*rewrite = 1;
|
||||
} else
|
||||
s->src.seqdiff = 0;
|
||||
if (th->th_flags & TH_SYN) {
|
||||
if (tcp_get_flags(th) & TH_SYN) {
|
||||
s->src.seqhi++;
|
||||
s->src.wscale = pf_get_wscale(pd);
|
||||
}
|
||||
@ -5455,7 +5455,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
|
||||
s->src.max_win = (win - 1) >>
|
||||
(s->src.wscale & PF_WSCALE_MASK);
|
||||
}
|
||||
if (th->th_flags & TH_FIN)
|
||||
if (tcp_get_flags(th) & TH_FIN)
|
||||
s->src.seqhi++;
|
||||
s->dst.seqhi = 1;
|
||||
s->dst.max_win = 1;
|
||||
@ -5558,7 +5558,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
|
||||
|
||||
if (tag > 0)
|
||||
s->tag = tag;
|
||||
if (pd->proto == IPPROTO_TCP && (th->th_flags & (TH_SYN|TH_ACK)) ==
|
||||
if (pd->proto == IPPROTO_TCP && (tcp_get_flags(th) & (TH_SYN|TH_ACK)) ==
|
||||
TH_SYN && r->keep_state == PF_STATE_SYNPROXY) {
|
||||
pf_set_protostate(s, PF_PEER_SRC, PF_TCPS_PROXY_SRC);
|
||||
/* undo NAT changes, if they have taken place */
|
||||
@ -5660,7 +5660,7 @@ pf_tcp_track_full(struct pf_kstate **state, struct pf_pdesc *pd,
|
||||
pdst = PF_PEER_SRC;
|
||||
}
|
||||
|
||||
if (src->wscale && dst->wscale && !(th->th_flags & TH_SYN)) {
|
||||
if (src->wscale && dst->wscale && !(tcp_get_flags(th) & TH_SYN)) {
|
||||
sws = src->wscale & PF_WSCALE_MASK;
|
||||
dws = dst->wscale & PF_WSCALE_MASK;
|
||||
} else
|
||||
@ -5699,7 +5699,7 @@ pf_tcp_track_full(struct pf_kstate **state, struct pf_pdesc *pd,
|
||||
}
|
||||
|
||||
end = seq + pd->p_len;
|
||||
if (th->th_flags & TH_SYN) {
|
||||
if (tcp_get_flags(th) & TH_SYN) {
|
||||
end++;
|
||||
if (dst->wscale & PF_WSCALE_FLAG) {
|
||||
src->wscale = pf_get_wscale(pd);
|
||||
@ -5721,7 +5721,7 @@ pf_tcp_track_full(struct pf_kstate **state, struct pf_pdesc *pd,
|
||||
}
|
||||
}
|
||||
data_end = end;
|
||||
if (th->th_flags & TH_FIN)
|
||||
if (tcp_get_flags(th) & TH_FIN)
|
||||
end++;
|
||||
|
||||
src->seqlo = seq;
|
||||
@ -5749,18 +5749,18 @@ pf_tcp_track_full(struct pf_kstate **state, struct pf_pdesc *pd,
|
||||
*copyback = 1;
|
||||
}
|
||||
end = seq + pd->p_len;
|
||||
if (th->th_flags & TH_SYN)
|
||||
if (tcp_get_flags(th) & TH_SYN)
|
||||
end++;
|
||||
data_end = end;
|
||||
if (th->th_flags & TH_FIN)
|
||||
if (tcp_get_flags(th) & TH_FIN)
|
||||
end++;
|
||||
}
|
||||
|
||||
if ((th->th_flags & TH_ACK) == 0) {
|
||||
if ((tcp_get_flags(th) & TH_ACK) == 0) {
|
||||
/* Let it pass through the ack skew check */
|
||||
ack = dst->seqlo;
|
||||
} else if ((ack == 0 &&
|
||||
(th->th_flags & (TH_ACK|TH_RST)) == (TH_ACK|TH_RST)) ||
|
||||
(tcp_get_flags(th) & (TH_ACK|TH_RST)) == (TH_ACK|TH_RST)) ||
|
||||
/* broken tcp stacks do not set ack */
|
||||
(dst->state < TCPS_SYN_SENT)) {
|
||||
/*
|
||||
@ -5804,7 +5804,7 @@ pf_tcp_track_full(struct pf_kstate **state, struct pf_pdesc *pd,
|
||||
/* Acking not more than one reassembled fragment backwards */
|
||||
(ackskew <= (MAXACKWINDOW << sws)) &&
|
||||
/* Acking not more than one window forward */
|
||||
((th->th_flags & TH_RST) == 0 || orig_seq == src->seqlo ||
|
||||
((tcp_get_flags(th) & TH_RST) == 0 || orig_seq == src->seqlo ||
|
||||
(orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo))) {
|
||||
/* Require an exact/+1 sequence match on resets when possible */
|
||||
|
||||
@ -5825,13 +5825,13 @@ pf_tcp_track_full(struct pf_kstate **state, struct pf_pdesc *pd,
|
||||
dst->seqhi = ack + MAX((win << sws), 1);
|
||||
|
||||
/* update states */
|
||||
if (th->th_flags & TH_SYN)
|
||||
if (tcp_get_flags(th) & TH_SYN)
|
||||
if (src->state < TCPS_SYN_SENT)
|
||||
pf_set_protostate(*state, psrc, TCPS_SYN_SENT);
|
||||
if (th->th_flags & TH_FIN)
|
||||
if (tcp_get_flags(th) & TH_FIN)
|
||||
if (src->state < TCPS_CLOSING)
|
||||
pf_set_protostate(*state, psrc, TCPS_CLOSING);
|
||||
if (th->th_flags & TH_ACK) {
|
||||
if (tcp_get_flags(th) & TH_ACK) {
|
||||
if (dst->state == TCPS_SYN_SENT) {
|
||||
pf_set_protostate(*state, pdst,
|
||||
TCPS_ESTABLISHED);
|
||||
@ -5845,7 +5845,7 @@ pf_tcp_track_full(struct pf_kstate **state, struct pf_pdesc *pd,
|
||||
pf_set_protostate(*state, pdst,
|
||||
TCPS_FIN_WAIT_2);
|
||||
}
|
||||
if (th->th_flags & TH_RST)
|
||||
if (tcp_get_flags(th) & TH_RST)
|
||||
pf_set_protostate(*state, PF_PEER_BOTH, TCPS_TIME_WAIT);
|
||||
|
||||
/* update expire time */
|
||||
@ -5899,7 +5899,7 @@ pf_tcp_track_full(struct pf_kstate **state, struct pf_pdesc *pd,
|
||||
if (V_pf_status.debug >= PF_DEBUG_MISC) {
|
||||
printf("pf: loose state match: ");
|
||||
pf_print_state(*state);
|
||||
pf_print_flags(th->th_flags);
|
||||
pf_print_flags(tcp_get_flags(th));
|
||||
printf(" seq=%u (%u) ack=%u len=%u ackskew=%d "
|
||||
"pkts=%llu:%llu dir=%s,%s\n", seq, orig_seq, ack,
|
||||
pd->p_len, ackskew, (unsigned long long)(*state)->packets[0],
|
||||
@ -5929,10 +5929,10 @@ pf_tcp_track_full(struct pf_kstate **state, struct pf_pdesc *pd,
|
||||
* SYN and not an already established connection.
|
||||
*/
|
||||
|
||||
if (th->th_flags & TH_FIN)
|
||||
if (tcp_get_flags(th) & TH_FIN)
|
||||
if (src->state < TCPS_CLOSING)
|
||||
pf_set_protostate(*state, psrc, TCPS_CLOSING);
|
||||
if (th->th_flags & TH_RST)
|
||||
if (tcp_get_flags(th) & TH_RST)
|
||||
pf_set_protostate(*state, PF_PEER_BOTH, TCPS_TIME_WAIT);
|
||||
|
||||
/* Fall through to PASS packet */
|
||||
@ -5941,7 +5941,7 @@ pf_tcp_track_full(struct pf_kstate **state, struct pf_pdesc *pd,
|
||||
if ((*state)->dst.state == TCPS_SYN_SENT &&
|
||||
(*state)->src.state == TCPS_SYN_SENT) {
|
||||
/* Send RST for state mismatches during handshake */
|
||||
if (!(th->th_flags & TH_RST))
|
||||
if (!(tcp_get_flags(th) & TH_RST))
|
||||
pf_send_tcp((*state)->rule, pd->af,
|
||||
pd->dst, pd->src, th->th_dport,
|
||||
th->th_sport, ntohl(th->th_ack), 0,
|
||||
@ -5954,7 +5954,7 @@ pf_tcp_track_full(struct pf_kstate **state, struct pf_pdesc *pd,
|
||||
} else if (V_pf_status.debug >= PF_DEBUG_MISC) {
|
||||
printf("pf: BAD state: ");
|
||||
pf_print_state(*state);
|
||||
pf_print_flags(th->th_flags);
|
||||
pf_print_flags(tcp_get_flags(th));
|
||||
printf(" seq=%u (%u) ack=%u len=%u ackskew=%d "
|
||||
"pkts=%llu:%llu dir=%s,%s\n",
|
||||
seq, orig_seq, ack, pd->p_len, ackskew,
|
||||
@ -5997,13 +5997,13 @@ pf_tcp_track_sloppy(struct pf_kstate **state, struct pf_pdesc *pd, u_short *reas
|
||||
pdst = PF_PEER_SRC;
|
||||
}
|
||||
|
||||
if (th->th_flags & TH_SYN)
|
||||
if (tcp_get_flags(th) & TH_SYN)
|
||||
if (src->state < TCPS_SYN_SENT)
|
||||
pf_set_protostate(*state, psrc, TCPS_SYN_SENT);
|
||||
if (th->th_flags & TH_FIN)
|
||||
if (tcp_get_flags(th) & TH_FIN)
|
||||
if (src->state < TCPS_CLOSING)
|
||||
pf_set_protostate(*state, psrc, TCPS_CLOSING);
|
||||
if (th->th_flags & TH_ACK) {
|
||||
if (tcp_get_flags(th) & TH_ACK) {
|
||||
if (dst->state == TCPS_SYN_SENT) {
|
||||
pf_set_protostate(*state, pdst, TCPS_ESTABLISHED);
|
||||
if (src->state == TCPS_ESTABLISHED &&
|
||||
@ -6041,7 +6041,7 @@ pf_tcp_track_sloppy(struct pf_kstate **state, struct pf_pdesc *pd, u_short *reas
|
||||
pf_set_protostate(*state, pdst, TCPS_CLOSING);
|
||||
}
|
||||
}
|
||||
if (th->th_flags & TH_RST)
|
||||
if (tcp_get_flags(th) & TH_RST)
|
||||
pf_set_protostate(*state, PF_PEER_BOTH, TCPS_TIME_WAIT);
|
||||
|
||||
/* update expire time */
|
||||
@ -6075,7 +6075,7 @@ pf_synproxy(struct pf_pdesc *pd, struct pf_kstate **state, u_short *reason)
|
||||
REASON_SET(reason, PFRES_SYNPROXY);
|
||||
return (PF_SYNPROXY_DROP);
|
||||
}
|
||||
if (th->th_flags & TH_SYN) {
|
||||
if (tcp_get_flags(th) & TH_SYN) {
|
||||
if (ntohl(th->th_seq) != (*state)->src.seqlo) {
|
||||
REASON_SET(reason, PFRES_SYNPROXY);
|
||||
return (PF_DROP);
|
||||
@ -6087,7 +6087,7 @@ pf_synproxy(struct pf_pdesc *pd, struct pf_kstate **state, u_short *reason)
|
||||
M_SKIP_FIREWALL, 0, 0, (*state)->act.rtableid);
|
||||
REASON_SET(reason, PFRES_SYNPROXY);
|
||||
return (PF_SYNPROXY_DROP);
|
||||
} else if ((th->th_flags & (TH_ACK|TH_RST|TH_FIN)) != TH_ACK ||
|
||||
} else if ((tcp_get_flags(th) & (TH_ACK|TH_RST|TH_FIN)) != TH_ACK ||
|
||||
(ntohl(th->th_ack) != (*state)->src.seqhi + 1) ||
|
||||
(ntohl(th->th_seq) != (*state)->src.seqlo + 1)) {
|
||||
REASON_SET(reason, PFRES_SYNPROXY);
|
||||
@ -6102,7 +6102,7 @@ pf_synproxy(struct pf_pdesc *pd, struct pf_kstate **state, u_short *reason)
|
||||
}
|
||||
if ((*state)->src.state == PF_TCPS_PROXY_DST) {
|
||||
if (pd->dir == (*state)->direction) {
|
||||
if (((th->th_flags & (TH_SYN|TH_ACK)) != TH_ACK) ||
|
||||
if (((tcp_get_flags(th) & (TH_SYN|TH_ACK)) != TH_ACK) ||
|
||||
(ntohl(th->th_ack) != (*state)->src.seqhi + 1) ||
|
||||
(ntohl(th->th_seq) != (*state)->src.seqlo + 1)) {
|
||||
REASON_SET(reason, PFRES_SYNPROXY);
|
||||
@ -6120,7 +6120,7 @@ pf_synproxy(struct pf_pdesc *pd, struct pf_kstate **state, u_short *reason)
|
||||
(*state)->tag, 0, (*state)->act.rtableid);
|
||||
REASON_SET(reason, PFRES_SYNPROXY);
|
||||
return (PF_SYNPROXY_DROP);
|
||||
} else if (((th->th_flags & (TH_SYN|TH_ACK)) !=
|
||||
} else if (((tcp_get_flags(th) & (TH_SYN|TH_ACK)) !=
|
||||
(TH_SYN|TH_ACK)) ||
|
||||
(ntohl(th->th_ack) != (*state)->dst.seqhi + 1)) {
|
||||
REASON_SET(reason, PFRES_SYNPROXY);
|
||||
@ -6198,13 +6198,13 @@ pf_test_state_tcp(struct pf_kstate **state, struct pf_pdesc *pd,
|
||||
|
||||
if (dst->state >= TCPS_FIN_WAIT_2 &&
|
||||
src->state >= TCPS_FIN_WAIT_2 &&
|
||||
(((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) ||
|
||||
((th->th_flags & (TH_SYN|TH_ACK|TH_RST)) == TH_ACK &&
|
||||
(((tcp_get_flags(th) & (TH_SYN|TH_ACK)) == TH_SYN) ||
|
||||
((tcp_get_flags(th) & (TH_SYN|TH_ACK|TH_RST)) == TH_ACK &&
|
||||
pf_syncookie_check(pd) && pd->dir == PF_IN))) {
|
||||
if (V_pf_status.debug >= PF_DEBUG_MISC) {
|
||||
printf("pf: state reuse ");
|
||||
pf_print_state(*state);
|
||||
pf_print_flags(th->th_flags);
|
||||
pf_print_flags(tcp_get_flags(th));
|
||||
printf("\n");
|
||||
}
|
||||
/* XXX make sure it's the same direction ?? */
|
||||
@ -9166,14 +9166,14 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0
|
||||
|
||||
case IPPROTO_TCP: {
|
||||
/* Respond to SYN with a syncookie. */
|
||||
if ((pd.hdr.tcp.th_flags & (TH_SYN|TH_ACK|TH_RST)) == TH_SYN &&
|
||||
if ((tcp_get_flags(&pd.hdr.tcp) & (TH_SYN|TH_ACK|TH_RST)) == TH_SYN &&
|
||||
pd.dir == PF_IN && pf_synflood_check(&pd)) {
|
||||
pf_syncookie_send(&pd);
|
||||
action = PF_DROP;
|
||||
break;
|
||||
}
|
||||
|
||||
if ((pd.hdr.tcp.th_flags & TH_ACK) && pd.p_len == 0)
|
||||
if ((tcp_get_flags(&pd.hdr.tcp) & TH_ACK) && pd.p_len == 0)
|
||||
use_2nd_queue = 1;
|
||||
action = pf_normalize_tcp(&pd);
|
||||
if (action == PF_DROP)
|
||||
@ -9187,7 +9187,7 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0
|
||||
} else if (s == NULL) {
|
||||
/* Validate remote SYN|ACK, re-create original SYN if
|
||||
* valid. */
|
||||
if ((pd.hdr.tcp.th_flags & (TH_SYN|TH_ACK|TH_RST)) ==
|
||||
if ((tcp_get_flags(&pd.hdr.tcp) & (TH_SYN|TH_ACK|TH_RST)) ==
|
||||
TH_ACK && pf_syncookie_validate(&pd) &&
|
||||
pd.dir == PF_IN) {
|
||||
struct mbuf *msyn;
|
||||
|
||||
@ -1460,7 +1460,7 @@ pf_normalize_tcp_init(struct pf_pdesc *pd, struct tcphdr *th,
|
||||
* All normalizations below are only begun if we see the start of
|
||||
* the connections. They must all set an enabled bit in pfss_flags
|
||||
*/
|
||||
if ((th->th_flags & TH_SYN) == 0)
|
||||
if ((tcp_get_flags(th) & TH_SYN) == 0)
|
||||
return (0);
|
||||
|
||||
if (th->th_off > (sizeof(struct tcphdr) >> 2) && src->scrub &&
|
||||
@ -1811,7 +1811,7 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd,
|
||||
dst->scrub->pfss_tsecr, dst->scrub->pfss_tsval0));
|
||||
if (V_pf_status.debug >= PF_DEBUG_MISC) {
|
||||
pf_print_state(state);
|
||||
pf_print_flags(th->th_flags);
|
||||
pf_print_flags(tcp_get_flags(th));
|
||||
printf("\n");
|
||||
}
|
||||
REASON_SET(reason, PFRES_TS);
|
||||
@ -1820,9 +1820,9 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd,
|
||||
|
||||
/* XXX I'd really like to require tsecr but it's optional */
|
||||
|
||||
} else if (!got_ts && (th->th_flags & TH_RST) == 0 &&
|
||||
} else if (!got_ts && (tcp_get_flags(th) & TH_RST) == 0 &&
|
||||
((src->state == TCPS_ESTABLISHED && dst->state == TCPS_ESTABLISHED)
|
||||
|| pd->p_len > 0 || (th->th_flags & TH_SYN)) &&
|
||||
|| pd->p_len > 0 || (tcp_get_flags(th) & TH_SYN)) &&
|
||||
src->scrub && dst->scrub &&
|
||||
(src->scrub->pfss_flags & PFSS_PAWS) &&
|
||||
(dst->scrub->pfss_flags & PFSS_PAWS)) {
|
||||
@ -1861,7 +1861,7 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd,
|
||||
DPFPRINTF(("Did not receive expected RFC1323 "
|
||||
"timestamp\n"));
|
||||
pf_print_state(state);
|
||||
pf_print_flags(th->th_flags);
|
||||
pf_print_flags(tcp_get_flags(th));
|
||||
printf("\n");
|
||||
}
|
||||
REASON_SET(reason, PFRES_TS);
|
||||
@ -1890,7 +1890,7 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd,
|
||||
"timestamp data packet. Disabled PAWS "
|
||||
"security.\n"));
|
||||
pf_print_state(state);
|
||||
pf_print_flags(th->th_flags);
|
||||
pf_print_flags(tcp_get_flags(th));
|
||||
printf("\n");
|
||||
}
|
||||
}
|
||||
|
||||
@ -103,7 +103,7 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st
|
||||
char srcname[INET_ADDRSTRLEN];
|
||||
#endif
|
||||
|
||||
if ((tcp->th_flags & (TH_SYN|TH_ACK)) != TH_SYN)
|
||||
if ((tcp_get_flags(tcp) & (TH_SYN|TH_ACK)) != TH_SYN)
|
||||
return (NULL);
|
||||
if (ip) {
|
||||
if ((ip->ip_off & htons(IP_OFFMASK)) != 0)
|
||||
|
||||
@ -371,14 +371,14 @@ FilterCheck(const unsigned char *packet,
|
||||
}
|
||||
sport = ntohs(th->th_sport);
|
||||
dport = ntohs(th->th_dport);
|
||||
estab = (th->th_flags & TH_ACK);
|
||||
syn = (th->th_flags & TH_SYN);
|
||||
finrst = (th->th_flags & (TH_FIN|TH_RST));
|
||||
estab = __tcp_get_flags(th) & TH_ACK;
|
||||
syn = __tcp_get_flags(th) & TH_SYN;
|
||||
finrst = __tcp_get_flags(th) & (TH_FIN|TH_RST);
|
||||
if (log_IsKept(LogDEBUG)) {
|
||||
if (!estab)
|
||||
snprintf(dbuff, sizeof dbuff,
|
||||
"flags = %02x, sport = %d, dport = %d",
|
||||
th->th_flags, sport, dport);
|
||||
"flags = %03x, sport = %d, dport = %d",
|
||||
__tcp_get_flags(th), sport, dport);
|
||||
else
|
||||
*dbuff = '\0';
|
||||
}
|
||||
@ -831,7 +831,7 @@ PacketCheck(struct bundle *bundle, u_int32_t family,
|
||||
loglen += strlen(logbuf + loglen);
|
||||
n = 0;
|
||||
for (mask = TH_FIN; mask != 0x40; mask <<= 1) {
|
||||
if (th->th_flags & mask) {
|
||||
if (__tcp_get_flags(th) & mask) {
|
||||
snprintf(logbuf + loglen, sizeof logbuf - loglen, " %s", TcpFlags[n]);
|
||||
loglen += strlen(logbuf + loglen);
|
||||
}
|
||||
@ -841,7 +841,7 @@ PacketCheck(struct bundle *bundle, u_int32_t family,
|
||||
" seq:%lx ack:%lx (%d/%d)",
|
||||
(u_long)ntohl(th->th_seq), (u_long)ntohl(th->th_ack), len, nb);
|
||||
loglen += strlen(logbuf + loglen);
|
||||
if ((th->th_flags & TH_SYN) && nb > 40) {
|
||||
if ((__tcp_get_flags(th) & TH_SYN) && nb > 40) {
|
||||
const u_short *sp;
|
||||
|
||||
sp = (const u_short *)(payload + 20);
|
||||
|
||||
@ -179,8 +179,8 @@ sl_compress_tcp(struct mbuf * m,
|
||||
return (TYPE_IP);
|
||||
}
|
||||
th = (struct tcphdr *) & ((int *) ip)[hlen];
|
||||
if ((th->th_flags & (TH_SYN | TH_FIN | TH_RST | TH_ACK)) != TH_ACK) {
|
||||
log_Printf(LogDEBUG, "??? 2 th_flags = %x\n", th->th_flags);
|
||||
if ((__tcp_get_flags(th) & (TH_SYN | TH_FIN | TH_RST | TH_ACK)) != TH_ACK) {
|
||||
log_Printf(LogDEBUG, "??? 2 th_flags = %x\n", __tcp_get_flags(th));
|
||||
log_DumpBp(LogDEBUG, "", m);
|
||||
return (TYPE_IP);
|
||||
}
|
||||
@ -283,7 +283,7 @@ found:
|
||||
* changes in the order: urgent, window, ack, seq (the order minimizes the
|
||||
* number of temporaries needed in this section of code).
|
||||
*/
|
||||
if (th->th_flags & TH_URG) {
|
||||
if (__tcp_get_flags(th) & TH_URG) {
|
||||
deltaS = ntohs(th->th_urp);
|
||||
ENCODEZ(deltaS);
|
||||
changes |= NEW_U;
|
||||
@ -366,7 +366,7 @@ found:
|
||||
ENCODEZ(deltaS);
|
||||
changes |= NEW_I;
|
||||
}
|
||||
if (th->th_flags & TH_PUSH)
|
||||
if (__tcp_get_flags(th) & TH_PUSH)
|
||||
changes |= TCP_PUSH_BIT;
|
||||
|
||||
/*
|
||||
@ -501,9 +501,9 @@ sl_uncompress_tcp(u_char ** bufp, int len, u_int type, struct slcompress *comp,
|
||||
th->th_sum = htons((*cp << 8) | cp[1]);
|
||||
cp += 2;
|
||||
if (changes & TCP_PUSH_BIT)
|
||||
th->th_flags |= TH_PUSH;
|
||||
__tcp_set_flags(th, __tcp_get_flags(th) | TH_PUSH);
|
||||
else
|
||||
th->th_flags &= ~TH_PUSH;
|
||||
__tcp_set_flags(th, __tcp_get_flags(th) & ~TH_PUSH);
|
||||
|
||||
switch (changes & SPECIALS_MASK) {
|
||||
case SPECIAL_I:
|
||||
@ -522,10 +522,10 @@ sl_uncompress_tcp(u_char ** bufp, int len, u_int type, struct slcompress *comp,
|
||||
|
||||
default:
|
||||
if (changes & NEW_U) {
|
||||
th->th_flags |= TH_URG;
|
||||
__tcp_set_flags(th, __tcp_get_flags(th) | TH_URG);
|
||||
DECODEU(th->th_urp)
|
||||
} else
|
||||
th->th_flags &= ~TH_URG;
|
||||
__tcp_set_flags(th, __tcp_get_flags(th) & ~TH_URG);
|
||||
if (changes & NEW_W)
|
||||
DECODES(th->th_win)
|
||||
if (changes & NEW_A)
|
||||
|
||||
@ -115,7 +115,7 @@ MSSFixup(struct tcphdr *tc, size_t pktlen, u_int16_t maxmss)
|
||||
return;
|
||||
|
||||
/* MSS option only allowed within SYN packets. */
|
||||
if (!(tc->th_flags & TH_SYN))
|
||||
if (!(__tcp_get_flags(tc) & TH_SYN))
|
||||
return;
|
||||
|
||||
for (olen = hlen - sizeof(struct tcphdr), opt = (u_char *)(tc + 1);
|
||||
|
||||
@ -1497,7 +1497,7 @@ tcp_prep(struct outdata *outdata)
|
||||
tcp->th_seq = (tcp->th_sport << 16) | tcp->th_dport;
|
||||
tcp->th_ack = 0;
|
||||
tcp->th_off = 5;
|
||||
tcp->th_flags = TH_SYN;
|
||||
__tcp_set_flags(tcp, TH_SYN);
|
||||
tcp->th_sum = 0;
|
||||
|
||||
if (doipcksum)
|
||||
|
||||
@ -1213,7 +1213,7 @@ send_probe(int seq, u_long hops)
|
||||
tcp->th_seq = (tcp->th_sport << 16) | tcp->th_dport;
|
||||
tcp->th_ack = 0;
|
||||
tcp->th_off = 5;
|
||||
tcp->th_flags = TH_SYN;
|
||||
__tcp_set_flags(tcp, TH_SYN);
|
||||
tcp->th_sum = 0;
|
||||
tcp->th_sum = tcp_chksum(&Src, &Dst, outpacket, datalen);
|
||||
break;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user