git: a8b70cf26030 - main - netpfil: Use accessor functions and named constants for all tcphdr flags
Date: Wed, 27 Dec 2023 01:43:22 UTC
The branch main has been updated by rscheff: URL: https://cgit.FreeBSD.org/src/commit/?id=a8b70cf26030d68631200619bd1b0ad35b34b6b8 commit a8b70cf26030d68631200619bd1b0ad35b34b6b8 Author: Richard Scheffenegger <rscheff@FreeBSD.org> AuthorDate: 2023-12-25 11:26:25 +0000 Commit: Richard Scheffenegger <rscheff@FreeBSD.org> CommitDate: 2023-12-25 12:18:01 +0000 netpfil: Use accessor functions and named constants for all tcphdr flags Update all remaining references to the struct tcphdr th_x2 field. This completes the compatibilty of various aspects with AccECN (TH_AE), after the internal ipfw "re-checksum required" was moved to use the TH_RES1 flag. No functional change. Reviewed By: tuexen, #transport, glebius Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D43172 --- sys/dev/xen/netback/netback_unit_tests.c | 4 ++-- sys/netgraph/ng_nat.c | 10 +++++----- sys/netinet/tcp.h | 13 +++++++++++++ sys/netinet/tcp_var.h | 12 ------------ sys/netpfil/ipfilter/netinet/ip_compat.h | 6 ------ sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c | 7 +++---- sys/netpfil/pf/pf_norm.c | 11 ++++++----- 7 files changed, 29 insertions(+), 34 deletions(-) diff --git a/sys/dev/xen/netback/netback_unit_tests.c b/sys/dev/xen/netback/netback_unit_tests.c index e5a000c872d8..af88d5ced498 100644 --- a/sys/dev/xen/netback/netback_unit_tests.c +++ b/sys/dev/xen/netback/netback_unit_tests.c @@ -35,6 +35,7 @@ */ #include <sys/cdefs.h> +#include <netinet/tcp.h> /** * \file netback_unit_tests.c * @@ -2311,9 +2312,8 @@ xnb_fill_tcp(struct mbuf *m) tcp->th_dport = htons(2222); tcp->th_seq = htonl(0x00f72b10); tcp->th_ack = htonl(0x7f37ba6c); - tcp->th_x2 = 0; + tcp_set_flags(tcp, TH_ACK | TH_PUSH); tcp->th_off = 8; - tcp->th_flags = 0x18; tcp->th_win = htons(0x410); /* th_sum is incorrect; will be inserted by function under test */ tcp->th_sum = htons(0xbaad); diff --git a/sys/netgraph/ng_nat.c b/sys/netgraph/ng_nat.c index ae083608a199..d7492b71e07c 100644 --- a/sys/netgraph/ng_nat.c +++ b/sys/netgraph/ng_nat.c @@ -862,9 +862,9 @@ ng_nat_rcvdata(hook_p hook, item_p item ) * doesn't have any idea about checksum offloading * in kernel. To workaround this, we do not do * checksumming in LibAlias, but only mark the - * packets in th_x2 field. If we receive a marked - * packet, we calculate correct checksum for it - * aware of offloading. + * packets with TH_RES1 in the th_x2 field. If we + * receive a marked packet, we calculate correct + * checksum for it aware of offloading. * * Why do I do such a terrible hack instead of * recalculating checksum for each packet? @@ -875,10 +875,10 @@ ng_nat_rcvdata(hook_p hook, item_p item ) * has this problem, too. */ - if (th->th_x2) { + if (tcp_get_flags(th) & TH_RES1) { uint16_t ip_len = ntohs(ip->ip_len); - th->th_x2 = 0; + tcp_set_flags(th, tcp_get_flags(th) & ~TH_RES1); th->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, htons(IPPROTO_TCP + ip_len - (ip->ip_hl << 2))); diff --git a/sys/netinet/tcp.h b/sys/netinet/tcp.h index 44f8a67a1e64..209b89c9a427 100644 --- a/sys/netinet/tcp.h +++ b/sys/netinet/tcp.h @@ -79,6 +79,19 @@ struct tcphdr { u_short th_urp; /* urgent pointer */ }; +static inline uint16_t +tcp_get_flags(const struct tcphdr *th) +{ + return (((uint16_t)th->th_x2 << 8) | th->th_flags); +} + +static inline void +tcp_set_flags(struct tcphdr *th, uint16_t flags) +{ + th->th_x2 = (flags >> 8) & 0x0f; + th->th_flags = flags & 0xff; +} + #define PADTCPOLEN(len) ((((len) / 4) + !!((len) % 4)) * 4) #define TCPOPT_EOL 0 diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index af441b4fc7d7..c2b15526c15b 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -1578,16 +1578,4 @@ tcp_fields_to_net(struct tcphdr *th) } #endif /* _KERNEL */ -static inline uint16_t -tcp_get_flags(const struct tcphdr *th) -{ - return (((uint16_t)th->th_x2 << 8) | th->th_flags); -} - -static inline void -tcp_set_flags(struct tcphdr *th, uint16_t flags) -{ - th->th_x2 = (flags >> 8) & 0x0f; - th->th_flags = flags & 0xff; -} #endif /* _NETINET_TCP_VAR_H_ */ diff --git a/sys/netpfil/ipfilter/netinet/ip_compat.h b/sys/netpfil/ipfilter/netinet/ip_compat.h index 08ce4b572d43..c73af315b132 100644 --- a/sys/netpfil/ipfilter/netinet/ip_compat.h +++ b/sys/netpfil/ipfilter/netinet/ip_compat.h @@ -687,12 +687,6 @@ typedef struct tcpiphdr tcpiphdr_t; #ifndef IP_HL_A # define IP_HL_A(x,y) (x)->ip_hl = ((y) & 0xf) #endif -#ifndef TCP_X2 -# define TCP_X2(x) (x)->th_x2 -#endif -#ifndef TCP_X2_A -# define TCP_X2_A(x,y) (x)->th_x2 = (y) -#endif #ifndef TCP_OFF # define TCP_OFF(x) (x)->th_off #endif diff --git a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c index 139aff9b1c73..1922880e90df 100644 --- a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c +++ b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c @@ -379,18 +379,17 @@ ipf_send_reset(fr_info_t *fin) tcp2->th_sport = tcp->th_dport; tcp2->th_dport = tcp->th_sport; - if (tcp->th_flags & TH_ACK) { + if (tcp_get_flags(tcp) & TH_ACK) { tcp2->th_seq = tcp->th_ack; - tcp2->th_flags = TH_RST; + tcp_set_flags(tcp2, TH_RST); tcp2->th_ack = 0; } else { tcp2->th_seq = 0; tcp2->th_ack = ntohl(tcp->th_seq); tcp2->th_ack += tlen; tcp2->th_ack = htonl(tcp2->th_ack); - tcp2->th_flags = TH_RST|TH_ACK; + tcp_set_flags(tcp2, TH_RST|TH_ACK); } - TCP_X2_A(tcp2, 0); TCP_OFF_A(tcp2, sizeof(*tcp2) >> 2); tcp2->th_win = tcp->th_win; tcp2->th_sum = 0; diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index a92462c53f15..a119d85f806e 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -1376,7 +1376,7 @@ pf_normalize_tcp(struct pfi_kkif *kif, struct mbuf *m, int ipoff, struct tcphdr *th = &pd->hdr.tcp; int rewrite = 0; u_short reason; - u_int8_t flags; + u_int16_t flags; sa_family_t af = pd->af; int srs; @@ -1434,7 +1434,7 @@ pf_normalize_tcp(struct pfi_kkif *kif, struct mbuf *m, int ipoff, if (rm && rm->rule_flag & PFRULE_REASSEMBLE_TCP) pd->flags |= PFDESC_TCP_NORM; - flags = th->th_flags; + flags = tcp_get_flags(th); if (flags & TH_SYN) { /* Illegal packet */ if (flags & TH_RST) @@ -1459,12 +1459,13 @@ pf_normalize_tcp(struct pfi_kkif *kif, struct mbuf *m, int ipoff, goto tcp_drop; /* If flags changed, or reserved data set, then adjust */ - if (flags != th->th_flags || th->th_x2 != 0) { + if (flags != tcp_get_flags(th) || + (tcp_get_flags(th) & (TH_RES1|TH_RES2|TH_RES2)) != 0) { u_int16_t ov, nv; ov = *(u_int16_t *)(&th->th_ack + 1); - th->th_flags = flags; - th->th_x2 = 0; + flags &= ~(TH_RES1 | TH_RES2 | TH_RES3); + tcp_set_flags(th, flags); nv = *(u_int16_t *)(&th->th_ack + 1); th->th_sum = pf_proto_cksum_fixup(m, th->th_sum, ov, nv, 0);