git: a8b70cf26030 - main - netpfil: Use accessor functions and named constants for all tcphdr flags

From: Richard Scheffenegger <rscheff_at_FreeBSD.org>
Date: Wed, 27 Dec 2023 01:43:22 UTC
The branch main has been updated by rscheff:

URL: https://cgit.FreeBSD.org/src/commit/?id=a8b70cf26030d68631200619bd1b0ad35b34b6b8

commit a8b70cf26030d68631200619bd1b0ad35b34b6b8
Author:     Richard Scheffenegger <rscheff@FreeBSD.org>
AuthorDate: 2023-12-25 11:26:25 +0000
Commit:     Richard Scheffenegger <rscheff@FreeBSD.org>
CommitDate: 2023-12-25 12:18:01 +0000

    netpfil: Use accessor functions and named constants for all tcphdr flags
    
    Update all remaining references to the struct tcphdr th_x2 field.
    This completes the compatibilty of various aspects with AccECN
    (TH_AE), after the internal ipfw "re-checksum required" was moved
    to use the TH_RES1 flag.
    
    No functional change.
    
    Reviewed By:           tuexen, #transport, glebius
    Sponsored by:          NetApp, Inc.
    Differential Revision: https://reviews.freebsd.org/D43172
---
 sys/dev/xen/netback/netback_unit_tests.c      |  4 ++--
 sys/netgraph/ng_nat.c                         | 10 +++++-----
 sys/netinet/tcp.h                             | 13 +++++++++++++
 sys/netinet/tcp_var.h                         | 12 ------------
 sys/netpfil/ipfilter/netinet/ip_compat.h      |  6 ------
 sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c |  7 +++----
 sys/netpfil/pf/pf_norm.c                      | 11 ++++++-----
 7 files changed, 29 insertions(+), 34 deletions(-)

diff --git a/sys/dev/xen/netback/netback_unit_tests.c b/sys/dev/xen/netback/netback_unit_tests.c
index e5a000c872d8..af88d5ced498 100644
--- a/sys/dev/xen/netback/netback_unit_tests.c
+++ b/sys/dev/xen/netback/netback_unit_tests.c
@@ -35,6 +35,7 @@
  */
 
 #include <sys/cdefs.h>
+#include <netinet/tcp.h>
 /**
  * \file netback_unit_tests.c
  *
@@ -2311,9 +2312,8 @@ xnb_fill_tcp(struct mbuf *m)
 	tcp->th_dport = htons(2222);
 	tcp->th_seq = htonl(0x00f72b10);
 	tcp->th_ack = htonl(0x7f37ba6c);
-	tcp->th_x2 = 0;
+	tcp_set_flags(tcp, TH_ACK | TH_PUSH);
 	tcp->th_off = 8;
-	tcp->th_flags = 0x18;
 	tcp->th_win = htons(0x410);
 	/* th_sum is incorrect; will be inserted by function under test */
 	tcp->th_sum = htons(0xbaad);
diff --git a/sys/netgraph/ng_nat.c b/sys/netgraph/ng_nat.c
index ae083608a199..d7492b71e07c 100644
--- a/sys/netgraph/ng_nat.c
+++ b/sys/netgraph/ng_nat.c
@@ -862,9 +862,9 @@ ng_nat_rcvdata(hook_p hook, item_p item )
 		 * doesn't have any idea about checksum offloading
 		 * in kernel. To workaround this, we do not do
 		 * checksumming in LibAlias, but only mark the
-		 * packets in th_x2 field. If we receive a marked
-		 * packet, we calculate correct checksum for it
-		 * aware of offloading.
+		 * packets with TH_RES1 in the th_x2 field. If we
+		 * receive a marked packet, we calculate correct
+		 * checksum for it aware of offloading.
 		 *
 		 * Why do I do such a terrible hack instead of
 		 * recalculating checksum for each packet?
@@ -875,10 +875,10 @@ ng_nat_rcvdata(hook_p hook, item_p item )
 		 * has this problem, too.
 		 */
 
-		if (th->th_x2) {
+		if (tcp_get_flags(th) & TH_RES1) {
 			uint16_t ip_len = ntohs(ip->ip_len);
 
-			th->th_x2 = 0;
+			tcp_set_flags(th, tcp_get_flags(th) & ~TH_RES1);
 			th->th_sum = in_pseudo(ip->ip_src.s_addr,
 			    ip->ip_dst.s_addr, htons(IPPROTO_TCP +
 			    ip_len - (ip->ip_hl << 2)));
diff --git a/sys/netinet/tcp.h b/sys/netinet/tcp.h
index 44f8a67a1e64..209b89c9a427 100644
--- a/sys/netinet/tcp.h
+++ b/sys/netinet/tcp.h
@@ -79,6 +79,19 @@ struct tcphdr {
 	u_short	th_urp;			/* urgent pointer */
 };
 
+static inline uint16_t
+tcp_get_flags(const struct tcphdr *th)
+{
+        return (((uint16_t)th->th_x2 << 8) | th->th_flags);
+}
+
+static inline void
+tcp_set_flags(struct tcphdr *th, uint16_t flags)
+{
+        th->th_x2    = (flags >> 8) & 0x0f;
+        th->th_flags = flags & 0xff;
+}
+
 #define	PADTCPOLEN(len)		((((len) / 4) + !!((len) % 4)) * 4)
 
 #define	TCPOPT_EOL		0
diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h
index af441b4fc7d7..c2b15526c15b 100644
--- a/sys/netinet/tcp_var.h
+++ b/sys/netinet/tcp_var.h
@@ -1578,16 +1578,4 @@ tcp_fields_to_net(struct tcphdr *th)
 }
 #endif /* _KERNEL */
 
-static inline uint16_t
-tcp_get_flags(const struct tcphdr *th)
-{
-        return (((uint16_t)th->th_x2 << 8) | th->th_flags);
-}
-
-static inline void
-tcp_set_flags(struct tcphdr *th, uint16_t flags)
-{
-        th->th_x2    = (flags >> 8) & 0x0f;
-        th->th_flags = flags & 0xff;
-}
 #endif /* _NETINET_TCP_VAR_H_ */
diff --git a/sys/netpfil/ipfilter/netinet/ip_compat.h b/sys/netpfil/ipfilter/netinet/ip_compat.h
index 08ce4b572d43..c73af315b132 100644
--- a/sys/netpfil/ipfilter/netinet/ip_compat.h
+++ b/sys/netpfil/ipfilter/netinet/ip_compat.h
@@ -687,12 +687,6 @@ typedef	struct	tcpiphdr	tcpiphdr_t;
 #ifndef	IP_HL_A
 # define	IP_HL_A(x,y)	(x)->ip_hl = ((y) & 0xf)
 #endif
-#ifndef	TCP_X2
-# define	TCP_X2(x)	(x)->th_x2
-#endif
-#ifndef	TCP_X2_A
-# define	TCP_X2_A(x,y)	(x)->th_x2 = (y)
-#endif
 #ifndef	TCP_OFF
 # define	TCP_OFF(x)	(x)->th_off
 #endif
diff --git a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
index 139aff9b1c73..1922880e90df 100644
--- a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
+++ b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
@@ -379,18 +379,17 @@ ipf_send_reset(fr_info_t *fin)
 	tcp2->th_sport = tcp->th_dport;
 	tcp2->th_dport = tcp->th_sport;
 
-	if (tcp->th_flags & TH_ACK) {
+	if (tcp_get_flags(tcp) & TH_ACK) {
 		tcp2->th_seq = tcp->th_ack;
-		tcp2->th_flags = TH_RST;
+		tcp_set_flags(tcp2, TH_RST);
 		tcp2->th_ack = 0;
 	} else {
 		tcp2->th_seq = 0;
 		tcp2->th_ack = ntohl(tcp->th_seq);
 		tcp2->th_ack += tlen;
 		tcp2->th_ack = htonl(tcp2->th_ack);
-		tcp2->th_flags = TH_RST|TH_ACK;
+		tcp_set_flags(tcp2, TH_RST|TH_ACK);
 	}
-	TCP_X2_A(tcp2, 0);
 	TCP_OFF_A(tcp2, sizeof(*tcp2) >> 2);
 	tcp2->th_win = tcp->th_win;
 	tcp2->th_sum = 0;
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
index a92462c53f15..a119d85f806e 100644
--- a/sys/netpfil/pf/pf_norm.c
+++ b/sys/netpfil/pf/pf_norm.c
@@ -1376,7 +1376,7 @@ pf_normalize_tcp(struct pfi_kkif *kif, struct mbuf *m, int ipoff,
 	struct tcphdr	*th = &pd->hdr.tcp;
 	int		 rewrite = 0;
 	u_short		 reason;
-	u_int8_t	 flags;
+	u_int16_t	 flags;
 	sa_family_t	 af = pd->af;
 	int		 srs;
 
@@ -1434,7 +1434,7 @@ pf_normalize_tcp(struct pfi_kkif *kif, struct mbuf *m, int ipoff,
 	if (rm && rm->rule_flag & PFRULE_REASSEMBLE_TCP)
 		pd->flags |= PFDESC_TCP_NORM;
 
-	flags = th->th_flags;
+	flags = tcp_get_flags(th);
 	if (flags & TH_SYN) {
 		/* Illegal packet */
 		if (flags & TH_RST)
@@ -1459,12 +1459,13 @@ pf_normalize_tcp(struct pfi_kkif *kif, struct mbuf *m, int ipoff,
 		goto tcp_drop;
 
 	/* If flags changed, or reserved data set, then adjust */
-	if (flags != th->th_flags || th->th_x2 != 0) {
+	if (flags != tcp_get_flags(th) ||
+	    (tcp_get_flags(th) & (TH_RES1|TH_RES2|TH_RES2)) != 0) {
 		u_int16_t	ov, nv;
 
 		ov = *(u_int16_t *)(&th->th_ack + 1);
-		th->th_flags = flags;
-		th->th_x2 = 0;
+		flags &= ~(TH_RES1 | TH_RES2 | TH_RES3);
+		tcp_set_flags(th, flags);
 		nv = *(u_int16_t *)(&th->th_ack + 1);
 
 		th->th_sum = pf_proto_cksum_fixup(m, th->th_sum, ov, nv, 0);