aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/net/tcp.h24
-rw-r--r--net/ipv4/tcp.c8
-rw-r--r--net/ipv4/tcp_input.c2
-rw-r--r--net/ipv4/tcp_output.c59
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c32
-rw-r--r--net/netfilter/xt_TCPMSS.c4
6 files changed, 58 insertions, 71 deletions
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 573166484413..9e68e25c8b82 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -602,6 +602,17 @@ extern u32 __tcp_select_window(struct sock *sk);
602 */ 602 */
603#define tcp_time_stamp ((__u32)(jiffies)) 603#define tcp_time_stamp ((__u32)(jiffies))
604 604
605#define tcp_flag_byte(th) (((u_int8_t *)th)[13])
606
607#define TCPHDR_FIN 0x01
608#define TCPHDR_SYN 0x02
609#define TCPHDR_RST 0x04
610#define TCPHDR_PSH 0x08
611#define TCPHDR_ACK 0x10
612#define TCPHDR_URG 0x20
613#define TCPHDR_ECE 0x40
614#define TCPHDR_CWR 0x80
615
605/* This is what the send packet queuing engine uses to pass 616/* This is what the send packet queuing engine uses to pass
606 * TCP per-packet control information to the transmission 617 * TCP per-packet control information to the transmission
607 * code. We also store the host-order sequence numbers in 618 * code. We also store the host-order sequence numbers in
@@ -620,19 +631,6 @@ struct tcp_skb_cb {
620 __u32 end_seq; /* SEQ + FIN + SYN + datalen */ 631 __u32 end_seq; /* SEQ + FIN + SYN + datalen */
621 __u32 when; /* used to compute rtt's */ 632 __u32 when; /* used to compute rtt's */
622 __u8 flags; /* TCP header flags. */ 633 __u8 flags; /* TCP header flags. */
623
624 /* NOTE: These must match up to the flags byte in a
625 * real TCP header.
626 */
627#define TCPCB_FLAG_FIN 0x01
628#define TCPCB_FLAG_SYN 0x02
629#define TCPCB_FLAG_RST 0x04
630#define TCPCB_FLAG_PSH 0x08
631#define TCPCB_FLAG_ACK 0x10
632#define TCPCB_FLAG_URG 0x20
633#define TCPCB_FLAG_ECE 0x40
634#define TCPCB_FLAG_CWR 0x80
635
636 __u8 sacked; /* State flags for SACK/FACK. */ 634 __u8 sacked; /* State flags for SACK/FACK. */
637#define TCPCB_SACKED_ACKED 0x01 /* SKB ACK'd by a SACK block */ 635#define TCPCB_SACKED_ACKED 0x01 /* SKB ACK'd by a SACK block */
638#define TCPCB_SACKED_RETRANS 0x02 /* SKB retransmitted */ 636#define TCPCB_SACKED_RETRANS 0x02 /* SKB retransmitted */
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 49d0d2b8900c..779d40c3b96e 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -511,7 +511,7 @@ int tcp_ioctl(struct sock *sk, int cmd, unsigned long arg)
511 511
512static inline void tcp_mark_push(struct tcp_sock *tp, struct sk_buff *skb) 512static inline void tcp_mark_push(struct tcp_sock *tp, struct sk_buff *skb)
513{ 513{
514 TCP_SKB_CB(skb)->flags |= TCPCB_FLAG_PSH; 514 TCP_SKB_CB(skb)->flags |= TCPHDR_PSH;
515 tp->pushed_seq = tp->write_seq; 515 tp->pushed_seq = tp->write_seq;
516} 516}
517 517
@@ -527,7 +527,7 @@ static inline void skb_entail(struct sock *sk, struct sk_buff *skb)
527 527
528 skb->csum = 0; 528 skb->csum = 0;
529 tcb->seq = tcb->end_seq = tp->write_seq; 529 tcb->seq = tcb->end_seq = tp->write_seq;
530 tcb->flags = TCPCB_FLAG_ACK; 530 tcb->flags = TCPHDR_ACK;
531 tcb->sacked = 0; 531 tcb->sacked = 0;
532 skb_header_release(skb); 532 skb_header_release(skb);
533 tcp_add_write_queue_tail(sk, skb); 533 tcp_add_write_queue_tail(sk, skb);
@@ -815,7 +815,7 @@ new_segment:
815 skb_shinfo(skb)->gso_segs = 0; 815 skb_shinfo(skb)->gso_segs = 0;
816 816
817 if (!copied) 817 if (!copied)
818 TCP_SKB_CB(skb)->flags &= ~TCPCB_FLAG_PSH; 818 TCP_SKB_CB(skb)->flags &= ~TCPHDR_PSH;
819 819
820 copied += copy; 820 copied += copy;
821 poffset += copy; 821 poffset += copy;
@@ -1061,7 +1061,7 @@ new_segment:
1061 } 1061 }
1062 1062
1063 if (!copied) 1063 if (!copied)
1064 TCP_SKB_CB(skb)->flags &= ~TCPCB_FLAG_PSH; 1064 TCP_SKB_CB(skb)->flags &= ~TCPHDR_PSH;
1065 1065
1066 tp->write_seq += copy; 1066 tp->write_seq += copy;
1067 TCP_SKB_CB(skb)->end_seq += copy; 1067 TCP_SKB_CB(skb)->end_seq += copy;
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 548d575e6cc6..04334661fa28 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -3286,7 +3286,7 @@ static int tcp_clean_rtx_queue(struct sock *sk, int prior_fackets,
3286 * connection startup slow start one packet too 3286 * connection startup slow start one packet too
3287 * quickly. This is severely frowned upon behavior. 3287 * quickly. This is severely frowned upon behavior.
3288 */ 3288 */
3289 if (!(scb->flags & TCPCB_FLAG_SYN)) { 3289 if (!(scb->flags & TCPHDR_SYN)) {
3290 flag |= FLAG_DATA_ACKED; 3290 flag |= FLAG_DATA_ACKED;
3291 } else { 3291 } else {
3292 flag |= FLAG_SYN_ACKED; 3292 flag |= FLAG_SYN_ACKED;
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index b4ed957f201a..51d316dbb058 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -294,9 +294,9 @@ static u16 tcp_select_window(struct sock *sk)
294/* Packet ECN state for a SYN-ACK */ 294/* Packet ECN state for a SYN-ACK */
295static inline void TCP_ECN_send_synack(struct tcp_sock *tp, struct sk_buff *skb) 295static inline void TCP_ECN_send_synack(struct tcp_sock *tp, struct sk_buff *skb)
296{ 296{
297 TCP_SKB_CB(skb)->flags &= ~TCPCB_FLAG_CWR; 297 TCP_SKB_CB(skb)->flags &= ~TCPHDR_CWR;
298 if (!(tp->ecn_flags & TCP_ECN_OK)) 298 if (!(tp->ecn_flags & TCP_ECN_OK))
299 TCP_SKB_CB(skb)->flags &= ~TCPCB_FLAG_ECE; 299 TCP_SKB_CB(skb)->flags &= ~TCPHDR_ECE;
300} 300}
301 301
302/* Packet ECN state for a SYN. */ 302/* Packet ECN state for a SYN. */
@@ -306,7 +306,7 @@ static inline void TCP_ECN_send_syn(struct sock *sk, struct sk_buff *skb)
306 306
307 tp->ecn_flags = 0; 307 tp->ecn_flags = 0;
308 if (sysctl_tcp_ecn == 1) { 308 if (sysctl_tcp_ecn == 1) {
309 TCP_SKB_CB(skb)->flags |= TCPCB_FLAG_ECE | TCPCB_FLAG_CWR; 309 TCP_SKB_CB(skb)->flags |= TCPHDR_ECE | TCPHDR_CWR;
310 tp->ecn_flags = TCP_ECN_OK; 310 tp->ecn_flags = TCP_ECN_OK;
311 } 311 }
312} 312}
@@ -361,7 +361,7 @@ static void tcp_init_nondata_skb(struct sk_buff *skb, u32 seq, u8 flags)
361 skb_shinfo(skb)->gso_type = 0; 361 skb_shinfo(skb)->gso_type = 0;
362 362
363 TCP_SKB_CB(skb)->seq = seq; 363 TCP_SKB_CB(skb)->seq = seq;
364 if (flags & (TCPCB_FLAG_SYN | TCPCB_FLAG_FIN)) 364 if (flags & (TCPHDR_SYN | TCPHDR_FIN))
365 seq++; 365 seq++;
366 TCP_SKB_CB(skb)->end_seq = seq; 366 TCP_SKB_CB(skb)->end_seq = seq;
367} 367}
@@ -820,7 +820,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
820 tcb = TCP_SKB_CB(skb); 820 tcb = TCP_SKB_CB(skb);
821 memset(&opts, 0, sizeof(opts)); 821 memset(&opts, 0, sizeof(opts));
822 822
823 if (unlikely(tcb->flags & TCPCB_FLAG_SYN)) 823 if (unlikely(tcb->flags & TCPHDR_SYN))
824 tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5); 824 tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5);
825 else 825 else
826 tcp_options_size = tcp_established_options(sk, skb, &opts, 826 tcp_options_size = tcp_established_options(sk, skb, &opts,
@@ -843,7 +843,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
843 *(((__be16 *)th) + 6) = htons(((tcp_header_size >> 2) << 12) | 843 *(((__be16 *)th) + 6) = htons(((tcp_header_size >> 2) << 12) |
844 tcb->flags); 844 tcb->flags);
845 845
846 if (unlikely(tcb->flags & TCPCB_FLAG_SYN)) { 846 if (unlikely(tcb->flags & TCPHDR_SYN)) {
847 /* RFC1323: The window in SYN & SYN/ACK segments 847 /* RFC1323: The window in SYN & SYN/ACK segments
848 * is never scaled. 848 * is never scaled.
849 */ 849 */
@@ -866,7 +866,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
866 } 866 }
867 867
868 tcp_options_write((__be32 *)(th + 1), tp, &opts); 868 tcp_options_write((__be32 *)(th + 1), tp, &opts);
869 if (likely((tcb->flags & TCPCB_FLAG_SYN) == 0)) 869 if (likely((tcb->flags & TCPHDR_SYN) == 0))
870 TCP_ECN_send(sk, skb, tcp_header_size); 870 TCP_ECN_send(sk, skb, tcp_header_size);
871 871
872#ifdef CONFIG_TCP_MD5SIG 872#ifdef CONFIG_TCP_MD5SIG
@@ -880,7 +880,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
880 880
881 icsk->icsk_af_ops->send_check(sk, skb); 881 icsk->icsk_af_ops->send_check(sk, skb);
882 882
883 if (likely(tcb->flags & TCPCB_FLAG_ACK)) 883 if (likely(tcb->flags & TCPHDR_ACK))
884 tcp_event_ack_sent(sk, tcp_skb_pcount(skb)); 884 tcp_event_ack_sent(sk, tcp_skb_pcount(skb));
885 885
886 if (skb->len != tcp_header_size) 886 if (skb->len != tcp_header_size)
@@ -1023,7 +1023,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len,
1023 1023
1024 /* PSH and FIN should only be set in the second packet. */ 1024 /* PSH and FIN should only be set in the second packet. */
1025 flags = TCP_SKB_CB(skb)->flags; 1025 flags = TCP_SKB_CB(skb)->flags;
1026 TCP_SKB_CB(skb)->flags = flags & ~(TCPCB_FLAG_FIN | TCPCB_FLAG_PSH); 1026 TCP_SKB_CB(skb)->flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH);
1027 TCP_SKB_CB(buff)->flags = flags; 1027 TCP_SKB_CB(buff)->flags = flags;
1028 TCP_SKB_CB(buff)->sacked = TCP_SKB_CB(skb)->sacked; 1028 TCP_SKB_CB(buff)->sacked = TCP_SKB_CB(skb)->sacked;
1029 1029
@@ -1328,8 +1328,7 @@ static inline unsigned int tcp_cwnd_test(struct tcp_sock *tp,
1328 u32 in_flight, cwnd; 1328 u32 in_flight, cwnd;
1329 1329
1330 /* Don't be strict about the congestion window for the final FIN. */ 1330 /* Don't be strict about the congestion window for the final FIN. */
1331 if ((TCP_SKB_CB(skb)->flags & TCPCB_FLAG_FIN) && 1331 if ((TCP_SKB_CB(skb)->flags & TCPHDR_FIN) && tcp_skb_pcount(skb) == 1)
1332 tcp_skb_pcount(skb) == 1)
1333 return 1; 1332 return 1;
1334 1333
1335 in_flight = tcp_packets_in_flight(tp); 1334 in_flight = tcp_packets_in_flight(tp);
@@ -1398,7 +1397,7 @@ static inline int tcp_nagle_test(struct tcp_sock *tp, struct sk_buff *skb,
1398 * Nagle can be ignored during F-RTO too (see RFC4138). 1397 * Nagle can be ignored during F-RTO too (see RFC4138).
1399 */ 1398 */
1400 if (tcp_urg_mode(tp) || (tp->frto_counter == 2) || 1399 if (tcp_urg_mode(tp) || (tp->frto_counter == 2) ||
1401 (TCP_SKB_CB(skb)->flags & TCPCB_FLAG_FIN)) 1400 (TCP_SKB_CB(skb)->flags & TCPHDR_FIN))
1402 return 1; 1401 return 1;
1403 1402
1404 if (!tcp_nagle_check(tp, skb, cur_mss, nonagle)) 1403 if (!tcp_nagle_check(tp, skb, cur_mss, nonagle))
@@ -1487,7 +1486,7 @@ static int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len,
1487 1486
1488 /* PSH and FIN should only be set in the second packet. */ 1487 /* PSH and FIN should only be set in the second packet. */
1489 flags = TCP_SKB_CB(skb)->flags; 1488 flags = TCP_SKB_CB(skb)->flags;
1490 TCP_SKB_CB(skb)->flags = flags & ~(TCPCB_FLAG_FIN | TCPCB_FLAG_PSH); 1489 TCP_SKB_CB(skb)->flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH);
1491 TCP_SKB_CB(buff)->flags = flags; 1490 TCP_SKB_CB(buff)->flags = flags;
1492 1491
1493 /* This packet was never sent out yet, so no SACK bits. */ 1492 /* This packet was never sent out yet, so no SACK bits. */
@@ -1518,7 +1517,7 @@ static int tcp_tso_should_defer(struct sock *sk, struct sk_buff *skb)
1518 const struct inet_connection_sock *icsk = inet_csk(sk); 1517 const struct inet_connection_sock *icsk = inet_csk(sk);
1519 u32 send_win, cong_win, limit, in_flight; 1518 u32 send_win, cong_win, limit, in_flight;
1520 1519
1521 if (TCP_SKB_CB(skb)->flags & TCPCB_FLAG_FIN) 1520 if (TCP_SKB_CB(skb)->flags & TCPHDR_FIN)
1522 goto send_now; 1521 goto send_now;
1523 1522
1524 if (icsk->icsk_ca_state != TCP_CA_Open) 1523 if (icsk->icsk_ca_state != TCP_CA_Open)
@@ -1644,7 +1643,7 @@ static int tcp_mtu_probe(struct sock *sk)
1644 1643
1645 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq; 1644 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq;
1646 TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size; 1645 TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size;
1647 TCP_SKB_CB(nskb)->flags = TCPCB_FLAG_ACK; 1646 TCP_SKB_CB(nskb)->flags = TCPHDR_ACK;
1648 TCP_SKB_CB(nskb)->sacked = 0; 1647 TCP_SKB_CB(nskb)->sacked = 0;
1649 nskb->csum = 0; 1648 nskb->csum = 0;
1650 nskb->ip_summed = skb->ip_summed; 1649 nskb->ip_summed = skb->ip_summed;
@@ -1669,7 +1668,7 @@ static int tcp_mtu_probe(struct sock *sk)
1669 sk_wmem_free_skb(sk, skb); 1668 sk_wmem_free_skb(sk, skb);
1670 } else { 1669 } else {
1671 TCP_SKB_CB(nskb)->flags |= TCP_SKB_CB(skb)->flags & 1670 TCP_SKB_CB(nskb)->flags |= TCP_SKB_CB(skb)->flags &
1672 ~(TCPCB_FLAG_FIN|TCPCB_FLAG_PSH); 1671 ~(TCPHDR_FIN|TCPHDR_PSH);
1673 if (!skb_shinfo(skb)->nr_frags) { 1672 if (!skb_shinfo(skb)->nr_frags) {
1674 skb_pull(skb, copy); 1673 skb_pull(skb, copy);
1675 if (skb->ip_summed != CHECKSUM_PARTIAL) 1674 if (skb->ip_summed != CHECKSUM_PARTIAL)
@@ -2020,7 +2019,7 @@ static void tcp_retrans_try_collapse(struct sock *sk, struct sk_buff *to,
2020 2019
2021 if (!sysctl_tcp_retrans_collapse) 2020 if (!sysctl_tcp_retrans_collapse)
2022 return; 2021 return;
2023 if (TCP_SKB_CB(skb)->flags & TCPCB_FLAG_SYN) 2022 if (TCP_SKB_CB(skb)->flags & TCPHDR_SYN)
2024 return; 2023 return;
2025 2024
2026 tcp_for_write_queue_from_safe(skb, tmp, sk) { 2025 tcp_for_write_queue_from_safe(skb, tmp, sk) {
@@ -2112,7 +2111,7 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
2112 * since it is cheap to do so and saves bytes on the network. 2111 * since it is cheap to do so and saves bytes on the network.
2113 */ 2112 */
2114 if (skb->len > 0 && 2113 if (skb->len > 0 &&
2115 (TCP_SKB_CB(skb)->flags & TCPCB_FLAG_FIN) && 2114 (TCP_SKB_CB(skb)->flags & TCPHDR_FIN) &&
2116 tp->snd_una == (TCP_SKB_CB(skb)->end_seq - 1)) { 2115 tp->snd_una == (TCP_SKB_CB(skb)->end_seq - 1)) {
2117 if (!pskb_trim(skb, 0)) { 2116 if (!pskb_trim(skb, 0)) {
2118 /* Reuse, even though it does some unnecessary work */ 2117 /* Reuse, even though it does some unnecessary work */
@@ -2301,7 +2300,7 @@ void tcp_send_fin(struct sock *sk)
2301 mss_now = tcp_current_mss(sk); 2300 mss_now = tcp_current_mss(sk);
2302 2301
2303 if (tcp_send_head(sk) != NULL) { 2302 if (tcp_send_head(sk) != NULL) {
2304 TCP_SKB_CB(skb)->flags |= TCPCB_FLAG_FIN; 2303 TCP_SKB_CB(skb)->flags |= TCPHDR_FIN;
2305 TCP_SKB_CB(skb)->end_seq++; 2304 TCP_SKB_CB(skb)->end_seq++;
2306 tp->write_seq++; 2305 tp->write_seq++;
2307 } else { 2306 } else {
@@ -2318,7 +2317,7 @@ void tcp_send_fin(struct sock *sk)
2318 skb_reserve(skb, MAX_TCP_HEADER); 2317 skb_reserve(skb, MAX_TCP_HEADER);
2319 /* FIN eats a sequence byte, write_seq advanced by tcp_queue_skb(). */ 2318 /* FIN eats a sequence byte, write_seq advanced by tcp_queue_skb(). */
2320 tcp_init_nondata_skb(skb, tp->write_seq, 2319 tcp_init_nondata_skb(skb, tp->write_seq,
2321 TCPCB_FLAG_ACK | TCPCB_FLAG_FIN); 2320 TCPHDR_ACK | TCPHDR_FIN);
2322 tcp_queue_skb(sk, skb); 2321 tcp_queue_skb(sk, skb);
2323 } 2322 }
2324 __tcp_push_pending_frames(sk, mss_now, TCP_NAGLE_OFF); 2323 __tcp_push_pending_frames(sk, mss_now, TCP_NAGLE_OFF);
@@ -2343,7 +2342,7 @@ void tcp_send_active_reset(struct sock *sk, gfp_t priority)
2343 /* Reserve space for headers and prepare control bits. */ 2342 /* Reserve space for headers and prepare control bits. */
2344 skb_reserve(skb, MAX_TCP_HEADER); 2343 skb_reserve(skb, MAX_TCP_HEADER);
2345 tcp_init_nondata_skb(skb, tcp_acceptable_seq(sk), 2344 tcp_init_nondata_skb(skb, tcp_acceptable_seq(sk),
2346 TCPCB_FLAG_ACK | TCPCB_FLAG_RST); 2345 TCPHDR_ACK | TCPHDR_RST);
2347 /* Send it off. */ 2346 /* Send it off. */
2348 TCP_SKB_CB(skb)->when = tcp_time_stamp; 2347 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2349 if (tcp_transmit_skb(sk, skb, 0, priority)) 2348 if (tcp_transmit_skb(sk, skb, 0, priority))
@@ -2363,11 +2362,11 @@ int tcp_send_synack(struct sock *sk)
2363 struct sk_buff *skb; 2362 struct sk_buff *skb;
2364 2363
2365 skb = tcp_write_queue_head(sk); 2364 skb = tcp_write_queue_head(sk);
2366 if (skb == NULL || !(TCP_SKB_CB(skb)->flags & TCPCB_FLAG_SYN)) { 2365 if (skb == NULL || !(TCP_SKB_CB(skb)->flags & TCPHDR_SYN)) {
2367 printk(KERN_DEBUG "tcp_send_synack: wrong queue state\n"); 2366 printk(KERN_DEBUG "tcp_send_synack: wrong queue state\n");
2368 return -EFAULT; 2367 return -EFAULT;
2369 } 2368 }
2370 if (!(TCP_SKB_CB(skb)->flags & TCPCB_FLAG_ACK)) { 2369 if (!(TCP_SKB_CB(skb)->flags & TCPHDR_ACK)) {
2371 if (skb_cloned(skb)) { 2370 if (skb_cloned(skb)) {
2372 struct sk_buff *nskb = skb_copy(skb, GFP_ATOMIC); 2371 struct sk_buff *nskb = skb_copy(skb, GFP_ATOMIC);
2373 if (nskb == NULL) 2372 if (nskb == NULL)
@@ -2381,7 +2380,7 @@ int tcp_send_synack(struct sock *sk)
2381 skb = nskb; 2380 skb = nskb;
2382 } 2381 }
2383 2382
2384 TCP_SKB_CB(skb)->flags |= TCPCB_FLAG_ACK; 2383 TCP_SKB_CB(skb)->flags |= TCPHDR_ACK;
2385 TCP_ECN_send_synack(tcp_sk(sk), skb); 2384 TCP_ECN_send_synack(tcp_sk(sk), skb);
2386 } 2385 }
2387 TCP_SKB_CB(skb)->when = tcp_time_stamp; 2386 TCP_SKB_CB(skb)->when = tcp_time_stamp;
@@ -2460,7 +2459,7 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2460 * not even correctly set) 2459 * not even correctly set)
2461 */ 2460 */
2462 tcp_init_nondata_skb(skb, tcp_rsk(req)->snt_isn, 2461 tcp_init_nondata_skb(skb, tcp_rsk(req)->snt_isn,
2463 TCPCB_FLAG_SYN | TCPCB_FLAG_ACK); 2462 TCPHDR_SYN | TCPHDR_ACK);
2464 2463
2465 if (OPTION_COOKIE_EXTENSION & opts.options) { 2464 if (OPTION_COOKIE_EXTENSION & opts.options) {
2466 if (s_data_desired) { 2465 if (s_data_desired) {
@@ -2592,7 +2591,7 @@ int tcp_connect(struct sock *sk)
2592 skb_reserve(buff, MAX_TCP_HEADER); 2591 skb_reserve(buff, MAX_TCP_HEADER);
2593 2592
2594 tp->snd_nxt = tp->write_seq; 2593 tp->snd_nxt = tp->write_seq;
2595 tcp_init_nondata_skb(buff, tp->write_seq++, TCPCB_FLAG_SYN); 2594 tcp_init_nondata_skb(buff, tp->write_seq++, TCPHDR_SYN);
2596 TCP_ECN_send_syn(sk, buff); 2595 TCP_ECN_send_syn(sk, buff);
2597 2596
2598 /* Send it off. */ 2597 /* Send it off. */
@@ -2698,7 +2697,7 @@ void tcp_send_ack(struct sock *sk)
2698 2697
2699 /* Reserve space for headers and prepare control bits. */ 2698 /* Reserve space for headers and prepare control bits. */
2700 skb_reserve(buff, MAX_TCP_HEADER); 2699 skb_reserve(buff, MAX_TCP_HEADER);
2701 tcp_init_nondata_skb(buff, tcp_acceptable_seq(sk), TCPCB_FLAG_ACK); 2700 tcp_init_nondata_skb(buff, tcp_acceptable_seq(sk), TCPHDR_ACK);
2702 2701
2703 /* Send it off, this clears delayed acks for us. */ 2702 /* Send it off, this clears delayed acks for us. */
2704 TCP_SKB_CB(buff)->when = tcp_time_stamp; 2703 TCP_SKB_CB(buff)->when = tcp_time_stamp;
@@ -2732,7 +2731,7 @@ static int tcp_xmit_probe_skb(struct sock *sk, int urgent)
2732 * end to send an ack. Don't queue or clone SKB, just 2731 * end to send an ack. Don't queue or clone SKB, just
2733 * send it. 2732 * send it.
2734 */ 2733 */
2735 tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPCB_FLAG_ACK); 2734 tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPHDR_ACK);
2736 TCP_SKB_CB(skb)->when = tcp_time_stamp; 2735 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2737 return tcp_transmit_skb(sk, skb, 0, GFP_ATOMIC); 2736 return tcp_transmit_skb(sk, skb, 0, GFP_ATOMIC);
2738} 2737}
@@ -2762,13 +2761,13 @@ int tcp_write_wakeup(struct sock *sk)
2762 if (seg_size < TCP_SKB_CB(skb)->end_seq - TCP_SKB_CB(skb)->seq || 2761 if (seg_size < TCP_SKB_CB(skb)->end_seq - TCP_SKB_CB(skb)->seq ||
2763 skb->len > mss) { 2762 skb->len > mss) {
2764 seg_size = min(seg_size, mss); 2763 seg_size = min(seg_size, mss);
2765 TCP_SKB_CB(skb)->flags |= TCPCB_FLAG_PSH; 2764 TCP_SKB_CB(skb)->flags |= TCPHDR_PSH;
2766 if (tcp_fragment(sk, skb, seg_size, mss)) 2765 if (tcp_fragment(sk, skb, seg_size, mss))
2767 return -1; 2766 return -1;
2768 } else if (!tcp_skb_pcount(skb)) 2767 } else if (!tcp_skb_pcount(skb))
2769 tcp_set_skb_tso_segs(sk, skb, mss); 2768 tcp_set_skb_tso_segs(sk, skb, mss);
2770 2769
2771 TCP_SKB_CB(skb)->flags |= TCPCB_FLAG_PSH; 2770 TCP_SKB_CB(skb)->flags |= TCPHDR_PSH;
2772 TCP_SKB_CB(skb)->when = tcp_time_stamp; 2771 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2773 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC); 2772 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
2774 if (!err) 2773 if (!err)
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 9dd8cd4fb6e6..802dbffae8b4 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -736,27 +736,19 @@ static bool tcp_in_window(const struct nf_conn *ct,
736 return res; 736 return res;
737} 737}
738 738
739#define TH_FIN 0x01
740#define TH_SYN 0x02
741#define TH_RST 0x04
742#define TH_PUSH 0x08
743#define TH_ACK 0x10
744#define TH_URG 0x20
745#define TH_ECE 0x40
746#define TH_CWR 0x80
747
748/* table of valid flag combinations - PUSH, ECE and CWR are always valid */ 739/* table of valid flag combinations - PUSH, ECE and CWR are always valid */
749static const u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG) + 1] = 740static const u8 tcp_valid_flags[(TCPHDR_FIN|TCPHDR_SYN|TCPHDR_RST|TCPHDR_ACK|
741 TCPHDR_URG) + 1] =
750{ 742{
751 [TH_SYN] = 1, 743 [TCPHDR_SYN] = 1,
752 [TH_SYN|TH_URG] = 1, 744 [TCPHDR_SYN|TCPHDR_URG] = 1,
753 [TH_SYN|TH_ACK] = 1, 745 [TCPHDR_SYN|TCPHDR_ACK] = 1,
754 [TH_RST] = 1, 746 [TCPHDR_RST] = 1,
755 [TH_RST|TH_ACK] = 1, 747 [TCPHDR_RST|TCPHDR_ACK] = 1,
756 [TH_FIN|TH_ACK] = 1, 748 [TCPHDR_FIN|TCPHDR_ACK] = 1,
757 [TH_FIN|TH_ACK|TH_URG] = 1, 749 [TCPHDR_FIN|TCPHDR_ACK|TCPHDR_URG] = 1,
758 [TH_ACK] = 1, 750 [TCPHDR_ACK] = 1,
759 [TH_ACK|TH_URG] = 1, 751 [TCPHDR_ACK|TCPHDR_URG] = 1,
760}; 752};
761 753
762/* Protect conntrack agaist broken packets. Code taken from ipt_unclean.c. */ 754/* Protect conntrack agaist broken packets. Code taken from ipt_unclean.c. */
@@ -803,7 +795,7 @@ static int tcp_error(struct net *net, struct nf_conn *tmpl,
803 } 795 }
804 796
805 /* Check TCP flags. */ 797 /* Check TCP flags. */
806 tcpflags = (((u_int8_t *)th)[13] & ~(TH_ECE|TH_CWR|TH_PUSH)); 798 tcpflags = (tcp_flag_byte(th) & ~(TCPHDR_ECE|TCPHDR_CWR|TCPHDR_PSH));
807 if (!tcp_valid_flags[tcpflags]) { 799 if (!tcp_valid_flags[tcpflags]) {
808 if (LOG_INVALID(net, IPPROTO_TCP)) 800 if (LOG_INVALID(net, IPPROTO_TCP))
809 nf_log_packet(pf, 0, skb, NULL, NULL, NULL, 801 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 1841388c770a..eb81c380da1b 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -220,15 +220,13 @@ tcpmss_tg6(struct sk_buff *skb, const struct xt_action_param *par)
220} 220}
221#endif 221#endif
222 222
223#define TH_SYN 0x02
224
225/* Must specify -p tcp --syn */ 223/* Must specify -p tcp --syn */
226static inline bool find_syn_match(const struct xt_entry_match *m) 224static inline bool find_syn_match(const struct xt_entry_match *m)
227{ 225{
228 const struct xt_tcp *tcpinfo = (const struct xt_tcp *)m->data; 226 const struct xt_tcp *tcpinfo = (const struct xt_tcp *)m->data;
229 227
230 if (strcmp(m->u.kernel.match->name, "tcp") == 0 && 228 if (strcmp(m->u.kernel.match->name, "tcp") == 0 &&
231 tcpinfo->flg_cmp & TH_SYN && 229 tcpinfo->flg_cmp & TCPHDR_SYN &&
232 !(tcpinfo->invflags & XT_TCP_INV_FLAGS)) 230 !(tcpinfo->invflags & XT_TCP_INV_FLAGS))
233 return true; 231 return true;
234 232