static int __tcp_v4_send_synack(struct sock *sk, struct request_sock *req,
                struct dst_entry *dst)
{
    const struct inet_request_sock *ireq = inet_rsk(req);
    int err = -1;
    struct sk_buff * skb;

    /* First, grab a route. */
    if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL)
        return -1;

    skb = tcp_make_synack(sk, dst, req);

    if (skb) {
        struct tcphdr *th = tcp_hdr(skb);

        th->check = tcp_v4_check(skb->len,
                     ireq->loc_addr,
                     ireq->rmt_addr,
                     csum_partial((char *)th, skb->len,
                         skb->csum));

        err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
                     ireq->rmt_addr,
                     ireq->opt);
        err = net_xmit_eval(err);
    }

    dst_release(dst);
    return err;
}


struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
                struct request_sock *req)
{
    struct inet_request_sock *ireq = inet_rsk(req);
    struct tcp_sock *tp = tcp_sk(sk);
    struct tcphdr *th;
    int tcp_header_size;
    struct sk_buff *skb;
#ifdef CONFIG_TCP_MD5SIG
    struct tcp_md5sig_key *md5;
    __u8 *md5_hash_location;
#endif

    skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15, 1, GFP_ATOMIC);
    if (skb == NULL)
        return NULL;

    /* Reserve space for headers. */
    skb_reserve(skb, MAX_TCP_HEADER);

    skb->dst = dst_clone(dst);

    tcp_header_size = (sizeof(struct tcphdr) + TCPOLEN_MSS +
             (ireq->tstamp_ok ? TCPOLEN_TSTAMP_ALIGNED : 0) +
             (ireq->wscale_ok ? TCPOLEN_WSCALE_ALIGNED : 0) +
             /* SACK_PERM is in the place of NOP NOP of TS */
             ((ireq->sack_ok && !ireq->tstamp_ok) ? TCPOLEN_SACKPERM_ALIGNED : 0));

#ifdef CONFIG_TCP_MD5SIG
    /* Are we doing MD5 on this segment? If so - make room for it */
    md5 = tcp_rsk(req)->af_specific->md5_lookup(sk, req);
    if (md5)
        tcp_header_size += TCPOLEN_MD5SIG_ALIGNED;
#endif
    skb_push(skb, tcp_header_size);
    skb_reset_transport_header(skb);

    th = tcp_hdr(skb);
    memset(th, 0, sizeof(struct tcphdr));
    th->syn = 1;
    th->ack = 1;
    TCP_ECN_make_synack(req, th);
    th->source = inet_sk(sk)->sport;
    th->dest = ireq->rmt_port;
    /* Setting of flags are superfluous here for callers (and ECE is
     * not even correctly set)
     */
    tcp_init_nondata_skb(skb, tcp_rsk(req)->snt_isn,
             TCPCB_FLAG_SYN | TCPCB_FLAG_ACK);
    th->seq = htonl(TCP_SKB_CB(skb)->seq);
    th->ack_seq = htonl(tcp_rsk(req)->rcv_isn + 1);
    if (req->rcv_wnd == 0) { /* ignored for retransmitted syns */
        __u8 rcv_wscale;
        /* Set this up on the first call only */
        req->window_clamp = tp->window_clamp ? : dst_metric(dst, RTAX_WINDOW);
        /* tcp_full_space because it is guaranteed to be the first packet */
        tcp_select_initial_window(tcp_full_space(sk),
            dst_metric(dst, RTAX_ADVMSS) - (ireq->tstamp_ok ? TCPOLEN_TSTAMP_ALIGNED : 0),
            &req->rcv_wnd,
            &req->window_clamp,
            ireq->wscale_ok,
            &rcv_wscale);
        ireq->rcv_wscale = rcv_wscale;
    }

    /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */
    th->window = htons(min(req->rcv_wnd, 65535U));
#ifdef CONFIG_SYN_COOKIES
    if (unlikely(req->cookie_ts))
        TCP_SKB_CB(skb)->when = cookie_init_timestamp(req);
    else
#endif
    TCP_SKB_CB(skb)->when = tcp_time_stamp;
    tcp_syn_build_options((__be32 *)(th + 1), dst_metric(dst, RTAX_ADVMSS), ireq->tstamp_ok,
             ireq->sack_ok, ireq->wscale_ok, ireq->rcv_wscale,
             TCP_SKB_CB(skb)->when,
             req->ts_recent,
             (
#ifdef CONFIG_TCP_MD5SIG
             md5 ? &md5_hash_location :
#endif
             NULL)
             );

    th->doff = (tcp_header_size >> 2);
    TCP_INC_STATS(TCP_MIB_OUTSEGS);

#ifdef CONFIG_TCP_MD5SIG
    /* Okay, we have all we need - do the md5 hash if needed */
    if (md5) {
        tp->af_specific->calc_md5_hash(md5_hash_location,
                     md5,
                     NULL, dst, req,
                     tcp_hdr(skb), sk->sk_protocol,
                     skb->len);
    }
#endif

    return skb;
}


int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk,
             __be32 saddr, __be32 daddr, struct ip_options *opt)
{
    struct inet_sock *inet = inet_sk(sk);
    struct rtable *rt = skb->rtable;
    struct iphdr *iph;

    /* Build the IP header. */
    skb_push(skb, sizeof(struct iphdr) + (opt ? opt->optlen : 0));
    skb_reset_network_header(skb);
    iph = ip_hdr(skb);
    iph->version = 4;
    iph->ihl = 5;
    iph->tos = inet->tos;
    if (ip_dont_fragment(sk, &rt->u.dst))
        iph->frag_off = htons(IP_DF);
    else
        iph->frag_off = 0;
    iph->ttl = ip_select_ttl(inet, &rt->u.dst);
    iph->daddr = rt->rt_dst;
    iph->saddr = rt->rt_src;
    iph->protocol = sk->sk_protocol;
    ip_select_ident(iph, &rt->u.dst, sk);

    if (opt && opt->optlen) {
        iph->ihl += opt->optlen>>2;
        ip_options_build(skb, opt, daddr, rt, 0);
    }

    skb->priority = sk->sk_priority;
    skb->mark = sk->sk_mark;

    /* Send it out. */
    return ip_local_out(skb);
}


int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
             struct tcphdr *th, unsigned len)
{
。。。。。。
case TCP_SYN_SENT:
        queued = tcp_rcv_synsent_state_process(sk, skb, th, len);
        if (queued >= 0)
        if (queued >= 0)
            return queued;

        /* Do step6 onward by hand. */
        tcp_urg(sk, skb, th);
        __kfree_skb(skb);
        tcp_data_snd_check(sk);
        return 0;
。。。。。。
}