diff -Naurp snort-2.9.0.3.orig/doc/snort_manual.tex snort-2.9.0.3-flags/doc/snort_manual.tex
--- snort-2.9.0.3.orig/doc/snort_manual.tex	2010-12-09 21:33:36.000000000 +0000
+++ snort-2.9.0.3-flags/doc/snort_manual.tex	2010-12-21 00:40:01.000066000 +0000
@@ -13083,8 +13083,8 @@ The following bits may be checked:
 \item [P] - PSH - Push
 \item [A] - ACK - Acknowledgment
 \item [U] - URG - Urgent
-\item [1] - CWR - Congestion Window Reduced (MSB in TCP Flags byte)
-\item [2] - ECE - ECN-Echo (If SYN, then ECN capable.  Else, CE flag in IP header is set)
+\item [C] - CWR - Congestion Window Reduced (MSB in TCP Flags byte)
+\item [E] - ECE - ECN-Echo (If SYN, then ECN capable.  Else, CE flag in IP header is set)
 \item [0] - No TCP Flags Set
 \end{description}
 
@@ -13105,18 +13105,27 @@ bits.
 \subsubsection{Format}
 
 \begin{verbatim}
-    flags:[!|*|+]<FSRPAU120>[,<FSRPAU12>];
+    flags:[!|*|+]<FSRPAUCE0>[,<FSRPAUCE>];
 \end{verbatim}
 
 \subsubsection{Example}
 
-This example checks if just the SYN and the FIN bits are set, ignoring reserved
-bit 1 and reserved bit 2.
+This example checks if just the SYN and the FIN bits are set, ignoring CWR
+(former reserved bit 1) and ECN (former reserved bit 2).
 
 \begin{verbatim}
-    alert tcp any any -> any any (flags:SF,12;)
+    alert tcp any any -> any any (flags:SF,CE;)
 \end{verbatim}
 
+\begin{note}
+
+The reserved bits '1' and '2' have been replaced with 'C' and 'E', respectively, to
+match RFC 3168, "The Addition of Explicit Congestion Notification (ECN) to IP".
+The old values of '1' and '2' are still valid for the \texttt{flag} keyword, but
+are now deprecated.
+
+\end{note}
+
 \subsection{flow}
 \label{flow section}
 
@@ -13795,7 +13804,7 @@ This example logs the first 10 seconds o
 (whichever comes first) of any telnet session.
 
 \begin{verbatim}
-    alert tcp any any -> any 23 (flags:s,12; tag:session,10,seconds;)
+    alert tcp any any -> any 23 (flags:S,CE; tag:session,10,seconds;)
 \end{verbatim}
 
 \subsection{activates}
diff -Naurp snort-2.9.0.3.orig/src/detection-plugins/sp_tcp_flag_check.c snort-2.9.0.3-flags/src/detection-plugins/sp_tcp_flag_check.c
--- snort-2.9.0.3.orig/src/detection-plugins/sp_tcp_flag_check.c	2010-01-26 18:09:49.000000000 +0000
+++ snort-2.9.0.3-flags/src/detection-plugins/sp_tcp_flag_check.c	2010-12-20 23:36:09.000003000 +0000
@@ -224,12 +224,16 @@ void ParseTCPFlags(char *rule, OptTreeNo
                 idx->tcp_flags = 0;
                 break;
 
-            case '1': /* reserved bit flags */
-                idx->tcp_flags |= R_RES1;
+            case '1':
+            case 'c':
+            case 'C': /* CWR - Congestion Window Reduced */
+                idx->tcp_flags |= R_CWR;
                 break;
 
-            case '2': /* reserved bit flags */
-                idx->tcp_flags |= R_RES2;
+            case '2':
+            case 'e':
+            case 'E': /* ECE - ECN Echo */
+                idx->tcp_flags |= R_ECE;
                 break;
 
             case '!': /* not, fire if all flags specified are not present,
@@ -296,12 +300,16 @@ void ParseTCPFlags(char *rule, OptTreeNo
                 idx->tcp_mask |= R_URG;
                 break;
                 
-            case '1': /* reserved bit flags */
-                idx->tcp_mask |= R_RES1;
+            case '1':
+            case 'c':
+            case 'C': /* CWR - Congestion Window Reduced */
+                idx->tcp_mask |= R_CWR;
                 break;
 
-            case '2': /* reserved bit flags */
-                idx->tcp_mask |= R_RES2;
+            case '2':
+            case 'e':
+            case 'E': /* ECE - ECN Echo */
+                idx->tcp_flags |= R_ECE;
                 break;
             default:
                 FatalError(" Line %s (%d): bad TCP flag = \"%c\"\n  Valid otions: UAPRS12 \n",
diff -Naurp snort-2.9.0.3.orig/src/dynamic-plugins/sf_engine/sf_snort_packet.h snort-2.9.0.3-flags/src/dynamic-plugins/sf_engine/sf_snort_packet.h
--- snort-2.9.0.3.orig/src/dynamic-plugins/sf_engine/sf_snort_packet.h	2010-09-27 15:28:13.000000000 +0000
+++ snort-2.9.0.3-flags/src/dynamic-plugins/sf_engine/sf_snort_packet.h	2010-12-20 23:33:45.000004000 +0000
@@ -154,8 +154,8 @@ typedef struct _TCPHeader
 #define TCPHEADER_PUSH 0x08
 #define TCPHEADER_ACK  0x10
 #define TCPHEADER_URG  0x20
-#define TCPHEADER_RES2 0x40
-#define TCPHEADER_RES1 0x80
+#define TCPHEADER_CWR  0x40
+#define TCPHEADER_ECE  0x80
 #define TCPHEADER_NORESERVED (TCPHEADER_FIN|TCPHEADER_SYN|TCPHEADER_RST \
                             |TCPHEADER_PUSH|TCPHEADER_ACK|TCPHEADER_URG)
 
diff -Naurp snort-2.9.0.3.orig/src/rules.h snort-2.9.0.3-flags/src/rules.h
--- snort-2.9.0.3.orig/src/rules.h	2010-06-09 22:04:55.000000000 +0000
+++ snort-2.9.0.3-flags/src/rules.h	2010-12-20 23:32:05.000002000 +0000
@@ -57,8 +57,8 @@
 #define R_PSH          0x08
 #define R_ACK          0x10
 #define R_URG          0x20
-#define R_RES2         0x40
-#define R_RES1         0x80
+#define R_CWR          0x40
+#define R_ECE          0x80
 
 #define MODE_EXIT_ON_MATCH   0
 #define MODE_FULL_SEARCH     1