1508 	KASSERT((src->scrub == NULL),  in pf_normalize_tcp_init()
1511 	src->scrub = uma_zalloc(V_pf_state_scrub_z, M_ZERO | M_NOWAIT);  in pf_normalize_tcp_init()
1512 	if (src->scrub == NULL)  in pf_normalize_tcp_init()
1519 		src->scrub->pfss_ttl = h->ip_ttl;  in pf_normalize_tcp_init()
1526 		src->scrub->pfss_ttl = h->ip6_hlim;  in pf_normalize_tcp_init()
1549 		src->scrub->pfss_flags |= PFSS_TIMESTAMP;  in pf_normalize_tcp_init()
1550 		src->scrub->pfss_ts_mod = arc4random();  in pf_normalize_tcp_init()
1554 		src->scrub->pfss_tsval0 = ntohl(tsval);  in pf_normalize_tcp_init()
1555 		src->scrub->pfss_tsval = ntohl(tsval);  in pf_normalize_tcp_init()
1556 		src->scrub->pfss_tsecr = ntohl(tsecr);  in pf_normalize_tcp_init()
1557 		getmicrouptime(&src->scrub->pfss_last);  in pf_normalize_tcp_init()
1569 	uma_zfree(V_pf_state_scrub_z, state->src.scrub);  in pf_normalize_tcp_cleanup()
1570 	uma_zfree(V_pf_state_scrub_z, state->dst.scrub);  in pf_normalize_tcp_cleanup()
1578 	src->scrub = uma_zalloc(V_pf_state_scrub_z, M_ZERO | M_NOWAIT);  in pf_normalize_sctp_init()
1579 	if (src->scrub == NULL)  in pf_normalize_sctp_init()
1582 	dst->scrub = uma_zalloc(V_pf_state_scrub_z, M_ZERO | M_NOWAIT);  in pf_normalize_sctp_init()
1583 	if (dst->scrub == NULL) {  in pf_normalize_sctp_init()
1588 	dst->scrub->pfss_v_tag = pd->sctp_initiate_tag;  in pf_normalize_sctp_init()
1606 	KASSERT((src->scrub || dst->scrub),  in pf_normalize_tcp_stateful()
1617 		if (src->scrub) {  in pf_normalize_tcp_stateful()
1619 			if (h->ip_ttl > src->scrub->pfss_ttl)  in pf_normalize_tcp_stateful()
1620 				src->scrub->pfss_ttl = h->ip_ttl;  in pf_normalize_tcp_stateful()
1621 			h->ip_ttl = src->scrub->pfss_ttl;  in pf_normalize_tcp_stateful()
1628 		if (src->scrub) {  in pf_normalize_tcp_stateful()
1630 			if (h->ip6_hlim > src->scrub->pfss_ttl)  in pf_normalize_tcp_stateful()
1631 				src->scrub->pfss_ttl = h->ip6_hlim;  in pf_normalize_tcp_stateful()
1632 			h->ip6_hlim = src->scrub->pfss_ttl;  in pf_normalize_tcp_stateful()
1644 	    ((src->scrub && (src->scrub->pfss_flags & PFSS_TIMESTAMP)) ||  in pf_normalize_tcp_stateful()
1645 	    (dst->scrub && (dst->scrub->pfss_flags & PFSS_TIMESTAMP))) &&  in pf_normalize_tcp_stateful()
1671 			if (tsval && src->scrub &&  in pf_normalize_tcp_stateful()
1672 			    (src->scrub->pfss_flags & PFSS_TIMESTAMP)) {  in pf_normalize_tcp_stateful()
1676 				    ts, htonl(tsval + src->scrub->pfss_ts_mod),  in pf_normalize_tcp_stateful()
1682 			if (tsecr && dst->scrub &&  in pf_normalize_tcp_stateful()
1683 			    (dst->scrub->pfss_flags & PFSS_TIMESTAMP)) {  in pf_normalize_tcp_stateful()
1685 				tsecr = ntohl(tsecr) - dst->scrub->pfss_ts_mod;  in pf_normalize_tcp_stateful()
1713 	if (src->scrub && (src->scrub->pfss_flags & PFSS_PAWS) &&  in pf_normalize_tcp_stateful()
1714 	    (uptime.tv_sec - src->scrub->pfss_last.tv_sec > TS_MAX_IDLE ||  in pf_normalize_tcp_stateful()
1721 		src->scrub->pfss_flags = (src->scrub->pfss_flags & ~PFSS_PAWS)  in pf_normalize_tcp_stateful()
1724 	if (dst->scrub && (dst->scrub->pfss_flags & PFSS_PAWS) &&  in pf_normalize_tcp_stateful()
1725 	    uptime.tv_sec - dst->scrub->pfss_last.tv_sec > TS_MAX_IDLE) {  in pf_normalize_tcp_stateful()
1731 		dst->scrub->pfss_flags = (dst->scrub->pfss_flags & ~PFSS_PAWS)  in pf_normalize_tcp_stateful()
1735 	if (got_ts && src->scrub && dst->scrub &&  in pf_normalize_tcp_stateful()
1736 	    (src->scrub->pfss_flags & PFSS_PAWS) &&  in pf_normalize_tcp_stateful()
1737 	    (dst->scrub->pfss_flags & PFSS_PAWS)) {  in pf_normalize_tcp_stateful()
1815 		timevalsub(&delta_ts, &src->scrub->pfss_last);  in pf_normalize_tcp_stateful()
1821 		    (SEQ_LT(tsval, dst->scrub->pfss_tsecr) ||  in pf_normalize_tcp_stateful()
1822 		    SEQ_GT(tsval, src->scrub->pfss_tsval + tsval_from_last) ||  in pf_normalize_tcp_stateful()
1823 		    (tsecr && (SEQ_GT(tsecr, dst->scrub->pfss_tsval) ||  in pf_normalize_tcp_stateful()
1824 		    SEQ_LT(tsecr, dst->scrub->pfss_tsval0))))) {  in pf_normalize_tcp_stateful()
1833 			    SEQ_LT(tsval, dst->scrub->pfss_tsecr) ? '0' : ' ',  in pf_normalize_tcp_stateful()
1834 			    SEQ_GT(tsval, src->scrub->pfss_tsval +  in pf_normalize_tcp_stateful()
1836 			    SEQ_GT(tsecr, dst->scrub->pfss_tsval) ? '2' : ' ',  in pf_normalize_tcp_stateful()
1837 			    SEQ_LT(tsecr, dst->scrub->pfss_tsval0)? '3' : ' ');  in pf_normalize_tcp_stateful()
1844 			    src->scrub->pfss_tsval, src->scrub->pfss_tsecr);  in pf_normalize_tcp_stateful()
1846 			    "tsval0: %u", dst->scrub->pfss_tsval,  in pf_normalize_tcp_stateful()
1847 			    dst->scrub->pfss_tsecr, dst->scrub->pfss_tsval0);  in pf_normalize_tcp_stateful()
1862 	    src->scrub && dst->scrub &&  in pf_normalize_tcp_stateful()
1863 	    (src->scrub->pfss_flags & PFSS_PAWS) &&  in pf_normalize_tcp_stateful()
1864 	    (dst->scrub->pfss_flags & PFSS_PAWS)) {  in pf_normalize_tcp_stateful()
1891 		if (pd->p_len > 0 && (src->scrub->pfss_flags & PFSS_DATA_TS)) {  in pf_normalize_tcp_stateful()
1916 	if (pd->p_len > 0 && src->scrub && (src->scrub->pfss_flags &  in pf_normalize_tcp_stateful()
1919 			src->scrub->pfss_flags |= PFSS_DATA_TS;  in pf_normalize_tcp_stateful()
1921 			src->scrub->pfss_flags |= PFSS_DATA_NOTS;  in pf_normalize_tcp_stateful()
1922 			if (V_pf_status.debug >= PF_DEBUG_MISC && dst->scrub &&  in pf_normalize_tcp_stateful()
1923 			    (dst->scrub->pfss_flags & PFSS_TIMESTAMP)) {  in pf_normalize_tcp_stateful()
1938 	if (got_ts && src->scrub && PFSS_TIMESTAMP == (src->scrub->pfss_flags &  in pf_normalize_tcp_stateful()
1940 		getmicrouptime(&src->scrub->pfss_last);  in pf_normalize_tcp_stateful()
1941 		if (SEQ_GEQ(tsval, src->scrub->pfss_tsval) ||  in pf_normalize_tcp_stateful()
1942 		    (src->scrub->pfss_flags & PFSS_PAWS) == 0)  in pf_normalize_tcp_stateful()
1943 			src->scrub->pfss_tsval = tsval;  in pf_normalize_tcp_stateful()
1946 			if (SEQ_GEQ(tsecr, src->scrub->pfss_tsecr) ||  in pf_normalize_tcp_stateful()
1947 			    (src->scrub->pfss_flags & PFSS_PAWS) == 0)  in pf_normalize_tcp_stateful()
1948 				src->scrub->pfss_tsecr = tsecr;  in pf_normalize_tcp_stateful()
1950 			if ((src->scrub->pfss_flags & PFSS_PAWS) == 0 &&  in pf_normalize_tcp_stateful()
1951 			    (SEQ_LT(tsval, src->scrub->pfss_tsval0) ||  in pf_normalize_tcp_stateful()
1952 			    src->scrub->pfss_tsval0 == 0)) {  in pf_normalize_tcp_stateful()
1954 				src->scrub->pfss_tsval0 = tsval;  in pf_normalize_tcp_stateful()
1958 			if ((src->scrub->pfss_flags & PFSS_PAWS) == 0)  in pf_normalize_tcp_stateful()
1959 				src->scrub->pfss_flags |= PFSS_PAWS;  in pf_normalize_tcp_stateful()