261 pf_synflood_check(struct pf_pdesc *pd)  in pf_synflood_check()  argument
263 	MPASS(pd->proto == IPPROTO_TCP);  in pf_synflood_check()
266 	if (pd->pf_mtag && (pd->pf_mtag->flags & PF_MTAG_FLAG_SYNCOOKIE_RECREATED))  in pf_synflood_check()
290 pf_syncookie_send(struct pf_pdesc *pd, u_short *reason)  in pf_syncookie_send()  argument
295 	mss = max(V_tcp_mssdflt, pf_get_mss(pd));  in pf_syncookie_send()
296 	iss = pf_syncookie_generate(pd, mss);  in pf_syncookie_send()
297 	pf_send_tcp(NULL, pd->af, pd->dst, pd->src, *pd->dport, *pd->sport,  in pf_syncookie_send()
298 	    iss, ntohl(pd->hdr.tcp.th_seq) + 1, TH_SYN|TH_ACK, 0, mss,  in pf_syncookie_send()
299 	    0, M_SKIP_FIREWALL | (pd->m->m_flags & M_LOOP), 0, 0,  in pf_syncookie_send()
300 	    pd->act.rtableid, reason);  in pf_syncookie_send()
308 pf_syncookie_check(struct pf_pdesc *pd)  in pf_syncookie_check()  argument
313 	MPASS(pd->proto == IPPROTO_TCP);  in pf_syncookie_check()
316 	seq = ntohl(pd->hdr.tcp.th_seq) - 1;  in pf_syncookie_check()
317 	ack = ntohl(pd->hdr.tcp.th_ack) - 1;  in pf_syncookie_check()
325 	hash = pf_syncookie_mac(pd, cookie, seq);  in pf_syncookie_check()
333 pf_syncookie_validate(struct pf_pdesc *pd)  in pf_syncookie_validate()  argument
338 	if (! pf_syncookie_check(pd))  in pf_syncookie_validate()
341 	ack = ntohl(pd->hdr.tcp.th_ack) - 1;  in pf_syncookie_validate()
424 pf_syncookie_mac(struct pf_pdesc *pd, union pf_syncookie cookie, uint32_t seq)  in pf_syncookie_mac()  argument
430 	MPASS(pd->proto == IPPROTO_TCP);  in pf_syncookie_mac()
435 	switch (pd->af) {  in pf_syncookie_mac()
437 		SipHash_Update(&ctx, pd->src, sizeof(pd->src->v4));  in pf_syncookie_mac()
438 		SipHash_Update(&ctx, pd->dst, sizeof(pd->dst->v4));  in pf_syncookie_mac()
441 		SipHash_Update(&ctx, pd->src, sizeof(pd->src->v6));  in pf_syncookie_mac()
442 		SipHash_Update(&ctx, pd->dst, sizeof(pd->dst->v6));  in pf_syncookie_mac()
448 	SipHash_Update(&ctx, pd->sport, sizeof(*pd->sport));  in pf_syncookie_mac()
449 	SipHash_Update(&ctx, pd->dport, sizeof(*pd->dport));  in pf_syncookie_mac()
458 pf_syncookie_generate(struct pf_pdesc *pd, uint16_t mss)  in pf_syncookie_generate()  argument
475 	wscale = pf_get_wscale(pd);  in pf_syncookie_generate()
483 	hash = pf_syncookie_mac(pd, cookie, ntohl(pd->hdr.tcp.th_seq));  in pf_syncookie_generate()
498 pf_syncookie_recreate_syn(struct pf_pdesc *pd, u_short *reason)  in pf_syncookie_recreate_syn()  argument
505 	seq = ntohl(pd->hdr.tcp.th_seq) - 1;  in pf_syncookie_recreate_syn()
506 	ack = ntohl(pd->hdr.tcp.th_ack) - 1;  in pf_syncookie_recreate_syn()
516 	return (pf_build_tcp(NULL, pd->af, pd->src, pd->dst, *pd->sport,  in pf_syncookie_recreate_syn()
517 	    *pd->dport, seq, 0, TH_SYN, wscale, mss, pd->ttl,  in pf_syncookie_recreate_syn()
518 	    (pd->m->m_flags & M_LOOP), 0, PF_MTAG_FLAG_SYNCOOKIE_RECREATED,  in pf_syncookie_recreate_syn()
519 	    cookie.flags.sack_ok, pd->act.rtableid, reason));  in pf_syncookie_recreate_syn()