263 pf_synflood_check(struct pf_pdesc *pd)  in pf_synflood_check()  argument
265 	MPASS(pd->proto == IPPROTO_TCP);  in pf_synflood_check()
268 	if (pd->pf_mtag && (pd->pf_mtag->flags & PF_MTAG_FLAG_SYNCOOKIE_RECREATED))  in pf_synflood_check()
292 pf_syncookie_send(struct pf_pdesc *pd)  in pf_syncookie_send()  argument
297 	mss = max(V_tcp_mssdflt, pf_get_mss(pd));  in pf_syncookie_send()
298 	iss = pf_syncookie_generate(pd, mss);  in pf_syncookie_send()
299 	pf_send_tcp(NULL, pd->af, pd->dst, pd->src, *pd->dport, *pd->sport,  in pf_syncookie_send()
300 	    iss, ntohl(pd->hdr.tcp.th_seq) + 1, TH_SYN|TH_ACK, 0, mss,  in pf_syncookie_send()
301 	    0, M_SKIP_FIREWALL | (pd->m->m_flags & M_LOOP), 0, 0,  in pf_syncookie_send()
302 	    pd->act.rtableid);  in pf_syncookie_send()
310 pf_syncookie_check(struct pf_pdesc *pd)  in pf_syncookie_check()  argument
315 	MPASS(pd->proto == IPPROTO_TCP);  in pf_syncookie_check()
318 	seq = ntohl(pd->hdr.tcp.th_seq) - 1;  in pf_syncookie_check()
319 	ack = ntohl(pd->hdr.tcp.th_ack) - 1;  in pf_syncookie_check()
327 	hash = pf_syncookie_mac(pd, cookie, seq);  in pf_syncookie_check()
335 pf_syncookie_validate(struct pf_pdesc *pd)  in pf_syncookie_validate()  argument
340 	if (! pf_syncookie_check(pd))  in pf_syncookie_validate()
343 	ack = ntohl(pd->hdr.tcp.th_ack) - 1;  in pf_syncookie_validate()
426 pf_syncookie_mac(struct pf_pdesc *pd, union pf_syncookie cookie, uint32_t seq)  in pf_syncookie_mac()  argument
432 	MPASS(pd->proto == IPPROTO_TCP);  in pf_syncookie_mac()
437 	switch (pd->af) {  in pf_syncookie_mac()
439 		SipHash_Update(&ctx, pd->src, sizeof(pd->src->v4));  in pf_syncookie_mac()
440 		SipHash_Update(&ctx, pd->dst, sizeof(pd->dst->v4));  in pf_syncookie_mac()
443 		SipHash_Update(&ctx, pd->src, sizeof(pd->src->v6));  in pf_syncookie_mac()
444 		SipHash_Update(&ctx, pd->dst, sizeof(pd->dst->v6));  in pf_syncookie_mac()
450 	SipHash_Update(&ctx, pd->sport, sizeof(*pd->sport));  in pf_syncookie_mac()
451 	SipHash_Update(&ctx, pd->dport, sizeof(*pd->dport));  in pf_syncookie_mac()
460 pf_syncookie_generate(struct pf_pdesc *pd, uint16_t mss)  in pf_syncookie_generate()  argument
477 	wscale = pf_get_wscale(pd);  in pf_syncookie_generate()
485 	hash = pf_syncookie_mac(pd, cookie, ntohl(pd->hdr.tcp.th_seq));  in pf_syncookie_generate()
500 pf_syncookie_recreate_syn(struct pf_pdesc *pd)  in pf_syncookie_recreate_syn()  argument
507 	seq = ntohl(pd->hdr.tcp.th_seq) - 1;  in pf_syncookie_recreate_syn()
508 	ack = ntohl(pd->hdr.tcp.th_ack) - 1;  in pf_syncookie_recreate_syn()
518 	return (pf_build_tcp(NULL, pd->af, pd->src, pd->dst, *pd->sport,  in pf_syncookie_recreate_syn()
519 	    *pd->dport, seq, 0, TH_SYN, wscale, mss, pd->ttl,  in pf_syncookie_recreate_syn()
520 	    (pd->m->m_flags & M_LOOP), 0, PF_MTAG_FLAG_SYNCOOKIE_RECREATED,  in pf_syncookie_recreate_syn()
521 	    pd->act.rtableid));  in pf_syncookie_recreate_syn()