Lines Matching full:pd

263 pf_synflood_check(struct pf_pdesc *pd)
265 MPASS(pd->proto == IPPROTO_TCP);
268 if (pd->pf_mtag && (pd->pf_mtag->flags & PF_MTAG_FLAG_SYNCOOKIE_RECREATED))
292 pf_syncookie_send(struct pf_pdesc *pd)
297 mss = max(V_tcp_mssdflt, pf_get_mss(pd));
298 iss = pf_syncookie_generate(pd, mss);
299 pf_send_tcp(NULL, pd->af, pd->dst, pd->src, *pd->dport, *pd->sport,
300 iss, ntohl(pd->hdr.tcp.th_seq) + 1, TH_SYN|TH_ACK, 0, mss,
301 0, M_SKIP_FIREWALL | (pd->m->m_flags & M_LOOP), 0, 0,
302 pd->act.rtableid);
310 pf_syncookie_check(struct pf_pdesc *pd)
315 MPASS(pd->proto == IPPROTO_TCP);
318 seq = ntohl(pd->hdr.tcp.th_seq) - 1;
319 ack = ntohl(pd->hdr.tcp.th_ack) - 1;
327 hash = pf_syncookie_mac(pd, cookie, seq);
335 pf_syncookie_validate(struct pf_pdesc *pd)
340 if (! pf_syncookie_check(pd))
343 ack = ntohl(pd->hdr.tcp.th_ack) - 1;
426 pf_syncookie_mac(struct pf_pdesc *pd, union pf_syncookie cookie, uint32_t seq)
432 MPASS(pd->proto == IPPROTO_TCP);
437 switch (pd->af) {
439 SipHash_Update(&ctx, pd->src, sizeof(pd->src->v4));
440 SipHash_Update(&ctx, pd->dst, sizeof(pd->dst->v4));
443 SipHash_Update(&ctx, pd->src, sizeof(pd->src->v6));
444 SipHash_Update(&ctx, pd->dst, sizeof(pd->dst->v6));
450 SipHash_Update(&ctx, pd->sport, sizeof(*pd->sport));
451 SipHash_Update(&ctx, pd->dport, sizeof(*pd->dport));
460 pf_syncookie_generate(struct pf_pdesc *pd, uint16_t mss)
477 wscale = pf_get_wscale(pd);
485 hash = pf_syncookie_mac(pd, cookie, ntohl(pd->hdr.tcp.th_seq));
500 pf_syncookie_recreate_syn(struct pf_pdesc *pd)
507 seq = ntohl(pd->hdr.tcp.th_seq) - 1;
508 ack = ntohl(pd->hdr.tcp.th_ack) - 1;
518 return (pf_build_tcp(NULL, pd->af, pd->src, pd->dst, *pd->sport,
519 *pd->dport, seq, 0, TH_SYN, wscale, mss, pd->ttl,
520 (pd->m->m_flags & M_LOOP), 0, PF_MTAG_FLAG_SYNCOOKIE_RECREATED,
521 pd->act.rtableid));