From ec446b1375c1e426d36ddb98668afd3fcd866ed8 Mon Sep 17 00:00:00 2001
From: Hiren Panchasara <hiren@FreeBSD.org>
Date: Fri, 30 Jan 2015 17:29:07 +0000
Subject: [PATCH] Make syncookie_mac() use 'tcp_seq irs' in computing hash.
 This fixes what seems like a simple oversight when the function was added in
 r253210.

Reported by:            Daniel Borkmann <dborkman@redhat.com>
                        Florian Westphal <fw@strlen.de>
Differential Revision:  https://reviews.freebsd.org/D1628
Reviewed by:            gnn
MFC after:              1 month
Sponsored by:           Limelight Networks
---
 sys/netinet/tcp_syncache.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index c7570e2a26d7..7d97ae081a6b 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -1742,6 +1742,7 @@ syncookie_mac(struct in_conninfo *inc, tcp_seq irs, uint8_t flags,
 	}
 	SipHash_Update(&ctx, &inc->inc_fport, sizeof(inc->inc_fport));
 	SipHash_Update(&ctx, &inc->inc_lport, sizeof(inc->inc_lport));
+	SipHash_Update(&ctx, &irs, sizeof(irs));
 	SipHash_Update(&ctx, &flags, sizeof(flags));
 	SipHash_Update(&ctx, &secmod, sizeof(secmod));
 	SipHash_Final((u_int8_t *)&siphash, &ctx);