Index: in_pcb.c
===================================================================
RCS file: /cvs/src/sys/netinet/in_pcb.c,v
retrieving revision 1.158
diff -u -p -r1.158 in_pcb.c
--- in_pcb.c	22 Jul 2014 11:06:10 -0000	1.158
+++ in_pcb.c	14 Aug 2014 11:59:46 -0000
@@ -122,16 +122,18 @@ int in_pcbresize (struct inpcbtable *, i
 #define	INPCBHASH_LOADFACTOR(_x)	(((_x) * 3) / 4)
 
 #define	INPCBHASH(table, faddr, fport, laddr, lport, rdom) \
-	&(table)->inpt_hashtbl[(ntohl((faddr)->s_addr) + \
-	ntohs((fport)) + ntohs((lport)) + (rdom)) & (table->inpt_hash)]
+	&(table)->inpt_hashtbl[((ntohl((faddr)->s_addr) + \
+	ntohs((fport)) + ntohs((lport)) + (rdom)) ^ \
+	(table)->inpt_nonce) & (table)->inpt_hash]
 
 #define	IN6PCBHASH(table, faddr, fport, laddr, lport, rdom) \
-	&(table)->inpt_hashtbl[(ntohl((faddr)->s6_addr32[0] ^ \
-	(faddr)->s6_addr32[3]) + ntohs((fport)) + ntohs((lport)) + (rdom)) & \
-	(table->inpt_hash)]
+	&(table)->inpt_hashtbl[((ntohl((faddr)->s6_addr32[0] ^ \
+	(faddr)->s6_addr32[3]) + ntohs((fport)) + ntohs((lport)) + (rdom)) ^ \
+	(table)->inpt_nonce) & (table)->inpt_hash]
 
 #define	INPCBLHASH(table, lport, rdom) \
-	&(table)->inpt_lhashtbl[(ntohs((lport)) + (rdom)) & table->inpt_lhash]
+	&(table)->inpt_lhashtbl[((ntohs((lport)) + (rdom)) ^ \
+	(table)->inpt_lnonce) & table->inpt_lhash]
 
 void
 in_pcbinit(struct inpcbtable *table, int hashsize)
@@ -146,6 +148,8 @@ in_pcbinit(struct inpcbtable *table, int
 	    &table->inpt_lhash);
 	if (table->inpt_lhashtbl == NULL)
 		panic("in_pcbinit: hashinit failed for lport");
+	table->inpt_nonce = arc4random();
+	table->inpt_lnonce = arc4random();
 	table->inpt_lastport = 0;
 	table->inpt_count = 0;
 }
@@ -911,6 +915,8 @@ in_pcbresize(struct inpcbtable *table, i
 	table->inpt_lhashtbl = nlhashtbl;
 	table->inpt_hash = nhash;
 	table->inpt_lhash = nlhash;
+	table->inpt_nonce = arc4random();
+	table->inpt_lnonce = arc4random();
 
 	TAILQ_FOREACH_SAFE(inp0, &table->inpt_queue, inp_queue, inp1) {
 		in_pcbrehash(inp0);
Index: in_pcb.h
===================================================================
RCS file: /cvs/src/sys/netinet/in_pcb.h,v
retrieving revision 1.86
diff -u -p -r1.86 in_pcb.h
--- in_pcb.h	12 Jul 2014 21:06:34 -0000	1.86
+++ in_pcb.h	14 Aug 2014 11:59:46 -0000
@@ -157,6 +157,7 @@ struct inpcbtable {
 	TAILQ_HEAD(inpthead, inpcb) inpt_queue;
 	LIST_HEAD(inpcbhead, inpcb) *inpt_hashtbl, *inpt_lhashtbl;
 	u_long	  inpt_hash, inpt_lhash;
+	u_int32_t inpt_nonce, inpt_lnonce;
 	u_int16_t inpt_lastport;
 	int	  inpt_count;
 };