Index: sys/dev/iscsi/iscsi.h
===================================================================
--- sys/dev/iscsi/iscsi.h
+++ sys/dev/iscsi/iscsi.h
@@ -44,6 +44,7 @@
 	TAILQ_ENTRY(iscsi_outstanding)	io_next;
 	union ccb			*io_ccb;
 	size_t				io_received;
+	uint32_t			io_datasn;
 	uint32_t			io_initiator_task_tag;
 	uint32_t			io_referenced_task_tag;
 	void				*io_icl_prv;
Index: sys/dev/iscsi/iscsi.c
===================================================================
--- sys/dev/iscsi/iscsi.c
+++ sys/dev/iscsi/iscsi.c
@@ -877,7 +877,7 @@
 	struct ccb_scsiio *csio;
 	size_t data_segment_len, received;
 	uint16_t sense_len;
-	uint32_t resid;
+	uint32_t datasn, resid;
 
 	is = PDU_SESSION(response);
 
@@ -909,6 +909,7 @@
 	}
 
 	received = io->io_received;
+	datasn = io->io_datasn;
 	iscsi_outstanding_remove(is, io);
 	ISCSI_SESSION_UNLOCK(is);
 
@@ -919,15 +920,24 @@
 			ISCSI_SESSION_DEBUG(is, "freezing devq");
 		}
  		ccb->ccb_h.status = CAM_REQ_CMP_ERR | CAM_DEV_QFRZN;
-	} else if (bhssr->bhssr_status == 0) {
-		ccb->ccb_h.status = CAM_REQ_CMP;
-	} else {
+	} else if (bhssr->bhssr_status != 0) {
  		if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) {
  			xpt_freeze_devq(ccb->ccb_h.path, 1);
 			ISCSI_SESSION_DEBUG(is, "freezing devq");
 		}
  		ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR | CAM_DEV_QFRZN;
 		ccb->csio.scsi_status = bhssr->bhssr_status;
+	} else if (ntohl(bhssr->bhssr_expdatasn) != datasn) {
+		ISCSI_SESSION_WARN(is,
+		    "ExpDataSN mismatch in service response (%u vs %u)",
+		    ntohl(bhssr->bhssr_expdatasn), datasn);
+		if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) {
+			xpt_freeze_devq(ccb->ccb_h.path, 1);
+			ISCSI_SESSION_DEBUG(is, "freezing devq");
+		}
+		ccb->ccb_h.status = CAM_REQ_CMP_ERR | CAM_DEV_QFRZN;
+	} else {
+		ccb->ccb_h.status = CAM_REQ_CMP;
 	}
 
 	csio = &ccb->csio;
@@ -1047,6 +1057,17 @@
 		return;
 	}
 
+	if (io->io_datasn != ntohl(bhsdi->bhsdi_datasn)) {
+		ISCSI_SESSION_WARN(is, "received Data-In PDU with "
+		    "DataSN %u, while expected %u; dropping connection",
+		    ntohl(bhsdi->bhsdi_datasn), io->io_datasn);
+		icl_pdu_free(response);
+		iscsi_session_reconnect(is);
+		ISCSI_SESSION_UNLOCK(is);
+		return;
+	}
+	io->io_datasn += response->ip_additional_pdus + 1;
+
 	data_segment_len = icl_pdu_data_segment_length(response);
 	if (data_segment_len == 0) {
 		/*
@@ -1096,7 +1117,6 @@
 	icl_pdu_get_data(response, 0, csio->data_ptr + oreceived, data_segment_len);
 
 	/*
-	 * XXX: Check DataSN.
 	 * XXX: Check F.
 	 */
 	if ((bhsdi->bhsdi_flags & BHSDI_FLAGS_S) == 0) {