1244769Sglebius/*- 2126258Smlaier * Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org> 3126258Smlaier * 4126258Smlaier * Permission to use, copy, modify, and distribute this software for any 5126258Smlaier * purpose with or without fee is hereby granted, provided that the above 6126258Smlaier * copyright notice and this permission notice appear in all copies. 7126258Smlaier * 8126258Smlaier * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9126258Smlaier * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10126258Smlaier * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11126258Smlaier * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12126258Smlaier * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13126258Smlaier * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14126258Smlaier * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15126258Smlaier * 16244769Sglebius * $OpenBSD: pf_osfp.c,v 1.14 2008/06/12 18:17:01 henning Exp $ 17126258Smlaier */ 18126258Smlaier 19171168Smlaier#include <sys/cdefs.h> 20171168Smlaier__FBSDID("$FreeBSD: stable/11/sys/netpfil/pf/pf_osfp.c 339418 2018-10-18 04:36:25Z kp $"); 21171168Smlaier 22315026Svangyzen#include "opt_inet6.h" 23315026Svangyzen 24126258Smlaier#include <sys/param.h> 25240233Sglebius#include <sys/kernel.h> 26257176Sglebius#include <sys/lock.h> 27257176Sglebius#include <sys/mbuf.h> 28126258Smlaier#include <sys/socket.h> 29126258Smlaier 30126258Smlaier#include <netinet/in.h> 31126258Smlaier#include <netinet/ip.h> 32126258Smlaier#include <netinet/tcp.h> 33126258Smlaier 34126258Smlaier#include <net/if.h> 35257176Sglebius#include <net/vnet.h> 36126258Smlaier#include <net/pfvar.h> 37126258Smlaier 38315026Svangyzen#ifdef INET6 39126258Smlaier#include <netinet/ip6.h> 40315026Svangyzen#endif 41126258Smlaier 42240233Sglebiusstatic MALLOC_DEFINE(M_PFOSFP, "pf_osfp", "pf(4) operating system fingerprints"); 43223637Sbz#define DPFPRINTF(format, x...) \ 44223637Sbz if (V_pf_status.debug >= PF_DEBUG_NOISY) \ 45223637Sbz printf(format , ##x) 46126258Smlaier 47223637SbzSLIST_HEAD(pf_osfp_list, pf_os_fingerprint); 48240233Sglebiusstatic VNET_DEFINE(struct pf_osfp_list, pf_osfp_list) = 49240233Sglebius SLIST_HEAD_INITIALIZER(); 50223637Sbz#define V_pf_osfp_list VNET(pf_osfp_list) 51126258Smlaier 52240233Sglebiusstatic struct pf_osfp_enlist *pf_osfp_fingerprint_hdr(const struct ip *, 53240233Sglebius const struct ip6_hdr *, 54240233Sglebius const struct tcphdr *); 55240233Sglebiusstatic struct pf_os_fingerprint *pf_osfp_find(struct pf_osfp_list *, 56126258Smlaier struct pf_os_fingerprint *, u_int8_t); 57240233Sglebiusstatic struct pf_os_fingerprint *pf_osfp_find_exact(struct pf_osfp_list *, 58126258Smlaier struct pf_os_fingerprint *); 59240233Sglebiusstatic void pf_osfp_insert(struct pf_osfp_list *, 60126258Smlaier struct pf_os_fingerprint *); 61240233Sglebius#ifdef PFDEBUG 62240233Sglebiusstatic struct pf_os_fingerprint *pf_osfp_validate(void); 63240233Sglebius#endif 64126258Smlaier 65126258Smlaier/* 66126258Smlaier * Passively fingerprint the OS of the host (IPv4 TCP SYN packets only) 67126258Smlaier * Returns the list of possible OSes. 68126258Smlaier */ 69126258Smlaierstruct pf_osfp_enlist * 70126258Smlaierpf_osfp_fingerprint(struct pf_pdesc *pd, struct mbuf *m, int off, 71126258Smlaier const struct tcphdr *tcp) 72126258Smlaier{ 73126258Smlaier struct ip *ip; 74171168Smlaier struct ip6_hdr *ip6; 75126258Smlaier char hdr[60]; 76126258Smlaier 77171168Smlaier if ((pd->af != PF_INET && pd->af != PF_INET6) || 78171168Smlaier pd->proto != IPPROTO_TCP || (tcp->th_off << 2) < sizeof(*tcp)) 79126258Smlaier return (NULL); 80126258Smlaier 81171168Smlaier if (pd->af == PF_INET) { 82171168Smlaier ip = mtod(m, struct ip *); 83171168Smlaier ip6 = (struct ip6_hdr *)NULL; 84171168Smlaier } else { 85171168Smlaier ip = (struct ip *)NULL; 86171168Smlaier ip6 = mtod(m, struct ip6_hdr *); 87171168Smlaier } 88171168Smlaier if (!pf_pull_hdr(m, off, hdr, tcp->th_off << 2, NULL, NULL, 89171168Smlaier pd->af)) return (NULL); 90126258Smlaier 91171168Smlaier return (pf_osfp_fingerprint_hdr(ip, ip6, (struct tcphdr *)hdr)); 92126258Smlaier} 93126258Smlaier 94240233Sglebiusstatic struct pf_osfp_enlist * 95171168Smlaierpf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const struct tcphdr *tcp) 96126258Smlaier{ 97126258Smlaier struct pf_os_fingerprint fp, *fpresult; 98126258Smlaier int cnt, optlen = 0; 99126261Smlaier const u_int8_t *optp; 100315026Svangyzen#ifdef INET6 101315026Svangyzen char srcname[INET6_ADDRSTRLEN]; 102315026Svangyzen#else 103315026Svangyzen char srcname[INET_ADDRSTRLEN]; 104315026Svangyzen#endif 105126258Smlaier 106171168Smlaier if ((tcp->th_flags & (TH_SYN|TH_ACK)) != TH_SYN) 107126258Smlaier return (NULL); 108171168Smlaier if (ip) { 109171168Smlaier if ((ip->ip_off & htons(IP_OFFMASK)) != 0) 110171168Smlaier return (NULL); 111171168Smlaier } 112126258Smlaier 113126258Smlaier memset(&fp, 0, sizeof(fp)); 114126258Smlaier 115171168Smlaier if (ip) { 116171168Smlaier fp.fp_psize = ntohs(ip->ip_len); 117171168Smlaier fp.fp_ttl = ip->ip_ttl; 118171168Smlaier if (ip->ip_off & htons(IP_DF)) 119171168Smlaier fp.fp_flags |= PF_OSFP_DF; 120315026Svangyzen inet_ntoa_r(ip->ip_src, srcname); 121171168Smlaier } 122171168Smlaier#ifdef INET6 123171168Smlaier else if (ip6) { 124171168Smlaier /* jumbo payload? */ 125171168Smlaier fp.fp_psize = sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen); 126171168Smlaier fp.fp_ttl = ip6->ip6_hlim; 127126258Smlaier fp.fp_flags |= PF_OSFP_DF; 128171168Smlaier fp.fp_flags |= PF_OSFP_INET6; 129315026Svangyzen ip6_sprintf(srcname, (const struct in6_addr *)&ip6->ip6_src); 130171168Smlaier } 131171168Smlaier#endif 132171168Smlaier else 133171168Smlaier return (NULL); 134126258Smlaier fp.fp_wsize = ntohs(tcp->th_win); 135126258Smlaier 136126258Smlaier 137126258Smlaier cnt = (tcp->th_off << 2) - sizeof(*tcp); 138126261Smlaier optp = (const u_int8_t *)((const char *)tcp + sizeof(*tcp)); 139126258Smlaier for (; cnt > 0; cnt -= optlen, optp += optlen) { 140126258Smlaier if (*optp == TCPOPT_EOL) 141126258Smlaier break; 142126258Smlaier 143126258Smlaier fp.fp_optcnt++; 144126258Smlaier if (*optp == TCPOPT_NOP) { 145126258Smlaier fp.fp_tcpopts = (fp.fp_tcpopts << PF_OSFP_TCPOPT_BITS) | 146126258Smlaier PF_OSFP_TCPOPT_NOP; 147126258Smlaier optlen = 1; 148126258Smlaier } else { 149126258Smlaier if (cnt < 2) 150126258Smlaier return (NULL); 151126258Smlaier optlen = optp[1]; 152126258Smlaier if (optlen > cnt || optlen < 2) 153126258Smlaier return (NULL); 154126258Smlaier switch (*optp) { 155126258Smlaier case TCPOPT_MAXSEG: 156126258Smlaier if (optlen >= TCPOLEN_MAXSEG) 157126258Smlaier memcpy(&fp.fp_mss, &optp[2], 158126258Smlaier sizeof(fp.fp_mss)); 159126258Smlaier fp.fp_tcpopts = (fp.fp_tcpopts << 160126258Smlaier PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_MSS; 161126258Smlaier NTOHS(fp.fp_mss); 162126258Smlaier break; 163126258Smlaier case TCPOPT_WINDOW: 164126258Smlaier if (optlen >= TCPOLEN_WINDOW) 165126258Smlaier memcpy(&fp.fp_wscale, &optp[2], 166126258Smlaier sizeof(fp.fp_wscale)); 167126258Smlaier NTOHS(fp.fp_wscale); 168126258Smlaier fp.fp_tcpopts = (fp.fp_tcpopts << 169126258Smlaier PF_OSFP_TCPOPT_BITS) | 170126258Smlaier PF_OSFP_TCPOPT_WSCALE; 171126258Smlaier break; 172126258Smlaier case TCPOPT_SACK_PERMITTED: 173126258Smlaier fp.fp_tcpopts = (fp.fp_tcpopts << 174126258Smlaier PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_SACK; 175126258Smlaier break; 176126258Smlaier case TCPOPT_TIMESTAMP: 177126258Smlaier if (optlen >= TCPOLEN_TIMESTAMP) { 178126258Smlaier u_int32_t ts; 179126258Smlaier memcpy(&ts, &optp[2], sizeof(ts)); 180126258Smlaier if (ts == 0) 181126258Smlaier fp.fp_flags |= PF_OSFP_TS0; 182126258Smlaier 183126258Smlaier } 184126258Smlaier fp.fp_tcpopts = (fp.fp_tcpopts << 185126258Smlaier PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_TS; 186126258Smlaier break; 187126258Smlaier default: 188126258Smlaier return (NULL); 189126258Smlaier } 190126258Smlaier } 191126258Smlaier optlen = MAX(optlen, 1); /* paranoia */ 192126258Smlaier } 193126258Smlaier 194126258Smlaier DPFPRINTF("fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) " 195126258Smlaier "(TS=%s,M=%s%d,W=%s%d)\n", 196171168Smlaier srcname, ntohs(tcp->th_sport), 197126258Smlaier fp.fp_wsize, fp.fp_ttl, (fp.fp_flags & PF_OSFP_DF) != 0, 198126258Smlaier fp.fp_psize, (long long int)fp.fp_tcpopts, fp.fp_optcnt, 199126258Smlaier (fp.fp_flags & PF_OSFP_TS0) ? "0" : "", 200126258Smlaier (fp.fp_flags & PF_OSFP_MSS_MOD) ? "%" : 201126258Smlaier (fp.fp_flags & PF_OSFP_MSS_DC) ? "*" : "", 202126258Smlaier fp.fp_mss, 203126258Smlaier (fp.fp_flags & PF_OSFP_WSCALE_MOD) ? "%" : 204126258Smlaier (fp.fp_flags & PF_OSFP_WSCALE_DC) ? "*" : "", 205126258Smlaier fp.fp_wscale); 206126258Smlaier 207223637Sbz if ((fpresult = pf_osfp_find(&V_pf_osfp_list, &fp, 208126258Smlaier PF_OSFP_MAXTTL_OFFSET))) 209126258Smlaier return (&fpresult->fp_oses); 210126258Smlaier return (NULL); 211126258Smlaier} 212126258Smlaier 213126258Smlaier/* Match a fingerprint ID against a list of OSes */ 214126258Smlaierint 215126258Smlaierpf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os) 216126258Smlaier{ 217126258Smlaier struct pf_osfp_entry *entry; 218126258Smlaier int os_class, os_version, os_subtype; 219126258Smlaier int en_class, en_version, en_subtype; 220126258Smlaier 221126258Smlaier if (os == PF_OSFP_ANY) 222126258Smlaier return (1); 223126258Smlaier if (list == NULL) { 224126258Smlaier DPFPRINTF("osfp no match against %x\n", os); 225126258Smlaier return (os == PF_OSFP_UNKNOWN); 226126258Smlaier } 227126258Smlaier PF_OSFP_UNPACK(os, os_class, os_version, os_subtype); 228126258Smlaier SLIST_FOREACH(entry, list, fp_entry) { 229126258Smlaier PF_OSFP_UNPACK(entry->fp_os, en_class, en_version, en_subtype); 230126258Smlaier if ((os_class == PF_OSFP_ANY || en_class == os_class) && 231126258Smlaier (os_version == PF_OSFP_ANY || en_version == os_version) && 232126258Smlaier (os_subtype == PF_OSFP_ANY || en_subtype == os_subtype)) { 233126258Smlaier DPFPRINTF("osfp matched %s %s %s %x==%x\n", 234126258Smlaier entry->fp_class_nm, entry->fp_version_nm, 235126258Smlaier entry->fp_subtype_nm, os, entry->fp_os); 236126258Smlaier return (1); 237126258Smlaier } 238126258Smlaier } 239126258Smlaier DPFPRINTF("fingerprint 0x%x didn't match\n", os); 240126258Smlaier return (0); 241126258Smlaier} 242126258Smlaier 243126258Smlaier/* Flush the fingerprint list */ 244126258Smlaiervoid 245126258Smlaierpf_osfp_flush(void) 246126258Smlaier{ 247126258Smlaier struct pf_os_fingerprint *fp; 248126258Smlaier struct pf_osfp_entry *entry; 249126258Smlaier 250223637Sbz while ((fp = SLIST_FIRST(&V_pf_osfp_list))) { 251223637Sbz SLIST_REMOVE_HEAD(&V_pf_osfp_list, fp_next); 252126258Smlaier while ((entry = SLIST_FIRST(&fp->fp_oses))) { 253126258Smlaier SLIST_REMOVE_HEAD(&fp->fp_oses, fp_entry); 254240233Sglebius free(entry, M_PFOSFP); 255126258Smlaier } 256240233Sglebius free(fp, M_PFOSFP); 257126258Smlaier } 258126258Smlaier} 259126258Smlaier 260126258Smlaier 261126258Smlaier/* Add a fingerprint */ 262126258Smlaierint 263126258Smlaierpf_osfp_add(struct pf_osfp_ioctl *fpioc) 264126258Smlaier{ 265126258Smlaier struct pf_os_fingerprint *fp, fpadd; 266126258Smlaier struct pf_osfp_entry *entry; 267126258Smlaier 268240233Sglebius PF_RULES_WASSERT(); 269240233Sglebius 270126258Smlaier memset(&fpadd, 0, sizeof(fpadd)); 271126258Smlaier fpadd.fp_tcpopts = fpioc->fp_tcpopts; 272126258Smlaier fpadd.fp_wsize = fpioc->fp_wsize; 273126258Smlaier fpadd.fp_psize = fpioc->fp_psize; 274126258Smlaier fpadd.fp_mss = fpioc->fp_mss; 275126258Smlaier fpadd.fp_flags = fpioc->fp_flags; 276126258Smlaier fpadd.fp_optcnt = fpioc->fp_optcnt; 277126258Smlaier fpadd.fp_wscale = fpioc->fp_wscale; 278126258Smlaier fpadd.fp_ttl = fpioc->fp_ttl; 279126258Smlaier 280223637Sbz#if 0 /* XXX RYAN wants to fix logging */ 281126258Smlaier DPFPRINTF("adding osfp %s %s %s = %s%d:%d:%d:%s%d:0x%llx %d " 282126258Smlaier "(TS=%s,M=%s%d,W=%s%d) %x\n", 283126258Smlaier fpioc->fp_os.fp_class_nm, fpioc->fp_os.fp_version_nm, 284126258Smlaier fpioc->fp_os.fp_subtype_nm, 285126258Smlaier (fpadd.fp_flags & PF_OSFP_WSIZE_MOD) ? "%" : 286126258Smlaier (fpadd.fp_flags & PF_OSFP_WSIZE_MSS) ? "S" : 287126258Smlaier (fpadd.fp_flags & PF_OSFP_WSIZE_MTU) ? "T" : 288126258Smlaier (fpadd.fp_flags & PF_OSFP_WSIZE_DC) ? "*" : "", 289126258Smlaier fpadd.fp_wsize, 290126258Smlaier fpadd.fp_ttl, 291126258Smlaier (fpadd.fp_flags & PF_OSFP_DF) ? 1 : 0, 292126258Smlaier (fpadd.fp_flags & PF_OSFP_PSIZE_MOD) ? "%" : 293126258Smlaier (fpadd.fp_flags & PF_OSFP_PSIZE_DC) ? "*" : "", 294126258Smlaier fpadd.fp_psize, 295126258Smlaier (long long int)fpadd.fp_tcpopts, fpadd.fp_optcnt, 296126258Smlaier (fpadd.fp_flags & PF_OSFP_TS0) ? "0" : "", 297126258Smlaier (fpadd.fp_flags & PF_OSFP_MSS_MOD) ? "%" : 298126258Smlaier (fpadd.fp_flags & PF_OSFP_MSS_DC) ? "*" : "", 299126258Smlaier fpadd.fp_mss, 300126258Smlaier (fpadd.fp_flags & PF_OSFP_WSCALE_MOD) ? "%" : 301126258Smlaier (fpadd.fp_flags & PF_OSFP_WSCALE_DC) ? "*" : "", 302126258Smlaier fpadd.fp_wscale, 303126258Smlaier fpioc->fp_os.fp_os); 304223637Sbz#endif 305126258Smlaier 306223637Sbz if ((fp = pf_osfp_find_exact(&V_pf_osfp_list, &fpadd))) { 307126258Smlaier SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) { 308126258Smlaier if (PF_OSFP_ENTRY_EQ(entry, &fpioc->fp_os)) 309126258Smlaier return (EEXIST); 310126258Smlaier } 311240233Sglebius if ((entry = malloc(sizeof(*entry), M_PFOSFP, M_NOWAIT)) 312240233Sglebius == NULL) 313126258Smlaier return (ENOMEM); 314126258Smlaier } else { 315240233Sglebius if ((fp = malloc(sizeof(*fp), M_PFOSFP, M_ZERO | M_NOWAIT)) 316240233Sglebius == NULL) 317126258Smlaier return (ENOMEM); 318126258Smlaier fp->fp_tcpopts = fpioc->fp_tcpopts; 319126258Smlaier fp->fp_wsize = fpioc->fp_wsize; 320126258Smlaier fp->fp_psize = fpioc->fp_psize; 321126258Smlaier fp->fp_mss = fpioc->fp_mss; 322126258Smlaier fp->fp_flags = fpioc->fp_flags; 323126258Smlaier fp->fp_optcnt = fpioc->fp_optcnt; 324126258Smlaier fp->fp_wscale = fpioc->fp_wscale; 325126258Smlaier fp->fp_ttl = fpioc->fp_ttl; 326126258Smlaier SLIST_INIT(&fp->fp_oses); 327240233Sglebius if ((entry = malloc(sizeof(*entry), M_PFOSFP, M_NOWAIT)) 328240233Sglebius == NULL) { 329240233Sglebius free(fp, M_PFOSFP); 330126258Smlaier return (ENOMEM); 331126258Smlaier } 332223637Sbz pf_osfp_insert(&V_pf_osfp_list, fp); 333126258Smlaier } 334126258Smlaier memcpy(entry, &fpioc->fp_os, sizeof(*entry)); 335126258Smlaier 336126258Smlaier /* Make sure the strings are NUL terminated */ 337126258Smlaier entry->fp_class_nm[sizeof(entry->fp_class_nm)-1] = '\0'; 338126258Smlaier entry->fp_version_nm[sizeof(entry->fp_version_nm)-1] = '\0'; 339126258Smlaier entry->fp_subtype_nm[sizeof(entry->fp_subtype_nm)-1] = '\0'; 340126258Smlaier 341126258Smlaier SLIST_INSERT_HEAD(&fp->fp_oses, entry, fp_entry); 342126258Smlaier 343126258Smlaier#ifdef PFDEBUG 344126258Smlaier if ((fp = pf_osfp_validate())) 345126258Smlaier printf("Invalid fingerprint list\n"); 346126258Smlaier#endif /* PFDEBUG */ 347126258Smlaier return (0); 348126258Smlaier} 349126258Smlaier 350126258Smlaier 351126258Smlaier/* Find a fingerprint in the list */ 352240233Sglebiusstatic struct pf_os_fingerprint * 353126258Smlaierpf_osfp_find(struct pf_osfp_list *list, struct pf_os_fingerprint *find, 354126258Smlaier u_int8_t ttldiff) 355126258Smlaier{ 356126258Smlaier struct pf_os_fingerprint *f; 357126258Smlaier 358223637Sbz#define MATCH_INT(_MOD, _DC, _field) \ 359126258Smlaier if ((f->fp_flags & _DC) == 0) { \ 360126258Smlaier if ((f->fp_flags & _MOD) == 0) { \ 361126258Smlaier if (f->_field != find->_field) \ 362126258Smlaier continue; \ 363126258Smlaier } else { \ 364126258Smlaier if (f->_field == 0 || find->_field % f->_field) \ 365126258Smlaier continue; \ 366126258Smlaier } \ 367126258Smlaier } 368126258Smlaier 369126258Smlaier SLIST_FOREACH(f, list, fp_next) { 370126258Smlaier if (f->fp_tcpopts != find->fp_tcpopts || 371126258Smlaier f->fp_optcnt != find->fp_optcnt || 372126258Smlaier f->fp_ttl < find->fp_ttl || 373126258Smlaier f->fp_ttl - find->fp_ttl > ttldiff || 374126258Smlaier (f->fp_flags & (PF_OSFP_DF|PF_OSFP_TS0)) != 375126258Smlaier (find->fp_flags & (PF_OSFP_DF|PF_OSFP_TS0))) 376126258Smlaier continue; 377126258Smlaier 378126258Smlaier MATCH_INT(PF_OSFP_PSIZE_MOD, PF_OSFP_PSIZE_DC, fp_psize) 379126258Smlaier MATCH_INT(PF_OSFP_MSS_MOD, PF_OSFP_MSS_DC, fp_mss) 380126258Smlaier MATCH_INT(PF_OSFP_WSCALE_MOD, PF_OSFP_WSCALE_DC, fp_wscale) 381126258Smlaier if ((f->fp_flags & PF_OSFP_WSIZE_DC) == 0) { 382126258Smlaier if (f->fp_flags & PF_OSFP_WSIZE_MSS) { 383126258Smlaier if (find->fp_mss == 0) 384126258Smlaier continue; 385126258Smlaier 386223637Sbz/* 387223637Sbz * Some "smart" NAT devices and DSL routers will tweak the MSS size and 388126258Smlaier * will set it to whatever is suitable for the link type. 389126258Smlaier */ 390223637Sbz#define SMART_MSS 1460 391126258Smlaier if ((find->fp_wsize % find->fp_mss || 392126258Smlaier find->fp_wsize / find->fp_mss != 393126258Smlaier f->fp_wsize) && 394126258Smlaier (find->fp_wsize % SMART_MSS || 395126258Smlaier find->fp_wsize / SMART_MSS != 396126258Smlaier f->fp_wsize)) 397126258Smlaier continue; 398126258Smlaier } else if (f->fp_flags & PF_OSFP_WSIZE_MTU) { 399126258Smlaier if (find->fp_mss == 0) 400126258Smlaier continue; 401126258Smlaier 402223637Sbz#define MTUOFF (sizeof(struct ip) + sizeof(struct tcphdr)) 403223637Sbz#define SMART_MTU (SMART_MSS + MTUOFF) 404126258Smlaier if ((find->fp_wsize % (find->fp_mss + MTUOFF) || 405126258Smlaier find->fp_wsize / (find->fp_mss + MTUOFF) != 406126258Smlaier f->fp_wsize) && 407126258Smlaier (find->fp_wsize % SMART_MTU || 408126258Smlaier find->fp_wsize / SMART_MTU != 409126258Smlaier f->fp_wsize)) 410126258Smlaier continue; 411126258Smlaier } else if (f->fp_flags & PF_OSFP_WSIZE_MOD) { 412126258Smlaier if (f->fp_wsize == 0 || find->fp_wsize % 413126258Smlaier f->fp_wsize) 414126258Smlaier continue; 415126258Smlaier } else { 416126258Smlaier if (f->fp_wsize != find->fp_wsize) 417126258Smlaier continue; 418126258Smlaier } 419126258Smlaier } 420126258Smlaier return (f); 421126258Smlaier } 422126258Smlaier 423126258Smlaier return (NULL); 424126258Smlaier} 425126258Smlaier 426126258Smlaier/* Find an exact fingerprint in the list */ 427240233Sglebiusstatic struct pf_os_fingerprint * 428126258Smlaierpf_osfp_find_exact(struct pf_osfp_list *list, struct pf_os_fingerprint *find) 429126258Smlaier{ 430126258Smlaier struct pf_os_fingerprint *f; 431126258Smlaier 432126258Smlaier SLIST_FOREACH(f, list, fp_next) { 433126258Smlaier if (f->fp_tcpopts == find->fp_tcpopts && 434126258Smlaier f->fp_wsize == find->fp_wsize && 435126258Smlaier f->fp_psize == find->fp_psize && 436126258Smlaier f->fp_mss == find->fp_mss && 437126258Smlaier f->fp_flags == find->fp_flags && 438126258Smlaier f->fp_optcnt == find->fp_optcnt && 439126258Smlaier f->fp_wscale == find->fp_wscale && 440126258Smlaier f->fp_ttl == find->fp_ttl) 441126258Smlaier return (f); 442126258Smlaier } 443126258Smlaier 444126258Smlaier return (NULL); 445126258Smlaier} 446126258Smlaier 447126258Smlaier/* Insert a fingerprint into the list */ 448240233Sglebiusstatic void 449126258Smlaierpf_osfp_insert(struct pf_osfp_list *list, struct pf_os_fingerprint *ins) 450126258Smlaier{ 451126258Smlaier struct pf_os_fingerprint *f, *prev = NULL; 452126258Smlaier 453126258Smlaier /* XXX need to go semi tree based. can key on tcp options */ 454126258Smlaier 455126258Smlaier SLIST_FOREACH(f, list, fp_next) 456126258Smlaier prev = f; 457126258Smlaier if (prev) 458126258Smlaier SLIST_INSERT_AFTER(prev, ins, fp_next); 459126258Smlaier else 460126258Smlaier SLIST_INSERT_HEAD(list, ins, fp_next); 461126258Smlaier} 462126258Smlaier 463126258Smlaier/* Fill a fingerprint by its number (from an ioctl) */ 464126258Smlaierint 465126258Smlaierpf_osfp_get(struct pf_osfp_ioctl *fpioc) 466126258Smlaier{ 467126258Smlaier struct pf_os_fingerprint *fp; 468126258Smlaier struct pf_osfp_entry *entry; 469126258Smlaier int num = fpioc->fp_getnum; 470126258Smlaier int i = 0; 471126258Smlaier 472126258Smlaier 473126258Smlaier memset(fpioc, 0, sizeof(*fpioc)); 474223637Sbz SLIST_FOREACH(fp, &V_pf_osfp_list, fp_next) { 475126258Smlaier SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) { 476126258Smlaier if (i++ == num) { 477126258Smlaier fpioc->fp_mss = fp->fp_mss; 478126258Smlaier fpioc->fp_wsize = fp->fp_wsize; 479126258Smlaier fpioc->fp_flags = fp->fp_flags; 480126258Smlaier fpioc->fp_psize = fp->fp_psize; 481126258Smlaier fpioc->fp_ttl = fp->fp_ttl; 482126258Smlaier fpioc->fp_wscale = fp->fp_wscale; 483126258Smlaier fpioc->fp_getnum = num; 484126258Smlaier memcpy(&fpioc->fp_os, entry, 485126258Smlaier sizeof(fpioc->fp_os)); 486126258Smlaier return (0); 487126258Smlaier } 488126258Smlaier } 489126258Smlaier } 490126258Smlaier 491126258Smlaier return (EBUSY); 492126258Smlaier} 493126258Smlaier 494126258Smlaier 495240233Sglebius#ifdef PFDEBUG 496126258Smlaier/* Validate that each signature is reachable */ 497240233Sglebiusstatic struct pf_os_fingerprint * 498126258Smlaierpf_osfp_validate(void) 499126258Smlaier{ 500126258Smlaier struct pf_os_fingerprint *f, *f2, find; 501126258Smlaier 502223637Sbz SLIST_FOREACH(f, &V_pf_osfp_list, fp_next) { 503126258Smlaier memcpy(&find, f, sizeof(find)); 504126258Smlaier 505126258Smlaier /* We do a few MSS/th_win percolations to make things unique */ 506126258Smlaier if (find.fp_mss == 0) 507126258Smlaier find.fp_mss = 128; 508126258Smlaier if (f->fp_flags & PF_OSFP_WSIZE_MSS) 509217388Scsjp find.fp_wsize *= find.fp_mss; 510126258Smlaier else if (f->fp_flags & PF_OSFP_WSIZE_MTU) 511126258Smlaier find.fp_wsize *= (find.fp_mss + 40); 512126258Smlaier else if (f->fp_flags & PF_OSFP_WSIZE_MOD) 513126258Smlaier find.fp_wsize *= 2; 514223637Sbz if (f != (f2 = pf_osfp_find(&V_pf_osfp_list, &find, 0))) { 515126258Smlaier if (f2) 516126258Smlaier printf("Found \"%s %s %s\" instead of " 517126258Smlaier "\"%s %s %s\"\n", 518126258Smlaier SLIST_FIRST(&f2->fp_oses)->fp_class_nm, 519126258Smlaier SLIST_FIRST(&f2->fp_oses)->fp_version_nm, 520126258Smlaier SLIST_FIRST(&f2->fp_oses)->fp_subtype_nm, 521126258Smlaier SLIST_FIRST(&f->fp_oses)->fp_class_nm, 522126258Smlaier SLIST_FIRST(&f->fp_oses)->fp_version_nm, 523126258Smlaier SLIST_FIRST(&f->fp_oses)->fp_subtype_nm); 524126258Smlaier else 525126258Smlaier printf("Couldn't find \"%s %s %s\"\n", 526126258Smlaier SLIST_FIRST(&f->fp_oses)->fp_class_nm, 527126258Smlaier SLIST_FIRST(&f->fp_oses)->fp_version_nm, 528126258Smlaier SLIST_FIRST(&f->fp_oses)->fp_subtype_nm); 529126258Smlaier return (f); 530126258Smlaier } 531126258Smlaier } 532126258Smlaier return (NULL); 533126258Smlaier} 534240233Sglebius#endif /* PFDEBUG */ 535