1/* 2 * Copyright (c) 2007-2011 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29/* $apfw: pf_osfp.c,v 1.4 2008/08/27 00:01:32 jhw Exp $ */ 30/* $OpenBSD: pf_osfp.c,v 1.12 2006/12/13 18:14:10 itojun Exp $ */ 31 32/* 33 * Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org> 34 * 35 * Permission to use, copy, modify, and distribute this software for any 36 * purpose with or without fee is hereby granted, provided that the above 37 * copyright notice and this permission notice appear in all copies. 38 * 39 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 40 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 41 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 42 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 43 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 44 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 45 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 46 * 47 */ 48 49#include <machine/endian.h> 50#include <sys/param.h> 51#include <sys/socket.h> 52#include <sys/systm.h> 53#include <sys/mbuf.h> 54 55#include <netinet/in.h> 56#include <netinet/in_systm.h> 57#include <netinet/ip.h> 58#include <netinet/tcp.h> 59#include <netinet/tcp_fsm.h> 60 61#include <net/if.h> 62#include <net/pfvar.h> 63 64#if INET6 65#include <netinet/ip6.h> 66#include <netinet6/in6_var.h> 67#endif /* INET6 */ 68 69#define DPFPRINTF(format, x...) \ 70 if (pf_status.debug >= PF_DEBUG_NOISY) \ 71 printf(format, ##x) 72 73static SLIST_HEAD(pf_osfp_list, pf_os_fingerprint) pf_osfp_list; 74static struct pool pf_osfp_entry_pl; 75static struct pool pf_osfp_pl; 76 77static struct pf_os_fingerprint *pf_osfp_find(struct pf_osfp_list *, 78 struct pf_os_fingerprint *, u_int8_t); 79static struct pf_os_fingerprint *pf_osfp_find_exact(struct pf_osfp_list *, 80 struct pf_os_fingerprint *); 81static void pf_osfp_insert(struct pf_osfp_list *, struct pf_os_fingerprint *); 82 83 84/* 85 * Passively fingerprint the OS of the host (IPv4 TCP SYN packets only) 86 * Returns the list of possible OSes. 87 */ 88struct pf_osfp_enlist * 89pf_osfp_fingerprint(struct pf_pdesc *pd, struct mbuf *m, int off, 90 const struct tcphdr *tcp) 91{ 92 struct ip *ip; 93 struct ip6_hdr *ip6; 94 char hdr[60]; 95 96 if ((pd->af != PF_INET && pd->af != PF_INET6) || 97 pd->proto != IPPROTO_TCP || 98 (tcp->th_off << 2) < (int)sizeof (*tcp)) 99 return (NULL); 100 101 if (pd->af == PF_INET) { 102 ip = mtod(m, struct ip *); 103 ip6 = (struct ip6_hdr *)NULL; 104 } else { 105 ip = (struct ip *)NULL; 106 ip6 = mtod(m, struct ip6_hdr *); 107 } 108 if (!pf_pull_hdr(m, off, hdr, tcp->th_off << 2, NULL, NULL, 109 pd->af)) 110 return (NULL); 111 112 return (pf_osfp_fingerprint_hdr(ip, ip6, (struct tcphdr *)(void *)hdr)); 113} 114 115struct pf_osfp_enlist * 116pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, 117 const struct tcphdr *tcp) 118{ 119#if !INET6 120#pragma unused(ip6) 121#endif /* !INET6 */ 122 struct pf_os_fingerprint fp, *fpresult; 123 int cnt, optlen = 0; 124 const u_int8_t *optp; 125 char srcname[128]; 126 127 if ((tcp->th_flags & (TH_SYN|TH_ACK)) != TH_SYN) 128 return (NULL); 129 if (ip) { 130 if ((ip->ip_off & htons(IP_OFFMASK)) != 0) 131 return (NULL); 132 } 133 134 memset(&fp, 0, sizeof (fp)); 135 136 if (ip) { 137 fp.fp_psize = ntohs(ip->ip_len); 138 fp.fp_ttl = ip->ip_ttl; 139 if (ip->ip_off & htons(IP_DF)) 140 fp.fp_flags |= PF_OSFP_DF; 141 (void) inet_ntop(AF_INET, &ip->ip_src, srcname, 142 (socklen_t)sizeof (srcname)); 143 } 144#if INET6 145 else if (ip6) { 146 /* jumbo payload? */ 147 fp.fp_psize = sizeof (struct ip6_hdr) + ntohs(ip6->ip6_plen); 148 fp.fp_ttl = ip6->ip6_hlim; 149 fp.fp_flags |= PF_OSFP_DF; 150 fp.fp_flags |= PF_OSFP_INET6; 151 (void) inet_ntop(AF_INET6, &ip6->ip6_src, srcname, 152 (socklen_t)sizeof (srcname)); 153 } 154#endif 155 else 156 return (NULL); 157 fp.fp_wsize = ntohs(tcp->th_win); 158 159 160 cnt = (tcp->th_off << 2) - sizeof (*tcp); 161 optp = (const u_int8_t *)((const char *)tcp + sizeof (*tcp)); 162 for (; cnt > 0; cnt -= optlen, optp += optlen) { 163 if (*optp == TCPOPT_EOL) 164 break; 165 166 fp.fp_optcnt++; 167 if (*optp == TCPOPT_NOP) { 168 fp.fp_tcpopts = (fp.fp_tcpopts << PF_OSFP_TCPOPT_BITS) | 169 PF_OSFP_TCPOPT_NOP; 170 optlen = 1; 171 } else { 172 if (cnt < 2) 173 return (NULL); 174 optlen = optp[1]; 175 if (optlen > cnt || optlen < 2) 176 return (NULL); 177 switch (*optp) { 178 case TCPOPT_MAXSEG: 179 if (optlen >= TCPOLEN_MAXSEG) 180 memcpy(&fp.fp_mss, &optp[2], 181 sizeof (fp.fp_mss)); 182 fp.fp_tcpopts = (fp.fp_tcpopts << 183 PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_MSS; 184#if BYTE_ORDER != BIG_ENDIAN 185 NTOHS(fp.fp_mss); 186#endif 187 break; 188 case TCPOPT_WINDOW: 189 if (optlen >= TCPOLEN_WINDOW) 190 memcpy(&fp.fp_wscale, &optp[2], 191 sizeof (fp.fp_wscale)); 192#if BYTE_ORDER != BIG_ENDIAN 193 NTOHS(fp.fp_wscale); 194#endif 195 fp.fp_tcpopts = (fp.fp_tcpopts << 196 PF_OSFP_TCPOPT_BITS) | 197 PF_OSFP_TCPOPT_WSCALE; 198 break; 199 case TCPOPT_SACK_PERMITTED: 200 fp.fp_tcpopts = (fp.fp_tcpopts << 201 PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_SACK; 202 break; 203 case TCPOPT_TIMESTAMP: 204 if (optlen >= TCPOLEN_TIMESTAMP) { 205 u_int32_t ts; 206 memcpy(&ts, &optp[2], sizeof (ts)); 207 if (ts == 0) 208 fp.fp_flags |= PF_OSFP_TS0; 209 210 } 211 fp.fp_tcpopts = (fp.fp_tcpopts << 212 PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_TS; 213 break; 214 default: 215 return (NULL); 216 } 217 } 218 optlen = MAX(optlen, 1); /* paranoia */ 219 } 220 221 DPFPRINTF("fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) " 222 "(TS=%s,M=%s%d,W=%s%d)\n", 223 srcname, ntohs(tcp->th_sport), 224 fp.fp_wsize, fp.fp_ttl, (fp.fp_flags & PF_OSFP_DF) != 0, 225 fp.fp_psize, (long long int)fp.fp_tcpopts, fp.fp_optcnt, 226 (fp.fp_flags & PF_OSFP_TS0) ? "0" : "", 227 (fp.fp_flags & PF_OSFP_MSS_MOD) ? "%" : 228 (fp.fp_flags & PF_OSFP_MSS_DC) ? "*" : "", 229 fp.fp_mss, 230 (fp.fp_flags & PF_OSFP_WSCALE_MOD) ? "%" : 231 (fp.fp_flags & PF_OSFP_WSCALE_DC) ? "*" : "", 232 fp.fp_wscale); 233 234 if ((fpresult = pf_osfp_find(&pf_osfp_list, &fp, 235 PF_OSFP_MAXTTL_OFFSET))) 236 return (&fpresult->fp_oses); 237 return (NULL); 238} 239 240/* Match a fingerprint ID against a list of OSes */ 241int 242pf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os) 243{ 244 struct pf_osfp_entry *entry; 245 int os_class, os_version, os_subtype; 246 int en_class, en_version, en_subtype; 247 248 if (os == PF_OSFP_ANY) 249 return (1); 250 if (list == NULL) { 251 DPFPRINTF("osfp no match against %x\n", os); 252 return (os == PF_OSFP_UNKNOWN); 253 } 254 PF_OSFP_UNPACK(os, os_class, os_version, os_subtype); 255 SLIST_FOREACH(entry, list, fp_entry) { 256 PF_OSFP_UNPACK(entry->fp_os, en_class, en_version, en_subtype); 257 if ((os_class == PF_OSFP_ANY || en_class == os_class) && 258 (os_version == PF_OSFP_ANY || en_version == os_version) && 259 (os_subtype == PF_OSFP_ANY || en_subtype == os_subtype)) { 260 DPFPRINTF("osfp matched %s %s %s %x==%x\n", 261 entry->fp_class_nm, entry->fp_version_nm, 262 entry->fp_subtype_nm, os, entry->fp_os); 263 return (1); 264 } 265 } 266 DPFPRINTF("fingerprint 0x%x didn't match\n", os); 267 return (0); 268} 269 270/* Initialize the OS fingerprint system */ 271void 272pf_osfp_initialize(void) 273{ 274 pool_init(&pf_osfp_entry_pl, sizeof (struct pf_osfp_entry), 0, 0, 0, 275 "pfosfpen", NULL); 276 pool_init(&pf_osfp_pl, sizeof (struct pf_os_fingerprint), 0, 0, 0, 277 "pfosfp", NULL); 278 SLIST_INIT(&pf_osfp_list); 279} 280 281#if 0 282void 283pf_osfp_destroy(void) 284{ 285 pf_osfp_flush(); 286 287 pool_destroy(&pf_osfp_pl); 288 pool_destroy(&pf_osfp_entry_pl); 289} 290#endif 291 292/* Flush the fingerprint list */ 293void 294pf_osfp_flush(void) 295{ 296 struct pf_os_fingerprint *fp; 297 struct pf_osfp_entry *entry; 298 299 while ((fp = SLIST_FIRST(&pf_osfp_list))) { 300 SLIST_REMOVE_HEAD(&pf_osfp_list, fp_next); 301 while ((entry = SLIST_FIRST(&fp->fp_oses))) { 302 SLIST_REMOVE_HEAD(&fp->fp_oses, fp_entry); 303 pool_put(&pf_osfp_entry_pl, entry); 304 } 305 pool_put(&pf_osfp_pl, fp); 306 } 307} 308 309 310/* Add a fingerprint */ 311int 312pf_osfp_add(struct pf_osfp_ioctl *fpioc) 313{ 314 struct pf_os_fingerprint *fp, fpadd; 315 struct pf_osfp_entry *entry, *uentry; 316 317 memset(&fpadd, 0, sizeof (fpadd)); 318 fpadd.fp_tcpopts = fpioc->fp_tcpopts; 319 fpadd.fp_wsize = fpioc->fp_wsize; 320 fpadd.fp_psize = fpioc->fp_psize; 321 fpadd.fp_mss = fpioc->fp_mss; 322 fpadd.fp_flags = fpioc->fp_flags; 323 fpadd.fp_optcnt = fpioc->fp_optcnt; 324 fpadd.fp_wscale = fpioc->fp_wscale; 325 fpadd.fp_ttl = fpioc->fp_ttl; 326 327 uentry = &fpioc->fp_os; 328 uentry->fp_entry.sle_next = NULL; 329 uentry->fp_class_nm[sizeof (uentry->fp_class_nm) - 1] = '\0'; 330 uentry->fp_version_nm[sizeof (uentry->fp_version_nm) - 1] = '\0'; 331 uentry->fp_subtype_nm[sizeof (uentry->fp_subtype_nm) - 1] = '\0'; 332 333 DPFPRINTF("adding osfp %s %s %s = %s%d:%d:%d:%s%d:0x%llx %d " 334 "(TS=%s,M=%s%d,W=%s%d) %x\n", 335 fpioc->fp_os.fp_class_nm, fpioc->fp_os.fp_version_nm, 336 fpioc->fp_os.fp_subtype_nm, 337 (fpadd.fp_flags & PF_OSFP_WSIZE_MOD) ? "%" : 338 (fpadd.fp_flags & PF_OSFP_WSIZE_MSS) ? "S" : 339 (fpadd.fp_flags & PF_OSFP_WSIZE_MTU) ? "T" : 340 (fpadd.fp_flags & PF_OSFP_WSIZE_DC) ? "*" : "", 341 fpadd.fp_wsize, 342 fpadd.fp_ttl, 343 (fpadd.fp_flags & PF_OSFP_DF) ? 1 : 0, 344 (fpadd.fp_flags & PF_OSFP_PSIZE_MOD) ? "%" : 345 (fpadd.fp_flags & PF_OSFP_PSIZE_DC) ? "*" : "", 346 fpadd.fp_psize, 347 (long long int)fpadd.fp_tcpopts, fpadd.fp_optcnt, 348 (fpadd.fp_flags & PF_OSFP_TS0) ? "0" : "", 349 (fpadd.fp_flags & PF_OSFP_MSS_MOD) ? "%" : 350 (fpadd.fp_flags & PF_OSFP_MSS_DC) ? "*" : "", 351 fpadd.fp_mss, 352 (fpadd.fp_flags & PF_OSFP_WSCALE_MOD) ? "%" : 353 (fpadd.fp_flags & PF_OSFP_WSCALE_DC) ? "*" : "", 354 fpadd.fp_wscale, 355 fpioc->fp_os.fp_os); 356 357 358 if ((fp = pf_osfp_find_exact(&pf_osfp_list, &fpadd))) { 359 SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) { 360 if (PF_OSFP_ENTRY_EQ(entry, &fpioc->fp_os)) 361 return (EEXIST); 362 } 363 if ((entry = pool_get(&pf_osfp_entry_pl, PR_WAITOK)) == NULL) 364 return (ENOMEM); 365 } else { 366 if ((fp = pool_get(&pf_osfp_pl, PR_WAITOK)) == NULL) 367 return (ENOMEM); 368 memset(fp, 0, sizeof (*fp)); 369 fp->fp_tcpopts = fpioc->fp_tcpopts; 370 fp->fp_wsize = fpioc->fp_wsize; 371 fp->fp_psize = fpioc->fp_psize; 372 fp->fp_mss = fpioc->fp_mss; 373 fp->fp_flags = fpioc->fp_flags; 374 fp->fp_optcnt = fpioc->fp_optcnt; 375 fp->fp_wscale = fpioc->fp_wscale; 376 fp->fp_ttl = fpioc->fp_ttl; 377 SLIST_INIT(&fp->fp_oses); 378 if ((entry = pool_get(&pf_osfp_entry_pl, PR_WAITOK)) == NULL) { 379 pool_put(&pf_osfp_pl, fp); 380 return (ENOMEM); 381 } 382 pf_osfp_insert(&pf_osfp_list, fp); 383 } 384 memcpy(entry, &fpioc->fp_os, sizeof (*entry)); 385 386 /* Make sure the strings are NUL terminated */ 387 entry->fp_class_nm[sizeof (entry->fp_class_nm)-1] = '\0'; 388 entry->fp_version_nm[sizeof (entry->fp_version_nm)-1] = '\0'; 389 entry->fp_subtype_nm[sizeof (entry->fp_subtype_nm)-1] = '\0'; 390 391 SLIST_INSERT_HEAD(&fp->fp_oses, entry, fp_entry); 392 393#ifdef PFDEBUG 394 if ((fp = pf_osfp_validate())) 395 printf("Invalid fingerprint list\n"); 396#endif /* PFDEBUG */ 397 return (0); 398} 399 400 401/* Find a fingerprint in the list */ 402struct pf_os_fingerprint * 403pf_osfp_find(struct pf_osfp_list *list, struct pf_os_fingerprint *find, 404 u_int8_t ttldiff) 405{ 406 struct pf_os_fingerprint *f; 407 408#define MATCH_INT(_MOD, _DC, _field) \ 409 if ((f->fp_flags & _DC) == 0) { \ 410 if ((f->fp_flags & _MOD) == 0) { \ 411 if (f->_field != find->_field) \ 412 continue; \ 413 } else { \ 414 if (f->_field == 0 || find->_field % f->_field) \ 415 continue; \ 416 } \ 417 } 418 419 SLIST_FOREACH(f, list, fp_next) { 420 if (f->fp_tcpopts != find->fp_tcpopts || 421 f->fp_optcnt != find->fp_optcnt || 422 f->fp_ttl < find->fp_ttl || 423 f->fp_ttl - find->fp_ttl > ttldiff || 424 (f->fp_flags & (PF_OSFP_DF|PF_OSFP_TS0)) != 425 (find->fp_flags & (PF_OSFP_DF|PF_OSFP_TS0))) 426 continue; 427 428 MATCH_INT(PF_OSFP_PSIZE_MOD, PF_OSFP_PSIZE_DC, fp_psize) 429 MATCH_INT(PF_OSFP_MSS_MOD, PF_OSFP_MSS_DC, fp_mss) 430 MATCH_INT(PF_OSFP_WSCALE_MOD, PF_OSFP_WSCALE_DC, fp_wscale) 431 if ((f->fp_flags & PF_OSFP_WSIZE_DC) == 0) { 432 if (f->fp_flags & PF_OSFP_WSIZE_MSS) { 433 if (find->fp_mss == 0) 434 continue; 435 436/* 437 * Some "smart" NAT devices and DSL routers will tweak the MSS size and 438 * will set it to whatever is suitable for the link type. 439 */ 440#define SMART_MSS 1460 441 if ((find->fp_wsize % find->fp_mss || 442 find->fp_wsize / find->fp_mss != 443 f->fp_wsize) && 444 (find->fp_wsize % SMART_MSS || 445 find->fp_wsize / SMART_MSS != 446 f->fp_wsize)) 447 continue; 448 } else if (f->fp_flags & PF_OSFP_WSIZE_MTU) { 449 if (find->fp_mss == 0) 450 continue; 451 452#define MTUOFF (sizeof (struct ip) + sizeof (struct tcphdr)) 453#define SMART_MTU (SMART_MSS + MTUOFF) 454 if ((find->fp_wsize % (find->fp_mss + MTUOFF) || 455 find->fp_wsize / (find->fp_mss + MTUOFF) != 456 f->fp_wsize) && 457 (find->fp_wsize % SMART_MTU || 458 find->fp_wsize / SMART_MTU != 459 f->fp_wsize)) 460 continue; 461 } else if (f->fp_flags & PF_OSFP_WSIZE_MOD) { 462 if (f->fp_wsize == 0 || find->fp_wsize % 463 f->fp_wsize) 464 continue; 465 } else { 466 if (f->fp_wsize != find->fp_wsize) 467 continue; 468 } 469 } 470 return (f); 471 } 472 473 return (NULL); 474} 475 476/* Find an exact fingerprint in the list */ 477struct pf_os_fingerprint * 478pf_osfp_find_exact(struct pf_osfp_list *list, struct pf_os_fingerprint *find) 479{ 480 struct pf_os_fingerprint *f; 481 482 SLIST_FOREACH(f, list, fp_next) { 483 if (f->fp_tcpopts == find->fp_tcpopts && 484 f->fp_wsize == find->fp_wsize && 485 f->fp_psize == find->fp_psize && 486 f->fp_mss == find->fp_mss && 487 f->fp_flags == find->fp_flags && 488 f->fp_optcnt == find->fp_optcnt && 489 f->fp_wscale == find->fp_wscale && 490 f->fp_ttl == find->fp_ttl) 491 return (f); 492 } 493 494 return (NULL); 495} 496 497/* Insert a fingerprint into the list */ 498void 499pf_osfp_insert(struct pf_osfp_list *list, struct pf_os_fingerprint *ins) 500{ 501 struct pf_os_fingerprint *f, *prev = NULL; 502 503 /* XXX need to go semi tree based. can key on tcp options */ 504 505 SLIST_FOREACH(f, list, fp_next) 506 prev = f; 507 if (prev) 508 SLIST_INSERT_AFTER(prev, ins, fp_next); 509 else 510 SLIST_INSERT_HEAD(list, ins, fp_next); 511} 512 513/* Fill a fingerprint by its number (from an ioctl) */ 514int 515pf_osfp_get(struct pf_osfp_ioctl *fpioc) 516{ 517 struct pf_os_fingerprint *fp; 518 struct pf_osfp_entry *entry; 519 int num = fpioc->fp_getnum; 520 int i = 0; 521 522 523 memset(fpioc, 0, sizeof (*fpioc)); 524 SLIST_FOREACH(fp, &pf_osfp_list, fp_next) { 525 SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) { 526 if (i++ == num) { 527 fpioc->fp_mss = fp->fp_mss; 528 fpioc->fp_wsize = fp->fp_wsize; 529 fpioc->fp_flags = fp->fp_flags; 530 fpioc->fp_psize = fp->fp_psize; 531 fpioc->fp_ttl = fp->fp_ttl; 532 fpioc->fp_wscale = fp->fp_wscale; 533 fpioc->fp_getnum = num; 534 memcpy(&fpioc->fp_os, entry, 535 sizeof (fpioc->fp_os)); 536 fpioc->fp_os.fp_entry.sle_next = NULL; 537 return (0); 538 } 539 } 540 } 541 542 return (EBUSY); 543} 544 545 546/* Validate that each signature is reachable */ 547struct pf_os_fingerprint * 548pf_osfp_validate(void) 549{ 550 struct pf_os_fingerprint *f, *f2, find; 551 552 SLIST_FOREACH(f, &pf_osfp_list, fp_next) { 553 memcpy(&find, f, sizeof (find)); 554 555 /* We do a few MSS/th_win percolations to make things unique */ 556 if (find.fp_mss == 0) 557 find.fp_mss = 128; 558 if (f->fp_flags & PF_OSFP_WSIZE_MSS) 559 find.fp_wsize *= find.fp_mss; 560 else if (f->fp_flags & PF_OSFP_WSIZE_MTU) 561 find.fp_wsize *= (find.fp_mss + 40); 562 else if (f->fp_flags & PF_OSFP_WSIZE_MOD) 563 find.fp_wsize *= 2; 564 if (f != (f2 = pf_osfp_find(&pf_osfp_list, &find, 0))) { 565 if (f2) 566 printf("Found \"%s %s %s\" instead of " 567 "\"%s %s %s\"\n", 568 SLIST_FIRST(&f2->fp_oses)->fp_class_nm, 569 SLIST_FIRST(&f2->fp_oses)->fp_version_nm, 570 SLIST_FIRST(&f2->fp_oses)->fp_subtype_nm, 571 SLIST_FIRST(&f->fp_oses)->fp_class_nm, 572 SLIST_FIRST(&f->fp_oses)->fp_version_nm, 573 SLIST_FIRST(&f->fp_oses)->fp_subtype_nm); 574 else 575 printf("Couldn't find \"%s %s %s\"\n", 576 SLIST_FIRST(&f->fp_oses)->fp_class_nm, 577 SLIST_FIRST(&f->fp_oses)->fp_version_nm, 578 SLIST_FIRST(&f->fp_oses)->fp_subtype_nm); 579 return (f); 580 } 581 } 582 return (NULL); 583} 584