1 /* $OpenBSD: pf_osfp.c,v 1.15 2008/06/14 02:22:13 henning Exp $ */ 2 3 /* 4 * Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 * 18 */ 19 20 #include <sys/param.h> 21 #include <sys/socket.h> 22 #ifdef _KERNEL 23 # include <sys/systm.h> 24 #include <sys/pool.h> 25 #endif /* _KERNEL */ 26 #include <sys/mbuf.h> 27 28 #include <netinet/in.h> 29 #include <netinet/in_systm.h> 30 #include <netinet/ip.h> 31 #include <netinet/tcp.h> 32 33 #include <net/if.h> 34 #include <net/pfvar.h> 35 36 #include <netinet/ip6.h> 37 #ifdef _KERNEL 38 #include <netinet6/in6_var.h> 39 #endif 40 41 42 #ifdef _KERNEL 43 # define DPFPRINTF(format, x...) \ 44 if (pf_status.debug >= PF_DEBUG_NOISY) \ 45 printf(format , ##x) 46 typedef struct pool pool_t; 47 48 #else 49 /* Userland equivalents so we can lend code to tcpdump et al. */ 50 51 # include <arpa/inet.h> 52 # include <errno.h> 53 # include <stdio.h> 54 # include <stdlib.h> 55 # include <string.h> 56 # include <netdb.h> 57 # define pool_t int 58 # define pool_get(pool, flags) malloc(*(pool)) 59 # define pool_put(pool, item) free(item) 60 # define pool_init(pool, size, a, ao, f, m, p) (*(pool)) = (size) 61 62 # ifdef PFDEBUG 63 # include <sys/stdarg.h> 64 # define DPFPRINTF(format, x...) fprintf(stderr, format , ##x) 65 # else 66 # define DPFPRINTF(format, x...) ((void)0) 67 # endif /* PFDEBUG */ 68 #endif /* _KERNEL */ 69 70 71 SLIST_HEAD(pf_osfp_list, pf_os_fingerprint) pf_osfp_list; 72 pool_t pf_osfp_entry_pl; 73 pool_t pf_osfp_pl; 74 75 struct pf_os_fingerprint *pf_osfp_find(struct pf_osfp_list *, 76 struct pf_os_fingerprint *, u_int8_t); 77 struct pf_os_fingerprint *pf_osfp_find_exact(struct pf_osfp_list *, 78 struct pf_os_fingerprint *); 79 void pf_osfp_insert(struct pf_osfp_list *, 80 struct pf_os_fingerprint *); 81 82 83 #ifdef _KERNEL 84 /* 85 * Passively fingerprint the OS of the host (IPv4 TCP SYN packets only) 86 * Returns the list of possible OSes. 87 */ 88 struct pf_osfp_enlist * 89 pf_osfp_fingerprint(struct pf_pdesc *pd, struct mbuf *m, int off, 90 const struct tcphdr *tcp) 91 { 92 struct ip *ip; 93 struct ip6_hdr *ip6; 94 char hdr[60]; 95 96 if ((pd->af != PF_INET && pd->af != PF_INET6) || 97 pd->proto != IPPROTO_TCP || (tcp->th_off << 2) < sizeof(*tcp)) 98 return (NULL); 99 100 if (pd->af == PF_INET) { 101 ip = mtod(m, struct ip *); 102 ip6 = (struct ip6_hdr *)NULL; 103 } else { 104 ip = (struct ip *)NULL; 105 ip6 = mtod(m, struct ip6_hdr *); 106 } 107 if (!pf_pull_hdr(m, off, hdr, tcp->th_off << 2, NULL, NULL, 108 pd->af)) return (NULL); 109 110 return (pf_osfp_fingerprint_hdr(ip, ip6, (struct tcphdr *)hdr)); 111 } 112 #endif /* _KERNEL */ 113 114 struct pf_osfp_enlist * 115 pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const struct tcphdr *tcp) 116 { 117 struct pf_os_fingerprint fp, *fpresult; 118 int cnt, optlen = 0; 119 const u_int8_t *optp; 120 #ifdef _KERNEL 121 char srcname[128]; 122 #else 123 char srcname[NI_MAXHOST]; 124 #endif 125 126 if ((tcp->th_flags & (TH_SYN|TH_ACK)) != TH_SYN) 127 return (NULL); 128 if (ip) { 129 if ((ip->ip_off & htons(IP_OFFMASK)) != 0) 130 return (NULL); 131 } 132 133 memset(&fp, 0, sizeof(fp)); 134 135 if (ip) { 136 #ifndef _KERNEL 137 struct sockaddr_in sin; 138 #endif 139 140 fp.fp_psize = ntohs(ip->ip_len); 141 fp.fp_ttl = ip->ip_ttl; 142 if (ip->ip_off & htons(IP_DF)) 143 fp.fp_flags |= PF_OSFP_DF; 144 #ifdef _KERNEL 145 strlcpy(srcname, inet_ntoa(ip->ip_src), sizeof(srcname)); 146 #else 147 memset(&sin, 0, sizeof(sin)); 148 sin.sin_family = AF_INET; 149 sin.sin_len = sizeof(struct sockaddr_in); 150 sin.sin_addr = ip->ip_src; 151 (void)getnameinfo((struct sockaddr *)&sin, 152 sizeof(struct sockaddr_in), srcname, sizeof(srcname), 153 NULL, 0, NI_NUMERICHOST); 154 #endif 155 } 156 #ifdef INET6 157 else if (ip6) { 158 #ifndef _KERNEL 159 struct sockaddr_in6 sin6; 160 #endif 161 162 /* jumbo payload? */ 163 fp.fp_psize = sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen); 164 fp.fp_ttl = ip6->ip6_hlim; 165 fp.fp_flags |= PF_OSFP_DF; 166 fp.fp_flags |= PF_OSFP_INET6; 167 #ifdef _KERNEL 168 strlcpy(srcname, ip6_sprintf((struct in6_addr *)&ip6->ip6_src), 169 sizeof(srcname)); 170 #else 171 memset(&sin6, 0, sizeof(sin6)); 172 sin6.sin6_family = AF_INET6; 173 sin6.sin6_len = sizeof(struct sockaddr_in6); 174 sin6.sin6_addr = ip6->ip6_src; 175 (void)getnameinfo((struct sockaddr *)&sin6, 176 sizeof(struct sockaddr_in6), srcname, sizeof(srcname), 177 NULL, 0, NI_NUMERICHOST); 178 #endif 179 } 180 #endif 181 else 182 return (NULL); 183 fp.fp_wsize = ntohs(tcp->th_win); 184 185 186 cnt = (tcp->th_off << 2) - sizeof(*tcp); 187 optp = (const u_int8_t *)((const char *)tcp + sizeof(*tcp)); 188 for (; cnt > 0; cnt -= optlen, optp += optlen) { 189 if (*optp == TCPOPT_EOL) 190 break; 191 192 fp.fp_optcnt++; 193 if (*optp == TCPOPT_NOP) { 194 fp.fp_tcpopts = (fp.fp_tcpopts << PF_OSFP_TCPOPT_BITS) | 195 PF_OSFP_TCPOPT_NOP; 196 optlen = 1; 197 } else { 198 if (cnt < 2) 199 return (NULL); 200 optlen = optp[1]; 201 if (optlen > cnt || optlen < 2) 202 return (NULL); 203 switch (*optp) { 204 case TCPOPT_MAXSEG: 205 if (optlen >= TCPOLEN_MAXSEG) 206 memcpy(&fp.fp_mss, &optp[2], 207 sizeof(fp.fp_mss)); 208 fp.fp_tcpopts = (fp.fp_tcpopts << 209 PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_MSS; 210 NTOHS(fp.fp_mss); 211 break; 212 case TCPOPT_WINDOW: 213 if (optlen >= TCPOLEN_WINDOW) 214 memcpy(&fp.fp_wscale, &optp[2], 215 sizeof(fp.fp_wscale)); 216 NTOHS(fp.fp_wscale); 217 fp.fp_tcpopts = (fp.fp_tcpopts << 218 PF_OSFP_TCPOPT_BITS) | 219 PF_OSFP_TCPOPT_WSCALE; 220 break; 221 case TCPOPT_SACK_PERMITTED: 222 fp.fp_tcpopts = (fp.fp_tcpopts << 223 PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_SACK; 224 break; 225 case TCPOPT_TIMESTAMP: 226 if (optlen >= TCPOLEN_TIMESTAMP) { 227 u_int32_t ts; 228 memcpy(&ts, &optp[2], sizeof(ts)); 229 if (ts == 0) 230 fp.fp_flags |= PF_OSFP_TS0; 231 232 } 233 fp.fp_tcpopts = (fp.fp_tcpopts << 234 PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_TS; 235 break; 236 default: 237 return (NULL); 238 } 239 } 240 optlen = MAX(optlen, 1); /* paranoia */ 241 } 242 243 DPFPRINTF("fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) " 244 "(TS=%s,M=%s%d,W=%s%d)\n", 245 srcname, ntohs(tcp->th_sport), 246 fp.fp_wsize, fp.fp_ttl, (fp.fp_flags & PF_OSFP_DF) != 0, 247 fp.fp_psize, (long long int)fp.fp_tcpopts, fp.fp_optcnt, 248 (fp.fp_flags & PF_OSFP_TS0) ? "0" : "", 249 (fp.fp_flags & PF_OSFP_MSS_MOD) ? "%" : 250 (fp.fp_flags & PF_OSFP_MSS_DC) ? "*" : "", 251 fp.fp_mss, 252 (fp.fp_flags & PF_OSFP_WSCALE_MOD) ? "%" : 253 (fp.fp_flags & PF_OSFP_WSCALE_DC) ? "*" : "", 254 fp.fp_wscale); 255 256 if ((fpresult = pf_osfp_find(&pf_osfp_list, &fp, 257 PF_OSFP_MAXTTL_OFFSET))) 258 return (&fpresult->fp_oses); 259 return (NULL); 260 } 261 262 /* Match a fingerprint ID against a list of OSes */ 263 int 264 pf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os) 265 { 266 struct pf_osfp_entry *entry; 267 int os_class, os_version, os_subtype; 268 int en_class, en_version, en_subtype; 269 270 if (os == PF_OSFP_ANY) 271 return (1); 272 if (list == NULL) { 273 DPFPRINTF("osfp no match against %x\n", os); 274 return (os == PF_OSFP_UNKNOWN); 275 } 276 PF_OSFP_UNPACK(os, os_class, os_version, os_subtype); 277 SLIST_FOREACH(entry, list, fp_entry) { 278 PF_OSFP_UNPACK(entry->fp_os, en_class, en_version, en_subtype); 279 if ((os_class == PF_OSFP_ANY || en_class == os_class) && 280 (os_version == PF_OSFP_ANY || en_version == os_version) && 281 (os_subtype == PF_OSFP_ANY || en_subtype == os_subtype)) { 282 DPFPRINTF("osfp matched %s %s %s %x==%x\n", 283 entry->fp_class_nm, entry->fp_version_nm, 284 entry->fp_subtype_nm, os, entry->fp_os); 285 return (1); 286 } 287 } 288 DPFPRINTF("fingerprint 0x%x didn't match\n", os); 289 return (0); 290 } 291 292 /* Initialize the OS fingerprint system */ 293 void 294 pf_osfp_initialize(void) 295 { 296 pool_init(&pf_osfp_entry_pl, sizeof(struct pf_osfp_entry), 0, 0, 0, 297 "pfosfpen", &pool_allocator_nointr); 298 pool_init(&pf_osfp_pl, sizeof(struct pf_os_fingerprint), 0, 0, 0, 299 "pfosfp", &pool_allocator_nointr); 300 SLIST_INIT(&pf_osfp_list); 301 } 302 303 /* Flush the fingerprint list */ 304 void 305 pf_osfp_flush(void) 306 { 307 struct pf_os_fingerprint *fp; 308 struct pf_osfp_entry *entry; 309 310 while ((fp = SLIST_FIRST(&pf_osfp_list))) { 311 SLIST_REMOVE_HEAD(&pf_osfp_list, fp_next); 312 while ((entry = SLIST_FIRST(&fp->fp_oses))) { 313 SLIST_REMOVE_HEAD(&fp->fp_oses, fp_entry); 314 pool_put(&pf_osfp_entry_pl, entry); 315 } 316 pool_put(&pf_osfp_pl, fp); 317 } 318 } 319 320 321 /* Add a fingerprint */ 322 int 323 pf_osfp_add(struct pf_osfp_ioctl *fpioc) 324 { 325 struct pf_os_fingerprint *fp, fpadd; 326 struct pf_osfp_entry *entry; 327 328 memset(&fpadd, 0, sizeof(fpadd)); 329 fpadd.fp_tcpopts = fpioc->fp_tcpopts; 330 fpadd.fp_wsize = fpioc->fp_wsize; 331 fpadd.fp_psize = fpioc->fp_psize; 332 fpadd.fp_mss = fpioc->fp_mss; 333 fpadd.fp_flags = fpioc->fp_flags; 334 fpadd.fp_optcnt = fpioc->fp_optcnt; 335 fpadd.fp_wscale = fpioc->fp_wscale; 336 fpadd.fp_ttl = fpioc->fp_ttl; 337 338 #if 0 /* XXX RYAN wants to fix logging */ 339 DPFPRINTF("adding osfp %s %s %s = %s%d:%d:%d:%s%d:0x%llx %d " 340 "(TS=%s,M=%s%d,W=%s%d) %x\n", 341 fpioc->fp_os.fp_class_nm, fpioc->fp_os.fp_version_nm, 342 fpioc->fp_os.fp_subtype_nm, 343 (fpadd.fp_flags & PF_OSFP_WSIZE_MOD) ? "%" : 344 (fpadd.fp_flags & PF_OSFP_WSIZE_MSS) ? "S" : 345 (fpadd.fp_flags & PF_OSFP_WSIZE_MTU) ? "T" : 346 (fpadd.fp_flags & PF_OSFP_WSIZE_DC) ? "*" : "", 347 fpadd.fp_wsize, 348 fpadd.fp_ttl, 349 (fpadd.fp_flags & PF_OSFP_DF) ? 1 : 0, 350 (fpadd.fp_flags & PF_OSFP_PSIZE_MOD) ? "%" : 351 (fpadd.fp_flags & PF_OSFP_PSIZE_DC) ? "*" : "", 352 fpadd.fp_psize, 353 (long long int)fpadd.fp_tcpopts, fpadd.fp_optcnt, 354 (fpadd.fp_flags & PF_OSFP_TS0) ? "0" : "", 355 (fpadd.fp_flags & PF_OSFP_MSS_MOD) ? "%" : 356 (fpadd.fp_flags & PF_OSFP_MSS_DC) ? "*" : "", 357 fpadd.fp_mss, 358 (fpadd.fp_flags & PF_OSFP_WSCALE_MOD) ? "%" : 359 (fpadd.fp_flags & PF_OSFP_WSCALE_DC) ? "*" : "", 360 fpadd.fp_wscale, 361 fpioc->fp_os.fp_os); 362 #endif 363 364 if ((fp = pf_osfp_find_exact(&pf_osfp_list, &fpadd))) { 365 SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) { 366 if (PF_OSFP_ENTRY_EQ(entry, &fpioc->fp_os)) 367 return (EEXIST); 368 } 369 if ((entry = pool_get(&pf_osfp_entry_pl, 370 PR_WAITOK|PR_LIMITFAIL)) == NULL) 371 return (ENOMEM); 372 } else { 373 if ((fp = pool_get(&pf_osfp_pl, 374 PR_WAITOK|PR_LIMITFAIL)) == NULL) 375 return (ENOMEM); 376 memset(fp, 0, sizeof(*fp)); 377 fp->fp_tcpopts = fpioc->fp_tcpopts; 378 fp->fp_wsize = fpioc->fp_wsize; 379 fp->fp_psize = fpioc->fp_psize; 380 fp->fp_mss = fpioc->fp_mss; 381 fp->fp_flags = fpioc->fp_flags; 382 fp->fp_optcnt = fpioc->fp_optcnt; 383 fp->fp_wscale = fpioc->fp_wscale; 384 fp->fp_ttl = fpioc->fp_ttl; 385 SLIST_INIT(&fp->fp_oses); 386 if ((entry = pool_get(&pf_osfp_entry_pl, 387 PR_WAITOK|PR_LIMITFAIL)) == NULL) { 388 pool_put(&pf_osfp_pl, fp); 389 return (ENOMEM); 390 } 391 pf_osfp_insert(&pf_osfp_list, fp); 392 } 393 memcpy(entry, &fpioc->fp_os, sizeof(*entry)); 394 395 /* Make sure the strings are NUL terminated */ 396 entry->fp_class_nm[sizeof(entry->fp_class_nm)-1] = '\0'; 397 entry->fp_version_nm[sizeof(entry->fp_version_nm)-1] = '\0'; 398 entry->fp_subtype_nm[sizeof(entry->fp_subtype_nm)-1] = '\0'; 399 400 SLIST_INSERT_HEAD(&fp->fp_oses, entry, fp_entry); 401 402 #ifdef PFDEBUG 403 if ((fp = pf_osfp_validate())) 404 printf("Invalid fingerprint list\n"); 405 #endif /* PFDEBUG */ 406 return (0); 407 } 408 409 410 /* Find a fingerprint in the list */ 411 struct pf_os_fingerprint * 412 pf_osfp_find(struct pf_osfp_list *list, struct pf_os_fingerprint *find, 413 u_int8_t ttldiff) 414 { 415 struct pf_os_fingerprint *f; 416 417 #define MATCH_INT(_MOD, _DC, _field) \ 418 if ((f->fp_flags & _DC) == 0) { \ 419 if ((f->fp_flags & _MOD) == 0) { \ 420 if (f->_field != find->_field) \ 421 continue; \ 422 } else { \ 423 if (f->_field == 0 || find->_field % f->_field) \ 424 continue; \ 425 } \ 426 } 427 428 SLIST_FOREACH(f, list, fp_next) { 429 if (f->fp_tcpopts != find->fp_tcpopts || 430 f->fp_optcnt != find->fp_optcnt || 431 f->fp_ttl < find->fp_ttl || 432 f->fp_ttl - find->fp_ttl > ttldiff || 433 (f->fp_flags & (PF_OSFP_DF|PF_OSFP_TS0)) != 434 (find->fp_flags & (PF_OSFP_DF|PF_OSFP_TS0))) 435 continue; 436 437 MATCH_INT(PF_OSFP_PSIZE_MOD, PF_OSFP_PSIZE_DC, fp_psize) 438 MATCH_INT(PF_OSFP_MSS_MOD, PF_OSFP_MSS_DC, fp_mss) 439 MATCH_INT(PF_OSFP_WSCALE_MOD, PF_OSFP_WSCALE_DC, fp_wscale) 440 if ((f->fp_flags & PF_OSFP_WSIZE_DC) == 0) { 441 if (f->fp_flags & PF_OSFP_WSIZE_MSS) { 442 if (find->fp_mss == 0) 443 continue; 444 445 /* Some "smart" NAT devices and DSL routers will tweak the MSS size and 446 * will set it to whatever is suitable for the link type. 447 */ 448 #define SMART_MSS 1460 449 if ((find->fp_wsize % find->fp_mss || 450 find->fp_wsize / find->fp_mss != 451 f->fp_wsize) && 452 (find->fp_wsize % SMART_MSS || 453 find->fp_wsize / SMART_MSS != 454 f->fp_wsize)) 455 continue; 456 } else if (f->fp_flags & PF_OSFP_WSIZE_MTU) { 457 if (find->fp_mss == 0) 458 continue; 459 460 #define MTUOFF (sizeof(struct ip) + sizeof(struct tcphdr)) 461 #define SMART_MTU (SMART_MSS + MTUOFF) 462 if ((find->fp_wsize % (find->fp_mss + MTUOFF) || 463 find->fp_wsize / (find->fp_mss + MTUOFF) != 464 f->fp_wsize) && 465 (find->fp_wsize % SMART_MTU || 466 find->fp_wsize / SMART_MTU != 467 f->fp_wsize)) 468 continue; 469 } else if (f->fp_flags & PF_OSFP_WSIZE_MOD) { 470 if (f->fp_wsize == 0 || find->fp_wsize % 471 f->fp_wsize) 472 continue; 473 } else { 474 if (f->fp_wsize != find->fp_wsize) 475 continue; 476 } 477 } 478 return (f); 479 } 480 481 return (NULL); 482 } 483 484 /* Find an exact fingerprint in the list */ 485 struct pf_os_fingerprint * 486 pf_osfp_find_exact(struct pf_osfp_list *list, struct pf_os_fingerprint *find) 487 { 488 struct pf_os_fingerprint *f; 489 490 SLIST_FOREACH(f, list, fp_next) { 491 if (f->fp_tcpopts == find->fp_tcpopts && 492 f->fp_wsize == find->fp_wsize && 493 f->fp_psize == find->fp_psize && 494 f->fp_mss == find->fp_mss && 495 f->fp_flags == find->fp_flags && 496 f->fp_optcnt == find->fp_optcnt && 497 f->fp_wscale == find->fp_wscale && 498 f->fp_ttl == find->fp_ttl) 499 return (f); 500 } 501 502 return (NULL); 503 } 504 505 /* Insert a fingerprint into the list */ 506 void 507 pf_osfp_insert(struct pf_osfp_list *list, struct pf_os_fingerprint *ins) 508 { 509 struct pf_os_fingerprint *f, *prev = NULL; 510 511 /* XXX need to go semi tree based. can key on tcp options */ 512 513 SLIST_FOREACH(f, list, fp_next) 514 prev = f; 515 if (prev) 516 SLIST_INSERT_AFTER(prev, ins, fp_next); 517 else 518 SLIST_INSERT_HEAD(list, ins, fp_next); 519 } 520 521 /* Fill a fingerprint by its number (from an ioctl) */ 522 int 523 pf_osfp_get(struct pf_osfp_ioctl *fpioc) 524 { 525 struct pf_os_fingerprint *fp; 526 struct pf_osfp_entry *entry; 527 int num = fpioc->fp_getnum; 528 int i = 0; 529 530 531 memset(fpioc, 0, sizeof(*fpioc)); 532 SLIST_FOREACH(fp, &pf_osfp_list, fp_next) { 533 SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) { 534 if (i++ == num) { 535 fpioc->fp_mss = fp->fp_mss; 536 fpioc->fp_wsize = fp->fp_wsize; 537 fpioc->fp_flags = fp->fp_flags; 538 fpioc->fp_psize = fp->fp_psize; 539 fpioc->fp_ttl = fp->fp_ttl; 540 fpioc->fp_wscale = fp->fp_wscale; 541 fpioc->fp_getnum = num; 542 memcpy(&fpioc->fp_os, entry, 543 sizeof(fpioc->fp_os)); 544 return (0); 545 } 546 } 547 } 548 549 return (EBUSY); 550 } 551 552 553 /* Validate that each signature is reachable */ 554 struct pf_os_fingerprint * 555 pf_osfp_validate(void) 556 { 557 struct pf_os_fingerprint *f, *f2, find; 558 559 SLIST_FOREACH(f, &pf_osfp_list, fp_next) { 560 memcpy(&find, f, sizeof(find)); 561 562 /* We do a few MSS/th_win percolations to make things unique */ 563 if (find.fp_mss == 0) 564 find.fp_mss = 128; 565 if (f->fp_flags & PF_OSFP_WSIZE_MSS) 566 find.fp_wsize *= find.fp_mss, 1; 567 else if (f->fp_flags & PF_OSFP_WSIZE_MTU) 568 find.fp_wsize *= (find.fp_mss + 40); 569 else if (f->fp_flags & PF_OSFP_WSIZE_MOD) 570 find.fp_wsize *= 2; 571 if (f != (f2 = pf_osfp_find(&pf_osfp_list, &find, 0))) { 572 if (f2) 573 printf("Found \"%s %s %s\" instead of " 574 "\"%s %s %s\"\n", 575 SLIST_FIRST(&f2->fp_oses)->fp_class_nm, 576 SLIST_FIRST(&f2->fp_oses)->fp_version_nm, 577 SLIST_FIRST(&f2->fp_oses)->fp_subtype_nm, 578 SLIST_FIRST(&f->fp_oses)->fp_class_nm, 579 SLIST_FIRST(&f->fp_oses)->fp_version_nm, 580 SLIST_FIRST(&f->fp_oses)->fp_subtype_nm); 581 else 582 printf("Couldn't find \"%s %s %s\"\n", 583 SLIST_FIRST(&f->fp_oses)->fp_class_nm, 584 SLIST_FIRST(&f->fp_oses)->fp_version_nm, 585 SLIST_FIRST(&f->fp_oses)->fp_subtype_nm); 586 return (f); 587 } 588 } 589 return (NULL); 590 } 591