Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF.

Exposes the source IP's operating system to the filter language.
Interesting policy decisions are now enforceable:
.	block proto tcp from any os SCO
.	block proto tcp from any os Windows to any port smtp
.	rdr ... from any os "Windows 98" to port WWW -> 127.0.0.1 port 8001

1 files changed, 18 insertions, 1 deletions

diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index b8331a5b725..88047e59732 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_parser.h,v 1.66 2003/07/31 22:25:54 cedric Exp $ */
+/*	$OpenBSD: pfctl_parser.h,v 1.67 2003/08/21 19:12:09 frantzen Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -33,6 +33,8 @@
 #ifndef _PFCTL_PARSER_H_
 #define _PFCTL_PARSER_H_
 
+#define PF_OSFP_FILE		"/etc/pf.os"
+
 #define PF_OPT_DISABLE		0x0001
 #define PF_OPT_ENABLE		0x0002
 #define PF_OPT_VERBOSE		0x0004
@@ -97,6 +99,13 @@ struct node_host {
 	struct node_host	*tail;
 };
 
+struct node_os {
+	char			*os;
+	pf_osfp_t		 fingerprint;
+	struct node_os		*next;
+	struct node_os		*tail;
+};
+
 struct node_queue_bw {
 	u_int32_t	bw_absolute;
 	u_int16_t	bw_percent;
@@ -168,6 +177,14 @@ void	 print_queue(const struct pf_altq *, unsigned, struct node_queue_bw *,
 int	pfctl_define_table(char *, int, int, const char *, const char *,
 	    struct pfr_buffer *, u_int32_t);
 
+void		 pfctl_clear_fingerprints(int, int);
+int		 pfctl_file_fingerprints(int, int, const char *);
+pf_osfp_t	 pfctl_get_fingerprint(const char *);
+int		 pfctl_load_fingerprints(int, int);
+char		*pfctl_lookup_fingerprint(pf_osfp_t, char *, size_t);
+void		 pfctl_show_fingerprints(int);
+
+
 struct icmptypeent {
 	const char *name;
 	u_int8_t type;