diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2010-10-18 15:55:29 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2010-10-18 15:55:29 +0000 |
| commit | 7c76fe39b0ea0e0db4feae4418483f5aa47950a1 (patch) | |
| tree | abb007371984f4fdff4c4fe8e33cc7ddd9269d21 /sys/net/pf_osfp.c | |
| parent | 3d1634637f6e87c718745cd3caec861385ade45e (diff) | |
Revert non-compatible and undocumented bullshit commited by 3 developers
who decided to just do it on their own. henning, mcbride, jsing -- shame
on you -- if you had shown this diff to just 1 other network developer,
the astounding mistake in it would have been noticed. Start practicing
inclusionary development instead of going alone.
ok claudio
Diffstat (limited to 'sys/net/pf_osfp.c')
| -rw-r--r-- | sys/net/pf_osfp.c | 42 |
1 files changed, 9 insertions, 33 deletions
diff --git a/sys/net/pf_osfp.c b/sys/net/pf_osfp.c index 31c766c16a2..853ea1ce73f 100644 --- a/sys/net/pf_osfp.c +++ b/sys/net/pf_osfp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_osfp.c,v 1.20 2010/10/17 12:14:28 jsing Exp $ */ +/* $OpenBSD: pf_osfp.c,v 1.21 2010/10/18 15:55:28 deraadt Exp $ */ /* * Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org> @@ -111,7 +111,7 @@ struct pf_osfp_enlist * pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const struct tcphdr *tcp) { struct pf_os_fingerprint fp, *fpresult; - int cnt, tscnt = 0, optlen = 0; + int cnt, optlen = 0; const u_int8_t *optp; #ifdef _KERNEL char srcname[128]; @@ -137,10 +137,6 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st fp.fp_ttl = ip->ip_ttl; if (ip->ip_off & htons(IP_DF)) fp.fp_flags |= PF_OSFP_DF; - if (ip->ip_hl > 5) - fp.fp_quirks |= PF_OSFP_QUIRK_IPOPT; - if (ip->ip_id == 0) - fp.fp_quirks |= PF_OSFP_QUIRK_ZEROID; #ifdef _KERNEL strlcpy(srcname, inet_ntoa(ip->ip_src), sizeof(srcname)); #else @@ -182,19 +178,6 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st return (NULL); fp.fp_wsize = ntohs(tcp->th_win); - /* Set quirks flags. */ - if (tcp->th_seq == tcp->th_ack) - fp.fp_quirks |= PF_OSFP_QUIRK_SEQEQ; - if (tcp->th_seq == 0) - fp.fp_quirks |= PF_OSFP_QUIRK_SEQZERO; - if (tcp->th_ack != 0) - fp.fp_quirks |= PF_OSFP_QUIRK_ACKNO; - if (tcp->th_urp != 0) - fp.fp_quirks |= PF_OSFP_QUIRK_URG; - if (tcp->th_x2 != 0) - fp.fp_quirks |= PF_OSFP_QUIRK_X2; - if (tcp->th_flags & ~(TH_SYN|TH_ACK|TH_RST|TH_ECE|TH_CWR)) - fp.fp_quirks |= PF_OSFP_QUIRK_FLAGS; cnt = (tcp->th_off << 2) - sizeof(*tcp); optp = (const u_int8_t *)((const char *)tcp + sizeof(*tcp)); @@ -235,15 +218,12 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_SACK; break; case TCPOPT_TIMESTAMP: - tscnt++; if (optlen >= TCPOLEN_TIMESTAMP) { u_int32_t ts; memcpy(&ts, &optp[2], sizeof(ts)); if (ts == 0) fp.fp_flags |= PF_OSFP_TS0; - else if (tscnt > 1) - fp.fp_quirks |= - PF_OSFP_QUIRK_TS2; + } fp.fp_tcpopts = (fp.fp_tcpopts << PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_TS; @@ -256,8 +236,8 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st } DPFPRINTF(LOG_NOTICE, - "fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) " - "(TS=%s,M=%s%d,W=%s%d) (0x%hx)", + "fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) " + "(TS=%s,M=%s%d,W=%s%d)", srcname, ntohs(tcp->th_sport), fp.fp_wsize, fp.fp_ttl, (fp.fp_flags & PF_OSFP_DF) != 0, fp.fp_psize, (long long int)fp.fp_tcpopts, fp.fp_optcnt, @@ -267,7 +247,7 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st fp.fp_mss, (fp.fp_flags & PF_OSFP_WSCALE_MOD) ? "%" : (fp.fp_flags & PF_OSFP_WSCALE_DC) ? "*" : "", - fp.fp_wscale, fp.fp_quirks); + fp.fp_wscale); if ((fpresult = pf_osfp_find(&pf_osfp_list, &fp, PF_OSFP_MAXTTL_OFFSET))) @@ -348,7 +328,6 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc) fpadd.fp_psize = fpioc->fp_psize; fpadd.fp_mss = fpioc->fp_mss; fpadd.fp_flags = fpioc->fp_flags; - fpadd.fp_quirks = fpioc->fp_quirks; fpadd.fp_optcnt = fpioc->fp_optcnt; fpadd.fp_wscale = fpioc->fp_wscale; fpadd.fp_ttl = fpioc->fp_ttl; @@ -379,7 +358,7 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc) fpioc->fp_os.fp_os); if ((fp = pf_osfp_find_exact(&pf_osfp_list, &fpadd))) { - SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) { + SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) { if (PF_OSFP_ENTRY_EQ(entry, &fpioc->fp_os)) return (EEXIST); } @@ -395,7 +374,6 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc) fp->fp_psize = fpioc->fp_psize; fp->fp_mss = fpioc->fp_mss; fp->fp_flags = fpioc->fp_flags; - fp->fp_quirks = fpioc->fp_quirks; fp->fp_optcnt = fpioc->fp_optcnt; fp->fp_wscale = fpioc->fp_wscale; fp->fp_ttl = fpioc->fp_ttl; @@ -493,8 +471,6 @@ pf_osfp_find(struct pf_osfp_list *list, struct pf_os_fingerprint *find, continue; } } - if (f->fp_quirks != find->fp_quirks) - continue; return (f); } @@ -513,7 +489,6 @@ pf_osfp_find_exact(struct pf_osfp_list *list, struct pf_os_fingerprint *find) f->fp_psize == find->fp_psize && f->fp_mss == find->fp_mss && f->fp_flags == find->fp_flags && - f->fp_quirks == find->fp_quirks && f->fp_optcnt == find->fp_optcnt && f->fp_wscale == find->fp_wscale && f->fp_ttl == find->fp_ttl) @@ -548,6 +523,7 @@ pf_osfp_get(struct pf_osfp_ioctl *fpioc) int num = fpioc->fp_getnum; int i = 0; + memset(fpioc, 0, sizeof(*fpioc)); SLIST_FOREACH(fp, &pf_osfp_list, fp_next) { SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) { @@ -555,7 +531,6 @@ pf_osfp_get(struct pf_osfp_ioctl *fpioc) fpioc->fp_mss = fp->fp_mss; fpioc->fp_wsize = fp->fp_wsize; fpioc->fp_flags = fp->fp_flags; - fpioc->fp_quirks = fp->fp_quirks; fpioc->fp_psize = fp->fp_psize; fpioc->fp_ttl = fp->fp_ttl; fpioc->fp_wscale = fp->fp_wscale; @@ -570,6 +545,7 @@ pf_osfp_get(struct pf_osfp_ioctl *fpioc) return (EBUSY); } + /* Validate that each signature is reachable */ struct pf_os_fingerprint * pf_osfp_validate(void) |