summaryrefslogtreecommitdiff
path: root/sys/net
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2010-10-18 15:55:29 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2010-10-18 15:55:29 +0000
commit7c76fe39b0ea0e0db4feae4418483f5aa47950a1 (patch)
treeabb007371984f4fdff4c4fe8e33cc7ddd9269d21 /sys/net
parent3d1634637f6e87c718745cd3caec861385ade45e (diff)
Revert non-compatible and undocumented bullshit commited by 3 developers
who decided to just do it on their own. henning, mcbride, jsing -- shame on you -- if you had shown this diff to just 1 other network developer, the astounding mistake in it would have been noticed. Start practicing inclusionary development instead of going alone. ok claudio
Diffstat (limited to 'sys/net')
-rw-r--r--sys/net/pf_osfp.c42
-rw-r--r--sys/net/pfvar.h16
2 files changed, 10 insertions, 48 deletions
diff --git a/sys/net/pf_osfp.c b/sys/net/pf_osfp.c
index 31c766c16a2..853ea1ce73f 100644
--- a/sys/net/pf_osfp.c
+++ b/sys/net/pf_osfp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_osfp.c,v 1.20 2010/10/17 12:14:28 jsing Exp $ */
+/* $OpenBSD: pf_osfp.c,v 1.21 2010/10/18 15:55:28 deraadt Exp $ */
/*
* Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org>
@@ -111,7 +111,7 @@ struct pf_osfp_enlist *
pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const struct tcphdr *tcp)
{
struct pf_os_fingerprint fp, *fpresult;
- int cnt, tscnt = 0, optlen = 0;
+ int cnt, optlen = 0;
const u_int8_t *optp;
#ifdef _KERNEL
char srcname[128];
@@ -137,10 +137,6 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st
fp.fp_ttl = ip->ip_ttl;
if (ip->ip_off & htons(IP_DF))
fp.fp_flags |= PF_OSFP_DF;
- if (ip->ip_hl > 5)
- fp.fp_quirks |= PF_OSFP_QUIRK_IPOPT;
- if (ip->ip_id == 0)
- fp.fp_quirks |= PF_OSFP_QUIRK_ZEROID;
#ifdef _KERNEL
strlcpy(srcname, inet_ntoa(ip->ip_src), sizeof(srcname));
#else
@@ -182,19 +178,6 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st
return (NULL);
fp.fp_wsize = ntohs(tcp->th_win);
- /* Set quirks flags. */
- if (tcp->th_seq == tcp->th_ack)
- fp.fp_quirks |= PF_OSFP_QUIRK_SEQEQ;
- if (tcp->th_seq == 0)
- fp.fp_quirks |= PF_OSFP_QUIRK_SEQZERO;
- if (tcp->th_ack != 0)
- fp.fp_quirks |= PF_OSFP_QUIRK_ACKNO;
- if (tcp->th_urp != 0)
- fp.fp_quirks |= PF_OSFP_QUIRK_URG;
- if (tcp->th_x2 != 0)
- fp.fp_quirks |= PF_OSFP_QUIRK_X2;
- if (tcp->th_flags & ~(TH_SYN|TH_ACK|TH_RST|TH_ECE|TH_CWR))
- fp.fp_quirks |= PF_OSFP_QUIRK_FLAGS;
cnt = (tcp->th_off << 2) - sizeof(*tcp);
optp = (const u_int8_t *)((const char *)tcp + sizeof(*tcp));
@@ -235,15 +218,12 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st
PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_SACK;
break;
case TCPOPT_TIMESTAMP:
- tscnt++;
if (optlen >= TCPOLEN_TIMESTAMP) {
u_int32_t ts;
memcpy(&ts, &optp[2], sizeof(ts));
if (ts == 0)
fp.fp_flags |= PF_OSFP_TS0;
- else if (tscnt > 1)
- fp.fp_quirks |=
- PF_OSFP_QUIRK_TS2;
+
}
fp.fp_tcpopts = (fp.fp_tcpopts <<
PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_TS;
@@ -256,8 +236,8 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st
}
DPFPRINTF(LOG_NOTICE,
- "fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) "
- "(TS=%s,M=%s%d,W=%s%d) (0x%hx)",
+ "fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) "
+ "(TS=%s,M=%s%d,W=%s%d)",
srcname, ntohs(tcp->th_sport),
fp.fp_wsize, fp.fp_ttl, (fp.fp_flags & PF_OSFP_DF) != 0,
fp.fp_psize, (long long int)fp.fp_tcpopts, fp.fp_optcnt,
@@ -267,7 +247,7 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st
fp.fp_mss,
(fp.fp_flags & PF_OSFP_WSCALE_MOD) ? "%" :
(fp.fp_flags & PF_OSFP_WSCALE_DC) ? "*" : "",
- fp.fp_wscale, fp.fp_quirks);
+ fp.fp_wscale);
if ((fpresult = pf_osfp_find(&pf_osfp_list, &fp,
PF_OSFP_MAXTTL_OFFSET)))
@@ -348,7 +328,6 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc)
fpadd.fp_psize = fpioc->fp_psize;
fpadd.fp_mss = fpioc->fp_mss;
fpadd.fp_flags = fpioc->fp_flags;
- fpadd.fp_quirks = fpioc->fp_quirks;
fpadd.fp_optcnt = fpioc->fp_optcnt;
fpadd.fp_wscale = fpioc->fp_wscale;
fpadd.fp_ttl = fpioc->fp_ttl;
@@ -379,7 +358,7 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc)
fpioc->fp_os.fp_os);
if ((fp = pf_osfp_find_exact(&pf_osfp_list, &fpadd))) {
- SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) {
+ SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) {
if (PF_OSFP_ENTRY_EQ(entry, &fpioc->fp_os))
return (EEXIST);
}
@@ -395,7 +374,6 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc)
fp->fp_psize = fpioc->fp_psize;
fp->fp_mss = fpioc->fp_mss;
fp->fp_flags = fpioc->fp_flags;
- fp->fp_quirks = fpioc->fp_quirks;
fp->fp_optcnt = fpioc->fp_optcnt;
fp->fp_wscale = fpioc->fp_wscale;
fp->fp_ttl = fpioc->fp_ttl;
@@ -493,8 +471,6 @@ pf_osfp_find(struct pf_osfp_list *list, struct pf_os_fingerprint *find,
continue;
}
}
- if (f->fp_quirks != find->fp_quirks)
- continue;
return (f);
}
@@ -513,7 +489,6 @@ pf_osfp_find_exact(struct pf_osfp_list *list, struct pf_os_fingerprint *find)
f->fp_psize == find->fp_psize &&
f->fp_mss == find->fp_mss &&
f->fp_flags == find->fp_flags &&
- f->fp_quirks == find->fp_quirks &&
f->fp_optcnt == find->fp_optcnt &&
f->fp_wscale == find->fp_wscale &&
f->fp_ttl == find->fp_ttl)
@@ -548,6 +523,7 @@ pf_osfp_get(struct pf_osfp_ioctl *fpioc)
int num = fpioc->fp_getnum;
int i = 0;
+
memset(fpioc, 0, sizeof(*fpioc));
SLIST_FOREACH(fp, &pf_osfp_list, fp_next) {
SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) {
@@ -555,7 +531,6 @@ pf_osfp_get(struct pf_osfp_ioctl *fpioc)
fpioc->fp_mss = fp->fp_mss;
fpioc->fp_wsize = fp->fp_wsize;
fpioc->fp_flags = fp->fp_flags;
- fpioc->fp_quirks = fp->fp_quirks;
fpioc->fp_psize = fp->fp_psize;
fpioc->fp_ttl = fp->fp_ttl;
fpioc->fp_wscale = fp->fp_wscale;
@@ -570,6 +545,7 @@ pf_osfp_get(struct pf_osfp_ioctl *fpioc)
return (EBUSY);
}
+
/* Validate that each signature is reachable */
struct pf_os_fingerprint *
pf_osfp_validate(void)
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index d90fa3faa71..150747fbbb5 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.316 2010/10/17 12:14:28 jsing Exp $ */
+/* $OpenBSD: pfvar.h,v 1.317 2010/10/18 15:55:28 deraadt Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -487,19 +487,6 @@ struct pf_os_fingerprint {
#define PF_OSFP_DF 0x1000 /* IPv4 don't fragment bit */
#define PF_OSFP_TS0 0x2000 /* Zero timestamp */
#define PF_OSFP_INET6 0x4000 /* IPv6 */
- u_int16_t fp_quirks;
-#define PF_OSFP_QUIRK_DATA 0x0001 /* SYN contains payload. */
-#define PF_OSFP_QUIRK_SEQEQ 0x0002 /* SEQ no equals ACK no. */
-#define PF_OSFP_QUIRK_SEQZERO 0x0004 /* SEQ no is zero. */
-#define PF_OSFP_QUIRK_PAST 0x0008 /* Options past EOL. */
-#define PF_OSFP_QUIRK_ZEROID 0x0010 /* IPv4 ID is zero. */
-#define PF_OSFP_QUIRK_IPOPT 0x0020 /* IPv4 options specified. */
-#define PF_OSFP_QUIRK_URG 0x0040 /* URG pointer non-zero. */
-#define PF_OSFP_QUIRK_X2 0x0080 /* Used x2 field non-zero. */
-#define PF_OSFP_QUIRK_ACKNO 0x0100 /* ACK no is non-zero. */
-#define PF_OSFP_QUIRK_TS2 0x0200 /* Second non-zero timestamp. */
-#define PF_OSFP_QUIRK_FLAGS 0x0400 /* Unusual flags set. */
-#define PF_OSFP_QUIRK_BROKEN 0x0800 /* Broken options segment. */
u_int8_t fp_optcnt; /* TCP option count */
u_int8_t fp_wscale; /* TCP window scaling */
u_int8_t fp_ttl; /* IPv4 TTL */
@@ -525,7 +512,6 @@ struct pf_osfp_ioctl {
u_int16_t fp_psize; /* ip->ip_len */
u_int16_t fp_mss; /* TCP MSS */
u_int16_t fp_flags;
- u_int16_t fp_quirks;
u_int8_t fp_optcnt; /* TCP option count */
u_int8_t fp_wscale; /* TCP window scaling */
u_int8_t fp_ttl; /* IPv4 TTL */