diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2010-10-18 15:55:29 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2010-10-18 15:55:29 +0000 |
| commit | 7c76fe39b0ea0e0db4feae4418483f5aa47950a1 (patch) | |
| tree | abb007371984f4fdff4c4fe8e33cc7ddd9269d21 /sys | |
| parent | 3d1634637f6e87c718745cd3caec861385ade45e (diff) | |
Revert non-compatible and undocumented bullshit commited by 3 developers
who decided to just do it on their own. henning, mcbride, jsing -- shame
on you -- if you had shown this diff to just 1 other network developer,
the astounding mistake in it would have been noticed. Start practicing
inclusionary development instead of going alone.
ok claudio
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf_osfp.c | 42 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 16 |
2 files changed, 10 insertions, 48 deletions
diff --git a/sys/net/pf_osfp.c b/sys/net/pf_osfp.c index 31c766c16a2..853ea1ce73f 100644 --- a/sys/net/pf_osfp.c +++ b/sys/net/pf_osfp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_osfp.c,v 1.20 2010/10/17 12:14:28 jsing Exp $ */ +/* $OpenBSD: pf_osfp.c,v 1.21 2010/10/18 15:55:28 deraadt Exp $ */ /* * Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org> @@ -111,7 +111,7 @@ struct pf_osfp_enlist * pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const struct tcphdr *tcp) { struct pf_os_fingerprint fp, *fpresult; - int cnt, tscnt = 0, optlen = 0; + int cnt, optlen = 0; const u_int8_t *optp; #ifdef _KERNEL char srcname[128]; @@ -137,10 +137,6 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st fp.fp_ttl = ip->ip_ttl; if (ip->ip_off & htons(IP_DF)) fp.fp_flags |= PF_OSFP_DF; - if (ip->ip_hl > 5) - fp.fp_quirks |= PF_OSFP_QUIRK_IPOPT; - if (ip->ip_id == 0) - fp.fp_quirks |= PF_OSFP_QUIRK_ZEROID; #ifdef _KERNEL strlcpy(srcname, inet_ntoa(ip->ip_src), sizeof(srcname)); #else @@ -182,19 +178,6 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st return (NULL); fp.fp_wsize = ntohs(tcp->th_win); - /* Set quirks flags. */ - if (tcp->th_seq == tcp->th_ack) - fp.fp_quirks |= PF_OSFP_QUIRK_SEQEQ; - if (tcp->th_seq == 0) - fp.fp_quirks |= PF_OSFP_QUIRK_SEQZERO; - if (tcp->th_ack != 0) - fp.fp_quirks |= PF_OSFP_QUIRK_ACKNO; - if (tcp->th_urp != 0) - fp.fp_quirks |= PF_OSFP_QUIRK_URG; - if (tcp->th_x2 != 0) - fp.fp_quirks |= PF_OSFP_QUIRK_X2; - if (tcp->th_flags & ~(TH_SYN|TH_ACK|TH_RST|TH_ECE|TH_CWR)) - fp.fp_quirks |= PF_OSFP_QUIRK_FLAGS; cnt = (tcp->th_off << 2) - sizeof(*tcp); optp = (const u_int8_t *)((const char *)tcp + sizeof(*tcp)); @@ -235,15 +218,12 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_SACK; break; case TCPOPT_TIMESTAMP: - tscnt++; if (optlen >= TCPOLEN_TIMESTAMP) { u_int32_t ts; memcpy(&ts, &optp[2], sizeof(ts)); if (ts == 0) fp.fp_flags |= PF_OSFP_TS0; - else if (tscnt > 1) - fp.fp_quirks |= - PF_OSFP_QUIRK_TS2; + } fp.fp_tcpopts = (fp.fp_tcpopts << PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_TS; @@ -256,8 +236,8 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st } DPFPRINTF(LOG_NOTICE, - "fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) " - "(TS=%s,M=%s%d,W=%s%d) (0x%hx)", + "fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) " + "(TS=%s,M=%s%d,W=%s%d)", srcname, ntohs(tcp->th_sport), fp.fp_wsize, fp.fp_ttl, (fp.fp_flags & PF_OSFP_DF) != 0, fp.fp_psize, (long long int)fp.fp_tcpopts, fp.fp_optcnt, @@ -267,7 +247,7 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st fp.fp_mss, (fp.fp_flags & PF_OSFP_WSCALE_MOD) ? "%" : (fp.fp_flags & PF_OSFP_WSCALE_DC) ? "*" : "", - fp.fp_wscale, fp.fp_quirks); + fp.fp_wscale); if ((fpresult = pf_osfp_find(&pf_osfp_list, &fp, PF_OSFP_MAXTTL_OFFSET))) @@ -348,7 +328,6 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc) fpadd.fp_psize = fpioc->fp_psize; fpadd.fp_mss = fpioc->fp_mss; fpadd.fp_flags = fpioc->fp_flags; - fpadd.fp_quirks = fpioc->fp_quirks; fpadd.fp_optcnt = fpioc->fp_optcnt; fpadd.fp_wscale = fpioc->fp_wscale; fpadd.fp_ttl = fpioc->fp_ttl; @@ -379,7 +358,7 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc) fpioc->fp_os.fp_os); if ((fp = pf_osfp_find_exact(&pf_osfp_list, &fpadd))) { - SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) { + SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) { if (PF_OSFP_ENTRY_EQ(entry, &fpioc->fp_os)) return (EEXIST); } @@ -395,7 +374,6 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc) fp->fp_psize = fpioc->fp_psize; fp->fp_mss = fpioc->fp_mss; fp->fp_flags = fpioc->fp_flags; - fp->fp_quirks = fpioc->fp_quirks; fp->fp_optcnt = fpioc->fp_optcnt; fp->fp_wscale = fpioc->fp_wscale; fp->fp_ttl = fpioc->fp_ttl; @@ -493,8 +471,6 @@ pf_osfp_find(struct pf_osfp_list *list, struct pf_os_fingerprint *find, continue; } } - if (f->fp_quirks != find->fp_quirks) - continue; return (f); } @@ -513,7 +489,6 @@ pf_osfp_find_exact(struct pf_osfp_list *list, struct pf_os_fingerprint *find) f->fp_psize == find->fp_psize && f->fp_mss == find->fp_mss && f->fp_flags == find->fp_flags && - f->fp_quirks == find->fp_quirks && f->fp_optcnt == find->fp_optcnt && f->fp_wscale == find->fp_wscale && f->fp_ttl == find->fp_ttl) @@ -548,6 +523,7 @@ pf_osfp_get(struct pf_osfp_ioctl *fpioc) int num = fpioc->fp_getnum; int i = 0; + memset(fpioc, 0, sizeof(*fpioc)); SLIST_FOREACH(fp, &pf_osfp_list, fp_next) { SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) { @@ -555,7 +531,6 @@ pf_osfp_get(struct pf_osfp_ioctl *fpioc) fpioc->fp_mss = fp->fp_mss; fpioc->fp_wsize = fp->fp_wsize; fpioc->fp_flags = fp->fp_flags; - fpioc->fp_quirks = fp->fp_quirks; fpioc->fp_psize = fp->fp_psize; fpioc->fp_ttl = fp->fp_ttl; fpioc->fp_wscale = fp->fp_wscale; @@ -570,6 +545,7 @@ pf_osfp_get(struct pf_osfp_ioctl *fpioc) return (EBUSY); } + /* Validate that each signature is reachable */ struct pf_os_fingerprint * pf_osfp_validate(void) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index d90fa3faa71..150747fbbb5 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.316 2010/10/17 12:14:28 jsing Exp $ */ +/* $OpenBSD: pfvar.h,v 1.317 2010/10/18 15:55:28 deraadt Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -487,19 +487,6 @@ struct pf_os_fingerprint { #define PF_OSFP_DF 0x1000 /* IPv4 don't fragment bit */ #define PF_OSFP_TS0 0x2000 /* Zero timestamp */ #define PF_OSFP_INET6 0x4000 /* IPv6 */ - u_int16_t fp_quirks; -#define PF_OSFP_QUIRK_DATA 0x0001 /* SYN contains payload. */ -#define PF_OSFP_QUIRK_SEQEQ 0x0002 /* SEQ no equals ACK no. */ -#define PF_OSFP_QUIRK_SEQZERO 0x0004 /* SEQ no is zero. */ -#define PF_OSFP_QUIRK_PAST 0x0008 /* Options past EOL. */ -#define PF_OSFP_QUIRK_ZEROID 0x0010 /* IPv4 ID is zero. */ -#define PF_OSFP_QUIRK_IPOPT 0x0020 /* IPv4 options specified. */ -#define PF_OSFP_QUIRK_URG 0x0040 /* URG pointer non-zero. */ -#define PF_OSFP_QUIRK_X2 0x0080 /* Used x2 field non-zero. */ -#define PF_OSFP_QUIRK_ACKNO 0x0100 /* ACK no is non-zero. */ -#define PF_OSFP_QUIRK_TS2 0x0200 /* Second non-zero timestamp. */ -#define PF_OSFP_QUIRK_FLAGS 0x0400 /* Unusual flags set. */ -#define PF_OSFP_QUIRK_BROKEN 0x0800 /* Broken options segment. */ u_int8_t fp_optcnt; /* TCP option count */ u_int8_t fp_wscale; /* TCP window scaling */ u_int8_t fp_ttl; /* IPv4 TTL */ @@ -525,7 +512,6 @@ struct pf_osfp_ioctl { u_int16_t fp_psize; /* ip->ip_len */ u_int16_t fp_mss; /* TCP MSS */ u_int16_t fp_flags; - u_int16_t fp_quirks; u_int8_t fp_optcnt; /* TCP option count */ u_int8_t fp_wscale; /* TCP window scaling */ u_int8_t fp_ttl; /* IPv4 TTL */ |