stuff needed for passive OS fingerprinting PF rules

2 files changed, 9 insertions, 3 deletions

diff --git a/usr.sbin/authpf/Makefile b/usr.sbin/authpf/Makefile
index 043bac77ab2..34b140d3313 100644
--- a/usr.sbin/authpf/Makefile
+++ b/usr.sbin/authpf/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.8 2003/01/03 21:37:44 cedric Exp $
+#	$OpenBSD: Makefile,v 1.9 2003/08/21 19:13:23 frantzen Exp $
 
 PROG=	authpf
 MAN=	authpf.8
@@ -6,7 +6,7 @@ BINOWN= root
 BINGRP= authpf
 BINMODE= 6555
 SRCS=	authpf.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c
-SRCS+=	pfctl_radix.c
+SRCS+=	pfctl_radix.c pfctl_osfp.c
 CFLAGS+= -I${.CURDIR}/../../sbin/pfctl -Wall -Werror
 .PATH:  ${.CURDIR}/../../sbin/pfctl
 
diff --git a/usr.sbin/authpf/authpf.c b/usr.sbin/authpf/authpf.c
index 09eba8eeb86..8828ffc2f37 100644
--- a/usr.sbin/authpf/authpf.c
+++ b/usr.sbin/authpf/authpf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: authpf.c,v 1.67 2003/08/01 05:29:36 millert Exp $	*/
+/*	$OpenBSD: authpf.c,v 1.68 2003/08/21 19:13:23 frantzen Exp $	*/
 
 /*
  * Copyright (C) 1998 - 2002 Bob Beck (beck@openbsd.org).
@@ -611,6 +611,11 @@ change_filter(int add, const char *luser, const char *ipsrc)
 		}
 	}
 
+	if (pfctl_load_fingerprints(dev, 0)) {
+		syslog(LOG_ERR, "unable to load kernel's OS fingerprints");
+		goto error;
+	}
+
 	memset(&pf, 0, sizeof(pf));
 	for (i = 0; i < PF_RULESET_MAX; ++i) {
 		memset(&pr[i], 0, sizeof(pr[i]));
@@ -863,3 +868,4 @@ pfctl_rules(int dev, char *filename, int opts, char *anchorname,
 	fprintf(stderr, "load anchor not supported from authpf\n");
 	return (1);
 }
+