mirror of
https://github.com/openbsd/src.git
synced 2024-12-22 07:27:59 -08:00
df69c215c7
value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
1095 lines
26 KiB
C
1095 lines
26 KiB
C
/* $OpenBSD: pfctl_osfp.c,v 1.16 2019/06/28 13:32:51 deraadt Exp $ */
|
|
|
|
/*
|
|
* Copyright (c) 2003 Mike Frantzen <frantzen@openbsd.org>
|
|
*
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
*/
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/ioctl.h>
|
|
#include <sys/socket.h>
|
|
|
|
#include <netinet/in.h>
|
|
#include <netinet/ip.h>
|
|
#include <netinet/ip6.h>
|
|
#include <net/if.h>
|
|
#include <net/pfvar.h>
|
|
|
|
#include <ctype.h>
|
|
#include <err.h>
|
|
#include <errno.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
#include "privsep.h"
|
|
#include "pfctl_parser.h"
|
|
|
|
#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
|
|
|
|
/* #define OSFP_DEBUG 1 */
|
|
#ifdef OSFP_DEBUG
|
|
# define DEBUG(fp, str, v...) \
|
|
fprintf(stderr, "%s:%s:%s " str "\n", (fp)->fp_os.fp_class_nm, \
|
|
(fp)->fp_os.fp_version_nm, (fp)->fp_os.fp_subtype_nm , ## v);
|
|
#else
|
|
# define DEBUG(fp, str, v...) ((void)0)
|
|
#endif
|
|
|
|
|
|
struct name_entry;
|
|
LIST_HEAD(name_list, name_entry);
|
|
struct name_entry {
|
|
LIST_ENTRY(name_entry) nm_entry;
|
|
int nm_num;
|
|
char nm_name[PF_OSFP_LEN];
|
|
|
|
struct name_list nm_sublist;
|
|
int nm_sublist_num;
|
|
};
|
|
struct name_list classes = LIST_HEAD_INITIALIZER(&classes);
|
|
int class_count;
|
|
int fingerprint_count;
|
|
|
|
void add_fingerprint(int, int, struct pf_osfp_ioctl *);
|
|
struct name_entry *fingerprint_name_entry(struct name_list *, char *);
|
|
void pfctl_flush_my_fingerprints(struct name_list *);
|
|
char *get_field(u_char **, size_t *, int *);
|
|
int get_int(u_char **, size_t *, int *, int *, const char *,
|
|
int, int, const char *, int);
|
|
int get_str(u_char **, size_t *, char **, const char *, int,
|
|
const char *, int);
|
|
int get_tcpopts(const char *, int, const u_char *,
|
|
pf_tcpopts_t *, int *, int *, int *, int *, int *,
|
|
int *);
|
|
void import_fingerprint(struct pf_osfp_ioctl *);
|
|
#ifdef OSFP_DEBUG
|
|
const char *print_ioctl(struct pf_osfp_ioctl *);
|
|
#endif
|
|
void print_name_list(int, struct name_list *, const char *);
|
|
void sort_name_list(int, struct name_list *);
|
|
struct name_entry *lookup_name_list(struct name_list *, const char *);
|
|
|
|
/* Load fingerprints from a file */
|
|
int
|
|
pfctl_file_fingerprints(int dev, int opts, const char *fp_filename)
|
|
{
|
|
FILE *in;
|
|
u_char *line;
|
|
size_t len;
|
|
int i, fd, lineno = 0;
|
|
int window, w_mod, ttl, df, psize, p_mod, mss, mss_mod, wscale,
|
|
wscale_mod, optcnt, ts0;
|
|
pf_tcpopts_t packed_tcpopts;
|
|
char *class, *version, *subtype, *desc, *tcpopts;
|
|
struct pf_osfp_ioctl fp;
|
|
|
|
pfctl_flush_my_fingerprints(&classes);
|
|
|
|
fd = priv_open_pfosfp();
|
|
if (fd < 0)
|
|
return (1);
|
|
|
|
if ((in = fdopen(fd, "r")) == NULL) {
|
|
warn("%s", fp_filename);
|
|
return (1);
|
|
}
|
|
|
|
class = version = subtype = desc = tcpopts = NULL;
|
|
|
|
if ((opts & PF_OPT_NOACTION) == 0)
|
|
pfctl_clear_fingerprints(dev, opts);
|
|
|
|
while ((line = fgetln(in, &len)) != NULL) {
|
|
lineno++;
|
|
free(class);
|
|
free(version);
|
|
free(subtype);
|
|
free(desc);
|
|
free(tcpopts);
|
|
class = version = subtype = desc = tcpopts = NULL;
|
|
memset(&fp, 0, sizeof(fp));
|
|
|
|
/* Chop off comment */
|
|
for (i = 0; i < len; i++)
|
|
if (line[i] == '#') {
|
|
len = i;
|
|
break;
|
|
}
|
|
/* Chop off whitespace */
|
|
while (len > 0 && isspace(line[len - 1]))
|
|
len--;
|
|
while (len > 0 && isspace(line[0])) {
|
|
len--;
|
|
line++;
|
|
}
|
|
if (len == 0)
|
|
continue;
|
|
|
|
#define T_DC 0x01 /* Allow don't care */
|
|
#define T_MSS 0x02 /* Allow MSS multiple */
|
|
#define T_MTU 0x04 /* Allow MTU multiple */
|
|
#define T_MOD 0x08 /* Allow modulus */
|
|
|
|
#define GET_INT(v, mod, n, ty, mx) \
|
|
get_int(&line, &len, &v, mod, n, ty, mx, fp_filename, lineno)
|
|
#define GET_STR(v, n, mn) \
|
|
get_str(&line, &len, &v, n, mn, fp_filename, lineno)
|
|
|
|
if (GET_INT(window, &w_mod, "window size", T_DC|T_MSS|T_MTU|
|
|
T_MOD, 0xffff) ||
|
|
GET_INT(ttl, NULL, "ttl", 0, 0xff) ||
|
|
GET_INT(df, NULL, "don't fragment frag", 0, 1) ||
|
|
GET_INT(psize, &p_mod, "overall packet size", T_MOD|T_DC,
|
|
8192) ||
|
|
GET_STR(tcpopts, "TCP Options", 1) ||
|
|
GET_STR(class, "OS class", 1) ||
|
|
GET_STR(version, "OS version", 0) ||
|
|
GET_STR(subtype, "OS subtype", 0) ||
|
|
GET_STR(desc, "OS description", 2))
|
|
continue;
|
|
if (get_tcpopts(fp_filename, lineno, tcpopts, &packed_tcpopts,
|
|
&optcnt, &mss, &mss_mod, &wscale, &wscale_mod, &ts0))
|
|
continue;
|
|
if (len != 0) {
|
|
fprintf(stderr, "%s:%d excess field\n", fp_filename,
|
|
lineno);
|
|
continue;
|
|
}
|
|
|
|
fp.fp_ttl = ttl;
|
|
if (df)
|
|
fp.fp_flags |= PF_OSFP_DF;
|
|
switch (w_mod) {
|
|
case 0:
|
|
break;
|
|
case T_DC:
|
|
fp.fp_flags |= PF_OSFP_WSIZE_DC;
|
|
break;
|
|
case T_MSS:
|
|
fp.fp_flags |= PF_OSFP_WSIZE_MSS;
|
|
break;
|
|
case T_MTU:
|
|
fp.fp_flags |= PF_OSFP_WSIZE_MTU;
|
|
break;
|
|
case T_MOD:
|
|
fp.fp_flags |= PF_OSFP_WSIZE_MOD;
|
|
break;
|
|
}
|
|
fp.fp_wsize = window;
|
|
|
|
switch (p_mod) {
|
|
case T_DC:
|
|
fp.fp_flags |= PF_OSFP_PSIZE_DC;
|
|
break;
|
|
case T_MOD:
|
|
fp.fp_flags |= PF_OSFP_PSIZE_MOD;
|
|
}
|
|
fp.fp_psize = psize;
|
|
|
|
|
|
switch (wscale_mod) {
|
|
case T_DC:
|
|
fp.fp_flags |= PF_OSFP_WSCALE_DC;
|
|
break;
|
|
case T_MOD:
|
|
fp.fp_flags |= PF_OSFP_WSCALE_MOD;
|
|
}
|
|
fp.fp_wscale = wscale;
|
|
|
|
switch (mss_mod) {
|
|
case T_DC:
|
|
fp.fp_flags |= PF_OSFP_MSS_DC;
|
|
break;
|
|
case T_MOD:
|
|
fp.fp_flags |= PF_OSFP_MSS_MOD;
|
|
break;
|
|
}
|
|
fp.fp_mss = mss;
|
|
|
|
fp.fp_tcpopts = packed_tcpopts;
|
|
fp.fp_optcnt = optcnt;
|
|
if (ts0)
|
|
fp.fp_flags |= PF_OSFP_TS0;
|
|
|
|
if (class[0] == '@')
|
|
fp.fp_os.fp_enflags |= PF_OSFP_GENERIC;
|
|
if (class[0] == '*')
|
|
fp.fp_os.fp_enflags |= PF_OSFP_NODETAIL;
|
|
|
|
if (class[0] == '@' || class[0] == '*')
|
|
strlcpy(fp.fp_os.fp_class_nm, class + 1,
|
|
sizeof(fp.fp_os.fp_class_nm));
|
|
else
|
|
strlcpy(fp.fp_os.fp_class_nm, class,
|
|
sizeof(fp.fp_os.fp_class_nm));
|
|
strlcpy(fp.fp_os.fp_version_nm, version,
|
|
sizeof(fp.fp_os.fp_version_nm));
|
|
strlcpy(fp.fp_os.fp_subtype_nm, subtype,
|
|
sizeof(fp.fp_os.fp_subtype_nm));
|
|
|
|
add_fingerprint(dev, opts, &fp);
|
|
|
|
fp.fp_flags |= (PF_OSFP_DF | PF_OSFP_INET6);
|
|
fp.fp_psize += sizeof(struct ip6_hdr) - sizeof(struct ip);
|
|
add_fingerprint(dev, opts, &fp);
|
|
}
|
|
|
|
free(class);
|
|
free(version);
|
|
free(subtype);
|
|
free(desc);
|
|
free(tcpopts);
|
|
|
|
if (opts & PF_OPT_VERBOSE2)
|
|
printf("Loaded %d passive OS fingerprints\n",
|
|
fingerprint_count);
|
|
fclose(in);
|
|
return (0);
|
|
}
|
|
|
|
/* flush the kernel's fingerprints */
|
|
void
|
|
pfctl_clear_fingerprints(int dev, int opts)
|
|
{
|
|
if (ioctl(dev, DIOCOSFPFLUSH) == -1)
|
|
err(1, "DIOCOSFPFLUSH");
|
|
}
|
|
|
|
/* flush pfctl's view of the fingerprints */
|
|
void
|
|
pfctl_flush_my_fingerprints(struct name_list *list)
|
|
{
|
|
struct name_entry *nm;
|
|
|
|
while ((nm = LIST_FIRST(list)) != NULL) {
|
|
LIST_REMOVE(nm, nm_entry);
|
|
pfctl_flush_my_fingerprints(&nm->nm_sublist);
|
|
free(nm);
|
|
}
|
|
fingerprint_count = 0;
|
|
class_count = 0;
|
|
}
|
|
|
|
/* Fetch the active fingerprints from the kernel */
|
|
int
|
|
pfctl_load_fingerprints(int dev, int opts)
|
|
{
|
|
struct pf_osfp_ioctl io;
|
|
int i;
|
|
|
|
pfctl_flush_my_fingerprints(&classes);
|
|
|
|
for (i = 0; i >= 0; i++) {
|
|
memset(&io, 0, sizeof(io));
|
|
io.fp_getnum = i;
|
|
if (ioctl(dev, DIOCOSFPGET, &io) == -1) {
|
|
if (errno == EBUSY)
|
|
break;
|
|
warn("DIOCOSFPGET");
|
|
return (1);
|
|
}
|
|
import_fingerprint(&io);
|
|
}
|
|
return (0);
|
|
}
|
|
|
|
/* List the fingerprints */
|
|
void
|
|
pfctl_show_fingerprints(int opts)
|
|
{
|
|
printf("Passive OS Fingerprints:\n");
|
|
printf("\tClass\tVersion\tSubtype(subversion)\n");
|
|
printf("\t-----\t-------\t-------------------\n");
|
|
sort_name_list(opts, &classes);
|
|
print_name_list(opts, &classes, "\t");
|
|
}
|
|
|
|
/* Lookup a fingerprint */
|
|
pf_osfp_t
|
|
pfctl_get_fingerprint(const char *name)
|
|
{
|
|
struct name_entry *nm, *class_nm, *version_nm, *subtype_nm;
|
|
pf_osfp_t ret = PF_OSFP_NOMATCH;
|
|
int class, version, subtype;
|
|
int unp_class, unp_version, unp_subtype;
|
|
int wr_len, version_len, subtype_len;
|
|
char *ptr, *wr_name;
|
|
|
|
if (strcasecmp(name, "unknown") == 0)
|
|
return (PF_OSFP_UNKNOWN);
|
|
|
|
/* Try most likely no version and no subtype */
|
|
if ((nm = lookup_name_list(&classes, name))) {
|
|
class = nm->nm_num;
|
|
version = PF_OSFP_ANY;
|
|
subtype = PF_OSFP_ANY;
|
|
goto found;
|
|
} else {
|
|
|
|
/* Chop it up into class/version/subtype */
|
|
|
|
if ((wr_name = strdup(name)) == NULL)
|
|
err(1, "malloc");
|
|
if ((ptr = strchr(wr_name, ' ')) == NULL) {
|
|
free(wr_name);
|
|
return (PF_OSFP_NOMATCH);
|
|
}
|
|
*ptr++ = '\0';
|
|
|
|
/* The class is easy to find since it is delimited by a space */
|
|
if ((class_nm = lookup_name_list(&classes, wr_name)) == NULL) {
|
|
free(wr_name);
|
|
return (PF_OSFP_NOMATCH);
|
|
}
|
|
class = class_nm->nm_num;
|
|
|
|
/* Try no subtype */
|
|
if ((version_nm = lookup_name_list(&class_nm->nm_sublist, ptr)))
|
|
{
|
|
version = version_nm->nm_num;
|
|
subtype = PF_OSFP_ANY;
|
|
free(wr_name);
|
|
goto found;
|
|
}
|
|
|
|
|
|
/*
|
|
* There must be a version and a subtype.
|
|
* We'll do some fuzzy matching to pick up things like:
|
|
* Linux 2.2.14 (version=2.2 subtype=14)
|
|
* FreeBSD 4.0-STABLE (version=4.0 subtype=STABLE)
|
|
* Windows 2000 SP2 (version=2000 subtype=SP2)
|
|
*/
|
|
#define CONNECTOR(x) ((x) == '.' || (x) == ' ' || (x) == '\t' || (x) == '-')
|
|
wr_len = strlen(ptr);
|
|
LIST_FOREACH(version_nm, &class_nm->nm_sublist, nm_entry) {
|
|
version_len = strlen(version_nm->nm_name);
|
|
if (wr_len < version_len + 2 ||
|
|
!CONNECTOR(ptr[version_len]))
|
|
continue;
|
|
/* first part of the string must be version */
|
|
if (strncasecmp(ptr, version_nm->nm_name,
|
|
version_len))
|
|
continue;
|
|
|
|
LIST_FOREACH(subtype_nm, &version_nm->nm_sublist,
|
|
nm_entry) {
|
|
subtype_len = strlen(subtype_nm->nm_name);
|
|
if (wr_len != version_len + subtype_len + 1)
|
|
continue;
|
|
|
|
/* last part of the string must be subtype */
|
|
if (strcasecmp(&ptr[version_len+1],
|
|
subtype_nm->nm_name) != 0)
|
|
continue;
|
|
|
|
/* Found it!! */
|
|
version = version_nm->nm_num;
|
|
subtype = subtype_nm->nm_num;
|
|
free(wr_name);
|
|
goto found;
|
|
}
|
|
}
|
|
|
|
free(wr_name);
|
|
return (PF_OSFP_NOMATCH);
|
|
}
|
|
|
|
found:
|
|
PF_OSFP_PACK(ret, class, version, subtype);
|
|
if (ret != PF_OSFP_NOMATCH) {
|
|
PF_OSFP_UNPACK(ret, unp_class, unp_version, unp_subtype);
|
|
if (class != unp_class) {
|
|
fprintf(stderr, "warning: fingerprint table overflowed "
|
|
"classes\n");
|
|
return (PF_OSFP_NOMATCH);
|
|
}
|
|
if (version != unp_version) {
|
|
fprintf(stderr, "warning: fingerprint table overflowed "
|
|
"versions\n");
|
|
return (PF_OSFP_NOMATCH);
|
|
}
|
|
if (subtype != unp_subtype) {
|
|
fprintf(stderr, "warning: fingerprint table overflowed "
|
|
"subtypes\n");
|
|
return (PF_OSFP_NOMATCH);
|
|
}
|
|
}
|
|
if (ret == PF_OSFP_ANY) {
|
|
/* should never happen */
|
|
fprintf(stderr, "warning: fingerprint packed to 'any'\n");
|
|
return (PF_OSFP_NOMATCH);
|
|
}
|
|
|
|
return (ret);
|
|
}
|
|
|
|
/* Lookup a fingerprint name by ID */
|
|
char *
|
|
pfctl_lookup_fingerprint(pf_osfp_t fp, char *buf, size_t len)
|
|
{
|
|
int class, version, subtype;
|
|
struct name_list *list;
|
|
struct name_entry *nm;
|
|
|
|
u_char *class_name, *version_name, *subtype_name;
|
|
class_name = version_name = subtype_name = NULL;
|
|
|
|
if (fp == PF_OSFP_UNKNOWN) {
|
|
strlcpy(buf, "unknown", len);
|
|
return (buf);
|
|
}
|
|
if (fp == PF_OSFP_ANY) {
|
|
strlcpy(buf, "any", len);
|
|
return (buf);
|
|
}
|
|
|
|
PF_OSFP_UNPACK(fp, class, version, subtype);
|
|
if (class >= (1 << _FP_CLASS_BITS) ||
|
|
version >= (1 << _FP_VERSION_BITS) ||
|
|
subtype >= (1 << _FP_SUBTYPE_BITS)) {
|
|
warnx("PF_OSFP_UNPACK(0x%x) failed!!", fp);
|
|
strlcpy(buf, "nomatch", len);
|
|
return (buf);
|
|
}
|
|
|
|
LIST_FOREACH(nm, &classes, nm_entry) {
|
|
if (nm->nm_num == class) {
|
|
class_name = nm->nm_name;
|
|
if (version == PF_OSFP_ANY)
|
|
goto found;
|
|
list = &nm->nm_sublist;
|
|
LIST_FOREACH(nm, list, nm_entry) {
|
|
if (nm->nm_num == version) {
|
|
version_name = nm->nm_name;
|
|
if (subtype == PF_OSFP_ANY)
|
|
goto found;
|
|
list = &nm->nm_sublist;
|
|
LIST_FOREACH(nm, list, nm_entry) {
|
|
if (nm->nm_num == subtype) {
|
|
subtype_name =
|
|
nm->nm_name;
|
|
goto found;
|
|
}
|
|
} /* foreach subtype */
|
|
strlcpy(buf, "nomatch", len);
|
|
return (buf);
|
|
}
|
|
} /* foreach version */
|
|
strlcpy(buf, "nomatch", len);
|
|
return (buf);
|
|
}
|
|
} /* foreach class */
|
|
|
|
strlcpy(buf, "nomatch", len);
|
|
return (buf);
|
|
|
|
found:
|
|
snprintf(buf, len, "%s", class_name);
|
|
if (version_name) {
|
|
strlcat(buf, " ", len);
|
|
strlcat(buf, version_name, len);
|
|
if (subtype_name) {
|
|
if (strchr(version_name, ' '))
|
|
strlcat(buf, " ", len);
|
|
else if (strchr(version_name, '.') &&
|
|
isdigit(*subtype_name))
|
|
strlcat(buf, ".", len);
|
|
else
|
|
strlcat(buf, " ", len);
|
|
strlcat(buf, subtype_name, len);
|
|
}
|
|
}
|
|
return (buf);
|
|
}
|
|
|
|
/* lookup a name in a list */
|
|
struct name_entry *
|
|
lookup_name_list(struct name_list *list, const char *name)
|
|
{
|
|
struct name_entry *nm;
|
|
LIST_FOREACH(nm, list, nm_entry)
|
|
if (strcasecmp(name, nm->nm_name) == 0)
|
|
return (nm);
|
|
|
|
return (NULL);
|
|
}
|
|
|
|
|
|
void
|
|
add_fingerprint(int dev, int opts, struct pf_osfp_ioctl *fp)
|
|
{
|
|
struct pf_osfp_ioctl fptmp;
|
|
struct name_entry *nm_class, *nm_version, *nm_subtype;
|
|
int class, version, subtype;
|
|
|
|
/* We expand #-# or #.#-#.# version/subtypes into multiple fingerprints */
|
|
#define EXPAND(field) do { \
|
|
int _dot = -1, _start = -1, _end = -1, _i = 0; \
|
|
/* pick major version out of #.# */ \
|
|
if (isdigit(fp->field[_i]) && fp->field[_i+1] == '.') { \
|
|
_dot = fp->field[_i] - '0'; \
|
|
_i += 2; \
|
|
} \
|
|
if (isdigit(fp->field[_i])) \
|
|
_start = fp->field[_i++] - '0'; \
|
|
else \
|
|
break; \
|
|
if (isdigit(fp->field[_i])) \
|
|
_start = (_start * 10) + fp->field[_i++] - '0'; \
|
|
if (fp->field[_i++] != '-') \
|
|
break; \
|
|
if (isdigit(fp->field[_i]) && fp->field[_i+1] == '.' && \
|
|
fp->field[_i] - '0' == _dot) \
|
|
_i += 2; \
|
|
else if (_dot != -1) \
|
|
break; \
|
|
if (isdigit(fp->field[_i])) \
|
|
_end = fp->field[_i++] - '0'; \
|
|
else \
|
|
break; \
|
|
if (isdigit(fp->field[_i])) \
|
|
_end = (_end * 10) + fp->field[_i++] - '0'; \
|
|
if (isdigit(fp->field[_i])) \
|
|
_end = (_end * 10) + fp->field[_i++] - '0'; \
|
|
if (fp->field[_i] != '\0') \
|
|
break; \
|
|
memcpy(&fptmp, fp, sizeof(fptmp)); \
|
|
for (;_start <= _end; _start++) { \
|
|
memset(fptmp.field, 0, sizeof(fptmp.field)); \
|
|
fptmp.fp_os.fp_enflags |= PF_OSFP_EXPANDED; \
|
|
if (_dot == -1) \
|
|
snprintf(fptmp.field, sizeof(fptmp.field), \
|
|
"%d", _start); \
|
|
else \
|
|
snprintf(fptmp.field, sizeof(fptmp.field), \
|
|
"%d.%d", _dot, _start); \
|
|
add_fingerprint(dev, opts, &fptmp); \
|
|
} \
|
|
} while(0)
|
|
|
|
/* We allow "#-#" as a version or subtype and we'll expand it */
|
|
EXPAND(fp_os.fp_version_nm);
|
|
EXPAND(fp_os.fp_subtype_nm);
|
|
|
|
if (strcasecmp(fp->fp_os.fp_class_nm, "nomatch") == 0)
|
|
errx(1, "fingerprint class \"nomatch\" is reserved");
|
|
|
|
version = PF_OSFP_ANY;
|
|
subtype = PF_OSFP_ANY;
|
|
|
|
nm_class = fingerprint_name_entry(&classes, fp->fp_os.fp_class_nm);
|
|
if (nm_class->nm_num == 0)
|
|
nm_class->nm_num = ++class_count;
|
|
class = nm_class->nm_num;
|
|
|
|
nm_version = fingerprint_name_entry(&nm_class->nm_sublist,
|
|
fp->fp_os.fp_version_nm);
|
|
if (nm_version) {
|
|
if (nm_version->nm_num == 0)
|
|
nm_version->nm_num = ++nm_class->nm_sublist_num;
|
|
version = nm_version->nm_num;
|
|
nm_subtype = fingerprint_name_entry(&nm_version->nm_sublist,
|
|
fp->fp_os.fp_subtype_nm);
|
|
if (nm_subtype) {
|
|
if (nm_subtype->nm_num == 0)
|
|
nm_subtype->nm_num =
|
|
++nm_version->nm_sublist_num;
|
|
subtype = nm_subtype->nm_num;
|
|
}
|
|
}
|
|
|
|
|
|
DEBUG(fp, "\tsignature %d:%d:%d %s", class, version, subtype,
|
|
print_ioctl(fp));
|
|
|
|
PF_OSFP_PACK(fp->fp_os.fp_os, class, version, subtype);
|
|
fingerprint_count++;
|
|
|
|
#ifdef FAKE_PF_KERNEL
|
|
/* Linked to the sys/net/pf_osfp.c. Call pf_osfp_add() */
|
|
if ((errno = pf_osfp_add(fp)))
|
|
#else
|
|
if ((opts & PF_OPT_NOACTION) == 0 && ioctl(dev, DIOCOSFPADD, fp) == -1)
|
|
#endif /* FAKE_PF_KERNEL */
|
|
{
|
|
if (errno == EEXIST) {
|
|
warn("Duplicate signature for %s %s %s",
|
|
fp->fp_os.fp_class_nm,
|
|
fp->fp_os.fp_version_nm,
|
|
fp->fp_os.fp_subtype_nm);
|
|
|
|
} else {
|
|
err(1, "DIOCOSFPADD");
|
|
}
|
|
}
|
|
}
|
|
|
|
/* import a fingerprint from the kernel */
|
|
void
|
|
import_fingerprint(struct pf_osfp_ioctl *fp)
|
|
{
|
|
struct name_entry *nm_class, *nm_version, *nm_subtype;
|
|
int class, version, subtype;
|
|
|
|
PF_OSFP_UNPACK(fp->fp_os.fp_os, class, version, subtype);
|
|
|
|
nm_class = fingerprint_name_entry(&classes, fp->fp_os.fp_class_nm);
|
|
if (nm_class->nm_num == 0) {
|
|
nm_class->nm_num = class;
|
|
class_count = MAXIMUM(class_count, class);
|
|
}
|
|
|
|
nm_version = fingerprint_name_entry(&nm_class->nm_sublist,
|
|
fp->fp_os.fp_version_nm);
|
|
if (nm_version) {
|
|
if (nm_version->nm_num == 0) {
|
|
nm_version->nm_num = version;
|
|
nm_class->nm_sublist_num = MAXIMUM(nm_class->nm_sublist_num,
|
|
version);
|
|
}
|
|
nm_subtype = fingerprint_name_entry(&nm_version->nm_sublist,
|
|
fp->fp_os.fp_subtype_nm);
|
|
if (nm_subtype) {
|
|
if (nm_subtype->nm_num == 0) {
|
|
nm_subtype->nm_num = subtype;
|
|
nm_version->nm_sublist_num =
|
|
MAXIMUM(nm_version->nm_sublist_num, subtype);
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
fingerprint_count++;
|
|
DEBUG(fp, "import signature %d:%d:%d", class, version, subtype);
|
|
}
|
|
|
|
/* Find an entry for a fingerprints class/version/subtype */
|
|
struct name_entry *
|
|
fingerprint_name_entry(struct name_list *list, char *name)
|
|
{
|
|
struct name_entry *nm_entry;
|
|
|
|
if (name == NULL || strlen(name) == 0)
|
|
return (NULL);
|
|
|
|
LIST_FOREACH(nm_entry, list, nm_entry) {
|
|
if (strcasecmp(nm_entry->nm_name, name) == 0) {
|
|
/* We'll move this to the front of the list later */
|
|
LIST_REMOVE(nm_entry, nm_entry);
|
|
break;
|
|
}
|
|
}
|
|
if (nm_entry == NULL) {
|
|
nm_entry = calloc(1, sizeof(*nm_entry));
|
|
if (nm_entry == NULL)
|
|
err(1, "calloc");
|
|
LIST_INIT(&nm_entry->nm_sublist);
|
|
strlcpy(nm_entry->nm_name, name, sizeof(nm_entry->nm_name));
|
|
}
|
|
LIST_INSERT_HEAD(list, nm_entry, nm_entry);
|
|
return (nm_entry);
|
|
}
|
|
|
|
|
|
void
|
|
print_name_list(int opts, struct name_list *nml, const char *prefix)
|
|
{
|
|
char newprefix[32];
|
|
struct name_entry *nm;
|
|
|
|
LIST_FOREACH(nm, nml, nm_entry) {
|
|
snprintf(newprefix, sizeof(newprefix), "%s%s\t", prefix,
|
|
nm->nm_name);
|
|
printf("%s\n", newprefix);
|
|
print_name_list(opts, &nm->nm_sublist, newprefix);
|
|
}
|
|
}
|
|
|
|
void
|
|
sort_name_list(int opts, struct name_list *nml)
|
|
{
|
|
struct name_list new;
|
|
struct name_entry *nm, *nmsearch, *nmlast;
|
|
|
|
/* yes yes, it's a very slow sort. so sue me */
|
|
|
|
LIST_INIT(&new);
|
|
|
|
while ((nm = LIST_FIRST(nml)) != NULL) {
|
|
LIST_REMOVE(nm, nm_entry);
|
|
nmlast = NULL;
|
|
LIST_FOREACH(nmsearch, &new, nm_entry) {
|
|
if (strcasecmp(nmsearch->nm_name, nm->nm_name) > 0) {
|
|
LIST_INSERT_BEFORE(nmsearch, nm, nm_entry);
|
|
break;
|
|
}
|
|
nmlast = nmsearch;
|
|
}
|
|
if (nmsearch == NULL) {
|
|
if (nmlast)
|
|
LIST_INSERT_AFTER(nmlast, nm, nm_entry);
|
|
else
|
|
LIST_INSERT_HEAD(&new, nm, nm_entry);
|
|
}
|
|
|
|
sort_name_list(opts, &nm->nm_sublist);
|
|
}
|
|
nmlast = NULL;
|
|
while ((nm = LIST_FIRST(&new)) != NULL) {
|
|
LIST_REMOVE(nm, nm_entry);
|
|
if (nmlast == NULL)
|
|
LIST_INSERT_HEAD(nml, nm, nm_entry);
|
|
else
|
|
LIST_INSERT_AFTER(nmlast, nm, nm_entry);
|
|
nmlast = nm;
|
|
}
|
|
}
|
|
|
|
/* parse the next integer in a formatted config file line */
|
|
int
|
|
get_int(u_char **line, size_t *len, int *var, int *mod,
|
|
const char *name, int flags, int max, const char *filename, int lineno)
|
|
{
|
|
int fieldlen, i;
|
|
u_char *field;
|
|
long val = 0;
|
|
|
|
if (mod)
|
|
*mod = 0;
|
|
*var = 0;
|
|
|
|
field = get_field(line, len, &fieldlen);
|
|
if (field == NULL)
|
|
return (1);
|
|
if (fieldlen == 0) {
|
|
fprintf(stderr, "%s:%d empty %s\n", filename, lineno, name);
|
|
return (1);
|
|
}
|
|
|
|
i = 0;
|
|
if ((*field == '%' || *field == 'S' || *field == 'T' || *field == '*')
|
|
&& fieldlen >= 1) {
|
|
switch (*field) {
|
|
case 'S':
|
|
if (mod && (flags & T_MSS))
|
|
*mod = T_MSS;
|
|
if (fieldlen == 1)
|
|
return (0);
|
|
break;
|
|
case 'T':
|
|
if (mod && (flags & T_MTU))
|
|
*mod = T_MTU;
|
|
if (fieldlen == 1)
|
|
return (0);
|
|
break;
|
|
case '*':
|
|
if (fieldlen != 1) {
|
|
fprintf(stderr, "%s:%d long '%c' %s\n",
|
|
filename, lineno, *field, name);
|
|
return (1);
|
|
}
|
|
if (mod && (flags & T_DC)) {
|
|
*mod = T_DC;
|
|
return (0);
|
|
}
|
|
case '%':
|
|
if (mod && (flags & T_MOD))
|
|
*mod = T_MOD;
|
|
if (fieldlen == 1) {
|
|
fprintf(stderr, "%s:%d modulus %s must have a "
|
|
"value\n", filename, lineno, name);
|
|
return (1);
|
|
}
|
|
break;
|
|
}
|
|
if (mod == NULL || *mod == 0) {
|
|
fprintf(stderr, "%s:%d does not allow %c' %s\n",
|
|
filename, lineno, *field, name);
|
|
return (1);
|
|
}
|
|
i++;
|
|
}
|
|
|
|
for (; i < fieldlen; i++) {
|
|
if (field[i] < '0' || field[i] > '9') {
|
|
fprintf(stderr, "%s:%d non-digit character in %s\n",
|
|
filename, lineno, name);
|
|
return (1);
|
|
}
|
|
val = val * 10 + field[i] - '0';
|
|
if (val < 0) {
|
|
fprintf(stderr, "%s:%d %s overflowed\n", filename,
|
|
lineno, name);
|
|
return (1);
|
|
}
|
|
}
|
|
|
|
if (val > max) {
|
|
fprintf(stderr, "%s:%d %s value %ld > %d\n", filename, lineno,
|
|
name, val, max);
|
|
return (1);
|
|
}
|
|
*var = (int)val;
|
|
|
|
return (0);
|
|
}
|
|
|
|
/* parse the next string in a formatted config file line */
|
|
int
|
|
get_str(u_char **line, size_t *len, char **v, const char *name, int minlen,
|
|
const char *filename, int lineno)
|
|
{
|
|
int fieldlen;
|
|
char *ptr;
|
|
|
|
ptr = get_field(line, len, &fieldlen);
|
|
if (ptr == NULL)
|
|
return (1);
|
|
if (fieldlen < minlen) {
|
|
fprintf(stderr, "%s:%d too short %s\n", filename, lineno, name);
|
|
return (1);
|
|
}
|
|
if ((*v = malloc(fieldlen + 1)) == NULL) {
|
|
perror("malloc()");
|
|
return (1);
|
|
}
|
|
memcpy(*v, ptr, fieldlen);
|
|
(*v)[fieldlen] = '\0';
|
|
|
|
return (0);
|
|
}
|
|
|
|
/* Parse out the TCP opts */
|
|
int
|
|
get_tcpopts(const char *filename, int lineno, const u_char *tcpopts,
|
|
pf_tcpopts_t *packed, int *optcnt, int *mss, int *mss_mod, int *wscale,
|
|
int *wscale_mod, int *ts0)
|
|
{
|
|
int i, opt;
|
|
|
|
*packed = 0;
|
|
*optcnt = 0;
|
|
*wscale = 0;
|
|
*wscale_mod = T_DC;
|
|
*mss = 0;
|
|
*mss_mod = T_DC;
|
|
*ts0 = 0;
|
|
if (strcmp(tcpopts, ".") == 0)
|
|
return (0);
|
|
|
|
for (i = 0; tcpopts[i] && *optcnt < PF_OSFP_MAX_OPTS;) {
|
|
switch ((opt = toupper(tcpopts[i++]))) {
|
|
case 'N': /* FALLTHROUGH */
|
|
case 'S':
|
|
*packed = (*packed << PF_OSFP_TCPOPT_BITS) |
|
|
(opt == 'N' ? PF_OSFP_TCPOPT_NOP :
|
|
PF_OSFP_TCPOPT_SACK);
|
|
break;
|
|
case 'W': /* FALLTHROUGH */
|
|
case 'M': {
|
|
int *this_mod, *this;
|
|
|
|
if (opt == 'W') {
|
|
this = wscale;
|
|
this_mod = wscale_mod;
|
|
} else {
|
|
this = mss;
|
|
this_mod = mss_mod;
|
|
}
|
|
*this = 0;
|
|
*this_mod = 0;
|
|
|
|
*packed = (*packed << PF_OSFP_TCPOPT_BITS) |
|
|
(opt == 'W' ? PF_OSFP_TCPOPT_WSCALE :
|
|
PF_OSFP_TCPOPT_MSS);
|
|
if (tcpopts[i] == '*' && (tcpopts[i + 1] == '\0' ||
|
|
tcpopts[i + 1] == ',')) {
|
|
*this_mod = T_DC;
|
|
i++;
|
|
break;
|
|
}
|
|
|
|
if (tcpopts[i] == '%') {
|
|
*this_mod = T_MOD;
|
|
i++;
|
|
}
|
|
do {
|
|
if (!isdigit(tcpopts[i])) {
|
|
fprintf(stderr, "%s:%d unknown "
|
|
"character '%c' in %c TCP opt\n",
|
|
filename, lineno, tcpopts[i], opt);
|
|
return (1);
|
|
}
|
|
*this = (*this * 10) + tcpopts[i++] - '0';
|
|
} while(tcpopts[i] != ',' && tcpopts[i] != '\0');
|
|
break;
|
|
}
|
|
case 'T':
|
|
if (tcpopts[i] == '0') {
|
|
*ts0 = 1;
|
|
i++;
|
|
}
|
|
*packed = (*packed << PF_OSFP_TCPOPT_BITS) |
|
|
PF_OSFP_TCPOPT_TS;
|
|
break;
|
|
}
|
|
(*optcnt) ++;
|
|
if (tcpopts[i] == '\0')
|
|
break;
|
|
if (tcpopts[i] != ',') {
|
|
fprintf(stderr, "%s:%d unknown option to %c TCP opt\n",
|
|
filename, lineno, opt);
|
|
return (1);
|
|
}
|
|
i++;
|
|
}
|
|
|
|
return (0);
|
|
}
|
|
|
|
/* rip the next field out of a formatted config file line */
|
|
char *
|
|
get_field(u_char **line, size_t *len, int *fieldlen)
|
|
{
|
|
char *ret, *ptr = *line;
|
|
size_t plen = *len;
|
|
|
|
|
|
while (plen && isspace((unsigned char)*ptr)) {
|
|
plen--;
|
|
ptr++;
|
|
}
|
|
ret = ptr;
|
|
*fieldlen = 0;
|
|
|
|
for (; plen > 0 && *ptr != ':'; plen--, ptr++)
|
|
(*fieldlen)++;
|
|
if (plen) {
|
|
*line = ptr + 1;
|
|
*len = plen - 1;
|
|
} else {
|
|
*len = 0;
|
|
}
|
|
while (*fieldlen && isspace((unsigned char)ret[*fieldlen - 1]))
|
|
(*fieldlen)--;
|
|
return (ret);
|
|
}
|
|
|
|
|
|
#ifdef OSFP_DEBUG
|
|
const char *
|
|
print_ioctl(struct pf_osfp_ioctl *fp)
|
|
{
|
|
static char buf[1024];
|
|
char tmp[32];
|
|
int i, opt;
|
|
|
|
*buf = '\0';
|
|
if (fp->fp_flags & PF_OSFP_WSIZE_DC)
|
|
strlcat(buf, "*", sizeof(buf));
|
|
else if (fp->fp_flags & PF_OSFP_WSIZE_MSS)
|
|
strlcat(buf, "S", sizeof(buf));
|
|
else if (fp->fp_flags & PF_OSFP_WSIZE_MTU)
|
|
strlcat(buf, "T", sizeof(buf));
|
|
else {
|
|
if (fp->fp_flags & PF_OSFP_WSIZE_MOD)
|
|
strlcat(buf, "%", sizeof(buf));
|
|
snprintf(tmp, sizeof(tmp), "%d", fp->fp_wsize);
|
|
strlcat(buf, tmp, sizeof(buf));
|
|
}
|
|
strlcat(buf, ":", sizeof(buf));
|
|
|
|
snprintf(tmp, sizeof(tmp), "%d", fp->fp_ttl);
|
|
strlcat(buf, tmp, sizeof(buf));
|
|
strlcat(buf, ":", sizeof(buf));
|
|
|
|
if (fp->fp_flags & PF_OSFP_DF)
|
|
strlcat(buf, "1", sizeof(buf));
|
|
else
|
|
strlcat(buf, "0", sizeof(buf));
|
|
strlcat(buf, ":", sizeof(buf));
|
|
|
|
if (fp->fp_flags & PF_OSFP_PSIZE_DC)
|
|
strlcat(buf, "*", sizeof(buf));
|
|
else {
|
|
if (fp->fp_flags & PF_OSFP_PSIZE_MOD)
|
|
strlcat(buf, "%", sizeof(buf));
|
|
snprintf(tmp, sizeof(tmp), "%d", fp->fp_psize);
|
|
strlcat(buf, tmp, sizeof(buf));
|
|
}
|
|
strlcat(buf, ":", sizeof(buf));
|
|
|
|
if (fp->fp_optcnt == 0)
|
|
strlcat(buf, ".", sizeof(buf));
|
|
for (i = fp->fp_optcnt - 1; i >= 0; i--) {
|
|
opt = fp->fp_tcpopts >> (i * PF_OSFP_TCPOPT_BITS);
|
|
opt &= (1 << PF_OSFP_TCPOPT_BITS) - 1;
|
|
switch (opt) {
|
|
case PF_OSFP_TCPOPT_NOP:
|
|
strlcat(buf, "N", sizeof(buf));
|
|
break;
|
|
case PF_OSFP_TCPOPT_SACK:
|
|
strlcat(buf, "S", sizeof(buf));
|
|
break;
|
|
case PF_OSFP_TCPOPT_TS:
|
|
strlcat(buf, "T", sizeof(buf));
|
|
if (fp->fp_flags & PF_OSFP_TS0)
|
|
strlcat(buf, "0", sizeof(buf));
|
|
break;
|
|
case PF_OSFP_TCPOPT_MSS:
|
|
strlcat(buf, "M", sizeof(buf));
|
|
if (fp->fp_flags & PF_OSFP_MSS_DC)
|
|
strlcat(buf, "*", sizeof(buf));
|
|
else {
|
|
if (fp->fp_flags & PF_OSFP_MSS_MOD)
|
|
strlcat(buf, "%", sizeof(buf));
|
|
snprintf(tmp, sizeof(tmp), "%d", fp->fp_mss);
|
|
strlcat(buf, tmp, sizeof(buf));
|
|
}
|
|
break;
|
|
case PF_OSFP_TCPOPT_WSCALE:
|
|
strlcat(buf, "W", sizeof(buf));
|
|
if (fp->fp_flags & PF_OSFP_WSCALE_DC)
|
|
strlcat(buf, "*", sizeof(buf));
|
|
else {
|
|
if (fp->fp_flags & PF_OSFP_WSCALE_MOD)
|
|
strlcat(buf, "%", sizeof(buf));
|
|
snprintf(tmp, sizeof(tmp), "%d", fp->fp_wscale);
|
|
strlcat(buf, tmp, sizeof(buf));
|
|
}
|
|
break;
|
|
}
|
|
|
|
if (i != 0)
|
|
strlcat(buf, ",", sizeof(buf));
|
|
}
|
|
strlcat(buf, ":", sizeof(buf));
|
|
|
|
strlcat(buf, fp->fp_os.fp_class_nm, sizeof(buf));
|
|
strlcat(buf, ":", sizeof(buf));
|
|
strlcat(buf, fp->fp_os.fp_version_nm, sizeof(buf));
|
|
strlcat(buf, ":", sizeof(buf));
|
|
strlcat(buf, fp->fp_os.fp_subtype_nm, sizeof(buf));
|
|
strlcat(buf, ":", sizeof(buf));
|
|
|
|
snprintf(tmp, sizeof(tmp), "TcpOpts %d 0x%llx", fp->fp_optcnt,
|
|
(long long int)fp->fp_tcpopts);
|
|
strlcat(buf, tmp, sizeof(buf));
|
|
|
|
return (buf);
|
|
}
|
|
#endif
|