Context Navigation

source: rtems-libbsd/freebsd/contrib/pf/pfctl/pfctl_osfp.c @ 4831944

4.11

Last change on this file since 4831944 was 4831944, checked in by Christian Mauderer <Christian.Mauderer@…>, on 07/05/16 at 14:31:43
pfctl: Adapt for RTEMS.
Property mode set to `100644`
File size: 27.4 KB

Line
1	#include <machine/rtems-bsd-user-space.h>
2
3	/* $OpenBSD: pfctl_osfp.c,v 1.14 2006/04/08 02:13:14 ray Exp $ */
4
5	/*
6	* Copyright (c) 2003 Mike Frantzen <frantzen@openbsd.org>
7	*
8	* Permission to use, copy, modify, and distribute this software for any
9	* purpose with or without fee is hereby granted, provided that the above
10	* copyright notice and this permission notice appear in all copies.
11	*
12	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19	*/
20
21	#ifdef __rtems__
22	#include <machine/rtems-bsd-program.h>
23	#endif /* __rtems__ */
24	#include <rtems/bsd/sys/types.h>
25	#include <sys/ioctl.h>
26	#include <sys/socket.h>
27
28	#include <net/if.h>
29	#include <net/pfvar.h>
30
31	#include <netinet/in_systm.h>
32	#include <netinet/ip.h>
33	#include <netinet/ip6.h>
34
35	#include <ctype.h>
36	#include <err.h>
37	#include <errno.h>
38	#include <stdio.h>
39	#include <stdlib.h>
40	#include <string.h>
41
42	#include "pfctl_parser.h"
43	#include "pfctl.h"
44
45	#ifndef MIN
46	# define MIN(a,b) (((a) < (b)) ? (a) : (b))
47	#endif /* MIN */
48	#ifndef MAX
49	# define MAX(a,b) (((a) > (b)) ? (a) : (b))
50	#endif /* MAX */
51
52
53	#if 0
54	# define DEBUG(fp, str, v...) \
55	fprintf(stderr, "%s:%s:%s " str "\n", (fp)->fp_os.fp_class_nm, \
56	(fp)->fp_os.fp_version_nm, (fp)->fp_os.fp_subtype_nm , ## v);
57	#else
58	# define DEBUG(fp, str, v...) ((void)0)
59	#endif
60
61
62	struct name_entry;
63	LIST_HEAD(name_list, name_entry);
64	struct name_entry {
65	LIST_ENTRY(name_entry) nm_entry;
66	int nm_num;
67	char nm_name[PF_OSFP_LEN];
68
69	struct name_list nm_sublist;
70	int nm_sublist_num;
71	};
72	#ifndef __rtems__
73	struct name_list classes = LIST_HEAD_INITIALIZER(&classes);
74	int class_count;
75	int fingerprint_count;
76	#else /* __rtems__ */
77	static struct name_list classes = LIST_HEAD_INITIALIZER(&classes);
78	static int class_count;
79	static int fingerprint_count;
80	#endif /* __rtems__ */
81
82	void add_fingerprint(int, int, struct pf_osfp_ioctl *);
83	struct name_entry fingerprint_name_entry(struct name_list , char *);
84	void pfctl_flush_my_fingerprints(struct name_list *);
85	char get_field(char , size_t , int *);
86	int get_int(char *, size_t , int , int , const char *,
87	int, int, const char *, int);
88	int get_str(char *, size_t , char *, const char , int,
89	const char *, int);
90	int get_tcpopts(const char , int, const char ,
91	pf_tcpopts_t , int , int , int , int , int ,
92	int *);
93	void import_fingerprint(struct pf_osfp_ioctl *);
94	const char print_ioctl(struct pf_osfp_ioctl );
95	void print_name_list(int, struct name_list , const char );
96	void sort_name_list(int, struct name_list *);
97	struct name_entry lookup_name_list(struct name_list , const char *);
98
99	/* Load fingerprints from a file */
100	int
101	pfctl_file_fingerprints(int dev, int opts, const char *fp_filename)
102	{
103	FILE *in;
104	char *line;
105	size_t len;
106	int i, lineno = 0;
107	int window, w_mod, ttl, df, psize, p_mod, mss, mss_mod, wscale,
108	wscale_mod, optcnt, ts0;
109	pf_tcpopts_t packed_tcpopts;
110	char class, version, subtype, desc, *tcpopts;
111	struct pf_osfp_ioctl fp;
112
113	pfctl_flush_my_fingerprints(&classes);
114
115	if ((in = pfctl_fopen(fp_filename, "r")) == NULL) {
116	warn("%s", fp_filename);
117	return (1);
118	}
119	class = version = subtype = desc = tcpopts = NULL;
120
121	if ((opts & PF_OPT_NOACTION) == 0)
122	pfctl_clear_fingerprints(dev, opts);
123
124	while ((line = fgetln(in, &len)) != NULL) {
125	lineno++;
126	if (class)
127	free(class);
128	if (version)
129	free(version);
130	if (subtype)
131	free(subtype);
132	if (desc)
133	free(desc);
134	if (tcpopts)
135	free(tcpopts);
136	class = version = subtype = desc = tcpopts = NULL;
137	memset(&fp, 0, sizeof(fp));
138
139	/* Chop off comment */
140	for (i = 0; i < len; i++)
141	if (line[i] == '#') {
142	len = i;
143	break;
144	}
145	/* Chop off whitespace */
146	while (len > 0 && isspace(line[len - 1]))
147	len--;
148	while (len > 0 && isspace(line[0])) {
149	len--;
150	line++;
151	}
152	if (len == 0)
153	continue;
154
155	#define T_DC 0x01 /* Allow don't care */
156	#define T_MSS 0x02 /* Allow MSS multiple */
157	#define T_MTU 0x04 /* Allow MTU multiple */
158	#define T_MOD 0x08 /* Allow modulus */
159
160	#define GET_INT(v, mod, n, ty, mx) \
161	get_int(&line, &len, &v, mod, n, ty, mx, fp_filename, lineno)
162	#define GET_STR(v, n, mn) \
163	get_str(&line, &len, &v, n, mn, fp_filename, lineno)
164
165	if (GET_INT(window, &w_mod, "window size", T_DC\|T_MSS\|T_MTU\|
166	T_MOD, 0xffff) \|\|
167	GET_INT(ttl, NULL, "ttl", 0, 0xff) \|\|
168	GET_INT(df, NULL, "don't fragment frag", 0, 1) \|\|
169	GET_INT(psize, &p_mod, "overall packet size", T_MOD\|T_DC,
170	8192) \|\|
171	GET_STR(tcpopts, "TCP Options", 1) \|\|
172	GET_STR(class, "OS class", 1) \|\|
173	GET_STR(version, "OS version", 0) \|\|
174	GET_STR(subtype, "OS subtype", 0) \|\|
175	GET_STR(desc, "OS description", 2))
176	continue;
177	if (get_tcpopts(fp_filename, lineno, tcpopts, &packed_tcpopts,
178	&optcnt, &mss, &mss_mod, &wscale, &wscale_mod, &ts0))
179	continue;
180	if (len != 0) {
181	fprintf(stderr, "%s:%d excess field\n", fp_filename,
182	lineno);
183	continue;
184	}
185
186	fp.fp_ttl = ttl;
187	if (df)
188	fp.fp_flags \|= PF_OSFP_DF;
189	switch (w_mod) {
190	case 0:
191	break;
192	case T_DC:
193	fp.fp_flags \|= PF_OSFP_WSIZE_DC;
194	break;
195	case T_MSS:
196	fp.fp_flags \|= PF_OSFP_WSIZE_MSS;
197	break;
198	case T_MTU:
199	fp.fp_flags \|= PF_OSFP_WSIZE_MTU;
200	break;
201	case T_MOD:
202	fp.fp_flags \|= PF_OSFP_WSIZE_MOD;
203	break;
204	}
205	fp.fp_wsize = window;
206
207	switch (p_mod) {
208	case T_DC:
209	fp.fp_flags \|= PF_OSFP_PSIZE_DC;
210	break;
211	case T_MOD:
212	fp.fp_flags \|= PF_OSFP_PSIZE_MOD;
213	}
214	fp.fp_psize = psize;
215
216
217	switch (wscale_mod) {
218	case T_DC:
219	fp.fp_flags \|= PF_OSFP_WSCALE_DC;
220	break;
221	case T_MOD:
222	fp.fp_flags \|= PF_OSFP_WSCALE_MOD;
223	}
224	fp.fp_wscale = wscale;
225
226	switch (mss_mod) {
227	case T_DC:
228	fp.fp_flags \|= PF_OSFP_MSS_DC;
229	break;
230	case T_MOD:
231	fp.fp_flags \|= PF_OSFP_MSS_MOD;
232	break;
233	}
234	fp.fp_mss = mss;
235
236	fp.fp_tcpopts = packed_tcpopts;
237	fp.fp_optcnt = optcnt;
238	if (ts0)
239	fp.fp_flags \|= PF_OSFP_TS0;
240
241	if (class[0] == '@')
242	fp.fp_os.fp_enflags \|= PF_OSFP_GENERIC;
243	if (class[0] == '*')
244	fp.fp_os.fp_enflags \|= PF_OSFP_NODETAIL;
245
246	if (class[0] == '@' \|\| class[0] == '*')
247	strlcpy(fp.fp_os.fp_class_nm, class + 1,
248	sizeof(fp.fp_os.fp_class_nm));
249	else
250	strlcpy(fp.fp_os.fp_class_nm, class,
251	sizeof(fp.fp_os.fp_class_nm));
252	strlcpy(fp.fp_os.fp_version_nm, version,
253	sizeof(fp.fp_os.fp_version_nm));
254	strlcpy(fp.fp_os.fp_subtype_nm, subtype,
255	sizeof(fp.fp_os.fp_subtype_nm));
256
257	add_fingerprint(dev, opts, &fp);
258
259	fp.fp_flags \|= (PF_OSFP_DF \| PF_OSFP_INET6);
260	fp.fp_psize += sizeof(struct ip6_hdr) - sizeof(struct ip);
261	add_fingerprint(dev, opts, &fp);
262	}
263
264	if (class)
265	free(class);
266	if (version)
267	free(version);
268	if (subtype)
269	free(subtype);
270	if (desc)
271	free(desc);
272	if (tcpopts)
273	free(tcpopts);
274
275	fclose(in);
276
277	if (opts & PF_OPT_VERBOSE2)
278	printf("Loaded %d passive OS fingerprints\n",
279	fingerprint_count);
280	return (0);
281	}
282
283	/* flush the kernel's fingerprints */
284	void
285	pfctl_clear_fingerprints(int dev, int opts)
286	{
287	if (ioctl(dev, DIOCOSFPFLUSH))
288	err(1, "DIOCOSFPFLUSH");
289	}
290
291	/* flush pfctl's view of the fingerprints */
292	void
293	pfctl_flush_my_fingerprints(struct name_list *list)
294	{
295	struct name_entry *nm;
296
297	while ((nm = LIST_FIRST(list)) != NULL) {
298	LIST_REMOVE(nm, nm_entry);
299	pfctl_flush_my_fingerprints(&nm->nm_sublist);
300	free(nm);
301	}
302	fingerprint_count = 0;
303	class_count = 0;
304	}
305
306	/* Fetch the active fingerprints from the kernel */
307	int
308	pfctl_load_fingerprints(int dev, int opts)
309	{
310	struct pf_osfp_ioctl io;
311	int i;
312
313	pfctl_flush_my_fingerprints(&classes);
314
315	for (i = 0; i >= 0; i++) {
316	memset(&io, 0, sizeof(io));
317	io.fp_getnum = i;
318	if (ioctl(dev, DIOCOSFPGET, &io)) {
319	if (errno == EBUSY)
320	break;
321	warn("DIOCOSFPGET");
322	return (1);
323	}
324	import_fingerprint(&io);
325	}
326	return (0);
327	}
328
329	/* List the fingerprints */
330	void
331	pfctl_show_fingerprints(int opts)
332	{
333	if (LIST_FIRST(&classes) != NULL) {
334	if (opts & PF_OPT_SHOWALL) {
335	pfctl_print_title("OS FINGERPRINTS:");
336	printf("%u fingerprints loaded\n", fingerprint_count);
337	} else {
338	printf("Class\tVersion\tSubtype(subversion)\n");
339	printf("-----\t-------\t-------------------\n");
340	sort_name_list(opts, &classes);
341	print_name_list(opts, &classes, "");
342	}
343	}
344	}
345
346	/* Lookup a fingerprint */
347	pf_osfp_t
348	pfctl_get_fingerprint(const char *name)
349	{
350	struct name_entry nm, class_nm, version_nm, subtype_nm;
351	pf_osfp_t ret = PF_OSFP_NOMATCH;
352	int class, version, subtype;
353	int unp_class, unp_version, unp_subtype;
354	int wr_len, version_len, subtype_len;
355	char ptr, wr_name;
356
357	if (strcasecmp(name, "unknown") == 0)
358	return (PF_OSFP_UNKNOWN);
359
360	/* Try most likely no version and no subtype */
361	if ((nm = lookup_name_list(&classes, name))) {
362	class = nm->nm_num;
363	version = PF_OSFP_ANY;
364	subtype = PF_OSFP_ANY;
365	goto found;
366	} else {
367
368	/* Chop it up into class/version/subtype */
369
370	if ((wr_name = strdup(name)) == NULL)
371	err(1, "malloc");
372	if ((ptr = strchr(wr_name, ' ')) == NULL) {
373	free(wr_name);
374	return (PF_OSFP_NOMATCH);
375	}
376	*ptr++ = '\0';
377
378	/* The class is easy to find since it is delimited by a space */
379	if ((class_nm = lookup_name_list(&classes, wr_name)) == NULL) {
380	free(wr_name);
381	return (PF_OSFP_NOMATCH);
382	}
383	class = class_nm->nm_num;
384
385	/* Try no subtype */
386	if ((version_nm = lookup_name_list(&class_nm->nm_sublist, ptr)))
387	{
388	version = version_nm->nm_num;
389	subtype = PF_OSFP_ANY;
390	free(wr_name);
391	goto found;
392	}
393
394
395	/*
396	* There must be a version and a subtype.
397	* We'll do some fuzzy matching to pick up things like:
398	* Linux 2.2.14 (version=2.2 subtype=14)
399	* FreeBSD 4.0-STABLE (version=4.0 subtype=STABLE)
400	* Windows 2000 SP2 (version=2000 subtype=SP2)
401	*/
402	#define CONNECTOR(x) ((x) == '.' \|\| (x) == ' ' \|\| (x) == '\t' \|\| (x) == '-')
403	wr_len = strlen(ptr);
404	LIST_FOREACH(version_nm, &class_nm->nm_sublist, nm_entry) {
405	version_len = strlen(version_nm->nm_name);
406	if (wr_len < version_len + 2 \|\|
407	!CONNECTOR(ptr[version_len]))
408	continue;
409	/* first part of the string must be version */
410	if (strncasecmp(ptr, version_nm->nm_name,
411	version_len))
412	continue;
413
414	LIST_FOREACH(subtype_nm, &version_nm->nm_sublist,
415	nm_entry) {
416	subtype_len = strlen(subtype_nm->nm_name);
417	if (wr_len != version_len + subtype_len + 1)
418	continue;
419
420	/* last part of the string must be subtype */
421	if (strcasecmp(&ptr[version_len+1],
422	subtype_nm->nm_name) != 0)
423	continue;
424
425	/* Found it!! */
426	version = version_nm->nm_num;
427	subtype = subtype_nm->nm_num;
428	free(wr_name);
429	goto found;
430	}
431	}
432
433	free(wr_name);
434	return (PF_OSFP_NOMATCH);
435	}
436
437	found:
438	PF_OSFP_PACK(ret, class, version, subtype);
439	if (ret != PF_OSFP_NOMATCH) {
440	PF_OSFP_UNPACK(ret, unp_class, unp_version, unp_subtype);
441	if (class != unp_class) {
442	fprintf(stderr, "warning: fingerprint table overflowed "
443	"classes\n");
444	return (PF_OSFP_NOMATCH);
445	}
446	if (version != unp_version) {
447	fprintf(stderr, "warning: fingerprint table overflowed "
448	"versions\n");
449	return (PF_OSFP_NOMATCH);
450	}
451	if (subtype != unp_subtype) {
452	fprintf(stderr, "warning: fingerprint table overflowed "
453	"subtypes\n");
454	return (PF_OSFP_NOMATCH);
455	}
456	}
457	if (ret == PF_OSFP_ANY) {
458	/* should never happen */
459	fprintf(stderr, "warning: fingerprint packed to 'any'\n");
460	return (PF_OSFP_NOMATCH);
461	}
462
463	return (ret);
464	}
465
466	/* Lookup a fingerprint name by ID */
467	char *
468	pfctl_lookup_fingerprint(pf_osfp_t fp, char *buf, size_t len)
469	{
470	int class, version, subtype;
471	struct name_list *list;
472	struct name_entry *nm;
473
474	char class_name, version_name, *subtype_name;
475	class_name = version_name = subtype_name = NULL;
476
477	if (fp == PF_OSFP_UNKNOWN) {
478	strlcpy(buf, "unknown", len);
479	return (buf);
480	}
481	if (fp == PF_OSFP_ANY) {
482	strlcpy(buf, "any", len);
483	return (buf);
484	}
485
486	PF_OSFP_UNPACK(fp, class, version, subtype);
487	if (class >= (1 << _FP_CLASS_BITS) \|\|
488	version >= (1 << _FP_VERSION_BITS) \|\|
489	subtype >= (1 << _FP_SUBTYPE_BITS)) {
490	warnx("PF_OSFP_UNPACK(0x%x) failed!!", fp);
491	strlcpy(buf, "nomatch", len);
492	return (buf);
493	}
494
495	LIST_FOREACH(nm, &classes, nm_entry) {
496	if (nm->nm_num == class) {
497	class_name = nm->nm_name;
498	if (version == PF_OSFP_ANY)
499	goto found;
500	list = &nm->nm_sublist;
501	LIST_FOREACH(nm, list, nm_entry) {
502	if (nm->nm_num == version) {
503	version_name = nm->nm_name;
504	if (subtype == PF_OSFP_ANY)
505	goto found;
506	list = &nm->nm_sublist;
507	LIST_FOREACH(nm, list, nm_entry) {
508	if (nm->nm_num == subtype) {
509	subtype_name =
510	nm->nm_name;
511	goto found;
512	}
513	} /* foreach subtype */
514	strlcpy(buf, "nomatch", len);
515	return (buf);
516	}
517	} /* foreach version */
518	strlcpy(buf, "nomatch", len);
519	return (buf);
520	}
521	} /* foreach class */
522
523	strlcpy(buf, "nomatch", len);
524	return (buf);
525
526	found:
527	snprintf(buf, len, "%s", class_name);
528	if (version_name) {
529	strlcat(buf, " ", len);
530	strlcat(buf, version_name, len);
531	if (subtype_name) {
532	if (strchr(version_name, ' '))
533	strlcat(buf, " ", len);
534	else if (strchr(version_name, '.') &&
535	isdigit(*subtype_name))
536	strlcat(buf, ".", len);
537	else
538	strlcat(buf, " ", len);
539	strlcat(buf, subtype_name, len);
540	}
541	}
542	return (buf);
543	}
544
545	/* lookup a name in a list */
546	struct name_entry *
547	lookup_name_list(struct name_list list, const char name)
548	{
549	struct name_entry *nm;
550	LIST_FOREACH(nm, list, nm_entry)
551	if (strcasecmp(name, nm->nm_name) == 0)
552	return (nm);
553
554	return (NULL);
555	}
556
557
558	void
559	add_fingerprint(int dev, int opts, struct pf_osfp_ioctl *fp)
560	{
561	struct pf_osfp_ioctl fptmp;
562	struct name_entry nm_class, nm_version, *nm_subtype;
563	int class, version, subtype;
564
565	/* We expand #-# or #.#-#.# version/subtypes into multiple fingerprints */
566	#define EXPAND(field) do { \
567	int _dot = -1, _start = -1, _end = -1, _i = 0; \
568	/* pick major version out of #.# */ \
569	if (isdigit(fp->field[_i]) && fp->field[_i+1] == '.') { \
570	_dot = fp->field[_i] - '0'; \
571	_i += 2; \
572	} \
573	if (isdigit(fp->field[_i])) \
574	_start = fp->field[_i++] - '0'; \
575	else \
576	break; \
577	if (isdigit(fp->field[_i])) \
578	_start = (_start * 10) + fp->field[_i++] - '0'; \
579	if (fp->field[_i++] != '-') \
580	break; \
581	if (isdigit(fp->field[_i]) && fp->field[_i+1] == '.' && \
582	fp->field[_i] - '0' == _dot) \
583	_i += 2; \
584	else if (_dot != -1) \
585	break; \
586	if (isdigit(fp->field[_i])) \
587	_end = fp->field[_i++] - '0'; \
588	else \
589	break; \
590	if (isdigit(fp->field[_i])) \
591	_end = (_end * 10) + fp->field[_i++] - '0'; \
592	if (isdigit(fp->field[_i])) \
593	_end = (_end * 10) + fp->field[_i++] - '0'; \
594	if (fp->field[_i] != '\0') \
595	break; \
596	memcpy(&fptmp, fp, sizeof(fptmp)); \
597	for (;_start <= _end; _start++) { \
598	memset(fptmp.field, 0, sizeof(fptmp.field)); \
599	fptmp.fp_os.fp_enflags \|= PF_OSFP_EXPANDED; \
600	if (_dot == -1) \
601	snprintf(fptmp.field, sizeof(fptmp.field), \
602	"%d", _start); \
603	else \
604	snprintf(fptmp.field, sizeof(fptmp.field), \
605	"%d.%d", _dot, _start); \
606	add_fingerprint(dev, opts, &fptmp); \
607	} \
608	} while(0)
609
610	/* We allow "#-#" as a version or subtype and we'll expand it */
611	EXPAND(fp_os.fp_version_nm);
612	EXPAND(fp_os.fp_subtype_nm);
613
614	if (strcasecmp(fp->fp_os.fp_class_nm, "nomatch") == 0)
615	errx(1, "fingerprint class \"nomatch\" is reserved");
616
617	version = PF_OSFP_ANY;
618	subtype = PF_OSFP_ANY;
619
620	nm_class = fingerprint_name_entry(&classes, fp->fp_os.fp_class_nm);
621	if (nm_class->nm_num == 0)
622	nm_class->nm_num = ++class_count;
623	class = nm_class->nm_num;
624
625	nm_version = fingerprint_name_entry(&nm_class->nm_sublist,
626	fp->fp_os.fp_version_nm);
627	if (nm_version) {
628	if (nm_version->nm_num == 0)
629	nm_version->nm_num = ++nm_class->nm_sublist_num;
630	version = nm_version->nm_num;
631	nm_subtype = fingerprint_name_entry(&nm_version->nm_sublist,
632	fp->fp_os.fp_subtype_nm);
633	if (nm_subtype) {
634	if (nm_subtype->nm_num == 0)
635	nm_subtype->nm_num =
636	++nm_version->nm_sublist_num;
637	subtype = nm_subtype->nm_num;
638	}
639	}
640
641
642	DEBUG(fp, "\tsignature %d:%d:%d %s", class, version, subtype,
643	print_ioctl(fp));
644
645	PF_OSFP_PACK(fp->fp_os.fp_os, class, version, subtype);
646	fingerprint_count++;
647
648	#ifdef FAKE_PF_KERNEL
649	/* Linked to the sys/net/pf_osfp.c. Call pf_osfp_add() */
650	if ((errno = pf_osfp_add(fp)))
651	#else
652	if ((opts & PF_OPT_NOACTION) == 0 && ioctl(dev, DIOCOSFPADD, fp))
653	#endif /* FAKE_PF_KERNEL */
654	{
655	if (errno == EEXIST) {
656	warn("Duplicate signature for %s %s %s",
657	fp->fp_os.fp_class_nm,
658	fp->fp_os.fp_version_nm,
659	fp->fp_os.fp_subtype_nm);
660
661	} else {
662	err(1, "DIOCOSFPADD");
663	}
664	}
665	}
666
667	/* import a fingerprint from the kernel */
668	void
669	import_fingerprint(struct pf_osfp_ioctl *fp)
670	{
671	struct name_entry nm_class, nm_version, *nm_subtype;
672	int class, version, subtype;
673
674	PF_OSFP_UNPACK(fp->fp_os.fp_os, class, version, subtype);
675
676	nm_class = fingerprint_name_entry(&classes, fp->fp_os.fp_class_nm);
677	if (nm_class->nm_num == 0) {
678	nm_class->nm_num = class;
679	class_count = MAX(class_count, class);
680	}
681
682	nm_version = fingerprint_name_entry(&nm_class->nm_sublist,
683	fp->fp_os.fp_version_nm);
684	if (nm_version) {
685	if (nm_version->nm_num == 0) {
686	nm_version->nm_num = version;
687	nm_class->nm_sublist_num = MAX(nm_class->nm_sublist_num,
688	version);
689	}
690	nm_subtype = fingerprint_name_entry(&nm_version->nm_sublist,
691	fp->fp_os.fp_subtype_nm);
692	if (nm_subtype) {
693	if (nm_subtype->nm_num == 0) {
694	nm_subtype->nm_num = subtype;
695	nm_version->nm_sublist_num =
696	MAX(nm_version->nm_sublist_num, subtype);
697	}
698	}
699	}
700
701
702	fingerprint_count++;
703	DEBUG(fp, "import signature %d:%d:%d", class, version, subtype);
704	}
705
706	/* Find an entry for a fingerprints class/version/subtype */
707	struct name_entry *
708	fingerprint_name_entry(struct name_list list, char name)
709	{
710	struct name_entry *nm_entry;
711
712	if (name == NULL \|\| strlen(name) == 0)
713	return (NULL);
714
715	LIST_FOREACH(nm_entry, list, nm_entry) {
716	if (strcasecmp(nm_entry->nm_name, name) == 0) {
717	/* We'll move this to the front of the list later */
718	LIST_REMOVE(nm_entry, nm_entry);
719	break;
720	}
721	}
722	if (nm_entry == NULL) {
723	nm_entry = calloc(1, sizeof(*nm_entry));
724	if (nm_entry == NULL)
725	err(1, "calloc");
726	LIST_INIT(&nm_entry->nm_sublist);
727	strlcpy(nm_entry->nm_name, name, sizeof(nm_entry->nm_name));
728	}
729	LIST_INSERT_HEAD(list, nm_entry, nm_entry);
730	return (nm_entry);
731	}
732
733
734	void
735	print_name_list(int opts, struct name_list nml, const char prefix)
736	{
737	char newprefix[32];
738	struct name_entry *nm;
739
740	LIST_FOREACH(nm, nml, nm_entry) {
741	snprintf(newprefix, sizeof(newprefix), "%s%s\t", prefix,
742	nm->nm_name);
743	printf("%s\n", newprefix);
744	print_name_list(opts, &nm->nm_sublist, newprefix);
745	}
746	}
747
748	void
749	sort_name_list(int opts, struct name_list *nml)
750	{
751	struct name_list new;
752	struct name_entry nm, nmsearch, *nmlast;
753
754	/* yes yes, it's a very slow sort. so sue me */
755
756	LIST_INIT(&new);
757
758	while ((nm = LIST_FIRST(nml)) != NULL) {
759	LIST_REMOVE(nm, nm_entry);
760	nmlast = NULL;
761	LIST_FOREACH(nmsearch, &new, nm_entry) {
762	if (strcasecmp(nmsearch->nm_name, nm->nm_name) > 0) {
763	LIST_INSERT_BEFORE(nmsearch, nm, nm_entry);
764	break;
765	}
766	nmlast = nmsearch;
767	}
768	if (nmsearch == NULL) {
769	if (nmlast)
770	LIST_INSERT_AFTER(nmlast, nm, nm_entry);
771	else
772	LIST_INSERT_HEAD(&new, nm, nm_entry);
773	}
774
775	sort_name_list(opts, &nm->nm_sublist);
776	}
777	nmlast = NULL;
778	while ((nm = LIST_FIRST(&new)) != NULL) {
779	LIST_REMOVE(nm, nm_entry);
780	if (nmlast == NULL)
781	LIST_INSERT_HEAD(nml, nm, nm_entry);
782	else
783	LIST_INSERT_AFTER(nmlast, nm, nm_entry);
784	nmlast = nm;
785	}
786	}
787
788	/* parse the next integer in a formatted config file line */
789	int
790	get_int(char *line, size_t len, int var, int mod,
791	const char name, int flags, int max, const char filename, int lineno)
792	{
793	int fieldlen, i;
794	char *field;
795	long val = 0;
796
797	if (mod)
798	*mod = 0;
799	*var = 0;
800
801	field = get_field(line, len, &fieldlen);
802	if (field == NULL)
803	return (1);
804	if (fieldlen == 0) {
805	fprintf(stderr, "%s:%d empty %s\n", filename, lineno, name);
806	return (1);
807	}
808
809	i = 0;
810	if ((field == '%' \|\| field == 'S' \|\| field == 'T' \|\| field == '*')
811	&& fieldlen >= 1) {
812	switch (*field) {
813	case 'S':
814	if (mod && (flags & T_MSS))
815	*mod = T_MSS;
816	if (fieldlen == 1)
817	return (0);
818	break;
819	case 'T':
820	if (mod && (flags & T_MTU))
821	*mod = T_MTU;
822	if (fieldlen == 1)
823	return (0);
824	break;
825	case '*':
826	if (fieldlen != 1) {
827	fprintf(stderr, "%s:%d long '%c' %s\n",
828	filename, lineno, *field, name);
829	return (1);
830	}
831	if (mod && (flags & T_DC)) {
832	*mod = T_DC;
833	return (0);
834	}
835	case '%':
836	if (mod && (flags & T_MOD))
837	*mod = T_MOD;
838	if (fieldlen == 1) {
839	fprintf(stderr, "%s:%d modulus %s must have a "
840	"value\n", filename, lineno, name);
841	return (1);
842	}
843	break;
844	}
845	if (mod == NULL \|\| *mod == 0) {
846	fprintf(stderr, "%s:%d does not allow %c' %s\n",
847	filename, lineno, *field, name);
848	return (1);
849	}
850	i++;
851	}
852
853	for (; i < fieldlen; i++) {
854	if (field[i] < '0' \|\| field[i] > '9') {
855	fprintf(stderr, "%s:%d non-digit character in %s\n",
856	filename, lineno, name);
857	return (1);
858	}
859	val = val * 10 + field[i] - '0';
860	if (val < 0) {
861	fprintf(stderr, "%s:%d %s overflowed\n", filename,
862	lineno, name);
863	return (1);
864	}
865	}
866
867	if (val > max) {
868	fprintf(stderr, "%s:%d %s value %ld > %d\n", filename, lineno,
869	name, val, max);
870	return (1);
871	}
872	*var = (int)val;
873
874	return (0);
875	}
876
877	/* parse the next string in a formatted config file line */
878	int
879	get_str(char *line, size_t len, char *v, const char name, int minlen,
880	const char *filename, int lineno)
881	{
882	int fieldlen;
883	char *ptr;
884
885	ptr = get_field(line, len, &fieldlen);
886	if (ptr == NULL)
887	return (1);
888	if (fieldlen < minlen) {
889	fprintf(stderr, "%s:%d too short %s\n", filename, lineno, name);
890	return (1);
891	}
892	if ((*v = malloc(fieldlen + 1)) == NULL) {
893	perror("malloc()");
894	return (1);
895	}
896	memcpy(*v, ptr, fieldlen);
897	(*v)[fieldlen] = '\0';
898
899	return (0);
900	}
901
902	/* Parse out the TCP opts */
903	int
904	get_tcpopts(const char filename, int lineno, const char tcpopts,
905	pf_tcpopts_t packed, int optcnt, int mss, int mss_mod, int *wscale,
906	int wscale_mod, int ts0)
907	{
908	int i, opt;
909
910	*packed = 0;
911	*optcnt = 0;
912	*wscale = 0;
913	*wscale_mod = T_DC;
914	*mss = 0;
915	*mss_mod = T_DC;
916	*ts0 = 0;
917	if (strcmp(tcpopts, ".") == 0)
918	return (0);
919
920	for (i = 0; tcpopts[i] && *optcnt < PF_OSFP_MAX_OPTS;) {
921	switch ((opt = toupper(tcpopts[i++]))) {
922	case 'N': /* FALLTHROUGH */
923	case 'S':
924	packed = (packed << PF_OSFP_TCPOPT_BITS) \|
925	(opt == 'N' ? PF_OSFP_TCPOPT_NOP :
926	PF_OSFP_TCPOPT_SACK);
927	break;
928	case 'W': /* FALLTHROUGH */
929	case 'M': {
930	int this_mod, this;
931
932	if (opt == 'W') {
933	this = wscale;
934	this_mod = wscale_mod;
935	} else {
936	this = mss;
937	this_mod = mss_mod;
938	}
939	*this = 0;
940	*this_mod = 0;
941
942	packed = (packed << PF_OSFP_TCPOPT_BITS) \|
943	(opt == 'W' ? PF_OSFP_TCPOPT_WSCALE :
944	PF_OSFP_TCPOPT_MSS);
945	if (tcpopts[i] == '*' && (tcpopts[i + 1] == '\0' \|\|
946	tcpopts[i + 1] == ',')) {
947	*this_mod = T_DC;
948	i++;
949	break;
950	}
951
952	if (tcpopts[i] == '%') {
953	*this_mod = T_MOD;
954	i++;
955	}
956	do {
957	if (!isdigit(tcpopts[i])) {
958	fprintf(stderr, "%s:%d unknown "
959	"character '%c' in %c TCP opt\n",
960	filename, lineno, tcpopts[i], opt);
961	return (1);
962	}
963	this = (this * 10) + tcpopts[i++] - '0';
964	} while(tcpopts[i] != ',' && tcpopts[i] != '\0');
965	break;
966	}
967	case 'T':
968	if (tcpopts[i] == '0') {
969	*ts0 = 1;
970	i++;
971	}
972	packed = (packed << PF_OSFP_TCPOPT_BITS) \|
973	PF_OSFP_TCPOPT_TS;
974	break;
975	}
976	(*optcnt) ++;
977	if (tcpopts[i] == '\0')
978	break;
979	if (tcpopts[i] != ',') {
980	fprintf(stderr, "%s:%d unknown option to %c TCP opt\n",
981	filename, lineno, opt);
982	return (1);
983	}
984	i++;
985	}
986
987	return (0);
988	}
989
990	/* rip the next field ouf of a formatted config file line */
991	char *
992	get_field(char *line, size_t len, int *fieldlen)
993	{
994	char ret, ptr = *line;
995	size_t plen = *len;
996
997
998	while (plen && isspace(*ptr)) {
999	plen--;
1000	ptr++;
1001	}
1002	ret = ptr;
1003	*fieldlen = 0;
1004
1005	for (; plen > 0 && *ptr != ':'; plen--, ptr++)
1006	(*fieldlen)++;
1007	if (plen) {
1008	*line = ptr + 1;
1009	*len = plen - 1;
1010	} else {
1011	*len = 0;
1012	}
1013	while (fieldlen && isspace(ret[fieldlen - 1]))
1014	(*fieldlen)--;
1015	return (ret);
1016	}
1017
1018
1019	const char *
1020	print_ioctl(struct pf_osfp_ioctl *fp)
1021	{
1022	#ifndef __rtems__
1023	static char buf[1024];
1024	#else /* __rtems__ */
1025	/* Note on RTEMS port:
1026	* This buffer is static. So normally it would have to be initialized to
1027	* zero every time the program starts. But in this special case it is
1028	* set to zero inside the function. Therefore it is not necessary to
1029	* move it. If it would be moved out of the function, the name would
1030	* have to be changed. This would be a lot of change in this function!
1031	*/
1032	static char buf[1024];
1033	#endif /* __rtems__ */
1034	char tmp[32];
1035	int i, opt;
1036
1037	*buf = '\0';
1038	if (fp->fp_flags & PF_OSFP_WSIZE_DC)
1039	strlcat(buf, "*", sizeof(buf));
1040	else if (fp->fp_flags & PF_OSFP_WSIZE_MSS)
1041	strlcat(buf, "S", sizeof(buf));
1042	else if (fp->fp_flags & PF_OSFP_WSIZE_MTU)
1043	strlcat(buf, "T", sizeof(buf));
1044	else {
1045	if (fp->fp_flags & PF_OSFP_WSIZE_MOD)
1046	strlcat(buf, "%", sizeof(buf));
1047	snprintf(tmp, sizeof(tmp), "%d", fp->fp_wsize);
1048	strlcat(buf, tmp, sizeof(buf));
1049	}
1050	strlcat(buf, ":", sizeof(buf));
1051
1052	snprintf(tmp, sizeof(tmp), "%d", fp->fp_ttl);
1053	strlcat(buf, tmp, sizeof(buf));
1054	strlcat(buf, ":", sizeof(buf));
1055
1056	if (fp->fp_flags & PF_OSFP_DF)
1057	strlcat(buf, "1", sizeof(buf));
1058	else
1059	strlcat(buf, "0", sizeof(buf));
1060	strlcat(buf, ":", sizeof(buf));
1061
1062	if (fp->fp_flags & PF_OSFP_PSIZE_DC)
1063	strlcat(buf, "*", sizeof(buf));
1064	else {
1065	if (fp->fp_flags & PF_OSFP_PSIZE_MOD)
1066	strlcat(buf, "%", sizeof(buf));
1067	snprintf(tmp, sizeof(tmp), "%d", fp->fp_psize);
1068	strlcat(buf, tmp, sizeof(buf));
1069	}
1070	strlcat(buf, ":", sizeof(buf));
1071
1072	if (fp->fp_optcnt == 0)
1073	strlcat(buf, ".", sizeof(buf));
1074	for (i = fp->fp_optcnt - 1; i >= 0; i--) {
1075	opt = fp->fp_tcpopts >> (i * PF_OSFP_TCPOPT_BITS);
1076	opt &= (1 << PF_OSFP_TCPOPT_BITS) - 1;
1077	switch (opt) {
1078	case PF_OSFP_TCPOPT_NOP:
1079	strlcat(buf, "N", sizeof(buf));
1080	break;
1081	case PF_OSFP_TCPOPT_SACK:
1082	strlcat(buf, "S", sizeof(buf));
1083	break;
1084	case PF_OSFP_TCPOPT_TS:
1085	strlcat(buf, "T", sizeof(buf));
1086	if (fp->fp_flags & PF_OSFP_TS0)
1087	strlcat(buf, "0", sizeof(buf));
1088	break;
1089	case PF_OSFP_TCPOPT_MSS:
1090	strlcat(buf, "M", sizeof(buf));
1091	if (fp->fp_flags & PF_OSFP_MSS_DC)
1092	strlcat(buf, "*", sizeof(buf));
1093	else {
1094	if (fp->fp_flags & PF_OSFP_MSS_MOD)
1095	strlcat(buf, "%", sizeof(buf));
1096	snprintf(tmp, sizeof(tmp), "%d", fp->fp_mss);
1097	strlcat(buf, tmp, sizeof(buf));
1098	}
1099	break;
1100	case PF_OSFP_TCPOPT_WSCALE:
1101	strlcat(buf, "W", sizeof(buf));
1102	if (fp->fp_flags & PF_OSFP_WSCALE_DC)
1103	strlcat(buf, "*", sizeof(buf));
1104	else {
1105	if (fp->fp_flags & PF_OSFP_WSCALE_MOD)
1106	strlcat(buf, "%", sizeof(buf));
1107	snprintf(tmp, sizeof(tmp), "%d", fp->fp_wscale);
1108	strlcat(buf, tmp, sizeof(buf));
1109	}
1110	break;
1111	}
1112
1113	if (i != 0)
1114	strlcat(buf, ",", sizeof(buf));
1115	}
1116	strlcat(buf, ":", sizeof(buf));
1117
1118	strlcat(buf, fp->fp_os.fp_class_nm, sizeof(buf));
1119	strlcat(buf, ":", sizeof(buf));
1120	strlcat(buf, fp->fp_os.fp_version_nm, sizeof(buf));
1121	strlcat(buf, ":", sizeof(buf));
1122	strlcat(buf, fp->fp_os.fp_subtype_nm, sizeof(buf));
1123	strlcat(buf, ":", sizeof(buf));
1124
1125	snprintf(tmp, sizeof(tmp), "TcpOpts %d 0x%llx", fp->fp_optcnt,
1126	(long long int)fp->fp_tcpopts);
1127	strlcat(buf, tmp, sizeof(buf));
1128
1129	return (buf);
1130	}
1131	#ifdef __rtems__
1132	#include "pfctl_osfp-data.h"
1133	#endif /* __rtems__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: