1 | #include <machine/rtems-bsd-user-space.h> |
---|
2 | |
---|
3 | /* $OpenBSD: pfctl_osfp.c,v 1.14 2006/04/08 02:13:14 ray Exp $ */ |
---|
4 | |
---|
5 | /* |
---|
6 | * Copyright (c) 2003 Mike Frantzen <frantzen@openbsd.org> |
---|
7 | * |
---|
8 | * Permission to use, copy, modify, and distribute this software for any |
---|
9 | * purpose with or without fee is hereby granted, provided that the above |
---|
10 | * copyright notice and this permission notice appear in all copies. |
---|
11 | * |
---|
12 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
---|
13 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
---|
14 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
---|
15 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
---|
16 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
---|
17 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
---|
18 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
---|
19 | */ |
---|
20 | |
---|
21 | #ifdef __rtems__ |
---|
22 | #include <machine/rtems-bsd-program.h> |
---|
23 | #endif /* __rtems__ */ |
---|
24 | #include <rtems/bsd/sys/types.h> |
---|
25 | #include <sys/ioctl.h> |
---|
26 | #include <sys/socket.h> |
---|
27 | |
---|
28 | #include <net/if.h> |
---|
29 | #include <net/pfvar.h> |
---|
30 | |
---|
31 | #include <netinet/in_systm.h> |
---|
32 | #include <netinet/ip.h> |
---|
33 | #include <netinet/ip6.h> |
---|
34 | |
---|
35 | #include <ctype.h> |
---|
36 | #include <err.h> |
---|
37 | #include <errno.h> |
---|
38 | #include <stdio.h> |
---|
39 | #include <stdlib.h> |
---|
40 | #include <string.h> |
---|
41 | |
---|
42 | #include "pfctl_parser.h" |
---|
43 | #include "pfctl.h" |
---|
44 | |
---|
45 | #ifndef MIN |
---|
46 | # define MIN(a,b) (((a) < (b)) ? (a) : (b)) |
---|
47 | #endif /* MIN */ |
---|
48 | #ifndef MAX |
---|
49 | # define MAX(a,b) (((a) > (b)) ? (a) : (b)) |
---|
50 | #endif /* MAX */ |
---|
51 | |
---|
52 | |
---|
53 | #if 0 |
---|
54 | # define DEBUG(fp, str, v...) \ |
---|
55 | fprintf(stderr, "%s:%s:%s " str "\n", (fp)->fp_os.fp_class_nm, \ |
---|
56 | (fp)->fp_os.fp_version_nm, (fp)->fp_os.fp_subtype_nm , ## v); |
---|
57 | #else |
---|
58 | # define DEBUG(fp, str, v...) ((void)0) |
---|
59 | #endif |
---|
60 | |
---|
61 | |
---|
62 | struct name_entry; |
---|
63 | LIST_HEAD(name_list, name_entry); |
---|
64 | struct name_entry { |
---|
65 | LIST_ENTRY(name_entry) nm_entry; |
---|
66 | int nm_num; |
---|
67 | char nm_name[PF_OSFP_LEN]; |
---|
68 | |
---|
69 | struct name_list nm_sublist; |
---|
70 | int nm_sublist_num; |
---|
71 | }; |
---|
72 | #ifndef __rtems__ |
---|
73 | struct name_list classes = LIST_HEAD_INITIALIZER(&classes); |
---|
74 | int class_count; |
---|
75 | int fingerprint_count; |
---|
76 | #else /* __rtems__ */ |
---|
77 | static struct name_list classes = LIST_HEAD_INITIALIZER(&classes); |
---|
78 | static int class_count; |
---|
79 | static int fingerprint_count; |
---|
80 | #endif /* __rtems__ */ |
---|
81 | |
---|
82 | void add_fingerprint(int, int, struct pf_osfp_ioctl *); |
---|
83 | struct name_entry *fingerprint_name_entry(struct name_list *, char *); |
---|
84 | void pfctl_flush_my_fingerprints(struct name_list *); |
---|
85 | char *get_field(char **, size_t *, int *); |
---|
86 | int get_int(char **, size_t *, int *, int *, const char *, |
---|
87 | int, int, const char *, int); |
---|
88 | int get_str(char **, size_t *, char **, const char *, int, |
---|
89 | const char *, int); |
---|
90 | int get_tcpopts(const char *, int, const char *, |
---|
91 | pf_tcpopts_t *, int *, int *, int *, int *, int *, |
---|
92 | int *); |
---|
93 | void import_fingerprint(struct pf_osfp_ioctl *); |
---|
94 | const char *print_ioctl(struct pf_osfp_ioctl *); |
---|
95 | void print_name_list(int, struct name_list *, const char *); |
---|
96 | void sort_name_list(int, struct name_list *); |
---|
97 | struct name_entry *lookup_name_list(struct name_list *, const char *); |
---|
98 | |
---|
99 | /* Load fingerprints from a file */ |
---|
100 | int |
---|
101 | pfctl_file_fingerprints(int dev, int opts, const char *fp_filename) |
---|
102 | { |
---|
103 | FILE *in; |
---|
104 | char *line; |
---|
105 | size_t len; |
---|
106 | int i, lineno = 0; |
---|
107 | int window, w_mod, ttl, df, psize, p_mod, mss, mss_mod, wscale, |
---|
108 | wscale_mod, optcnt, ts0; |
---|
109 | pf_tcpopts_t packed_tcpopts; |
---|
110 | char *class, *version, *subtype, *desc, *tcpopts; |
---|
111 | struct pf_osfp_ioctl fp; |
---|
112 | |
---|
113 | pfctl_flush_my_fingerprints(&classes); |
---|
114 | |
---|
115 | if ((in = pfctl_fopen(fp_filename, "r")) == NULL) { |
---|
116 | warn("%s", fp_filename); |
---|
117 | return (1); |
---|
118 | } |
---|
119 | class = version = subtype = desc = tcpopts = NULL; |
---|
120 | |
---|
121 | if ((opts & PF_OPT_NOACTION) == 0) |
---|
122 | pfctl_clear_fingerprints(dev, opts); |
---|
123 | |
---|
124 | while ((line = fgetln(in, &len)) != NULL) { |
---|
125 | lineno++; |
---|
126 | if (class) |
---|
127 | free(class); |
---|
128 | if (version) |
---|
129 | free(version); |
---|
130 | if (subtype) |
---|
131 | free(subtype); |
---|
132 | if (desc) |
---|
133 | free(desc); |
---|
134 | if (tcpopts) |
---|
135 | free(tcpopts); |
---|
136 | class = version = subtype = desc = tcpopts = NULL; |
---|
137 | memset(&fp, 0, sizeof(fp)); |
---|
138 | |
---|
139 | /* Chop off comment */ |
---|
140 | for (i = 0; i < len; i++) |
---|
141 | if (line[i] == '#') { |
---|
142 | len = i; |
---|
143 | break; |
---|
144 | } |
---|
145 | /* Chop off whitespace */ |
---|
146 | while (len > 0 && isspace(line[len - 1])) |
---|
147 | len--; |
---|
148 | while (len > 0 && isspace(line[0])) { |
---|
149 | len--; |
---|
150 | line++; |
---|
151 | } |
---|
152 | if (len == 0) |
---|
153 | continue; |
---|
154 | |
---|
155 | #define T_DC 0x01 /* Allow don't care */ |
---|
156 | #define T_MSS 0x02 /* Allow MSS multiple */ |
---|
157 | #define T_MTU 0x04 /* Allow MTU multiple */ |
---|
158 | #define T_MOD 0x08 /* Allow modulus */ |
---|
159 | |
---|
160 | #define GET_INT(v, mod, n, ty, mx) \ |
---|
161 | get_int(&line, &len, &v, mod, n, ty, mx, fp_filename, lineno) |
---|
162 | #define GET_STR(v, n, mn) \ |
---|
163 | get_str(&line, &len, &v, n, mn, fp_filename, lineno) |
---|
164 | |
---|
165 | if (GET_INT(window, &w_mod, "window size", T_DC|T_MSS|T_MTU| |
---|
166 | T_MOD, 0xffff) || |
---|
167 | GET_INT(ttl, NULL, "ttl", 0, 0xff) || |
---|
168 | GET_INT(df, NULL, "don't fragment frag", 0, 1) || |
---|
169 | GET_INT(psize, &p_mod, "overall packet size", T_MOD|T_DC, |
---|
170 | 8192) || |
---|
171 | GET_STR(tcpopts, "TCP Options", 1) || |
---|
172 | GET_STR(class, "OS class", 1) || |
---|
173 | GET_STR(version, "OS version", 0) || |
---|
174 | GET_STR(subtype, "OS subtype", 0) || |
---|
175 | GET_STR(desc, "OS description", 2)) |
---|
176 | continue; |
---|
177 | if (get_tcpopts(fp_filename, lineno, tcpopts, &packed_tcpopts, |
---|
178 | &optcnt, &mss, &mss_mod, &wscale, &wscale_mod, &ts0)) |
---|
179 | continue; |
---|
180 | if (len != 0) { |
---|
181 | fprintf(stderr, "%s:%d excess field\n", fp_filename, |
---|
182 | lineno); |
---|
183 | continue; |
---|
184 | } |
---|
185 | |
---|
186 | fp.fp_ttl = ttl; |
---|
187 | if (df) |
---|
188 | fp.fp_flags |= PF_OSFP_DF; |
---|
189 | switch (w_mod) { |
---|
190 | case 0: |
---|
191 | break; |
---|
192 | case T_DC: |
---|
193 | fp.fp_flags |= PF_OSFP_WSIZE_DC; |
---|
194 | break; |
---|
195 | case T_MSS: |
---|
196 | fp.fp_flags |= PF_OSFP_WSIZE_MSS; |
---|
197 | break; |
---|
198 | case T_MTU: |
---|
199 | fp.fp_flags |= PF_OSFP_WSIZE_MTU; |
---|
200 | break; |
---|
201 | case T_MOD: |
---|
202 | fp.fp_flags |= PF_OSFP_WSIZE_MOD; |
---|
203 | break; |
---|
204 | } |
---|
205 | fp.fp_wsize = window; |
---|
206 | |
---|
207 | switch (p_mod) { |
---|
208 | case T_DC: |
---|
209 | fp.fp_flags |= PF_OSFP_PSIZE_DC; |
---|
210 | break; |
---|
211 | case T_MOD: |
---|
212 | fp.fp_flags |= PF_OSFP_PSIZE_MOD; |
---|
213 | } |
---|
214 | fp.fp_psize = psize; |
---|
215 | |
---|
216 | |
---|
217 | switch (wscale_mod) { |
---|
218 | case T_DC: |
---|
219 | fp.fp_flags |= PF_OSFP_WSCALE_DC; |
---|
220 | break; |
---|
221 | case T_MOD: |
---|
222 | fp.fp_flags |= PF_OSFP_WSCALE_MOD; |
---|
223 | } |
---|
224 | fp.fp_wscale = wscale; |
---|
225 | |
---|
226 | switch (mss_mod) { |
---|
227 | case T_DC: |
---|
228 | fp.fp_flags |= PF_OSFP_MSS_DC; |
---|
229 | break; |
---|
230 | case T_MOD: |
---|
231 | fp.fp_flags |= PF_OSFP_MSS_MOD; |
---|
232 | break; |
---|
233 | } |
---|
234 | fp.fp_mss = mss; |
---|
235 | |
---|
236 | fp.fp_tcpopts = packed_tcpopts; |
---|
237 | fp.fp_optcnt = optcnt; |
---|
238 | if (ts0) |
---|
239 | fp.fp_flags |= PF_OSFP_TS0; |
---|
240 | |
---|
241 | if (class[0] == '@') |
---|
242 | fp.fp_os.fp_enflags |= PF_OSFP_GENERIC; |
---|
243 | if (class[0] == '*') |
---|
244 | fp.fp_os.fp_enflags |= PF_OSFP_NODETAIL; |
---|
245 | |
---|
246 | if (class[0] == '@' || class[0] == '*') |
---|
247 | strlcpy(fp.fp_os.fp_class_nm, class + 1, |
---|
248 | sizeof(fp.fp_os.fp_class_nm)); |
---|
249 | else |
---|
250 | strlcpy(fp.fp_os.fp_class_nm, class, |
---|
251 | sizeof(fp.fp_os.fp_class_nm)); |
---|
252 | strlcpy(fp.fp_os.fp_version_nm, version, |
---|
253 | sizeof(fp.fp_os.fp_version_nm)); |
---|
254 | strlcpy(fp.fp_os.fp_subtype_nm, subtype, |
---|
255 | sizeof(fp.fp_os.fp_subtype_nm)); |
---|
256 | |
---|
257 | add_fingerprint(dev, opts, &fp); |
---|
258 | |
---|
259 | fp.fp_flags |= (PF_OSFP_DF | PF_OSFP_INET6); |
---|
260 | fp.fp_psize += sizeof(struct ip6_hdr) - sizeof(struct ip); |
---|
261 | add_fingerprint(dev, opts, &fp); |
---|
262 | } |
---|
263 | |
---|
264 | if (class) |
---|
265 | free(class); |
---|
266 | if (version) |
---|
267 | free(version); |
---|
268 | if (subtype) |
---|
269 | free(subtype); |
---|
270 | if (desc) |
---|
271 | free(desc); |
---|
272 | if (tcpopts) |
---|
273 | free(tcpopts); |
---|
274 | |
---|
275 | fclose(in); |
---|
276 | |
---|
277 | if (opts & PF_OPT_VERBOSE2) |
---|
278 | printf("Loaded %d passive OS fingerprints\n", |
---|
279 | fingerprint_count); |
---|
280 | return (0); |
---|
281 | } |
---|
282 | |
---|
283 | /* flush the kernel's fingerprints */ |
---|
284 | void |
---|
285 | pfctl_clear_fingerprints(int dev, int opts) |
---|
286 | { |
---|
287 | if (ioctl(dev, DIOCOSFPFLUSH)) |
---|
288 | err(1, "DIOCOSFPFLUSH"); |
---|
289 | } |
---|
290 | |
---|
291 | /* flush pfctl's view of the fingerprints */ |
---|
292 | void |
---|
293 | pfctl_flush_my_fingerprints(struct name_list *list) |
---|
294 | { |
---|
295 | struct name_entry *nm; |
---|
296 | |
---|
297 | while ((nm = LIST_FIRST(list)) != NULL) { |
---|
298 | LIST_REMOVE(nm, nm_entry); |
---|
299 | pfctl_flush_my_fingerprints(&nm->nm_sublist); |
---|
300 | free(nm); |
---|
301 | } |
---|
302 | fingerprint_count = 0; |
---|
303 | class_count = 0; |
---|
304 | } |
---|
305 | |
---|
306 | /* Fetch the active fingerprints from the kernel */ |
---|
307 | int |
---|
308 | pfctl_load_fingerprints(int dev, int opts) |
---|
309 | { |
---|
310 | struct pf_osfp_ioctl io; |
---|
311 | int i; |
---|
312 | |
---|
313 | pfctl_flush_my_fingerprints(&classes); |
---|
314 | |
---|
315 | for (i = 0; i >= 0; i++) { |
---|
316 | memset(&io, 0, sizeof(io)); |
---|
317 | io.fp_getnum = i; |
---|
318 | if (ioctl(dev, DIOCOSFPGET, &io)) { |
---|
319 | if (errno == EBUSY) |
---|
320 | break; |
---|
321 | warn("DIOCOSFPGET"); |
---|
322 | return (1); |
---|
323 | } |
---|
324 | import_fingerprint(&io); |
---|
325 | } |
---|
326 | return (0); |
---|
327 | } |
---|
328 | |
---|
329 | /* List the fingerprints */ |
---|
330 | void |
---|
331 | pfctl_show_fingerprints(int opts) |
---|
332 | { |
---|
333 | if (LIST_FIRST(&classes) != NULL) { |
---|
334 | if (opts & PF_OPT_SHOWALL) { |
---|
335 | pfctl_print_title("OS FINGERPRINTS:"); |
---|
336 | printf("%u fingerprints loaded\n", fingerprint_count); |
---|
337 | } else { |
---|
338 | printf("Class\tVersion\tSubtype(subversion)\n"); |
---|
339 | printf("-----\t-------\t-------------------\n"); |
---|
340 | sort_name_list(opts, &classes); |
---|
341 | print_name_list(opts, &classes, ""); |
---|
342 | } |
---|
343 | } |
---|
344 | } |
---|
345 | |
---|
346 | /* Lookup a fingerprint */ |
---|
347 | pf_osfp_t |
---|
348 | pfctl_get_fingerprint(const char *name) |
---|
349 | { |
---|
350 | struct name_entry *nm, *class_nm, *version_nm, *subtype_nm; |
---|
351 | pf_osfp_t ret = PF_OSFP_NOMATCH; |
---|
352 | int class, version, subtype; |
---|
353 | int unp_class, unp_version, unp_subtype; |
---|
354 | int wr_len, version_len, subtype_len; |
---|
355 | char *ptr, *wr_name; |
---|
356 | |
---|
357 | if (strcasecmp(name, "unknown") == 0) |
---|
358 | return (PF_OSFP_UNKNOWN); |
---|
359 | |
---|
360 | /* Try most likely no version and no subtype */ |
---|
361 | if ((nm = lookup_name_list(&classes, name))) { |
---|
362 | class = nm->nm_num; |
---|
363 | version = PF_OSFP_ANY; |
---|
364 | subtype = PF_OSFP_ANY; |
---|
365 | goto found; |
---|
366 | } else { |
---|
367 | |
---|
368 | /* Chop it up into class/version/subtype */ |
---|
369 | |
---|
370 | if ((wr_name = strdup(name)) == NULL) |
---|
371 | err(1, "malloc"); |
---|
372 | if ((ptr = strchr(wr_name, ' ')) == NULL) { |
---|
373 | free(wr_name); |
---|
374 | return (PF_OSFP_NOMATCH); |
---|
375 | } |
---|
376 | *ptr++ = '\0'; |
---|
377 | |
---|
378 | /* The class is easy to find since it is delimited by a space */ |
---|
379 | if ((class_nm = lookup_name_list(&classes, wr_name)) == NULL) { |
---|
380 | free(wr_name); |
---|
381 | return (PF_OSFP_NOMATCH); |
---|
382 | } |
---|
383 | class = class_nm->nm_num; |
---|
384 | |
---|
385 | /* Try no subtype */ |
---|
386 | if ((version_nm = lookup_name_list(&class_nm->nm_sublist, ptr))) |
---|
387 | { |
---|
388 | version = version_nm->nm_num; |
---|
389 | subtype = PF_OSFP_ANY; |
---|
390 | free(wr_name); |
---|
391 | goto found; |
---|
392 | } |
---|
393 | |
---|
394 | |
---|
395 | /* |
---|
396 | * There must be a version and a subtype. |
---|
397 | * We'll do some fuzzy matching to pick up things like: |
---|
398 | * Linux 2.2.14 (version=2.2 subtype=14) |
---|
399 | * FreeBSD 4.0-STABLE (version=4.0 subtype=STABLE) |
---|
400 | * Windows 2000 SP2 (version=2000 subtype=SP2) |
---|
401 | */ |
---|
402 | #define CONNECTOR(x) ((x) == '.' || (x) == ' ' || (x) == '\t' || (x) == '-') |
---|
403 | wr_len = strlen(ptr); |
---|
404 | LIST_FOREACH(version_nm, &class_nm->nm_sublist, nm_entry) { |
---|
405 | version_len = strlen(version_nm->nm_name); |
---|
406 | if (wr_len < version_len + 2 || |
---|
407 | !CONNECTOR(ptr[version_len])) |
---|
408 | continue; |
---|
409 | /* first part of the string must be version */ |
---|
410 | if (strncasecmp(ptr, version_nm->nm_name, |
---|
411 | version_len)) |
---|
412 | continue; |
---|
413 | |
---|
414 | LIST_FOREACH(subtype_nm, &version_nm->nm_sublist, |
---|
415 | nm_entry) { |
---|
416 | subtype_len = strlen(subtype_nm->nm_name); |
---|
417 | if (wr_len != version_len + subtype_len + 1) |
---|
418 | continue; |
---|
419 | |
---|
420 | /* last part of the string must be subtype */ |
---|
421 | if (strcasecmp(&ptr[version_len+1], |
---|
422 | subtype_nm->nm_name) != 0) |
---|
423 | continue; |
---|
424 | |
---|
425 | /* Found it!! */ |
---|
426 | version = version_nm->nm_num; |
---|
427 | subtype = subtype_nm->nm_num; |
---|
428 | free(wr_name); |
---|
429 | goto found; |
---|
430 | } |
---|
431 | } |
---|
432 | |
---|
433 | free(wr_name); |
---|
434 | return (PF_OSFP_NOMATCH); |
---|
435 | } |
---|
436 | |
---|
437 | found: |
---|
438 | PF_OSFP_PACK(ret, class, version, subtype); |
---|
439 | if (ret != PF_OSFP_NOMATCH) { |
---|
440 | PF_OSFP_UNPACK(ret, unp_class, unp_version, unp_subtype); |
---|
441 | if (class != unp_class) { |
---|
442 | fprintf(stderr, "warning: fingerprint table overflowed " |
---|
443 | "classes\n"); |
---|
444 | return (PF_OSFP_NOMATCH); |
---|
445 | } |
---|
446 | if (version != unp_version) { |
---|
447 | fprintf(stderr, "warning: fingerprint table overflowed " |
---|
448 | "versions\n"); |
---|
449 | return (PF_OSFP_NOMATCH); |
---|
450 | } |
---|
451 | if (subtype != unp_subtype) { |
---|
452 | fprintf(stderr, "warning: fingerprint table overflowed " |
---|
453 | "subtypes\n"); |
---|
454 | return (PF_OSFP_NOMATCH); |
---|
455 | } |
---|
456 | } |
---|
457 | if (ret == PF_OSFP_ANY) { |
---|
458 | /* should never happen */ |
---|
459 | fprintf(stderr, "warning: fingerprint packed to 'any'\n"); |
---|
460 | return (PF_OSFP_NOMATCH); |
---|
461 | } |
---|
462 | |
---|
463 | return (ret); |
---|
464 | } |
---|
465 | |
---|
466 | /* Lookup a fingerprint name by ID */ |
---|
467 | char * |
---|
468 | pfctl_lookup_fingerprint(pf_osfp_t fp, char *buf, size_t len) |
---|
469 | { |
---|
470 | int class, version, subtype; |
---|
471 | struct name_list *list; |
---|
472 | struct name_entry *nm; |
---|
473 | |
---|
474 | char *class_name, *version_name, *subtype_name; |
---|
475 | class_name = version_name = subtype_name = NULL; |
---|
476 | |
---|
477 | if (fp == PF_OSFP_UNKNOWN) { |
---|
478 | strlcpy(buf, "unknown", len); |
---|
479 | return (buf); |
---|
480 | } |
---|
481 | if (fp == PF_OSFP_ANY) { |
---|
482 | strlcpy(buf, "any", len); |
---|
483 | return (buf); |
---|
484 | } |
---|
485 | |
---|
486 | PF_OSFP_UNPACK(fp, class, version, subtype); |
---|
487 | if (class >= (1 << _FP_CLASS_BITS) || |
---|
488 | version >= (1 << _FP_VERSION_BITS) || |
---|
489 | subtype >= (1 << _FP_SUBTYPE_BITS)) { |
---|
490 | warnx("PF_OSFP_UNPACK(0x%x) failed!!", fp); |
---|
491 | strlcpy(buf, "nomatch", len); |
---|
492 | return (buf); |
---|
493 | } |
---|
494 | |
---|
495 | LIST_FOREACH(nm, &classes, nm_entry) { |
---|
496 | if (nm->nm_num == class) { |
---|
497 | class_name = nm->nm_name; |
---|
498 | if (version == PF_OSFP_ANY) |
---|
499 | goto found; |
---|
500 | list = &nm->nm_sublist; |
---|
501 | LIST_FOREACH(nm, list, nm_entry) { |
---|
502 | if (nm->nm_num == version) { |
---|
503 | version_name = nm->nm_name; |
---|
504 | if (subtype == PF_OSFP_ANY) |
---|
505 | goto found; |
---|
506 | list = &nm->nm_sublist; |
---|
507 | LIST_FOREACH(nm, list, nm_entry) { |
---|
508 | if (nm->nm_num == subtype) { |
---|
509 | subtype_name = |
---|
510 | nm->nm_name; |
---|
511 | goto found; |
---|
512 | } |
---|
513 | } /* foreach subtype */ |
---|
514 | strlcpy(buf, "nomatch", len); |
---|
515 | return (buf); |
---|
516 | } |
---|
517 | } /* foreach version */ |
---|
518 | strlcpy(buf, "nomatch", len); |
---|
519 | return (buf); |
---|
520 | } |
---|
521 | } /* foreach class */ |
---|
522 | |
---|
523 | strlcpy(buf, "nomatch", len); |
---|
524 | return (buf); |
---|
525 | |
---|
526 | found: |
---|
527 | snprintf(buf, len, "%s", class_name); |
---|
528 | if (version_name) { |
---|
529 | strlcat(buf, " ", len); |
---|
530 | strlcat(buf, version_name, len); |
---|
531 | if (subtype_name) { |
---|
532 | if (strchr(version_name, ' ')) |
---|
533 | strlcat(buf, " ", len); |
---|
534 | else if (strchr(version_name, '.') && |
---|
535 | isdigit(*subtype_name)) |
---|
536 | strlcat(buf, ".", len); |
---|
537 | else |
---|
538 | strlcat(buf, " ", len); |
---|
539 | strlcat(buf, subtype_name, len); |
---|
540 | } |
---|
541 | } |
---|
542 | return (buf); |
---|
543 | } |
---|
544 | |
---|
545 | /* lookup a name in a list */ |
---|
546 | struct name_entry * |
---|
547 | lookup_name_list(struct name_list *list, const char *name) |
---|
548 | { |
---|
549 | struct name_entry *nm; |
---|
550 | LIST_FOREACH(nm, list, nm_entry) |
---|
551 | if (strcasecmp(name, nm->nm_name) == 0) |
---|
552 | return (nm); |
---|
553 | |
---|
554 | return (NULL); |
---|
555 | } |
---|
556 | |
---|
557 | |
---|
558 | void |
---|
559 | add_fingerprint(int dev, int opts, struct pf_osfp_ioctl *fp) |
---|
560 | { |
---|
561 | struct pf_osfp_ioctl fptmp; |
---|
562 | struct name_entry *nm_class, *nm_version, *nm_subtype; |
---|
563 | int class, version, subtype; |
---|
564 | |
---|
565 | /* We expand #-# or #.#-#.# version/subtypes into multiple fingerprints */ |
---|
566 | #define EXPAND(field) do { \ |
---|
567 | int _dot = -1, _start = -1, _end = -1, _i = 0; \ |
---|
568 | /* pick major version out of #.# */ \ |
---|
569 | if (isdigit(fp->field[_i]) && fp->field[_i+1] == '.') { \ |
---|
570 | _dot = fp->field[_i] - '0'; \ |
---|
571 | _i += 2; \ |
---|
572 | } \ |
---|
573 | if (isdigit(fp->field[_i])) \ |
---|
574 | _start = fp->field[_i++] - '0'; \ |
---|
575 | else \ |
---|
576 | break; \ |
---|
577 | if (isdigit(fp->field[_i])) \ |
---|
578 | _start = (_start * 10) + fp->field[_i++] - '0'; \ |
---|
579 | if (fp->field[_i++] != '-') \ |
---|
580 | break; \ |
---|
581 | if (isdigit(fp->field[_i]) && fp->field[_i+1] == '.' && \ |
---|
582 | fp->field[_i] - '0' == _dot) \ |
---|
583 | _i += 2; \ |
---|
584 | else if (_dot != -1) \ |
---|
585 | break; \ |
---|
586 | if (isdigit(fp->field[_i])) \ |
---|
587 | _end = fp->field[_i++] - '0'; \ |
---|
588 | else \ |
---|
589 | break; \ |
---|
590 | if (isdigit(fp->field[_i])) \ |
---|
591 | _end = (_end * 10) + fp->field[_i++] - '0'; \ |
---|
592 | if (isdigit(fp->field[_i])) \ |
---|
593 | _end = (_end * 10) + fp->field[_i++] - '0'; \ |
---|
594 | if (fp->field[_i] != '\0') \ |
---|
595 | break; \ |
---|
596 | memcpy(&fptmp, fp, sizeof(fptmp)); \ |
---|
597 | for (;_start <= _end; _start++) { \ |
---|
598 | memset(fptmp.field, 0, sizeof(fptmp.field)); \ |
---|
599 | fptmp.fp_os.fp_enflags |= PF_OSFP_EXPANDED; \ |
---|
600 | if (_dot == -1) \ |
---|
601 | snprintf(fptmp.field, sizeof(fptmp.field), \ |
---|
602 | "%d", _start); \ |
---|
603 | else \ |
---|
604 | snprintf(fptmp.field, sizeof(fptmp.field), \ |
---|
605 | "%d.%d", _dot, _start); \ |
---|
606 | add_fingerprint(dev, opts, &fptmp); \ |
---|
607 | } \ |
---|
608 | } while(0) |
---|
609 | |
---|
610 | /* We allow "#-#" as a version or subtype and we'll expand it */ |
---|
611 | EXPAND(fp_os.fp_version_nm); |
---|
612 | EXPAND(fp_os.fp_subtype_nm); |
---|
613 | |
---|
614 | if (strcasecmp(fp->fp_os.fp_class_nm, "nomatch") == 0) |
---|
615 | errx(1, "fingerprint class \"nomatch\" is reserved"); |
---|
616 | |
---|
617 | version = PF_OSFP_ANY; |
---|
618 | subtype = PF_OSFP_ANY; |
---|
619 | |
---|
620 | nm_class = fingerprint_name_entry(&classes, fp->fp_os.fp_class_nm); |
---|
621 | if (nm_class->nm_num == 0) |
---|
622 | nm_class->nm_num = ++class_count; |
---|
623 | class = nm_class->nm_num; |
---|
624 | |
---|
625 | nm_version = fingerprint_name_entry(&nm_class->nm_sublist, |
---|
626 | fp->fp_os.fp_version_nm); |
---|
627 | if (nm_version) { |
---|
628 | if (nm_version->nm_num == 0) |
---|
629 | nm_version->nm_num = ++nm_class->nm_sublist_num; |
---|
630 | version = nm_version->nm_num; |
---|
631 | nm_subtype = fingerprint_name_entry(&nm_version->nm_sublist, |
---|
632 | fp->fp_os.fp_subtype_nm); |
---|
633 | if (nm_subtype) { |
---|
634 | if (nm_subtype->nm_num == 0) |
---|
635 | nm_subtype->nm_num = |
---|
636 | ++nm_version->nm_sublist_num; |
---|
637 | subtype = nm_subtype->nm_num; |
---|
638 | } |
---|
639 | } |
---|
640 | |
---|
641 | |
---|
642 | DEBUG(fp, "\tsignature %d:%d:%d %s", class, version, subtype, |
---|
643 | print_ioctl(fp)); |
---|
644 | |
---|
645 | PF_OSFP_PACK(fp->fp_os.fp_os, class, version, subtype); |
---|
646 | fingerprint_count++; |
---|
647 | |
---|
648 | #ifdef FAKE_PF_KERNEL |
---|
649 | /* Linked to the sys/net/pf_osfp.c. Call pf_osfp_add() */ |
---|
650 | if ((errno = pf_osfp_add(fp))) |
---|
651 | #else |
---|
652 | if ((opts & PF_OPT_NOACTION) == 0 && ioctl(dev, DIOCOSFPADD, fp)) |
---|
653 | #endif /* FAKE_PF_KERNEL */ |
---|
654 | { |
---|
655 | if (errno == EEXIST) { |
---|
656 | warn("Duplicate signature for %s %s %s", |
---|
657 | fp->fp_os.fp_class_nm, |
---|
658 | fp->fp_os.fp_version_nm, |
---|
659 | fp->fp_os.fp_subtype_nm); |
---|
660 | |
---|
661 | } else { |
---|
662 | err(1, "DIOCOSFPADD"); |
---|
663 | } |
---|
664 | } |
---|
665 | } |
---|
666 | |
---|
667 | /* import a fingerprint from the kernel */ |
---|
668 | void |
---|
669 | import_fingerprint(struct pf_osfp_ioctl *fp) |
---|
670 | { |
---|
671 | struct name_entry *nm_class, *nm_version, *nm_subtype; |
---|
672 | int class, version, subtype; |
---|
673 | |
---|
674 | PF_OSFP_UNPACK(fp->fp_os.fp_os, class, version, subtype); |
---|
675 | |
---|
676 | nm_class = fingerprint_name_entry(&classes, fp->fp_os.fp_class_nm); |
---|
677 | if (nm_class->nm_num == 0) { |
---|
678 | nm_class->nm_num = class; |
---|
679 | class_count = MAX(class_count, class); |
---|
680 | } |
---|
681 | |
---|
682 | nm_version = fingerprint_name_entry(&nm_class->nm_sublist, |
---|
683 | fp->fp_os.fp_version_nm); |
---|
684 | if (nm_version) { |
---|
685 | if (nm_version->nm_num == 0) { |
---|
686 | nm_version->nm_num = version; |
---|
687 | nm_class->nm_sublist_num = MAX(nm_class->nm_sublist_num, |
---|
688 | version); |
---|
689 | } |
---|
690 | nm_subtype = fingerprint_name_entry(&nm_version->nm_sublist, |
---|
691 | fp->fp_os.fp_subtype_nm); |
---|
692 | if (nm_subtype) { |
---|
693 | if (nm_subtype->nm_num == 0) { |
---|
694 | nm_subtype->nm_num = subtype; |
---|
695 | nm_version->nm_sublist_num = |
---|
696 | MAX(nm_version->nm_sublist_num, subtype); |
---|
697 | } |
---|
698 | } |
---|
699 | } |
---|
700 | |
---|
701 | |
---|
702 | fingerprint_count++; |
---|
703 | DEBUG(fp, "import signature %d:%d:%d", class, version, subtype); |
---|
704 | } |
---|
705 | |
---|
706 | /* Find an entry for a fingerprints class/version/subtype */ |
---|
707 | struct name_entry * |
---|
708 | fingerprint_name_entry(struct name_list *list, char *name) |
---|
709 | { |
---|
710 | struct name_entry *nm_entry; |
---|
711 | |
---|
712 | if (name == NULL || strlen(name) == 0) |
---|
713 | return (NULL); |
---|
714 | |
---|
715 | LIST_FOREACH(nm_entry, list, nm_entry) { |
---|
716 | if (strcasecmp(nm_entry->nm_name, name) == 0) { |
---|
717 | /* We'll move this to the front of the list later */ |
---|
718 | LIST_REMOVE(nm_entry, nm_entry); |
---|
719 | break; |
---|
720 | } |
---|
721 | } |
---|
722 | if (nm_entry == NULL) { |
---|
723 | nm_entry = calloc(1, sizeof(*nm_entry)); |
---|
724 | if (nm_entry == NULL) |
---|
725 | err(1, "calloc"); |
---|
726 | LIST_INIT(&nm_entry->nm_sublist); |
---|
727 | strlcpy(nm_entry->nm_name, name, sizeof(nm_entry->nm_name)); |
---|
728 | } |
---|
729 | LIST_INSERT_HEAD(list, nm_entry, nm_entry); |
---|
730 | return (nm_entry); |
---|
731 | } |
---|
732 | |
---|
733 | |
---|
734 | void |
---|
735 | print_name_list(int opts, struct name_list *nml, const char *prefix) |
---|
736 | { |
---|
737 | char newprefix[32]; |
---|
738 | struct name_entry *nm; |
---|
739 | |
---|
740 | LIST_FOREACH(nm, nml, nm_entry) { |
---|
741 | snprintf(newprefix, sizeof(newprefix), "%s%s\t", prefix, |
---|
742 | nm->nm_name); |
---|
743 | printf("%s\n", newprefix); |
---|
744 | print_name_list(opts, &nm->nm_sublist, newprefix); |
---|
745 | } |
---|
746 | } |
---|
747 | |
---|
748 | void |
---|
749 | sort_name_list(int opts, struct name_list *nml) |
---|
750 | { |
---|
751 | struct name_list new; |
---|
752 | struct name_entry *nm, *nmsearch, *nmlast; |
---|
753 | |
---|
754 | /* yes yes, it's a very slow sort. so sue me */ |
---|
755 | |
---|
756 | LIST_INIT(&new); |
---|
757 | |
---|
758 | while ((nm = LIST_FIRST(nml)) != NULL) { |
---|
759 | LIST_REMOVE(nm, nm_entry); |
---|
760 | nmlast = NULL; |
---|
761 | LIST_FOREACH(nmsearch, &new, nm_entry) { |
---|
762 | if (strcasecmp(nmsearch->nm_name, nm->nm_name) > 0) { |
---|
763 | LIST_INSERT_BEFORE(nmsearch, nm, nm_entry); |
---|
764 | break; |
---|
765 | } |
---|
766 | nmlast = nmsearch; |
---|
767 | } |
---|
768 | if (nmsearch == NULL) { |
---|
769 | if (nmlast) |
---|
770 | LIST_INSERT_AFTER(nmlast, nm, nm_entry); |
---|
771 | else |
---|
772 | LIST_INSERT_HEAD(&new, nm, nm_entry); |
---|
773 | } |
---|
774 | |
---|
775 | sort_name_list(opts, &nm->nm_sublist); |
---|
776 | } |
---|
777 | nmlast = NULL; |
---|
778 | while ((nm = LIST_FIRST(&new)) != NULL) { |
---|
779 | LIST_REMOVE(nm, nm_entry); |
---|
780 | if (nmlast == NULL) |
---|
781 | LIST_INSERT_HEAD(nml, nm, nm_entry); |
---|
782 | else |
---|
783 | LIST_INSERT_AFTER(nmlast, nm, nm_entry); |
---|
784 | nmlast = nm; |
---|
785 | } |
---|
786 | } |
---|
787 | |
---|
788 | /* parse the next integer in a formatted config file line */ |
---|
789 | int |
---|
790 | get_int(char **line, size_t *len, int *var, int *mod, |
---|
791 | const char *name, int flags, int max, const char *filename, int lineno) |
---|
792 | { |
---|
793 | int fieldlen, i; |
---|
794 | char *field; |
---|
795 | long val = 0; |
---|
796 | |
---|
797 | if (mod) |
---|
798 | *mod = 0; |
---|
799 | *var = 0; |
---|
800 | |
---|
801 | field = get_field(line, len, &fieldlen); |
---|
802 | if (field == NULL) |
---|
803 | return (1); |
---|
804 | if (fieldlen == 0) { |
---|
805 | fprintf(stderr, "%s:%d empty %s\n", filename, lineno, name); |
---|
806 | return (1); |
---|
807 | } |
---|
808 | |
---|
809 | i = 0; |
---|
810 | if ((*field == '%' || *field == 'S' || *field == 'T' || *field == '*') |
---|
811 | && fieldlen >= 1) { |
---|
812 | switch (*field) { |
---|
813 | case 'S': |
---|
814 | if (mod && (flags & T_MSS)) |
---|
815 | *mod = T_MSS; |
---|
816 | if (fieldlen == 1) |
---|
817 | return (0); |
---|
818 | break; |
---|
819 | case 'T': |
---|
820 | if (mod && (flags & T_MTU)) |
---|
821 | *mod = T_MTU; |
---|
822 | if (fieldlen == 1) |
---|
823 | return (0); |
---|
824 | break; |
---|
825 | case '*': |
---|
826 | if (fieldlen != 1) { |
---|
827 | fprintf(stderr, "%s:%d long '%c' %s\n", |
---|
828 | filename, lineno, *field, name); |
---|
829 | return (1); |
---|
830 | } |
---|
831 | if (mod && (flags & T_DC)) { |
---|
832 | *mod = T_DC; |
---|
833 | return (0); |
---|
834 | } |
---|
835 | case '%': |
---|
836 | if (mod && (flags & T_MOD)) |
---|
837 | *mod = T_MOD; |
---|
838 | if (fieldlen == 1) { |
---|
839 | fprintf(stderr, "%s:%d modulus %s must have a " |
---|
840 | "value\n", filename, lineno, name); |
---|
841 | return (1); |
---|
842 | } |
---|
843 | break; |
---|
844 | } |
---|
845 | if (mod == NULL || *mod == 0) { |
---|
846 | fprintf(stderr, "%s:%d does not allow %c' %s\n", |
---|
847 | filename, lineno, *field, name); |
---|
848 | return (1); |
---|
849 | } |
---|
850 | i++; |
---|
851 | } |
---|
852 | |
---|
853 | for (; i < fieldlen; i++) { |
---|
854 | if (field[i] < '0' || field[i] > '9') { |
---|
855 | fprintf(stderr, "%s:%d non-digit character in %s\n", |
---|
856 | filename, lineno, name); |
---|
857 | return (1); |
---|
858 | } |
---|
859 | val = val * 10 + field[i] - '0'; |
---|
860 | if (val < 0) { |
---|
861 | fprintf(stderr, "%s:%d %s overflowed\n", filename, |
---|
862 | lineno, name); |
---|
863 | return (1); |
---|
864 | } |
---|
865 | } |
---|
866 | |
---|
867 | if (val > max) { |
---|
868 | fprintf(stderr, "%s:%d %s value %ld > %d\n", filename, lineno, |
---|
869 | name, val, max); |
---|
870 | return (1); |
---|
871 | } |
---|
872 | *var = (int)val; |
---|
873 | |
---|
874 | return (0); |
---|
875 | } |
---|
876 | |
---|
877 | /* parse the next string in a formatted config file line */ |
---|
878 | int |
---|
879 | get_str(char **line, size_t *len, char **v, const char *name, int minlen, |
---|
880 | const char *filename, int lineno) |
---|
881 | { |
---|
882 | int fieldlen; |
---|
883 | char *ptr; |
---|
884 | |
---|
885 | ptr = get_field(line, len, &fieldlen); |
---|
886 | if (ptr == NULL) |
---|
887 | return (1); |
---|
888 | if (fieldlen < minlen) { |
---|
889 | fprintf(stderr, "%s:%d too short %s\n", filename, lineno, name); |
---|
890 | return (1); |
---|
891 | } |
---|
892 | if ((*v = malloc(fieldlen + 1)) == NULL) { |
---|
893 | perror("malloc()"); |
---|
894 | return (1); |
---|
895 | } |
---|
896 | memcpy(*v, ptr, fieldlen); |
---|
897 | (*v)[fieldlen] = '\0'; |
---|
898 | |
---|
899 | return (0); |
---|
900 | } |
---|
901 | |
---|
902 | /* Parse out the TCP opts */ |
---|
903 | int |
---|
904 | get_tcpopts(const char *filename, int lineno, const char *tcpopts, |
---|
905 | pf_tcpopts_t *packed, int *optcnt, int *mss, int *mss_mod, int *wscale, |
---|
906 | int *wscale_mod, int *ts0) |
---|
907 | { |
---|
908 | int i, opt; |
---|
909 | |
---|
910 | *packed = 0; |
---|
911 | *optcnt = 0; |
---|
912 | *wscale = 0; |
---|
913 | *wscale_mod = T_DC; |
---|
914 | *mss = 0; |
---|
915 | *mss_mod = T_DC; |
---|
916 | *ts0 = 0; |
---|
917 | if (strcmp(tcpopts, ".") == 0) |
---|
918 | return (0); |
---|
919 | |
---|
920 | for (i = 0; tcpopts[i] && *optcnt < PF_OSFP_MAX_OPTS;) { |
---|
921 | switch ((opt = toupper(tcpopts[i++]))) { |
---|
922 | case 'N': /* FALLTHROUGH */ |
---|
923 | case 'S': |
---|
924 | *packed = (*packed << PF_OSFP_TCPOPT_BITS) | |
---|
925 | (opt == 'N' ? PF_OSFP_TCPOPT_NOP : |
---|
926 | PF_OSFP_TCPOPT_SACK); |
---|
927 | break; |
---|
928 | case 'W': /* FALLTHROUGH */ |
---|
929 | case 'M': { |
---|
930 | int *this_mod, *this; |
---|
931 | |
---|
932 | if (opt == 'W') { |
---|
933 | this = wscale; |
---|
934 | this_mod = wscale_mod; |
---|
935 | } else { |
---|
936 | this = mss; |
---|
937 | this_mod = mss_mod; |
---|
938 | } |
---|
939 | *this = 0; |
---|
940 | *this_mod = 0; |
---|
941 | |
---|
942 | *packed = (*packed << PF_OSFP_TCPOPT_BITS) | |
---|
943 | (opt == 'W' ? PF_OSFP_TCPOPT_WSCALE : |
---|
944 | PF_OSFP_TCPOPT_MSS); |
---|
945 | if (tcpopts[i] == '*' && (tcpopts[i + 1] == '\0' || |
---|
946 | tcpopts[i + 1] == ',')) { |
---|
947 | *this_mod = T_DC; |
---|
948 | i++; |
---|
949 | break; |
---|
950 | } |
---|
951 | |
---|
952 | if (tcpopts[i] == '%') { |
---|
953 | *this_mod = T_MOD; |
---|
954 | i++; |
---|
955 | } |
---|
956 | do { |
---|
957 | if (!isdigit(tcpopts[i])) { |
---|
958 | fprintf(stderr, "%s:%d unknown " |
---|
959 | "character '%c' in %c TCP opt\n", |
---|
960 | filename, lineno, tcpopts[i], opt); |
---|
961 | return (1); |
---|
962 | } |
---|
963 | *this = (*this * 10) + tcpopts[i++] - '0'; |
---|
964 | } while(tcpopts[i] != ',' && tcpopts[i] != '\0'); |
---|
965 | break; |
---|
966 | } |
---|
967 | case 'T': |
---|
968 | if (tcpopts[i] == '0') { |
---|
969 | *ts0 = 1; |
---|
970 | i++; |
---|
971 | } |
---|
972 | *packed = (*packed << PF_OSFP_TCPOPT_BITS) | |
---|
973 | PF_OSFP_TCPOPT_TS; |
---|
974 | break; |
---|
975 | } |
---|
976 | (*optcnt) ++; |
---|
977 | if (tcpopts[i] == '\0') |
---|
978 | break; |
---|
979 | if (tcpopts[i] != ',') { |
---|
980 | fprintf(stderr, "%s:%d unknown option to %c TCP opt\n", |
---|
981 | filename, lineno, opt); |
---|
982 | return (1); |
---|
983 | } |
---|
984 | i++; |
---|
985 | } |
---|
986 | |
---|
987 | return (0); |
---|
988 | } |
---|
989 | |
---|
990 | /* rip the next field ouf of a formatted config file line */ |
---|
991 | char * |
---|
992 | get_field(char **line, size_t *len, int *fieldlen) |
---|
993 | { |
---|
994 | char *ret, *ptr = *line; |
---|
995 | size_t plen = *len; |
---|
996 | |
---|
997 | |
---|
998 | while (plen && isspace(*ptr)) { |
---|
999 | plen--; |
---|
1000 | ptr++; |
---|
1001 | } |
---|
1002 | ret = ptr; |
---|
1003 | *fieldlen = 0; |
---|
1004 | |
---|
1005 | for (; plen > 0 && *ptr != ':'; plen--, ptr++) |
---|
1006 | (*fieldlen)++; |
---|
1007 | if (plen) { |
---|
1008 | *line = ptr + 1; |
---|
1009 | *len = plen - 1; |
---|
1010 | } else { |
---|
1011 | *len = 0; |
---|
1012 | } |
---|
1013 | while (*fieldlen && isspace(ret[*fieldlen - 1])) |
---|
1014 | (*fieldlen)--; |
---|
1015 | return (ret); |
---|
1016 | } |
---|
1017 | |
---|
1018 | |
---|
1019 | const char * |
---|
1020 | print_ioctl(struct pf_osfp_ioctl *fp) |
---|
1021 | { |
---|
1022 | #ifndef __rtems__ |
---|
1023 | static char buf[1024]; |
---|
1024 | #else /* __rtems__ */ |
---|
1025 | /* Note on RTEMS port: |
---|
1026 | * This buffer is static. So normally it would have to be initialized to |
---|
1027 | * zero every time the program starts. But in this special case it is |
---|
1028 | * set to zero inside the function. Therefore it is not necessary to |
---|
1029 | * move it. If it would be moved out of the function, the name would |
---|
1030 | * have to be changed. This would be a lot of change in this function! |
---|
1031 | */ |
---|
1032 | static char buf[1024]; |
---|
1033 | #endif /* __rtems__ */ |
---|
1034 | char tmp[32]; |
---|
1035 | int i, opt; |
---|
1036 | |
---|
1037 | *buf = '\0'; |
---|
1038 | if (fp->fp_flags & PF_OSFP_WSIZE_DC) |
---|
1039 | strlcat(buf, "*", sizeof(buf)); |
---|
1040 | else if (fp->fp_flags & PF_OSFP_WSIZE_MSS) |
---|
1041 | strlcat(buf, "S", sizeof(buf)); |
---|
1042 | else if (fp->fp_flags & PF_OSFP_WSIZE_MTU) |
---|
1043 | strlcat(buf, "T", sizeof(buf)); |
---|
1044 | else { |
---|
1045 | if (fp->fp_flags & PF_OSFP_WSIZE_MOD) |
---|
1046 | strlcat(buf, "%", sizeof(buf)); |
---|
1047 | snprintf(tmp, sizeof(tmp), "%d", fp->fp_wsize); |
---|
1048 | strlcat(buf, tmp, sizeof(buf)); |
---|
1049 | } |
---|
1050 | strlcat(buf, ":", sizeof(buf)); |
---|
1051 | |
---|
1052 | snprintf(tmp, sizeof(tmp), "%d", fp->fp_ttl); |
---|
1053 | strlcat(buf, tmp, sizeof(buf)); |
---|
1054 | strlcat(buf, ":", sizeof(buf)); |
---|
1055 | |
---|
1056 | if (fp->fp_flags & PF_OSFP_DF) |
---|
1057 | strlcat(buf, "1", sizeof(buf)); |
---|
1058 | else |
---|
1059 | strlcat(buf, "0", sizeof(buf)); |
---|
1060 | strlcat(buf, ":", sizeof(buf)); |
---|
1061 | |
---|
1062 | if (fp->fp_flags & PF_OSFP_PSIZE_DC) |
---|
1063 | strlcat(buf, "*", sizeof(buf)); |
---|
1064 | else { |
---|
1065 | if (fp->fp_flags & PF_OSFP_PSIZE_MOD) |
---|
1066 | strlcat(buf, "%", sizeof(buf)); |
---|
1067 | snprintf(tmp, sizeof(tmp), "%d", fp->fp_psize); |
---|
1068 | strlcat(buf, tmp, sizeof(buf)); |
---|
1069 | } |
---|
1070 | strlcat(buf, ":", sizeof(buf)); |
---|
1071 | |
---|
1072 | if (fp->fp_optcnt == 0) |
---|
1073 | strlcat(buf, ".", sizeof(buf)); |
---|
1074 | for (i = fp->fp_optcnt - 1; i >= 0; i--) { |
---|
1075 | opt = fp->fp_tcpopts >> (i * PF_OSFP_TCPOPT_BITS); |
---|
1076 | opt &= (1 << PF_OSFP_TCPOPT_BITS) - 1; |
---|
1077 | switch (opt) { |
---|
1078 | case PF_OSFP_TCPOPT_NOP: |
---|
1079 | strlcat(buf, "N", sizeof(buf)); |
---|
1080 | break; |
---|
1081 | case PF_OSFP_TCPOPT_SACK: |
---|
1082 | strlcat(buf, "S", sizeof(buf)); |
---|
1083 | break; |
---|
1084 | case PF_OSFP_TCPOPT_TS: |
---|
1085 | strlcat(buf, "T", sizeof(buf)); |
---|
1086 | if (fp->fp_flags & PF_OSFP_TS0) |
---|
1087 | strlcat(buf, "0", sizeof(buf)); |
---|
1088 | break; |
---|
1089 | case PF_OSFP_TCPOPT_MSS: |
---|
1090 | strlcat(buf, "M", sizeof(buf)); |
---|
1091 | if (fp->fp_flags & PF_OSFP_MSS_DC) |
---|
1092 | strlcat(buf, "*", sizeof(buf)); |
---|
1093 | else { |
---|
1094 | if (fp->fp_flags & PF_OSFP_MSS_MOD) |
---|
1095 | strlcat(buf, "%", sizeof(buf)); |
---|
1096 | snprintf(tmp, sizeof(tmp), "%d", fp->fp_mss); |
---|
1097 | strlcat(buf, tmp, sizeof(buf)); |
---|
1098 | } |
---|
1099 | break; |
---|
1100 | case PF_OSFP_TCPOPT_WSCALE: |
---|
1101 | strlcat(buf, "W", sizeof(buf)); |
---|
1102 | if (fp->fp_flags & PF_OSFP_WSCALE_DC) |
---|
1103 | strlcat(buf, "*", sizeof(buf)); |
---|
1104 | else { |
---|
1105 | if (fp->fp_flags & PF_OSFP_WSCALE_MOD) |
---|
1106 | strlcat(buf, "%", sizeof(buf)); |
---|
1107 | snprintf(tmp, sizeof(tmp), "%d", fp->fp_wscale); |
---|
1108 | strlcat(buf, tmp, sizeof(buf)); |
---|
1109 | } |
---|
1110 | break; |
---|
1111 | } |
---|
1112 | |
---|
1113 | if (i != 0) |
---|
1114 | strlcat(buf, ",", sizeof(buf)); |
---|
1115 | } |
---|
1116 | strlcat(buf, ":", sizeof(buf)); |
---|
1117 | |
---|
1118 | strlcat(buf, fp->fp_os.fp_class_nm, sizeof(buf)); |
---|
1119 | strlcat(buf, ":", sizeof(buf)); |
---|
1120 | strlcat(buf, fp->fp_os.fp_version_nm, sizeof(buf)); |
---|
1121 | strlcat(buf, ":", sizeof(buf)); |
---|
1122 | strlcat(buf, fp->fp_os.fp_subtype_nm, sizeof(buf)); |
---|
1123 | strlcat(buf, ":", sizeof(buf)); |
---|
1124 | |
---|
1125 | snprintf(tmp, sizeof(tmp), "TcpOpts %d 0x%llx", fp->fp_optcnt, |
---|
1126 | (long long int)fp->fp_tcpopts); |
---|
1127 | strlcat(buf, tmp, sizeof(buf)); |
---|
1128 | |
---|
1129 | return (buf); |
---|
1130 | } |
---|
1131 | #ifdef __rtems__ |
---|
1132 | #include "pfctl_osfp-data.h" |
---|
1133 | #endif /* __rtems__ */ |
---|