diff options
| author | krion <krion@FreeBSD.org> | 2003-10-21 23:08:50 +0000 |
|---|---|---|
| committer | krion <krion@FreeBSD.org> | 2003-10-21 23:08:50 +0000 |
| commit | 2af9e4cc09a1a3152f8d8a527ae6032283415ac9 (patch) | |
| tree | 3ae0bb0941f9ff199caab66fce17e26f4609da0d /security/pf | |
| parent | a65279d89b972246fbc84476135c7c7e548cac0f (diff) | |
| download | FreeBSD-ports-2af9e4cc09a1a3152f8d8a527ae6032283415ac9.zip FreeBSD-ports-2af9e4cc09a1a3152f8d8a527ae6032283415ac9.tar.gz | |
- Remove bogus file from patches
PR: 58354
Submitted by: maintainer
No cookie for: edwin
Diffstat (limited to 'security/pf')
| -rw-r--r-- | security/pf/files/pf-port.diff | 1523 |
1 files changed, 0 insertions, 1523 deletions
diff --git a/security/pf/files/pf-port.diff b/security/pf/files/pf-port.diff deleted file mode 100644 index 94d4463..0000000 --- a/security/pf/files/pf-port.diff +++ /dev/null @@ -1,1523 +0,0 @@ -diff -ruN /usr/ports/security/pf/Makefile pf/Makefile ---- /usr/ports/security/pf/Makefile Fri Aug 29 05:14:03 2003 -+++ pf/Makefile Sat Sep 27 14:32:18 2003 -@@ -6,8 +6,7 @@ - # - - PORTNAME= pf_freebsd --PORTVERSION= 1.0 --PORTREVISION= 7 -+PORTVERSION= 1.65 - CATEGORIES= security ipv6 - MASTER_SITES= http://pf4freebsd.love2party.net/ - .if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes") -@@ -24,11 +23,12 @@ - - STARTUP_SCRIPT= ${PREFIX}/etc/rc.d/pf.sh.sample - SAMPLE_CONFIG= ${PREFIX}/etc/pf.conf.default -+SAMPLE_PFOS= ${PREFIX}/etc/pf.os - - MAN1= pftcpdump.1 - MAN4= pf.4 pflog.4 pfsync.4 --MAN5= pf.conf.5 --MAN8= ftp-proxy.8 pfctl.8 pflogd.8 pftop.8 -+MAN5= pf.conf.5 pf.os.5 -+MAN8= ftp-proxy.8 pfctl.8 pflogd.8 - - MANCOMPRESSED= maybe - -@@ -57,54 +57,72 @@ - - .if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes") - pre-fetch: -- @${ECHO_CMD} "=======================================================" -- @${ECHO_CMD} "* If you have ALTQ support from: *" -- @${ECHO_CMD} "* http://www.rofug.ro/projects/freebsd-altq/ *" -- @${ECHO_CMD} "* You can may define WITH_ALTQ=yes to make use of it *" -- @${ECHO_CMD} "* Please define SYS_ALTQ to point to the patched src *" -- @${ECHO_CMD} "* *" -- @${ECHO_CMD} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=${SRC_BASE}/sys.altq *" -- @${ECHO_CMD} "* *" -- @${ECHO_CMD} "=======================================================" -+ @${ECHO_MSG} "=======================================================" -+ @${ECHO_MSG} "* If you have ALTQ support from: *" -+ @${ECHO_MSG} "* http://www.nipsi.de/altq/index.html *" -+ @${ECHO_MSG} "* You can may define WITH_ALTQ=yes to make use of it *" -+ @${ECHO_MSG} "* Please define SYS_ALTQ to point to the patched src *" -+ @${ECHO_MSG} "* *" -+ @${ECHO_MSG} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=/usr/src/sys.altq *" -+ @${ECHO_MSG} "* *" -+ @${ECHO_MSG} "=======================================================" - @sleep 2 - .endif - --pre-install: -+post-patch: -+ @${CP} ${WRKSRC}/pfctl/pfctl_parser.h \ -+ ${WRKSRC}/pfctl/pfctl_parser.h.orig -+ @${SED} -e 's!%%PREFIX%%!${PREFIX}!' \ -+ ${WRKSRC}/pfctl/pfctl_parser.h.orig > \ -+ ${WRKSRC}/pfctl/pfctl_parser.h -+pre-su-install: - ${MKDIR} ${KMODDIR} - ${MKDIR} ${PREFIX}/include/pf - ${MKDIR} ${PREFIX}/include/pf/net -+.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes") -+ ${MKDIR} ${PREFIX}/include/pf/altq -+.endif - .if !defined(BATCH) && !defined(PACKAGE_BUILDING) - @${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL - .endif - - post-install: -- ${ECHO} "Installing include files ..." -+ ${ECHO_MSG} "Installing include files ..." - ${INSTALL_DATA} ${WRKSRC}/include/net/pfvar.h \ -- ${PREFIX}/include/pf/net -+ ${PREFIX}/include/pf/net - ${INSTALL_DATA} ${WRKSRC}/include/net/if_pflog.h \ -- ${PREFIX}/include/pf/net -+ ${PREFIX}/include/pf/net - ${INSTALL_DATA} ${WRKSRC}/include/net/if_pfsync.h \ -- ${PREFIX}/include/pf/net -+ ${PREFIX}/include/pf/net -+.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes") -+ ${INSTALL_DATA} ${WRKSRC}/include/altq/*.h \ -+ ${PREFIX}/include/pf/altq -+.endif - @if [ -f ${WRKSRC}/man/pf.4.gz ]; then \ -- ${ECHO} "Installing pftcpdump(1) man page."; \ -+ ${ECHO_MSG} "Installing pftcpdump(1) man page."; \ - ${GZIP_CMD} -cn ${WRKSRC}/freebsd_tcpdump/tcpdump.1 > \ - ${WRKSRC}/freebsd_tcpdump/tcpdump.1.gz ; \ - ${INSTALL_MAN} ${WRKSRC}/freebsd_tcpdump/tcpdump.1.gz \ -- ${PREFIX}/man/man1/pftcpdump.1.gz ; \ -+ ${PREFIX}/man/man1/pftcpdump.1.gz ; \ - else \ -- ${ECHO} "Installing pftcpdump(1) man page."; \ -+ ${ECHO_MSG} "Installing pftcpdump(1) man page."; \ - ${INSTALL_MAN} ${WRKSRC}/freebsd_tcpdump/tcpdump.1 \ -- ${PREFIX}/man/man1/pftcpdump.1 ; \ -+ ${PREFIX}/man/man1/pftcpdump.1 ; \ - fi - @if [ ! -f ${STARTUP_SCRIPT} ]; then \ -- ${ECHO} "Installing ${STARTUP_SCRIPT} startup file." ; \ -+ ${ECHO_MSG} "Installing ${STARTUP_SCRIPT} startup file." ; \ - ${INSTALL_SCRIPT} ${FILESDIR}/pf.sh.sample \ -- ${STARTUP_SCRIPT} ; \ -+ ${STARTUP_SCRIPT} ; \ - fi - @if [ ! -f ${SAMPLE_CONFIG} ]; then \ -- ${ECHO} "Installing ${SAMPLE_CONFIG} config file." ; \ -+ ${ECHO_MSG} "Installing ${SAMPLE_CONFIG} config file." ; \ - ${INSTALL_DATA} ${FILESDIR}/pf.conf.default \ -- ${SAMPLE_CONFIG}; \ -+ ${SAMPLE_CONFIG}; \ -+ fi -+ @if [ ! -f ${SAMPLE_PFOS} ]; then \ -+ ${ECHO_MSG} "Installing ${SAMPLE_PFOS} config file."; \ -+ ${INSTALL_DATA} ${FILESDIR}/pf.os.default \ -+ ${SAMPLE_PFOS}; \ - fi - ${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PKGMESSAGE} - -diff -ruN /usr/ports/security/pf/distinfo pf/distinfo ---- /usr/ports/security/pf/distinfo Fri Jun 13 03:09:29 2003 -+++ pf/distinfo Sat Sep 27 13:31:03 2003 -@@ -1 +1 @@ --MD5 (pf_freebsd_1.0.tar.gz) = 66b573f0f6884b61f41240111425b93e -+MD5 (pf_freebsd_1.65.tar.gz) = 6956f275a7b971ab07f4ee8e0bdd83e0 -diff -ruN /usr/ports/security/pf/files/patch-aa pf/files/patch-aa ---- /usr/ports/security/pf/files/patch-aa Mon Jun 16 05:14:27 2003 -+++ pf/files/patch-aa Sat Sep 27 10:18:08 2003 -@@ -1,32 +1,11 @@ ----- freebsd_tcpdump/print-pflog.c.orig Fri Jun 13 18:14:50 2003 --+++ freebsd_tcpdump/print-pflog.c Fri Jun 13 18:15:39 2003 --@@ -64,7 +64,9 @@ -- u_int length = h->len; -- u_int caplen = h->caplen; -- const struct ip *ip; --+#ifdef INET6 -- const struct ip6_hdr *ip6; --+#endif -- const struct pfloghdr *hdr; -- u_short res; -- char reason[128], *why; --@@ -129,13 +131,16 @@ -- if (xflag) -- default_print((const u_char *)ip, -- caplen - PFLOG_HDRLEN); --- } else { --+ } --+#ifdef INET6 --+ else { -- ip6 = (struct ip6_hdr *)(p + PFLOG_HDRLEN); -- ip6_print((const u_char *)ip6, length); -- if (xflag) -- default_print((const u_char *)ip6, -- caplen - PFLOG_HDRLEN); -- } --+#endif -+--- Makefile.orig Sat Sep 27 10:17:32 2003 -++++ Makefile Sat Sep 27 10:17:46 2003 -+@@ -6,7 +6,7 @@ -+ SUBDIR= libpcap -+ .endif -+ -+-SUBDIR+= pfctl authpf ftp-proxy man pf pflog pfsync -++SUBDIR+= pfctl ftp-proxy man pf pflog pfsync -+ -+ .include "include/mk/util.mk" - -- out: -- putchar('\n'); -- -- -diff -ruN /usr/ports/security/pf/files/patch-ab pf/files/patch-ab ---- /usr/ports/security/pf/files/patch-ab Wed Jun 18 06:46:34 2003 -+++ pf/files/patch-ab Sat Sep 27 10:41:00 2003 -@@ -1,70 +1,11 @@ ----- pf/pf_support.h Mon Apr 14 05:54:15 2003 --+++ pf/pf_support.h Tue Jun 17 14:26:33 2003 --@@ -16,10 +16,16 @@ -- * Original numbers changed from 11, 12, 13. -- * sys/mbuf.h -- */ ---#define PACKET_TAG_PF_GENERATED 19 /* PF generated, pass always */ ---#define PACKET_TAG_PF_ROUTED 20 /* PF routed, no route loops */ ---#define PACKET_TAG_PF_FRAGCACHE 21 /* PF fragment cached */ ---#define PACKET_TAG_PF_QID 22 /* PF queue id */ --+#if defined(PACKET_TAG_MACLABEL) --+#define PACKET_TAG_FB_END (PACKET_TAG_MACLABEL) --+#else --+#define PACKET_TAG_FB_END (PACKET_TAG_IPFORWARD) --+#endif --+#define PACKET_TAG_PF_GENERATED (PACKET_TAG_FB_END+1) --+#define PACKET_TAG_PF_ROUTED (PACKET_TAG_FB_END+2) --+#define PACKET_TAG_PF_FRAGCACHE (PACKET_TAG_FB_END+3) --+#define PACKET_TAG_PF_QID (PACKET_TAG_FB_END+4) --+#define PACKET_TAG_PF_TAG (PACKET_TAG_FB_END+5) -+--- pfctl/pfctl_parser.h.orig Sat Sep 27 10:39:47 2003 -++++ pfctl/pfctl_parser.h Sat Sep 27 10:40:21 2003 -+@@ -33,7 +33,7 @@ -+ #ifndef _PFCTL_PARSER_H_ -+ #define _PFCTL_PARSER_H_ - -- /* -- * sys/limits.h ----- pfaltq/pf_support.h Mon Apr 14 06:04:19 2003 --+++ pfaltq/pf_support.h Tue Jun 17 14:26:34 2003 --@@ -16,10 +16,16 @@ -- * Original numbers changed from 11, 12, 13. -- * sys/mbuf.h -- */ ---#define PACKET_TAG_PF_GENERATED 19 /* PF generated, pass always */ ---#define PACKET_TAG_PF_ROUTED 20 /* PF routed, no route loops */ ---#define PACKET_TAG_PF_FRAGCACHE 21 /* PF fragment cached */ ---#define PACKET_TAG_PF_QID 22 /* PF queue id */ --+#if defined(PACKET_TAG_MACLABEL) --+#define PACKET_TAG_FB_END (PACKET_TAG_MACLABEL) --+#else --+#define PACKET_TAG_FB_END (PACKET_TAG_IPFORWARD) --+#endif --+#define PACKET_TAG_PF_GENERATED (PACKET_TAG_FB_END+1) --+#define PACKET_TAG_PF_ROUTED (PACKET_TAG_FB_END+2) --+#define PACKET_TAG_PF_FRAGCACHE (PACKET_TAG_FB_END+3) --+#define PACKET_TAG_PF_QID (PACKET_TAG_FB_END+4) --+#define PACKET_TAG_PF_TAG (PACKET_TAG_FB_END+5) -+-#define PF_OSFP_FILE "/etc/pf.os" -++#define PF_OSFP_FILE "%%PREFIX%%/etc/pf.os" - -- /* -- * sys/limits.h ----- pfctl/pf_support.h Mon Apr 14 05:55:07 2003 --+++ pfctl/pf_support.h Tue Jun 17 14:26:34 2003 --@@ -16,10 +16,16 @@ -- * Original numbers changed from 11, 12, 13. -- * sys/mbuf.h -- */ ---#define PACKET_TAG_PF_GENERATED 19 /* PF generated, pass always */ ---#define PACKET_TAG_PF_ROUTED 20 /* PF routed, no route loops */ ---#define PACKET_TAG_PF_FRAGCACHE 21 /* PF fragment cached */ ---#define PACKET_TAG_PF_QID 22 /* PF queue id */ --+#if defined(PACKET_TAG_MACLABEL) --+#define PACKET_TAG_FB_END (PACKET_TAG_MACLABEL) --+#else --+#define PACKET_TAG_FB_END (PACKET_TAG_IPFORWARD) --+#endif --+#define PACKET_TAG_PF_GENERATED (PACKET_TAG_FB_END+1) --+#define PACKET_TAG_PF_ROUTED (PACKET_TAG_FB_END+2) --+#define PACKET_TAG_PF_FRAGCACHE (PACKET_TAG_FB_END+3) --+#define PACKET_TAG_PF_QID (PACKET_TAG_FB_END+4) --+#define PACKET_TAG_PF_TAG (PACKET_TAG_FB_END+5) -- -- /* -- * sys/limits.h -- -+ #define PF_OPT_DISABLE 0x0001 -+ #define PF_OPT_ENABLE 0x0002 -diff -ruN /usr/ports/security/pf/files/patch-ac pf/files/patch-ac ---- /usr/ports/security/pf/files/patch-ac Wed Jun 18 06:46:34 2003 -+++ pf/files/patch-ac Sun Sep 28 14:04:09 2003 -@@ -1,29 +1,24 @@ ----- pf/pf.c Wed May 7 09:33:21 2003 --+++ pf/pf.c Tue Jun 17 17:02:08 2003 --@@ -2837,6 +2837,7 @@ -- /* check incoming packet for BINAT/RDR */ -- if ((rdr = pf_get_translation(PF_IN, ifp, pd->proto, -- saddr, 0, daddr, 0, &naddr, NULL, af)) != NULL) { --+ PF_ACPY(&baddr, daddr, af); -- switch (af) { -- #ifdef INET -- case AF_INET: --@@ -3179,7 +3180,7 @@ -- /* Retrans: not more than one window back */ -- (ackskew >= -MAXACKWINDOW) && -- /* Acking not more than one window back */ --- (ackskew <= MAXACKWINDOW)) { --+ (ackskew <= (MAXACKWINDOW << sws))) { -- /* Acking not more than one window forward */ -- -- (*state)->packets++; --@@ -3346,7 +3347,7 @@ -- SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws)) ? -- ' ': '2', -- (ackskew >= -MAXACKWINDOW) ? ' ' : '3', --- (ackskew <= MAXACKWINDOW) ? ' ' : '4', --+ (ackskew <= (MAXACKWINDOW << sws)) ? ' ' : '4', -- SEQ_GEQ(src->seqhi + MAXACKWINDOW, end) ?' ' :'5', -- SEQ_GEQ(seq, src->seqlo - MAXACKWINDOW) ?' ' :'6'); -- } -- -+--- pf/pf_ioctl.c.orig Sun Sep 28 15:00:08 2003 -++++ pf/pf_ioctl.c Sun Sep 28 15:00:16 2003 -+@@ -201,7 +201,7 @@ -+ /* psize */ nopsize, -+ /* flags */ 0, -+ /* kqfilter */ nokqfilter, -+-#else -++#elif (__FreeBSD_version < 501109) -+ .d_open = pfopen, -+ .d_close = pfclose, -+ .d_read = noread, -+@@ -215,6 +215,12 @@ -+ .d_dump = nodump, -+ .d_flags = 0, -+ .d_kqfilter = nokqfilter, -++#else -++ .d_open = pfopen, -++ .d_close = pfclose, -++ .d_ioctl = pfioctl, -++ .d_name = PF_NAME, -++ .d_flags = 0, -+ #endif -+ }; -+ #endif /* __FreeBSD__ */ -diff -ruN /usr/ports/security/pf/files/patch-ad pf/files/patch-ad ---- /usr/ports/security/pf/files/patch-ad Thu Jun 26 18:20:13 2003 -+++ pf/files/patch-ad Thu Jan 1 01:00:00 1970 -@@ -1,161 +0,0 @@ ----- pfctl/pfctl.c Sat Jun 21 17:29:45 2003 --+++ pfctl/pfctl.c Sat Jun 21 18:31:19 2003 --@@ -46,6 +46,7 @@ -- #include <err.h> -- #include <errno.h> -- #include <fcntl.h> --+#include <inttypes.h> -- #include <limits.h> -- #include <netdb.h> -- #include <stdio.h> --@@ -565,8 +566,8 @@ -- rule->qname, rule->qid, rule->pqname, rule->pqid); -- } -- if (opts & PF_OPT_VERBOSE) --- printf("[ Evaluations: %-8llu Packets: %-8llu " --- "Bytes: %-10llu States: %-6u]\n\n", --+ printf("[ Evaluations: %-8"PRIu64" Packets: %-8"PRIu64" " --+ "Bytes: %-10"PRIu64" States: %-6u]\n\n", -- rule->evaluations, rule->packets, -- rule->bytes, rule->states); -- } --@@ -630,7 +631,7 @@ -- case 1: -- if (pr.rule.label[0]) { -- printf("%s ", pr.rule.label); --- printf("%llu %llu %llu\n", --+ printf("%"PRIu64" %"PRIu64" %"PRIu64"\n", -- pr.rule.evaluations, pr.rule.packets, -- pr.rule.bytes); -- } --@@ -662,7 +663,7 @@ -- case 1: -- if (pr.rule.label[0]) { -- printf("%s ", pr.rule.label); --- printf("%llu %llu %llu\n", --+ printf("%"PRIu64" %"PRIu64" %"PRIu64"\n", -- pr.rule.evaluations, pr.rule.packets, -- pr.rule.bytes); -- } ----- pfctl/pfctl_parser.c Sat Jun 21 17:29:45 2003 --+++ pfctl/pfctl_parser.c Sat Jun 21 18:32:00 2003 --@@ -49,6 +49,7 @@ -- #include <stdarg.h> -- #include <errno.h> -- #include <err.h> --+#include <inttypes.h> -- #include <ifaddrs.h> -- -- #if defined(__FreeBSD__) --@@ -503,29 +504,29 @@ -- if (s->ifname[0] != 0) { -- printf("Interface Stats for %-16s %5s %16s\n", -- s->ifname, "IPv4", "IPv6"); --- printf(" %-25s %14llu %16llu\n", "Bytes In", --+ printf(" %-25s %14"PRIu64" %16"PRIu64"\n", "Bytes In", -- s->bcounters[0][0], s->bcounters[1][0]); --- printf(" %-25s %14llu %16llu\n", "Bytes Out", --+ printf(" %-25s %14"PRIu64" %16"PRIu64"\n", "Bytes Out", -- s->bcounters[0][1], s->bcounters[1][1]); -- printf(" Packets In\n"); --- printf(" %-23s %14llu %16llu\n", "Passed", --+ printf(" %-23s %14"PRIu64" %16"PRIu64"\n", "Passed", -- s->pcounters[0][0][PF_PASS], -- s->pcounters[1][0][PF_PASS]); --- printf(" %-23s %14llu %16llu\n", "Blocked", --+ printf(" %-23s %14"PRIu64" %16"PRIu64"\n", "Blocked", -- s->pcounters[0][0][PF_DROP], -- s->pcounters[1][0][PF_DROP]); -- printf(" Packets Out\n"); --- printf(" %-23s %14llu %16llu\n", "Passed", --+ printf(" %-23s %14"PRIu64" %16"PRIu64"\n", "Passed", -- s->pcounters[0][1][PF_PASS], -- s->pcounters[1][1][PF_PASS]); --- printf(" %-23s %14llu %16llu\n\n", "Blocked", --+ printf(" %-23s %14"PRIu64" %16"PRIu64"\n\n", "Blocked", -- s->pcounters[0][1][PF_DROP], -- s->pcounters[1][1][PF_DROP]); -- } -- printf("%-27s %14s %16s\n", "State Table", "Total", "Rate"); -- printf(" %-25s %14u %14s\n", "current entries", s->states, ""); -- for (i = 0; i < FCNT_MAX; i++) { --- printf(" %-25s %14lld ", pf_fcounters[i], --+ printf(" %-25s %14"PRId64" ", pf_fcounters[i], -- s->fcounters[i]); -- if (runtime > 0) -- printf("%14.1f/s\n", --@@ -535,7 +536,7 @@ -- } -- printf("Counters\n"); -- for (i = 0; i < PFRES_MAX; i++) { --- printf(" %-25s %14lld ", pf_reasons[i], --+ printf(" %-25s %14"PRId64" ", pf_reasons[i], -- s->counters[i]); -- if (runtime > 0) -- printf("%14.1f/s\n", ----- pfctl/pfctl_qstats.c Sat Jun 21 17:29:45 2003 --+++ pfctl/pfctl_qstats.c Sat Jun 21 18:32:19 2003 --@@ -40,6 +40,7 @@ -- #include <arpa/inet.h> -- -- #include <err.h> --+#include <inttypes.h> -- #include <stdio.h> -- #include <stdlib.h> -- #include <string.h> --@@ -280,8 +281,8 @@ -- { -- double interval; -- --- printf("[ pkts: %10llu bytes: %10llu " --- "dropped pkts: %6llu bytes: %6llu ]\n", --+ printf("[ pkts: %10"PRIu64" bytes: %10"PRIu64" " --+ "dropped pkts: %6"PRIu64" bytes: %6"PRIu64" ]\n", -- cur.data.cbq_stats.xmit_cnt.packets, -- cur.data.cbq_stats.xmit_cnt.bytes, -- cur.data.cbq_stats.drop_cnt.packets, --@@ -306,8 +307,8 @@ -- { -- double interval; -- --- printf("[ pkts: %10llu bytes: %10llu " --- "dropped pkts: %6llu bytes: %6llu ]\n", --+ printf("[ pkts: %10"PRIu64" bytes: %10"PRIu64" " --+ "dropped pkts: %6"PRIu64" bytes: %6"PRIu64" ]\n", -- cur.data.priq_stats.xmitcnt.packets, -- cur.data.priq_stats.xmitcnt.bytes, -- cur.data.priq_stats.dropcnt.packets, ----- pfctl/pfctl_table.c Sat Jun 21 17:29:45 2003 --+++ pfctl/pfctl_table.c Sat Jun 21 18:32:36 2003 --@@ -42,6 +42,7 @@ -- #include <ctype.h> -- #include <err.h> -- #include <errno.h> --+#include <inttypes.h> -- #include <netdb.h> -- #include <stdarg.h> -- #include <stdio.h> --@@ -363,11 +364,11 @@ -- printf("\tAddresses: %d\n", ts->pfrts_cnt); -- printf("\tReferences: %d\n", ts->pfrts_refcnt); -- printf("\tCleared: %s", ctime(&time)); --- printf("\tEvaluations: [ NoMatch: %-18llu Match: %-18llu ]\n", --+ printf("\tEvaluations: [ NoMatch: %-18"PRIu64" Match: %-18"PRIu64" ]\n", -- ts->pfrts_nomatch, ts->pfrts_match); -- for (dir = 0; dir < PFR_DIR_MAX; dir++) -- for (op = 0; op < PFR_OP_TABLE_MAX; op++) --- printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n", --+ printf("\t%-12s [ Packets: %-18"PRIu64" Bytes: %-18"PRIu64" ]\n", -- stats_text[dir][op], -- ts->pfrts_packets[dir][op], -- ts->pfrts_bytes[dir][op]); --@@ -541,7 +542,7 @@ -- printf("\tCleared: %s", ctime(&time)); -- for (dir = 0; dir < PFR_DIR_MAX; dir++) -- for (op = 0; op < PFR_OP_ADDR_MAX; op++) --- printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n", --+ printf("\t%-12s [ Packets: %-18"PRIu64" Bytes: %-18"PRIu64" ]\n", -- stats_text[dir][op], -- as->pfras_packets[dir][op], -- as->pfras_bytes[dir][op]); -- -diff -ruN /usr/ports/security/pf/files/patch-ae pf/files/patch-ae ---- /usr/ports/security/pf/files/patch-ae Fri Jul 4 03:28:53 2003 -+++ pf/files/patch-ae Thu Jan 1 01:00:00 1970 -@@ -1,13 +0,0 @@ ----- pf/pf_norm.c 7 Apr 2003 15:31:41 -0000 1.2 --+++ pf/pf_norm.c 3 Jul 2003 02:40:10 -0000 1.2.16.1 --@@ -747,6 +747,9 @@ -- */ -- #if defined(__FreeBSD__) -- *m0 = m_dup(m, M_NOWAIT); --+ /* From KAME Project : We have missed this! */ --+ m_adj(*m0, (h->ip_hl << 2) - --+ (*m0)->m_pkthdr.len); -- #else -- *m0 = m_copym2(m, 0, h->ip_hl << 2, M_NOWAIT); -- #endif -- -diff -ruN /usr/ports/security/pf/files/patch-af pf/files/patch-af ---- /usr/ports/security/pf/files/patch-af Fri Jul 18 03:51:24 2003 -+++ pf/files/patch-af Thu Jan 1 01:00:00 1970 -@@ -1,19 +0,0 @@ ----- pf/pf_norm.c 3 Jul 2003 02:40:10 -0000 1.2.16.1 --+++ pf/pf_norm.c 14 Jul 2003 07:11:17 -0000 1.2.16.2 --@@ -1050,12 +1050,12 @@ -- goto bad; -- } -- --- max = fragoff + ip_len; -- /* Respect maximum length */ --- if (max > IP_MAXPACKET) { --- DPFPRINTF(("max packet %d\n", max)); --+ if (fragoff + ip_len > IP_MAXPACKET) { --+ DPFPRINTF(("max packet %d\n", fragoff + ip_len)); -- goto bad; -- } --+ max = fragoff + ip_len; -- -- if ((r->rule_flag & (PFRULE_FRAGCROP|PFRULE_FRAGDROP)) == 0) { -- /* Fully buffer all of the fragments */ -- -diff -ruN /usr/ports/security/pf/files/patch-ag pf/files/patch-ag ---- /usr/ports/security/pf/files/patch-ag Fri Aug 29 05:14:03 2003 -+++ pf/files/patch-ag Thu Jan 1 01:00:00 1970 -@@ -1,383 +0,0 @@ ----- pf/pf_norm.c Fri Aug 29 03:31:24 2003 --+++ pf/pf_norm.c Fri Aug 29 03:40:58 2003 --@@ -117,10 +117,10 @@ -- void pf_flush_fragments(void); -- void pf_free_fragment(struct pf_fragment *); -- struct pf_fragment *pf_find_fragment(struct ip *, struct pf_frag_tree *); ---struct mbuf *pf_reassemble(struct mbuf **, struct pf_fragment *, --+struct mbuf *pf_reassemble(struct mbuf **, struct pf_fragment **, -- struct pf_frent *, int); -- struct mbuf *pf_fragcache(struct mbuf **, struct ip*, --- struct pf_fragment *, int, int, int *); --+ struct pf_fragment **, int, int, int *); -- u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t); -- int pf_normalize_tcp(int, struct ifnet *, struct mbuf *, -- int, int, void *, struct pf_pdesc *); --@@ -385,7 +385,7 @@ -- } -- -- struct mbuf * ---pf_reassemble(struct mbuf **m0, struct pf_fragment *frag, --+pf_reassemble(struct mbuf **m0, struct pf_fragment **frag, -- struct pf_frent *frent, int mff) -- { -- struct mbuf *m = *m0, *m2; --@@ -397,10 +397,10 @@ -- u_int16_t max = ip->ip_len + off; -- -- #if defined(__FreeBSD__) --- KASSERT((frag == NULL || BUFFER_FRAGMENTS(frag)), --- ("! (frag == NULL || BUFFER_FRAGMENTS(frag)): %s", __FUNCTION__)); --+ KASSERT((*frag == NULL || BUFFER_FRAGMENTS(*frag)), --+ ("! (*frag == NULL || BUFFER_FRAGMENTS(*frag)): %s", __FUNCTION__)); -- #else --- KASSERT(frag == NULL || BUFFER_FRAGMENTS(frag)); --+ KASSERT(*frag == NULL || BUFFER_FRAGMENTS(*frag)); -- #endif -- -- /* Strip off ip header */ --@@ -408,38 +408,38 @@ -- m->m_len -= hlen; -- -- /* Create a new reassembly queue for this packet */ --- if (frag == NULL) { --+ if (*frag == NULL) { -- #if defined(__FreeBSD__) --- frag = uma_zalloc(pf_frag_pl, M_NOWAIT); --+ *frag = uma_zalloc(pf_frag_pl, M_NOWAIT); -- #else --- frag = pool_get(&pf_frag_pl, PR_NOWAIT); --+ *frag = pool_get(&pf_frag_pl, PR_NOWAIT); -- #endif --- if (frag == NULL) { --+ if (*frag == NULL) { -- pf_flush_fragments(); -- #if defined(__FreeBSD__) --- frag = uma_zalloc(pf_frag_pl, M_NOWAIT); --+ *frag = uma_zalloc(pf_frag_pl, M_NOWAIT); -- #else --- frag = pool_get(&pf_frag_pl, PR_NOWAIT); --+ *frag = pool_get(&pf_frag_pl, PR_NOWAIT); -- #endif --- if (frag == NULL) --+ if (*frag == NULL) -- goto drop_fragment; -- } -- --- frag->fr_flags = 0; --- frag->fr_max = 0; --- frag->fr_src = frent->fr_ip->ip_src; --- frag->fr_dst = frent->fr_ip->ip_dst; --- frag->fr_p = frent->fr_ip->ip_p; --- frag->fr_id = frent->fr_ip->ip_id; --+ (*frag)->fr_flags = 0; --+ (*frag)->fr_max = 0; --+ (*frag)->fr_src = frent->fr_ip->ip_src; --+ (*frag)->fr_dst = frent->fr_ip->ip_dst; --+ (*frag)->fr_p = frent->fr_ip->ip_p; --+ (*frag)->fr_id = frent->fr_ip->ip_id; -- #if defined(__FreeBSD__) --- frag->fr_timeout = time_second; --+ (*frag)->fr_timeout = time_second; -- #else --- frag->fr_timeout = time.tv_sec; --+ (*frag)->fr_timeout = time.tv_sec; -- #endif --- LIST_INIT(&frag->fr_queue); --+ LIST_INIT(&(*frag)->fr_queue); -- --- RB_INSERT(pf_frag_tree, &pf_frag_tree, frag); --- TAILQ_INSERT_HEAD(&pf_fragqueue, frag, frag_next); --+ RB_INSERT(pf_frag_tree, &pf_frag_tree, *frag); --+ TAILQ_INSERT_HEAD(&pf_fragqueue, *frag, frag_next); -- -- /* We do not have a previous fragment */ -- frep = NULL; --@@ -450,7 +450,7 @@ -- * Find a fragment after the current one: -- * - off contains the real shifted offset. -- */ --- LIST_FOREACH(frea, &frag->fr_queue, fr_next) { --+ LIST_FOREACH(frea, &(*frag)->fr_queue, fr_next) { -- if (frea->fr_ip->ip_off > off) -- break; -- frep = frea; --@@ -503,41 +503,41 @@ -- -- insert: -- /* Update maximum data size */ --- if (frag->fr_max < max) --- frag->fr_max = max; --+ if ((*frag)->fr_max < max) --+ (*frag)->fr_max = max; -- /* This is the last segment */ -- if (!mff) --- frag->fr_flags |= PFFRAG_SEENLAST; --+ (*frag)->fr_flags |= PFFRAG_SEENLAST; -- -- if (frep == NULL) --- LIST_INSERT_HEAD(&frag->fr_queue, frent, fr_next); --+ LIST_INSERT_HEAD(&(*frag)->fr_queue, frent, fr_next); -- else -- LIST_INSERT_AFTER(frep, frent, fr_next); -- -- /* Check if we are completely reassembled */ --- if (!(frag->fr_flags & PFFRAG_SEENLAST)) --+ if (!((*frag)->fr_flags & PFFRAG_SEENLAST)) -- return (NULL); -- -- /* Check if we have all the data */ -- off = 0; --- for (frep = LIST_FIRST(&frag->fr_queue); frep; frep = next) { --+ for (frep = LIST_FIRST(&(*frag)->fr_queue); frep; frep = next) { -- next = LIST_NEXT(frep, fr_next); -- -- off += frep->fr_ip->ip_len; --- if (off < frag->fr_max && --+ if (off < (*frag)->fr_max && -- (next == NULL || next->fr_ip->ip_off != off)) { -- DPFPRINTF(("missing fragment at %d, next %d, max %d\n", -- off, next == NULL ? -1 : next->fr_ip->ip_off, --- frag->fr_max)); --+ (*frag)->fr_max)); -- return (NULL); -- } -- } --- DPFPRINTF(("%d < %d?\n", off, frag->fr_max)); --- if (off < frag->fr_max) --+ DPFPRINTF(("%d < %d?\n", off, (*frag)->fr_max)); --+ if (off < (*frag)->fr_max) -- return (NULL); -- -- /* We have all the data */ --- frent = LIST_FIRST(&frag->fr_queue); --+ frent = LIST_FIRST(&(*frag)->fr_queue); -- #if defined(__FreeBSD__) -- KASSERT((frent != NULL), ("frent == NULL: %s", __FUNCTION__)); -- #else --@@ -545,7 +545,8 @@ -- #endif -- if ((frent->fr_ip->ip_hl << 2) + off > IP_MAXPACKET) { -- DPFPRINTF(("drop: too big: %d\n", off)); --- pf_free_fragment(frag); --+ pf_free_fragment(*frag); --+ *frag = NULL; -- return (NULL); -- } -- next = LIST_NEXT(frent, fr_next); --@@ -575,11 +576,12 @@ -- m_cat(m, m2); -- } -- --- ip->ip_src = frag->fr_src; --- ip->ip_dst = frag->fr_dst; --+ ip->ip_src = (*frag)->fr_src; --+ ip->ip_dst = (*frag)->fr_dst; -- -- /* Remove from fragment queue */ --- pf_remove_fragment(frag); --+ pf_remove_fragment(*frag); --+ *frag = NULL; -- -- hlen = ip->ip_hl << 2; -- ip->ip_len = off + hlen; --@@ -611,7 +613,7 @@ -- } -- -- struct mbuf * ---pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment *frag, int mff, --+pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff, -- int drop, int *nomem) -- { -- struct mbuf *m = *m0; --@@ -622,27 +624,27 @@ -- int hosed = 0; -- -- #if defined(__FreeBSD__) --- KASSERT((frag == NULL || !BUFFER_FRAGMENTS(frag)), --- ("!(frag == NULL || !BUFFER_FRAGMENTS(frag)): %s", __FUNCTION__)); --+ KASSERT((*frag == NULL || !BUFFER_FRAGMENTS(*frag)), --+ ("!(*frag == NULL || !BUFFER_FRAGMENTS(*frag)): %s", __FUNCTION__)); -- #else --- KASSERT(frag == NULL || !BUFFER_FRAGMENTS(frag)); --+ KASSERT(*frag == NULL || !BUFFER_FRAGMENTS(*frag)); -- #endif -- -- /* Create a new range queue for this packet */ --- if (frag == NULL) { --+ if (*frag == NULL) { -- #if defined(__FreeBSD__) --- frag = uma_zalloc(pf_cache_pl, M_NOWAIT); --+ *frag = uma_zalloc(pf_cache_pl, M_NOWAIT); -- #else --- frag = pool_get(&pf_cache_pl, PR_NOWAIT); --+ *frag = pool_get(&pf_cache_pl, PR_NOWAIT); -- #endif --- if (frag == NULL) { --+ if (*frag == NULL) { -- pf_flush_fragments(); -- #if defined(__FreeBSD__) --- frag = uma_zalloc(pf_cache_pl, M_NOWAIT); --+ *frag = uma_zalloc(pf_cache_pl, M_NOWAIT); -- #else --- frag = pool_get(&pf_cache_pl, PR_NOWAIT); --+ *frag = pool_get(&pf_cache_pl, PR_NOWAIT); -- #endif --- if (frag == NULL) --+ if (*frag == NULL) -- goto no_mem; -- } -- --@@ -654,33 +656,34 @@ -- #endif -- if (cur == NULL) { -- #if defined(__FreeBSD__) --- uma_zfree(pf_cache_pl, frag); --+ uma_zfree(pf_cache_pl, *frag); -- #else --- pool_put(&pf_cache_pl, frag); --+ pool_put(&pf_cache_pl, *frag); -- #endif --+ *frag = NULL; -- goto no_mem; -- } -- pf_ncache++; -- --- frag->fr_flags = PFFRAG_NOBUFFER; --- frag->fr_max = 0; --- frag->fr_src = h->ip_src; --- frag->fr_dst = h->ip_dst; --- frag->fr_p = h->ip_p; --- frag->fr_id = h->ip_id; --+ (*frag)->fr_flags = PFFRAG_NOBUFFER; --+ (*frag)->fr_max = 0; --+ (*frag)->fr_src = h->ip_src; --+ (*frag)->fr_dst = h->ip_dst; --+ (*frag)->fr_p = h->ip_p; --+ (*frag)->fr_id = h->ip_id; -- #if defined(__FreeBSD__) --- frag->fr_timeout = time_second; --+ (*frag)->fr_timeout = time_second; -- #else --- frag->fr_timeout = time.tv_sec; --+ (*frag)->fr_timeout = time.tv_sec; -- #endif -- -- cur->fr_off = off; -- cur->fr_end = max; --- LIST_INIT(&frag->fr_cache); --- LIST_INSERT_HEAD(&frag->fr_cache, cur, fr_next); --+ LIST_INIT(&(*frag)->fr_cache); --+ LIST_INSERT_HEAD(&(*frag)->fr_cache, cur, fr_next); -- --- RB_INSERT(pf_frag_tree, &pf_cache_tree, frag); --- TAILQ_INSERT_HEAD(&pf_cachequeue, frag, frag_next); --+ RB_INSERT(pf_frag_tree, &pf_cache_tree, *frag); --+ TAILQ_INSERT_HEAD(&pf_cachequeue, *frag, frag_next); -- -- DPFPRINTF(("fragcache[%d]: new %d-%d\n", h->ip_id, off, max)); -- --@@ -692,7 +695,7 @@ -- * - off contains the real shifted offset. -- */ -- frp = NULL; --- LIST_FOREACH(fra, &frag->fr_cache, fr_next) { --+ LIST_FOREACH(fra, &(*frag)->fr_cache, fr_next) { -- if (fra->fr_off > off) -- break; -- frp = fra; --@@ -929,21 +932,22 @@ -- -- pass: -- /* Update maximum data size */ --- if (frag->fr_max < max) --- frag->fr_max = max; --+ if ((*frag)->fr_max < max) --+ (*frag)->fr_max = max; -- -- /* This is the last segment */ -- if (!mff) --- frag->fr_flags |= PFFRAG_SEENLAST; --+ (*frag)->fr_flags |= PFFRAG_SEENLAST; -- -- /* Check if we are completely reassembled */ --- if ((frag->fr_flags & PFFRAG_SEENLAST) && --- LIST_FIRST(&frag->fr_cache)->fr_off == 0 && --- LIST_FIRST(&frag->fr_cache)->fr_end == frag->fr_max) { --+ if (((*frag)->fr_flags & PFFRAG_SEENLAST) && --+ LIST_FIRST(&(*frag)->fr_cache)->fr_off == 0 && --+ LIST_FIRST(&(*frag)->fr_cache)->fr_end == (*frag)->fr_max) { -- /* Remove from fragment queue */ -- DPFPRINTF(("fragcache[%d]: done 0-%d\n", h->ip_id, --- frag->fr_max)); --- pf_free_fragment(frag); --+ (*frag)->fr_max)); --+ pf_free_fragment(*frag); --+ *frag = NULL; -- } -- -- return (m); --@@ -952,8 +956,8 @@ -- *nomem = 1; -- -- /* Still need to pay attention to !IP_MF */ --- if (!mff && frag) --- frag->fr_flags |= PFFRAG_SEENLAST; --+ if (!mff && *frag != NULL) --+ (*frag)->fr_flags |= PFFRAG_SEENLAST; -- -- m_freem(m); -- return (NULL); --@@ -961,15 +965,15 @@ -- drop_fragment: -- -- /* Still need to pay attention to !IP_MF */ --- if (!mff && frag) --- frag->fr_flags |= PFFRAG_SEENLAST; --+ if (!mff && *frag != NULL) --+ (*frag)->fr_flags |= PFFRAG_SEENLAST; -- -- if (drop) { -- /* This fragment has been deemed bad. Don't reass */ --- if ((frag->fr_flags & PFFRAG_DROP) == 0) --+ if (((*frag)->fr_flags & PFFRAG_DROP) == 0) -- DPFPRINTF(("fragcache[%d]: dropping overall fragment\n", -- h->ip_id)); --- frag->fr_flags |= PFFRAG_DROP; --+ (*frag)->fr_flags |= PFFRAG_DROP; -- } -- -- m_freem(m); --@@ -1085,12 +1089,12 @@ -- -- /* Might return a completely reassembled mbuf, or NULL */ -- DPFPRINTF(("reass frag %d @ %d-%d\n", h->ip_id, fragoff, max)); --- *m0 = m = pf_reassemble(m0, frag, frent, mff); --+ *m0 = m = pf_reassemble(m0, &frag, frent, mff); -- -- if (m == NULL) -- return (PF_DROP); -- --- if (frag && (frag->fr_flags & PFFRAG_DROP)) --+ if (frag != NULL && (frag->fr_flags & PFFRAG_DROP)) -- goto drop; -- -- h = mtod(m, struct ip *); --@@ -1119,7 +1123,7 @@ -- goto bad; -- } -- --- *m0 = m = pf_fragcache(m0, h, frag, mff, --+ *m0 = m = pf_fragcache(m0, h, &frag, mff, -- (r->rule_flag & PFRULE_FRAGDROP) ? 1 : 0, &nomem); -- if (m == NULL) { -- if (nomem) --@@ -1135,7 +1139,7 @@ -- goto no_mem; -- m_tag_prepend(m, mtag); -- } --- if (frag && (frag->fr_flags & PFFRAG_DROP)) --+ if (frag != NULL && (frag->fr_flags & PFFRAG_DROP)) -- goto drop; -- goto fragment_pass; -- } -diff -ruN /usr/ports/security/pf/files/pf.conf.default pf/files/pf.conf.default ---- /usr/ports/security/pf/files/pf.conf.default Fri Jun 13 03:09:29 2003 -+++ pf/files/pf.conf.default Sat Sep 27 09:51:28 2003 -@@ -1,4 +1,4 @@ --# $OpenBSD: pf.conf,v 1.19 2003/03/24 01:47:28 ian Exp $ -+# $OpenBSD: pf.conf,v 1.21 2003/09/02 20:38:44 david Exp $ - # - # See pf.conf(5) and /usr/share/pf for syntax and examples. - # Required order: options, normalization, queueing, translation, filtering. -@@ -15,17 +15,19 @@ - #table <foo> { 10.0.0.0/8, !10.1.0.0/16, 192.168.0.0/24, 192.168.1.18 } - - # Options: tune the behavior of pf, default values are given. --#set timeout { interval 30, frag 10 } -+#set timeout { interval 10, frag 30 } - #set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } - #set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 } - #set timeout { udp.first 60, udp.single 30, udp.multiple 60 } - #set timeout { icmp.first 20, icmp.error 10 } - #set timeout { other.first 60, other.single 30, other.multiple 60 } -+#set timeout { adaptive.start 0, adaptive.end 0 } - #set limit { states 10000, frags 5000 } - #set loginterface none - #set optimization normal - #set block-policy drop - #set require-order yes -+#set fingerprints "/etc/pf.os" - - # Normalization: reassemble fragments and resolve or reduce traffic ambiguities. - #scrub in all -diff -ruN /usr/ports/security/pf/files/pf.os.default pf/files/pf.os.default ---- /usr/ports/security/pf/files/pf.os.default Thu Jan 1 01:00:00 1970 -+++ pf/files/pf.os.default Sat Sep 27 09:50:08 2003 -@@ -0,0 +1,551 @@ -+# $OpenBSD: pf.os,v 1.10 2003/09/06 01:37:07 frantzen Exp $ -+# passive OS fingerprinting -+# ------------------------- -+# -+# SYN signatures. Those signatures work for SYN packets only (duh!). -+# -+# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx> -+# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org> -+# -+# Permission to use, copy, modify, and distribute this software for any -+# purpose with or without fee is hereby granted, provided that the above -+# copyright notice and this permission notice appear in all copies. -+# -+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+# -+# -+# This fingerprint database is adapted from Michal Zalewski's p0f passive -+# operating system package. -+# -+# -+# Each line in this file specifies a single fingerprint. Please read the -+# information below carefully before attempting to append any signatures -+# reported as UNKNOWN to this file to avoid mistakes. -+# -+# We use the following set metrics for fingerprinting: -+# -+# - Window size (WSS) - a highly OS dependent setting used for TCP/IP -+# performance control (max. amount of data to be sent without ACK). -+# Some systems use a fixed value for initial packets. On other -+# systems, it is a multiple of MSS or MTU (MSS+40). In some rare -+# cases, the value is just arbitrary. -+# -+# NEW SIGNATURE: if p0f reported a special value of 'Snn', the number -+# appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn' -+# means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the -+# value of nn is not fixed (unlikely), just copy the Snn or Tnn token -+# literally. If you know this device has a simple stack and a fixed -+# MTU, you can however multiply S value by MSS, or T value by MSS+40, -+# and put it instead of Snn or Tnn. -+# -+# If WSS otherwise looks like a fixed value (for example a multiple -+# of two), or if you can confirm the value is fixed, please quote -+# it literally. If there's no apparent pattern in WSS chosen, you -+# should consider wildcarding this value. -+# -+# - Overall packet size - a function of all IP and TCP options and bugs. -+# -+# NEW SIGNATURE: Copy this value literally. -+# -+# - Initial TTL - We check the actual TTL of a received packet. It can't -+# be higher than the initial TTL, and also shouldn't be dramatically -+# lower (maximum distance is defined as 40 hops). -+# -+# NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally. -+# You need to determine the initial TTL. The best way to do it is to -+# check the documentation for a remote system, or check its settings. -+# A fairly good method is to simply round the observed TTL up to -+# 32, 64, 128, or 255, but it should be noted that some obscure devices -+# might not use round TTLs (in particular, some shoddy appliances use -+# "original" initial TTL settings). If not sure, you can see how many -+# hops you're away from the remote party with traceroute or mtr. -+# -+# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU -+# discovery. Others do not bother. -+# -+# NEW SIGNATURE: Copy this value literally. -+# -+# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f -+# uses it to determine link type of the remote host. -+# -+# NEW SIGNATURE: Always wildcard this value, except for rare cases when -+# you have an appliance with a fixed value, know the system supports only -+# a very limited number of network interface types, or know the system -+# is using a value it pulled out of nowhere. Specific unique MSS -+# can be used to tell Google crawlbots from the rest of the population. -+# -+# - Window scaling (WSCALE) - this feature is used to scale WSS. -+# It extends the size of a TCP/IP window to 32 bits. Some modern -+# systems implement this feature. -+# -+# NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set -+# to zero or other low value. There's usually no need to wildcard this -+# parameter. -+# -+# - Timestamp - some systems that implement timestamps set them to -+# zero in the initial SYN. This case is detected and handled appropriately. -+# -+# - Selective ACK permitted - a flag set by systems that implement -+# selective ACK functionality. -+# -+# - The sequence of TCP all options (MSS, window scaling, selective ACK -+# permitted, timestamp, NOP). Other than the options previously -+# discussed, p0f also checks for timestamp option (a silly -+# extension to broadcast your uptime ;-), NOP options (used for -+# header padding) and sackOK option (selective ACK feature). -+# -+# NEW SIGNATURE: Copy the sequence literally. -+# -+# To wildcard any value (except for initial TTL or TCP options), replace -+# it with '*'. You can also use a modulo operator to match any values -+# that divide by nnn - '%nnn'. -+# -+# Fingerprint entry format: -+# -+# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details -+# -+# wwww - window size (can be *, %nnn, Snn or Tnn). The special values -+# "S" and "T" which are a multiple of MSS or a multiple of MTU -+# respectively. -+# ttt - initial TTL -+# D - don't fragment bit (0 - not set, 1 - set) -+# ss - overall SYN packet size -+# OOO - option value and order specification (see below) -+# OS - OS genre (Linux, Solaris, Windows) -+# Version - OS Version (2.0.27 on x86, etc) -+# Subtype - OS subtype or patchlevel (SP3, lo0) -+# details - Generic OS details -+# -+# If OS genre starts with '*', p0f will not show distance, link type -+# and timestamp data. It is useful for userland TCP/IP stacks of -+# network scanners and so on, where many settings are randomized or -+# bogus. -+# -+# If OS genre starts with @, it denotes an approximate hit for a group -+# of operating systems (signature reporting still enabled in this case). -+# Use this feature at the end of this file to catch cases for which -+# you don't have a precise match, but can tell it's Windows or FreeBSD -+# or whatnot by looking at, say, flag layout alone. -+# -+# Option block description is a list of comma or space separated -+# options in the order they appear in the packet: -+# -+# N - NOP option -+# Wnnn - window scaling option, value nnn (or * or %nnn) -+# Mnnn - maximum segment size option, value nnn (or * or %nnn) -+# S - selective ACK OK -+# T - timestamp -+# T0 - timestamp with a zero value -+# -+# To denote no TCP options, use a single '.'. -+# -+# Please report any additions to this file, or any inaccuracies or -+# problems spotted, to the maintainers: lcamtuf@coredump.cx, -+# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet -+# capture of the relevant SYN packet(s) -+# -+# WARNING WARNING WARNING -+# ----------------------- -+# -+# Do not add a system X as OS Y just because NMAP says so. It is often -+# the case that X is a NAT firewall. While nmap is talking to the -+# device itself, p0f is fingerprinting the guy behind the firewall -+# instead. -+# -+# When in doubt, use common sense, don't add something that looks like -+# a completely different system as Linux or FreeBSD or LinkSys router. -+# Check DNS name, establish a connection to the remote host and look -+# at SYN+ACK - does it look similar? -+# -+# Some users tweak their TCP/IP settings - enable or disable RFC1323 -+# functionality, enable or disable timestamps or selective ACK, -+# disable PMTU discovery, change MTU and so on. Always compare a new rule -+# to other fingerprints for this system, and verify the system isn't -+# "customized" before adding it. It is OK to add signature variants -+# caused by a commonly used software (personal firewalls, security -+# packages, etc), but it makes no sense to try to add every single -+# possible /proc/sys/net/ipv4 tweak on Linux or so. -+# -+# KEEP IN MIND: Some packet firewalls configured to normalize outgoing -+# traffic (OpenBSD pf with "scrub" enabled, for example) will, well, -+# normalize packets. Signatures will not correspond to the originating -+# system (and probably not quite to the firewall either). -+# -+# NOTE: Try to keep this file in some reasonable order, from most to -+# least likely systems. This will speed up operation. Also keep most -+# generic and broad rules near the end. -+# -+ -+########################## -+# Standard OS signatures # -+########################## -+ -+# ----------------- AIX --------------------- -+ -+# AIX is first because its signatures are close to NetBSD, MacOS X and -+# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes... -+# This is a shoddy hack, though. -+ -+16384:64:0:44:M512: AIX:4.3:2-3:AIX 4.3.2 and earlier -+ -+16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 -+16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 -+32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 -+32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 -+65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 -+65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 -+65535:64:0:64:M*,N,W1,N,N,T,N,N,S: AIX:5.3:ML1:AIX 5.3 ML1 -+ -+# ----------------- Linux ------------------- -+ -+512:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x -+16384:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x -+ -+# Endian snafu! Nelson says "ha-ha": -+2:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac -+64:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac -+ -+ -+S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot) -+ -+S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy) -+S3:64:1:60:M*,S,T,N,W0: Linux:2.4:18-21:Linux 2.4.18 and newer -+S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 -+S4:64:1:60:M*,S,T,N,W0: Linux:2.6::Linux 2.4/2.6 -+ -+S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5 -+S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6 -+ -+S20:64:1:60:M*,S,T,N,W0: Linux:2.2:20-25:Linux 2.2.20 and newer -+S22:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2 -+S11:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2 -+ -+# Popular cluster config scripts disable timestamps and -+# selective ACK: -+S4:64:1:48:M1460,N,W0: Linux:2.4:cluster:Linux 2.4 in cluster -+ -+# This needs to be investigated. On some systems, WSS -+# is selected as a multiple of MTU instead of MSS. I got -+# many submissions for this for many late versions of 2.4: -+T4:64:1:60:M1412,S,T,N,W0: Linux:2.4::Linux 2.4 (late, uncommon) -+ -+# This happens only over loopback, but let's make folks happy: -+32767:64:1:60:M16396,S,T,N,W0: Linux:2.4:lo0:Linux 2.4 (local) -+S8:64:1:60:M3884,S,T,N,W0: Linux:2.2:lo0:Linux 2.2 (local) -+ -+# Opera visitors: -+16384:64:1:60:M*,S,T,N,W0: Linux:2.2:Opera:Linux 2.2 (Opera?) -+32767:64:1:60:M*,S,T,N,W0: Linux:2.4:Opera:Linux 2.4 (Opera?) -+ -+# Some fairly common mods: -+S4:64:1:52:M*,N,N,S,N,W0: Linux:2.4:ts:Linux 2.4 w/o timestamps -+S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps -+ -+ -+# ----------------- FreeBSD ----------------- -+ -+16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.1 -+16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.1 -+16384:64:1:44:M*: FreeBSD:4.0-4.1::FreeBSD 2.0-4.1 -+16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 -+ -+1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 -+ -+57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323) -+57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.8::FreeBSD 4.6-4.8 -+ -+32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X) -+32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X) -+65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X) -+65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X) -+65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.9::FreeBSD 4.7-5.1 -+65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.7-5.1 -+ -+# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps) -+ -+# ----------------- NetBSD ------------------ -+ -+65535:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6:opera:NetBSD 1.6 (Opera) -+16384:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6 -+16384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF) -+16384:64:0:60:M*,N,W0,N,N,T: NetBSD:1.3::NetBSD 1.3 -+65535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF) -+ -+# ----------------- OpenBSD ----------------- -+ -+16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6) -+16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4::OpenBSD 3.0-3.4 -+16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4:no-df:OpenBSD 3.0-3.4 (scrub no-df) -+57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.4::OpenBSD 3.3-3.4 -+57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.4:no-df:OpenBSD 3.3-3.4 (scrub no-df) -+ -+65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4:opera:OpenBSD 3.0-3.4 (Opera) -+ -+# ----------------- Solaris ----------------- -+ -+S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323 -+S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8 -+S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7 -+ -+S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7 -+S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1 -+S34:64:1:48:M*,N,N,S: Solaris:2.9::Solaris 9 -+S44:255:1:44:M*: Solaris:2.7::Solaris 7 -+ -+# ----------------- IRIX -------------------- -+ -+49152:64:0:44:M*: IRIX:6.4::IRIX 6.4 -+61440:64:0:44:M*: IRIX:6.2-6.5::IRIX 6.2-6.5 -+49152:64:0:52:M*,N,W2,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323) -+49152:64:0:52:M*,N,W3,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323) -+ -+61440:64:0:48:M*,N,N,S: IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21 -+49152:64:0:48:M*,N,N,S: IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21 -+ -+# ----------------- Tru64 ------------------- -+ -+32768:64:1:48:M*,N,W0: Tru64:4.0::Tru64 4.0 -+32768:64:0:48:M*,N,W0: Tru64:5.0::Tru64 5.0 -+8192:64:0:44:M1460: Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6) -+ -+# This looks awfully Linuxish :/ -+# S22:64:0:60:M*,S,T,N,W0: Tru64:5.0:a:Tru64 5.0a -+ -+61440:64:0:48:M*,N,W0: Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack) -+ -+ -+# ----------------- OpenVMS ----------------- -+ -+6144:64:1:60:M*,N,W0,N,N,T: OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack) -+ -+# ----------------- MacOS ------------------- -+ -+16616:255:1:48:M*,W0: MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP) -+16616:255:1:48:M*,W0: MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP) -+32768:255:1:48:M*,W0,N: MacOS:9.1-9.2::MacOS 9.1/9.2 -+32768:64:0:60:M*,N,W0,N,N,T: MacOS:X:10.2:MacOS X 10.2 -+ -+# ----------------- Windows ----------------- -+ -+# Windows 95 - need more: -+ -+8192:32:1:44:M*: Windows:95::Windows 95 (low TTL) -+ -+# Windows 98 - plenty of silly signatures: -+S44:32:1:48:M*,N,N,S: Windows:98::Windows 98 (low TTL) -+8192:32:1:48:M*,N,N,S: Windows:98::Windows 98 (low TTL) -+ -+%8192:64:1:48:M*,N,N,S: Windows:98::Windows 98 (or newer XP/2000 with tweaked TTL) -+S4:64:1:48:M*,N,N,S: Windows:98::Windows 98 -+S6:64:1:48:M*,N,N,S: Windows:98::Windows 98 -+S12:64:1:48:M*,N,N,S: Windows:98::Windows 98 -+32767:64:1:48:M*,N,N,S: Windows:98::Windows 98 -+37300:64:1:48:M*,N,N,S: Windows:98::Windows 98 -+46080:64:1:52:M*,N,W3,N,N,S: Windows:98:RFC1323:Windows 98 (RFC1323) -+65535:64:1:44:M*: Windows:98:noSACK:Windows 98 (no sack) -+ -+S16:128:1:48:M*,N,N,S: Windows:98::Windows 98 -+S16:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98 -+S26:128:1:48:M*,N,N,S: Windows:98::Windows 98 -+T30:128:1:48:M*,N,N,S: Windows:98::Windows 98 -+32767:128:1:52:M*,N,W0,N,N,S: Windows:98::Windows 98 -+60352:128:1:48:M*,N,N,S: Windows:98::Windows 98 -+60352:128:1:64:M*,N,W2,N,N,T0,N,N,S: Windows:98::Windows 98 -+ -+# Windows NT 4.0 - need more: -+ -+64512:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a -+8192:128:1:44:M*: Windows:NT:4.0:Windows NT 4.0 (older) -+6144:128:1:52:M*,W0,N,S,N,N: Windows:NT:4.0:Windows NT 4.0 (RFC1323) -+ -+# Windows XP and 2000. Most of the signatures that were -+# either dubious or non-specific (no service pack data) -+# were deleted and replaced with generics at the end. -+ -+65535:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1 -+%8192:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1 -+S45:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4 -+S6:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows XP SP1, 2000 SP4 -+S44:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows XP Pro SP1, 2000 SP3 -+ -+S6:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1, 2000 SP4 -+S44:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP Pro SP1, 2000 SP3 -+64512:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1 -+32767:128:1:48:M1452,N,N,S: Windows:XP:SP1:Windows XP SP1 -+65535:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1 -+%8192:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1 -+ -+# Odds, ends, mods: -+ -+S52:128:1:48:M1260,N,N,S: Windows:XP:Cisco:Windows XP/2000 via Cisco -+S52:128:1:48:M1260,N,N,S: Windows:2000:Cisco:Windows XP/2000 via Cisco -+ -+# HUNT DOWN: -+# *:128:1:48:M*,N,N,S:U:@Windows:XP (leak) (PLEASE REPORT) -+ -+# ----------------- HP/UX ------------------- -+ -+32768:64:1:44:M*: HP-UX:B.10.20::HP-UX B.10.20 -+32768:64:0:48:M*,W0,N: HP-UX:11.0::HP-UX 11.0 -+32768:64:1:48:M*,W0,N: HP-UX:11.10::HP-UX 11.0 or 11.11 -+32768:64:1:48:M*,W0,N: HP-UX:11.11::HP-UX 11.0 or 11.11 -+ -+# Whoa. Hardcore WSS. -+0:64:0:48:M*,W0,N: HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323) -+ -+ -+# ----------------- RiscOS ------------------ -+ -+# We don't yet support the ?12 TCP option -+#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12: RISCOS:3.70-4.36::RISC OS 3.70-4.36 -+ -+# ----------------- BSD/OS ------------------ -+ -+# Once again, power of two WSS is also shared by MacOS X with DF set -+8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF) -+8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2) -+ -+ -+# ---------------- NewtonOS ----------------- -+ -+4096:64:0:44:M1420: NewtonOS:2.1::NewtonOS 2.1 -+ -+# ---------------- NeXTSTEP ----------------- -+ -+S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3 -+ -+# ------------------ BeOS ------------------- -+ -+1024:255:0:48:M*,N,W0: BeOS:5.0-5.1::BeOS 5.0-5.1 -+12288:255:0:44:M1402: BeOS:5.0::BeOS 5.0.x -+ -+# ------------------ OS/400 ----------------- -+ -+8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4::OS/400 VR4/R5 -+8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR5::OS/400 VR4/R5 -+4096:64:1:60:M1440,N,W0,N,N,T: OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032 -+ -+ -+# ------------------ ULTRIX ----------------- -+ -+16384:64:0:40:.: ULTRIX:4.5::ULTRIX 4.5 -+ -+# ------------------- QNX ------------------- -+ -+S16:64:0:44:M512: QNX:::QNX demodisk -+ -+# ------------------ Novell ----------------- -+ -+16384:128:1:44:M1460: Novell:NetWare:5.0:Novel Netware 5.0 -+6144:128:1:44:M1460: Novell:IntranetWare:4.11:Novell IntranetWare 4.11 -+ -+# ----------------- SCO ------------------ -+S17:64:1:44:M1460: SCO:Unixware:7.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06 -+S17:64:1:44:M1460: SCO:OpenServer:5.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06 -+S3:64:1:60:M1460,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1 -+ -+# ------------------- DOS ------------------- -+ -+2048:255:0:44:M536: DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05 -+ -+########################################### -+# Appliance / embedded / other signatures # -+########################################### -+ -+# ---------- Firewalls / routers ------------ -+ -+S12:64:1:44:M1460: @Checkpoint:::Checkpoint (unknown 1) -+S12:64:1:48:N,N,S,M1460: @Checkpoint:::Checkpoint (unknown 2) -+4096:32:0:44:M1460: ExtremeWare:4.x::ExtremeWare 4.x -+60352:64:0:52:M1460,N,W2,N,N,S: Clavister:7::Clavister firewall 7.x -+ -+# ------- Switches and other stuff ---------- -+ -+4128:255:0:44:M*: Cisco:::Cisco Catalyst 3500, 7500 etc -+S8:255:0:44:M*: Cisco:12008::Cisco 12008 -+60352:128:1:64:M1460,N,W2,N,N,T,N,N,S: Alteon:ACEswitch::Alteon ACEswitch -+64512:128:1:44:M1370: Nortel:Contivity Client::Nortel Conectivity Client -+ -+ -+# ---------- Caches and whatnots ------------ -+ -+S4:64:1:52:M1460,N,N,S,N,W0: AOL:web cache::AOL web cache -+ -+32850:64:1:64:N,W1,N,N,T,N,N,S,M*: NetApp:5.x::NetApp Data OnTap 5.x -+16384:64:1:64:M1460,N,N,S,N,W0,N: NetApp:5.3:1:NetApp 5.3.1 -+65535:64:0:64:M1460,N,N,S,N,W3,N,N,T: NetApp:5.3:1:NetApp 5.3.1 -+65535:64:0:60:M1460,N,W0,N,N,T: NetApp:CacheFlow::NetApp CacheFlow -+8192:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:5.2:1:NetApp NetCache 5.2.1 -+ -+S4:64:0:48:M1460,N,N,S: Cisco:Content Engine::Cisco Content Engine -+ -+27085:128:0:40:.: Dell:PowerApp cache::Dell PowerApp (Linux-based) -+ -+65535:255:1:48:N,W1,M1460: Inktomi:crawler::Inktomi crawler -+S1:255:1:60:M1460,S,T,N,W0: LookSmart:ZyBorg::LookSmart ZyBorg -+ -+ -+16384:255:0:40:.: Proxyblocker:::Proxyblocker (what's this?) -+ -+# ----------- Embedded systems -------------- -+ -+S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C -+S5:255:0:44:M536: PalmOS:3::PalmOS 3/4 -+S5:255:0:44:M536: PalmOS:4::PalmOS 3/4 -+S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5 -+2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera) -+ -+S23:64:1:64:N,W1,N,N,T,N,N,S,M1460: SymbianOS:7::SymbianOS 7 -+8192:255:0:44:M1460: SymbianOS:6048::SymbianOS 6048 (on Nokia 7650?) -+8192:255:0:44:M536: SymbianOS:::SymbianOS (on Nokia 9210?) -+ -+ -+# Perhaps S4? -+5840:64:1:60:M1452,S,T,N,W1: Zaurus:3.10::Zaurus 3.10 -+ -+32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S: PocketPC:2002::PocketPC 2002 -+ -+S1:255:0:44:M346: Contiki:1.1:rc0:Contiki 1.1-rc0 -+ -+4096:128:0:44:M1460: Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0 -+ -+S12:64:0:44:M1452: AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64 -+ -+ -+ -+#################### -+# Fancy signatures # -+#################### -+ -+1024:64:0:40:.: *NMAP:syn scan:1:NMAP syn scan (1) -+2048:64:0:40:.: *NMAP:syn scan:2:NMAP syn scan (2) -+3072:64:0:40:.: *NMAP:syn scan:3:NMAP syn scan (3) -+4096:64:0:40:.: *NMAP:syn scan:4:NMAP syn scan (4) -+ -+1024:64:0:60:W10,N,M265,T: *NMAP:OS:1:NMAP OS detection probe (1) -+2048:64:0:60:W10,N,M265,T: *NMAP:OS:2:NMAP OS detection probe (2) -+3072:64:0:60:W10,N,M265,T: *NMAP:OS:3:NMAP OS detection probe (3) -+4096:64:0:60:W10,N,M265,T: *NMAP:OS:4:NMAP OS detection probe (4) -+ -+##################################### -+# Generic signatures - just in case # -+##################################### -+ -+#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:4.0-4.9::FreeBSD 4.x/5.x -+#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:5.0-5.1::FreeBSD 4.x/5.x -+ -+*:128:1:52:M*,N,W0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp) -+*:128:1:52:M*,N,W0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp) -+*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323) -+*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323) -+*:128:1:64:M*,N,W*,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP (RFC1323, w+) -+*:128:1:48:M*,N,N,S: @Windows:XP::Windows XP/2000 -+*:128:1:48:M*,N,N,S: @Windows:2000::Windows XP/2000 -+ -+ -diff -ruN /usr/ports/security/pf/pkg-plist pf/pkg-plist ---- /usr/ports/security/pf/pkg-plist Fri Jun 13 03:09:29 2003 -+++ pf/pkg-plist Sat Sep 27 14:34:16 2003 -@@ -9,14 +9,26 @@ - sbin/pfctl - sbin/pflogd - sbin/pftcpdump --sbin/pftop - - etc/rc.d/pf.sh.sample - etc/pf.conf.default -+etc/pf.os - - include/pf/net/pfvar.h - include/pf/net/if_pflog.h - include/pf/net/if_pfsync.h -+%%WITH_ALTQ%%include/pf/altq/altq.h -+%%WITH_ALTQ%%include/pf/altq/altq_cbq.h -+%%WITH_ALTQ%%include/pf/altq/altq_cdnr.h -+%%WITH_ALTQ%%include/pf/altq/altq_classq.h -+%%WITH_ALTQ%%include/pf/altq/altq_hfsc.h -+%%WITH_ALTQ%%include/pf/altq/altq_priq.h -+%%WITH_ALTQ%%include/pf/altq/altq_red.h -+%%WITH_ALTQ%%include/pf/altq/altq_rio.h -+%%WITH_ALTQ%%include/pf/altq/altq_rmclass.h -+%%WITH_ALTQ%%include/pf/altq/altq_rmclass_debug.h -+%%WITH_ALTQ%%include/pf/altq/altq_var.h -+%%WITH_ALTQ%%include/pf/altq/if_altq.h - - @dirrm modules - @dirrm include/pf/net |
