1 /*-
2 * Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 *
16 * $OpenBSD: pf_osfp.c,v 1.14 2008/06/12 18:17:01 henning Exp $
17 */
18
19 #include <sys/cdefs.h>
20 __FBSDID("$FreeBSD: stable/10/sys/netpfil/pf/pf_osfp.c 315028 2017-03-10 20:38:18Z vangyzen $");
21
22 #include "opt_inet6.h"
23
24 #include <sys/param.h>
25 #include <sys/kernel.h>
26 #include <sys/socket.h>
27
28 #include <netinet/in.h>
29 #include <netinet/ip.h>
30 #include <netinet/tcp.h>
31
32 #include <net/if.h>
33 #include <net/pfvar.h>
34
35 #ifdef INET6
36 #include <netinet/ip6.h>
37 #include <netinet6/in6_var.h>
38 #endif
39
40 static MALLOC_DEFINE(M_PFOSFP, "pf_osfp", "pf(4) operating system fingerprints");
41 #define DPFPRINTF(format, x...) \
42 if (V_pf_status.debug >= PF_DEBUG_NOISY) \
43 printf(format , ##x)
44
45 SLIST_HEAD(pf_osfp_list, pf_os_fingerprint);
46 static VNET_DEFINE(struct pf_osfp_list, pf_osfp_list) =
47 SLIST_HEAD_INITIALIZER();
48 #define V_pf_osfp_list VNET(pf_osfp_list)
49
50 static struct pf_osfp_enlist *pf_osfp_fingerprint_hdr(const struct ip *,
51 const struct ip6_hdr *,
52 const struct tcphdr *);
53 static struct pf_os_fingerprint *pf_osfp_find(struct pf_osfp_list *,
54 struct pf_os_fingerprint *, u_int8_t);
55 static struct pf_os_fingerprint *pf_osfp_find_exact(struct pf_osfp_list *,
56 struct pf_os_fingerprint *);
57 static void pf_osfp_insert(struct pf_osfp_list *,
58 struct pf_os_fingerprint *);
59 #ifdef PFDEBUG
60 static struct pf_os_fingerprint *pf_osfp_validate(void);
61 #endif
62
63 /*
64 * Passively fingerprint the OS of the host (IPv4 TCP SYN packets only)
65 * Returns the list of possible OSes.
66 */
67 struct pf_osfp_enlist *
pf_osfp_fingerprint(struct pf_pdesc * pd,struct mbuf * m,int off,const struct tcphdr * tcp)68 pf_osfp_fingerprint(struct pf_pdesc *pd, struct mbuf *m, int off,
69 const struct tcphdr *tcp)
70 {
71 struct ip *ip;
72 struct ip6_hdr *ip6;
73 char hdr[60];
74
75 if ((pd->af != PF_INET && pd->af != PF_INET6) ||
76 pd->proto != IPPROTO_TCP || (tcp->th_off << 2) < sizeof(*tcp))
77 return (NULL);
78
79 if (pd->af == PF_INET) {
80 ip = mtod(m, struct ip *);
81 ip6 = (struct ip6_hdr *)NULL;
82 } else {
83 ip = (struct ip *)NULL;
84 ip6 = mtod(m, struct ip6_hdr *);
85 }
86 if (!pf_pull_hdr(m, off, hdr, tcp->th_off << 2, NULL, NULL,
87 pd->af)) return (NULL);
88
89 return (pf_osfp_fingerprint_hdr(ip, ip6, (struct tcphdr *)hdr));
90 }
91
92 static struct pf_osfp_enlist *
pf_osfp_fingerprint_hdr(const struct ip * ip,const struct ip6_hdr * ip6,const struct tcphdr * tcp)93 pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const struct tcphdr *tcp)
94 {
95 struct pf_os_fingerprint fp, *fpresult;
96 int cnt, optlen = 0;
97 const u_int8_t *optp;
98 #ifdef INET6
99 char srcname[INET6_ADDRSTRLEN];
100 #else
101 char srcname[INET_ADDRSTRLEN];
102 #endif
103
104 if ((tcp->th_flags & (TH_SYN|TH_ACK)) != TH_SYN)
105 return (NULL);
106 if (ip) {
107 if ((ip->ip_off & htons(IP_OFFMASK)) != 0)
108 return (NULL);
109 }
110
111 memset(&fp, 0, sizeof(fp));
112
113 if (ip) {
114 fp.fp_psize = ntohs(ip->ip_len);
115 fp.fp_ttl = ip->ip_ttl;
116 if (ip->ip_off & htons(IP_DF))
117 fp.fp_flags |= PF_OSFP_DF;
118 inet_ntoa_r(ip->ip_src, srcname);
119 }
120 #ifdef INET6
121 else if (ip6) {
122 /* jumbo payload? */
123 fp.fp_psize = sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen);
124 fp.fp_ttl = ip6->ip6_hlim;
125 fp.fp_flags |= PF_OSFP_DF;
126 fp.fp_flags |= PF_OSFP_INET6;
127 ip6_sprintf(srcname, (const struct in6_addr *)&ip6->ip6_src);
128 }
129 #endif
130 else
131 return (NULL);
132 fp.fp_wsize = ntohs(tcp->th_win);
133
134
135 cnt = (tcp->th_off << 2) - sizeof(*tcp);
136 optp = (const u_int8_t *)((const char *)tcp + sizeof(*tcp));
137 for (; cnt > 0; cnt -= optlen, optp += optlen) {
138 if (*optp == TCPOPT_EOL)
139 break;
140
141 fp.fp_optcnt++;
142 if (*optp == TCPOPT_NOP) {
143 fp.fp_tcpopts = (fp.fp_tcpopts << PF_OSFP_TCPOPT_BITS) |
144 PF_OSFP_TCPOPT_NOP;
145 optlen = 1;
146 } else {
147 if (cnt < 2)
148 return (NULL);
149 optlen = optp[1];
150 if (optlen > cnt || optlen < 2)
151 return (NULL);
152 switch (*optp) {
153 case TCPOPT_MAXSEG:
154 if (optlen >= TCPOLEN_MAXSEG)
155 memcpy(&fp.fp_mss, &optp[2],
156 sizeof(fp.fp_mss));
157 fp.fp_tcpopts = (fp.fp_tcpopts <<
158 PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_MSS;
159 NTOHS(fp.fp_mss);
160 break;
161 case TCPOPT_WINDOW:
162 if (optlen >= TCPOLEN_WINDOW)
163 memcpy(&fp.fp_wscale, &optp[2],
164 sizeof(fp.fp_wscale));
165 NTOHS(fp.fp_wscale);
166 fp.fp_tcpopts = (fp.fp_tcpopts <<
167 PF_OSFP_TCPOPT_BITS) |
168 PF_OSFP_TCPOPT_WSCALE;
169 break;
170 case TCPOPT_SACK_PERMITTED:
171 fp.fp_tcpopts = (fp.fp_tcpopts <<
172 PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_SACK;
173 break;
174 case TCPOPT_TIMESTAMP:
175 if (optlen >= TCPOLEN_TIMESTAMP) {
176 u_int32_t ts;
177 memcpy(&ts, &optp[2], sizeof(ts));
178 if (ts == 0)
179 fp.fp_flags |= PF_OSFP_TS0;
180
181 }
182 fp.fp_tcpopts = (fp.fp_tcpopts <<
183 PF_OSFP_TCPOPT_BITS) | PF_OSFP_TCPOPT_TS;
184 break;
185 default:
186 return (NULL);
187 }
188 }
189 optlen = MAX(optlen, 1); /* paranoia */
190 }
191
192 DPFPRINTF("fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) "
193 "(TS=%s,M=%s%d,W=%s%d)\n",
194 srcname, ntohs(tcp->th_sport),
195 fp.fp_wsize, fp.fp_ttl, (fp.fp_flags & PF_OSFP_DF) != 0,
196 fp.fp_psize, (long long int)fp.fp_tcpopts, fp.fp_optcnt,
197 (fp.fp_flags & PF_OSFP_TS0) ? "0" : "",
198 (fp.fp_flags & PF_OSFP_MSS_MOD) ? "%" :
199 (fp.fp_flags & PF_OSFP_MSS_DC) ? "*" : "",
200 fp.fp_mss,
201 (fp.fp_flags & PF_OSFP_WSCALE_MOD) ? "%" :
202 (fp.fp_flags & PF_OSFP_WSCALE_DC) ? "*" : "",
203 fp.fp_wscale);
204
205 if ((fpresult = pf_osfp_find(&V_pf_osfp_list, &fp,
206 PF_OSFP_MAXTTL_OFFSET)))
207 return (&fpresult->fp_oses);
208 return (NULL);
209 }
210
211 /* Match a fingerprint ID against a list of OSes */
212 int
pf_osfp_match(struct pf_osfp_enlist * list,pf_osfp_t os)213 pf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os)
214 {
215 struct pf_osfp_entry *entry;
216 int os_class, os_version, os_subtype;
217 int en_class, en_version, en_subtype;
218
219 if (os == PF_OSFP_ANY)
220 return (1);
221 if (list == NULL) {
222 DPFPRINTF("osfp no match against %x\n", os);
223 return (os == PF_OSFP_UNKNOWN);
224 }
225 PF_OSFP_UNPACK(os, os_class, os_version, os_subtype);
226 SLIST_FOREACH(entry, list, fp_entry) {
227 PF_OSFP_UNPACK(entry->fp_os, en_class, en_version, en_subtype);
228 if ((os_class == PF_OSFP_ANY || en_class == os_class) &&
229 (os_version == PF_OSFP_ANY || en_version == os_version) &&
230 (os_subtype == PF_OSFP_ANY || en_subtype == os_subtype)) {
231 DPFPRINTF("osfp matched %s %s %s %x==%x\n",
232 entry->fp_class_nm, entry->fp_version_nm,
233 entry->fp_subtype_nm, os, entry->fp_os);
234 return (1);
235 }
236 }
237 DPFPRINTF("fingerprint 0x%x didn't match\n", os);
238 return (0);
239 }
240
241 /* Flush the fingerprint list */
242 void
pf_osfp_flush(void)243 pf_osfp_flush(void)
244 {
245 struct pf_os_fingerprint *fp;
246 struct pf_osfp_entry *entry;
247
248 while ((fp = SLIST_FIRST(&V_pf_osfp_list))) {
249 SLIST_REMOVE_HEAD(&V_pf_osfp_list, fp_next);
250 while ((entry = SLIST_FIRST(&fp->fp_oses))) {
251 SLIST_REMOVE_HEAD(&fp->fp_oses, fp_entry);
252 free(entry, M_PFOSFP);
253 }
254 free(fp, M_PFOSFP);
255 }
256 }
257
258
259 /* Add a fingerprint */
260 int
pf_osfp_add(struct pf_osfp_ioctl * fpioc)261 pf_osfp_add(struct pf_osfp_ioctl *fpioc)
262 {
263 struct pf_os_fingerprint *fp, fpadd;
264 struct pf_osfp_entry *entry;
265
266 PF_RULES_WASSERT();
267
268 memset(&fpadd, 0, sizeof(fpadd));
269 fpadd.fp_tcpopts = fpioc->fp_tcpopts;
270 fpadd.fp_wsize = fpioc->fp_wsize;
271 fpadd.fp_psize = fpioc->fp_psize;
272 fpadd.fp_mss = fpioc->fp_mss;
273 fpadd.fp_flags = fpioc->fp_flags;
274 fpadd.fp_optcnt = fpioc->fp_optcnt;
275 fpadd.fp_wscale = fpioc->fp_wscale;
276 fpadd.fp_ttl = fpioc->fp_ttl;
277
278 #if 0 /* XXX RYAN wants to fix logging */
279 DPFPRINTF("adding osfp %s %s %s = %s%d:%d:%d:%s%d:0x%llx %d "
280 "(TS=%s,M=%s%d,W=%s%d) %x\n",
281 fpioc->fp_os.fp_class_nm, fpioc->fp_os.fp_version_nm,
282 fpioc->fp_os.fp_subtype_nm,
283 (fpadd.fp_flags & PF_OSFP_WSIZE_MOD) ? "%" :
284 (fpadd.fp_flags & PF_OSFP_WSIZE_MSS) ? "S" :
285 (fpadd.fp_flags & PF_OSFP_WSIZE_MTU) ? "T" :
286 (fpadd.fp_flags & PF_OSFP_WSIZE_DC) ? "*" : "",
287 fpadd.fp_wsize,
288 fpadd.fp_ttl,
289 (fpadd.fp_flags & PF_OSFP_DF) ? 1 : 0,
290 (fpadd.fp_flags & PF_OSFP_PSIZE_MOD) ? "%" :
291 (fpadd.fp_flags & PF_OSFP_PSIZE_DC) ? "*" : "",
292 fpadd.fp_psize,
293 (long long int)fpadd.fp_tcpopts, fpadd.fp_optcnt,
294 (fpadd.fp_flags & PF_OSFP_TS0) ? "0" : "",
295 (fpadd.fp_flags & PF_OSFP_MSS_MOD) ? "%" :
296 (fpadd.fp_flags & PF_OSFP_MSS_DC) ? "*" : "",
297 fpadd.fp_mss,
298 (fpadd.fp_flags & PF_OSFP_WSCALE_MOD) ? "%" :
299 (fpadd.fp_flags & PF_OSFP_WSCALE_DC) ? "*" : "",
300 fpadd.fp_wscale,
301 fpioc->fp_os.fp_os);
302 #endif
303
304 if ((fp = pf_osfp_find_exact(&V_pf_osfp_list, &fpadd))) {
305 SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) {
306 if (PF_OSFP_ENTRY_EQ(entry, &fpioc->fp_os))
307 return (EEXIST);
308 }
309 if ((entry = malloc(sizeof(*entry), M_PFOSFP, M_NOWAIT))
310 == NULL)
311 return (ENOMEM);
312 } else {
313 if ((fp = malloc(sizeof(*fp), M_PFOSFP, M_ZERO | M_NOWAIT))
314 == NULL)
315 return (ENOMEM);
316 fp->fp_tcpopts = fpioc->fp_tcpopts;
317 fp->fp_wsize = fpioc->fp_wsize;
318 fp->fp_psize = fpioc->fp_psize;
319 fp->fp_mss = fpioc->fp_mss;
320 fp->fp_flags = fpioc->fp_flags;
321 fp->fp_optcnt = fpioc->fp_optcnt;
322 fp->fp_wscale = fpioc->fp_wscale;
323 fp->fp_ttl = fpioc->fp_ttl;
324 SLIST_INIT(&fp->fp_oses);
325 if ((entry = malloc(sizeof(*entry), M_PFOSFP, M_NOWAIT))
326 == NULL) {
327 free(fp, M_PFOSFP);
328 return (ENOMEM);
329 }
330 pf_osfp_insert(&V_pf_osfp_list, fp);
331 }
332 memcpy(entry, &fpioc->fp_os, sizeof(*entry));
333
334 /* Make sure the strings are NUL terminated */
335 entry->fp_class_nm[sizeof(entry->fp_class_nm)-1] = '\0';
336 entry->fp_version_nm[sizeof(entry->fp_version_nm)-1] = '\0';
337 entry->fp_subtype_nm[sizeof(entry->fp_subtype_nm)-1] = '\0';
338
339 SLIST_INSERT_HEAD(&fp->fp_oses, entry, fp_entry);
340
341 #ifdef PFDEBUG
342 if ((fp = pf_osfp_validate()))
343 printf("Invalid fingerprint list\n");
344 #endif /* PFDEBUG */
345 return (0);
346 }
347
348
349 /* Find a fingerprint in the list */
350 static struct pf_os_fingerprint *
pf_osfp_find(struct pf_osfp_list * list,struct pf_os_fingerprint * find,u_int8_t ttldiff)351 pf_osfp_find(struct pf_osfp_list *list, struct pf_os_fingerprint *find,
352 u_int8_t ttldiff)
353 {
354 struct pf_os_fingerprint *f;
355
356 #define MATCH_INT(_MOD, _DC, _field) \
357 if ((f->fp_flags & _DC) == 0) { \
358 if ((f->fp_flags & _MOD) == 0) { \
359 if (f->_field != find->_field) \
360 continue; \
361 } else { \
362 if (f->_field == 0 || find->_field % f->_field) \
363 continue; \
364 } \
365 }
366
367 SLIST_FOREACH(f, list, fp_next) {
368 if (f->fp_tcpopts != find->fp_tcpopts ||
369 f->fp_optcnt != find->fp_optcnt ||
370 f->fp_ttl < find->fp_ttl ||
371 f->fp_ttl - find->fp_ttl > ttldiff ||
372 (f->fp_flags & (PF_OSFP_DF|PF_OSFP_TS0)) !=
373 (find->fp_flags & (PF_OSFP_DF|PF_OSFP_TS0)))
374 continue;
375
376 MATCH_INT(PF_OSFP_PSIZE_MOD, PF_OSFP_PSIZE_DC, fp_psize)
377 MATCH_INT(PF_OSFP_MSS_MOD, PF_OSFP_MSS_DC, fp_mss)
378 MATCH_INT(PF_OSFP_WSCALE_MOD, PF_OSFP_WSCALE_DC, fp_wscale)
379 if ((f->fp_flags & PF_OSFP_WSIZE_DC) == 0) {
380 if (f->fp_flags & PF_OSFP_WSIZE_MSS) {
381 if (find->fp_mss == 0)
382 continue;
383
384 /*
385 * Some "smart" NAT devices and DSL routers will tweak the MSS size and
386 * will set it to whatever is suitable for the link type.
387 */
388 #define SMART_MSS 1460
389 if ((find->fp_wsize % find->fp_mss ||
390 find->fp_wsize / find->fp_mss !=
391 f->fp_wsize) &&
392 (find->fp_wsize % SMART_MSS ||
393 find->fp_wsize / SMART_MSS !=
394 f->fp_wsize))
395 continue;
396 } else if (f->fp_flags & PF_OSFP_WSIZE_MTU) {
397 if (find->fp_mss == 0)
398 continue;
399
400 #define MTUOFF (sizeof(struct ip) + sizeof(struct tcphdr))
401 #define SMART_MTU (SMART_MSS + MTUOFF)
402 if ((find->fp_wsize % (find->fp_mss + MTUOFF) ||
403 find->fp_wsize / (find->fp_mss + MTUOFF) !=
404 f->fp_wsize) &&
405 (find->fp_wsize % SMART_MTU ||
406 find->fp_wsize / SMART_MTU !=
407 f->fp_wsize))
408 continue;
409 } else if (f->fp_flags & PF_OSFP_WSIZE_MOD) {
410 if (f->fp_wsize == 0 || find->fp_wsize %
411 f->fp_wsize)
412 continue;
413 } else {
414 if (f->fp_wsize != find->fp_wsize)
415 continue;
416 }
417 }
418 return (f);
419 }
420
421 return (NULL);
422 }
423
424 /* Find an exact fingerprint in the list */
425 static struct pf_os_fingerprint *
pf_osfp_find_exact(struct pf_osfp_list * list,struct pf_os_fingerprint * find)426 pf_osfp_find_exact(struct pf_osfp_list *list, struct pf_os_fingerprint *find)
427 {
428 struct pf_os_fingerprint *f;
429
430 SLIST_FOREACH(f, list, fp_next) {
431 if (f->fp_tcpopts == find->fp_tcpopts &&
432 f->fp_wsize == find->fp_wsize &&
433 f->fp_psize == find->fp_psize &&
434 f->fp_mss == find->fp_mss &&
435 f->fp_flags == find->fp_flags &&
436 f->fp_optcnt == find->fp_optcnt &&
437 f->fp_wscale == find->fp_wscale &&
438 f->fp_ttl == find->fp_ttl)
439 return (f);
440 }
441
442 return (NULL);
443 }
444
445 /* Insert a fingerprint into the list */
446 static void
pf_osfp_insert(struct pf_osfp_list * list,struct pf_os_fingerprint * ins)447 pf_osfp_insert(struct pf_osfp_list *list, struct pf_os_fingerprint *ins)
448 {
449 struct pf_os_fingerprint *f, *prev = NULL;
450
451 /* XXX need to go semi tree based. can key on tcp options */
452
453 SLIST_FOREACH(f, list, fp_next)
454 prev = f;
455 if (prev)
456 SLIST_INSERT_AFTER(prev, ins, fp_next);
457 else
458 SLIST_INSERT_HEAD(list, ins, fp_next);
459 }
460
461 /* Fill a fingerprint by its number (from an ioctl) */
462 int
pf_osfp_get(struct pf_osfp_ioctl * fpioc)463 pf_osfp_get(struct pf_osfp_ioctl *fpioc)
464 {
465 struct pf_os_fingerprint *fp;
466 struct pf_osfp_entry *entry;
467 int num = fpioc->fp_getnum;
468 int i = 0;
469
470
471 memset(fpioc, 0, sizeof(*fpioc));
472 SLIST_FOREACH(fp, &V_pf_osfp_list, fp_next) {
473 SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) {
474 if (i++ == num) {
475 fpioc->fp_mss = fp->fp_mss;
476 fpioc->fp_wsize = fp->fp_wsize;
477 fpioc->fp_flags = fp->fp_flags;
478 fpioc->fp_psize = fp->fp_psize;
479 fpioc->fp_ttl = fp->fp_ttl;
480 fpioc->fp_wscale = fp->fp_wscale;
481 fpioc->fp_getnum = num;
482 memcpy(&fpioc->fp_os, entry,
483 sizeof(fpioc->fp_os));
484 return (0);
485 }
486 }
487 }
488
489 return (EBUSY);
490 }
491
492
493 #ifdef PFDEBUG
494 /* Validate that each signature is reachable */
495 static struct pf_os_fingerprint *
pf_osfp_validate(void)496 pf_osfp_validate(void)
497 {
498 struct pf_os_fingerprint *f, *f2, find;
499
500 SLIST_FOREACH(f, &V_pf_osfp_list, fp_next) {
501 memcpy(&find, f, sizeof(find));
502
503 /* We do a few MSS/th_win percolations to make things unique */
504 if (find.fp_mss == 0)
505 find.fp_mss = 128;
506 if (f->fp_flags & PF_OSFP_WSIZE_MSS)
507 find.fp_wsize *= find.fp_mss;
508 else if (f->fp_flags & PF_OSFP_WSIZE_MTU)
509 find.fp_wsize *= (find.fp_mss + 40);
510 else if (f->fp_flags & PF_OSFP_WSIZE_MOD)
511 find.fp_wsize *= 2;
512 if (f != (f2 = pf_osfp_find(&V_pf_osfp_list, &find, 0))) {
513 if (f2)
514 printf("Found \"%s %s %s\" instead of "
515 "\"%s %s %s\"\n",
516 SLIST_FIRST(&f2->fp_oses)->fp_class_nm,
517 SLIST_FIRST(&f2->fp_oses)->fp_version_nm,
518 SLIST_FIRST(&f2->fp_oses)->fp_subtype_nm,
519 SLIST_FIRST(&f->fp_oses)->fp_class_nm,
520 SLIST_FIRST(&f->fp_oses)->fp_version_nm,
521 SLIST_FIRST(&f->fp_oses)->fp_subtype_nm);
522 else
523 printf("Couldn't find \"%s %s %s\"\n",
524 SLIST_FIRST(&f->fp_oses)->fp_class_nm,
525 SLIST_FIRST(&f->fp_oses)->fp_version_nm,
526 SLIST_FIRST(&f->fp_oses)->fp_subtype_nm);
527 return (f);
528 }
529 }
530 return (NULL);
531 }
532 #endif /* PFDEBUG */
533