[pf4freebsd] pfaltq-5.1.0.4 problem using fingerprinting

[Bruno Afonso]

All seems to be working fine including AltQ integration. Only a minor 
glitch when I do ifconfig. (box reboots... works perfectly fine on 
another 5.1 box. Probably a kernel option. Will do some more research on 
this...)

Anyway, passive fingerprinting may have a bug,
This is the important rule in question:

#ssh
pass in on $ext_if proto tcp from any os Windows to $main_ip port 22 
modulate state queue(interact_bulk,interact_ack)

Without the "os Windows" everything works fine. And I am coming in from 
a Windows box as tcpdump shows:

my.ip.14338 > public.ip.22: S (src OS: Windows 2000 SP3, Windows XP) 
709831067:709831067(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)

This was a mere test. :-)


Now, the interesting part is that, if I use a FreeBSD box to ssh in, it 
works...

FreeBSd.box.ip.57050 > public.ip.22: S (src OS: FreeBSD 5.0, FreeBSD 
4.8-4.9) 632746775:632746775(0) win 65535 <mss 1460,nop,wscale 
1,nop,nop,timestamp 674899877 0> (DF)


But even more interesting is that, if I change the rule to:

#ssh
pass in on $ext_if proto tcp from any os Cisco to $main_ip port 22 
modulate state queue(interact_bulk,interact_ack)


I can ssh in using FreeBSD but not using windows box... My FreeBSD box 
is on the local network and the windows on a remote one. But, there's a 
clear problem in always allowing FreeBSD.

pf.os is from obsd cvs with some entries remove due to pfctl complaining 
about them:

#16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
#16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
#32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
#32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
#65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
#65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2


Thanks, take care