[PATCH 1/6 nft v3] osf: add version fingerprint support

[PATCH 1/6 nft v3] osf: add version fingerprint support

[Fernando Fernandez Mancera]

Add support for version fingerprint in "osf" expression. Example:

table ip foo {
	chain bar {
		type filter hook input priority filter; policy accept;
		osf ttl skip name "Linux"
		osf ttl skip version "Linux:4.20"
	}
}

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
 include/expression.h                |  1 +
 include/linux/netfilter/nf_tables.h |  6 ++++++
 include/osf.h                       |  3 ++-
 src/netlink_delinearize.c           |  4 +++-
 src/netlink_linearize.c             |  1 +
 src/osf.c                           | 13 ++++++++++---
 src/parser_bison.y                  |  8 ++++++--
 7 files changed, 29 insertions(+), 7 deletions(-)

diff --git a/include/expression.h b/include/expression.h
index 6d72f64..6416ac0 100644
--- a/include/expression.h
+++ b/include/expression.h
@@ -350,6 +350,7 @@ struct expr {
 		struct {
 			/* EXPR_OSF */
 			uint8_t			ttl;
+			uint32_t		flags;
 		} osf;
 	};
 };
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 37036be..09a7b9e 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -944,15 +944,21 @@ enum nft_socket_keys {
  *
  * @NFTA_OSF_DREG: destination register (NLA_U32: nft_registers)
  * @NFTA_OSF_TTL: Value of the TTL osf option (NLA_U8)
+ * @NFTA_OSF_FLAGS: flags (NLA_U32)
  */
 enum nft_osf_attributes {
 	NFTA_OSF_UNSPEC,
 	NFTA_OSF_DREG,
 	NFTA_OSF_TTL,
+	NFTA_OSF_FLAGS,
 	__NFTA_OSF_MAX
 };
 #define NFT_OSF_MAX		(__NFTA_OSF_MAX - 1)
 
+enum nft_osf_flags {
+	NFT_OSF_F_VERSION	= 1 << 0,	/* check fingerprint version */
+};
+
 /**
  * enum nft_ct_keys - nf_tables ct expression keys
  *
diff --git a/include/osf.h b/include/osf.h
index 23ea34d..8f6f584 100644
--- a/include/osf.h
+++ b/include/osf.h
@@ -1,7 +1,8 @@
 #ifndef NFTABLES_OSF_H
 #define NFTABLES_OSF_H
 
-struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl);
+struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl,
+			    const uint32_t flags);
 
 extern int nfnl_osf_load_fingerprints(struct netlink_ctx *ctx, int del);
 
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index d0eaf5b..9a2d63d 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -655,10 +655,12 @@ static void netlink_parse_osf(struct netlink_parse_ctx *ctx,
 {
 	enum nft_registers dreg;
 	struct expr *expr;
+	uint32_t flags;
 	uint8_t ttl;
 
 	ttl = nftnl_expr_get_u8(nle, NFTNL_EXPR_OSF_TTL);
-	expr = osf_expr_alloc(loc, ttl);
+	flags = nftnl_expr_get_u32(nle, NFTNL_EXPR_OSF_FLAGS);
+	expr = osf_expr_alloc(loc, ttl, flags);
 
 	dreg = netlink_parse_register(nle, NFTNL_EXPR_OSF_DREG);
 	netlink_set_register(ctx, dreg, expr);
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 61149bf..8df82d5 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -228,6 +228,7 @@ static void netlink_gen_osf(struct netlink_linearize_ctx *ctx,
 	nle = alloc_nft_expr("osf");
 	netlink_put_register(nle, NFTNL_EXPR_OSF_DREG, dreg);
 	nftnl_expr_set_u8(nle, NFTNL_EXPR_OSF_TTL, expr->osf.ttl);
+	nftnl_expr_set_u32(nle, NFTNL_EXPR_OSF_FLAGS, expr->osf.flags);
 	nftnl_rule_add_expr(ctx->nlr, nle);
 }
 
diff --git a/src/osf.c b/src/osf.c
index 9252934..f0c2239 100644
--- a/src/osf.c
+++ b/src/osf.c
@@ -19,17 +19,22 @@ static void osf_expr_print(const struct expr *expr, struct output_ctx *octx)
 {
 	const char *ttl_str = osf_ttl_int_to_str(expr->osf.ttl);
 
-	nft_print(octx, "osf %sname", ttl_str);
+	if (expr->osf.flags & NFT_OSF_F_VERSION)
+		nft_print(octx, "osf %sversion", ttl_str);
+	else
+		nft_print(octx, "osf %sname", ttl_str);
 }
 
 static void osf_expr_clone(struct expr *new, const struct expr *expr)
 {
 	new->osf.ttl = expr->osf.ttl;
+	new->osf.flags = expr->osf.flags;
 }
 
 static bool osf_expr_cmp(const struct expr *e1, const struct expr *e2)
 {
-	return e1->osf.ttl == e2->osf.ttl;
+	return (e1->osf.ttl == e2->osf.ttl) &&
+	       (e1->osf.flags == e2->osf.flags);
 }
 
 const struct expr_ops osf_expr_ops = {
@@ -41,7 +46,8 @@ const struct expr_ops osf_expr_ops = {
 	.json		= osf_expr_json,
 };
 
-struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl)
+struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl,
+			    const uint32_t flags)
 {
 	unsigned int len = NFT_OSF_MAXGENRELEN * BITS_PER_BYTE;
 	const struct datatype *type = &string_type;
@@ -50,6 +56,7 @@ struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl)
 	expr = expr_alloc(loc, EXPR_OSF, type,
 			  BYTEORDER_HOST_ENDIAN, len);
 	expr->osf.ttl = ttl;
+	expr->osf.flags = flags;
 
 	return expr;
 }
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 65b3fb3..6e1bb88 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3190,9 +3190,13 @@ fib_tuple		:  	fib_flag	DOT	fib_tuple
 			|	fib_flag
 			;
 
-osf_expr		:	OSF	osf_ttl		NAME
+osf_expr		:	OSF	osf_ttl		HDRVERSION
 			{
-				$$ = osf_expr_alloc(&@$, $2);
+				$$ = osf_expr_alloc(&@$, $2, NFT_OSF_F_VERSION);
+			}
+			|	OSF	osf_ttl		NAME
+			{
+				$$ = osf_expr_alloc(&@$, $2, 0);
 			}
 			;
 
-- 
2.20.1

[PATCH 2/6 nft v3] json: osf: add version json support

[Fernando Fernandez Mancera]

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
 src/json.c        | 7 ++++++-
 src/parser_json.c | 9 +++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/json.c b/src/json.c
index 276a3c0..4900c02 100644
--- a/src/json.c
+++ b/src/json.c
@@ -864,7 +864,12 @@ json_t *socket_expr_json(const struct expr *expr, struct output_ctx *octx)
 
 json_t *osf_expr_json(const struct expr *expr, struct output_ctx *octx)
 {
-	json_t *root = json_pack("{s:s}", "key", "name");
+	json_t *root;
+
+	if (expr->osf.flags & NFT_OSF_F_VERSION)
+		root = json_pack("{s:s}", "key", "version");
+	else
+		root = json_pack("{s:s}", "key", "name");
 
 	switch (expr->osf.ttl) {
 	case 1:
diff --git a/src/parser_json.c b/src/parser_json.c
index 7b190bc..07defc0 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -381,6 +381,7 @@ static struct expr *json_parse_osf_expr(struct json_ctx *ctx,
 					const char *type, json_t *root)
 {
 	const char *key, *ttl;
+	uint32_t flagval = 0;
 	uint8_t ttlval = 0;
 
 	if (json_unpack_err(ctx, root, "{s:s}", "key", &key))
@@ -397,8 +398,12 @@ static struct expr *json_parse_osf_expr(struct json_ctx *ctx,
 		}
 	}
 
-	if (!strcmp(key, "name"))
-		return osf_expr_alloc(int_loc, ttlval);
+	if (!strcmp(key, "name")) {
+		return osf_expr_alloc(int_loc, ttlval, flagval);
+	} else if (!strcmp(key, "version")) {
+		flagval |= NFT_OSF_F_VERSION;
+		return osf_expr_alloc(int_loc, ttlval, flagval);
+	}
 
 	json_error(ctx, "Invalid osf key value.");
 	return NULL;
-- 
2.20.1

[PATCH 3/6 nft v3] tests: py: add osf tests with versions

[Fernando Fernandez Mancera]

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
 tests/py/inet/osf.t         |  4 +++
 tests/py/inet/osf.t.json    | 15 +++++++++
 tests/py/inet/osf.t.payload | 66 +++++++++++++++++++++++++++++++++++++
 3 files changed, 85 insertions(+)

diff --git a/tests/py/inet/osf.t b/tests/py/inet/osf.t
index fd5d9ed..c828541 100644
--- a/tests/py/inet/osf.t
+++ b/tests/py/inet/osf.t
@@ -7,8 +7,12 @@
 osf name "Linux";ok
 osf ttl loose name "Linux";ok
 osf ttl skip name "Linux";ok
+osf ttl skip version "Linux:3.0";ok
+osf ttl skip version "morethan:sixteenbytes";fail
 osf ttl nottl name "Linux";fail
 osf name "morethansixteenbytes";fail
 osf name ;fail
 osf name { "Windows", "MacOs" };ok
+osf version { "Windows:XP", "MacOs:Sierra" };ok
 ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 };ok
+ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 };ok
diff --git a/tests/py/inet/osf.t.json b/tests/py/inet/osf.t.json
index 452f302..a2e7449 100644
--- a/tests/py/inet/osf.t.json
+++ b/tests/py/inet/osf.t.json
@@ -45,6 +45,21 @@
     }
 ]
 
+# osf name version "Linux:3.0"
+[
+    {
+        "match": {
+            "left": {
+                "osf": {
+                    "key": "version"
+                }
+            },
+            "op": "==",
+            "right": "Linux:3.0"
+        }
+    }
+]
+
 # osf name { "Windows", "MacOs" }
 [
     {
diff --git a/tests/py/inet/osf.t.payload b/tests/py/inet/osf.t.payload
index 9b8f0bc..6f5fba3 100644
--- a/tests/py/inet/osf.t.payload
+++ b/tests/py/inet/osf.t.payload
@@ -43,6 +43,21 @@ inet osfinet osfchain
   [ osf dreg 1 ]
   [ cmp eq reg 1 0x756e694c 0x00000078 0x00000000 0x00000000 ]
 
+# osf ttl skip version "Linux:3.0"
+ip osfip osfchain
+  [ osf dreg 1 ]
+  [ cmp eq reg 1 0x756e694c 0x2e333a78 0x00000030 0x00000000 ]
+
+# osf ttl skip version "Linux:3.0"
+ip6 osfip6 osfchain
+  [ osf dreg 1 ]
+  [ cmp eq reg 1 0x756e694c 0x2e333a78 0x00000030 0x00000000 ]
+
+# osf ttl skip version "Linux:3.0"
+inet osfinet osfchain
+  [ osf dreg 1 ]
+  [ cmp eq reg 1 0x756e694c 0x2e333a78 0x00000030 0x00000000 ]
+
 # osf name { "Windows", "MacOs" }
 __set%d osfip 3 size 2
 __set%d osfip 0
@@ -67,6 +82,30 @@ inet osfinet osfchain
   [ osf dreg 1 ]
   [ lookup reg 1 set __set%d ]
 
+# osf version { "Windows:XP", "MacOs:Sierra" }
+__set%d osfip 3 size 2
+__set%d osfip 0
+	element 646e6957 3a73776f 00005058 00000000  : 0 [end]	element 4f63614d 69533a73 61727265 00000000  : 0 [end]
+ip osfip osfchain
+  [ osf dreg 1 ]
+  [ lookup reg 1 set __set%d ]
+
+# osf version { "Windows:XP", "MacOs:Sierra" }
+__set%d osfip6 3 size 2
+__set%d osfip6 0
+	element 646e6957 3a73776f 00005058 00000000  : 0 [end]	element 4f63614d 69533a73 61727265 00000000  : 0 [end]
+ip6 osfip6 osfchain
+  [ osf dreg 1 ]
+  [ lookup reg 1 set __set%d ]
+
+# osf version { "Windows:XP", "MacOs:Sierra" }
+__set%d osfinet 3 size 2
+__set%d osfinet 0
+	element 646e6957 3a73776f 00005058 00000000  : 0 [end]	element 4f63614d 69533a73 61727265 00000000  : 0 [end]
+inet osfinet osfchain
+  [ osf dreg 1 ]
+  [ lookup reg 1 set __set%d ]
+
 # ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 }
 __map%d osfip b size 2
 __map%d osfip 0
@@ -93,3 +132,30 @@ inet osfinet osfchain
   [ osf dreg 1 ]
   [ lookup reg 1 set __map%d dreg 1 ]
   [ ct set mark with reg 1 ]
+
+# ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 }
+__map%d osfip b size 2
+__map%d osfip 0
+	element 646e6957 3a73776f 00005058 00000000  : 00000003 0 [end]	element 4f63614d 69533a73 61727265 00000000  : 00000004 0 [end]
+ip osfip osfchain
+  [ osf dreg 1 ]
+  [ lookup reg 1 set __map%d dreg 1 ]
+  [ ct set mark with reg 1 ]
+
+# ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 }
+__map%d osfip6 b size 2
+__map%d osfip6 0
+	element 646e6957 3a73776f 00005058 00000000  : 00000003 0 [end]	element 4f63614d 69533a73 61727265 00000000  : 00000004 0 [end]
+ip6 osfip6 osfchain
+  [ osf dreg 1 ]
+  [ lookup reg 1 set __map%d dreg 1 ]
+  [ ct set mark with reg 1 ]
+
+# ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 }
+__map%d osfinet b size 2
+__map%d osfinet 0
+	element 646e6957 3a73776f 00005058 00000000  : 00000003 0 [end]	element 4f63614d 69533a73 61727265 00000000  : 00000004 0 [end]
+inet osfinet osfchain
+  [ osf dreg 1 ]
+  [ lookup reg 1 set __map%d dreg 1 ]
+  [ ct set mark with reg 1 ]
-- 
2.20.1

[PATCH 4/6 nft v3] doc: add osf version option to man page

[Fernando Fernandez Mancera]

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
 doc/primary-expression.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index d819b24..a62ed00 100644
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -219,6 +219,8 @@ and others) from packets with the SYN bit set.
 |ttl|
 Do TTL checks on the packet to determine the operating system.|
 string
+|version|
+Do OS version checks on the packet.|
 |name|
 Name of the OS signature to match. All signatures can be found at pf.os file.
 Use "unknown" for OS signatures that the expression could not detect.|
-- 
2.20.1

[PATCH 5/6 nft v3] files: osf: update pf.os with newer OS fingerprints

[Fernando Fernandez Mancera]

After notice that some fingerprints are outdated we have updated the most common
of them.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
 files/osf/pf.os | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/files/osf/pf.os b/files/osf/pf.os
index e285851..7612d76 100644
--- a/files/osf/pf.os
+++ b/files/osf/pf.os
@@ -233,6 +233,10 @@ S4:64:1:60:M*,S,T,N,W7:		Linux:2.6::Linux 2.6 (newer, 3)
 T4:64:1:60:M*,S,T,N,W7:		Linux:2.6::Linux 2.6 (newer, 4)
 
 S10:64:1:60:M*,S,T,N,W4:	Linux:3.0::Linux 3.0
+S10:64:1:60:M*,S,T,N,W6:	Linux:3.1::Linux 3.1
+S10:64:1:60:M*,S,T,N,W7:	Linux:3.4-3.10::Linux 3.4 - 3.10
+S20:64:1:60:M*,S,T,N,W7:	Linux:3.11-4.19::Linux 3.11 - 4.19
+S44:64:1:60:M*,S,T,N,W7:	Linux:4.20::Linux 4.20
 
 S3:64:1:60:M*,S,T,N,W1:		Linux:2.5::Linux 2.5 (sometimes 2.4)
 S4:64:1:60:M*,S,T,N,W1:		Linux:2.5-2.6::Linux 2.5/2.6
@@ -284,6 +288,8 @@ S22:64:1:52:M*,N,N,S,N,W0:	Linux:2.2:ts:Linux 2.2 w/o timestamps
 65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:4.7-4.11::FreeBSD 4.7-5.2
 65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:5.0-5.2::FreeBSD 4.7-5.2
 
+65535:64:1:60:M*,N,W6,S,T:	FreeBSD:9.0-12.0::FreeBSD 9.0 - 12.0
+
 # XXX need quirks support
 # 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (1)
 # 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (2)
-- 
2.20.1

[PATCH 6/6 nft v3] files: pf.os: merge the signatures spllited by version

[Fernando Fernandez Mancera]

In order to be able to identify the OS version we need to merge the signatures
split by version. eg.

65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:4.7-4.11::FreeBSD 4.7-5.2
65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:5.0-5.2::FreeBSD 4.7-5.2

65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:4.7-5.2::FreeBSD 4.7-5.2

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
 files/osf/pf.os | 40 ++++++++++++++--------------------------
 1 file changed, 14 insertions(+), 26 deletions(-)

diff --git a/files/osf/pf.os b/files/osf/pf.os
index 7612d76..35cbb47 100644
--- a/files/osf/pf.os
+++ b/files/osf/pf.os
@@ -201,12 +201,9 @@
 45046:64:0:44:M*:		AIX:4.3::AIX 4.3
 16384:64:0:44:M512:		AIX:4.3:2-3:AIX 4.3.2 and earlier
 
-16384:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3:3:AIX 4.3.3-5.2
-16384:64:0:60:M512,N,W%2,N,N,T:		AIX:5.1-5.2::AIX 4.3.3-5.2
-32768:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3:3:AIX 4.3.3-5.2
-32768:64:0:60:M512,N,W%2,N,N,T:		AIX:5.1-5.2::AIX 4.3.3-5.2
-65535:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3:3:AIX 4.3.3-5.2
-65535:64:0:60:M512,N,W%2,N,N,T:		AIX:5.1-5.2::AIX 4.3.3-5.2
+16384:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3-5.2:3:AIX 4.3.3-5.2
+32768:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3-5.2:3:AIX 4.3.3-5.2
+65535:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3-5-2:3:AIX 4.3.3-5.2
 65535:64:0:64:M*,N,W1,N,N,T,N,N,S:	AIX:5.3:ML1:AIX 5.3 ML1
 
 # ----------------- Linux -------------------
@@ -224,8 +221,7 @@ S4:64:1:60:M1360,S,T,N,W0:	Linux:google::Linux (Google crawlbot)
 
 S2:64:1:60:M*,S,T,N,W0:		Linux:2.4::Linux 2.4 (big boy)
 S3:64:1:60:M*,S,T,N,W0:		Linux:2.4:.18-21:Linux 2.4.18 and newer
-S4:64:1:60:M*,S,T,N,W0:		Linux:2.4::Linux 2.4/2.6 <= 2.6.7
-S4:64:1:60:M*,S,T,N,W0:		Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7
+S4:64:1:60:M*,S,T,N,W0:		Linux:2.4/2.6::Linux 2.4/2.6 <= 2.6.7
 
 S4:64:1:60:M*,S,T,N,W5:		Linux:2.6::Linux 2.6 (newer, 1)
 S4:64:1:60:M*,S,T,N,W6:		Linux:2.6::Linux 2.6 (newer, 2)
@@ -271,9 +267,7 @@ S22:64:1:52:M*,N,N,S,N,W0:	Linux:2.2:ts:Linux 2.2 w/o timestamps
 
 # ----------------- FreeBSD -----------------
 
-16384:64:1:44:M*:		FreeBSD:2.0-2.2::FreeBSD 2.0-4.2
-16384:64:1:44:M*:		FreeBSD:3.0-3.5::FreeBSD 2.0-4.2
-16384:64:1:44:M*:		FreeBSD:4.0-4.2::FreeBSD 2.0-4.2
+16384:64:1:44:M*:		FreeBSD:2.0-4.2::FreeBSD 2.0-4.2
 16384:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.4::FreeBSD 4.4
 
 1024:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.4::FreeBSD 4.4
@@ -281,12 +275,9 @@ S22:64:1:52:M*,N,N,S,N,W0:	Linux:2.2:ts:Linux 2.2 w/o timestamps
 57344:64:1:44:M*:		FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323)
 57344:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.6-4.9::FreeBSD 4.6-4.9
 
-32768:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-4.11::FreeBSD 4.8-5.1 (or MacOS X)
-32768:64:1:60:M*,N,W0,N,N,T:	FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
-65535:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-4.11::FreeBSD 4.8-5.2 (or MacOS X)
-65535:64:1:60:M*,N,W0,N,N,T:	FreeBSD:5.0-5.2::FreeBSD 4.8-5.2 (or MacOS X)
-65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:4.7-4.11::FreeBSD 4.7-5.2
-65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:5.0-5.2::FreeBSD 4.7-5.2
+32768:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-5.1::FreeBSD 4.8-5.1 (or MacOS X)
+65535:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-5.2::FreeBSD 4.8-5.2 (or MacOS X)
+65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:4.7-5.2::FreeBSD 4.7-5.2
 
 65535:64:1:60:M*,N,W6,S,T:	FreeBSD:9.0-12.0::FreeBSD 9.0 - 12.0
 
@@ -378,8 +369,7 @@ S34:64:1:52:M*,N,W0,N,N,S:		Solaris:10:beta:Solaris 10 (beta)
 # S2:255:1:48:M*,W0,E:.:MacOS:8.6 classic
 
 # XXX some of these use EOL too
-16616:255:1:48:M*,W0:			MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
-16616:255:1:48:M*,W0:			MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
+16616:255:1:48:M*,W0:			MacOS:7.3-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
 16616:255:1:48:M*,N,N,N:		MacOS:8.1-8.6:OTTCP:MacOS 8.1-8.6 (OTTCP)
 32768:255:1:48:M*,W0,N:			MacOS:9.0-9.2::MacOS 9.0-9.2
 65535:255:1:48:M*,N,N,N,N:		MacOS:9.1::MacOS 9.1 (OT 2.7.4)
@@ -515,8 +505,7 @@ S8:64:0:44:M512:		NeXTSTEP:3.3::NeXTSTEP 3.3
 
 # ------------------ OS/400 -----------------
 
-8192:64:1:60:M1440,N,W0,N,N,T:	OS/400:VR4::OS/400 VR4/R5
-8192:64:1:60:M1440,N,W0,N,N,T:	OS/400:VR5::OS/400 VR4/R5
+8192:64:1:60:M1440,N,W0,N,N,T:	OS/400:VR4-VR5::OS/400 VR4/R5
 4096:64:1:60:M1440,N,W0,N,N,T:	OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032
 
 # XXX quirk
@@ -532,9 +521,9 @@ S16:64:0:44:M512:		QNX:::QNX demodisk
 
 # ------------------ Novell -----------------
 
-16384:128:1:44:M1460:		Novell:NetWare:5.0:Novel Netware 5.0
-6144:128:1:44:M1460:		Novell:IntranetWare:4.11:Novell IntranetWare 4.11
-6144:128:1:44:M1368:		Novell:BorderManager::Novell BorderManager ?
+16384:128:1:44:M1460:		Novell:NW:5.0:Novel Netware 5.0
+6144:128:1:44:M1460:		Novell:IW:4.11:Novell IntranetWare 4.11
+6144:128:1:44:M1368:		Novell:BM::Novell BorderManager ?
 
 6144:128:1:52:M*,W0,N,S,N,N:	Novell:Netware:6:Novell Netware 6 SP3
 
@@ -637,8 +626,7 @@ S1:255:1:60:M1460,S,T,N,W0:		LookSmart:ZyBorg::LookSmart ZyBorg
 # ----------- Embedded systems --------------
 
 S9:255:0:44:M536:			PalmOS:Tungsten:C:PalmOS Tungsten C
-S5:255:0:44:M536:			PalmOS:3::PalmOS 3/4
-S5:255:0:44:M536:			PalmOS:4::PalmOS 3/4
+S5:255:0:44:M536:			PalmOS:3-4::PalmOS 3/4
 S4:255:0:44:M536:			PalmOS:3:5:PalmOS 3.5
 2948:255:0:44:M536:			PalmOS:3:5:PalmOS 3.5.3 (Handera)
 S29:255:0:44:M536:			PalmOS:5::PalmOS 5.0
-- 
2.20.1

Re: [PATCH 1/6 nft v3] osf: add version fingerprint support

[Pablo Neira Ayuso]

Patches from 1 to 6 applied, thanks Fernando.