diff options
author | Fernando Fernandez Mancera <ffmancera@riseup.net> | 2018-08-03 23:47:11 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-04 00:21:19 +0200 |
commit | 9f28b685b473b2424524d0443ef1e0ed8ba276de (patch) | |
tree | 14834b9e589da013b8b058b49beaf8a2b8ceae72 /include | |
parent | cdb5655ee44da4113d1ee72fbd6afa6ca4ffaa14 (diff) |
src: introduce passive OS fingerprint matching
Add support for "osf" expression. Example:
table ip foo {
chain bar {
type filter hook input priority 0; policy accept;
osf name "Linux" counter packets 3 bytes 132
}
}
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/expression.h | 3 | ||||
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 12 |
2 files changed, 15 insertions, 0 deletions
diff --git a/include/expression.h b/include/expression.h index 2bb51e53..f2c5c1ad 100644 --- a/include/expression.h +++ b/include/expression.h @@ -25,6 +25,7 @@ * @EXPR_EXTHDR: exthdr expression * @EXPR_META: meta expression * @EXPR_SOCKET: socket expression + * @EXPR_OSF: osf expression * @EXPR_CT: conntrack expression * @EXPR_CONCAT: concatenation * @EXPR_LIST: list of expressions @@ -52,6 +53,7 @@ enum expr_types { EXPR_EXTHDR, EXPR_META, EXPR_SOCKET, + EXPR_OSF, EXPR_CT, EXPR_CONCAT, EXPR_LIST, @@ -191,6 +193,7 @@ enum expr_flags { #include <hash.h> #include <ct.h> #include <socket.h> +#include <osf.h> /** * struct expr diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index ea374ae6..63b90546 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -934,6 +934,18 @@ enum nft_socket_keys { #define NFT_SOCKET_MAX (__NFT_SOCKET_MAX - 1) /** + * enum nft_osf_attributes - nf_tables osf expression netlink attributes + * + * @NFTA_OSF_DREG: destination register (NLA_U32: nft_registers) + */ +enum nft_osf_attributes { + NFTA_OSF_UNSPEC, + NFTA_OSF_DREG, + __NFTA_OSF_MAX +}; +#define NFT_OSF_MAX (__NFTA_OSF_MAX - 1) + +/** * enum nft_ct_keys - nf_tables ct expression keys * * @NFT_CT_STATE: conntrack state (bitmask of enum ip_conntrack_info) |