src: introduce passive OS fingerprint matching

Add support for "osf" expression. Example: table ip foo { chain bar { type filter hook input priority 0; policy accept; osf name "Linux" counter packets 3 bytes 132 } } Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Fernando Fernandez Mancera <ffmancera@riseup.net> 2018-08-03 23:47:11 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-08-04 00:21:19 +0200
commit: 9f28b685b473b2424524d0443ef1e0ed8ba276de (patch)
tree: 14834b9e589da013b8b058b49beaf8a2b8ceae72 /src/evaluate.c
parent: cdb5655ee44da4113d1ee72fbd6afa6ca4ffaa14 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index b793c125..1fc861f6 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1724,6 +1724,11 @@ static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **expr)
 	return 0;
 }
 
+static int expr_evaluate_osf(struct eval_ctx *ctx, struct expr **expr)
+{
+	return expr_evaluate_primary(ctx, expr);
+}
+
 static int expr_evaluate_variable(struct eval_ctx *ctx, struct expr **exprp)
 {
 	struct expr *new = expr_clone((*exprp)->sym->expr);
@@ -1763,6 +1768,8 @@ static int expr_evaluate(struct eval_ctx *ctx, struct expr **expr)
 		return expr_evaluate_meta(ctx, expr);
 	case EXPR_SOCKET:
 		return expr_evaluate_socket(ctx, expr);
+	case EXPR_OSF:
+		return expr_evaluate_osf(ctx, expr);
 	case EXPR_FIB:
 		return expr_evaluate_fib(ctx, expr);
 	case EXPR_PAYLOAD:
author	Fernando Fernandez Mancera <ffmancera@riseup.net>	2018-08-03 23:47:11 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-08-04 00:21:19 +0200
commit	9f28b685b473b2424524d0443ef1e0ed8ba276de (patch)
tree	14834b9e589da013b8b058b49beaf8a2b8ceae72 /src/evaluate.c
parent	cdb5655ee44da4113d1ee72fbd6afa6ca4ffaa14 (diff)