From 9f28b685b473b2424524d0443ef1e0ed8ba276de Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Fri, 3 Aug 2018 23:47:11 +0200
Subject: src: introduce passive OS fingerprint matching

Add support for "osf" expression. Example:

table ip foo {
	chain bar {
		type filter hook input priority 0; policy accept;
		osf name "Linux" counter packets 3 bytes 132
	}
}

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/evaluate.c')

diff --git a/src/evaluate.c b/src/evaluate.c
index b793c125..1fc861f6 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1724,6 +1724,11 @@ static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **expr)
 	return 0;
 }
 
+static int expr_evaluate_osf(struct eval_ctx *ctx, struct expr **expr)
+{
+	return expr_evaluate_primary(ctx, expr);
+}
+
 static int expr_evaluate_variable(struct eval_ctx *ctx, struct expr **exprp)
 {
 	struct expr *new = expr_clone((*exprp)->sym->expr);
@@ -1763,6 +1768,8 @@ static int expr_evaluate(struct eval_ctx *ctx, struct expr **expr)
 		return expr_evaluate_meta(ctx, expr);
 	case EXPR_SOCKET:
 		return expr_evaluate_socket(ctx, expr);
+	case EXPR_OSF:
+		return expr_evaluate_osf(ctx, expr);
 	case EXPR_FIB:
 		return expr_evaluate_fib(ctx, expr);
 	case EXPR_PAYLOAD:
-- 
cgit v1.2.3