From 9f28b685b473b2424524d0443ef1e0ed8ba276de Mon Sep 17 00:00:00 2001 From: Fernando Fernandez Mancera Date: Fri, 3 Aug 2018 23:47:11 +0200 Subject: src: introduce passive OS fingerprint matching Add support for "osf" expression. Example: table ip foo { chain bar { type filter hook input priority 0; policy accept; osf name "Linux" counter packets 3 bytes 132 } } Signed-off-by: Fernando Fernandez Mancera Signed-off-by: Pablo Neira Ayuso --- src/netlink_delinearize.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'src/netlink_delinearize.c') diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index c886ff98..dbf1f618 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -630,6 +630,18 @@ static void netlink_parse_socket(struct netlink_parse_ctx *ctx, netlink_set_register(ctx, dreg, expr); } +static void netlink_parse_osf(struct netlink_parse_ctx *ctx, + const struct location *loc, + const struct nftnl_expr *nle) +{ + enum nft_registers dreg; + struct expr *expr; + + expr = osf_expr_alloc(loc); + dreg = netlink_parse_register(nle, NFTNL_EXPR_OSF_DREG); + netlink_set_register(ctx, dreg, expr); +} + static void netlink_parse_meta_stmt(struct netlink_parse_ctx *ctx, const struct location *loc, const struct nftnl_expr *nle) @@ -1397,6 +1409,7 @@ static const struct { { .name = "exthdr", .parse = netlink_parse_exthdr }, { .name = "meta", .parse = netlink_parse_meta }, { .name = "socket", .parse = netlink_parse_socket }, + { .name = "osf", .parse = netlink_parse_osf }, { .name = "rt", .parse = netlink_parse_rt }, { .name = "ct", .parse = netlink_parse_ct }, { .name = "connlimit", .parse = netlink_parse_connlimit }, @@ -2087,6 +2100,7 @@ static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp) case EXPR_NUMGEN: case EXPR_FIB: case EXPR_SOCKET: + case EXPR_OSF: break; case EXPR_HASH: if (expr->hash.expr) -- cgit v1.2.3