summaryrefslogtreecommitdiffstats
path: root/doc/primary-expression.txt
diff options
context:
space:
mode:
authorFernando Fernandez Mancera <ffmancera@riseup.net>2018-08-04 00:17:50 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2018-08-04 00:38:54 +0200
commit404180e2a68a09bde4490ed073471e6ee28f9621 (patch)
treeac85301c8cf82c16db6443aaac0467a04e017d06 /doc/primary-expression.txt
parent13426f7cad870a2bb2501791cc429d9dc0d16526 (diff)
doc: add osf expression to man page
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/primary-expression.txt')
-rw-r--r--doc/primary-expression.txt29
1 files changed, 29 insertions, 0 deletions
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index 63493049..e7a022a5 100644
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -173,6 +173,35 @@ table inet x {
}
----------------------
+OSF EXPRESSION
+~~~~~~~~~~~~~~
+[verse]
+osf {name}
+
+The osf expression does passive operating system fingerprinting. This
+expression compares some data (Window Size, MSS, options and their order, DF,
+and others) from packets with the SYN bit set.
+
+.Available osf attributes
+[options="header"]
+|==================
+|Name |Description| Type
+|name|
+Name of the OS signature to match. All signatures can be found at pf.os file.|
+Use "unknown" for OS signatures that the expression could not detect.
+|==================
+
+.Using osf expression
+---------------------
+# Accept packets that match the "Linux" OS signature.
+table inet x {
+ chain y {
+ type filter hook input priority 0; policy accept;
+ osf "Linux"
+ }
+}
+-----------------------
+
FIB EXPRESSIONS
~~~~~~~~~~~~~~~
[verse]