From 9f28b685b473b2424524d0443ef1e0ed8ba276de Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Fri, 3 Aug 2018 23:47:11 +0200
Subject: src: introduce passive OS fingerprint matching

Add support for "osf" expression. Example:

table ip foo {
	chain bar {
		type filter hook input priority 0; policy accept;
		osf name "Linux" counter packets 3 bytes 132
	}
}

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink_linearize.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src/netlink_linearize.c')

diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index aa00564a..442c5a94 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -219,6 +219,17 @@ static void netlink_gen_socket(struct netlink_linearize_ctx *ctx,
 	nftnl_rule_add_expr(ctx->nlr, nle);
 }
 
+static void netlink_gen_osf(struct netlink_linearize_ctx *ctx,
+			    const struct expr *expr,
+			    enum nft_registers dreg)
+{
+	struct nftnl_expr *nle;
+
+	nle = alloc_nft_expr("osf");
+	netlink_put_register(nle, NFTNL_EXPR_OSF_DREG, dreg);
+	nftnl_rule_add_expr(ctx->nlr, nle);
+}
+
 static void netlink_gen_numgen(struct netlink_linearize_ctx *ctx,
 			    const struct expr *expr,
 			    enum nft_registers dreg)
@@ -708,6 +719,8 @@ static void netlink_gen_expr(struct netlink_linearize_ctx *ctx,
 		return netlink_gen_fib(ctx, expr, dreg);
 	case EXPR_SOCKET:
 		return netlink_gen_socket(ctx, expr, dreg);
+	case EXPR_OSF:
+		return netlink_gen_osf(ctx, expr, dreg);
 	default:
 		BUG("unknown expression type %s\n", expr->ops->name);
 	}
-- 
cgit v1.2.3