From 9f28b685b473b2424524d0443ef1e0ed8ba276de Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Fri, 3 Aug 2018 23:47:11 +0200
Subject: src: introduce passive OS fingerprint matching

Add support for "osf" expression. Example:

table ip foo {
	chain bar {
		type filter hook input priority 0; policy accept;
		osf name "Linux" counter packets 3 bytes 132
	}
}

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/osf.c | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 src/osf.c

(limited to 'src/osf.c')

diff --git a/src/osf.c b/src/osf.c
new file mode 100644
index 00000000..f07a725c
--- /dev/null
+++ b/src/osf.c
@@ -0,0 +1,35 @@
+#include <nftables.h>
+#include <expression.h>
+#include <utils.h>
+#include <string.h>
+#include <osf.h>
+
+#include <net/if.h>
+
+static void osf_expr_print(const struct expr *expr, struct output_ctx *octx)
+{
+	nft_print(octx, "osf name");
+}
+
+static void osf_expr_clone(struct expr *new, const struct expr *expr)
+{
+}
+
+static const struct expr_ops osf_expr_ops = {
+	.type		= EXPR_OSF,
+	.name		= "osf",
+	.print		= osf_expr_print,
+	.clone		= osf_expr_clone,
+};
+
+struct expr *osf_expr_alloc(const struct location *loc)
+{
+	unsigned int len = IFNAMSIZ * BITS_PER_BYTE;
+	const struct datatype *type = &string_type;
+	struct expr *expr;
+
+	expr = expr_alloc(loc, &osf_expr_ops, type,
+			  BYTEORDER_HOST_ENDIAN, len);
+
+	return expr;
+}
-- 
cgit v1.2.3