From 9f28b685b473b2424524d0443ef1e0ed8ba276de Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Fri, 3 Aug 2018 23:47:11 +0200
Subject: src: introduce passive OS fingerprint matching

Add support for "osf" expression. Example:

table ip foo {
	chain bar {
		type filter hook input priority 0; policy accept;
		osf name "Linux" counter packets 3 bytes 132
	}
}

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_bison.y | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/parser_bison.y')

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 827b0580..9a75120a 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -194,6 +194,8 @@ int nft_lex(void *, void *, void *);
 
 %token TPROXY			"tproxy"
 
+%token OSF			"osf"
+
 %token HOOK			"hook"
 %token DEVICE			"device"
 %token DEVICES			"devices"
@@ -721,6 +723,9 @@ int nft_lex(void *, void *, void *);
 %destructor { expr_free($$); }	fib_expr
 %type <val>			fib_tuple	fib_result	fib_flag
 
+%type <expr>			osf_expr
+%destructor { expr_free($$); }	osf_expr
+
 %type <val>			markup_format
 %type <string>			monitor_event
 %destructor { xfree($$); }	monitor_event
@@ -2952,6 +2957,7 @@ primary_expr		:	symbol_expr			{ $$ = $1; }
 			|	numgen_expr			{ $$ = $1; }
 			|	hash_expr			{ $$ = $1; }
 			|	fib_expr			{ $$ = $1; }
+			|	osf_expr			{ $$ = $1; }
 			|	'('	basic_expr	')'	{ $$ = $2; }
 			;
 
@@ -2997,6 +3003,12 @@ fib_tuple		:  	fib_flag	DOT	fib_tuple
 			|	fib_flag
 			;
 
+osf_expr		:	OSF	NAME
+			{
+				$$ = osf_expr_alloc(&@$);
+			}
+			;
+
 shift_expr		:	primary_expr
 			|	shift_expr		LSHIFT		primary_expr
 			{
-- 
cgit v1.2.3