• Evgeniy Polyakov's avatar
    netfilter: passive OS fingerprint xtables match · 11eeef41
    Evgeniy Polyakov authored
    Passive OS fingerprinting netfilter module allows to passively detect
    remote OS and perform various netfilter actions based on that knowledge.
    This module compares some data (WS, MSS, options and it's order, ttl, df
    and others) from packets with SYN bit set with dynamically loaded OS
    fingerprints.
    
    Fingerprint matching rules can be downloaded from OpenBSD source tree
    or found in archive and loaded via netfilter netlink subsystem into
    the kernel via special util found in archive.
    
    Archive contains library file (also attached), which was shipped
    with iptables extensions some time ago (at least when ipt_osf existed
    in patch-o-matic).
    
    Following changes were made in this release:
     * added NLM_F_CREATE/NLM_F_EXCL checks
     * dropped _rcu list traversing helpers in the protected add/remove calls
     * dropped unneded structures, debug prints, obscure comment and check
    
    Fingerprints can be downloaded from
    http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os
    or can be found in archive
    
    Example usage:
    -d switch removes fingerprints
    
    Please consider for inclusion.
    Thank you.
    
    Passive OS fingerprint homepage (archives, examples):
    http://www.ioremap.net/projects/osfSigned-off-by: 's avatarEvgeniy Polyakov <zbr@ioremap.net>
    Signed-off-by: 's avatarPatrick McHardy <kaber@trash.net>
    11eeef41
xt_osf.h 3.24 KB