| Message ID | 20180929101518.843-2-ffmancera@riseup.net |
|---|---|
| State | Changes Requested |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | [1/2,nft,v2] src: osf: add ttl option support | expand |
Sorry, I have forgotten to add "Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>". Thanks. On 9/29/18 12:15 PM, Fernando Fernandez Mancera wrote: > --- > doc/primary-expression.txt | 20 ++++++++++++++++---- > 1 file changed, 16 insertions(+), 4 deletions(-) > > diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt > index 0fda76d..92dd89a 100644 > --- a/doc/primary-expression.txt > +++ b/doc/primary-expression.txt > @@ -187,18 +187,30 @@ and others) from packets with the SYN bit set. > [options="header"] > |================== > |Name |Description| Type > +|ttl| > +Do TTL checks on the packet to determine the operating system.| > +string > |name| > -Name of the OS signature to match. All signatures can be found at pf.os file.| > -Use "unknown" for OS signatures that the expression could not detect. > +Name of the OS signature to match. All signatures can be found at pf.os file. > +Use "unknown" for OS signatures that the expression could not detect.| > +string > |================== > > +.Available ttl values > +--------------------- > +If no TTL attribute is passed, make a true IP header and fingerprint TTL true comparison. This generally works for LANs. > + > +* ttl-global: Check if the IP header's TTL is less than the fingerprint one. Works for globally-routable addresses. > +* ttl-nocheck: Do not compare the TTL at all. > +--------------------- > + > .Using osf expression > --------------------- > -# Accept packets that match the "Linux" OS signature. > +# Accept packets that match the "Linux" OS genre signature without comparing TTL. > table inet x { > chain y { > type filter hook input priority 0; policy accept; > - osf "Linux" > + osf ttl-nocheck name "Linux" > } > } > ----------------------- >
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt index 0fda76d..92dd89a 100644 --- a/doc/primary-expression.txt +++ b/doc/primary-expression.txt @@ -187,18 +187,30 @@ and others) from packets with the SYN bit set. [options="header"] |================== |Name |Description| Type +|ttl| +Do TTL checks on the packet to determine the operating system.| +string |name| -Name of the OS signature to match. All signatures can be found at pf.os file.| -Use "unknown" for OS signatures that the expression could not detect. +Name of the OS signature to match. All signatures can be found at pf.os file. +Use "unknown" for OS signatures that the expression could not detect.| +string |================== +.Available ttl values +--------------------- +If no TTL attribute is passed, make a true IP header and fingerprint TTL true comparison. This generally works for LANs. + +* ttl-global: Check if the IP header's TTL is less than the fingerprint one. Works for globally-routable addresses. +* ttl-nocheck: Do not compare the TTL at all. +--------------------- + .Using osf expression --------------------- -# Accept packets that match the "Linux" OS signature. +# Accept packets that match the "Linux" OS genre signature without comparing TTL. table inet x { chain y { type filter hook input priority 0; policy accept; - osf "Linux" + osf ttl-nocheck name "Linux" } } -----------------------