Passive OS fingerprint xtables match.

Message ID	4A2D28E0.80508@trash.net
State	Not Applicable, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Message-ID: <4A2D28E0.80508@trash.net> Date: Mon, 08 Jun 2009 17:06:08 +0200 From: Patrick McHardy <kaber@trash.net> User-Agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103) MIME-Version: 1.0 To: Evgeniy Polyakov <zbr@ioremap.net> CC: netdev@vger.kernel.org, David Miller <davem@davemloft.net>, "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>, Netfilter Development Mailinglist <netfilter-devel@vger.kernel.org>, Jan Engelhardt <jengelh@medozas.de> Subject: Re: Passive OS fingerprint xtables match. References: <20090607151758.GB31757@ioremap.net> In-Reply-To: <20090607151758.GB31757@ioremap.net> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

4A2D28E0.80508@trash.net

State

Not Applicable, archived

Delegated to:

David Miller

Headers

Message-ID: <4A2D28E0.80508@trash.net>
Date: Mon, 08 Jun 2009 17:06:08 +0200
From: Patrick McHardy <kaber@trash.net>
User-Agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103)
MIME-Version: 1.0
To: Evgeniy Polyakov <zbr@ioremap.net>
CC: netdev@vger.kernel.org, David Miller <davem@davemloft.net>,
	"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
	Netfilter Development Mailinglist <netfilter-devel@vger.kernel.org>,
	Jan Engelhardt <jengelh@medozas.de>
Subject: Re: Passive OS fingerprint xtables match.
References: <20090607151758.GB31757@ioremap.net>
In-Reply-To: <20090607151758.GB31757@ioremap.net>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Patrick McHardy June 8, 2009, 3:06 p.m. UTC

Evgeniy Polyakov wrote:
> Passive OS fingerprinting netfilter module allows to passively detect
> remote OS and perform various netfilter actions based on that knowledge.
> This module compares some data (WS, MSS, options and it's order, ttl, df
> and others) from packets with SYN bit set with dynamically loaded OS
> fingerprints.

Applied, thanks. I've made one minor change:

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Evgeniy Polyakov June 8, 2009, 5:25 p.m. UTC | #1

On Mon, Jun 08, 2009 at 05:06:08PM +0200, Patrick McHardy (kaber@trash.net) wrote:
> Applied, thanks. I've made one minor change:
> 
> --- a/include/linux/netfilter/Kbuild
> +++ b/include/linux/netfilter/Kbuild
> @@ -33,6 +33,7 @@ header-y += xt_limit.h
>  header-y += xt_mac.h
>  header-y += xt_mark.h
>  header-y += xt_multiport.h
> +header-y += xt_osf.h
>  header-y += xt_owner.h
>  header-y += xt_pkttype.h
>  header-y += xt_quota.h

No problem, thank you!

--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -33,6 +33,7 @@  header-y += xt_limit.h
  header-y += xt_mac.h
  header-y += xt_mark.h
  header-y += xt_multiport.h
+header-y += xt_osf.h
  header-y += xt_owner.h
  header-y += xt_pkttype.h
  header-y += xt_quota.h

Passive OS fingerprint xtables match.

Commit Message

Comments

Patch