| Message ID | 20180714145101.2412-1-ffmancera@riseup.net |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | [1/3,nf-next] netfilter: add missing definitions in nf_osf.h | expand |
Tested-by: Fernando Fernandez Mancera <ffmancera@riseup.net> On 07/14/2018 04:50 PM, Fernando Fernandez Mancera wrote: > Added missing definitions from nf_osf.h in order to extract Passive OS > fingerprint infrastructure from xt_osf. > > Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> > --- > include/uapi/linux/netfilter/nf_osf.h | 13 +++++++++++++ > include/uapi/linux/netfilter/xt_osf.h | 10 ++-------- > 2 files changed, 15 insertions(+), 8 deletions(-) > > diff --git a/include/uapi/linux/netfilter/nf_osf.h b/include/uapi/linux/netfilter/nf_osf.h > index 8f2f2f403183..a89583099b2a 100644 > --- a/include/uapi/linux/netfilter/nf_osf.h > +++ b/include/uapi/linux/netfilter/nf_osf.h > @@ -2,6 +2,8 @@ > #define _NF_OSF_H > > #include <linux/types.h> > +#include <linux/ip.h> > +#include <linux/tcp.h> > > #define MAXGENRELEN 32 > > @@ -16,9 +18,14 @@ > > #define NF_OSF_TTL_TRUE 0 /* True ip and fingerprint TTL comparison */ > > +/* Check if ip TTL is less than fingerprint one */ > +#define NF_OSF_TTL_LESS 1 > + > /* Do not compare ip and fingerprint TTL at all */ > #define NF_OSF_TTL_NOCHECK 2 > > +#define NF_OSF_FLAGMASK (NF_OSF_GENRE | NF_OSF_TTL | \ > + NF_OSF_LOG | NF_OSF_INVERT) > /* Wildcard MSS (kind of). > * It is used to implement a state machine for the different wildcard values > * of the MSS and window sizes. > @@ -83,4 +90,10 @@ enum iana_options { > OSFOPT_EMPTY = 255, > }; > > +enum nf_osf_attr_type { > + OSF_ATTR_UNSPEC, > + OSF_ATTR_FINGER, > + OSF_ATTR_MAX, > +}; > + > #endif /* _NF_OSF_H */ > diff --git a/include/uapi/linux/netfilter/xt_osf.h b/include/uapi/linux/netfilter/xt_osf.h > index 72956eceeb09..b189007f4f28 100644 > --- a/include/uapi/linux/netfilter/xt_osf.h > +++ b/include/uapi/linux/netfilter/xt_osf.h > @@ -37,8 +37,7 @@ > > #define XT_OSF_TTL_TRUE NF_OSF_TTL_TRUE > #define XT_OSF_TTL_NOCHECK NF_OSF_TTL_NOCHECK > - > -#define XT_OSF_TTL_LESS 1 /* Check if ip TTL is less than fingerprint one */ > +#define XT_OSF_TTL_LESS NF_OSF_TTL_LESS > > #define xt_osf_wc nf_osf_wc > #define xt_osf_opt nf_osf_opt > @@ -47,6 +46,7 @@ > #define xt_osf_finger nf_osf_finger > #define xt_osf_nlmsg nf_osf_nlmsg > > +#define xt_osf_attr_type nf_osf_attr_type > /* > * Add/remove fingerprint from the kernel. > */ > @@ -56,10 +56,4 @@ enum xt_osf_msg_types { > OSF_MSG_MAX, > }; > > -enum xt_osf_attr_type { > - OSF_ATTR_UNSPEC, > - OSF_ATTR_FINGER, > - OSF_ATTR_MAX, > -}; > - > #endif /* _XT_OSF_H */ > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Sat, Jul 14, 2018 at 04:50:59PM +0200, Fernando Fernandez Mancera wrote: > Added missing definitions from nf_osf.h in order to extract Passive OS > fingerprint infrastructure from xt_osf. Applied, thanks. Please, use present tense in new patches, ie. Add missing definitions... As this is preferred, thanks. For the record, I renamed patch title to: netfilter: nf_osf: add missing definitions to header file -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/uapi/linux/netfilter/nf_osf.h b/include/uapi/linux/netfilter/nf_osf.h index 8f2f2f403183..a89583099b2a 100644 --- a/include/uapi/linux/netfilter/nf_osf.h +++ b/include/uapi/linux/netfilter/nf_osf.h @@ -2,6 +2,8 @@ #define _NF_OSF_H #include <linux/types.h> +#include <linux/ip.h> +#include <linux/tcp.h> #define MAXGENRELEN 32 @@ -16,9 +18,14 @@ #define NF_OSF_TTL_TRUE 0 /* True ip and fingerprint TTL comparison */ +/* Check if ip TTL is less than fingerprint one */ +#define NF_OSF_TTL_LESS 1 + /* Do not compare ip and fingerprint TTL at all */ #define NF_OSF_TTL_NOCHECK 2 +#define NF_OSF_FLAGMASK (NF_OSF_GENRE | NF_OSF_TTL | \ + NF_OSF_LOG | NF_OSF_INVERT) /* Wildcard MSS (kind of). * It is used to implement a state machine for the different wildcard values * of the MSS and window sizes. @@ -83,4 +90,10 @@ enum iana_options { OSFOPT_EMPTY = 255, }; +enum nf_osf_attr_type { + OSF_ATTR_UNSPEC, + OSF_ATTR_FINGER, + OSF_ATTR_MAX, +}; + #endif /* _NF_OSF_H */ diff --git a/include/uapi/linux/netfilter/xt_osf.h b/include/uapi/linux/netfilter/xt_osf.h index 72956eceeb09..b189007f4f28 100644 --- a/include/uapi/linux/netfilter/xt_osf.h +++ b/include/uapi/linux/netfilter/xt_osf.h @@ -37,8 +37,7 @@ #define XT_OSF_TTL_TRUE NF_OSF_TTL_TRUE #define XT_OSF_TTL_NOCHECK NF_OSF_TTL_NOCHECK - -#define XT_OSF_TTL_LESS 1 /* Check if ip TTL is less than fingerprint one */ +#define XT_OSF_TTL_LESS NF_OSF_TTL_LESS #define xt_osf_wc nf_osf_wc #define xt_osf_opt nf_osf_opt @@ -47,6 +46,7 @@ #define xt_osf_finger nf_osf_finger #define xt_osf_nlmsg nf_osf_nlmsg +#define xt_osf_attr_type nf_osf_attr_type /* * Add/remove fingerprint from the kernel. */ @@ -56,10 +56,4 @@ enum xt_osf_msg_types { OSF_MSG_MAX, }; -enum xt_osf_attr_type { - OSF_ATTR_UNSPEC, - OSF_ATTR_FINGER, - OSF_ATTR_MAX, -}; - #endif /* _XT_OSF_H */
Added missing definitions from nf_osf.h in order to extract Passive OS fingerprint infrastructure from xt_osf. Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> --- include/uapi/linux/netfilter/nf_osf.h | 13 +++++++++++++ include/uapi/linux/netfilter/xt_osf.h | 10 ++-------- 2 files changed, 15 insertions(+), 8 deletions(-)