king
/
v811_spc009
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b394c2d4e7'
${ noResults }
v811_spc009/external/iptables/extensions/libxt_osf.c

122 lines
3.7 KiB
Raw Blame History

/*
* Copyright (c) 2003+ Evgeniy Polyakov <zbr@ioremap.net>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/*
* xtables interface for OS fingerprint matching module.
*/
#include <stdio.h>
#include <string.h>
#include <xtables.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <linux/netfilter/xt_osf.h>
enum {
O_GENRE = 0,
O_TTL,
O_LOGLEVEL,
};
static void osf_help(void)
{
printf("OS fingerprint match options:\n"
"[!] --genre string Match a OS genre by passive fingerprinting.\n"
"--ttl level Use some TTL check extensions to determine OS:\n"
" 0 true ip and fingerprint TTL comparison. Works for LAN.\n"
" 1 check if ip TTL is less than fingerprint one. Works for global addresses.\n"
" 2 do not compare TTL at all. This allows NMAP detection, but can produce false results.\n"
"--log level Log determined genres into dmesg even if they do not match desired one:\n"
" 0 log all matched or unknown signatures.\n"
" 1 log only first one.\n"
" 2 log all known matched signatures.\n"
);
}
#define s struct xt_osf_info
static const struct xt_option_entry osf_opts[] = {
{.name = "genre", .id = O_GENRE, .type = XTTYPE_STRING,
.flags = XTOPT_MAND | XTOPT_INVERT | XTOPT_PUT,
XTOPT_POINTER(s, genre)},
{.name = "ttl", .id = O_TTL, .type = XTTYPE_UINT32,
.flags = XTOPT_PUT, XTOPT_POINTER(s, ttl), .min = 0, .max = 2},
{.name = "log", .id = O_LOGLEVEL, .type = XTTYPE_UINT32,
.flags = XTOPT_PUT, XTOPT_POINTER(s, loglevel), .min = 0, .max = 2},
XTOPT_TABLEEND,
};
#undef s
static void osf_parse(struct xt_option_call *cb)
{
struct xt_osf_info *info = cb->data;
xtables_option_parse(cb);
switch (cb->entry->id) {
case O_GENRE:
if (cb->invert)
info->flags |= XT_OSF_INVERT;
info->len = strlen(info->genre);
break;
case O_TTL:
info->flags |= XT_OSF_TTL;
break;
case O_LOGLEVEL:
info->flags |= XT_OSF_LOG;
break;
}
}
static void osf_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_osf_info *info = (const struct xt_osf_info*) match->data;
printf(" OS fingerprint match %s%s", (info->flags & XT_OSF_INVERT) ? "! " : "", info->genre);
}
static void osf_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_osf_info *info = (const struct xt_osf_info*) match->data;
if (info->flags & XT_OSF_INVERT)
printf(" !");
printf(" --genre %s", info->genre);
if (info->flags & XT_OSF_TTL)
printf(" --ttl %u", info->ttl);
if (info->flags & XT_OSF_LOG)
printf(" --log %u", info->loglevel);
}
static struct xtables_match osf_match = {
.name = "osf",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_osf_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_osf_info)),
.help = osf_help,
.x6_parse = osf_parse,
.print = osf_print,
.save = osf_save,
.x6_options = osf_opts,
.family = NFPROTO_IPV4,
};
void _init(void)
{
xtables_register_match(&osf_match);
}
Reference in new issue View Git Blame Copy Permalink