Re: [resend] Passive OS fingerprint xtables match.
From: Jan Engelhardt <hidden>
Date: 2009-05-29 09:49:51
Also in:
netfilter-devel
On Friday 2009-05-29 10:59, Evgeniy Polyakov wrote:
quoted
quoted
+/* Defines for IANA option kinds */ + +enum iana_options { + OSFOPT_EOL = 0, /* End of options */ + OSFOPT_NOP, /* NOP */ + OSFOPT_MSS, /* Maximum segment size */ + OSFOPT_WSO, /* Window scale option */ + OSFOPT_SACKP, /* SACK permitted */ + OSFOPT_SACK, /* SACK */ + OSFOPT_ECHO, + OSFOPT_ECHOREPLY, + OSFOPT_TS, /* Timestamp option */ + OSFOPT_POCP, /* Partial Order Connection Permitted */ + OSFOPT_POSP, /* Partial Order Service Profile */ + + /* Others are not used in the current OSF */ + OSFOPT_EMPTY = 255, +};Why do we need to duplicate these?Why duplicate? It is the only place of the constants describing used option numbers. include/net/tcp.h does not have 'partial order' options in particular.
Then you do one of these:
1. add TCPOPT_POCP/POSP to tcp.h or
2. define it locally:
#include <net/tcp.h>
enum {
TCPOPT_POCP = 9,
TCPOPT_POSP = 10,
};
quoted
quoted
+config NETFILTER_XT_MATCH_OSF + tristate '"osf" Passive OS fingerprint match' + depends on NETFILTER_ADVANCED&& NFNETLINKWill add.
Does it really need to depend on nfnetlink? Even if I just want to have it dumped to syslog?