Thread (16 messages) 16 messages, 3 authors, 2009-06-04

Re: [resend] Passive OS fingerprint xtables match.

From: Jan Engelhardt <hidden>
Date: 2009-05-29 09:49:51
Also in: netfilter-devel

On Friday 2009-05-29 10:59, Evgeniy Polyakov wrote:
quoted
quoted
+/* Defines for IANA option kinds */
+
+enum iana_options {
+	OSFOPT_EOL = 0,		/* End of options */
+	OSFOPT_NOP, 		/* NOP */
+	OSFOPT_MSS, 		/* Maximum segment size */
+	OSFOPT_WSO, 		/* Window scale option */
+	OSFOPT_SACKP,		/* SACK permitted */
+	OSFOPT_SACK,		/* SACK */
+	OSFOPT_ECHO,
+	OSFOPT_ECHOREPLY,
+	OSFOPT_TS,		/* Timestamp option */
+	OSFOPT_POCP,		/* Partial Order Connection Permitted */
+	OSFOPT_POSP,		/* Partial Order Service Profile */
+
+	/* Others are not used in the current OSF */
+	OSFOPT_EMPTY = 255,
+};
Why do we need to duplicate these?
Why duplicate? It is the only place of the constants describing used
option numbers. include/net/tcp.h does not have 'partial order' options
in particular.
Then you do one of these:

1. add TCPOPT_POCP/POSP to tcp.h or
2. define it locally:
#include <net/tcp.h>
enum {
	TCPOPT_POCP = 9,
	TCPOPT_POSP = 10,
};
quoted
quoted
+config NETFILTER_XT_MATCH_OSF
+	tristate '"osf" Passive OS fingerprint match'
+	depends on NETFILTER_ADVANCED
&& NFNETLINK
Will add.
Does it really need to depend on nfnetlink? Even if I just want to
have it dumped to syslog?
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help