diff options
| author | Evgeniy Polyakov <zbr@ioremap.net> | 2009-06-08 17:01:51 +0200 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2009-06-08 17:01:51 +0200 |
| commit | 11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384 (patch) | |
| tree | 6fe29550776dc668b73b81bb2407064049ccd0ef /net/netfilter/Kconfig | |
| parent | f87fb666bb00a7afcbd7992d236e42ac544996f9 (diff) | |
| download | kernel_samsung_smdk4412-11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384.zip kernel_samsung_smdk4412-11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384.tar.gz kernel_samsung_smdk4412-11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384.tar.bz2 | |
netfilter: passive OS fingerprint xtables match
Passive OS fingerprinting netfilter module allows to passively detect
remote OS and perform various netfilter actions based on that knowledge.
This module compares some data (WS, MSS, options and it's order, ttl, df
and others) from packets with SYN bit set with dynamically loaded OS
fingerprints.
Fingerprint matching rules can be downloaded from OpenBSD source tree
or found in archive and loaded via netfilter netlink subsystem into
the kernel via special util found in archive.
Archive contains library file (also attached), which was shipped
with iptables extensions some time ago (at least when ipt_osf existed
in patch-o-matic).
Following changes were made in this release:
* added NLM_F_CREATE/NLM_F_EXCL checks
* dropped _rcu list traversing helpers in the protected add/remove calls
* dropped unneded structures, debug prints, obscure comment and check
Fingerprints can be downloaded from
http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os
or can be found in archive
Example usage:
-d switch removes fingerprints
Please consider for inclusion.
Thank you.
Passive OS fingerprint homepage (archives, examples):
http://www.ioremap.net/projects/osf
Signed-off-by: Evgeniy Polyakov <zbr@ioremap.net>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/Kconfig')
| -rw-r--r-- | net/netfilter/Kconfig | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index cb3ad74..79ba47f 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -917,6 +917,19 @@ config NETFILTER_XT_MATCH_U32 Details and examples are in the kernel module source. +config NETFILTER_XT_MATCH_OSF + tristate '"osf" Passive OS fingerprint match' + depends on NETFILTER_ADVANCED && NETFILTER_NETLINK + help + This option selects the Passive OS Fingerprinting match module + that allows to passively match the remote operating system by + analyzing incoming TCP SYN packets. + + Rules and loading software can be downloaded from + http://www.ioremap.net/projects/osf + + To compile it as a module, choose M here. If unsure, say N. + endif # NETFILTER_XTABLES endmenu |