1 #ifndef _NF_OSF_H 2 #define _NF_OSF_H 3 4 #include <linux/types.h> 5 #include <linux/ip.h> 6 #include <linux/tcp.h> 7 8 #define MAXGENRELEN 32 9 10 #define NF_OSF_GENRE (1 << 0) 11 #define NF_OSF_TTL (1 << 1) 12 #define NF_OSF_LOG (1 << 2) 13 #define NF_OSF_INVERT (1 << 3) 14 15 #define NF_OSF_LOGLEVEL_ALL 0 /* log all matched fingerprints */ 16 #define NF_OSF_LOGLEVEL_FIRST 1 /* log only the first matced fingerprint */ 17 #define NF_OSF_LOGLEVEL_ALL_KNOWN 2 /* do not log unknown packets */ 18 19 #define NF_OSF_TTL_TRUE 0 /* True ip and fingerprint TTL comparison */ 20 21 /* Check if ip TTL is less than fingerprint one */ 22 #define NF_OSF_TTL_LESS 1 23 24 /* Do not compare ip and fingerprint TTL at all */ 25 #define NF_OSF_TTL_NOCHECK 2 26 27 #define NF_OSF_FLAGMASK (NF_OSF_GENRE | NF_OSF_TTL | \ 28 NF_OSF_LOG | NF_OSF_INVERT) 29 /* Wildcard MSS (kind of). 30 * It is used to implement a state machine for the different wildcard values 31 * of the MSS and window sizes. 32 */ 33 struct nf_osf_wc { 34 __u32 wc; 35 __u32 val; 36 }; 37 38 /* This struct represents IANA options 39 * http://www.iana.org/assignments/tcp-parameters 40 */ 41 struct nf_osf_opt { 42 __u16 kind, length; 43 struct nf_osf_wc wc; 44 }; 45 46 struct nf_osf_info { 47 char genre[MAXGENRELEN]; 48 __u32 len; 49 __u32 flags; 50 __u32 loglevel; 51 __u32 ttl; 52 }; 53 54 struct nf_osf_user_finger { 55 struct nf_osf_wc wss; 56 57 __u8 ttl, df; 58 __u16 ss, mss; 59 __u16 opt_num; 60 61 char genre[MAXGENRELEN]; 62 char version[MAXGENRELEN]; 63 char subtype[MAXGENRELEN]; 64 65 /* MAX_IPOPTLEN is maximum if all options are NOPs or EOLs */ 66 struct nf_osf_opt opt[MAX_IPOPTLEN]; 67 }; 68 69 struct nf_osf_nlmsg { 70 struct nf_osf_user_finger f; 71 struct iphdr ip; 72 struct tcphdr tcp; 73 }; 74 75 /* Defines for IANA option kinds */ 76 enum iana_options { 77 OSFOPT_EOL = 0, /* End of options */ 78 OSFOPT_NOP, /* NOP */ 79 OSFOPT_MSS, /* Maximum segment size */ 80 OSFOPT_WSO, /* Window scale option */ 81 OSFOPT_SACKP, /* SACK permitted */ 82 OSFOPT_SACK, /* SACK */ 83 OSFOPT_ECHO, 84 OSFOPT_ECHOREPLY, 85 OSFOPT_TS, /* Timestamp option */ 86 OSFOPT_POCP, /* Partial Order Connection Permitted */ 87 OSFOPT_POSP, /* Partial Order Service Profile */ 88 89 /* Others are not used in the current OSF */ 90 OSFOPT_EMPTY = 255, 91 }; 92 93 /* Initial window size option state machine: multiple of mss, mtu or 94 * plain numeric value. Can also be made as plain numeric value which 95 * is not a multiple of specified value. 96 */ 97 enum nf_osf_window_size_options { 98 OSF_WSS_PLAIN = 0, 99 OSF_WSS_MSS, 100 OSF_WSS_MTU, 101 OSF_WSS_MODULO, 102 OSF_WSS_MAX, 103 }; 104 105 enum nf_osf_attr_type { 106 OSF_ATTR_UNSPEC, 107 OSF_ATTR_FINGER, 108 OSF_ATTR_MAX, 109 }; 110 111 /* 112 * Add/remove fingerprint from the kernel. 113 */ 114 enum nf_osf_msg_types { 115 OSF_MSG_ADD, 116 OSF_MSG_REMOVE, 117 OSF_MSG_MAX, 118 }; 119 120 #endif /* _NF_OSF_H */ 121