|
Packit Service |
d1fe03 |
/*
|
|
Packit Service |
d1fe03 |
* Copyright (c) 2003+ Evgeniy Polyakov <zbr@ioremap.net>
|
|
Packit Service |
d1fe03 |
*
|
|
Packit Service |
d1fe03 |
*
|
|
Packit Service |
d1fe03 |
* This program is free software; you can redistribute it and/or modify
|
|
Packit Service |
d1fe03 |
* it under the terms of the GNU General Public License as published by
|
|
Packit Service |
d1fe03 |
* the Free Software Foundation; either version 2 of the License, or
|
|
Packit Service |
d1fe03 |
* (at your option) any later version.
|
|
Packit Service |
d1fe03 |
*
|
|
Packit Service |
d1fe03 |
* This program is distributed in the hope that it will be useful,
|
|
Packit Service |
d1fe03 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
d1fe03 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit Service |
d1fe03 |
* GNU General Public License for more details.
|
|
Packit Service |
d1fe03 |
*
|
|
Packit Service |
d1fe03 |
* You should have received a copy of the GNU General Public License
|
|
Packit Service |
d1fe03 |
* along with this program; if not, write to the Free Software
|
|
Packit Service |
d1fe03 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
Packit Service |
d1fe03 |
*/
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
/*
|
|
Packit Service |
d1fe03 |
* xtables interface for OS fingerprint matching module.
|
|
Packit Service |
d1fe03 |
*/
|
|
Packit Service |
d1fe03 |
#include <stdio.h>
|
|
Packit Service |
d1fe03 |
#include <string.h>
|
|
Packit Service |
d1fe03 |
#include <xtables.h>
|
|
Packit Service |
d1fe03 |
#include <netinet/ip.h>
|
|
Packit Service |
d1fe03 |
#include <netinet/tcp.h>
|
|
Packit Service |
d1fe03 |
#include <linux/netfilter/xt_osf.h>
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
enum {
|
|
Packit Service |
d1fe03 |
O_GENRE = 0,
|
|
Packit Service |
d1fe03 |
O_TTL,
|
|
Packit Service |
d1fe03 |
O_LOGLEVEL,
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void osf_help(void)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
printf("OS fingerprint match options:\n"
|
|
Packit Service |
d1fe03 |
"[!] --genre string Match a OS genre by passive fingerprinting.\n"
|
|
Packit Service |
d1fe03 |
"--ttl level Use some TTL check extensions to determine OS:\n"
|
|
Packit Service |
d1fe03 |
" 0 true ip and fingerprint TTL comparison. Works for LAN.\n"
|
|
Packit Service |
d1fe03 |
" 1 check if ip TTL is less than fingerprint one. Works for global addresses.\n"
|
|
Packit Service |
d1fe03 |
" 2 do not compare TTL at all. Allows to detect NMAP, but can produce false results.\n"
|
|
Packit Service |
d1fe03 |
"--log level Log determined genres into dmesg even if they do not match desired one:\n"
|
|
Packit Service |
d1fe03 |
" 0 log all matched or unknown signatures.\n"
|
|
Packit Service |
d1fe03 |
" 1 log only first one.\n"
|
|
Packit Service |
d1fe03 |
" 2 log all known matched signatures.\n"
|
|
Packit Service |
d1fe03 |
);
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
#define s struct xt_osf_info
|
|
Packit Service |
d1fe03 |
static const struct xt_option_entry osf_opts[] = {
|
|
Packit Service |
d1fe03 |
{.name = "genre", .id = O_GENRE, .type = XTTYPE_STRING,
|
|
Packit Service |
d1fe03 |
.flags = XTOPT_MAND | XTOPT_INVERT | XTOPT_PUT,
|
|
Packit Service |
d1fe03 |
XTOPT_POINTER(s, genre)},
|
|
Packit Service |
d1fe03 |
{.name = "ttl", .id = O_TTL, .type = XTTYPE_UINT32,
|
|
Packit Service |
d1fe03 |
.flags = XTOPT_PUT, XTOPT_POINTER(s, ttl), .min = 0, .max = 2},
|
|
Packit Service |
d1fe03 |
{.name = "log", .id = O_LOGLEVEL, .type = XTTYPE_UINT32,
|
|
Packit Service |
d1fe03 |
.flags = XTOPT_PUT, XTOPT_POINTER(s, loglevel), .min = 0, .max = 2},
|
|
Packit Service |
d1fe03 |
XTOPT_TABLEEND,
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
#undef s
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void osf_parse(struct xt_option_call *cb)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
struct xt_osf_info *info = cb->data;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
xtables_option_parse(cb);
|
|
Packit Service |
d1fe03 |
switch (cb->entry->id) {
|
|
Packit Service |
d1fe03 |
case O_GENRE:
|
|
Packit Service |
d1fe03 |
if (cb->invert)
|
|
Packit Service |
d1fe03 |
info->flags |= XT_OSF_INVERT;
|
|
Packit Service |
d1fe03 |
info->len = strlen(info->genre);
|
|
Packit Service |
d1fe03 |
break;
|
|
Packit Service |
d1fe03 |
case O_TTL:
|
|
Packit Service |
d1fe03 |
info->flags |= XT_OSF_TTL;
|
|
Packit Service |
d1fe03 |
break;
|
|
Packit Service |
d1fe03 |
case O_LOGLEVEL:
|
|
Packit Service |
d1fe03 |
info->flags |= XT_OSF_LOG;
|
|
Packit Service |
d1fe03 |
break;
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void osf_print(const void *ip, const struct xt_entry_match *match, int numeric)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const struct xt_osf_info *info = (const struct xt_osf_info*) match->data;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
printf(" OS fingerprint match %s%s", (info->flags & XT_OSF_INVERT) ? "! " : "", info->genre);
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void osf_save(const void *ip, const struct xt_entry_match *match)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const struct xt_osf_info *info = (const struct xt_osf_info*) match->data;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
if (info->flags & XT_OSF_INVERT)
|
|
Packit Service |
d1fe03 |
printf(" !");
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
printf(" --genre %s", info->genre);
|
|
Packit Service |
d1fe03 |
if (info->flags & XT_OSF_TTL)
|
|
Packit Service |
d1fe03 |
printf(" --ttl %u", info->ttl);
|
|
Packit Service |
d1fe03 |
if (info->flags & XT_OSF_LOG)
|
|
Packit Service |
d1fe03 |
printf(" --log %u", info->loglevel);
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static struct xtables_match osf_match = {
|
|
Packit Service |
d1fe03 |
.name = "osf",
|
|
Packit Service |
d1fe03 |
.version = XTABLES_VERSION,
|
|
Packit Service |
d1fe03 |
.size = XT_ALIGN(sizeof(struct xt_osf_info)),
|
|
Packit Service |
d1fe03 |
.userspacesize = XT_ALIGN(sizeof(struct xt_osf_info)),
|
|
Packit Service |
d1fe03 |
.help = osf_help,
|
|
Packit Service |
d1fe03 |
.x6_parse = osf_parse,
|
|
Packit Service |
d1fe03 |
.print = osf_print,
|
|
Packit Service |
d1fe03 |
.save = osf_save,
|
|
Packit Service |
d1fe03 |
.x6_options = osf_opts,
|
|
Packit Service |
d1fe03 |
.family = NFPROTO_IPV4,
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
void _init(void)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
xtables_register_match(&osf_match);
|
|
Packit Service |
d1fe03 |
}
|