Evgeniy Polyakov wrote:
Hi. Passive OS fingerprinting netfilter module allows to passively detect remote OS and perform various netfilter actions based on that knowledge. This module compares some data (WS, MSS, options and it's order, ttl, df and others) from packets with SYN bit set with dynamically loaded OS fingerprints. Fingerprint matching rules can be downloaded from OpenBSD source tree and loaded via netlink connector into the kernel via special util found in archive. It will also listen for events about matching packets. Archive also contains library file (also attached), which was shipped with iptables extensions some time ago (at least when ipt_osf existed in patch-o-matic). This release moves all rules initialization to be handled over the netlink and introduces lookup tables to speed-up RCU finger matching a bit. Also fixed module unloading RCU completion race noticed by Paul McKenney.
Sorry for ignoring this for so long. I really don't have much of an opinion on this except for what I said before: - I would prefer a mechanism built on u32 if possible - I want to hear at least one person speaking in favour of inclusion since I don't have much of an opinion of my own, but am somewhat doubtful how useful this is I guess you could call Paul's "cool stuff" that, but please resend once more to netfilter-devel :) Anyone who thinks this is useful please speak up. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
