Re: Passive OS fingerprint xtables match.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Mar 10, 2009 at 06:13:57PM +0300, Evgeniy Polyakov (zbr@xxxxxxxxxxx) wrote:
> Passive OS fingerprinting netfilter module allows to passively detect
> remote OS and perform various netfilter actions based on that knowledge.
> This module compares some data (WS, MSS, options and it's order, ttl, df
> and others) from packets with SYN bit set with dynamically loaded OS
> fingerprints.
> 
> Fingerprint matching rules can be downloaded from OpenBSD source tree
> and loaded via netlink connector into the kernel via special util found
> in archive. It will also listen for events about matching packets.
> 
> Archive also contains library file (also attached), which was shipped
> with iptables extensions some time ago (at least when ipt_osf existed
> in patch-o-matic).
> 
> This release implements suggestions found during the code review like
> codying style, structure split and tighter packing, bool and %pi4
> usage and similar changes.

Not the latest version, it misses the following fix from the parallel
tree.

    Fixed TCP header copy to the userspace when given option is enabled.

diff --git a/net/netfilter/xt_osf.c b/net/netfilter/xt_osf.c
index 3114bbd..e619f09 100644
--- a/net/netfilter/xt_osf.c
+++ b/net/netfilter/xt_osf.c
@@ -83,7 +83,7 @@ static void ipt_osf_send_connector(struct ipt_osf_user_finger *f,
 	struct ipt_osf_message *msg = &per_cpu(ipt_osf_mbuf, smp_processor_id());
 	struct ipt_osf_nlmsg *data = &msg->nlmsg;
 	struct iphdr *iph = ip_hdr(skb);
-	struct tcphdr *tcph = tcp_hdr(skb);
+	struct tcphdr *tcp;
 
 	memcpy(&msg->cmsg.id, &cn_osf_id, sizeof(struct cn_msg));
 	msg->cmsg.seq = osf_seq++;
@@ -92,7 +92,9 @@ static void ipt_osf_send_connector(struct ipt_osf_user_finger *f,
 
 	memcpy(&data->f, f, sizeof(struct ipt_osf_user_finger));
 	memcpy(&data->ip, iph, sizeof(struct iphdr));
-	memcpy(&data->tcp, tcph, sizeof(struct tcphdr));
+	tcp = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(struct tcphdr), &data->tcp);
+	if (tcp)
+		memcpy(&data->tcp, tcp, sizeof(struct tcphdr));
 
 	cn_netlink_send(&msg->cmsg, CN_IDX_OSF, GFP_ATOMIC);
 }


-- 
	Evgeniy Polyakov
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux