On Sat, Jul 14, 2018 at 04:51:01PM +0200, Fernando Fernandez Mancera wrote:
> Signed-off-by: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
> ---
> include/linux/netfilter/nfnetlink_osf.h | 20 +++++
> net/netfilter/Kconfig | 11 ++-
> net/netfilter/Makefile | 1 +
> net/netfilter/nfnetlink_osf.c | 100 +++++++++++++++++++++++
> net/netfilter/xt_osf.c | 103 ++----------------------
> 5 files changed, 139 insertions(+), 96 deletions(-)
> create mode 100644 include/linux/netfilter/nfnetlink_osf.h
> create mode 100644 net/netfilter/nfnetlink_osf.c
>
> diff --git a/include/linux/netfilter/nfnetlink_osf.h b/include/linux/netfilter/nfnetlink_osf.h
> new file mode 100644
> index 000000000000..80fbbbbcd21b
> --- /dev/null
> +++ b/include/linux/netfilter/nfnetlink_osf.h
> @@ -0,0 +1,20 @@
> +#ifndef _NFNETLINK_OSF_H
> +#define _NFNETLINK_OSF_H
> +
> +#include <linux/list.h>
> +
> +#include <linux/netfilter/nfnetlink.h>
> +
> +extern struct list_head nf_osf_fingers[2];
This declaration you can place it in the existing nf_osf.h file, so we
don't need to create yet another new header file.
And regarding these below...
> +int nf_osf_add_callback(struct net *net, struct sock *ctnl,
> + struct sk_buff *skb, const struct nlmsghdr *nlh,
> + const struct nlattr * const osf_attrs[],
> + struct netlink_ext_ack *extack);
> +
> +int nf_osf_remove_callback(struct net *net, struct sock *ctnl,
> + struct sk_buff *skb, const struct nlmsghdr *nlh,
> + const struct nlattr * const osf_attrs[],
> + struct netlink_ext_ack *extack);
You don't need to place these function declararions in the .h file.
Rule of thumb is: You only place declaration in header file that will
be used by other .c files or other modules...
These are internal, so...
> +
> +#endif /* _NFNETLINK_OSF_H */
> diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
> index 29c8591f87c2..1e156978535b 100644
> --- a/net/netfilter/Kconfig
> +++ b/net/netfilter/Kconfig
> @@ -46,6 +46,14 @@ config NETFILTER_NETLINK_LOG
> and is also scheduled to replace the old syslog-based ipt_LOG
> and ip6t_LOG modules.
>
> +config NETFILTER_NETLINK_OSF
> + tristate "Netfilter NFOSF over NFNETLINK interface"
> + depends on NETFILTER_ADVANCED
> + select NETFILTER_NETLINK
> + help
> + If this option is enables, the kernel will include support
> + for passive OS fingerprint via NFNETLINK.
> +
> config NF_CONNTRACK
> tristate "Netfilter connection tracking support"
> default m if NETFILTER_ADVANCED=n
> @@ -636,6 +644,7 @@ config NFT_SOCKET
> config NFT_OSF
> tristate "Netfilter nf_tables passive OS fingerprinting support"
> select NF_OSF
> + select NETFILTER_NETLINK_OSF
> help
> This option allows matching packets from an specific OS.
>
> @@ -1385,8 +1394,8 @@ config NETFILTER_XT_MATCH_NFACCT
>
> config NETFILTER_XT_MATCH_OSF
> tristate '"osf" Passive OS fingerprint match'
> - depends on NETFILTER_ADVANCED && NETFILTER_NETLINK
> select NF_OSF
> + select NETFILTER_NETLINK_OSF
> help
> This option selects the Passive OS Fingerprinting match module
> that allows to passively match the remote operating system by
> diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
> index 75ddcb0f748d..2fa826d5fdc5 100644
> --- a/net/netfilter/Makefile
> +++ b/net/netfilter/Makefile
> @@ -20,6 +20,7 @@ obj-$(CONFIG_NETFILTER_NETLINK) += nfnetlink.o
> obj-$(CONFIG_NETFILTER_NETLINK_ACCT) += nfnetlink_acct.o
> obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += nfnetlink_queue.o
> obj-$(CONFIG_NETFILTER_NETLINK_LOG) += nfnetlink_log.o
> +obj-$(CONFIG_NETFILTER_NETLINK_OSF) += nfnetlink_osf.o
>
> # connection tracking
> obj-$(CONFIG_NF_CONNTRACK) += nf_conntrack.o
> diff --git a/net/netfilter/nfnetlink_osf.c b/net/netfilter/nfnetlink_osf.c
> new file mode 100644
> index 000000000000..df9d49c54655
> --- /dev/null
> +++ b/net/netfilter/nfnetlink_osf.c
> @@ -0,0 +1,100 @@
> +#include <linux/netfilter/nfnetlink_osf.h>
> +#include <linux/netfilter/nf_osf.h>
> +
> +/*
> + * Indexed by dont-fragment bit.
> + * It is the only constant value in the fingerprint.
> + */
> +struct list_head nf_osf_fingers[2];
> +EXPORT_SYMBOL_GPL(nf_osf_fingers);
>
> +static const struct nla_policy nf_osf_policy[OSF_ATTR_MAX + 1] = {
> + [OSF_ATTR_FINGER] = { .len = sizeof(struct nf_osf_user_finger) },
> +};
> +
> +int nf_osf_add_callback(struct net *net, struct sock *ctnl,
use _static_ here instead.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
