Re: [PATCH 1/2 nftables] src: introduce passive OS fingerprint matching

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Sat, 4 Aug 2018 00:14:20 +0200

On Fri, Aug 03, 2018 at 11:47:11PM +0200, Fernando Fernandez Mancera wrote:
> Add support for "osf" expression. Example:

Applied with a few glitches, see below, thanks.

> @@ -191,6 +193,7 @@ enum expr_flags {
>  #include <hash.h>
>  #include <ct.h>
>  #include <socket.h>
> +#include <osf.h>
>  
>  /**
>   * struct expr
> @@ -303,6 +306,9 @@ struct expr {
>  			/* SOCKET */
>  			enum nft_socket_keys	key;
>  		} socket;
> +		struct {
> +			/* OSF */

No need for empty structure, I have removed it.

> +		} osf;
>  		struct {
>  			/* EXPR_RT */
>  			enum nft_rt_keys	key;
> diff --git a/src/evaluate.c b/src/evaluate.c
> index ae881cc..839866e 100644
> --- a/src/evaluate.c
> +++ b/src/evaluate.c
> @@ -1720,6 +1720,13 @@ static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **expr)
>  	return 0;
>  }
>  
> +static int expr_evaluate_osf(struct eval_ctx *ctx, struct expr **expr)
> +{
> +	__expr_set_context(&ctx->ectx, (*expr)->dtype, (*expr)->byteorder,
> +			   (*expr)->len, 1);

Replaced this by expr_evaluate_primary().

It would be good to validate that we don't go over the maximum OS name
length. This reminds me we may need to export the maximum OS
definition through UAPI and use it.

> +	return 0;
> +}
> +
>  static int expr_evaluate_variable(struct eval_ctx *ctx, struct expr **exprp)
>  {
>  	struct expr *new = expr_clone((*exprp)->sym->expr);
> @@ -1759,6 +1766,8 @@ static int expr_evaluate(struct eval_ctx *ctx, struct expr **expr)
>  		return expr_evaluate_meta(ctx, expr);
>  	case EXPR_SOCKET:
>  		return expr_evaluate_socket(ctx, expr);
> +	case EXPR_OSF:
> +		return expr_evaluate_osf(ctx, expr);
>  	case EXPR_FIB:
>  		return expr_evaluate_fib(ctx, expr);
>  	case EXPR_PAYLOAD:
> diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
> index 7e9765c..557da5e 100644
> --- a/src/netlink_delinearize.c
> +++ b/src/netlink_delinearize.c
> @@ -630,6 +630,19 @@ static void netlink_parse_socket(struct netlink_parse_ctx *ctx,
>  	netlink_set_register(ctx, dreg, expr);
>  }
>  
> +static void netlink_parse_osf(struct netlink_parse_ctx *ctx,
> +			      const struct location *loc,
> +			      const struct nftnl_expr *nle)
> +{
> +	enum nft_registers dreg;
> +	struct expr *expr;
> +
> +	expr = osf_expr_alloc(loc);
> +	printf("%u", NFTNL_EXPR_OSF_DREG);

Just removed this printf().
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html