---
doc/primary-expression.txt | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index 0fda76d..0c02d9d 100644
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -187,18 +187,30 @@ and others) from packets with the SYN bit set.
[options="header"]
|==================
|Name |Description| Type
+|ttl|
+Do TTL checks on the packet to determine the operating system.|
+string
|name|
-Name of the OS signature to match. All signatures can be found at pf.os file.|
-Use "unknown" for OS signatures that the expression could not detect.
+Name of the OS signature to match. All signatures can be found at pf.os file.
+Use "unknown" for OS signatures that the expression could not detect.|
+string
|==================
+.Available ttl values
+---------------------
+If no TTL attribute is passed, make a true IP header and fingerprint TTL true comparison. This generally works for LANs.
+
+* loose: Check if the IP header's TTL is less than the fingerprint one. Works for globally-routable addresses.
+* skip: Do not compare the TTL at all.
+---------------------
+
.Using osf expression
---------------------
-# Accept packets that match the "Linux" OS signature.
+# Accept packets that match the "Linux" OS genre signature without comparing TTL.
table inet x {
chain y {
type filter hook input priority 0; policy accept;
- osf "Linux"
+ osf skip name "Linux"
}
}
-----------------------
--
2.19.1
