--- doc/primary-expression.txt | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt index 0fda76d..0c02d9d 100644 --- a/doc/primary-expression.txt +++ b/doc/primary-expression.txt @@ -187,18 +187,30 @@ and others) from packets with the SYN bit set. [options="header"] |================== |Name |Description| Type +|ttl| +Do TTL checks on the packet to determine the operating system.| +string |name| -Name of the OS signature to match. All signatures can be found at pf.os file.| -Use "unknown" for OS signatures that the expression could not detect. +Name of the OS signature to match. All signatures can be found at pf.os file. +Use "unknown" for OS signatures that the expression could not detect.| +string |================== +.Available ttl values +--------------------- +If no TTL attribute is passed, make a true IP header and fingerprint TTL true comparison. This generally works for LANs. + +* loose: Check if the IP header's TTL is less than the fingerprint one. Works for globally-routable addresses. +* skip: Do not compare the TTL at all. +--------------------- + .Using osf expression --------------------- -# Accept packets that match the "Linux" OS signature. +# Accept packets that match the "Linux" OS genre signature without comparing TTL. table inet x { chain y { type filter hook input priority 0; policy accept; - osf "Linux" + osf skip name "Linux" } } ----------------------- -- 2.19.1