blob: bf7bba80e24c1a22704b74457425f6bbd1f6a5e8 [file] [log] [blame]
Evgeniy Polyakov11eeef42009-06-08 17:01:51 +02001/*
2 * Copyright (c) 2003+ Evgeniy Polyakov <zbr@ioremap.net>
3 *
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
Jeff Kirshere664eab2013-12-06 09:13:42 -080016 * along with this program; if not, see <http://www.gnu.org/licenses/>.
Evgeniy Polyakov11eeef42009-06-08 17:01:51 +020017 */
Jan Engelhardt8bee4ba2010-03-17 16:04:40 +010018#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
Evgeniy Polyakov11eeef42009-06-08 17:01:51 +020019#include <linux/module.h>
20#include <linux/kernel.h>
21
Kevin Cernekee916a2792017-12-05 15:42:41 -080022#include <linux/capability.h>
Evgeniy Polyakov11eeef42009-06-08 17:01:51 +020023#include <linux/if.h>
24#include <linux/inetdevice.h>
25#include <linux/ip.h>
26#include <linux/list.h>
27#include <linux/rculist.h>
28#include <linux/skbuff.h>
29#include <linux/slab.h>
30#include <linux/tcp.h>
31
32#include <net/ip.h>
33#include <net/tcp.h>
34
35#include <linux/netfilter/nfnetlink.h>
36#include <linux/netfilter/x_tables.h>
37#include <net/netfilter/nf_log.h>
38#include <linux/netfilter/xt_osf.h>
39
Jan Engelhardt4b560b42009-07-05 19:43:26 +020040static bool
Jan Engelhardt62fc8052009-07-07 20:42:08 +020041xt_osf_match_packet(const struct sk_buff *skb, struct xt_action_param *p)
Evgeniy Polyakov11eeef42009-06-08 17:01:51 +020042{
43 const struct xt_osf_info *info = p->matchinfo;
Pablo Neira Ayuso613dbd92016-11-03 10:56:21 +010044 struct net *net = xt_net(p);
Evgeniy Polyakov11eeef42009-06-08 17:01:51 +020045
46 if (!info)
47 return false;
48
Fernando Fernandez Mancerabfb15f22018-05-03 14:05:40 +020049 return nf_osf_match(skb, xt_family(p), xt_hooknum(p), xt_in(p),
Fernando Fernandez Manceraf9324952018-07-25 01:32:45 +020050 xt_out(p), info, net, nf_osf_fingers);
Evgeniy Polyakov11eeef42009-06-08 17:01:51 +020051}
52
53static struct xt_match xt_osf_match = {
54 .name = "osf",
55 .revision = 0,
56 .family = NFPROTO_IPV4,
57 .proto = IPPROTO_TCP,
58 .hooks = (1 << NF_INET_LOCAL_IN) |
59 (1 << NF_INET_PRE_ROUTING) |
60 (1 << NF_INET_FORWARD),
61 .match = xt_osf_match_packet,
62 .matchsize = sizeof(struct xt_osf_info),
63 .me = THIS_MODULE,
64};
65
66static int __init xt_osf_init(void)
67{
Fernando Fernandez Manceraf9324952018-07-25 01:32:45 +020068 int err;
Evgeniy Polyakov11eeef42009-06-08 17:01:51 +020069
70 err = xt_register_match(&xt_osf_match);
71 if (err) {
Jan Engelhardt8bee4ba2010-03-17 16:04:40 +010072 pr_err("Failed to register OS fingerprint "
73 "matching module (%d)\n", err);
Fernando Fernandez Manceraf9324952018-07-25 01:32:45 +020074 return err;
Evgeniy Polyakov11eeef42009-06-08 17:01:51 +020075 }
76
77 return 0;
Evgeniy Polyakov11eeef42009-06-08 17:01:51 +020078}
79
80static void __exit xt_osf_fini(void)
81{
Evgeniy Polyakov11eeef42009-06-08 17:01:51 +020082 xt_unregister_match(&xt_osf_match);
Evgeniy Polyakov11eeef42009-06-08 17:01:51 +020083}
84
85module_init(xt_osf_init);
86module_exit(xt_osf_fini);
87
88MODULE_LICENSE("GPL");
89MODULE_AUTHOR("Evgeniy Polyakov <zbr@ioremap.net>");
90MODULE_DESCRIPTION("Passive OS fingerprint matching.");
Kirill Tkhaib8ddd9e2014-03-26 14:37:59 +040091MODULE_ALIAS("ipt_osf");
92MODULE_ALIAS("ip6t_osf");
Evgeniy Polyakov11eeef42009-06-08 17:01:51 +020093MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_OSF);