Evgeniy Polyakov | 11eeef4 | 2009-06-08 17:01:51 +0200 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2003+ Evgeniy Polyakov <zbr@ioremap.net> |
| 3 | * |
| 4 | * |
| 5 | * This program is free software; you can redistribute it and/or modify |
| 6 | * it under the terms of the GNU General Public License as published by |
| 7 | * the Free Software Foundation; either version 2 of the License, or |
| 8 | * (at your option) any later version. |
| 9 | * |
| 10 | * This program is distributed in the hope that it will be useful, |
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 13 | * GNU General Public License for more details. |
| 14 | * |
| 15 | * You should have received a copy of the GNU General Public License |
Jeff Kirsher | e664eab | 2013-12-06 09:13:42 -0800 | [diff] [blame] | 16 | * along with this program; if not, see <http://www.gnu.org/licenses/>. |
Evgeniy Polyakov | 11eeef4 | 2009-06-08 17:01:51 +0200 | [diff] [blame] | 17 | */ |
Jan Engelhardt | 8bee4ba | 2010-03-17 16:04:40 +0100 | [diff] [blame] | 18 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
Evgeniy Polyakov | 11eeef4 | 2009-06-08 17:01:51 +0200 | [diff] [blame] | 19 | #include <linux/module.h> |
| 20 | #include <linux/kernel.h> |
| 21 | |
Kevin Cernekee | 916a279 | 2017-12-05 15:42:41 -0800 | [diff] [blame] | 22 | #include <linux/capability.h> |
Evgeniy Polyakov | 11eeef4 | 2009-06-08 17:01:51 +0200 | [diff] [blame] | 23 | #include <linux/if.h> |
| 24 | #include <linux/inetdevice.h> |
| 25 | #include <linux/ip.h> |
| 26 | #include <linux/list.h> |
| 27 | #include <linux/rculist.h> |
| 28 | #include <linux/skbuff.h> |
| 29 | #include <linux/slab.h> |
| 30 | #include <linux/tcp.h> |
| 31 | |
| 32 | #include <net/ip.h> |
| 33 | #include <net/tcp.h> |
| 34 | |
| 35 | #include <linux/netfilter/nfnetlink.h> |
| 36 | #include <linux/netfilter/x_tables.h> |
| 37 | #include <net/netfilter/nf_log.h> |
| 38 | #include <linux/netfilter/xt_osf.h> |
| 39 | |
Jan Engelhardt | 4b560b4 | 2009-07-05 19:43:26 +0200 | [diff] [blame] | 40 | static bool |
Jan Engelhardt | 62fc805 | 2009-07-07 20:42:08 +0200 | [diff] [blame] | 41 | xt_osf_match_packet(const struct sk_buff *skb, struct xt_action_param *p) |
Evgeniy Polyakov | 11eeef4 | 2009-06-08 17:01:51 +0200 | [diff] [blame] | 42 | { |
| 43 | const struct xt_osf_info *info = p->matchinfo; |
Pablo Neira Ayuso | 613dbd9 | 2016-11-03 10:56:21 +0100 | [diff] [blame] | 44 | struct net *net = xt_net(p); |
Evgeniy Polyakov | 11eeef4 | 2009-06-08 17:01:51 +0200 | [diff] [blame] | 45 | |
| 46 | if (!info) |
| 47 | return false; |
| 48 | |
Fernando Fernandez Mancera | bfb15f2 | 2018-05-03 14:05:40 +0200 | [diff] [blame] | 49 | return nf_osf_match(skb, xt_family(p), xt_hooknum(p), xt_in(p), |
Fernando Fernandez Mancera | f932495 | 2018-07-25 01:32:45 +0200 | [diff] [blame] | 50 | xt_out(p), info, net, nf_osf_fingers); |
Evgeniy Polyakov | 11eeef4 | 2009-06-08 17:01:51 +0200 | [diff] [blame] | 51 | } |
| 52 | |
| 53 | static struct xt_match xt_osf_match = { |
| 54 | .name = "osf", |
| 55 | .revision = 0, |
| 56 | .family = NFPROTO_IPV4, |
| 57 | .proto = IPPROTO_TCP, |
| 58 | .hooks = (1 << NF_INET_LOCAL_IN) | |
| 59 | (1 << NF_INET_PRE_ROUTING) | |
| 60 | (1 << NF_INET_FORWARD), |
| 61 | .match = xt_osf_match_packet, |
| 62 | .matchsize = sizeof(struct xt_osf_info), |
| 63 | .me = THIS_MODULE, |
| 64 | }; |
| 65 | |
| 66 | static int __init xt_osf_init(void) |
| 67 | { |
Fernando Fernandez Mancera | f932495 | 2018-07-25 01:32:45 +0200 | [diff] [blame] | 68 | int err; |
Evgeniy Polyakov | 11eeef4 | 2009-06-08 17:01:51 +0200 | [diff] [blame] | 69 | |
| 70 | err = xt_register_match(&xt_osf_match); |
| 71 | if (err) { |
Jan Engelhardt | 8bee4ba | 2010-03-17 16:04:40 +0100 | [diff] [blame] | 72 | pr_err("Failed to register OS fingerprint " |
| 73 | "matching module (%d)\n", err); |
Fernando Fernandez Mancera | f932495 | 2018-07-25 01:32:45 +0200 | [diff] [blame] | 74 | return err; |
Evgeniy Polyakov | 11eeef4 | 2009-06-08 17:01:51 +0200 | [diff] [blame] | 75 | } |
| 76 | |
| 77 | return 0; |
Evgeniy Polyakov | 11eeef4 | 2009-06-08 17:01:51 +0200 | [diff] [blame] | 78 | } |
| 79 | |
| 80 | static void __exit xt_osf_fini(void) |
| 81 | { |
Evgeniy Polyakov | 11eeef4 | 2009-06-08 17:01:51 +0200 | [diff] [blame] | 82 | xt_unregister_match(&xt_osf_match); |
Evgeniy Polyakov | 11eeef4 | 2009-06-08 17:01:51 +0200 | [diff] [blame] | 83 | } |
| 84 | |
| 85 | module_init(xt_osf_init); |
| 86 | module_exit(xt_osf_fini); |
| 87 | |
| 88 | MODULE_LICENSE("GPL"); |
| 89 | MODULE_AUTHOR("Evgeniy Polyakov <zbr@ioremap.net>"); |
| 90 | MODULE_DESCRIPTION("Passive OS fingerprint matching."); |
Kirill Tkhai | b8ddd9e | 2014-03-26 14:37:59 +0400 | [diff] [blame] | 91 | MODULE_ALIAS("ipt_osf"); |
| 92 | MODULE_ALIAS("ip6t_osf"); |
Evgeniy Polyakov | 11eeef4 | 2009-06-08 17:01:51 +0200 | [diff] [blame] | 93 | MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_OSF); |