* [PATCH 1/6 nft v3] osf: add version fingerprint support
@ 2019-03-27 10:37 Fernando Fernandez Mancera
2019-03-27 10:37 ` [PATCH 2/6 nft v3] json: osf: add version json support Fernando Fernandez Mancera
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Fernando Fernandez Mancera @ 2019-03-27 10:37 UTC (permalink / raw
To: netfilter-devel; +Cc: Fernando Fernandez Mancera
Add support for version fingerprint in "osf" expression. Example:
table ip foo {
chain bar {
type filter hook input priority filter; policy accept;
osf ttl skip name "Linux"
osf ttl skip version "Linux:4.20"
}
}
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
include/expression.h | 1 +
include/linux/netfilter/nf_tables.h | 6 ++++++
include/osf.h | 3 ++-
src/netlink_delinearize.c | 4 +++-
src/netlink_linearize.c | 1 +
src/osf.c | 13 ++++++++++---
src/parser_bison.y | 8 ++++++--
7 files changed, 29 insertions(+), 7 deletions(-)
diff --git a/include/expression.h b/include/expression.h
index 6d72f64..6416ac0 100644
--- a/include/expression.h
+++ b/include/expression.h
@@ -350,6 +350,7 @@ struct expr {
struct {
/* EXPR_OSF */
uint8_t ttl;
+ uint32_t flags;
} osf;
};
};
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 37036be..09a7b9e 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -944,15 +944,21 @@ enum nft_socket_keys {
*
* @NFTA_OSF_DREG: destination register (NLA_U32: nft_registers)
* @NFTA_OSF_TTL: Value of the TTL osf option (NLA_U8)
+ * @NFTA_OSF_FLAGS: flags (NLA_U32)
*/
enum nft_osf_attributes {
NFTA_OSF_UNSPEC,
NFTA_OSF_DREG,
NFTA_OSF_TTL,
+ NFTA_OSF_FLAGS,
__NFTA_OSF_MAX
};
#define NFT_OSF_MAX (__NFTA_OSF_MAX - 1)
+enum nft_osf_flags {
+ NFT_OSF_F_VERSION = 1 << 0, /* check fingerprint version */
+};
+
/**
* enum nft_ct_keys - nf_tables ct expression keys
*
diff --git a/include/osf.h b/include/osf.h
index 23ea34d..8f6f584 100644
--- a/include/osf.h
+++ b/include/osf.h
@@ -1,7 +1,8 @@
#ifndef NFTABLES_OSF_H
#define NFTABLES_OSF_H
-struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl);
+struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl,
+ const uint32_t flags);
extern int nfnl_osf_load_fingerprints(struct netlink_ctx *ctx, int del);
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index d0eaf5b..9a2d63d 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -655,10 +655,12 @@ static void netlink_parse_osf(struct netlink_parse_ctx *ctx,
{
enum nft_registers dreg;
struct expr *expr;
+ uint32_t flags;
uint8_t ttl;
ttl = nftnl_expr_get_u8(nle, NFTNL_EXPR_OSF_TTL);
- expr = osf_expr_alloc(loc, ttl);
+ flags = nftnl_expr_get_u32(nle, NFTNL_EXPR_OSF_FLAGS);
+ expr = osf_expr_alloc(loc, ttl, flags);
dreg = netlink_parse_register(nle, NFTNL_EXPR_OSF_DREG);
netlink_set_register(ctx, dreg, expr);
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 61149bf..8df82d5 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -228,6 +228,7 @@ static void netlink_gen_osf(struct netlink_linearize_ctx *ctx,
nle = alloc_nft_expr("osf");
netlink_put_register(nle, NFTNL_EXPR_OSF_DREG, dreg);
nftnl_expr_set_u8(nle, NFTNL_EXPR_OSF_TTL, expr->osf.ttl);
+ nftnl_expr_set_u32(nle, NFTNL_EXPR_OSF_FLAGS, expr->osf.flags);
nftnl_rule_add_expr(ctx->nlr, nle);
}
diff --git a/src/osf.c b/src/osf.c
index 9252934..f0c2239 100644
--- a/src/osf.c
+++ b/src/osf.c
@@ -19,17 +19,22 @@ static void osf_expr_print(const struct expr *expr, struct output_ctx *octx)
{
const char *ttl_str = osf_ttl_int_to_str(expr->osf.ttl);
- nft_print(octx, "osf %sname", ttl_str);
+ if (expr->osf.flags & NFT_OSF_F_VERSION)
+ nft_print(octx, "osf %sversion", ttl_str);
+ else
+ nft_print(octx, "osf %sname", ttl_str);
}
static void osf_expr_clone(struct expr *new, const struct expr *expr)
{
new->osf.ttl = expr->osf.ttl;
+ new->osf.flags = expr->osf.flags;
}
static bool osf_expr_cmp(const struct expr *e1, const struct expr *e2)
{
- return e1->osf.ttl == e2->osf.ttl;
+ return (e1->osf.ttl == e2->osf.ttl) &&
+ (e1->osf.flags == e2->osf.flags);
}
const struct expr_ops osf_expr_ops = {
@@ -41,7 +46,8 @@ const struct expr_ops osf_expr_ops = {
.json = osf_expr_json,
};
-struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl)
+struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl,
+ const uint32_t flags)
{
unsigned int len = NFT_OSF_MAXGENRELEN * BITS_PER_BYTE;
const struct datatype *type = &string_type;
@@ -50,6 +56,7 @@ struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl)
expr = expr_alloc(loc, EXPR_OSF, type,
BYTEORDER_HOST_ENDIAN, len);
expr->osf.ttl = ttl;
+ expr->osf.flags = flags;
return expr;
}
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 65b3fb3..6e1bb88 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3190,9 +3190,13 @@ fib_tuple : fib_flag DOT fib_tuple
| fib_flag
;
-osf_expr : OSF osf_ttl NAME
+osf_expr : OSF osf_ttl HDRVERSION
{
- $$ = osf_expr_alloc(&@$, $2);
+ $$ = osf_expr_alloc(&@$, $2, NFT_OSF_F_VERSION);
+ }
+ | OSF osf_ttl NAME
+ {
+ $$ = osf_expr_alloc(&@$, $2, 0);
}
;
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/6 nft v3] json: osf: add version json support
2019-03-27 10:37 [PATCH 1/6 nft v3] osf: add version fingerprint support Fernando Fernandez Mancera
@ 2019-03-27 10:37 ` Fernando Fernandez Mancera
2019-03-27 10:37 ` [PATCH 3/6 nft v3] tests: py: add osf tests with versions Fernando Fernandez Mancera
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Fernando Fernandez Mancera @ 2019-03-27 10:37 UTC (permalink / raw
To: netfilter-devel; +Cc: Fernando Fernandez Mancera
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
src/json.c | 7 ++++++-
src/parser_json.c | 9 +++++++--
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/json.c b/src/json.c
index 276a3c0..4900c02 100644
--- a/src/json.c
+++ b/src/json.c
@@ -864,7 +864,12 @@ json_t *socket_expr_json(const struct expr *expr, struct output_ctx *octx)
json_t *osf_expr_json(const struct expr *expr, struct output_ctx *octx)
{
- json_t *root = json_pack("{s:s}", "key", "name");
+ json_t *root;
+
+ if (expr->osf.flags & NFT_OSF_F_VERSION)
+ root = json_pack("{s:s}", "key", "version");
+ else
+ root = json_pack("{s:s}", "key", "name");
switch (expr->osf.ttl) {
case 1:
diff --git a/src/parser_json.c b/src/parser_json.c
index 7b190bc..07defc0 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -381,6 +381,7 @@ static struct expr *json_parse_osf_expr(struct json_ctx *ctx,
const char *type, json_t *root)
{
const char *key, *ttl;
+ uint32_t flagval = 0;
uint8_t ttlval = 0;
if (json_unpack_err(ctx, root, "{s:s}", "key", &key))
@@ -397,8 +398,12 @@ static struct expr *json_parse_osf_expr(struct json_ctx *ctx,
}
}
- if (!strcmp(key, "name"))
- return osf_expr_alloc(int_loc, ttlval);
+ if (!strcmp(key, "name")) {
+ return osf_expr_alloc(int_loc, ttlval, flagval);
+ } else if (!strcmp(key, "version")) {
+ flagval |= NFT_OSF_F_VERSION;
+ return osf_expr_alloc(int_loc, ttlval, flagval);
+ }
json_error(ctx, "Invalid osf key value.");
return NULL;
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 3/6 nft v3] tests: py: add osf tests with versions
2019-03-27 10:37 [PATCH 1/6 nft v3] osf: add version fingerprint support Fernando Fernandez Mancera
2019-03-27 10:37 ` [PATCH 2/6 nft v3] json: osf: add version json support Fernando Fernandez Mancera
@ 2019-03-27 10:37 ` Fernando Fernandez Mancera
2019-03-27 10:37 ` [PATCH 4/6 nft v3] doc: add osf version option to man page Fernando Fernandez Mancera
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Fernando Fernandez Mancera @ 2019-03-27 10:37 UTC (permalink / raw
To: netfilter-devel; +Cc: Fernando Fernandez Mancera
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
tests/py/inet/osf.t | 4 +++
tests/py/inet/osf.t.json | 15 +++++++++
tests/py/inet/osf.t.payload | 66 +++++++++++++++++++++++++++++++++++++
3 files changed, 85 insertions(+)
diff --git a/tests/py/inet/osf.t b/tests/py/inet/osf.t
index fd5d9ed..c828541 100644
--- a/tests/py/inet/osf.t
+++ b/tests/py/inet/osf.t
@@ -7,8 +7,12 @@
osf name "Linux";ok
osf ttl loose name "Linux";ok
osf ttl skip name "Linux";ok
+osf ttl skip version "Linux:3.0";ok
+osf ttl skip version "morethan:sixteenbytes";fail
osf ttl nottl name "Linux";fail
osf name "morethansixteenbytes";fail
osf name ;fail
osf name { "Windows", "MacOs" };ok
+osf version { "Windows:XP", "MacOs:Sierra" };ok
ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 };ok
+ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 };ok
diff --git a/tests/py/inet/osf.t.json b/tests/py/inet/osf.t.json
index 452f302..a2e7449 100644
--- a/tests/py/inet/osf.t.json
+++ b/tests/py/inet/osf.t.json
@@ -45,6 +45,21 @@
}
]
+# osf name version "Linux:3.0"
+[
+ {
+ "match": {
+ "left": {
+ "osf": {
+ "key": "version"
+ }
+ },
+ "op": "==",
+ "right": "Linux:3.0"
+ }
+ }
+]
+
# osf name { "Windows", "MacOs" }
[
{
diff --git a/tests/py/inet/osf.t.payload b/tests/py/inet/osf.t.payload
index 9b8f0bc..6f5fba3 100644
--- a/tests/py/inet/osf.t.payload
+++ b/tests/py/inet/osf.t.payload
@@ -43,6 +43,21 @@ inet osfinet osfchain
[ osf dreg 1 ]
[ cmp eq reg 1 0x756e694c 0x00000078 0x00000000 0x00000000 ]
+# osf ttl skip version "Linux:3.0"
+ip osfip osfchain
+ [ osf dreg 1 ]
+ [ cmp eq reg 1 0x756e694c 0x2e333a78 0x00000030 0x00000000 ]
+
+# osf ttl skip version "Linux:3.0"
+ip6 osfip6 osfchain
+ [ osf dreg 1 ]
+ [ cmp eq reg 1 0x756e694c 0x2e333a78 0x00000030 0x00000000 ]
+
+# osf ttl skip version "Linux:3.0"
+inet osfinet osfchain
+ [ osf dreg 1 ]
+ [ cmp eq reg 1 0x756e694c 0x2e333a78 0x00000030 0x00000000 ]
+
# osf name { "Windows", "MacOs" }
__set%d osfip 3 size 2
__set%d osfip 0
@@ -67,6 +82,30 @@ inet osfinet osfchain
[ osf dreg 1 ]
[ lookup reg 1 set __set%d ]
+# osf version { "Windows:XP", "MacOs:Sierra" }
+__set%d osfip 3 size 2
+__set%d osfip 0
+ element 646e6957 3a73776f 00005058 00000000 : 0 [end] element 4f63614d 69533a73 61727265 00000000 : 0 [end]
+ip osfip osfchain
+ [ osf dreg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# osf version { "Windows:XP", "MacOs:Sierra" }
+__set%d osfip6 3 size 2
+__set%d osfip6 0
+ element 646e6957 3a73776f 00005058 00000000 : 0 [end] element 4f63614d 69533a73 61727265 00000000 : 0 [end]
+ip6 osfip6 osfchain
+ [ osf dreg 1 ]
+ [ lookup reg 1 set __set%d ]
+
+# osf version { "Windows:XP", "MacOs:Sierra" }
+__set%d osfinet 3 size 2
+__set%d osfinet 0
+ element 646e6957 3a73776f 00005058 00000000 : 0 [end] element 4f63614d 69533a73 61727265 00000000 : 0 [end]
+inet osfinet osfchain
+ [ osf dreg 1 ]
+ [ lookup reg 1 set __set%d ]
+
# ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 }
__map%d osfip b size 2
__map%d osfip 0
@@ -93,3 +132,30 @@ inet osfinet osfchain
[ osf dreg 1 ]
[ lookup reg 1 set __map%d dreg 1 ]
[ ct set mark with reg 1 ]
+
+# ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 }
+__map%d osfip b size 2
+__map%d osfip 0
+ element 646e6957 3a73776f 00005058 00000000 : 00000003 0 [end] element 4f63614d 69533a73 61727265 00000000 : 00000004 0 [end]
+ip osfip osfchain
+ [ osf dreg 1 ]
+ [ lookup reg 1 set __map%d dreg 1 ]
+ [ ct set mark with reg 1 ]
+
+# ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 }
+__map%d osfip6 b size 2
+__map%d osfip6 0
+ element 646e6957 3a73776f 00005058 00000000 : 00000003 0 [end] element 4f63614d 69533a73 61727265 00000000 : 00000004 0 [end]
+ip6 osfip6 osfchain
+ [ osf dreg 1 ]
+ [ lookup reg 1 set __map%d dreg 1 ]
+ [ ct set mark with reg 1 ]
+
+# ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 }
+__map%d osfinet b size 2
+__map%d osfinet 0
+ element 646e6957 3a73776f 00005058 00000000 : 00000003 0 [end] element 4f63614d 69533a73 61727265 00000000 : 00000004 0 [end]
+inet osfinet osfchain
+ [ osf dreg 1 ]
+ [ lookup reg 1 set __map%d dreg 1 ]
+ [ ct set mark with reg 1 ]
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 4/6 nft v3] doc: add osf version option to man page
2019-03-27 10:37 [PATCH 1/6 nft v3] osf: add version fingerprint support Fernando Fernandez Mancera
2019-03-27 10:37 ` [PATCH 2/6 nft v3] json: osf: add version json support Fernando Fernandez Mancera
2019-03-27 10:37 ` [PATCH 3/6 nft v3] tests: py: add osf tests with versions Fernando Fernandez Mancera
@ 2019-03-27 10:37 ` Fernando Fernandez Mancera
2019-03-27 10:38 ` [PATCH 5/6 nft v3] files: osf: update pf.os with newer OS fingerprints Fernando Fernandez Mancera
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Fernando Fernandez Mancera @ 2019-03-27 10:37 UTC (permalink / raw
To: netfilter-devel; +Cc: Fernando Fernandez Mancera
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
doc/primary-expression.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index d819b24..a62ed00 100644
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -219,6 +219,8 @@ and others) from packets with the SYN bit set.
|ttl|
Do TTL checks on the packet to determine the operating system.|
string
+|version|
+Do OS version checks on the packet.|
|name|
Name of the OS signature to match. All signatures can be found at pf.os file.
Use "unknown" for OS signatures that the expression could not detect.|
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 5/6 nft v3] files: osf: update pf.os with newer OS fingerprints
2019-03-27 10:37 [PATCH 1/6 nft v3] osf: add version fingerprint support Fernando Fernandez Mancera
` (2 preceding siblings ...)
2019-03-27 10:37 ` [PATCH 4/6 nft v3] doc: add osf version option to man page Fernando Fernandez Mancera
@ 2019-03-27 10:38 ` Fernando Fernandez Mancera
2019-03-27 10:38 ` [PATCH 6/6 nft v3] files: pf.os: merge the signatures spllited by version Fernando Fernandez Mancera
2019-04-08 21:49 ` [PATCH 1/6 nft v3] osf: add version fingerprint support Pablo Neira Ayuso
5 siblings, 0 replies; 7+ messages in thread
From: Fernando Fernandez Mancera @ 2019-03-27 10:38 UTC (permalink / raw
To: netfilter-devel; +Cc: Fernando Fernandez Mancera
After notice that some fingerprints are outdated we have updated the most common
of them.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
files/osf/pf.os | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/files/osf/pf.os b/files/osf/pf.os
index e285851..7612d76 100644
--- a/files/osf/pf.os
+++ b/files/osf/pf.os
@@ -233,6 +233,10 @@ S4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 3)
T4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 4)
S10:64:1:60:M*,S,T,N,W4: Linux:3.0::Linux 3.0
+S10:64:1:60:M*,S,T,N,W6: Linux:3.1::Linux 3.1
+S10:64:1:60:M*,S,T,N,W7: Linux:3.4-3.10::Linux 3.4 - 3.10
+S20:64:1:60:M*,S,T,N,W7: Linux:3.11-4.19::Linux 3.11 - 4.19
+S44:64:1:60:M*,S,T,N,W7: Linux:4.20::Linux 4.20
S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5 (sometimes 2.4)
S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6
@@ -284,6 +288,8 @@ S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.11::FreeBSD 4.7-5.2
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.7-5.2
+65535:64:1:60:M*,N,W6,S,T: FreeBSD:9.0-12.0::FreeBSD 9.0 - 12.0
+
# XXX need quirks support
# 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (1)
# 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (2)
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 6/6 nft v3] files: pf.os: merge the signatures spllited by version
2019-03-27 10:37 [PATCH 1/6 nft v3] osf: add version fingerprint support Fernando Fernandez Mancera
` (3 preceding siblings ...)
2019-03-27 10:38 ` [PATCH 5/6 nft v3] files: osf: update pf.os with newer OS fingerprints Fernando Fernandez Mancera
@ 2019-03-27 10:38 ` Fernando Fernandez Mancera
2019-04-08 21:49 ` [PATCH 1/6 nft v3] osf: add version fingerprint support Pablo Neira Ayuso
5 siblings, 0 replies; 7+ messages in thread
From: Fernando Fernandez Mancera @ 2019-03-27 10:38 UTC (permalink / raw
To: netfilter-devel; +Cc: Fernando Fernandez Mancera
In order to be able to identify the OS version we need to merge the signatures
split by version. eg.
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.11::FreeBSD 4.7-5.2
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.7-5.2
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-5.2::FreeBSD 4.7-5.2
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
files/osf/pf.os | 40 ++++++++++++++--------------------------
1 file changed, 14 insertions(+), 26 deletions(-)
diff --git a/files/osf/pf.os b/files/osf/pf.os
index 7612d76..35cbb47 100644
--- a/files/osf/pf.os
+++ b/files/osf/pf.os
@@ -201,12 +201,9 @@
45046:64:0:44:M*: AIX:4.3::AIX 4.3
16384:64:0:44:M512: AIX:4.3:2-3:AIX 4.3.2 and earlier
-16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
-16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
-32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
-32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
-65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
-65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
+16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3-5.2:3:AIX 4.3.3-5.2
+32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3-5.2:3:AIX 4.3.3-5.2
+65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3-5-2:3:AIX 4.3.3-5.2
65535:64:0:64:M*,N,W1,N,N,T,N,N,S: AIX:5.3:ML1:AIX 5.3 ML1
# ----------------- Linux -------------------
@@ -224,8 +221,7 @@ S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot)
S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy)
S3:64:1:60:M*,S,T,N,W0: Linux:2.4:.18-21:Linux 2.4.18 and newer
-S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 <= 2.6.7
-S4:64:1:60:M*,S,T,N,W0: Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7
+S4:64:1:60:M*,S,T,N,W0: Linux:2.4/2.6::Linux 2.4/2.6 <= 2.6.7
S4:64:1:60:M*,S,T,N,W5: Linux:2.6::Linux 2.6 (newer, 1)
S4:64:1:60:M*,S,T,N,W6: Linux:2.6::Linux 2.6 (newer, 2)
@@ -271,9 +267,7 @@ S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps
# ----------------- FreeBSD -----------------
-16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.2
-16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.2
-16384:64:1:44:M*: FreeBSD:4.0-4.2::FreeBSD 2.0-4.2
+16384:64:1:44:M*: FreeBSD:2.0-4.2::FreeBSD 2.0-4.2
16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
@@ -281,12 +275,9 @@ S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps
57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323)
57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.9::FreeBSD 4.6-4.9
-32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.1 (or MacOS X)
-32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
-65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.2 (or MacOS X)
-65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.8-5.2 (or MacOS X)
-65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.11::FreeBSD 4.7-5.2
-65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.7-5.2
+32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-5.1::FreeBSD 4.8-5.1 (or MacOS X)
+65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-5.2::FreeBSD 4.8-5.2 (or MacOS X)
+65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-5.2::FreeBSD 4.7-5.2
65535:64:1:60:M*,N,W6,S,T: FreeBSD:9.0-12.0::FreeBSD 9.0 - 12.0
@@ -378,8 +369,7 @@ S34:64:1:52:M*,N,W0,N,N,S: Solaris:10:beta:Solaris 10 (beta)
# S2:255:1:48:M*,W0,E:.:MacOS:8.6 classic
# XXX some of these use EOL too
-16616:255:1:48:M*,W0: MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
-16616:255:1:48:M*,W0: MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
+16616:255:1:48:M*,W0: MacOS:7.3-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
16616:255:1:48:M*,N,N,N: MacOS:8.1-8.6:OTTCP:MacOS 8.1-8.6 (OTTCP)
32768:255:1:48:M*,W0,N: MacOS:9.0-9.2::MacOS 9.0-9.2
65535:255:1:48:M*,N,N,N,N: MacOS:9.1::MacOS 9.1 (OT 2.7.4)
@@ -515,8 +505,7 @@ S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3
# ------------------ OS/400 -----------------
-8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4::OS/400 VR4/R5
-8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR5::OS/400 VR4/R5
+8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4-VR5::OS/400 VR4/R5
4096:64:1:60:M1440,N,W0,N,N,T: OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032
# XXX quirk
@@ -532,9 +521,9 @@ S16:64:0:44:M512: QNX:::QNX demodisk
# ------------------ Novell -----------------
-16384:128:1:44:M1460: Novell:NetWare:5.0:Novel Netware 5.0
-6144:128:1:44:M1460: Novell:IntranetWare:4.11:Novell IntranetWare 4.11
-6144:128:1:44:M1368: Novell:BorderManager::Novell BorderManager ?
+16384:128:1:44:M1460: Novell:NW:5.0:Novel Netware 5.0
+6144:128:1:44:M1460: Novell:IW:4.11:Novell IntranetWare 4.11
+6144:128:1:44:M1368: Novell:BM::Novell BorderManager ?
6144:128:1:52:M*,W0,N,S,N,N: Novell:Netware:6:Novell Netware 6 SP3
@@ -637,8 +626,7 @@ S1:255:1:60:M1460,S,T,N,W0: LookSmart:ZyBorg::LookSmart ZyBorg
# ----------- Embedded systems --------------
S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C
-S5:255:0:44:M536: PalmOS:3::PalmOS 3/4
-S5:255:0:44:M536: PalmOS:4::PalmOS 3/4
+S5:255:0:44:M536: PalmOS:3-4::PalmOS 3/4
S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5
2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera)
S29:255:0:44:M536: PalmOS:5::PalmOS 5.0
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/6 nft v3] osf: add version fingerprint support
2019-03-27 10:37 [PATCH 1/6 nft v3] osf: add version fingerprint support Fernando Fernandez Mancera
` (4 preceding siblings ...)
2019-03-27 10:38 ` [PATCH 6/6 nft v3] files: pf.os: merge the signatures spllited by version Fernando Fernandez Mancera
@ 2019-04-08 21:49 ` Pablo Neira Ayuso
5 siblings, 0 replies; 7+ messages in thread
From: Pablo Neira Ayuso @ 2019-04-08 21:49 UTC (permalink / raw
To: Fernando Fernandez Mancera; +Cc: netfilter-devel
Patches from 1 to 6 applied, thanks Fernando.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-04-08 21:49 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-03-27 10:37 [PATCH 1/6 nft v3] osf: add version fingerprint support Fernando Fernandez Mancera
2019-03-27 10:37 ` [PATCH 2/6 nft v3] json: osf: add version json support Fernando Fernandez Mancera
2019-03-27 10:37 ` [PATCH 3/6 nft v3] tests: py: add osf tests with versions Fernando Fernandez Mancera
2019-03-27 10:37 ` [PATCH 4/6 nft v3] doc: add osf version option to man page Fernando Fernandez Mancera
2019-03-27 10:38 ` [PATCH 5/6 nft v3] files: osf: update pf.os with newer OS fingerprints Fernando Fernandez Mancera
2019-03-27 10:38 ` [PATCH 6/6 nft v3] files: pf.os: merge the signatures spllited by version Fernando Fernandez Mancera
2019-04-08 21:49 ` [PATCH 1/6 nft v3] osf: add version fingerprint support Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.